Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google re-direct problems


  • This topic is locked This topic is locked
37 replies to this topic

#1 kingmaker

kingmaker

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 15 September 2010 - 04:15 AM

Hello. Recently noticed I'm being re-directed when clicking on google search results. I have run hijack this and pasted the log below. If anyone could take a quick look and see if there is anything untoward going on and advise me on what I should do, it'd be much appreciated. Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:08:35, on 15/09/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b...;m=imedia_x2416
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2567697
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b...;m=imedia_x2416
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Thunderbird] "C:\Program Files\Mozilla Thunderbird\thunderbird" -turbo
O4 - HKUS\S-1-5-21-795216465-2891207141-2578417904-1001\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-21-795216465-2891207141-2578417904-1001\..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe (User '?')
O4 - HKUS\S-1-5-21-795216465-2891207141-2578417904-1001\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-795216465-2891207141-2578417904-1001\..\Run: [achrh] rundll32 "C:\Windows\system32\Installi.dll",Kffqoeuixz (User '?')
O4 - S-1-5-21-795216465-2891207141-2578417904-1001 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User '?')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGam...1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll C:\Windows\System32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7825 bytes

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:22 AM

Posted 22 September 2010 - 09:11 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 kingmaker

kingmaker
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 24 September 2010 - 07:23 AM

Sorry for the delay, thought I'd subscribed to the thread but I hadn't whistling.gif

Anyway, here now!

Thanks thumbup2.gif

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:22 AM

Posted 24 September 2010 - 02:21 PM

No problem, let's begin.

Please run TDSSKiller and MBRCheck so we can check for certain rootkit activity.
  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


Then

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#5 kingmaker

kingmaker
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 25 September 2010 - 04:00 AM

TDSS Log

2010/09/25 09:55:17.0828 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/25 09:55:17.0828 ================================================================================
2010/09/25 09:55:17.0828 SystemInfo:
2010/09/25 09:55:17.0828
2010/09/25 09:55:17.0828 OS Version: 6.0.6002 ServicePack: 2.0
2010/09/25 09:55:17.0828 Product type: Workstation
2010/09/25 09:55:17.0828 ComputerName: ANTONES-PC
2010/09/25 09:55:17.0828 UserName: Antones
2010/09/25 09:55:17.0828 Windows directory: C:\Windows
2010/09/25 09:55:17.0828 System windows directory: C:\Windows
2010/09/25 09:55:17.0828 Processor architecture: Intel x86
2010/09/25 09:55:17.0828 Number of processors: 4
2010/09/25 09:55:17.0828 Page size: 0x1000
2010/09/25 09:55:17.0828 Boot type: Normal boot
2010/09/25 09:55:17.0828 ================================================================================
2010/09/25 09:55:18.0307 Initialize success
2010/09/25 09:55:46.0032 ================================================================================
2010/09/25 09:55:46.0033 Scan started
2010/09/25 09:55:46.0033 Mode: Manual;
2010/09/25 09:55:46.0033 ================================================================================
2010/09/25 09:55:46.0414 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/09/25 09:55:46.0455 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/09/25 09:55:46.0497 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/09/25 09:55:46.0529 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/09/25 09:55:46.0560 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/09/25 09:55:46.0655 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/09/25 09:55:46.0726 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/09/25 09:55:46.0747 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/09/25 09:55:46.0792 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/09/25 09:55:46.0837 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/09/25 09:55:46.0860 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/09/25 09:55:46.0887 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/09/25 09:55:46.0928 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2010/09/25 09:55:47.0004 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/09/25 09:55:47.0045 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/09/25 09:55:47.0066 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/09/25 09:55:47.0109 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/09/25 09:55:47.0204 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\system32\Drivers\avgldx86.sys
2010/09/25 09:55:47.0251 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\system32\Drivers\avgmfx86.sys
2010/09/25 09:55:47.0288 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\Windows\system32\Drivers\avgtdix.sys
2010/09/25 09:55:47.0332 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/09/25 09:55:47.0377 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/09/25 09:55:47.0416 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/09/25 09:55:47.0442 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/09/25 09:55:47.0464 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/09/25 09:55:47.0493 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/09/25 09:55:47.0515 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/09/25 09:55:47.0543 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/09/25 09:55:47.0568 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/09/25 09:55:47.0590 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/09/25 09:55:47.0738 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/09/25 09:55:47.0789 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/09/25 09:55:47.0819 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/09/25 09:55:47.0871 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/09/25 09:55:47.0937 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/09/25 09:55:47.0979 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2010/09/25 09:55:47.0999 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/09/25 09:55:48.0030 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/09/25 09:55:48.0105 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/09/25 09:55:48.0186 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/09/25 09:55:48.0254 dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2010/09/25 09:55:48.0281 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2010/09/25 09:55:48.0309 Dot4Scan (a84d8a9006b1ae515cc7b6b3586c295a) C:\Windows\system32\DRIVERS\Dot4Scan.sys
2010/09/25 09:55:48.0337 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2010/09/25 09:55:48.0381 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/09/25 09:55:48.0428 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/09/25 09:55:48.0466 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/09/25 09:55:48.0535 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/09/25 09:55:48.0604 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/09/25 09:55:48.0643 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/09/25 09:55:48.0757 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/09/25 09:55:48.0814 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/09/25 09:55:48.0842 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/09/25 09:55:48.0893 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/09/25 09:55:48.0937 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/09/25 09:55:48.0970 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/09/25 09:55:49.0029 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/09/25 09:55:49.0116 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/09/25 09:55:49.0140 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/09/25 09:55:49.0186 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/09/25 09:55:49.0235 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/09/25 09:55:49.0317 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/09/25 09:55:49.0374 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/09/25 09:55:49.0416 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/09/25 09:55:49.0477 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/09/25 09:55:49.0524 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/09/25 09:55:49.0578 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/09/25 09:55:49.0623 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/09/25 09:55:49.0662 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/09/25 09:55:49.0702 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/09/25 09:55:49.0732 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/09/25 09:55:49.0798 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
2010/09/25 09:55:49.0870 IntcAzAudAddService (219ca9a36d6de2ec04f958c907673436) C:\Windows\system32\drivers\RTKVHDA.sys
2010/09/25 09:55:50.0097 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/09/25 09:55:50.0121 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/09/25 09:55:50.0158 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/09/25 09:55:50.0231 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/09/25 09:55:50.0274 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/09/25 09:55:50.0330 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/09/25 09:55:50.0373 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/09/25 09:55:50.0426 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/09/25 09:55:50.0471 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/09/25 09:55:50.0516 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/09/25 09:55:50.0556 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/09/25 09:55:50.0586 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/09/25 09:55:50.0648 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/09/25 09:55:50.0714 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/09/25 09:55:50.0770 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/09/25 09:55:50.0792 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/09/25 09:55:50.0846 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/09/25 09:55:50.0888 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/09/25 09:55:50.0941 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/09/25 09:55:50.0969 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/09/25 09:55:51.0018 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/09/25 09:55:51.0084 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/09/25 09:55:51.0101 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/09/25 09:55:51.0138 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/09/25 09:55:51.0178 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/09/25 09:55:51.0218 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/09/25 09:55:51.0241 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/09/25 09:55:51.0282 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/09/25 09:55:51.0315 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/09/25 09:55:51.0365 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/09/25 09:55:51.0398 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/09/25 09:55:51.0446 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/09/25 09:55:51.0500 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2010/09/25 09:55:51.0542 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/09/25 09:55:51.0608 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/09/25 09:55:51.0638 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/09/25 09:55:51.0699 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/09/25 09:55:51.0729 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/09/25 09:55:51.0752 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/09/25 09:55:51.0804 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/09/25 09:55:51.0848 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/09/25 09:55:51.0872 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/09/25 09:55:51.0897 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/09/25 09:55:51.0993 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/09/25 09:55:52.0050 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/09/25 09:55:52.0085 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/09/25 09:55:52.0106 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/09/25 09:55:52.0163 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/09/25 09:55:52.0194 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/09/25 09:55:52.0244 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/09/25 09:55:52.0295 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/09/25 09:55:52.0399 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/09/25 09:55:52.0468 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/09/25 09:55:52.0495 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/09/25 09:55:52.0563 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/09/25 09:55:52.0602 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/09/25 09:55:52.0623 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/09/25 09:55:52.0668 NVHDA (a103162c62c336c2cb3c5e1e2773d17b) C:\Windows\system32\drivers\nvhda32v.sys
2010/09/25 09:55:52.0849 nvlddmkm (ae7edd6954ae2b40b0ebeb26331d2785) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/09/25 09:55:53.0007 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/09/25 09:55:53.0054 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/09/25 09:55:53.0118 nvstor32 (d05f6e26ac960474494356fe703d61be) C:\Windows\system32\DRIVERS\nvstor32.sys
2010/09/25 09:55:53.0167 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/09/25 09:55:53.0256 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2010/09/25 09:55:53.0307 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/09/25 09:55:53.0347 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/09/25 09:55:53.0391 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/09/25 09:55:53.0479 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
2010/09/25 09:55:53.0527 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/09/25 09:55:53.0561 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2010/09/25 09:55:53.0585 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/09/25 09:55:53.0629 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/09/25 09:55:53.0737 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/09/25 09:55:53.0758 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/09/25 09:55:53.0842 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/09/25 09:55:53.0883 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/09/25 09:55:53.0925 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/09/25 09:55:53.0953 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/09/25 09:55:54.0054 RapportCerberus_19417 (7f183c8fdc91af1516a26859ecd1ccd3) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\19417\RapportCerberus_19417.sys
2010/09/25 09:55:54.0108 RapportKELL (10d6128ead14aa413367304b33fa9447) C:\Windows\system32\Drivers\RapportKELL.sys
2010/09/25 09:55:54.0179 RapportPG (95a33944f0d91588099832a893d0e681) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
2010/09/25 09:55:54.0218 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/09/25 09:55:54.0262 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/09/25 09:55:54.0310 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/09/25 09:55:54.0365 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/09/25 09:55:54.0410 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/09/25 09:55:54.0458 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/09/25 09:55:54.0512 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/09/25 09:55:54.0531 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/09/25 09:55:54.0578 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/09/25 09:55:54.0630 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/09/25 09:55:54.0692 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys
2010/09/25 09:55:54.0762 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/09/25 09:55:54.0815 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/09/25 09:55:54.0839 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/09/25 09:55:54.0897 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/09/25 09:55:54.0945 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/09/25 09:55:55.0262 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/09/25 09:55:55.0284 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/09/25 09:55:55.0354 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2010/09/25 09:55:55.0375 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/09/25 09:55:55.0413 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2010/09/25 09:55:55.0440 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/09/25 09:55:55.0475 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/09/25 09:55:55.0497 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/09/25 09:55:55.0517 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/09/25 09:55:55.0578 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/09/25 09:55:55.0642 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/09/25 09:55:55.0719 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys
2010/09/25 09:55:55.0794 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys
2010/09/25 09:55:55.0883 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
2010/09/25 09:55:55.0956 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/09/25 09:55:55.0982 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/09/25 09:55:56.0005 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/09/25 09:55:56.0025 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/09/25 09:55:56.0114 Tcpip (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys
2010/09/25 09:55:56.0199 Tcpip6 (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys
2010/09/25 09:55:56.0263 tcpipreg (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys
2010/09/25 09:55:56.0314 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/09/25 09:55:56.0345 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/09/25 09:55:56.0378 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/09/25 09:55:56.0426 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/09/25 09:55:56.0491 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/09/25 09:55:56.0521 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/09/25 09:55:56.0610 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/09/25 09:55:56.0634 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/09/25 09:55:56.0688 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/09/25 09:55:56.0737 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/09/25 09:55:56.0766 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/09/25 09:55:56.0791 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/09/25 09:55:56.0814 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/09/25 09:55:56.0845 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/09/25 09:55:56.0938 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/09/25 09:55:56.0968 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/09/25 09:55:57.0034 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/09/25 09:55:57.0061 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/09/25 09:55:57.0089 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2010/09/25 09:55:57.0123 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/09/25 09:55:57.0143 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/09/25 09:55:57.0167 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/09/25 09:55:57.0213 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/09/25 09:55:57.0234 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/09/25 09:55:57.0254 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/09/25 09:55:57.0281 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/09/25 09:55:57.0307 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/09/25 09:55:57.0325 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/09/25 09:55:57.0399 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/09/25 09:55:57.0451 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/09/25 09:55:57.0500 Vsdatant (6be75cfce25e42e79c0757c60d88fecb) C:\Windows\system32\DRIVERS\vsdatant.sys
2010/09/25 09:55:57.0569 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/09/25 09:55:57.0618 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/09/25 09:55:57.0641 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/25 09:55:57.0686 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/25 09:55:57.0720 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/09/25 09:55:57.0752 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/09/25 09:55:57.0932 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/09/25 09:55:58.0034 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/09/25 09:55:58.0063 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/09/25 09:55:58.0131 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/09/25 09:55:58.0179 ================================================================================
2010/09/25 09:55:58.0179 Scan finished
2010/09/25 09:55:58.0179 ================================================================================

