Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Antivirus IS, plagued by redirects


  • This topic is locked This topic is locked
26 replies to this topic

#1 bricker185

bricker185

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 16 November 2010 - 12:30 AM

1. Initially infected with a Google redirect; Hitman Pro appeared to "fix" it.
2. Within a couple of days, Antivirus IS showed up; used Hitman Pro again.
3. Some sporadic redirects continued.
4. Maybe a week later, Antivirus IS showed up again; used MalwareBytes to find/fix.
5. Frequent redirects have continued. Redirects often take me to epoclick.com, an advertising site.



DDS (Ver_10-11-10.01) - NTFSx86
Run by Jamie at 22:26:30.96 on Mon 11/15/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.477 [GMT -5:00]

AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Jamie\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100916095725.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10k_Plugin.exe -update plugin
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui
mRun: [Seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab
DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} - hxxps://secure.constructware.com/FileTransfer/SoftwareArtisans/saxfile.cab
DPF: {395E58B9-090C-461A-8F27-087D1C72794A} - hxxps://useast-v4.nefsis.com/LoaderIE2.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jamie\applic~1\mozilla\firefox\profiles\h3gqmrwk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\jamie\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\jamie\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-2-15 386712]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-31 84072]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-1 93320]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-31 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-31 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-31 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-31 171168]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2010-4-22 25824]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-31 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-31 141792]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2010-4-30 14088]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-31 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-2-15 152992]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-2-15 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-31 312904]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-31 88544]
S2 gupdate1ca5122f8112db6;Google Update Service (gupdate1ca5122f8112db6);c:\program files\google\update\GoogleUpdate.exe [2009-10-19 133104]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-31 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-31 84264]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-2-15 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-2-15 40552]

=============== Created Last 30 ================

2010-12-26 04:08:02 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-26 04:07:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-12-26 04:07:39 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-11-05 15:51:13 -------- d-----w- c:\windows\system32\XPSViewer
2010-11-05 15:50:28 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-11-05 15:49:31 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-11-05 15:49:31 117760 ------w- c:\windows\system32\prntvpt.dll
2010-11-05 15:49:30 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-11-05 15:49:30 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-11-05 15:49:30 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-11-05 15:49:30 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-11-05 15:49:28 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-11-05 15:49:28 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-11-05 15:49:25 -------- d-----w- C:\5b220a4e7fae8970810920d1
2010-11-04 01:04:50 -------- d-----w- c:\docume~1\jamie\applic~1\Memeo
2010-11-04 01:04:29 -------- d-----w- c:\docume~1\jamie\applic~1\Seagate
2010-11-04 00:12:11 -------- d-----w- c:\program files\common files\Memeo
2010-11-04 00:12:00 -------- d-----w- c:\program files\Memeo
2010-11-04 00:07:20 -------- d-----w- c:\program files\Seagate
2010-10-24 21:13:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-24 21:13:31 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-10-18 23:37:50 -------- d-----w- c:\docume~1\jamie\applic~1\Malwarebytes
2010-10-18 23:37:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-18 23:37:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-18 23:37:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-18 23:37:33 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

==================== Find3M ====================

2010-10-19 00:53:23 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 06:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-09 13:38:01 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38:01 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38:00 17408 ------w- c:\windows\system32\corpol.dll
2010-09-08 15:57:57 389120 ----a-w- c:\windows\system32\html.iec
2010-09-08 15:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2006-07-17 16:08:51 13736064 ----a-w- c:\program files\GoogleEarthWin.exe

============= FINISH: 22:29:00.96 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:34 PM

Posted 23 November 2010 - 09:09 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 bricker185

bricker185
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 24 November 2010 - 03:00 PM

Hi M0le,
I'm here and still in need of help.
Thanks!

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:34 PM

Posted 24 November 2010 - 05:26 PM

Please run Combofix

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#5 bricker185

bricker185
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 24 November 2010 - 09:22 PM

Here is the ComboFix log:


ComboFix 10-11-24.01 - Jamie 11/24/2010 20:52:09.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.497 [GMT -5:00]
Running from: c:\documents and settings\Jamie\Desktop\ComFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((( Files Created from 2010-10-25 to 2010-11-25 )))))))))))))))))))))))))))))))
.

2010-12-26 04:08 . 2010-11-24 16:15 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-26 04:07 . 2010-09-26 03:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-12-26 04:07 . 2010-12-26 04:07 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-11-12 18:46 . 2010-11-12 18:46 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-05 15:51 . 2010-11-05 15:51 -------- d-----w- c:\windows\system32\XPSViewer
2010-11-05 15:51 . 2010-11-05 15:51 -------- d-----w- c:\program files\MSBuild
2010-11-05 15:50 . 2010-11-05 15:50 -------- d-----w- c:\program files\Reference Assemblies
2010-11-05 15:50 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-11-05 15:49 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-11-05 15:49 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-11-05 15:49 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-11-05 15:49 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-11-05 15:49 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-11-05 15:49 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-11-05 15:49 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-11-05 15:49 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-11-05 15:49 . 2010-11-05 15:50 -------- d-----w- C:\5b220a4e7fae8970810920d1
2010-11-04 01:04 . 2010-11-04 01:04 -------- d-----w- c:\documents and settings\Jamie\Application Data\Memeo
2010-11-04 01:04 . 2010-11-04 01:04 -------- d-----w- c:\documents and settings\LocalService\Application Data\Seagate
2010-11-04 01:04 . 2010-11-04 01:04 -------- d-----w- c:\documents and settings\Jamie\Application Data\Seagate
2010-11-04 00:12 . 2010-11-04 00:12 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ServiceTest
2010-11-04 00:12 . 2010-11-04 00:12 -------- d-----w- c:\program files\Common Files\Memeo
2010-11-04 00:12 . 2010-11-04 00:12 -------- d-----w- c:\program files\Memeo
2010-11-04 00:07 . 2010-11-04 00:11 -------- d-----w- c:\program files\Seagate
2010-11-04 00:02 . 2010-11-04 00:02 -------- d-----w- c:\documents and settings\Jamie\Application Data\Leadertech