MBRCheck Log

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Packard Bell BV
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: Packard Bell BV
System Product Name: IMEDIA X2416
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 144):
0x8283E000 \SystemRoot\system32\ntkrnlpa.exe
0x8280B000 \SystemRoot\system32\hal.dll
0x80403000 \SystemRoot\system32\kdcom.dll
0x8040A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047A000 \SystemRoot\system32\PSHED.dll
0x8048B000 \SystemRoot\system32\BOOTVID.dll
0x80493000 \SystemRoot\system32\CLFS.SYS
0x804D4000 \SystemRoot\system32\CI.dll
0x80608000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80684000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80691000 \SystemRoot\system32\drivers\acpi.sys
0x806D7000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E0000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E8000 \SystemRoot\system32\drivers\pci.sys
0x8070F000 \SystemRoot\System32\drivers\partmgr.sys
0x8071E000 \SystemRoot\system32\drivers\volmgr.sys
0x8072D000 \SystemRoot\System32\drivers\volmgrx.sys
0x80777000 \SystemRoot\system32\drivers\pciide.sys
0x8077E000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8078C000 \SystemRoot\System32\drivers\mountmgr.sys
0x8079C000 \SystemRoot\system32\drivers\atapi.sys
0x807A4000 \SystemRoot\system32\drivers\ataport.SYS
0x807C2000 \SystemRoot\system32\DRIVERS\nvstor32.sys
0x805B4000 \SystemRoot\system32\DRIVERS\storport.sys
0x82E05000 \SystemRoot\system32\drivers\fltmgr.sys
0x82E37000 \SystemRoot\system32\drivers\fileinfo.sys
0x82E47000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82EB8000 \SystemRoot\system32\drivers\ndis.sys
0x82FC3000 \SystemRoot\system32\drivers\msrpc.sys
0x8380A000 \SystemRoot\system32\drivers\NETIO.SYS
0x83845000 \SystemRoot\System32\drivers\tcpip.sys
0x83932000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x83A0E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x83B1E000 \SystemRoot\system32\drivers\wd.sys
0x83B26000 \SystemRoot\system32\drivers\volsnap.sys
0x83B5F000 \SystemRoot\System32\Drivers\spldr.sys
0x83B67000 \SystemRoot\System32\Drivers\RapportKELL.sys
0x83B75000 \SystemRoot\System32\Drivers\USBD.SYS
0x83B77000 \SystemRoot\System32\Drivers\mup.sys
0x83B86000 \SystemRoot\System32\drivers\ecache.sys
0x83BAD000 \SystemRoot\system32\drivers\disk.sys
0x83BBE000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x83BDF000 \SystemRoot\system32\drivers\crcdisk.sys
0x83A00000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x83972000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8397B000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8398A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8399D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x839A8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x839B3000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x839BD000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x82FEE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E606000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E693000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8E6A2000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E6BA000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8EA0C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8F12C000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F1CD000 \SystemRoot\System32\drivers\watchdog.sys
0x8F1D9000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8E6C0000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F1E2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8E6EF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F1ED000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8E706000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8E729000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8E738000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8E74C000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8E761000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F1F8000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8E771000 \SystemRoot\system32\DRIVERS\ks.sys
0x8EA00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8E79B000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8E7A8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8E7DD000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F400000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8F608000 \SystemRoot\system32\drivers\portcls.sys
0x8F635000 \SystemRoot\system32\drivers\drmk.sys
0x8F65A000 \SystemRoot\system32\drivers\nvhda32v.sys
0x8F668000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F671000 \SystemRoot\System32\Drivers\Null.SYS
0x8F678000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F688000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8F68F000 \SystemRoot\System32\drivers\vga.sys
0x8F69B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F6BC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F6C4000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F6CC000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F6D7000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F6E5000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8F6EE000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8F704000 \SystemRoot\System32\Drivers\avgtdix.sys
0x8F73E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F770000 \SystemRoot\system32\DRIVERS\smb.sys
0x8F784000 \SystemRoot\system32\drivers\afd.sys
0x8FC02000 \SystemRoot\system32\DRIVERS\vsdatant.sys
0x8FC8D000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8FCA3000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8FCB1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8FCC4000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8FCE6000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8FCEC000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8FD28000 \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
0x8FD50000 \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\19417\RapportCerberus_19417.sys
0x8FD58000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8FD62000 \SystemRoot\System32\Drivers\dfsc.sys
0x8FD79000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x8FD7F000 \SystemRoot\System32\Drivers\avgldx86.sys
0x8FDB3000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x8FDBD000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8FDC6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8FDD6000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8FDDE000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8FDF3000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8F7CC000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x8F7D6000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
0x986B0000 \SystemRoot\System32\win32k.sys
0x8E7EE000 \SystemRoot\System32\drivers\Dxapi.sys
0x83BE8000 \SystemRoot\system32\DRIVERS\monitor.sys
0x988D0000 \SystemRoot\System32\TSDDD.dll
0x988F0000 \SystemRoot\System32\cdd.dll
0x98900000 \SystemRoot\System32\ATMFD.DLL
0x8394D000 \SystemRoot\system32\drivers\luafv.sys
0x8140F000 \SystemRoot\system32\drivers\spsys.sys
0x814BF000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x814CF000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x814E2000 \SystemRoot\system32\drivers\HTTP.sys
0x8154F000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x8156C000 \SystemRoot\system32\DRIVERS\bowser.sys
0x81585000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8159A000 \SystemRoot\system32\drivers\mrxdav.sys
0x815BB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA0209000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA0242000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA025A000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA0281000 \SystemRoot\System32\DRIVERS\srv.sys
0xA02CF000 \??\C:\Windows\system32\drivers\int15.sys
0xA02D6000 \SystemRoot\system32\drivers\peauth.sys
0xA03B4000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA03BE000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA03CA000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA03DF000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x815DA000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x76E10000 \Windows\System32\ntdll.dll

Processes (total 67):
0 System Idle Process
4 System
464 C:\Windows\System32\smss.exe
532 csrss.exe
580 C:\Windows\System32\wininit.exe
592 csrss.exe
624 C:\Windows\System32\services.exe
636 C:\Windows\System32\lsass.exe
648 C:\Windows\System32\lsm.exe
800 C:\Windows\System32\svchost.exe
832 C:\Windows\System32\winlogon.exe
884 C:\Windows\System32\nvvsvc.exe
912 C:\Windows\System32\svchost.exe
1036 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
1116 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\svchost.exe
1232 C:\Windows\System32\audiodg.exe
1264 C:\Windows\System32\SLsvc.exe
1312 C:\Windows\System32\svchost.exe
1440 C:\Windows\System32\svchost.exe
1544 C:\Windows\System32\ZoneLabs\vsmon.exe
1572 C:\Windows\System32\rundll32.exe
1876 C:\Windows\System32\spoolsv.exe
1900 C:\Windows\System32\svchost.exe
980 C:\Windows\System32\taskeng.exe
784 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1760 C:\Program Files\AVG\AVG9\avgwdsvc.exe
1940 C:\Program Files\Bonjour\mDNSResponder.exe
520 C:\Program Files\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe
1372 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
2128 C:\Windows\System32\IoctlSvc.exe
2176 C:\Windows\System32\svchost.exe
2216 C:\Windows\System32\svchost.exe
2276 C:\Windows\System32\svchost.exe
2332 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2380 C:\Windows\System32\SearchIndexer.exe
2660 C:\Program Files\AVG\AVG9\avgemc.exe
2720 WUDFHost.exe
2744 C:\Program Files\AVG\AVG9\avgnsx.exe
2900 C:\Program Files\AVG\AVG9\avgcsrvx.exe
3392 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3476 C:\Program Files\AVG\AVG9\avgrsx.exe
3484 C:\Program Files\AVG\AVG9\avgchsvx.exe
3524 C:\Program Files\AVG\AVG9\avgcsrvx.exe
2124 C:\Windows\System32\dwm.exe
1300 C:\Windows\System32\taskeng.exe
1688 C:\Windows\explorer.exe
3336 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
764 C:\Windows\System32\rundll32.exe
768 C:\Windows\RtHDVCpl.exe
3204 C:\Program Files\AVG\AVG9\avgtray.exe
2480 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
3324 C:\Program Files\Mozilla Thunderbird\thunderbird.exe
2504 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
1088 C:\Windows\System32\wbem\unsecapp.exe
3312 WmiPrvSE.exe
4464 C:\Program Files\Mozilla Firefox\firefox.exe
6064 C:\Windows\System32\msiexec.exe
4532 C:\Windows\System32\wuauclt.exe
5436 taskeng.exe
5128 C:\Windows\System32\notepad.exe
5956 C:\Windows\System32\SearchProtocolHost.exe
5888 C:\Windows\System32\SearchFilterHost.exe
3992 dllhost.exe
4620 dllhost.exe
5008 C:\Users\Antones\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000 (NTFS)

PhysicalDrive0 Model Number: WDC WD6400AAKS-22A7B, Rev: 01.0

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 90C10828C3538DFE7F856D1137321BB66C28DC98


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:22 AM

Posted 25 September 2010 - 05:41 AM

Please run Combofix. The MBR is faked but this does not mean it is infected. Let's see if another tool can verify this.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#7 kingmaker

kingmaker
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 25 September 2010 - 06:10 AM

I have run combofix and it has generated a log, but I can't post it because I get the following message when I try and open any program (ie. firefox):

C:\Program Files\Mozilla Firefox\firefox.exe
Illegal operation attempted on a registry key that has been marked for deletion


I'm currently using another computer to post this reply.



#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:22 AM

Posted 25 September 2010 - 06:14 AM

Please reboot your PC. thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#9 kingmaker

kingmaker
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 25 September 2010 - 06:41 AM

Ah thumbup.gif

Combofix log as requested:

ComboFix 10-09-24.05 - Antones 25/09/2010 11:53:56.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3070.1722 [GMT 1:00]
Running from: c:\users\Antones\Desktop\comfix.exe.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-08-25 to 2010-09-25 )))))))))))))))))))))))))))))))
.