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 00:53 . 2010-10-02 14:23 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-09-18 16:23 . 2004-08-11 23:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-11 23:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-11 23:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-11 23:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 08:50 . 2010-10-24 21:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 06:29 . 2008-12-27 01:50 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-09 13:38 . 2004-08-11 23:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2004-08-11 23:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2004-08-11 23:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2004-08-11 23:00 17408 ------w- c:\windows\system32\corpol.dll
2010-09-08 15:57 . 2004-08-11 23:00 389120 ----a-w- c:\windows\system32\html.iec
2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51 . 2004-08-11 23:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-11 23:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-11 23:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-11 23:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2006-07-17 16:08 . 2006-07-17 16:08 13736064 ----a-w- c:\program files\GoogleEarthWin.exe
2010-08-24 18:57 . 2010-08-31 15:10 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-10-16_18.37.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-12-02 04:46 . 2006-12-02 04:46 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2009-07-11 23:41 . 2009-07-11 23:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2010-11-25 00:28 . 2010-11-25 00:28 16384 c:\windows\Temp\Perflib_Perfdata_404.dat
+ 2010-11-25 00:28 . 2010-11-25 00:28 16384 c:\windows\Temp\Perflib_Perfdata_18c.dat
+ 2008-07-30 01:10 . 2008-07-30 01:10 26112 c:\windows\system32\TsWpfWrp.exe
+ 2006-01-09 02:10 . 2007-11-30 11:18 26488 c:\windows\system32\spupdsvc.exe
- 2006-01-09 02:10 . 2007-07-28 03:11 26488 c:\windows\system32\spupdsvc.exe
- 2009-04-30 12:24 . 2010-02-22 14:23 17272 c:\windows\system32\spmsg.dll
+ 2009-04-30 12:24 . 2007-11-30 11:18 17272 c:\windows\system32\spmsg.dll
+ 2010-03-31 04:16 . 2010-03-31 04:16 99176 c:\windows\system32\PresentationHostProxy.dll
+ 2004-08-11 23:00 . 2010-11-10 14:55 80628 c:\windows\system32\perfc009.dat
+ 2009-11-07 05:07 . 2009-11-07 05:07 49488 c:\windows\system32\netfxperf.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 83968 c:\windows\system32\mscories.dll
+ 2008-07-29 23:24 . 2008-07-29 23:24 97800 c:\windows\system32\infocardapi.dll
+ 2008-07-29 23:24 . 2008-07-29 23:24 11264 c:\windows\system32\icardres.dll
+ 2008-07-30 01:10 . 2008-07-30 01:10 73720 c:\windows\system32\dxva2.dll
+ 2010-10-18 23:37 . 2010-04-29 19:39 38224 c:\windows\system32\drivers\mbamswissarmy.sys
+ 2010-10-18 23:37 . 2010-04-29 19:39 20952 c:\windows\system32\drivers\mbam.sys
+ 2008-07-30 03:40 . 2008-07-30 03:40 70648 c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 91136 c:\windows\Microsoft.NET\Framework\v3.5\MSBuild.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 40960 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Data.Entity.Build.Tasks.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 89080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2052.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 92664 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1042.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 95224 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1041.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 89592 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1028.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 84480 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2052.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 94720 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1042.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 97792 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1041.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 84992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1028.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 97280 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 95224 c:\windows\Microsoft.NET\Framework\v3.5\EdmGen.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 78856 c:\windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe
+ 2008-07-30 01:10 . 2008-07-30 01:10 46104 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2008-07-29 23:59 . 2008-07-29 23:59 32768 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2008-07-30 01:10 . 2008-07-30 01:10 71160 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2008-07-29 23:32 . 2008-07-29 23:32 17448 c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2010-04-08 03:48 . 2010-04-08 03:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2008-07-29 23:16 . 2008-07-29 23:16 73728 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2008-07-29 23:16 . 2008-07-29 23:16 20504 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2008-07-29 23:16 . 2008-07-29 23:16 11280 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 37896 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 81400 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2008-07-25 15:17 . 2008-07-25 15:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 57392 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 95232 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 61952 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 88584 c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 24584 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 31744 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 19456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2008-07-25 15:16 . 2008-07-25 15:16 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 77312 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 94208 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 46592 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2008-07-25 15:16 . 2008-07-25 15:16 97792 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 65032 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 18936 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 62968 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 35320 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 27136 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 80376 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 89608 c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2010-09-22 13:43 . 2010-09-22 13:43 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2008-07-25 15:16 . 2008-07-25 15:16 34312 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2008-07-25 15:16 . 2008-07-25 15:16 33288 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2008-07-25 15:16 . 2008-07-25 15:16 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2008-07-25 15:16 . 2008-07-25 15:16 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 33800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 17416 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 22024 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 58880 c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2008-07-25 15:16 . 2008-07-25 15:16 98808 c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 96768 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13688 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13664 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13696 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2010-11-04 00:10 . 2010-11-04 00:10 88576 c:\windows\Installer\6833fdf.msi
+ 2008-07-30 01:07 . 2008-07-30 01:07 23040 c:\windows\Installer\65058.msp
+ 2010-10-21 19:02 . 2010-10-21 19:02 21504 c:\windows\Installer\4a0dc8a.msi
- 2005-12-20 23:47 . 2010-10-14 20:10 23040 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2005-12-20 23:47 . 2010-11-11 03:47 23040 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2005-12-20 23:47 . 2010-11-11 03:47 61440 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2005-12-20 23:47 . 2010-10-14 20:10 61440 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2005-12-20 23:47 . 2010-11-11 03:47 27136 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2005-12-20 23:47 . 2010-10-14 20:10 27136 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2005-12-20 23:47 . 2010-10-14 20:10 11264 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2005-12-20 23:47 . 2010-11-11 03:47 11264 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2005-12-20 23:47 . 2010-10-14 20:10 12288 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2005-12-20 23:47 . 2010-11-11 03:47 12288 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-11-11 03:47 . 2010-11-11 03:47 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2010-10-14 20:10 . 2010-10-14 20:10 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-11-05 15:49 . 2008-07-06 12:06 89088 c:\windows\Driver Cache\i386\filterpipelineprintproc.dll
+ 2010-11-06 17:55 . 2010-11-06 17:55 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5ec9dec678303ebff0ef018edb5ec595\UIAutomationProvider.ni.dll
+ 2010-11-05 16:08 . 2010-11-05 16:08 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\34694fbab4519749399f477eb409198f\UIAutomationProvider.ni.dll
+ 2010-11-05 16:13 . 2010-11-05 16:13 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\9ab080f42eaaa8c794baa5503e3e4005\System.Windows.Presentation.ni.dll
+ 2010-11-07 01:39 . 2010-11-07 01:39 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\46ef15b88ef577de4882c519329fc5d2\System.Windows.Presentation.ni.dll
+ 2010-11-05 16:12 . 2010-11-05 16:12 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\70ee6267f7bad40e8707d402277770c3\System.Web.DynamicData.Design.ni.dll
+ 2010-11-05 16:10 . 2010-11-05 16:10 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\2b5ff2c6358c483eb1439b99badb54fd\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-11-05 16:10 . 2010-11-05 16:10 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\6125ff5a4fcd93d70a246cbff3005d42\System.AddIn.Contract.ni.dll
+ 2010-11-05 16:05 . 2010-11-05 16:05 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\f857fa084a139cc3d510e72ca1218a5f\PresentationFontCache.ni.exe
+ 2010-11-06 17:53 . 2010-11-06 17:53 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\de26af01222270c121788161496fcfe7\PresentationFontCache.ni.exe
+ 2010-11-05 16:05 . 2010-11-05 16:05 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\bfb89ce9799bcfb90bde99702d542e3f\PresentationCFFRasterizer.ni.dll
+ 2010-11-06 17:52 . 2010-11-06 17:52 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3c5adeedb70e6e052a6556c6ab9b6918\PresentationCFFRasterizer.ni.dll
+ 2010-11-05 16:12 . 2010-11-05 16:12 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5e5176efbfeb803b7f217525beec6844\Microsoft.Vsa.ni.dll
+ 2010-11-05 16:10 . 2010-11-05 16:10 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e1d4e0b1f112000ab33bbaf88bd9ed99\Microsoft.Build.Framework.ni.dll
+ 2010-11-05 16:10 . 2010-11-05 16:10 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4200cf5b7f247ec1b997808c6d1ba7d1\Microsoft.Build.Framework.ni.dll
+ 2010-11-05 16:10 . 2010-11-05 16:10 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\50b7fc7f36c76313cbb434b10923e4e9\dfsvc.ni.exe
+ 2010-11-05 16:10 . 2010-11-05 16:10 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5ffa548547613dbc5a92f2c5b7cad196\Accessibility.ni.dll
+ 2010-11-05 15:51 . 2010-11-05 15:51 94208 c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2010-11-05 15:50 . 2010-11-05 15:50 98304 c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2010-11-05 15:50 . 2010-11-05 15:50 40960 c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2010-11-05 15:53 . 2010-11-05 15:53 12288 c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2010-11-05 15:53 . 2010-11-05 15:53 61440 c:\windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2010-11-06 17:47 . 2010-11-06 17:47 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-11-05 15:53 . 2010-11-05 15:53 32768 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2010-11-05 15:53 . 2010-11-05 15:53 77824 c:\windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2010-11-06 17:50 . 2010-11-06 17:50 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-11-05 15:50 . 2010-11-05 15:50 73728 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
+ 2010-11-06 17:47 . 2010-11-06 17:47 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-11-05 15:53 . 2010-11-05 15:53 53248 c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2010-11-06 17:48 . 2010-11-06 17:48 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-11-05 15:53 . 2010-11-05 15:53 57344 c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2010-11-05 15:53 . 2010-11-05 15:53 45056 c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2010-11-05 15:51 . 2010-11-05 15:51 46104 c:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
+ 2010-11-05 15:50 . 2010-11-05 15:50 32768 c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
+ 2010-11-06 17:48 . 2010-11-06 17:48 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-11-06 17:48 . 2010-11-06 17:48 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-11-05 15:53 . 2010-11-05 15:53 41984 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
+ 2010-11-06 17:48 . 2010-11-06 17:48 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-11-06 17:48 . 2010-11-06 17:48 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-11-05 15:53 . 2010-11-05 15:53 94208 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
+ 2010-11-05 15:53 . 2010-11-05 15:53 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-11-06 17:48 . 2010-11-06 17:48 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-11-06 17:47 . 2010-11-06 17:47 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-11-06 17:47 . 2010-11-06 17:47 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-11-06 17:48 . 2010-11-06 17:48 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-11-06 17:48 . 2010-11-06 17:48 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-11-06 17:47 . 2010-11-06 17:47 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-11-06 17:47 . 2010-11-06 17:47 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 5632 c:\windows\Microsoft.NET\Framework\v3.5\Sentinel.v3.5Client.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 6656 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2008-07-25 15:16 . 2008-07-25 15:16 5120 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
- 2005-12-20 23:47 . 2010-10-14 20:10 4096 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2005-12-20 23:47 . 2010-11-11 03:47 4096 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2010-11-05 15:53 . 2010-11-05 15:53 5632 c:\windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll
+ 2010-11-06 17:47 . 2010-11-06 17:47 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-11-06 17:48 . 2010-11-06 17:48 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-11-06 17:48 . 2010-11-06 17:48 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-11-06 17:47 . 2010-11-06 17:47 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-11-06 17:48 . 2010-11-06 17:48 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-11-06 17:48 . 2010-11-06 17:48 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2007-11-07 06:19 . 2007-11-07 06:19 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
+ 2007-11-07 06:19 . 2007-11-07 06:19 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2007-11-07 01:23 . 2007-11-07 01:23 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 635904 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 558080 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll
+ 2008-07-30 01:26 . 2008-07-30 01:26 301568 c:\windows\system32\XPSViewer\XPSViewer.exe
+ 2008-07-29 23:59 . 2008-07-29 23:59 161296 c:\windows\system32\UIAutomationCore.dll
+ 2010-11-05 15:50 . 2008-07-06 12:06 765440 c:\windows\system32\spool\XPSEP\i386\mxdwdrv.dll
+ 2010-11-05 15:50 . 2008-07-06 12:06 765440 c:\windows\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
+ 2010-11-05 15:50 . 2008-07-06 12:06 748032 c:\windows\system32\spool\XPSEP\amd64\mxdwdrv.dll
+ 2010-11-05 15:50 . 2008-07-06 12:06 748032 c:\windows\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
+ 2010-11-05 15:50 . 2008-07-06 12:06 147456 c:\windows\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
+ 2010-11-05 15:49 . 2008-03-13 04:52 761344 c:\windows\system32\spool\drivers\w32x86\3\unires.dll
+ 2010-11-05 15:49 . 2008-07-06 12:06 744960 c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll
+ 2010-11-05 15:49 . 2008-07-06 12:06 373248 c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll
+ 2010-11-05 15:49 . 2008-07-06 12:06 198656 c:\windows\system32\spool\drivers\w32x86\3\mxdwdui.dll
+ 2010-11-05 15:49 . 2008-07-06 12:06 765440 c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll
+ 2006-08-24 20:15 . 2006-08-24 20:15 150808 c:\windows\system32\rgb9rast_2.dll
+ 2008-07-29 23:59 . 2008-07-29 23:59 781344 c:\windows\system32\PresentationNative_v0300.dll
+ 2010-03-31 04:10 . 2010-03-31 04:10 295264 c:\windows\system32\PresentationHost.exe
+ 2008-07-29 23:59 . 2008-07-29 23:59 105016 c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
+ 2004-08-11 23:00 . 2010-11-10 14:55 463768 c:\windows\system32\perfh009.dat
+ 2008-07-25 15:16 . 2008-07-25 15:16 158720 c:\windows\system32\mscorier.dll
+ 2010-10-24 21:13 . 2010-09-15 08:50 153376 c:\windows\system32\javaws.exe
+ 2010-10-24 21:13 . 2010-09-15 08:50 145184 c:\windows\system32\javaw.exe
+ 2010-10-24 21:13 . 2010-09-15 08:50 145184 c:\windows\system32\java.exe
+ 2008-07-29 23:24 . 2008-07-29 23:24 622080 c:\windows\system32\icardagt.exe
+ 2004-08-11 23:06 . 2010-11-05 16:21 302096 c:\windows\system32\FNTCACHE.DAT
+ 2008-07-30 01:10 . 2008-07-30 01:10 493048 c:\windows\system32\evr.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 196104 c:\windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 802816 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 984056 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapUI.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.3082.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2070.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1055.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 105976 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1053.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 107000 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1049.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1046.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 109048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1045.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1044.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1043.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1040.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1038.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 101368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1037.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 112120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1036.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1035.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 113656 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1032.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 111608 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1031.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1030.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1029.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 102904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1025.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 689152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsscenario.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 413184 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsbasereqs.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 632320 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs70uimgr.dll
+ 2010-11-05 15:53 . 2010-11-05 15:53 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2008-07-29 22:47 . 2008-07-29 22:47 110080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 131584 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.3082.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 131072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2070.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1055.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1053.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 123904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1049.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 122880 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1046.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1045.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 121856 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1044.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 129024 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1043.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1040.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 132096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1038.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 111104 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1037.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 133120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1036.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 122368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1035.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 137728 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1032.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 130048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1031.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 126464 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1030.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 125440 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1029.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 113152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1025.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 269304 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
+ 2008-07-29 22:47 . 2008-07-29 22:47 177152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\HtmlLite.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 276984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\dlmgr.dll
+ 2008-07-30 03:15 . 2008-07-30 03:15 225490 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\baseline.dat
+ 2008-07-30 03:40 . 2008-07-30 03:40 233976 c:\windows\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 168448 c:\windows\Microsoft.NET\Framework\v3.5\1033\cscompui.dll
+ 2008-07-30 00:35 . 2008-07-30 00:35 864256 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2010-03-31 04:16 . 2010-03-31 04:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2008-07-30 01:10 . 2008-07-30 01:10 806928 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll
+ 2008-07-29 23:16 . 2008-07-29 23:16 152576 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2010-04-08 03:48 . 2010-04-08 03:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2008-07-29 23:16 . 2008-07-29 23:16 132096 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2010-04-08 03:48 . 2010-04-08 03:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2008-07-29 23:16 . 2008-07-29 23:16 156688 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2008-07-29 23:16 . 2008-07-29 23:16 163840 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2008-07-29 23:16 . 2008-07-29 23:16 397312 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2008-07-29 23:24 . 2008-07-29 23:24 881664 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2008-07-29 23:16 . 2008-07-29 23:16 168968 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2010-09-22 13:43 . 2010-09-22 13:43 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 839680 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 261632 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2010-02-09 16:22 . 2010-02-09 16:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 303104 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 113664 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 626688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 401408 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 970752 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 745472 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2008-11-25 08:59 . 2008-11-25 08:59 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 425984 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2010-05-11 10:40 . 2010-05-11 10:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 118784 c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 143360 c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 100856 c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 230912 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 345600 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 114176 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2008-11-25 08:59 . 2008-11-25 08:59 364872 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 308224 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2010-05-11 10:40 . 2010-05-11 10:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 659456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 749568 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 655360 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 348160 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 230904 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 798224 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 575496 c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2008-07-25 15:16 . 2008-07-25 15:16 507904 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 147968 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 218112 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 193016 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 145408 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2008-10-24 21:00 . 2008-10-24 21:00 125952 c:\windows\Installer\a4682.msp
+ 2008-12-13 13:58 . 2008-12-13 13:58 754688 c:\windows\Installer\a2636.msp
+ 2010-11-05 15:53 . 2010-11-05 15:53 648192 c:\windows\Installer\a2619.msi
+ 2010-10-24 21:14 . 2010-10-24 21:14 180224 c:\windows\Installer\8ab98.msi
+ 2008-10-26 20:59 . 2008-10-26 20:59 445440 c:\windows\Installer\7637a7.msp
+ 2008-07-29 21:35 . 2008-07-29 21:35 553472 c:\windows\Installer\6833fe4.msp
+ 2008-07-29 21:33 . 2008-07-29 21:33 506368 c:\windows\Installer\6833fe2.msp
+ 2008-07-29 21:37 . 2008-07-29 21:37 911360 c:\windows\Installer\6833fe1.msp
+ 2010-11-04 00:07 . 2010-11-04 00:07 331264 c:\windows\Installer\68292f6.msi
+ 2008-07-30 01:23 . 2008-07-30 01:23 250880 c:\windows\Installer\65061.msp
+ 2008-07-30 01:28 . 2008-07-30 01:28 278016 c:\windows\Installer\6505f.msp
+ 2008-07-29 23:40 . 2008-07-29 23:40 291840 c:\windows\Installer\6505d.msp
+ 2010-11-05 15:52 . 2010-11-05 15:52 137728 c:\windows\Installer\65057.msi
+ 2009-01-21 22:39 . 2009-01-21 22:39 119296 c:\windows\Installer\5a9b8c7.msp
+ 2010-09-24 01:02 . 2010-09-24 01:02 798208 c:\windows\Installer\573b8b0.msp
+ 2009-03-20 15:48 . 2009-03-20 15:48 183808 c:\windows\Installer\573b89d.msp
+ 2010-02-25 04:14 . 2010-02-25 04:14 543232 c:\windows\Installer\1f22399.msp
+ 2010-11-05 02:42 . 2010-11-05 02:42 248832 c:\windows\Installer\1f22393.msi
+ 2005-12-20 23:47 . 2010-11-11 03:47 409600 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2005-12-20 23:47 . 2010-10-14 20:10 409600 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2005-12-20 23:47 . 2010-10-14 20:10 286720 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2005-12-20 23:47 . 2010-11-11 03:47 286720 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2005-12-20 23:47 . 2010-10-14 20:10 249856 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2005-12-20 23:47 . 2010-11-11 03:47 249856 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2005-12-20 23:47 . 2010-11-11 03:47 794624 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2005-12-20 23:47 . 2010-10-14 20:10 794624 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2005-12-20 23:47 . 2010-10-14 20:10 135168 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2005-12-20 23:47 . 2010-11-11 03:47 135168 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-11-15 14:23 . 2007-11-15 14:23 136744 c:\windows\Installer\$PatchCache$\Managed\55EEFB3E2E930EB49B6698EF8583221C\2.0.7311\file_wificfg.exe
+ 2007-11-15 14:23 . 2007-11-15 14:23 185896 c:\windows\Installer\$PatchCache$\Managed\55EEFB3E2E930EB49B6698EF8583221C\2.0.7311\file_tgshell.exe
+ 2007-11-15 14:24 . 2007-11-15 14:24 579112 c:\windows\Installer\$PatchCache$\Managed\55EEFB3E2E930EB49B6698EF8583221C\2.0.7311\file_tgctlsr.dll
+ 2007-11-15 14:24 . 2007-11-15 14:24 370216 c:\windows\Installer\$PatchCache$\Managed\55EEFB3E2E930EB49B6698EF8583221C\2.0.7311\file_sdcnetcheck.dll
+ 2010-11-05 15:49 . 2008-03-13 04:52 761344 c:\windows\Driver Cache\i386\unires.dll
+ 2010-11-05 15:49 . 2008-07-06 12:06 744960 c:\windows\Driver Cache\i386\unidrvui.dll
+ 2010-11-05 15:49 . 2008-07-06 12:06 373248 c:\windows\Driver Cache\i386\unidrv.dll
+ 2010-11-05 15:49 . 2008-07-06 12:06 198656 c:\windows\Driver Cache\i386\mxdwdui.dll
+ 2010-11-05 15:49 . 2008-07-06 12:06 765440 c:\windows\Driver Cache\i386\mxdwdrv.dll
+ 2010-11-05 16:01 . 2010-11-05 16:01 303104 c:\windows\assembly\temp\GPY6FNW4DL\System.Runtime.Remoting.dll
+ 2010-11-05 16:10 . 2010-11-05 16:10 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\a16b8bcca59515281688ec856c034698\WsatConfig.ni.exe
+ 2010-11-06 17:55 . 2010-11-06 17:55 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\672c4d8e3c33e309c1ed90fa4cb85aba\WindowsFormsIntegration.ni.dll
+ 2010-11-05 16:08 . 2010-11-05 16:08 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\368d11b093e1356d8a5b2d1d2dd7931e\WindowsFormsIntegration.ni.dll
+ 2010-11-05 16:08 . 2010-11-05 16:08 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\cd91a32f4e36ccb2981c72c0d333e928\UIAutomationTypes.ni.dll
+ 2010-11-05 16:07 . 2010-11-05 16:07 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\bddec494fc93f6fc72961c67bc042a40\UIAutomationClient.ni.dll
+ 2010-11-06 17:55 . 2010-11-06 17:55 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\9df760fdf8071c7b0de78f39de365e6a\UIAutomationClient.ni.dll
+ 2010-11-05 16:13 . 2010-11-05 16:13 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\ff53d5b5249a2841ee196294429f51cf\System.Xml.Linq.ni.dll
+ 2010-11-05 16:12 . 2010-11-05 16:12 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\7f9a1ae146571025fd49914b5c71a39b\System.Web.Routing.ni.dll
+ 2010-11-05 16:13 . 2010-11-05 16:13 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\d0ae809162b55e2fa958739177476af8\System.Web.RegularExpressions.ni.dll
+ 2010-11-07 01:39 . 2010-11-07 01:39 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\b1646e54b708b9824f4193f87eb00c0e\System.Web.Extensions.Design.ni.dll
+ 2010-11-05 16:13 . 2010-11-05 16:13 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\22430f635f78e165adc8df760d54d093\System.Web.Extensions.Design.ni.dll
+ 2010-11-07 01:39 . 2010-11-07 01:39 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\504a93e73da77c502ecf98bfdfc1485e\System.Web.Entity.ni.dll
+ 2010-11-05 16:12 . 2010-11-05 16:12 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\22d1acce74bb263ae91cca82e5dfed94\System.Web.Entity.ni.dll
+ 2010-11-07 01:39 . 2010-11-07 01:39 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f22334fbd9497d79448fffef515ae0cc\System.Web.Entity.Design.ni.dll
+ 2010-11-05 16:13 . 2010-11-05 16:13 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\567bc9e7e082dc4c4e0fa235e2f521c6\System.Web.Entity.Design.ni.dll
+ 2010-11-05 16:12 . 2010-11-05 16:12 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\cdd101755ceb7c2e025133c9fd49529f\System.Web.DynamicData.ni.dll
+ 2010-11-07 01:39 . 2010-11-07 01:39 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\af5452305588da228a74e30324681d20\System.Web.DynamicData.ni.dll
+ 2010-11-05 16:12 . 2010-11-05 16:12 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\9d9bca1a8993c427984aa1bc9c165a33\System.Web.Abstractions.ni.dll
+ 2010-11-05 16:12 . 2010-11-05 16:12 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\26d5bf1f7e700c2c19aa9b1da5519b24\System.Transactions.ni.dll
+ 2010-11-05 16:12 . 2010-11-05 16:12 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll
+ 2010-11-05 16:10 . 2010-11-05 16:10 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\75e331a5d731d8e207be07adc06dec23\System.Security.ni.dll
+ 2010-11-05 16:12 . 2010-11-05 16:12 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dd7497aa089340600c8c5af8ab421ff7\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-11-05 16:12 . 2010-11-05 16:12 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2a080994f308f347b0497bb8804861cf\System.Net.ni.dll
+ 2010-11-05 16:12 . 2010-11-05 16:12 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll
+ 2010-11-05 16:12 . 2010-11-05 16:12 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\904fda53006680a67f917ab638be0305\System.Management.Instrumentation.ni.dll
+ 2010-11-05 16:09 . 2010-11-05 16:09 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\8494e8044a99d9e9b79417d91db81dba\System.IO.Log.ni.dll
+ 2010-11-07 01:36 . 2010-11-07 01:36 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\4490976887e2e5a3b594041edbdf5064\System.IO.Log.ni.dll
+ 2010-11-05 16:09 . 2010-11-05 16:09 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\a27edc0fb0aa8bbca3a4dbedb2e1a1ef\System.IdentityModel.Selectors.ni.dll
+ 2010-11-07 01:37 . 2010-11-07 01:37 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\77b9f6f6671aaaeb84c6907d467e792c\System.IdentityModel.Selectors.ni.dll
+ 2010-11-05 16:12 . 2010-11-05 16:12 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.Wrapper.dll
+ 2010-11-05 16:12 . 2010-11-05 16:12 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.ni.dll
+ 2010-11-05 16:07 . 2010-11-05 16:07 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\90199b4aa63b1b9c8ed0c3de16eec824\System.Drawing.Design.ni.dll
+ 2010-11-05 16:12 . 2010-11-05 16:12 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\849e98c9f428a12cb581320a23f69dbd\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-11-05 16:12 . 2010-11-05 16:12 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7a823a4f61cf8c86aad02559f8fed07b\System.DirectoryServices.Protocols.ni.dll
+ 2010-11-05 16:12 . 2010-11-05 16:12 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ad95820d2e29e8d55c0d8a838214c6e5\System.Data.Services.Design.ni.dll
+ 2010-11-05 16:12 . 2010-11-05 16:12 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\617acb0d900bdde947ec79f7b5ccc183\System.Data.Services.Client.ni.dll
+ 2010-11-05 16:11 . 2010-11-05 16:11 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\165bd290e518b9397ca55192985fdee3\System.Data.Entity.Design.ni.dll
+ 2010-11-05 16:10 . 2010-11-05 16:10 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\41345e34f26854fc1878eae3e4d5d4a5\System.Data.DataSetExtensions.ni.dll
+ 2010-11-05 16:10 . 2010-11-05 16:10 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll
+ 2010-11-05 16:12 . 2010-11-05 16:12 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\b48677ab9aa7a6830785f67b8478b4da\System.Configuration.Install.ni.dll
+ 2010-11-05 16:10 . 2010-11-05 16:10 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\93a0958d5557e2b380647af0171ad354\System.AddIn.ni.dll
+ 2010-11-07 01:37 . 2010-11-07 01:37 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\d0758f84e927e3f0a15a6cde1b96d835\SMSvcHost.ni.exe
+ 2010-11-05 16:10 . 2010-11-05 16:10 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\7fb645867926a9e9bb761165a215bf8d\SMSvcHost.ni.exe
+ 2010-11-05 16:10 . 2010-11-05 16:10 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\e293740453a34a5999435d4b71f5bd16\SMDiagnostics.ni.dll
+ 2010-11-07 01:37 . 2010-11-07 01:37 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8043a108e3bb2d3dcc84b547b8085e99\SMDiagnostics.ni.dll
+ 2010-11-05 16:10 . 2010-11-05 16:10 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\de9b01b00dc3cd414fd3c2cf97644c45\ServiceModelReg.ni.exe
+ 2010-11-07 01:37 . 2010-11-07 01:37 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\72d3aacfca2e1ce835c210f5a1decb36\ServiceModelReg.ni.exe
+ 2010-11-06 17:54 . 2010-11-06 17:54 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e7e7321956e6822b1bf3691c35c842f6\PresentationFramework.Aero.ni.dll
+ 2010-11-05 16:06 . 2010-11-05 16:06 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ae2ee01f306277a97d0745f2b8117aff\PresentationFramework.Aero.ni.dll
+ 2010-11-06 17:55 . 2010-11-06 17:55 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a14488afff027f0f2985e659449097f5\PresentationFramework.Royale.ni.dll
+ 2010-11-05 16:06 . 2010-11-05 16:06 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\952bcf429e209a3c703d583d2c122a70\PresentationFramework.Luna.ni.dll
+ 2010-11-05 16:06 . 2010-11-05 16:06 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\858170e1835d4289d4c963b2e8d6f884\PresentationFramework.Royale.ni.dll
+ 2010-11-06 17:54 . 2010-11-06 17:54 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\787e60c5dd562cb45887080095d2a3b7\PresentationFramework.Classic.ni.dll
+ 2010-11-06 17:54 . 2010-11-06 17:54 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2313ccc125dcb6a9800048ec1c51ec12\PresentationFramework.Luna.ni.dll
+ 2010-11-05 16:06 . 2010-11-05 16:06 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0a3b28392f3911bada90f84f8f3de356\PresentationFramework.Classic.ni.dll
+ 2010-11-05 16:10 . 2010-11-05 16:10 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5db9c32d9f352162e6da220ca463db0d\MSBuild.ni.exe
+ 2010-11-07 01:37 . 2010-11-07 01:37 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fcf975f74bd134d8e0fa8f37c5bc6a8c\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-11-05 16:10 . 2010-11-05 16:10 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\a3e17c48733aac6b0a9ebf6a709e761d\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-11-05 16:10 . 2010-11-05 16:10 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d6b9038136600fbfbbbd7460dc19da19\Microsoft.Build.Utilities.ni.dll
+ 2010-11-05 16:10 . 2010-11-05 16:10 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\585cc7218599e7806521d0e737ba5ffb\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-11-05 16:10 . 2010-11-05 16:10 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3057ec53731286e69e389d103c32fa41\Microsoft.Build.Engine.ni.dll
+ 2010-11-05 16:10 . 2010-11-05 16:10 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\914e338ac6e92714f3e32ae5d89bf03b\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-11-05 16:10 . 2010-11-05 16:10 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\12ae6f3635448471fc9f7d8bfe39c67d\CustomMarshalers.ni.dll
+ 2010-11-07 01:37 . 2010-11-07 01:37 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\daca3c9ad6d867d3fec70d14b4f20cf3\ComSvcConfig.ni.exe
+ 2010-11-05 16:10 . 2010-11-05 16:10 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\ada71a76dece295119de600beac34ff9\ComSvcConfig.ni.exe
+ 2010-11-05 16:10 . 2010-11-05 16:10 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\af4a3ae6d5c1cafa57002beb487b8d7a\AspNetMMCExt.ni.dll
+ 2010-11-05 15:51 . 2010-11-05 15:51 385024 c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2010-11-05 15:51 . 2010-11-05 15:51 167936 c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2010-11-05 15:53 . 2010-11-05 15:53 139264 c:\windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2010-11-05 15:53 . 2010-11-05 15:53 507904 c:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2010-11-05 15:51 . 2010-11-05 15:51 540672 c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2010-11-06 17:47 . 2010-11-06 17:47 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-11-06 17:47 . 2010-11-06 17:47 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-11-05 15:53 . 2010-11-05 15:53 335872 c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2010-11-05 16:04 . 2010-11-05 16:04 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2010-11-05 15:53 . 2010-11-05 15:53 131072 c:\windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2010-11-05 16:04 . 2010-11-05 16:04 229376 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2010-11-05 15:51 . 2010-11-05 15:51 688128 c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2010-11-06 17:48 . 2010-11-06 17:48 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-11-05 15:53 . 2010-11-05 15:53 569344 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