2010-09-25 10:58 . 2010-09-25 10:58 -------- d-----w- c:\users\Antones\AppData\Local\temp
2010-09-25 10:58 . 2010-09-25 10:58 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-09-25 10:58 . 2010-09-25 10:58 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-25 10:58 . 2010-09-25 10:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-25 10:58 . 2010-09-25 10:58 -------- d-----w- c:\users\Dan\AppData\Local\temp
2010-09-15 14:24 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2010-09-15 13:40 . 2010-09-15 13:40 -------- d-----w- c:\users\Antones\AppData\Roaming\Trusteer
2010-09-15 13:40 . 2010-09-15 13:40 -------- d-----w- c:\program files\Trusteer
2010-09-15 13:39 . 2010-09-15 13:39 -------- d-----w- c:\programdata\Trusteer
2010-09-15 13:28 . 2010-09-15 13:32 -------- d-----w- c:\users\Antones\Security Software & Logs
2010-09-15 12:05 . 2010-09-15 12:05 63488 ----a-w- c:\users\Antones\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-15 12:05 . 2010-09-15 12:05 52224 ----a-w- c:\users\Antones\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-15 12:05 . 2010-09-15 12:05 117760 ----a-w- c:\users\Antones\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-15 12:05 . 2010-09-15 12:05 -------- d-----w- c:\users\Antones\AppData\Roaming\SUPERAntiSpyware.com
2010-09-15 12:05 . 2010-09-15 12:05 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-09-15 12:05 . 2010-09-15 12:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-15 08:43 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 08:43 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 08:43 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 08:43 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-14 15:15 . 2010-09-14 15:15 -------- d-----w- c:\users\Antones\AppData\Roaming\Malwarebytes
2010-09-07 13:21 . 2010-09-07 13:21 -------- d-----w- c:\program files\iPod
2010-09-07 13:21 . 2010-09-07 13:21 -------- d-----w- c:\program files\iTunes
2010-09-07 13:19 . 2010-09-07 13:19 -------- d-----w- c:\program files\QuickTime
2010-09-07 13:17 . 2010-09-07 13:17 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-09-07 10:27 . 2010-09-07 10:28 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-09-07 10:27 . 2010-04-19 09:25 2117704 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll
2010-08-31 13:42 . 2010-08-31 13:42 353512 ----a-w- c:\programdata\Trusteer\Rapport\store\exts\RapportMS\19514\RapportMS.dll
2010-08-31 13:42 . 2010-08-31 13:42 12544 ----a-w- c:\programdata\Trusteer\Rapport\store\exts\RapportMS\19514\RapportIaso.sys
2010-08-31 13:42 . 2010-08-31 13:42 472296 ----a-w- c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\19417\RapportCerberus.dll
2010-08-31 13:42 . 2010-08-31 13:42 34792 ----a-w- c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\19417\RapportCerberus_19417.sys
2010-08-31 13:30 . 2010-08-31 13:30 58984 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-25 10:12 . 2010-08-06 08:59 0 ----a-w- c:\users\Dan\AppData\Local\prvlcl.dat
2010-09-25 10:12 . 2010-07-23 09:03 0 ----a-w- c:\users\Antones\AppData\Local\prvlcl.dat
2010-09-23 16:40 . 2009-02-03 11:26 -------- d-----w- c:\users\Antones\AppData\Roaming\U3
2010-09-21 08:35 . 2009-02-13 13:37 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-09-21 08:27 . 2009-06-29 10:55 680 ----a-w- c:\users\Antones\AppData\Local\d3d9caps.dat
2010-09-15 14:37 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-15 14:26 . 2010-09-15 14:23 420800 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2010-09-15 14:23 . 2010-09-15 14:23 -------- d-----w- c:\program files\Zone Labs
2010-09-15 14:23 . 2010-09-15 14:23 -------- d-----w- c:\programdata\CheckPoint
2010-09-15 12:19 . 2008-10-30 13:40 -------- d-----w- c:\program files\Google
2010-09-15 08:58 . 2010-05-04 11:59 680 ----a-w- c:\users\Dan\AppData\Local\d3d9caps.dat
2010-09-14 15:14 . 2009-02-03 11:59 -------- d-----w- c:\program files\CCleaner
2010-09-10 08:39 . 2009-02-21 09:51 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-07 13:36 . 2009-02-03 11:07 78128 ----a-w- c:\users\Antones\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-07 13:35 . 2009-10-09 12:00 -------- d-----w- c:\users\Antones\AppData\Roaming\Apple Computer
2010-09-07 13:21 . 2009-10-09 11:58 -------- d-----w- c:\program files\Common Files\Apple
2010-09-07 10:27 . 2010-07-08 10:40 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-09-07 10:27 . 2009-06-29 10:47 -------- d-----w- c:\program files\Common Files\Nokia
2010-09-07 10:26 . 2009-06-29 12:14 -------- d-----w- c:\users\Antones\AppData\Roaming\Nokia
2010-09-07 10:21 . 2008-08-21 21:06 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-04 08:47 . 2010-07-13 14:02 452104 ----a-w- c:\users\Antones\AppData\Roaming\Real\Update\setup3.12\setup.exe
2010-08-17 14:05 . 2009-12-30 10:33 -------- d-----w- c:\users\Dan\AppData\Roaming\Apple Computer
2010-08-12 15:31 . 2010-03-03 17:20 -------- d-----w- c:\users\Dan\AppData\Roaming\LimeWire
2010-08-05 15:18 . 2010-08-05 15:18 -------- d-----w- c:\programdata\McAfee
2010-07-13 16:13 . 2010-07-13 16:13 6444066 ----a-w- c:\users\Antones\sign images.zip
2010-07-09 08:42 . 2010-06-22 19:52 69222840 ----a-w- c:\users\Antones\AppData\Roaming\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe
2010-07-08 10:40 . 2009-02-03 14:11 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-07-08 10:40 . 2009-02-03 14:11 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-08 10:40 . 2009-02-03 14:11 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-08 10:40 . 2009-02-03 14:11 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-01 14:03 . 2010-07-01 14:03 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-07-01 13:20 . 2010-03-11 09:51 439816 ----a-w- c:\users\Antones\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-06-29 15:47 . 2010-08-11 08:40 834048 ----a-w- c:\windows\system32\wininet.dll
2010-06-28 16:13 . 2010-08-11 08:40 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-10 15:46 . 2009-10-10 15:43 80 --sha-r- c:\windows\System32\5CEC6AEF21.dll
2009-09-08 11:20 . 2009-09-08 11:19 80 --sha-r- c:\windows\System32\D8FA9E81A2.dll
2010-05-19 10:42 . 2010-05-19 10:42 73216 --sha-r- c:\windows\System32\Installi.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-07-16_13.07.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-11 08:40 . 2010-05-28 16:14 81920 c:\windows\winsxs\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.0.6002.22414_none_6f0c0c64eeb82f1d\iccvid.dll
+ 2010-08-11 08:40 . 2010-05-27 20:08 81920 c:\windows\winsxs\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.0.6002.18263_none_6e4b5dcdd5c4048a\iccvid.dll
+ 2010-08-11 08:40 . 2010-05-27 19:11 81920 c:\windows\winsxs\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.0.6001.22702_none_6d2e69d4f18b8b5a\iccvid.dll
+ 2010-08-11 08:40 . 2010-05-27 19:16 81920 c:\windows\winsxs\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.0.6001.18483_none_6c4f4a27d8adea21\iccvid.dll
+ 2010-08-11 08:40 . 2010-06-18 14:50 99328 c:\windows\winsxs\x86_microsoft-windows-smbserver-common_31bf3856ad364e35_6.0.6001.22715_none_045a07e92948400f\srvnet.sys
+ 2010-08-11 08:40 . 2010-06-18 18:00 36864 c:\windows\winsxs\x86_microsoft-windows-rasrtutils_31bf3856ad364e35_6.0.6002.22427_none_0f77105600c85cb8\rtutils.dll
+ 2010-08-11 08:40 . 2010-06-18 17:31 36864 c:\windows\winsxs\x86_microsoft-windows-rasrtutils_31bf3856ad364e35_6.0.6002.18274_none_0eb4612ae7d5ff77\rtutils.dll
+ 2010-08-11 08:40 . 2010-06-18 16:38 36352 c:\windows\winsxs\x86_microsoft-windows-rasrtutils_31bf3856ad364e35_6.0.6001.22715_none_0d996dc6039bb8f5\rtutils.dll
+ 2010-08-11 08:40 . 2010-06-18 16:43 36352 c:\windows\winsxs\x86_microsoft-windows-rasrtutils_31bf3856ad364e35_6.0.6001.18495_none_0cb94dceeabefe65\rtutils.dll
+ 2010-08-11 08:40 . 2010-06-16 15:56 98192 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22713_none_cda6490a43adceb3\FWPKCLNT.SYS
+ 2010-09-15 14:24 . 2010-04-05 17:02 98184 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22665_none_cd72381c43d48fef\FWPKCLNT.SYS
+ 2010-08-11 08:40 . 2010-06-17 18:30 23552 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.22426_none_f4c2683b236c5a9c\WMM2EXT.dll
+ 2009-09-24 08:56 . 2009-04-11 06:28 23040 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.18273_none_f3ffb9100a79fd5b\WMM2EXT.dll
+ 2010-08-11 08:40 . 2010-06-17 17:24 23552 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.22714_none_f2e4c5ab263fb6d9\WMM2EXT.dll
+ 2006-11-02 12:36 . 2006-11-02 12:36 23040 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18494_none_f204a5b40d62fc49\WMM2EXT.dll
+ 2010-09-15 08:43 . 2010-05-27 18:21 84480 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6002.22413_none_7c1975736ed5f037\INETRES.dll
+ 2006-11-02 07:28 . 2006-11-02 08:48 84480 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6002.18263_none_7b59c72655e0defb\INETRES.dll
+ 2010-09-15 08:43 . 2010-05-27 17:39 84480 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.22702_none_7a3cd32d71a865cb\INETRES.dll
+ 2006-11-02 07:28 . 2006-11-02 08:48 84480 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.18483_none_795db38058cac492\INETRES.dll
+ 2010-08-11 08:40 . 2010-06-16 14:01 31232 c:\windows\winsxs\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.22425_none_887cb1b81bbc94f9\tcpipreg.sys
+ 2010-09-15 14:24 . 2010-04-05 15:14 31232 c:\windows\winsxs\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.22377_none_8848a0ca1be35635\tcpipreg.sys
+ 2010-08-11 08:40 . 2010-06-28 14:52 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22720_none_2fd60860332c475f\ieUnatt.exe
+ 2010-06-12 08:36 . 2010-05-04 16:53 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18498_none_2f08baa51a403b96\ieUnatt.exe
+ 2010-08-11 08:40 . 2010-06-28 14:52 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.22720_none_f3e18ed7d35462d7\mshtmler.dll
+ 2010-08-11 08:40 . 2010-06-28 16:27 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.22720_none_f3e18ed7d35462d7\ieencode.dll
+ 2006-11-02 07:33 . 2006-11-02 07:33 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.18498_none_f314411cba68570e\mshtmler.dll
+ 2010-08-11 08:40 . 2010-06-28 16:13 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.18498_none_f314411cba68570e\ieencode.dll
+ 2010-08-11 08:40 . 2010-06-28 16:24 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.22720_none_aea62a241ff3b022\admparse.dll
+ 2008-01-21 02:23 . 2008-01-21 02:23 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18498_none_add8dc690707a459\admparse.dll
+ 2010-08-11 08:40 . 2010-06-29 16:05 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22434_none_043c9ef8b82baeed\WininetPlugin.dll
+ 2010-08-11 08:40 . 2010-06-29 16:00 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22434_none_043c9ef8b82baeed\jsproxy.dll
+ 2009-06-11 08:37 . 2009-04-11 06:28 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18278_none_038bc1bf9f2ae71c\WininetPlugin.dll
+ 2009-06-11 08:37 . 2009-04-11 06:28 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18278_none_038bc1bf9f2ae71c\jsproxy.dll
+ 2010-08-11 08:40 . 2010-06-28 16:30 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22720_none_025cfbd4bb00d87c\WininetPlugin.dll
+ 2010-08-11 08:40 . 2010-06-28 16:27 28160 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22720_none_025cfbd4bb00d87c\jsproxy.dll
+ 2008-08-21 20:38 . 2008-02-22 05:01 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18498_none_018fae19a214ccb3\WininetPlugin.dll
+ 2010-08-11 08:40 . 2010-06-28 16:13 28160 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18498_none_018fae19a214ccb3\jsproxy.dll
+ 2010-09-15 14:25 . 2010-06-23 12:51 99328 c:\windows\System32\ZoneLabs\zlquarantine.dll
+ 2010-09-15 14:25 . 2010-06-23 12:51 70656 c:\windows\System32\ZoneLabs\zatray.exe
+ 2010-09-15 14:23 . 2008-11-29 08:19 65424 c:\windows\System32\ZoneLabs\vsdrinst.exe
+ 2010-09-15 14:23 . 2010-06-23 12:51 21504 c:\windows\System32\ZoneLabs\lib\zsys.zip.dll
+ 2010-09-15 14:23 . 2010-06-23 12:51 14336 c:\windows\System32\ZoneLabs\lib\zmenu.zip.dll
+ 2010-09-15 14:23 . 2010-06-23 12:51 46592 c:\windows\System32\ZoneLabs\lib\zfde.zip.dll
+ 2010-09-15 14:23 . 2010-06-23 12:51 85504 c:\windows\System32\ZoneLabs\lib\ZAlert.zip.dll
+ 2010-09-15 14:23 . 2010-06-23 12:51 37376 c:\windows\System32\ZoneLabs\lib\UpdateUI.zip.dll
+ 2010-09-15 14:23 . 2010-06-23 12:51 12800 c:\windows\System32\ZoneLabs\lib\oem_1488.zip.dll
+ 2010-09-15 14:23 . 2010-06-23 12:51 12800 c:\windows\System32\ZoneLabs\lib\oem_1487.zip.dll
+ 2010-09-15 14:23 . 2010-06-23 12:51 12800 c:\windows\System32\ZoneLabs\lib\oem_1486.zip.dll
+ 2010-09-15 14:23 . 2010-06-23 12:51 20992 c:\windows\System32\ZoneLabs\lib\oem_1466.zip.dll
+ 2010-09-15 14:23 . 2010-06-23 12:51 12800 c:\windows\System32\ZoneLabs\lib\oem_1460.zip.dll
+ 2010-09-15 14:23 . 2010-06-23 12:51 10240 c:\windows\System32\ZoneLabs\lib\oem_1454.zip.dll
+ 2010-09-15 14:23 . 2010-06-23 12:51 11264 c:\windows\System32\ZoneLabs\lib\oem_1445.zip.dll
+ 2010-09-15 14:23 . 2010-06-23 12:51 14336 c:\windows\System32\ZoneLabs\lib\oem_1440.zip.dll
+ 2010-09-15 14:23 . 2010-06-23 12:51 12288 c:\windows\System32\ZoneLabs\lib\oem_1413.zip.dll
+ 2010-09-15 14:23 . 2010-06-23 12:51 11264 c:\windows\System32\ZoneLabs\lib\oem_1010.zip.dll
+ 2010-09-15 14:23 . 2010-06-23 12:51 29184 c:\windows\System32\ZoneLabs\lib\NavBar.zip.dll
+ 2010-09-15 14:23 . 2010-06-23 12:51 13312 c:\windows\System32\ZoneLabs\lib\MainLoop.zip.dll
+ 2010-09-15 14:23 . 2010-06-23 12:51 35840 c:\windows\System32\ZoneLabs\lib\Alert.zip.dll
+ 2010-09-15 14:25 . 2010-06-23 12:51 38912 c:\windows\System32\ZoneLabs\featuremap.dll
+ 2010-09-15 14:25 . 2010-06-23 12:51 75776 c:\windows\System32\ZoneLabs\camupd.dll