+ 2010-11-06 17:48 . 2010-11-06 17:48 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-11-06 17:50 . 2010-11-06 17:50 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2010-11-06 17:48 . 2010-11-06 17:48 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-11-06 17:48 . 2010-11-06 17:48 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-11-05 15:53 . 2010-11-05 15:53 233472 c:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2010-11-06 17:48 . 2010-11-06 17:48 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-11-06 17:48 . 2010-11-06 17:48 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-11-05 15:53 . 2010-11-05 15:53 143360 c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2010-11-05 15:50 . 2010-11-05 15:50 131072 c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2010-11-06 17:50 . 2010-11-06 17:50 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2010-11-05 15:51 . 2010-11-05 15:51 126976 c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2010-11-06 17:48 . 2010-11-06 17:48 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-11-06 17:48 . 2010-11-06 17:48 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-11-06 17:47 . 2010-11-06 17:47 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-11-05 15:53 . 2010-11-05 15:53 286720 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2010-11-06 17:48 . 2010-11-06 17:48 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-11-06 17:48 . 2010-11-06 17:48 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-11-05 16:04 . 2010-11-05 16:04 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2010-11-05 15:53 . 2010-11-05 15:53 114688 c:\windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2010-11-05 16:04 . 2010-11-05 16:04 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2010-11-05 15:53 . 2010-11-05 15:53 684032 c:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2010-11-05 15:53 . 2010-11-05 15:53 229376 c:\windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2010-11-05 15:53 . 2010-11-05 15:53 667648 c:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
+ 2010-11-06 17:48 . 2010-11-06 17:48 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-11-05 15:53 . 2010-11-05 15:53 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2010-11-06 17:48 . 2010-11-06 17:48 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-11-06 17:50 . 2010-11-06 17:50 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2010-11-05 15:50 . 2010-11-05 15:50 528384 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2010-11-05 15:51 . 2010-11-05 15:51 864256 c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2010-11-05 15:51 . 2010-11-05 15:51 163840 c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2010-11-05 15:51 . 2010-11-05 15:51 397312 c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2010-11-05 15:51 . 2010-11-05 15:51 139264 c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2010-11-05 15:51 . 2010-11-05 15:51 196608 c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2010-11-05 15:51 . 2010-11-05 15:51 598016 c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2010-11-06 17:48 . 2010-11-06 17:48 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-11-06 17:48 . 2010-11-06 17:48 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-11-06 17:48 . 2010-11-06 17:48 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-11-05 15:50 . 2010-11-05 15:50 397312 c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2010-11-06 17:48 . 2010-11-06 17:48 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-11-06 17:48 . 2010-11-06 17:48 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-11-05 15:53 . 2010-11-05 15:53 802816 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
+ 2010-11-05 15:53 . 2010-11-05 15:53 733184 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-11-06 17:48 . 2010-11-06 17:48 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-11-05 15:53 . 2010-11-05 15:53 106496 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
+ 2010-11-06 17:47 . 2010-11-06 17:47 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-11-06 17:48 . 2010-11-06 17:48 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-11-05 15:50 . 2010-11-05 15:50 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2010-11-06 17:48 . 2010-11-06 17:48 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-11-06 17:48 . 2010-11-06 17:48 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-11-06 17:48 . 2010-11-06 17:48 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-11-05 15:50 . 2010-11-05 15:50 163840 c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2010-11-05 15:50 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\XPSEP\i386\xpssvcs.dll
+ 2010-11-05 15:50 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\XPSEP\i386\i386\xpssvcs.dll
+ 2010-11-05 15:50 . 2008-07-06 21:36 2936832 c:\windows\system32\spool\XPSEP\amd64\xpssvcs.dll
+ 2010-11-05 15:50 . 2008-07-06 21:36 2936832 c:\windows\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
+ 2010-11-05 15:49 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\drivers\w32x86\3\XpsSvcs.dll
+ 2009-11-07 05:06 . 2009-11-07 05:06 1130824 c:\windows\system32\dfshim.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 1720824 c:\windows\Microsoft.NET\Framework\v3.5\vbc.exe
+ 2008-07-29 22:47 . 2008-07-29 22:47 1054208 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 1364992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\SITSetup.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 1064448 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\gencomp.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 1548280 c:\windows\Microsoft.NET\Framework\v3.5\csc.exe
+ 2008-12-05 23:35 . 2008-12-05 23:35 1736528 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
+ 2008-07-30 01:10 . 2008-07-30 01:10 2637840 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll
+ 2008-07-30 01:10 . 2008-07-30 01:10 4883464 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 1344000 c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 1172472 c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2008-11-25 08:59 . 2008-11-25 08:59 2048000 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2010-09-22 13:44 . 2010-09-22 13:44 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 09:32 . 2010-03-23 09:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 2933248 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2010-05-11 10:40 . 2010-05-11 10:40 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-05-11 10:40 . 2010-05-11 10:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 1163768 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2009-05-26 15:10 . 2009-05-26 15:10 3479552 c:\windows\Installer\e9f61.msp
+ 2008-12-13 13:57 . 2008-12-13 13:57 8397824 c:\windows\Installer\a2621.msp
+ 2008-07-29 21:45 . 2008-07-29 21:45 2543616 c:\windows\Installer\6833fe8.msp
+ 2008-07-29 21:29 . 2008-07-29 21:29 2926080 c:\windows\Installer\6833fe7.msp
+ 2008-07-29 21:41 . 2008-07-29 21:41 6487040 c:\windows\Installer\6833fe6.msp
+ 2008-07-29 21:39 . 2008-07-29 21:39 3403264 c:\windows\Installer\6833fe5.msp
+ 2008-07-29 21:43 . 2008-07-29 21:43 1013248 c:\windows\Installer\6833fe3.msp
+ 2008-07-29 21:31 . 2008-07-29 21:31 6083072 c:\windows\Installer\6833fe0.msp
+ 2008-07-29 23:26 . 2008-07-29 23:26 1043456 c:\windows\Installer\65060.msp
+ 2008-07-30 00:37 . 2008-07-30 00:37 2679808 c:\windows\Installer\6505e.msp
+ 2008-07-30 01:15 . 2008-07-30 01:15 3697664 c:\windows\Installer\6505c.msp
+ 2008-07-29 23:34 . 2008-07-29 23:34 1448448 c:\windows\Installer\6505b.msp
+ 2008-07-30 00:22 . 2008-07-30 00:22 4137984 c:\windows\Installer\6505a.msp
+ 2008-07-29 23:18 . 2008-07-29 23:18 3376640 c:\windows\Installer\65059.msp
+ 2010-09-17 11:04 . 2010-09-17 11:04 9401856 c:\windows\Installer\2c229a6.msp
+ 2010-10-01 22:42 . 2010-10-01 22:42 5054464 c:\windows\Installer\2c2298b.msp
+ 2010-10-22 18:25 . 2010-10-22 18:25 5521408 c:\windows\Installer\2c22978.msp
+ 2009-11-09 04:25 . 2009-11-09 04:25 1935360 c:\windows\Installer\1f223d1.msp
+ 2010-09-23 11:39 . 2010-09-23 11:39 4265472 c:\windows\Installer\1f223af.msp
+ 2010-04-09 01:38 . 2010-04-09 01:38 2607104 c:\windows\Installer\1f223a5.msp
+ 2010-04-09 01:38 . 2010-04-09 01:38 4210688 c:\windows\Installer\1f223a4.msp
+ 2010-11-05 16:01 . 2010-11-05 16:01 2933248 c:\windows\assembly\temp\GPW3BIPW4B\System.Data.dll
+ 2010-11-06 17:53 . 2010-11-06 17:53 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cec7ecb8eac09dd630d180ce87d23b80\WindowsBase.ni.dll
+ 2010-11-05 16:05 . 2010-11-05 16:05 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3b743d968b43ce8025fccd58c251e4c4\WindowsBase.ni.dll
+ 2010-11-06 17:55 . 2010-11-06 17:55 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\b7f6e7b265f9aae807ddc4284563e550\UIAutomationClientsideProviders.ni.dll
+ 2010-11-05 16:07 . 2010-11-05 16:07 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\294b7521feb648ccf42fb20712b4c2ad\UIAutomationClientsideProviders.ni.dll
+ 2010-11-06 17:51 . 2010-11-06 17:51 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2E9.tmp\System.Data.Linq.dll
+ 2010-11-05 16:04 . 2010-11-05 16:04 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
+ 2010-11-05 16:07 . 2010-11-05 16:07 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll
+ 2010-11-07 01:39 . 2010-11-07 01:39 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bec60fe2e934a6284224ab45b0e981e2\System.WorkflowServices.ni.dll
+ 2010-11-05 16:13 . 2010-11-05 16:13 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\7ea4061dd26d050e836c649a9732edc4\System.WorkflowServices.ni.dll
+ 2010-11-05 16:13 . 2010-11-05 16:13 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\09da139c48e2f5e76994a5c0f2e5b19e\System.Workflow.Runtime.ni.dll
+ 2010-11-05 16:13 . 2010-11-05 16:13 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\6809417da74ff937e18b3034f1eac2f2\System.Workflow.ComponentModel.ni.dll
+ 2010-11-05 16:13 . 2010-11-05 16:13 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\6c91ee82035d30efa8893e7b0396bbb0\System.Workflow.Activities.ni.dll
+ 2010-11-05 16:13 . 2010-11-05 16:13 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\181254ba0cb690decedb950fd26d7bea\System.Web.Services.ni.dll
+ 2010-11-05 16:13 . 2010-11-05 16:13 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4200f716e9a41cb91d17516ba864e586\System.Web.Mobile.ni.dll
+ 2010-11-07 01:39 . 2010-11-07 01:39 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\da367bc2ecf2c9c5b4f858b6dba9e2ea\System.Web.Extensions.ni.dll
+ 2010-11-05 16:12 . 2010-11-05 16:12 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\13cfd1c1eb888bd49e342e731832005b\System.Web.Extensions.ni.dll
+ 2010-11-05 16:07 . 2010-11-05 16:07 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5eb08849d17b272ed2a393420cb0305b\System.Speech.ni.dll
+ 2010-11-07 01:38 . 2010-11-07 01:38 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\8e34e273d036b7468fc4e951a1fde437\System.ServiceModel.Web.ni.dll
+ 2010-11-05 16:12 . 2010-11-05 16:12 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\4748a0856281943d0ddfb07fb470d40c\System.ServiceModel.Web.ni.dll
+ 2010-11-05 16:09 . 2010-11-05 16:09 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e93bb7477674725ba4e3752225471f18\System.Runtime.Serialization.ni.dll
+ 2010-11-07 01:36 . 2010-11-07 01:36 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8061a0f5c1c2ee0549e19224352f67fa\System.Runtime.Serialization.ni.dll
+ 2010-11-06 17:55 . 2010-11-06 17:55 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\99767d4df92b83fdfb06012512722ec1\System.Printing.ni.dll
+ 2010-11-05 16:07 . 2010-11-05 16:07 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\841cafd39e6e237ef18c36c2848182db\System.Printing.ni.dll
+ 2010-11-05 16:09 . 2010-11-05 16:09 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\1ec05bc0c0a0f415924c4d4a11b9e285\System.IdentityModel.ni.dll
+ 2010-11-07 01:36 . 2010-11-07 01:36 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\095bb4f033374647b6d66c51f16bb886\System.IdentityModel.ni.dll
+ 2010-11-05 16:07 . 2010-11-05 16:07 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe52e6885b50be25ef3b31\System.Drawing.ni.dll
+ 2010-11-05 16:12 . 2010-11-05 16:12 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\d20b7e58607ddb1ded9b687627ae8c21\System.DirectoryServices.ni.dll
+ 2010-11-05 16:12 . 2010-11-05 16:12 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\daa33674d4250e38a24b70180d209ac8\System.Deployment.ni.dll
+ 2010-11-05 16:06 . 2010-11-05 16:06 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f04ef00e652a8655a717639e8aeb7b63\System.Data.ni.dll
+ 2010-11-05 16:10 . 2010-11-05 16:10 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f0470c2be4e6bb1dadbeed43e4e8af5c\System.Data.SqlXml.ni.dll
+ 2010-11-07 01:38 . 2010-11-07 01:38 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\b8c9267d87b7358e1a5f00bf1572c313\System.Data.Services.ni.dll
+ 2010-11-05 16:12 . 2010-11-05 16:12 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\47139f14a0229db7f6e5eec79b306a9a\System.Data.Services.ni.dll
+ 2010-11-06 17:52 . 2010-11-06 17:52 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c18c236a09e715138daec2e25be205bb\System.Data.Linq.ni.dll
+ 2010-11-05 16:07 . 2010-11-05 16:07 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\9fca3903ba5b7f9620982e3eec800cc1\System.Data.Linq.ni.dll
+ 2010-11-05 16:11 . 2010-11-05 16:11 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\e90cdb6a12f905f8069a6c0767403070\System.Data.Entity.ni.dll
+ 2010-11-07 01:38 . 2010-11-07 01:38 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6ce886492d9b6a34555be3f328682ec2\System.Data.Entity.ni.dll
+ 2010-11-05 16:06 . 2010-11-05 16:06 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\faeda674832135a080bc73eda51813ff\System.Core.ni.dll
+ 2010-11-05 16:06 . 2010-11-05 16:06 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\f2a2f7ea27dc14ff582d6e501e4e4253\ReachFramework.ni.dll
+ 2010-11-06 17:55 . 2010-11-06 17:55 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\3e85c3d63ce3c3f37061aa626feb2a52\ReachFramework.ni.dll
+ 2010-11-05 16:06 . 2010-11-05 16:06 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\e0b5bdf9438a0c2e8fc6b4b6b66c8d86\PresentationUI.ni.dll
+ 2010-11-06 17:55 . 2010-11-06 17:55 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\bf67db30179ff6e8cb1bdbaa290d122e\PresentationUI.ni.dll
+ 2010-11-05 16:05 . 2010-11-05 16:05 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\835786d8a0caabae09ad440f6e3abfc6\PresentationBuildTasks.ni.dll
+ 2010-11-05 16:10 . 2010-11-05 16:10 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a27783547338dbebf84101a685ba641b\Microsoft.VisualBasic.ni.dll
+ 2010-11-05 16:10 . 2010-11-05 16:10 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\b574937fadb76454578e3ef389b39a2b\Microsoft.Transactions.Bridge.ni.dll
+ 2010-11-07 01:37 . 2010-11-07 01:37 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\773d7bf69a9a0c0556aa41f53e75ab05\Microsoft.Transactions.Bridge.ni.dll
+ 2010-11-05 16:12 . 2010-11-05 16:12 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\16ff33f07efdb9da2a18e27585c604be\Microsoft.JScript.ni.dll
+ 2010-11-05 16:10 . 2010-11-05 16:10 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d0fb91b296616a1a844bf265947018ee\Microsoft.Build.Tasks.ni.dll
+ 2010-11-05 16:10 . 2010-11-05 16:10 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\892e993c8df1c75081113131dc429c15\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-11-05 16:10 . 2010-11-05 16:10 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d0beebd2c9045158cdcd4bd5987b717b\Microsoft.Build.Engine.ni.dll
+ 2010-11-06 17:52 . 2010-11-06 17:52 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2010-11-06 17:48 . 2010-11-06 17:48 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-11-06 17:48 . 2010-11-06 17:48 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-11-05 15:51 . 2010-11-05 15:51 1630208 c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2010-11-05 15:50 . 2010-11-05 15:50 1138688 c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2010-11-06 17:47 . 2010-11-06 17:47 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-11-06 17:52 . 2010-11-06 17:52 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2010-11-06 17:50 . 2010-11-06 17:50 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2010-11-06 17:47 . 2010-11-06 17:47 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-11-05 15:53 . 2010-11-05 15:53 2879488 c:\windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2010-11-06 17:52 . 2010-11-06 17:52 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2010-11-06 17:47 . 2010-11-06 17:47 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-11-06 17:48 . 2010-11-06 17:48 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-11-06 17:52 . 2010-11-06 17:52 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-11-06 17:48 . 2010-11-06 17:48 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2006-01-09 02:51 . 2010-11-11 03:44 35758536 c:\windows\system32\MRT.exe
+ 2008-12-13 14:21 . 2008-12-13 14:21 10473472 c:\windows\Installer\a262b.msp
+ 2010-03-31 05:23 . 2010-03-31 05:23 15638528 c:\windows\Installer\573b8a9.msp
+ 2010-04-12 02:17 . 2010-04-12 02:17 14599680 c:\windows\Installer\573b893.msp
+ 2010-10-14 21:57 . 2010-10-14 21:57 11189248 c:\windows\Installer\2c2299e.msp
+ 2010-05-19 17:08 . 2010-05-19 17:08 11408896 c:\windows\Installer\1f223b9.msp
+ 2010-11-05 15:47 . 2010-11-05 15:47 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP25.tmp\System.Windows.Forms.dll
+ 2010-11-05 16:07 . 2010-11-05 16:07 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466b60614915587c5273eaf0ca7f\System.Windows.Forms.ni.dll
+ 2010-11-05 16:12 . 2010-11-05 16:12 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\41f436dae3c8146752d06130f7331527\System.Web.ni.dll
+ 2010-11-07 01:37 . 2010-11-07 01:37 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\75aeb590008d6e166f7be18f935c52d2\System.ServiceModel.ni.dll
+ 2010-11-05 16:10 . 2010-11-05 16:10 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\08f5774a7734bf5f2c49ce0881bbf2b7\System.ServiceModel.ni.dll
+ 2010-11-05 16:07 . 2010-11-05 16:07 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\fdc42078fd10e4dc8b05087900c63977\System.Design.ni.dll
+ 2010-11-06 17:54 . 2010-11-06 17:54 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a632f3ef85ffd35341b383eed577cb93\PresentationFramework.ni.dll
+ 2010-11-05 16:06 . 2010-11-05 16:06 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\29dddf52a204b46edf577bbd548d1bdd\PresentationFramework.ni.dll
+ 2010-11-06 17:53 . 2010-11-06 17:53 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f00db8db51f5707c7fe52c0683dc6136\PresentationCore.ni.dll
+ 2010-11-05 16:05 . 2010-11-05 16:05 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\a6d35f1f179b6bc42bf2b3c4506fbb03\PresentationCore.ni.dll
+ 2010-11-05 16:03 . 2010-11-05 16:03 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 68856]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-20 114688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-09-01 684032]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-20 198160]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-07-01 1193848]
"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-11-10 6387008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-04-23 136416]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2010-04-30 79112]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-12-20 156784]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-12-20 24576]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 22:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\POWERPNT.EXE"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Jamie\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [8/31/2010 10:10 AM 84072]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/1/2008 6:37 PM 93320]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/31/2010 10:08 AM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [8/31/2010 10:08 AM 271480]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [4/22/2010 7:33 PM 25824]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [8/31/2010 10:10 AM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [8/31/2010 10:10 AM 141792]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [4/30/2010 9:47 AM 14088]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [8/31/2010 10:10 AM 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [8/31/2010 10:10 AM 312904]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [8/31/2010 10:10 AM 88544]
S2 gupdate1ca5122f8112db6;Google Update Service (gupdate1ca5122f8112db6);c:\program files\Google\Update\GoogleUpdate.exe [10/19/2009 8:16 PM 133104]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [8/31/2010 10:10 AM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/31/2010 10:10 AM 84264]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder

2010-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-20 01:15]

2010-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-20 01:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab
DPF: {395E58B9-090C-461A-8F27-087D1C72794A} - hxxps://useast-v4.nefsis.com/LoaderIE2.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab
FF - ProfilePath - c:\documents and settings\Jamie\Application Data\Mozilla\Firefox\Profiles\h3gqmrwk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Jamie\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Jamie\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-24 20:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1604)
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(2240)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-11-24 21:02:28
ComboFix-quarantined-files.txt 2010-11-25 02:02
ComboFix2.txt 2010-10-16 18:40
ComboFix3.txt 2010-10-13 02:14

Pre-Run: 7,700,111,360 bytes free
Post-Run: 7,851,257,856 bytes free

- - End Of File - - 1B38023E007EF4E3B4178BE2196DD049

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:34 PM

Posted 25 November 2010 - 04:43 AM

That looks good. No malware showing there at all.

Please run TDSSKiller

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


Then MBRCheck

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#7 bricker185

bricker185
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 26 November 2010 - 09:08 AM

I am away from my computer until tomorrow. I will take these next steps and post logs tomorrow.
Thanks.

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:34 PM

Posted 26 November 2010 - 06:27 PM

:thumbup2:
Posted Image
m0le is a proud member of UNITE

#9 bricker185

bricker185
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 27 November 2010 - 05:42 PM

TDSSKiller report and MBRCheck log, as requested.

Thanks!