+ 2010-09-15 14:23 . 2010-06-23 12:51 69120 c:\windows\System32\zlcomm.dll
+ 2008-01-21 01:58 . 2010-09-25 08:43 52072 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-09-25 08:43 77078 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-03 11:02 . 2010-09-25 08:43 11254 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-795216465-2891207141-2578417904-1000_UserData.bin
+ 2010-09-15 14:23 . 2010-06-23 12:51 43008 c:\windows\System32\vswmi.dll
+ 2010-09-15 14:25 . 2010-06-23 12:51 58368 c:\windows\System32\vsregexp.dll
+ 2010-08-11 08:40 . 2010-06-18 17:31 36864 c:\windows\System32\rtutils.dll
- 2006-11-02 12:34 . 2006-11-02 12:34 81920 c:\windows\System32\iccvid.dll
+ 2010-08-11 08:40 . 2010-05-27 20:08 81920 c:\windows\System32\iccvid.dll
+ 2010-04-19 19:47 . 2010-04-19 19:47 41984 c:\windows\System32\DriverStore\FileRepository\usbaapl.inf_bd0865d8\usbaapl.sys
+ 2010-08-11 08:40 . 2010-06-16 14:01 31232 c:\windows\System32\drivers\tcpipreg.sys
+ 2009-02-03 10:58 . 2010-09-25 08:43 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-03 10:58 . 2010-07-16 08:43 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-03 10:58 . 2010-07-16 08:43 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-03 10:58 . 2010-09-25 08:43 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-03 10:58 . 2010-07-16 08:43 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-03 10:58 . 2010-09-25 08:43 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-03 11:14 . 2010-09-24 08:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-03 11:14 . 2010-07-16 08:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-03 11:14 . 2010-09-24 08:34 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-03 11:14 . 2010-07-16 08:37 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-03 11:14 . 2010-09-24 08:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-03 11:14 . 2010-07-16 08:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-12 08:35 . 2010-08-12 08:35 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2010-06-12 08:45 . 2010-06-12 08:45 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-06-05 08:33 . 2010-09-09 08:38 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-06-05 08:33 . 2010-06-05 08:33 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2006-11-02 10:25 . 2010-06-22 11:01 86016 c:\windows\inf\infstor.dat
+ 2006-11-02 10:25 . 2010-09-15 14:23 86016 c:\windows\inf\infstor.dat
+ 2006-11-02 10:25 . 2010-09-15 14:23 51200 c:\windows\inf\infpub.dat
- 2006-11-02 10:25 . 2010-06-22 11:01 51200 c:\windows\inf\infpub.dat
+ 2010-08-12 11:59 . 2010-08-12 11:59 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\cf552934b75cb6b61f08e3354af8ab38\UIAutomationProvider.ni.dll
+ 2010-08-12 12:00 . 2010-08-12 12:00 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\f393e672479ce6ba2f7dfb5e4f3116b7\System.Windows.Presentation.ni.dll
+ 2010-08-12 12:00 . 2010-08-12 12:00 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\c5cd985c876a7bffc61898614694059c\System.Web.DynamicData.Design.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\04bea9cca189a163d0c16e891ad2fdc8\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\a899daa177f7bf5c6958dc5969e3a3de\System.AddIn.Contract.ni.dll
+ 2010-08-12 11:58 . 2010-08-12 11:58 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\e6acb23a203e892f501d0924fcc12f2c\stdole.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\156b0418acf284f30f7602a8378b52fd\PresentationFontCache.ni.exe
+ 2010-08-12 11:59 . 2010-08-12 11:59 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\5d23c64bac1fd4b0b2bcb1b9d83e6cf6\PresentationCFFRasterizer.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\b8c20b6ea36a8097e743cd22a16de151\napcrypt.ni.dll
+ 2010-08-12 12:00 . 2010-08-12 12:00 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\c648ec7ca268d909186339d7002c0810\Microsoft.Vsa.ni.dll
+ 2010-08-12 11:58 . 2010-08-12 11:58 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\8133699911f51e80280dfeab3e5d7ab4\Microsoft.VisualC.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\a356e8fb2f59ff46079840306184cbcb\Microsoft.Build.Framework.ni.dll
+ 2010-08-12 11:58 . 2010-08-12 11:58 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\3c2132d7b78b099112e669342aff5524\Microsoft.Build.Framework.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 68608 c:\windows\assembly\NativeImages_v2.0.50727_32\loadmxf\406368ba3f73633200eea9195292a828\loadmxf.ni.exe
+ 2010-08-12 11:59 . 2010-08-12 11:59 57856 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\5602e95333639ce92b0dd1ea5d7fde7a\ehiUserXp.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiReplay\a46cac19a4d8b6b690fdf79b3617f292\ehiReplay.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 23552 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtCOM\4c5668bbcf91950113bf75e5a31a4dc4\ehiExtCOM.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtCOM\a5996401de2fe555bf9f1a3356603c62\ehExtCOM.ni.dll
+ 2010-08-12 11:58 . 2010-08-12 11:58 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\1885a95e9314f393e86670da9930e08f\dfsvc.ni.exe
+ 2010-08-12 11:58 . 2010-08-12 11:58 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2565dad071661e3881888abd594e9e9d\Accessibility.ni.dll
+ 2010-08-11 08:40 . 2010-06-11 16:31 2048 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6002.22422_none_8acabb6dad2870a4\msxml3r.dll
+ 2006-11-02 08:26 . 2006-11-02 09:41 2048 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6002.18269_none_8a1cdf129424f4d8\msxml3r.dll
+ 2010-08-11 08:40 . 2010-06-11 15:25 2048 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.22709_none_8900eb63afeb94ff\msxml3r.dll
+ 2006-11-02 08:26 . 2006-11-02 09:41 2048 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18490_none_880cf8e6971f1251\msxml3r.dll
+ 2010-01-06 09:33 . 2010-09-15 08:54 3928 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-795216465-2891207141-2578417904-1001_UserData.bin
- 2010-07-16 08:37 . 2010-07-16 08:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-09-25 08:39 . 2010-09-25 08:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-07-16 08:37 . 2010-07-16 08:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-25 08:39 . 2010-09-25 08:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-15 13:40 . 2010-09-15 13:40 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceStopShortcut.exe
+ 2010-09-15 13:40 . 2010-09-15 13:40 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceStartShortcut.exe
+ 2010-09-15 13:40 . 2010-09-15 13:40 5430 c:\windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\RapportServiceConsoleShortcut.exe
+ 2010-09-07 10:27 . 2010-09-07 10:28 2560 c:\windows\_MSRSTRT.EXE
+ 2010-08-11 08:40 . 2010-05-19 11:41 388936 c:\windows\winsxs\x86_netfx-sos_dll_b03f5f7f11d50a3a_6.0.6002.22409_none_fcfd41ec14d22069\SOS.dll
+ 2010-08-11 08:40 . 2010-05-21 10:56 388936 c:\windows\winsxs\x86_netfx-sos_dll_b03f5f7f11d50a3a_6.0.6002.18260_none_13d1b793fb247173\SOS.dll
+ 2010-08-11 08:40 . 2010-05-19 11:39 989016 c:\windows\winsxs\x86_netfx-mscordacwks_b03f5f7f11d50a3a_6.0.6002.22409_none_142efa2b20dd4454\mscordacwks.dll
+ 2010-08-11 08:40 . 2010-05-21 10:56 989016 c:\windows\winsxs\x86_netfx-mscordacwks_b03f5f7f11d50a3a_6.0.6002.18260_none_2b036fd3072f955e\mscordacwks.dll
+ 2010-08-11 08:40 . 2010-05-28 16:14 197632 c:\windows\winsxs\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.0.6002.22414_none_6f0c0c64eeb82f1d\ir32_32.dll
+ 2006-11-02 12:34 . 2006-11-02 12:34 197632 c:\windows\winsxs\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.0.6002.18263_none_6e4b5dcdd5c4048a\ir32_32.dll
+ 2010-08-11 08:40 . 2010-05-27 19:11 197632 c:\windows\winsxs\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.0.6001.22702_none_6d2e69d4f18b8b5a\ir32_32.dll
+ 2006-11-02 12:34 . 2006-11-02 12:34 197632 c:\windows\winsxs\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.0.6001.18483_none_6c4f4a27d8adea21\ir32_32.dll
+ 2010-09-15 08:43 . 2010-04-16 17:20 502784 c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6002.22384_none_af1813076efd8bc3\usp10.dll
+ 2010-09-15 08:43 . 2010-04-16 16:46 502272 c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6002.18244_none_aeb9b5ec55bf7c35\usp10.dll
+ 2010-09-15 08:43 . 2010-04-16 16:11 502272 c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6001.22672_none_ad3a707771d0e800\usp10.dll
+ 2010-09-15 08:43 . 2010-04-16 16:10 501760 c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6001.18461_none_acbaa16858ac15c7\usp10.dll
+ 2010-08-11 08:40 . 2010-06-16 16:39 912776 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
+ 2010-09-15 14:24 . 2010-04-05 20:00 910208 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22377_none_b5497d157cdc9c9f\tcpip.sys
+ 2010-08-11 08:40 . 2010-06-16 16:04 905088 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
+ 2010-08-11 08:40 . 2010-06-16 15:55 902032 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
+ 2010-09-15 14:24 . 2010-04-05 17:03 902024 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys
+ 2010-08-11 08:40 . 2010-06-16 15:59 898952 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
+ 2010-08-11 08:40 . 2010-06-18 15:14 145408 c:\windows\winsxs\x86_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.0.6002.22427_none_dc4e15b40cc980e1\srv2.sys
+ 2010-08-11 08:40 . 2010-06-18 15:04 144896 c:\windows\winsxs\x86_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.0.6002.18274_none_db8b6688f3d723a0\srv2.sys
+ 2010-08-11 08:40 . 2010-06-18 14:51 145408 c:\windows\winsxs\x86_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.0.6001.22715_none_da7073240f9cdd1e\srv2.sys
+ 2010-08-11 08:40 . 2010-06-18 14:43 144896 c:\windows\winsxs\x86_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.0.6001.18495_none_d990532cf6c0228e\srv2.sys
+ 2010-08-11 08:40 . 2010-06-18 15:14 303104 c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6002.22427_none_dc58e5a00cc164f0\srv.sys
+ 2010-08-11 08:40 . 2010-06-18 15:04 302080 c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6002.18274_none_db963674f3cf07af\srv.sys
+ 2010-08-11 08:40 . 2010-06-18 14:51 303104 c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.22715_none_da7b43100f94c12d\srv.sys
+ 2010-08-11 08:40 . 2010-06-18 14:43 302080 c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.18495_none_d99b2318f6b8069d\srv.sys
+ 2010-08-11 08:40 . 2010-06-11 16:33 275456 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6002.22422_none_2472c5e16b952529\schannel.dll
+ 2010-08-11 08:40 . 2010-06-11 16:16 274944 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6002.18269_none_23c4e9865291a95d\schannel.dll
+ 2010-08-11 08:40 . 2010-06-11 15:26 274944 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6001.22709_none_22a8f5d76e584984\schannel.dll
+ 2010-08-11 08:40 . 2010-06-11 15:31 274432 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6001.18490_none_21b5035a558bc6d6\schannel.dll
+ 2010-09-15 08:43 . 2010-08-17 14:20 128000 c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.22468_none_d882e000d7f61b4c\spoolsv.exe
+ 2010-09-15 08:43 . 2010-08-17 14:11 128000 c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18294_none_d7d4d063bef46cd2\spoolsv.exe
+ 2010-09-15 08:43 . 2010-08-17 13:27 128000 c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.22743_none_d6ad0c7edac40f93\spoolsv.exe
+ 2010-09-15 08:43 . 2010-08-17 13:32 126464 c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18511_none_d641dcfdc18fec21\spoolsv.exe
+ 2010-08-11 08:40 . 2010-06-16 15:11 438272 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22713_none_cda6490a43adceb3\IKEEXT.DLL
+ 2010-08-11 08:40 . 2010-06-16 15:10 595456 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22713_none_cda6490a43adceb3\FWPUCLNT.DLL
+ 2010-08-11 08:40 . 2010-06-16 15:09 328704 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22713_none_cda6490a43adceb3\BFE.DLL
+ 2010-09-15 14:24 . 2010-04-05 16:29 438272 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22665_none_cd72381c43d48fef\IKEEXT.DLL
+ 2010-09-15 14:24 . 2010-04-05 16:29 595456 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22665_none_cd72381c43d48fef\FWPUCLNT.DLL
+ 2010-09-15 14:24 . 2010-04-05 16:28 328704 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22665_none_cd72381c43d48fef\BFE.DLL
+ 2010-09-15 14:24 . 2010-04-05 20:00 221568 c:\windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6002.22377_none_58c6d798cbc3e308\netio.sys
+ 2010-08-11 08:40 . 2010-06-16 15:55 220040 c:\windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22713_none_571d45f6ce707e09\netio.sys
+ 2010-09-15 14:24 . 2010-04-05 17:02 220040 c:\windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22665_none_56e93508ce973f45\netio.sys
+ 2010-09-15 08:43 . 2010-04-05 17:16 317952 c:\windows\winsxs\x86_microsoft-windows-mp4sdecd_31bf3856ad364e35_6.0.6002.22377_none_1113d357839f8d5f\MP4SDECD.DLL
+ 2010-09-15 08:43 . 2010-04-05 17:02 317952 c:\windows\winsxs\x86_microsoft-windows-mp4sdecd_31bf3856ad364e35_6.0.6002.18236_none_10b475f26a62647a\MP4SDECD.DLL
+ 2010-09-15 08:43 . 2010-04-05 16:30 317952 c:\windows\winsxs\x86_microsoft-windows-mp4sdecd_31bf3856ad364e35_6.0.6001.22665_none_0f3630c78672e99c\MP4SDECD.DLL
+ 2010-09-15 08:43 . 2010-04-05 16:08 317952 c:\windows\winsxs\x86_microsoft-windows-mp4sdecd_31bf3856ad364e35_6.0.6001.18454_none_0eb661b86d4e1763\MP4SDECD.DLL
+ 2010-08-11 08:40 . 2010-06-17 18:30 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.22426_none_f4c2683b236c5a9c\WMM2AE.dll
+ 2010-08-11 08:40 . 2010-06-17 16:27 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.22426_none_f4c2683b236c5a9c\MOVIEMK.exe
+ 2009-09-24 08:56 . 2009-04-11 06:28 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.18273_none_f3ffb9100a79fd5b\WMM2AE.dll
+ 2010-08-11 08:40 . 2010-06-17 16:16 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.18273_none_f3ffb9100a79fd5b\MOVIEMK.exe
+ 2010-08-11 08:40 . 2010-06-17 17:24 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.22714_none_f2e4c5ab263fb6d9\WMM2AE.dll
+ 2010-08-11 08:40 . 2010-06-17 16:03 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.22714_none_f2e4c5ab263fb6d9\MOVIEMK.exe
+ 2008-01-21 02:25 . 2008-01-21 02:25 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18494_none_f204a5b40d62fc49\WMM2AE.dll
+ 2010-08-11 08:40 . 2010-06-17 15:49 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18494_none_f204a5b40d62fc49\MOVIEMK.exe
+ 2010-09-15 08:43 . 2010-05-27 20:27 739328 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6002.22413_none_7c1975736ed5f037\inetcomm.dll
+ 2010-09-15 08:43 . 2010-05-27 20:08 739328 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6002.18263_none_7b59c72655e0defb\inetcomm.dll
+ 2010-09-15 08:43 . 2010-05-27 19:11 738816 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.22702_none_7a3cd32d71a865cb\inetcomm.dll
+ 2010-09-15 08:43 . 2010-05-27 19:16 738816 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.18483_none_795db38058cac492\inetcomm.dll
+ 2010-08-11 08:40 . 2010-06-29 16:00 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.22434_none_66f6181ac477a650\ieui.dll
+ 2010-06-12 08:37 . 2010-05-04 19:10 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.18278_none_66453ae1ab76de7f\ieui.dll
+ 2010-08-11 08:40 . 2010-06-28 16:27 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22720_none_651674f6c74ccfdf\ieui.dll
+ 2008-01-21 02:24 . 2008-01-21 02:24 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18498_none_6449273bae60c416\ieui.dll
+ 2010-08-11 08:40 . 2010-06-28 16:30 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22720_none_4817b2b0a5b1f6d9\sqmapi.dll
+ 2010-08-11 08:40 . 2010-06-28 16:27 271360 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22720_none_4817b2b0a5b1f6d9\iertutil.dll
+ 2008-01-21 02:24 . 2008-01-21 02:24 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18498_none_474a64f58cc5eb10\sqmapi.dll
+ 2010-08-11 08:40 . 2010-06-28 16:13 270848 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18498_none_474a64f58cc5eb10\iertutil.dll
+ 2010-08-11 08:40 . 2010-06-28 16:29 146432 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6001.22720_none_379a70832d50dc47\occache.dll
+ 2010-08-11 08:40 . 2010-06-28 16:15 146432 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6001.18498_none_36cd22c81464d07e\occache.dll
+ 2010-08-11 08:40 . 2010-06-28 16:33 634656 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22720_none_2fd60860332c475f\iexplore.exe
+ 2010-08-11 08:40 . 2010-06-28 16:19 634648 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18498_none_2f08baa51a403b96\iexplore.exe
+ 2010-08-11 08:40 . 2010-06-29 16:01 477184 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6002.22434_none_4a7c94e259bd61fb\mshtmled.dll
+ 2010-08-11 08:40 . 2010-06-29 15:44 477184 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6002.18278_none_49cbb7a940bc9a2a\mshtmled.dll
+ 2010-08-11 08:40 . 2010-06-28 16:28 476672 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6001.22720_none_489cf1be5c928b8a\mshtmled.dll
+ 2010-08-11 08:40 . 2010-06-28 16:14 476672 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6001.18498_none_47cfa40343a67fc1\mshtmled.dll
+ 2010-08-11 08:40 . 2010-06-28 16:28 458240 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6001.22720_none_605a92a353a42b34\msfeeds.dll
+ 2010-08-11 08:40 . 2010-06-28 16:14 458240 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6001.18498_none_5f8d44e83ab81f6b\msfeeds.dll
+ 2010-08-11 08:40 . 2010-06-29 16:00 193024 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_6.0.6002.22434_none_3f17302a0866774f\iepeers.dll
+ 2010-08-11 08:40 . 2010-06-29 15:43 193024 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_6.0.6002.18278_none_3e6652f0ef65af7e\iepeers.dll
+ 2010-08-11 08:40 . 2010-06-28 16:27 193024 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_6.0.6001.22720_none_3d378d060b3ba0de\iepeers.dll
+ 2010-08-11 08:40 . 2010-06-28 16:13 193024 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_6.0.6001.18498_none_3c6a3f4af24f9515\iepeers.dll
+ 2010-08-11 08:40 . 2010-06-29 16:00 380928 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6002.22434_none_fde5c1d282172940\ieapfltr.dll
+ 2010-08-11 08:40 . 2010-06-29 15:43 380928 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6002.18278_none_fd34e4996916616f\ieapfltr.dll
+ 2010-08-11 08:40 . 2010-06-28 16:27 380928 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6001.22720_none_fc061eae84ec52cf\ieapfltr.dll
+ 2010-08-11 08:40 . 2010-06-28 16:13 380928 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6001.18498_none_fb38d0f36c004706\ieapfltr.dll
+ 2010-08-11 08:40 . 2010-06-28 16:27 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.22720_none_aea62a241ff3b022\ieakui.dll
+ 2010-08-11 08:40 . 2010-06-28 16:27 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.22720_none_aea62a241ff3b022\ieaksie.dll
+ 2006-11-02 07:27 . 2006-11-02 09:39 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18498_none_add8dc690707a459\ieakui.dll
+ 2010-08-11 08:40 . 2010-06-28 16:13 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18498_none_add8dc690707a459\ieaksie.dll
+ 2010-08-11 08:40 . 2010-06-28 16:27 389120 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6001.22720_none_74c474d070aaf943\iedkcs32.dll
+ 2010-08-11 08:40 . 2010-06-28 16:13 389120 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6001.18498_none_73f7271557beed7a\iedkcs32.dll
+ 2010-08-11 08:40 . 2010-06-29 16:05 834560 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22434_none_043c9ef8b82baeed\wininet.dll
+ 2010-08-11 08:40 . 2010-06-29 15:47 834048 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18278_none_038bc1bf9f2ae71c\wininet.dll
+ 2010-08-11 08:40 . 2010-06-28 16:30 834048 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22720_none_025cfbd4bb00d87c\wininet.dll
+ 2010-08-11 08:40 . 2010-06-28 16:17 833024 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18498_none_018fae19a214ccb3\wininet.dll
+ 2010-08-11 08:40 . 2010-06-28 16:28 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22720_none_e139aefb95a07158\mstime.dll
+ 2010-08-11 08:40 . 2010-06-28 16:14 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18498_none_e06c61407cb4658f\mstime.dll
+ 2010-09-15 14:25 . 2010-06-23 12:51 141824 c:\windows\System32\ZoneLabs\zlupdate.dll
+ 2010-09-15 14:25 . 2010-06-23 12:51 173056 c:\windows\System32\ZoneLabs\vsvault.dll
+ 2010-09-15 14:23 . 2010-06-23 12:51 211456 c:\windows\System32\ZoneLabs\vsdb.dll
+ 2010-09-15 14:23 . 2010-05-15 15:30 457304 c:\windows\System32\ZoneLabs\vsdatant.sys
+ 2010-09-15 14:25 . 2007-10-11 15:51 832984 c:\windows\System32\ZoneLabs\updating.dll
+ 2010-09-15 14:23 . 2010-06-23 12:51 434688 c:\windows\System32\ZoneLabs\ssleay32.dll
+ 2010-09-15 14:25 . 2010-06-23 12:51 135680 c:\windows\System32\ZoneLabs\scheduler.dll
+ 2010-09-15 14:25 . 2009-07-13 22:58 722392 c:\windows\System32\ZoneLabs\qrbase.dll
+ 2010-09-15 14:23 . 2010-06-23 12:51 126976 c:\windows\System32\ZoneLabs\lib\zui.zip.dll
+ 2010-09-15 14:23 . 2010-06-23 12:51 279040 c:\windows\System32\ZoneLabs\lib\TrayTest.zip.dll
+ 2010-09-15 14:23 . 2010-06-23 12:51 225792 c:\windows\System32\ZoneLabs\lib\Overview.zip.dll
+ 2010-09-15 14:23 . 2010-06-23 12:51 368640 c:\windows\System32\ZoneLabs\lib\LicenseUI.zip.dll
+ 2010-09-15 14:23 . 2010-06-23 12:51 184832 c:\windows\System32\ZoneLabs\lib\DashBoard.zip.dll
+ 2010-09-15 14:23 . 2010-06-23 12:51 375296 c:\windows\System32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2010-09-15 14:23 . 2010-02-08 07:41 595432 c:\windows\System32\ZoneLabs\icslta.dll
+ 2010-09-15 14:25 . 2010-05-04 13:04 284136 c:\windows\System32\ZoneLabs\ffapi.dll
+ 2010-09-15 14:25 . 2010-06-23 12:51 169984 c:\windows\System32\ZoneLabs\fbl.dll
+ 2010-09-15 14:25 . 2008-03-17 15:52 813568 c:\windows\System32\ZoneLabs\dbghelp.dll
+ 2010-09-15 14:23 . 2010-06-23 12:51 103936 c:\windows\System32\zlcommdb.dll
+ 2010-09-15 14:23 . 2010-06-23 12:51 110080 c:\windows\System32\vsxml.dll
+ 2010-09-15 14:23 . 2010-06-23 12:51 713728 c:\windows\System32\vsutil.dll
+ 2010-09-15 14:23 . 2010-06-23 12:51 302592 c:\windows\System32\vspubapi.dll
+ 2010-09-15 14:23 . 2010-06-23 12:51 108032 c:\windows\System32\vsmonapi.dll
+ 2010-09-15 14:23 . 2010-06-23 12:51 228864 c:\windows\System32\vsinit.dll
+ 2010-09-15 14:23 . 2010-06-23 12:51 112128 c:\windows\System32\vsdata.dll
+ 2010-08-11 08:40 . 2010-06-11 16:16 274944 c:\windows\System32\schannel.dll
- 2006-11-02 10:33 . 2010-07-16 08:56 608760 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-09-25 08:44 608760 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-09-25 08:44 108268 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2010-07-16 08:56 108268 c:\windows\System32\perfc009.dat
- 2010-06-12 08:36 . 2010-05-04 19:12 477184 c:\windows\System32\mshtmled.dll
+ 2010-08-11 08:40 . 2010-06-29 15:44 477184 c:\windows\System32\mshtmled.dll
+ 2010-08-25 08:34 . 2010-09-07 10:43 232912 c:\windows\System32\Macromed\Flash\FlashUtil10i_Plugin.exe
+ 2010-08-11 08:40 . 2010-06-29 15:43 193024 c:\windows\System32\iepeers.dll
- 2010-06-12 08:36 . 2010-05-04 19:10 193024 c:\windows\System32\iepeers.dll
- 2010-06-12 08:36 . 2010-05-04 19:10 380928 c:\windows\System32\ieapfltr.dll
+ 2010-08-11 08:40 . 2010-06-29 15:43 380928 c:\windows\System32\ieapfltr.dll
+ 2006-11-02 12:47 . 2010-09-07 10:29 313456 c:\windows\System32\FNTCACHE.DAT
+ 2010-09-15 14:23 . 2010-05-15 15:30 457304 c:\windows\System32\DriverStore\FileRepository\vsdatant.inf_e9b8aed6\vsdatant.sys
+ 2010-09-15 14:23 . 2010-05-15 15:30 457304 c:\windows\System32\drivers\vsdatant.sys
+ 2010-08-11 08:40 . 2010-06-16 16:39 912776 c:\windows\System32\drivers\tcpip.sys
+ 2010-08-11 08:40 . 2010-06-18 15:04 144896 c:\windows\System32\drivers\srv2.sys
- 2009-10-15 09:42 . 2009-09-14 09:29 144896 c:\windows\System32\drivers\srv2.sys
- 2010-02-10 09:44 . 2009-12-11 11:43 302080 c:\windows\System32\drivers\srv.sys
+ 2010-08-11 08:40 . 2010-06-18 15:04 302080 c:\windows\System32\drivers\srv.sys
+ 2010-08-11 08:40 . 2010-05-21 10:56 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2009-10-16 08:27 . 2009-09-04 06:59 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2010-08-11 08:40 . 2010-05-21 10:56 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2010-09-07 13:18 . 2010-09-07 13:18 807936 c:\windows\Installer\9ae247.msi
+ 2010-09-07 13:21 . 2010-09-07 13:21 380928 c:\windows\Installer\{350FB27C-CF62-4EF3-AF9D-70FF313FE221}\iTunesIco.exe
- 2006-11-02 10:25 . 2010-06-22 11:01 143360 c:\windows\inf\infstrng.dat
+ 2006-11-02 10:25 . 2010-09-15 14:23 143360 c:\windows\inf\infstrng.dat
+ 2010-08-12 12:00 . 2010-08-12 12:00 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\96e88a5f9dbbcfdb736568e69d43cff9\WsatConfig.ni.exe
+ 2010-08-12 12:00 . 2010-08-12 12:00 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\60ecc5c53d5ba77c9c40d01e5af58246\WindowsFormsIntegration.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\9df5076cb69aeb3101fd624ad4f499b0\UIAutomationTypes.ni.dll
+ 2010-08-12 12:00 . 2010-08-12 12:00 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\a45d53185f7690a65a8c1bb758f14d40\UIAutomationClient.ni.dll
+ 2010-08-12 12:00 . 2010-08-12 12:00 235520 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\282b33969e987f3c2dafaa2e5c5f728b\TaskScheduler.ni.dll
+ 2010-08-12 12:00 . 2010-08-12 12:00 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\5fc514748fdde7be8871044e0102f208\System.Xml.Linq.ni.dll
+ 2010-08-12 12:00 . 2010-08-12 12:00 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\07efa566dfb7e3367085d310e55f677f\System.Web.Routing.ni.dll
+ 2010-08-12 11:58 . 2010-08-12 11:58 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\7735dbcd7f5280a01ec1e9ebfbfd9564\System.Web.RegularExpressions.ni.dll
+ 2010-08-12 12:00 . 2010-08-12 12:00 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\cb9bb30db142c3f856202fae6efd755d\System.Web.Extensions.Design.ni.dll
+ 2010-08-12 12:00 . 2010-08-12 12:00 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\309dc95f10521331d7813e54946d164d\System.Web.Entity.ni.dll
+ 2010-08-12 12:00 . 2010-08-12 12:00 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\3bbf6be655c227fed53b4d7c1758b741\System.Web.Entity.Design.ni.dll
+ 2010-08-12 12:00 . 2010-08-12 12:00 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\2598e27d1f0d6cf86b1f2ea605379b49\System.Web.DynamicData.ni.dll
+ 2010-08-12 12:00 . 2010-08-12 12:00 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\371304d76734059d69e93c7c7c5f3f87\System.Web.Abstractions.ni.dll
+ 2010-08-12 11:58 . 2010-08-12 11:58 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9f38a2b0adadce82d09209811af4043e\System.Transactions.ni.dll
+ 2010-08-12 11:58 . 2010-08-12 11:58 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\33891c1f2a8120a3b7bb463cc6f97438\System.ServiceProcess.ni.dll
+ 2010-08-12 11:58 . 2010-08-12 11:58 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\b5d2d15c9453a01b8761bf19afd1ccb6\System.Security.ni.dll
+ 2010-08-12 11:58 . 2010-08-12 11:58 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e6beeb0283ef0a1e2c1b65fa05bf2876\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-08-12 11:58 . 2010-08-12 11:58 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6c2e750e360af7a54a6713cf66920869\System.Runtime.Remoting.ni.dll
+ 2010-08-12 12:00 . 2010-08-12 12:00 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\a151e0db5d00543aecc4eaae05d8c7b1\System.Net.ni.dll