2010/11/27 17:28:29.0578 TDSS rootkit removing tool 2.4.9.0 Nov 26 2010 15:38:31
2010/11/27 17:28:29.0578 ================================================================================
2010/11/27 17:28:29.0578 SystemInfo:
2010/11/27 17:28:29.0578
2010/11/27 17:28:29.0578 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/27 17:28:29.0578 Product type: Workstation
2010/11/27 17:28:29.0578 ComputerName: BRICKER
2010/11/27 17:28:29.0578 UserName: Jamie
2010/11/27 17:28:29.0578 Windows directory: C:\WINDOWS
2010/11/27 17:28:29.0578 System windows directory: C:\WINDOWS
2010/11/27 17:28:29.0578 Processor architecture: Intel x86
2010/11/27 17:28:29.0578 Number of processors: 1
2010/11/27 17:28:29.0578 Page size: 0x1000
2010/11/27 17:28:29.0578 Boot type: Normal boot
2010/11/27 17:28:29.0578 ================================================================================
2010/11/27 17:28:29.0906 Initialize success
2010/11/27 17:29:31.0515 ================================================================================
2010/11/27 17:29:31.0515 Scan started
2010/11/27 17:29:31.0515 Mode: Manual;
2010/11/27 17:29:31.0515 ================================================================================
2010/11/27 17:29:32.0140 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/11/27 17:29:32.0281 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/27 17:29:32.0390 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/27 17:29:32.0453 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/11/27 17:29:32.0531 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/27 17:29:32.0609 AegisP (076394a345ee5e9e3911fc0f058f4f38) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/11/27 17:29:32.0734 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/27 17:29:32.0796 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/11/27 17:29:32.0875 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/11/27 17:29:32.0984 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/11/27 17:29:33.0171 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/11/27 17:29:33.0234 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/11/27 17:29:33.0296 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/11/27 17:29:33.0359 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/11/27 17:29:33.0421 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/11/27 17:29:33.0468 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/11/27 17:29:33.0671 ApfiltrService (aeb775a2bae0f392ba6adc0bb706233a) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2010/11/27 17:29:33.0812 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2010/11/27 17:29:33.0968 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/11/27 17:29:34.0109 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/11/27 17:29:34.0187 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/11/27 17:29:34.0265 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/11/27 17:29:34.0328 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/27 17:29:34.0359 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/27 17:29:34.0437 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/27 17:29:34.0468 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/27 17:29:34.0515 bcm4sbxp (78123f44be9e4768852a3a017e02d637) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2010/11/27 17:29:34.0562 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/27 17:29:34.0859 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/11/27 17:29:34.0890 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/27 17:29:34.0921 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/11/27 17:29:35.0000 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/27 17:29:35.0031 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/27 17:29:35.0078 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/27 17:29:35.0156 cfwids (426ee59b25988bb3382fc0a3655deaa2) C:\WINDOWS\system32\drivers\cfwids.sys
2010/11/27 17:29:35.0218 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/11/27 17:29:35.0281 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/11/27 17:29:35.0312 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/11/27 17:29:35.0390 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/11/27 17:29:35.0453 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/11/27 17:29:35.0500 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/11/27 17:29:35.0546 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/27 17:29:35.0656 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/27 17:29:35.0750 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/27 17:29:35.0812 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/27 17:29:35.0875 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/27 17:29:35.0968 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/11/27 17:29:36.0046 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/27 17:29:36.0109 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
2010/11/27 17:29:36.0156 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
2010/11/27 17:29:36.0328 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2010/11/27 17:29:36.0421 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2010/11/27 17:29:36.0500 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/11/27 17:29:36.0625 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/27 17:29:36.0671 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/27 17:29:36.0703 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/27 17:29:36.0750 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/27 17:29:36.0812 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/27 17:29:36.0890 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/27 17:29:36.0937 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/27 17:29:37.0046 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/27 17:29:37.0171 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/27 17:29:37.0328 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/11/27 17:29:37.0515 HSFHWICH (140ba850417896b6b3322048de280368) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2010/11/27 17:29:37.0765 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/11/27 17:29:37.0890 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/27 17:29:37.0937 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/11/27 17:29:37.0984 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/11/27 17:29:38.0015 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/27 17:29:38.0125 ialm (240d0f5d7caafd87bd8d801a97bbe041) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/11/27 17:29:38.0203 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/27 17:29:38.0265 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/11/27 17:29:38.0328 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/11/27 17:29:38.0375 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/27 17:29:38.0437 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/27 17:29:38.0500 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/27 17:29:38.0562 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/27 17:29:38.0625 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/27 17:29:38.0687 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/27 17:29:38.0750 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/27 17:29:38.0781 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/27 17:29:38.0875 IWCA (872d090ca5c306f62d1982bce6302376) C:\WINDOWS\system32\DRIVERS\iwca.sys
2010/11/27 17:29:38.0921 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/27 17:29:38.0968 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/27 17:29:39.0031 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/27 17:29:39.0218 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/11/27 17:29:39.0296 mfeapfk (5bd0c401a8ee4a54f6176c0a10d595ae) C:\WINDOWS\system32\drivers\mfeapfk.sys
2010/11/27 17:29:39.0359 mfeavfk (f3bb4dc61b4dc662bdc778cf1634fae1) C:\WINDOWS\system32\drivers\mfeavfk.sys
2010/11/27 17:29:39.0437 mfebopk (b1498db38d129ed31650422fc8bab9c5) C:\WINDOWS\system32\drivers\mfebopk.sys
2010/11/27 17:29:39.0562 mfefirek (51e9ccea45c78858a229afb6e682cf41) C:\WINDOWS\system32\drivers\mfefirek.sys
2010/11/27 17:29:39.0703 mfehidk (32f7298664874715ce469a79078853c4) C:\WINDOWS\system32\drivers\mfehidk.sys
2010/11/27 17:29:39.0765 mfendisk (9d346b15bb3f4aa323784e2774b4e580) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2010/11/27 17:29:39.0796 mfendiskmp (9d346b15bb3f4aa323784e2774b4e580) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2010/11/27 17:29:39.0859 mferkdet (858337b64484cd80eee7d2eba5ac61bc) C:\WINDOWS\system32\drivers\mferkdet.sys
2010/11/27 17:29:39.0953 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
2010/11/27 17:29:40.0000 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
2010/11/27 17:29:40.0046 mfetdi2k (3363aca7b66bd6b37d0f5c148dc9d34b) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2010/11/27 17:29:40.0125 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/27 17:29:40.0218 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/27 17:29:40.0250 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/27 17:29:40.0328 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/27 17:29:40.0375 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/27 17:29:40.0421 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/11/27 17:29:40.0500 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/27 17:29:40.0593 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/27 17:29:40.0703 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/27 17:29:40.0796 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/27 17:29:40.0828 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/27 17:29:40.0890 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/27 17:29:40.0921 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/27 17:29:41.0140 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/27 17:29:41.0390 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/27 17:29:41.0531 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/27 17:29:41.0562 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/27 17:29:41.0593 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/27 17:29:41.0640 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/27 17:29:41.0671 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/27 17:29:41.0703 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/27 17:29:41.0750 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/11/27 17:29:41.0781 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/27 17:29:41.0843 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/27 17:29:41.0906 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/27 17:29:42.0015 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/27 17:29:42.0125 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/27 17:29:42.0156 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/27 17:29:42.0187 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/11/27 17:29:42.0265 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
2010/11/27 17:29:42.0343 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/27 17:29:42.0375 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/27 17:29:42.0421 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/27 17:29:42.0484 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/27 17:29:42.0562 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/27 17:29:42.0640 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/11/27 17:29:42.0796 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/11/27 17:29:42.0875 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/11/27 17:29:42.0968 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/27 17:29:43.0031 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/27 17:29:43.0078 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/27 17:29:43.0140 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/27 17:29:43.0171 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/11/27 17:29:43.0218 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/11/27 17:29:43.0265 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/11/27 17:29:43.0312 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/11/27 17:29:43.0359 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/11/27 17:29:43.0406 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/27 17:29:43.0453 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/27 17:29:43.0515 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/27 17:29:43.0593 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/27 17:29:43.0687 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/27 17:29:43.0781 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/27 17:29:44.0000 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/27 17:29:44.0078 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/27 17:29:44.0156 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/27 17:29:44.0625 s24trans (81aa6f0d6a2be1c550f814b036215888) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2010/11/27 17:29:44.0750 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/11/27 17:29:44.0828 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/27 17:29:44.0890 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/27 17:29:45.0015 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/27 17:29:45.0078 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2010/11/27 17:29:45.0156 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2010/11/27 17:29:45.0234 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/27 17:29:45.0328 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/11/27 17:29:45.0390 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/11/27 17:29:45.0406 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/27 17:29:45.0656 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/27 17:29:45.0750 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/27 17:29:45.0828 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2010/11/27 17:29:45.0859 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2010/11/27 17:29:45.0921 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys
2010/11/27 17:29:46.0000 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/27 17:29:46.0062 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/27 17:29:46.0125 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/11/27 17:29:46.0171 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/11/27 17:29:46.0234 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/11/27 17:29:46.0312 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/11/27 17:29:46.0359 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/27 17:29:46.0484 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/27 17:29:46.0562 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/27 17:29:46.0625 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/27 17:29:46.0671 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/27 17:29:46.0734 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
2010/11/27 17:29:46.0781 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
2010/11/27 17:29:46.0828 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
2010/11/27 17:29:46.0875 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
2010/11/27 17:29:46.0937 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
2010/11/27 17:29:46.0968 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
2010/11/27 17:29:47.0031 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
2010/11/27 17:29:47.0078 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
2010/11/27 17:29:47.0140 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
2010/11/27 17:29:47.0218 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/11/27 17:29:47.0281 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/27 17:29:47.0359 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/11/27 17:29:47.0453 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/27 17:29:47.0546 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/27 17:29:47.0593 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/27 17:29:47.0625 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/27 17:29:47.0687 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/27 17:29:47.0765 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/27 17:29:47.0796 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/27 17:29:47.0828 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/27 17:29:47.0906 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/11/27 17:29:47.0984 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/11/27 17:29:48.0093 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/27 17:29:48.0359 w29n51 (f0f902220910c4fbe42a51964bd33599) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2010/11/27 17:29:48.0609 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/27 17:29:48.0687 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2010/11/27 17:29:48.0750 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/27 17:29:48.0843 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/11/27 17:29:49.0000 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/11/27 17:29:49.0078 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/27 17:29:49.0156 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/27 17:29:49.0234 ================================================================================
2010/11/27 17:29:49.0234 Scan finished
2010/11/27 17:29:49.0234 ================================================================================
2010/11/27 17:30:49.0140 ================================================================================
2010/11/27 17:30:49.0140 Scan started
2010/11/27 17:30:49.0140 Mode: Manual;
2010/11/27 17:30:49.0140 ================================================================================
2010/11/27 17:30:49.0921 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/11/27 17:30:50.0000 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/27 17:30:50.0046 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/27 17:30:50.0125 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/11/27 17:30:50.0187 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/27 17:30:50.0265 AegisP (076394a345ee5e9e3911fc0f058f4f38) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/11/27 17:30:50.0359 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/27 17:30:50.0421 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/11/27 17:30:50.0453 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/11/27 17:30:50.0484 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/11/27 17:30:50.0531 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/11/27 17:30:50.0578 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/11/27 17:30:50.0640 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/11/27 17:30:50.0703 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/11/27 17:30:50.0750 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/11/27 17:30:50.0781 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/11/27 17:30:50.0843 ApfiltrService (aeb775a2bae0f392ba6adc0bb706233a) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2010/11/27 17:30:50.0937 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2010/11/27 17:30:51.0015 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/11/27 17:30:51.0078 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/11/27 17:30:51.0125 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/11/27 17:30:51.0171 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/11/27 17:30:51.0250 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/27 17:30:51.0312 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/27 17:30:51.0406 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/27 17:30:51.0437 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/27 17:30:51.0500 bcm4sbxp (78123f44be9e4768852a3a017e02d637) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2010/11/27 17:30:51.0546 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/27 17:30:51.0812 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/11/27 17:30:51.0859 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/27 17:30:51.0906 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/11/27 17:30:51.0953 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/27 17:30:51.0984 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/27 17:30:52.0046 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/27 17:30:52.0109 cfwids (426ee59b25988bb3382fc0a3655deaa2) C:\WINDOWS\system32\drivers\cfwids.sys
2010/11/27 17:30:52.0187 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/11/27 17:30:52.0250 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/11/27 17:30:52.0296 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/11/27 17:30:52.0359 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/11/27 17:30:52.0421 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/11/27 17:30:52.0468 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/11/27 17:30:52.0515 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/27 17:30:52.0593 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/27 17:30:52.0671 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/27 17:30:52.0718 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/27 17:30:52.0781 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/27 17:30:52.0828 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/11/27 17:30:52.0890 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/27 17:30:52.0968 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
2010/11/27 17:30:53.0015 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
2010/11/27 17:30:53.0203 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2010/11/27 17:30:53.0296 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2010/11/27 17:30:53.0343 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/11/27 17:30:53.0437 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/27 17:30:53.0484 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/27 17:30:53.0546 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/27 17:30:53.0625 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/27 17:30:53.0671 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/27 17:30:53.0718 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/27 17:30:53.0750 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/27 17:30:53.0828 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/27 17:30:53.0890 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/27 17:30:53.0937 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/11/27 17:30:53.0984 HSFHWICH (140ba850417896b6b3322048de280368) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2010/11/27 17:30:54.0078 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/11/27 17:30:54.0171 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/27 17:30:54.0218 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/11/27 17:30:54.0281 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/11/27 17:30:54.0312 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/27 17:30:54.0437 ialm (240d0f5d7caafd87bd8d801a97bbe041) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/11/27 17:30:54.0484 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/27 17:30:54.0546 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/11/27 17:30:54.0578 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/11/27 17:30:54.0609 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/27 17:30:54.0671 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/27 17:30:54.0734 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/27 17:30:54.0781 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/27 17:30:54.0859 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/27 17:30:54.0906 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/27 17:30:54.0968 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/27 17:30:55.0046 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/27 17:30:55.0125 IWCA (872d090ca5c306f62d1982bce6302376) C:\WINDOWS\system32\DRIVERS\iwca.sys
2010/11/27 17:30:55.0171 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/27 17:30:55.0218 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/27 17:30:55.0296 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/27 17:30:55.0484 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/11/27 17:30:55.0593 mfeapfk (5bd0c401a8ee4a54f6176c0a10d595ae) C:\WINDOWS\system32\drivers\mfeapfk.sys
2010/11/27 17:30:55.0656 mfeavfk (f3bb4dc61b4dc662bdc778cf1634fae1) C:\WINDOWS\system32\drivers\mfeavfk.sys
2010/11/27 17:30:55.0750 mfebopk (b1498db38d129ed31650422fc8bab9c5) C:\WINDOWS\system32\drivers\mfebopk.sys
2010/11/27 17:30:55.0843 mfefirek (51e9ccea45c78858a229afb6e682cf41) C:\WINDOWS\system32\drivers\mfefirek.sys
2010/11/27 17:30:55.0906 mfehidk (32f7298664874715ce469a79078853c4) C:\WINDOWS\system32\drivers\mfehidk.sys
2010/11/27 17:30:55.0968 mfendisk (9d346b15bb3f4aa323784e2774b4e580) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2010/11/27 17:30:55.0984 mfendiskmp (9d346b15bb3f4aa323784e2774b4e580) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2010/11/27 17:30:56.0031 mferkdet (858337b64484cd80eee7d2eba5ac61bc) C:\WINDOWS\system32\drivers\mferkdet.sys
2010/11/27 17:30:56.0125 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
2010/11/27 17:30:56.0171 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
2010/11/27 17:30:56.0234 mfetdi2k (3363aca7b66bd6b37d0f5c148dc9d34b) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2010/11/27 17:30:56.0265 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/27 17:30:56.0343 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/27 17:30:56.0390 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/27 17:30:56.0453 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/27 17:30:56.0500 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/27 17:30:56.0546 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/11/27 17:30:56.0609 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/27 17:30:56.0671 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/27 17:30:56.0718 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/27 17:30:56.0812 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/27 17:30:56.0859 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/27 17:30:56.0921 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/27 17:30:56.0953 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/27 17:30:57.0046 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/27 17:30:57.0125 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/27 17:30:57.0187 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/27 17:30:57.0343 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/27 17:30:57.0468 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/27 17:30:57.0625 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/27 17:30:57.0656 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/27 17:30:57.0703 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/27 17:30:57.0765 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/11/27 17:30:57.0796 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/27 17:30:57.0843 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/27 17:30:57.0890 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/27 17:30:58.0000 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/27 17:30:58.0046 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/27 17:30:58.0078 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/27 17:30:58.0093 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/11/27 17:30:58.0171 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
2010/11/27 17:30:58.0234 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/27 17:30:58.0265 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/27 17:30:58.0312 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/27 17:30:58.0359 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/27 17:30:58.0437 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/27 17:30:58.0484 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/11/27 17:30:58.0640 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/11/27 17:30:58.0687 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/11/27 17:30:58.0718 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/27 17:30:58.0765 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/27 17:30:58.0812 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/27 17:30:58.0859 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/27 17:30:58.0890 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/11/27 17:30:58.0906 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/11/27 17:30:58.0937 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/11/27 17:30:58.0968 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/11/27 17:30:59.0000 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/11/27 17:30:59.0015 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/27 17:30:59.0062 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/27 17:30:59.0093 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/27 17:30:59.0125 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/27 17:30:59.0171 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/27 17:30:59.0203 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/27 17:30:59.0250 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/27 17:30:59.0312 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/27 17:30:59.0375 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/27 17:30:59.0500 s24trans (81aa6f0d6a2be1c550f814b036215888) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2010/11/27 17:30:59.0562 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/11/27 17:30:59.0625 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/27 17:30:59.0703 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/27 17:30:59.0765 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/27 17:30:59.0828 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2010/11/27 17:30:59.0875 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2010/11/27 17:30:59.0921 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/27 17:31:00.0031 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/11/27 17:31:00.0156 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/11/27 17:31:00.0312 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/27 17:31:00.0578 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/27 17:31:00.0718 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/27 17:31:00.0781 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2010/11/27 17:31:00.0812 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2010/11/27 17:31:00.0875 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys
2010/11/27 17:31:00.0906 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/27 17:31:00.0953 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/27 17:31:01.0015 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/11/27 17:31:01.0093 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/11/27 17:31:01.0156 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/11/27 17:31:01.0203 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/11/27 17:31:01.0265 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/27 17:31:01.0375 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/27 17:31:01.0437 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/27 17:31:01.0500 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/27 17:31:01.0546 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/27 17:31:01.0609 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
2010/11/27 17:31:01.0656 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
2010/11/27 17:31:01.0703 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
2010/11/27 17:31:01.0750 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
2010/11/27 17:31:01.0796 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
2010/11/27 17:31:01.0828 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
2010/11/27 17:31:01.0875 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
2010/11/27 17:31:01.0906 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
2010/11/27 17:31:01.0937 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
2010/11/27 17:31:01.0984 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/11/27 17:31:02.0046 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/27 17:31:02.0093 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/11/27 17:31:02.0156 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/27 17:31:02.0218 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/27 17:31:02.0281 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/27 17:31:02.0296 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/27 17:31:02.0343 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/27 17:31:02.0390 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/27 17:31:02.0406 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/27 17:31:02.0437 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/27 17:31:02.0484 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/11/27 17:31:02.0515 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/11/27 17:31:02.0546 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/27 17:31:02.0765 w29n51 (f0f902220910c4fbe42a51964bd33599) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2010/11/27 17:31:02.0859 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/27 17:31:02.0937 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2010/11/27 17:31:03.0031 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/27 17:31:03.0125 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/11/27 17:31:03.0671 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/11/27 17:31:03.0750 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/27 17:31:03.0828 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/27 17:31:03.0890 ================================================================================
2010/11/27 17:31:03.0890 Scan finished
2010/11/27 17:31:03.0890 ================================================================================
2010/11/27 17:32:11.0812 Deinitialize success




MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 149):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF7AC7000 \WINDOWS\system32\KDCOM.DLL
0xF79D7000 \WINDOWS\system32\BOOTVID.dll
0xF7498000 ACPI.sys
0xF7AC9000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7487000 pci.sys
0xF75C7000 isapnp.sys
0xF79DB000 compbatt.sys
0xF79DF000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7B8F000 pciide.sys
0xF7847000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7ACB000 intelide.sys
0xF7469000 pcmcia.sys
0xF75D7000 MountMgr.sys
0xF744A000 ftdisk.sys
0xF7424000 dmio.sys
0xF784F000 PartMgr.sys
0xF75E7000 VolSnap.sys
0xF740C000 atapi.sys
0xF75F7000 disk.sys
0xF7607000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73EC000 fltmgr.sys
0xF73DA000 sr.sys
0xF737D000 mfehidk.sys
0xF7368000 drvmcdb.sys
0xF7617000 PxHelp20.sys
0xF7351000 KSecDD.sys
0xF72C4000 Ntfs.sys
0xF7297000 NDIS.sys
0xF7627000 ohci1394.sys
0xF7637000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF727D000 Mup.sys
0xF7657000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7AAB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF6A3B000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF6A27000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF791F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6A03000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7927000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xF69EF000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF66DF000 \SystemRoot\system32\DRIVERS\w29n51.sys
0xF669C000 \SystemRoot\system32\drivers\STAC97.sys
0xF6678000 \SystemRoot\system32\drivers\portcls.sys
0xF76E7000 \SystemRoot\system32\drivers\drmk.sys
0xF6655000 \SystemRoot\system32\drivers\ks.sys
0xF6624000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xF6525000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF647D000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF792F000 \SystemRoot\System32\Drivers\Modem.SYS
0xF76F7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF6463000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xF7937000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF793F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7707000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7AFF000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF7717000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7727000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6426000 \SystemRoot\system32\DRIVERS\iwca.sys
0xF7C0E000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF6412000 \SystemRoot\system32\DRIVERS\mfendisk.sys
0xF7737000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7ABF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF63FB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7747000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7757000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7947000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF63EA000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7767000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF63C6000 \SystemRoot\system32\drivers\mfeavfk.sys
0xF6331000 \SystemRoot\system32\drivers\mfefirek.sys
0xF794F000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7957000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF795F000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0xF62D9000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7777000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B03000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF627B000 \SystemRoot\system32\DRIVERS\update.sys
0xF6BF0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7967000 \SystemRoot\system32\DRIVERS\omci.sys
0xF7787000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF77A7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B0B000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7A8F000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7B0F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7D12000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B11000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7977000 \SystemRoot\system32\drivers\ssrtln.sys
0xF797F000 \SystemRoot\System32\drivers\vga.sys
0xF7B13000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B15000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7987000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF798F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7A93000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA765000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA70C000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAA6F9000 \SystemRoot\system32\drivers\mfetdi2k.sys
0xAA6D3000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAA6AB000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7AA3000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xAA689000 \SystemRoot\System32\drivers\afd.sys
0xF77C7000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAA65E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAA5EE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF77E7000 \SystemRoot\System32\Drivers\Fips.SYS
0xF77F7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF7807000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF631D000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xF7677000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAA5AE000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B33000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7A8B000 \SystemRoot\System32\drivers\Dxapi.sys
0xF78C7000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7CC7000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF041000 \SystemRoot\System32\ialmdev5.DLL
0xBF075000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF6B3C000 \SystemRoot\system32\drivers\drvnddm.sys
0xF7D06000 \SystemRoot\system32\dla\tfsndres.sys
0xAA458000 \SystemRoot\system32\dla\tfsnifs.sys
0xAA506000 \SystemRoot\system32\dla\tfsnopio.sys
0xF7B39000 \SystemRoot\system32\dla\tfsnpool.sys
0xF78D7000 \SystemRoot\system32\dla\tfsnboio.sys
0xAA59E000 \SystemRoot\system32\dla\tfsncofs.sys
0xF7D04000 \SystemRoot\system32\dla\tfsndrct.sys
0xAA43F000 \SystemRoot\system32\dla\tfsnudf.sys
0xAA426000 \SystemRoot\system32\dla\tfsnudfa.sys
0xAA4A2000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xAA49E000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xAA4DA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAA029000 \SystemRoot\system32\drivers\wdmaud.sys
0xAA2B6000 \SystemRoot\system32\drivers\sysaudio.sys
0xA966E000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7B5B000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xA959E000 \SystemRoot\system32\DRIVERS\srv.sys
0xA9616000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA8DB9000 \SystemRoot\System32\Drivers\HTTP.sys
0xA8C63000 \SystemRoot\system32\drivers\mfeapfk.sys
0xA8CB9000 \SystemRoot\system32\drivers\mfebopk.sys
0xA8E8A000 \SystemRoot\system32\drivers\cfwids.sys
0xF7B6B000 \SystemRoot\System32\Drivers\hiber_WMILIB.SYS
0xA889D000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 64):
0 System Idle Process
4 System
1528 C:\WINDOWS\system32\smss.exe
1584 csrss.exe
1608 C:\WINDOWS\system32\winlogon.exe
1652 C:\WINDOWS\system32\services.exe
1664 C:\WINDOWS\system32\lsass.exe
1828 C:\WINDOWS\system32\svchost.exe
1892 svchost.exe
1928 C:\WINDOWS\system32\svchost.exe
1964 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
2008 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
292 C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
388 svchost.exe
424 svchost.exe
884 C:\WINDOWS\system32\spoolsv.exe
1212 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
1408 C:\WINDOWS\explorer.exe
812 C:\Program Files\Apoint\Apoint.exe
940 C:\WINDOWS\system32\hkcmd.exe
948 C:\WINDOWS\system32\igfxpers.exe
1072 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1088 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
1124 C:\Program Files\Dell\Media Experience\PCMService.exe
1220 C:\Program Files\Dell\QuickSet\quickset.exe
1240 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
1180 C:\WINDOWS\system32\dla\tfswctrl.exe
1268 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
1276 C:\WINDOWS\system32\igfxsrvc.exe
1296 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
1308 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
1192 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
1348 C:\Program Files\McAfee.com\Agent\mcagent.exe
1380 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
1428 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
420 C:\Program Files\America Online 9.0\aoltray.exe
676 C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
708 C:\Program Files\Digital Line Detect\DLG.exe
988 C:\Program Files\Apoint\ApntEx.exe
2704 C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
2844 C:\WINDOWS\system32\ctfmon.exe
2860 C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
2656 svchost.exe
2348 C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
2904 C:\Program Files\Java\jre6\bin\jqs.exe
2992 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
3028 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
3236 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
3324 C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
4040 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
4076 C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
928 C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
1112 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
1564 C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
2176 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
2272 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
3984 wmiprvse.exe
1144 wmiprvse.exe
3740 C:\WINDOWS\system32\svchost.exe
2172 C:\Program Files\Mozilla Firefox\firefox.exe
3472 alg.exe
1368 C:\WINDOWS\system32\svchost.exe
5052 C:\Program Files\Mozilla Firefox\plugin-container.exe
4844 C:\Documents and Settings\Jamie\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`03ec1000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGMP0603H, Rev: UD200-16

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 79BCE648F143823706869D592F56B05B3E4D6E83


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:34 PM

Posted 27 November 2010 - 06:42 PM

Okay, that's a positive for malware

The MBR has been rewritten.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Important Note: While fixing the Master Boot Record (MBR) is generally safe, there is a small risk of damaging the operating system so that it will not boot up or the partitions may become corrupted. I recommend you have your Windows CD available which will allow recovering the boot code via the Windows Recovery Console in case of any problems or install the XP Recovery Console before proceeding with the above fix. Then if any problems occur, the links below explain how to use and repair the MBR:If you do not have a Vista recovery disk then please burn one as shown here


Run MBRCheck.exe
  • Run MBRCheck.exe
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter 2 and press the Enter key
  • Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes:, followed by a list of operating systems. Please enter the correct number for XP, and then press Enter.
  • when asked Do you want to fix the MRB code? type in YES and press enter
  • Restart your PC.
After you restart the PC
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread

Posted Image
m0le is a proud member of UNITE

#11 bricker185

bricker185
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 28 November 2010 - 02:23 PM

Hi m0le,
I've run MBRCheck as instructed. After fixing, restarting the computer and re-running MBRCheck, the log still shows a "non-standard or infected MBR."

The report is below.

Thanks!