+ 2010-08-12 11:58 . 2010-08-12 11:58 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\dab204b4ba2212740f4c0f1563f37696\System.Messaging.ni.dll
+ 2010-08-12 12:00 . 2010-08-12 12:00 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\7187abb11454f0dece04ed04dea43929\System.Management.ni.dll
+ 2010-08-12 12:00 . 2010-08-12 12:00 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\4aead7d6a1a6ab1c9e73c6c5f0dc8c1b\System.Management.Instrumentation.ni.dll
+ 2010-08-12 12:00 . 2010-08-12 12:00 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\937481e0aef42993453207c3a0f8bc55\System.IO.Log.ni.dll
+ 2010-08-12 11:58 . 2010-08-12 11:58 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\96102bf56b1e4d8924eac8818ea68820\System.IdentityModel.Selectors.ni.dll
+ 2010-08-12 11:58 . 2010-08-12 11:58 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\32e6bf88bb0dcdad040abc8ad97cab83\System.EnterpriseServices.Wrapper.dll
+ 2010-08-12 11:58 . 2010-08-12 11:58 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\32e6bf88bb0dcdad040abc8ad97cab83\System.EnterpriseServices.ni.dll
+ 2010-08-12 11:55 . 2010-08-12 11:55 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\373c6551ad640a1de178a5f7becd41fd\System.Drawing.Design.ni.dll
+ 2010-08-12 11:58 . 2010-08-12 11:58 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a96524c7c097d56fcc70dd505debcc1d\System.DirectoryServices.Protocols.ni.dll
+ 2010-08-12 12:00 . 2010-08-12 12:00 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\51747c9fabada4a2f0c4def76613c6cd\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-08-12 12:00 . 2010-08-12 12:00 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\eed47170f4b867402cbb44915f45f298\System.Data.Services.Design.ni.dll
+ 2010-08-12 12:00 . 2010-08-12 12:00 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3097f90ab5e29e5eb0d8c433000acf16\System.Data.Services.Client.ni.dll
+ 2010-08-12 12:00 . 2010-08-12 12:00 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\6c294d7fba114025a3f4f330cf541c7e\System.Data.Entity.Design.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\e404c37e48fe5eafa395333520045a24\System.Data.DataSetExtensions.ni.dll
+ 2010-08-12 11:58 . 2010-08-12 11:58 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ca467e23bbfcffac8809b9e21dcbd9a6\System.Configuration.ni.dll
+ 2010-08-12 11:58 . 2010-08-12 11:58 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\5904e3d51b6d7628ed01c0f5345e5ff6\System.Configuration.Install.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\b56f5ff3e814e0a4e83231153cde0d0e\System.AddIn.ni.dll
+ 2010-08-12 12:00 . 2010-08-12 12:00 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\aa85f92b421a8ca0af79b376f37e51fb\sysglobl.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\3229c727887ebc9f4065e0cd12d05e2d\SMSvcHost.ni.exe
+ 2010-08-12 11:58 . 2010-08-12 11:58 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\93c834845cbbddae777d614b2d0f8f95\SMDiagnostics.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\70e0d7f2c857c3566aa82053c199e696\ServiceModelReg.ni.exe
+ 2010-08-12 11:55 . 2010-08-12 11:55 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bc66d228134a22312c0e1b66dedb6355\PresentationFramework.Royale.ni.dll
+ 2010-08-12 11:55 . 2010-08-12 11:55 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6d23ebf0175664d7a8579e2762cae3d0\PresentationFramework.Luna.ni.dll
+ 2010-08-12 11:55 . 2010-08-12 11:55 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\60e971a87bbff522188ae9c6985f40b9\PresentationFramework.Aero.ni.dll
+ 2010-08-12 11:55 . 2010-08-12 11:55 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2748627bab39e441420b5cdf329c6be1\PresentationFramework.Classic.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 724992 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\2f105c5bb0901401129bf03e8e71cc94\napsnap.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 110080 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\974e310546d192d00c5fd8b1f9650e79\napinit.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 115712 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\61baa41cfd0504ef33ec7e13df3c170d\naphlpr.ni.dll
+ 2010-08-12 11:58 . 2010-08-12 11:58 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\2a571636031f617332a0abbaf5c3f084\MSBuild.ni.exe
+ 2010-08-12 11:59 . 2010-08-12 11:59 285184 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\d986a5602301ae525f12aab511e93c4e\MMCFxCommon.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\28d7f58060857b4cf2c63be26048cb65\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 227840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\9c02ac74b4f52ae5cf0f2660be7810be\Microsoft.MediaCenter.Shell.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 659968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\5a227376c67a644a05e9154d3d850b2d\Microsoft.MediaCenter.Sports.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\15ee9ad3f763e25098d89605ba99702c\Microsoft.MediaCenter.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 558592 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\6f1906228f69deb64dd61d0e5131e503\Microsoft.ManagementConsole.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\6c824af5aeae3dd7beb68403481e4067\Microsoft.Build.Utilities.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\287c1915da744bdf10ec4feb443d17cb\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 888320 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\b6fc09b42edaabcc0f8f6ed5cd825736\Microsoft.Build.Engine.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\9684b6d4d7467b94b04faf8e477bab0f\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 238592 c:\windows\assembly\NativeImages_v2.0.50727_32\Mcx2Dvcs\c3c8102a4cbdea2ab1aa4d89bf86ed92\Mcx2Dvcs.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 254976 c:\windows\assembly\NativeImages_v2.0.50727_32\mcupdate\f07dac825e440c785869077bb7dcefed\mcupdate.ni.exe
+ 2010-08-12 11:59 . 2010-08-12 11:59 225280 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\45534af3333fa890ea204a596ae1e5e6\mcstoredb.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 642560 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\591041993cfe14fe8dcbea7d2081908f\mcstore.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 543744 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\dbb5ef49b7916ce0a2cf60ff3afb5e70\EventViewer.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 103936 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiWUapi\132b716b550c2dc96f34cdf14ed8317a\ehiWUapi.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 338432 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiwmp\b5f6733da0da72ead97a0f58e1b40df1\ehiwmp.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 797696 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\0804b988efb74339c7d05caec7d6a174\ehiVidCtl.ni.dll
+ 2010-08-12 11:58 . 2010-08-12 11:58 965632 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\d51895c8f10f165aa7d9d2cdb7dc0083\ehiProxy.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 565760 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiPlay\da82144c320425d06fa6ea20372cf368\ehiPlay.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 160768 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\42a72017d8679378086420169f6ab2d6\ehiExtens.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 243200 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost\f1081a83479e0a0abedc41b910a01138\ehExtHost.ni.exe
+ 2010-08-12 11:59 . 2010-08-12 11:59 305152 c:\windows\assembly\NativeImages_v2.0.50727_32\ehepgdat\a2fc62ad63f3c13b83b6006db80641bd\ehepgdat.ni.dll
+ 2010-08-12 11:58 . 2010-08-12 11:58 220160 c:\windows\assembly\NativeImages_v2.0.50727_32\ehCIR\9fc65e7d119c6abccc56530451a61e5c\ehCIR.ni.dll
+ 2010-08-12 11:58 . 2010-08-12 11:58 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\df51961ed496f46601dd0bb255a31161\CustomMarshalers.ni.dll
+ 2010-08-12 11:58 . 2010-08-12 11:58 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\7212937280ee06b0ef45b41651516be8\ComSvcConfig.ni.exe
+ 2010-08-12 11:58 . 2010-08-12 11:58 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\ba32856173defc992995032a2c8fe78b\BDATunePIA.ni.dll
+ 2010-08-12 11:58 . 2010-08-12 11:58 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\c36ac9c6cd9b8d58c34fa0c965770c18\AspNetMMCExt.ni.dll
+ 2010-08-11 08:40 . 2010-05-19 11:41 5819728 c:\windows\winsxs\x86_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.0.6002.22409_none_1b6ad74448dc3881\mscorwks.dll
+ 2010-08-11 08:40 . 2010-05-21 10:56 5813072 c:\windows\winsxs\x86_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.0.6002.18260_none_323f4cec2f2e898b\mscorwks.dll
+ 2010-08-11 08:40 . 2010-05-19 11:39 4550656 c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6002.22409_none_b0c40856db54d3fc\mscorlib.dll
+ 2010-08-11 08:40 . 2010-05-21 10:56 4550656 c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6002.18260_none_c7987dfec1a72506\mscorlib.dll
+ 2010-08-11 08:40 . 2010-06-21 13:47 2045952 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.22428_none_bb55f649b0d3b032\win32k.sys
+ 2010-08-11 08:40 . 2010-06-21 13:37 2037760 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.18275_none_ba93471e97e152f1\win32k.sys
+ 2010-08-11 08:40 . 2010-06-21 13:25 2036736 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22716_none_b97853b9b3a70c6f\win32k.sys
+ 2010-08-11 08:40 . 2010-06-21 13:18 2036736 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18496_none_b89833c29aca51df\win32k.sys
+ 2010-08-11 08:40 . 2010-06-08 18:04 3550600 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22420_none_6e8adbdfca772e22\ntoskrnl.exe
+ 2010-08-11 08:40 . 2010-06-08 18:04 3601792 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22420_none_6e8adbdfca772e22\ntkrnlpa.exe
+ 2010-08-11 08:40 . 2010-06-08 17:35 3548040 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18267_none_6ddcff84b173b256\ntoskrnl.exe
+ 2010-08-11 08:40 . 2010-06-08 17:35 3600768 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18267_none_6ddcff84b173b256\ntkrnlpa.exe
+ 2010-08-11 08:40 . 2010-06-08 16:47 3548552 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22707_none_6cc10bd5cd3a527d\ntoskrnl.exe
+ 2010-08-11 08:40 . 2010-06-08 16:47 3600784 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22707_none_6cc10bd5cd3a527d\ntkrnlpa.exe
+ 2010-08-11 08:40 . 2010-06-08 17:00 3545992 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18488_none_6be1ec28b45cb144\ntoskrnl.exe
+ 2010-08-11 08:40 . 2010-06-08 17:00 3598216 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18488_none_6be1ec28b45cb144\ntkrnlpa.exe
+ 2010-09-15 08:43 . 2010-08-17 10:52 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22468_none_f4bf570381e7a95d\OESpamFilter.dat
+ 2010-09-15 08:43 . 2010-08-17 10:52 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18294_none_f411476668e5fae3\OESpamFilter.dat
+ 2010-09-15 08:43 . 2010-08-17 10:53 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22743_none_f2e9838184b59da4\OESpamFilter.dat
+ 2010-09-15 08:43 . 2010-08-17 10:52 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18511_none_f27e54006b817a32\OESpamFilter.dat
+ 2010-08-11 08:40 . 2010-06-11 16:31 1248768 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6002.22422_none_8acabb6dad2870a4\msxml3.dll
+ 2010-08-11 08:40 . 2010-06-11 16:15 1248768 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6002.18269_none_8a1cdf129424f4d8\msxml3.dll
+ 2010-08-11 08:40 . 2010-06-11 15:25 1257472 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.22709_none_8900eb63afeb94ff\msxml3.dll
+ 2010-08-11 08:40 . 2010-06-11 15:30 1257472 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18490_none_880cf8e6971f1251\msxml3.dll
+ 2010-08-11 08:40 . 2010-06-29 16:00 6081536 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.22434_none_66f6181ac477a650\ieframe.dll
+ 2010-08-11 08:40 . 2010-06-29 15:43 6080000 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.18278_none_66453ae1ab76de7f\ieframe.dll
+ 2010-08-11 08:40 . 2010-06-28 16:27 6072832 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22720_none_651674f6c74ccfdf\ieframe.dll
+ 2010-08-11 08:40 . 2010-06-28 16:13 6069248 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18498_none_6449273bae60c416\ieframe.dll
+ 2010-08-11 08:40 . 2010-06-29 16:01 3604480 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.22434_none_1596be1738821823\mshtml.dll
+ 2010-08-11 08:40 . 2010-06-29 15:44 3603456 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.18278_none_14e5e0de1f815052\mshtml.dll
+ 2010-08-11 08:40 . 2010-06-28 16:28 3588608 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22720_none_13b71af33b5741b2\mshtml.dll
+ 2010-08-11 08:40 . 2010-06-28 16:14 3586560 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18498_none_12e9cd38226b35e9\mshtml.dll
+ 2009-07-29 13:46 . 2009-06-18 06:56 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6002.22434_none_fde5c1d282172940\ieapfltr.dat
+ 2009-07-29 13:46 . 2009-06-18 06:56 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6002.18278_none_fd34e4996916616f\ieapfltr.dat
+ 2009-07-29 13:46 . 2009-06-18 06:56 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6001.22720_none_fc061eae84ec52cf\ieapfltr.dat
+ 2009-07-29 13:46 . 2009-06-18 06:56 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6001.18498_none_fb38d0f36c004706\ieapfltr.dat
+ 2010-08-11 08:40 . 2010-06-29 16:05 1176576 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.22434_none_b736c356ed22885a\urlmon.dll
+ 2010-08-11 08:40 . 2010-06-29 15:46 1176064 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.18278_none_b685e61dd421c089\urlmon.dll
+ 2010-08-11 08:40 . 2010-06-28 16:30 1175552 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22720_none_b5572032eff7b1e9\urlmon.dll
+ 2010-08-11 08:40 . 2010-06-28 16:17 1174528 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18498_none_b489d277d70ba620\urlmon.dll
+ 2010-09-15 14:23 . 2010-06-23 12:51 1238528 c:\windows\System32\zpeng25.dll
+ 2010-09-15 14:23 . 2010-06-23 12:51 1790464 c:\windows\System32\ZoneLabs\vsruledb.dll
+ 2010-09-15 14:23 . 2010-06-23 12:52 2435592 c:\windows\System32\ZoneLabs\vsmon.exe
+ 2010-09-15 14:23 . 2010-06-23 12:51 1536512 c:\windows\System32\ZoneLabs\lib\zpy.zip.dll
+ 2010-08-11 08:40 . 2010-06-21 13:37 2037760 c:\windows\System32\win32k.sys
- 2010-06-12 08:37 . 2010-05-04 19:15 1176064 c:\windows\System32\urlmon.dll
+ 2010-08-11 08:40 . 2010-06-29 15:46 1176064 c:\windows\System32\urlmon.dll
+ 2006-11-02 10:22 . 2010-09-15 15:08 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2010-07-15 16:19 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2010-08-11 08:40 . 2010-06-08 17:35 3548040 c:\windows\System32\ntoskrnl.exe
- 2010-04-15 08:19 . 2010-02-18 14:07 3548040 c:\windows\System32\ntoskrnl.exe
+ 2010-08-11 08:40 . 2010-06-08 17:35 3600768 c:\windows\System32\ntkrnlpa.exe
+ 2010-08-11 08:40 . 2010-06-11 16:15 1248768 c:\windows\System32\msxml3.dll
- 2009-11-25 09:41 . 2009-08-11 16:44 1248768 c:\windows\System32\msxml3.dll
+ 2010-08-11 08:40 . 2010-06-29 15:44 3603456 c:\windows\System32\mshtml.dll
+ 2010-09-07 10:43 . 2010-09-07 10:43 5969360 c:\windows\System32\Macromed\Flash\NPSWF32.dll
+ 2010-08-11 08:40 . 2010-06-29 15:43 6080000 c:\windows\System32\ieframe.dll
- 2010-06-12 08:37 . 2010-05-04 19:10 6080000 c:\windows\System32\ieframe.dll
+ 2010-04-19 19:47 . 2010-04-19 19:47 3062048 c:\windows\System32\DriverStore\FileRepository\usbaapl.inf_bd0865d8\usbaaplrc.dll
- 2006-11-02 12:47 . 2010-03-11 09:59 4295863 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2006-11-02 12:47 . 2010-08-12 11:54 4295863 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2010-08-11 08:40 . 2010-05-21 10:56 5813072 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2009-10-16 08:27 . 2009-09-04 06:58 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2010-08-11 08:40 . 2010-05-21 10:56 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2010-09-07 13:21 . 2010-09-07 13:21 6478336 c:\windows\Installer\9aed9b.msi
+ 2010-09-07 13:19 . 2010-09-07 13:19 9472000 c:\windows\Installer\9ae60c.msi
+ 2010-09-07 13:18 . 2010-09-07 13:18 3084800 c:\windows\Installer\9ae2dc.msi
+ 2010-07-10 19:14 . 2010-07-10 19:14 2850816 c:\windows\Installer\43423.msp
+ 2010-09-15 13:40 . 2010-09-15 13:40 1294336 c:\windows\Installer\2d9e06.msi
+ 2010-06-20 08:01 . 2010-06-20 08:01 8040960 c:\windows\Installer\193a80b.msp
+ 2010-08-12 11:54 . 2010-08-12 11:54 3325952 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c7397dc3e95ddda32dd9ad6c3ce38019\WindowsBase.ni.dll
+ 2010-08-12 12:00 . 2010-08-12 12:00 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f599411410c58b574703eb522bc318e\UIAutomationClientsideProviders.ni.dll
+ 2010-08-12 11:54 . 2010-08-12 11:54 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\ed6ae2749d12c4729ee43ff339de4bb8\System.ni.dll
+ 2010-08-12 11:55 . 2010-08-12 11:55 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\88593f5f0fc6de5d5f4a85aa2b1466f3\System.Xml.ni.dll
+ 2010-08-12 12:00 . 2010-08-12 12:00 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\c2f18081b5d836e6231fd79b684a6f86\System.WorkflowServices.ni.dll
+ 2010-08-12 11:55 . 2010-08-12 11:55 1911296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\dd88f37f1c35c4c449dbbdacb8c5dccc\System.Workflow.Runtime.ni.dll
+ 2010-08-12 11:55 . 2010-08-12 11:55 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\04a684bdfb5938f0052650cb253983bf\System.Workflow.ComponentModel.ni.dll
+ 2010-08-12 11:55 . 2010-08-12 11:55 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\77e3806584727e882dd8f0d04beb2abe\System.Workflow.Activities.ni.dll
+ 2010-08-12 11:58 . 2010-08-12 11:58 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2479988f1fa243fe4b9c8b261620191d\System.Web.Services.ni.dll
+ 2010-08-12 12:00 . 2010-08-12 12:00 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\7f1540fb7e3f32852e885e54e032d3cb\System.Web.Mobile.ni.dll
+ 2010-08-12 12:00 . 2010-08-12 12:00 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\1092e6f0382fd93a027cd450466971b1\System.Web.Extensions.ni.dll
+ 2010-08-12 12:00 . 2010-08-12 12:00 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\f030a2f4334cf1d2cd15f6f0c79985ae\System.Speech.ni.dll
+ 2010-08-12 12:00 . 2010-08-12 12:00 1705984 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\cf2b1dc50e5b12378dcc342ecb1f4624\System.ServiceModel.Web.ni.dll
+ 2010-08-12 11:58 . 2010-08-12 11:58 2346496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\ea3e8cee7c10a120515149a633a7a2de\System.Runtime.Serialization.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\8a321bc80e196ea1a25ecc4c0ce12568\System.Printing.ni.dll
+ 2010-08-12 11:58 . 2010-08-12 11:58 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\7000f5568c75ad5357d7d443e265456b\System.IdentityModel.ni.dll
+ 2010-08-12 11:55 . 2010-08-12 11:55 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\887fa2d6b76e7302b0c664effad4f91f\System.Drawing.ni.dll
+ 2010-08-12 11:58 . 2010-08-12 11:58 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\9f571d6b546818ce10a382f55137eaa7\System.DirectoryServices.ni.dll
+ 2010-08-12 11:58 . 2010-08-12 11:58 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\7fe837b36e9ba44dcee7b5465d17282e\System.Deployment.ni.dll
+ 2010-08-12 11:55 . 2010-08-12 11:55 6621696 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\cc009a955f4b35c344c2f9aaf453f329\System.Data.ni.dll
+ 2010-08-12 11:58 . 2010-08-12 11:58 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\7916ad24cf12bd19b73abefe981a0e30\System.Data.SqlXml.ni.dll
+ 2010-08-12 12:00 . 2010-08-12 12:00 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\0c5f04a4016dfaa3ac079f34bfaaf28b\System.Data.Services.ni.dll
+ 2010-08-12 11:58 . 2010-08-12 11:58 1119232 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\fb8da45f3873169a502db3cb492b25a0\System.Data.OracleClient.ni.dll
+ 2010-08-12 11:55 . 2010-08-12 11:55 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\94d9826184cb0d2772324c098814d218\System.Data.Linq.ni.dll
+ 2010-08-12 12:00 . 2010-08-12 12:00 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\17e7810a55cc31245af28625d1d8c666\System.Data.Entity.ni.dll
+ 2010-08-12 11:55 . 2010-08-12 11:55 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\f6e32268d4b0127287d722e41bb6b58b\System.Core.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 2146816 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\c56cdd40df48edbfeb58f11f8ef023b9\ReachFramework.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\c0ae6dcf0d17a79db705a0cf01c8d301\PresentationUI.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\85dfa2585edc672cf9d66573de4ca266\PresentationBuildTasks.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 2538496 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\de94a577713ca374c08d2512d69e1643\Narrator.ni.exe
+ 2010-08-12 11:59 . 2010-08-12 11:59 1536512 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\a301ed86595ddc85b07e4aab9cf4e251\MMCEx.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 6340096 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\3b25fb301c8ebd1da13b7769f6c6678e\MIGUIControls.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 1711616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2a92f46eb0e385a2eafd9b92ad0bedf4\Microsoft.VisualBasic.ni.dll
+ 2010-08-12 11:58 . 2010-08-12 11:58 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\20ec66c02bbe2d66bfecb98b95394e02\Microsoft.Transactions.Bridge.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 5486080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\0cf5f49c556724a4506e989775020925\Microsoft.MediaCenter.UI.ni.dll
+ 2010-08-12 12:00 . 2010-08-12 12:00 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\bca1f9fffa3059a8c36db7c1cd78ba8e\Microsoft.JScript.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\e2191bf9847c0a0af1410ff266678957\Microsoft.Ink.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a6f49ce5533655922d675c3c957106c8\Microsoft.Build.Tasks.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\95d9b86433cabf54e4a7de11daa91030\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-08-12 11:58 . 2010-08-12 11:58 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\00969e3f4559c1a79394b1170e158cbb\Microsoft.Build.Engine.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 1732608 c:\windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\34109895a5e9a9d3350e5662f1020279\ehRecObj.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 2130432 c:\windows\assembly\NativeImages_v2.0.50727_32\ehepg\4f4ff2af819d88ddf166a5d98417686e\ehepg.ni.dll
+ 2010-08-11 08:40 . 2010-05-21 10:56 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-10-16 08:27 . 2009-09-04 06:58 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-08-03 08:39 . 2010-07-26 18:04 11587072 c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.22454_none_6e6736812864c2a8\shell32.dll
+ 2010-08-03 08:39 . 2010-07-26 15:51 11584512 c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.18287_none_6dc028ea0f5cc58f\shell32.dll
+ 2010-08-03 08:39 . 2010-07-26 16:56 11586560 c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22735_none_6c9764bb2b2d4ef9\shell32.dll
+ 2010-08-03 08:39 . 2010-07-26 16:55 11581440 c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18505_none_6c2e35ce11f75e35\shell32.dll
+ 2010-08-11 08:40 . 2010-06-17 18:27 10926592 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.22426_none_f4c2683b236c5a9c\MOVIEMK.dll
+ 2010-08-11 08:40 . 2010-06-17 18:08 10926592 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.18273_none_f3ffb9100a79fd5b\MOVIEMK.dll
+ 2010-08-11 08:40 . 2010-06-17 17:22 10926592 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.22714_none_f2e4c5ab263fb6d9\MOVIEMK.dll
+ 2010-08-11 08:40 . 2010-06-17 17:15 10926592 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18494_none_f204a5b40d62fc49\MOVIEMK.dll
+ 2010-08-03 08:39 . 2010-07-26 15:51 11584512 c:\windows\System32\shell32.dll
+ 2006-11-02 10:24 . 2010-09-15 14:37 35552200 c:\windows\System32\mrt.exe
+ 2010-09-09 08:37 . 2010-09-09 08:37 20303872 c:\windows\Installer\42473.msp
+ 2010-08-13 18:09 . 2010-08-13 18:09 12263936 c:\windows\Installer\2af0d8.msp
+ 2010-08-12 11:55 . 2010-08-12 11:55 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d9ab6e29eba6cb0d8459fcbb2c40c1a7\System.Windows.Forms.ni.dll
+ 2010-08-12 11:58 . 2010-08-12 11:58 11801088 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\e1ea6e4d25161658e08fc8d2fa64ec73\System.Web.ni.dll
+ 2010-08-12 11:58 . 2010-08-12 11:58 17404416 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\d1cad83b4223917ed45765ee942dc824\System.ServiceModel.ni.dll
+ 2010-08-12 11:55 . 2010-08-12 11:55 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\7964468060d9f7a9b177eb1c6827936a\System.Design.ni.dll
+ 2010-08-12 11:55 . 2010-08-12 11:55 14328832 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c87cc40b22b2b014f9c0ade54773b6ea\PresentationFramework.ni.dll
+ 2010-08-12 11:54 . 2010-08-12 11:54 12216832 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e53b9c43b17c02a75f2358a24047dd52\PresentationCore.ni.dll
+ 2010-08-12 11:54 . 2010-08-12 11:54 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\98bbdd8c400493ad228b8283665cc9da\mscorlib.ni.dll
+ 2010-08-12 11:59 . 2010-08-12 11:59 11588096 c:\windows\assembly\NativeImages_v2.0.50727_32\ehshell\533e0c125f72bccb38eac041552250bb\ehshell.ni.dll
+ 2009-06-04 08:39 . 2010-09-15 14:24 256292507 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 09:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Thunderbird"="c:\program files\Mozilla Thunderbird\thunderbird -turbo" [X]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-11 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-26 6139904]
"Skytel"="Skytel.exe" [2008-06-26 1826816]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-08 2065760]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 07:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-06-11 10:53 13535776 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 04:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]
2008-07-07 15:26 1038136 ----a-w- c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 04:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-07-15 14:50 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-04-19 430152]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2010-08-31 58984]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-07-08 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-07-08 243024]
S1 RapportCerberus_19417;RapportCerberus_19417;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\19417\RapportCerberus_19417.sys [2010-08-31 34792]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2010-08-31 169064]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-21 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-08 308136]
S2 ETService;Empowering Technology Service;c:\program files\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe [2008-07-16 24576]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-08-31 767208]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-08-05 44576]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMD25
*Deregistered* - klmd25