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 148):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF7A87000 \WINDOWS\system32\KDCOM.DLL
0xF7997000 \WINDOWS\system32\BOOTVID.dll
0xF7458000 ACPI.sys
0xF7A89000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7447000 pci.sys
0xF7587000 isapnp.sys
0xF799B000 compbatt.sys
0xF799F000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7B4F000 pciide.sys
0xF7807000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7A8B000 intelide.sys
0xF7429000 pcmcia.sys
0xF7597000 MountMgr.sys
0xF740A000 ftdisk.sys
0xF73E4000 dmio.sys
0xF780F000 PartMgr.sys
0xF75A7000 VolSnap.sys
0xF73CC000 atapi.sys
0xF75B7000 disk.sys
0xF75C7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73AC000 fltmgr.sys
0xF739A000 sr.sys
0xF733D000 mfehidk.sys
0xF7328000 drvmcdb.sys
0xF75D7000 PxHelp20.sys
0xF7311000 KSecDD.sys
0xF7284000 Ntfs.sys
0xF7257000 NDIS.sys
0xF75E7000 ohci1394.sys
0xF75F7000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF723D000 Mup.sys
0xF7627000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF7697000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7A6B000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF69D0000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF69BC000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF78EF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6998000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78F7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xF6984000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF6674000 \SystemRoot\system32\DRIVERS\w29n51.sys
0xF6631000 \SystemRoot\system32\drivers\STAC97.sys
0xF660D000 \SystemRoot\system32\drivers\portcls.sys
0xF76B7000 \SystemRoot\system32\drivers\drmk.sys
0xF65EA000 \SystemRoot\system32\drivers\ks.sys
0xF656F000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xF6470000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF63C8000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF78FF000 \SystemRoot\System32\Drivers\Modem.SYS
0xF76C7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF63AE000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xF7907000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF790F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7AC7000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF76E7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6371000 \SystemRoot\system32\DRIVERS\iwca.sys
0xF7BF1000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF635D000 \SystemRoot\system32\DRIVERS\mfendisk.sys
0xF7707000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7A7F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6346000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7717000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7727000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7917000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6335000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7737000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF6311000 \SystemRoot\system32\drivers\mfeavfk.sys
0xF629E000 \SystemRoot\system32\drivers\mfefirek.sys
0xF791F000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7927000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF792F000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0xF626E000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7747000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7ACB000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6210000 \SystemRoot\system32\DRIVERS\update.sys
0xF6BC6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7937000 \SystemRoot\system32\DRIVERS\omci.sys
0xF7757000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7777000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7AD1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7A53000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7AD5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C51000 \SystemRoot\System32\Drivers\Null.SYS
0xF7AD7000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7947000 \SystemRoot\system32\drivers\ssrtln.sys
0xF794F000 \SystemRoot\System32\drivers\vga.sys
0xF7AD9000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7ADB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7957000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF795F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7A57000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA765000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA70C000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAA6F9000 \SystemRoot\system32\drivers\mfetdi2k.sys
0xAA6D3000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAA6AB000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7A67000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xAA689000 \SystemRoot\System32\drivers\afd.sys
0xF7787000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAA65E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAA5EE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF77A7000 \SystemRoot\System32\Drivers\Fips.SYS
0xF77B7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF77C7000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF62F5000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xF77F7000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAA5AE000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7AE7000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF5F7A000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7967000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7CBC000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF041000 \SystemRoot\System32\ialmdev5.DLL
0xBF075000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF7687000 \SystemRoot\system32\drivers\drvnddm.sys
0xF7CD9000 \SystemRoot\system32\dla\tfsndres.sys
0xAA458000 \SystemRoot\system32\dla\tfsnifs.sys
0xAA506000 \SystemRoot\system32\dla\tfsnopio.sys
0xF7AEB000 \SystemRoot\system32\dla\tfsnpool.sys
0xF7977000 \SystemRoot\system32\dla\tfsnboio.sys
0xF7797000 \SystemRoot\system32\dla\tfsncofs.sys
0xF7CDA000 \SystemRoot\system32\dla\tfsndrct.sys
0xAA43F000 \SystemRoot\system32\dla\tfsnudf.sys
0xAA426000 \SystemRoot\system32\dla\tfsnudfa.sys
0xAA4A2000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xAA49E000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xAA366000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAA051000 \SystemRoot\system32\drivers\wdmaud.sys
0xAA52E000 \SystemRoot\system32\drivers\sysaudio.sys
0xA975E000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7ABD000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xA95EE000 \SystemRoot\system32\DRIVERS\srv.sys
0xA9692000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA8F6E000 \SystemRoot\system32\drivers\cfwids.sys
0xA8D8D000 \SystemRoot\System32\Drivers\HTTP.sys
0xA8CAF000 \SystemRoot\system32\drivers\mfeapfk.sys
0xA8FEE000 \SystemRoot\system32\drivers\mfebopk.sys
0xA8BBC000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 62):
0 System Idle Process
4 System
1428 C:\WINDOWS\system32\smss.exe
1580 csrss.exe
1604 C:\WINDOWS\system32\winlogon.exe
1648 C:\WINDOWS\system32\services.exe
1660 C:\WINDOWS\system32\lsass.exe
1824 C:\WINDOWS\system32\svchost.exe
1888 svchost.exe
1924 C:\WINDOWS\system32\svchost.exe
1960 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
2008 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
236 C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
316 svchost.exe
360 svchost.exe
772 C:\WINDOWS\system32\spoolsv.exe
1052 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
1220 C:\WINDOWS\explorer.exe
912 C:\Program Files\Apoint\Apoint.exe
1752 C:\WINDOWS\system32\hkcmd.exe
1692 C:\WINDOWS\system32\igfxpers.exe
940 C:\Program Files\Common Files\Java\Java Update\jusched.exe
952 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
1060 C:\Program Files\Dell\Media Experience\PCMService.exe
1080 C:\Program Files\Dell\QuickSet\quickset.exe
1044 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
1108 C:\WINDOWS\system32\dla\tfswctrl.exe
1196 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
1268 C:\WINDOWS\system32\igfxsrvc.exe
1284 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
1308 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
1376 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
1384 C:\Program Files\McAfee.com\Agent\mcagent.exe
1484 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
1560 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
340 C:\WINDOWS\system32\ctfmon.exe
972 C:\Program Files\America Online 9.0\aoltray.exe
1040 C:\Program Files\Apoint\ApntEx.exe
1404 C:\Program Files\Digital Line Detect\DLG.exe
1084 C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
2532 C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
2612 C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
2196 svchost.exe
2296 C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
2500 C:\Program Files\Java\jre6\bin\jqs.exe
412 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
2640 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
2740 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
2900 C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
3044 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
3060 C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
3148 C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
3180 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
3212 C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
3316 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
3480 C:\WINDOWS\system32\wuauclt.exe
3544 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
2824 wmiprvse.exe
1256 C:\WINDOWS\system32\svchost.exe
3876 wmiprvse.exe
3840 alg.exe
2432 C:\Documents and Settings\Jamie\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`03ec1000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGMP0603H, Rev: UD200-16

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 79BCE648F143823706869D592F56B05B3E4D6E83


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:34 PM

Posted 28 November 2010 - 04:38 PM

Okay, sometimes MBRCheck doesn't take.

Locate your XP disk. If you can't find it then follow the instructions to burn one below.

Please download the Recovery Console Bootable CD iso
Unzip the file and user your favourite burning application to burn the iso to a CD. Note, this is not the same as just burning the iso file on a CD.
  • Insert the CD-ROM into the CD-ROM drive, and then restart the computer.


    When you have the disk do the following:
  • If your PC is not booting from the CD, you need to change the boot order:
    • Restart your PC
    • As soon as you get an image, press the Setup key. This is usually F2, or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key.
    • Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change.
    • Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order
    • The tab should now show your current boot order.
      If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the help, so that you can find them easily.
    • Once the CD-drive is on top of the boot order, navigate to Exit and select Exit saving changes.
  • Your PC should now boot from your CD.
    Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.

  • When the "Welcome to Setup" screen appears, press R to start the Recovery Console.

  • When you are prompted, type the Administrator password. If the administrator password is blank, just press ENTER.

  • A command prompt will open
Once in Recovery Console, please type fixmbr and hit enter.

Type exit to exit and restart your PC.


Now please rerun MBRCheck and post the log :thumbup2:
Posted Image
m0le is a proud member of UNITE

#13 bricker185

bricker185
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 29 November 2010 - 07:49 PM

Hi m0le.
I think I made it through all the steps, as directed. The new MBRCheck log is below.

Thanks!


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 145):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF7B07000 \WINDOWS\system32\KDCOM.DLL
0xF7A17000 \WINDOWS\system32\BOOTVID.dll
0xF74D8000 ACPI.sys
0xF7B09000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF74C7000 pci.sys
0xF7607000 isapnp.sys
0xF7A1B000 compbatt.sys
0xF7A1F000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7BCF000 pciide.sys
0xF7887000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7B0B000 intelide.sys
0xF74A9000 pcmcia.sys
0xF7617000 MountMgr.sys
0xF748A000 ftdisk.sys
0xF7464000 dmio.sys
0xF788F000 PartMgr.sys
0xF7627000 VolSnap.sys
0xF744C000 atapi.sys
0xF7637000 disk.sys
0xF7647000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF742C000 fltmgr.sys
0xF741A000 sr.sys
0xF73BD000 mfehidk.sys
0xF73A8000 drvmcdb.sys
0xF7657000 PxHelp20.sys
0xF7391000 KSecDD.sys
0xF7304000 Ntfs.sys
0xF72D7000 NDIS.sys
0xF7667000 ohci1394.sys
0xF7677000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF72BD000 Mup.sys
0xF7767000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF6BA0000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7AEF000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF6A9F000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF6A8B000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7967000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6A67000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF796F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xF6A53000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF6743000 \SystemRoot\system32\DRIVERS\w29n51.sys
0xF66B6000 \SystemRoot\system32\drivers\STAC97.sys
0xF6692000 \SystemRoot\system32\drivers\portcls.sys
0xF76B7000 \SystemRoot\system32\drivers\drmk.sys
0xF666F000 \SystemRoot\system32\drivers\ks.sys
0xF663E000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xF653F000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF6497000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7977000 \SystemRoot\System32\Drivers\Modem.SYS
0xF76C7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF647D000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xF797F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7987000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7B41000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF76E7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6440000 \SystemRoot\system32\DRIVERS\iwca.sys
0xF7C4A000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF642C000 \SystemRoot\system32\DRIVERS\mfendisk.sys
0xF7707000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7B03000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6415000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7717000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7727000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF798F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6404000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7737000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF63E0000 \SystemRoot\system32\drivers\mfeavfk.sys
0xF636D000 \SystemRoot\system32\drivers\mfefirek.sys
0xF7997000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF799F000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF79A7000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0xF633D000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7747000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B45000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF62DF000 \SystemRoot\system32\DRIVERS\update.sys
0xF6CEE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF79AF000 \SystemRoot\system32\DRIVERS\omci.sys
0xF7757000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7787000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B4B000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7AD7000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7B4F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C23000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B51000 \SystemRoot\System32\Drivers\Beep.SYS
0xF79BF000 \SystemRoot\system32\drivers\ssrtln.sys
0xF79C7000 \SystemRoot\System32\drivers\vga.sys
0xF7B53000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B55000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF79CF000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF79D7000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7ADB000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA765000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA70C000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAA6F9000 \SystemRoot\system32\drivers\mfetdi2k.sys
0xAA6D3000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAA6AB000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7AEB000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xAA689000 \SystemRoot\System32\drivers\afd.sys
0xF7797000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAA65E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAA5EE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF77B7000 \SystemRoot\System32\Drivers\Fips.SYS
0xF63CC000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xF77C7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF77D7000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF7807000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAA50E000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B65000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF62D3000 \SystemRoot\System32\drivers\Dxapi.sys
0xF79DF000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C8C000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF041000 \SystemRoot\System32\ialmdev5.DLL
0xBF075000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF6BD0000 \SystemRoot\system32\drivers\drvnddm.sys
0xF7C3B000 \SystemRoot\system32\dla\tfsndres.sys
0xAA458000 \SystemRoot\system32\dla\tfsnifs.sys
0xAA506000 \SystemRoot\system32\dla\tfsnopio.sys
0xF7B69000 \SystemRoot\system32\dla\tfsnpool.sys
0xF79EF000 \SystemRoot\system32\dla\tfsnboio.sys
0xF6BC0000 \SystemRoot\system32\dla\tfsncofs.sys
0xF7C3C000 \SystemRoot\system32\dla\tfsndrct.sys
0xAA43F000 \SystemRoot\system32\dla\tfsnudf.sys
0xAA426000 \SystemRoot\system32\dla\tfsnudfa.sys
0xAA49E000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xAA49A000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xAA406000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAA051000 \SystemRoot\system32\drivers\wdmaud.sys
0xAA196000 \SystemRoot\system32\drivers\sysaudio.sys
0xA97D6000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7B27000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xA9616000 \SystemRoot\system32\DRIVERS\srv.sys
0xA9736000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA8FBE000 \SystemRoot\system32\drivers\cfwids.sys
0xA8CED000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 65):
0 System Idle Process
4 System
1432 C:\WINDOWS\system32\smss.exe
1592 csrss.exe
1616 C:\WINDOWS\system32\winlogon.exe
1660 C:\WINDOWS\system32\services.exe
1672 C:\WINDOWS\system32\lsass.exe
1836 C:\WINDOWS\system32\svchost.exe
1900 svchost.exe
1936 C:\WINDOWS\system32\svchost.exe
1972 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
2016 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
2040 C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
344 svchost.exe
392 svchost.exe
856 C:\WINDOWS\system32\spoolsv.exe
1128 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
1336 C:\WINDOWS\explorer.exe
1060 C:\Program Files\Apoint\Apoint.exe
1076 C:\WINDOWS\system32\hkcmd.exe
1084 C:\WINDOWS\system32\igfxpers.exe
1092 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1316 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
1324 C:\Program Files\Dell\Media Experience\PCMService.exe
1400 C:\Program Files\Dell\QuickSet\quickset.exe
1424 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
1444 C:\WINDOWS\system32\igfxsrvc.exe
1456 C:\WINDOWS\system32\dla\tfswctrl.exe
1500 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
1548 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
1560 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
1636 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
1980 C:\Program Files\McAfee.com\Agent\mcagent.exe
440 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
500 C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe
336 C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe
556 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
664 C:\WINDOWS\system32\ctfmon.exe
740 C:\Program Files\Apoint\ApntEx.exe
988 C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
1124 C:\Program Files\America Online 9.0\aoltray.exe
2132 C:\Program Files\Digital Line Detect\DLG.exe
2480 C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
2488 C:\Program Files\Dell Support Center\gs_agent\dsc.exe
2512 C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
2552 svchost.exe
3048 C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
3440 C:\Program Files\Java\jre6\bin\jqs.exe
3528 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
3664 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
2104 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
2172 C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
2996 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
3028 C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
3076 C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
3120 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
3304 C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
3592 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
3812 C:\WINDOWS\system32\wuauclt.exe
2372 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
2732 wmiprvse.exe
2648 wmiprvse.exe
420 C:\WINDOWS\system32\svchost.exe
3908 C:\Documents and Settings\Jamie\Desktop\MBRCheck.exe
3904 alg.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`03ec1000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGMP0603H, Rev: UD200-16

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:34 PM

Posted 29 November 2010 - 08:30 PM

Nice work :thumbup2:

How is the PC running now? Any redirections?
Posted Image
m0le is a proud member of UNITE

#15 bricker185

bricker185
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 29 November 2010 - 10:26 PM

Still getting redirects...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users