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-09-25 c:\windows\Tasks\Recovery DVD Creator-Antones.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2008-08-21 15:25]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.co.uk
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=1&o=vp32&d=1008&m=imedia_x2416
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\users\Antones\AppData\Roaming\Mozilla\Firefox\Profiles\ju7jb23s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2567697&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_uk&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\users\Antones\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-25 11:58
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1664)
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
.
Completion time: 2010-09-25 12:01:01
ComboFix-quarantined-files.txt 2010-09-25 11:00
ComboFix2.txt 2010-07-16 13:11

Pre-Run: 499,120,934,912 bytes free
Post-Run: 499,068,788,736 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 759610043F7226AFAB90C8A1E7AAFF2D


#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:22 AM

Posted 25 September 2010 - 06:58 AM

Please do the following:

Run MBRCheck again

When prompted, Enter 'Y' and hit ENTER for more options
When you see: "Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit):"

Enter 0 to dump the MBR to the physical disk.

Name the dumped file as dump0.dat

Enter -1 to exit.

Please then locate the files and visit this site and follow the instructions for uploading the file.
Posted Image
m0le is a proud member of UNITE

#11 kingmaker

kingmaker
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 25 September 2010 - 07:08 AM

Done.

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:22 AM

Posted 25 September 2010 - 07:14 AM

Thanks. I will need to get this analysed. Please hold on smile.gif
Posted Image
m0le is a proud member of UNITE

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:22 AM

Posted 25 September 2010 - 08:57 AM

I didn't get that sample for some reason.

Please repeat the upload but rename the file to dump1.dat
Posted Image
m0le is a proud member of UNITE

#14 kingmaker

kingmaker
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 25 September 2010 - 09:05 AM

ok, re-sent.

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:22 AM

Posted 25 September 2010 - 12:00 PM

Got it. I need to get this one looked at so please bear with me. thumbup2.gif
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users