Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possibly infected with Alureon trojan


  • This topic is locked This topic is locked
20 replies to this topic

#1 PaedragGaidin

PaedragGaidin

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Little Rock, Arkansas
  • Local time:07:14 PM

Posted 12 November 2011 - 10:59 PM

Hello! :) A couple days ago I started getting x-rated popup windows whenever I was in Firefox. I ran MalwareBytes and Microsoft Security Essentials in Safe Mode, each of which found instances of Alurion (Alureon.E and Alureon.EF to be specific). I removed them, rebooted, and ran each scan again, plus Spybot Search and Destroy, and they found nothing...but I keep getting the popups. Also, over the last two days my Internet connection has slowed to a crawl. This may be due to my apartment building's sometimes crazy service, but the timing is the same with the popups.... DDS logs follow.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19048 BrowserJavaVersion: 1.6.0_23
Run by Patrick at 21:41:36 on 2011-11-12
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3034.1194 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe
C:\Program Files\DriveHQ\DriveHQ FileManager\DHQFMSvc.exe
C:\Windows\system32\hasplms.exe
c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
uRun: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [WinPatrol] "C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe" -expressboot
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.1.10.1
TCP: Interfaces\{C3EA8C15-6D33-444D-A5EB-65E45D5E8CEF} : DhcpNameServer = 10.1.10.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
mRun-x64: [WinPatrol] "C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe" -expressboot
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\2mtmaghv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Patrick\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Patrick\AppData\Roaming\Facebook\npfbplugin_1_0_0.dll
FF - plugin: C:\Users\Patrick\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: C:\Users\Patrick\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Patrick\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: LittleFox: {29852C08-1E91-4889-A6BF-C77F91D6A8F3} - %profile%\extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}
FF - Ext: Classic Compact Options: notreal.ccoptions@environmentalchemistry.com - %profile%\extensions\notreal.ccoptions@environmentalchemistry.com
FF - Ext: Upromise TurboSaver: FFToolbar@upromise - %profile%\extensions\FFToolbar@upromise
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Amazon Toolbar: amznUWL@amazon.com - %profile%\extensions\amznUWL@amazon.com
FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
FF - Ext: BlockSite: {dd3d7613-0246-469d-bc65-2a3cc1668adc} - %profile%\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
FF - Ext: <![CDATA[1-ClickWeather]]>: {DCBD1271-D228-4082-9FBC-36D9B7660B03} - %profile%\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
FF - Ext: Classic Compact: {D46E8522-6E86-44b1-A622-58C0668AD78E} - %profile%\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [?]
R2 aksdf;aksdf;C:\Windows\system32\DRIVERS\aksdf.sys --> C:\Windows\system32\DRIVERS\aksdf.sys [?]
R2 Apache2.2;Remote Access Media Server;C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe [2007-9-21 15872]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 dsl-db;Remote Access DB;C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe [2007-9-14 5730304]
R2 dsl-fs-sync;Remote Access File Sync Service;C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [2009-4-13 189680]
R2 FileManagerFun;FileManagerFun;C:\Program Files\DriveHQ\DriveHQ FileManager\DHQFMSvc.exe [2011-7-7 55808]
R2 hasplms;HASP License Manager;C:\Windows\system32\hasplms.exe -run --> C:\Windows\system32\hasplms.exe -run [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-8-25 1153368]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-7-15 636144]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc --> RUNDLL32.EXE ykx64coinst,serviceStartProc [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S3 busbcrw;USB Card Reader Writer driver;C:\Windows\system32\Drivers\bucrw64.sys --> C:\Windows\system32\Drivers\bucrw64.sys [?]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-4-24 93184]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-7-15 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-7-15 79360]
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\10E6.tmp --> C:\Windows\system32\10E6.tmp [?]
S3 PCD5SRVC{048DBD20-445E8C82-05040104};PCD5SRVC{048DBD20-445E8C82-05040104} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms [2008-11-4 28152]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2009-7-15 79360]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-11-13 02:10:11 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1D424462-8C2A-4AD3-AA86-55B0D5B2CD62}\offreg.dll
2011-11-13 02:09:54 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1D424462-8C2A-4AD3-AA86-55B0D5B2CD62}\mpengine.dll
2011-11-12 20:05:22 -------- d-----w- C:\Program Files (x86)\PDF to Kindle Converter
2011-11-09 20:54:00 -------- d-----w- C:\Pix
2011-10-27 05:17:54 -------- d-----w- C:\Users\Patrick\taxes
.
==================== Find3M ====================
.
2011-09-05 02:47:41 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-31 22:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-30 05:31:48 17327195 ----a-w- C:\Users\Patrick\PhotoScapeSetup_V3.5.exe
.
============= FINISH: 21:50:04.66 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 7/15/2009 00:27:24
System Uptime: 11/12/2011 20:00:55 (1 hours ago)
.
Motherboard: Dell Inc. | | 0G848F
Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz | Microprocessor | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 11.876 GiB free.
E: is FIXED (NTFS) - 15 GiB total, 2.684 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP746: 10/25/2011 20:02:38 - Windows Update
RP747: 10/26/2011 21:43:30 - Windows Update
RP748: 10/27/2011 23:29:39 - Windows Update
RP749: 10/29/2011 11:12:50 - Windows Update
RP750: 10/30/2011 17:22:43 - Windows Update
RP751: 10/31/2011 19:26:20 - Windows Update
RP752: 11/1/2011 08:45:30 - Windows Update
RP753: 11/2/2011 13:23:47 - Windows Update
RP754: 11/3/2011 19:17:08 - Windows Update
RP755: 11/4/2011 20:21:24 - Windows Update
RP756: 11/5/2011 01:59:23 - Windows Update
RP757: 11/6/2011 01:35:23 - Windows Update
RP758: 11/7/2011 09:03:51 - Windows Update
RP759: 11/8/2011 20:59:24 - Windows Update
RP760: 11/9/2011 22:43:48 - Windows Update
RP761: 11/10/2011 19:07:37 - Scheduled Checkpoint
RP762: 11/10/2011 22:49:59 - Windows Update
RP763: 11/11/2011 14:54:25 - Scheduled Checkpoint
RP764: 11/11/2011 23:29:00 - Windows Update
RP765: 11/12/2011 20:08:32 - Windows Update
.
==== Installed Programs ======================
.
.
4D Embroidery System 8.1
7-Zip 9.11 beta
AC3Filter (remove only)
Acrobat.com
Adobe AIR
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS
Adobe Photoshop CS3
Adobe Reader X (10.1.1)
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AIM 6
Amazon Kindle
Amazon MP3 Downloader 1.0.10
Amazon MP3 Uploader
Ask Toolbar
Audacity 1.2.6
Baldur's Gate
Baldur's Gate II
Best Authority
Best Authority Setup
bitRipper
BitTornado 0.3.17
BN eReader
CCleaner (remove only)
Choice Guard
Compatibility Pack for the 2007 Office system
CSE HTML Validator Lite v9.03
Dell-eBay
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Getting Started Guide
Dell Remote Access
Dell Support Center (Support Software)
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
DivX Setup
DivX Version Checker
DriveHQ FileManager 5.0
EMCO UnLock IT 3.0
EncVorbis 1.1
ESET Online Scanner v3
Facebook Plug-In
Fallout
Fallout 2
Farming Extreme Manager
FarmVille Tools V2.3.3
FarmVilleBot 2.1.17.4
FileZilla Client 3.3.4.1
Free DVD Ripper Version 2.25
Free M4a to MP3 Converter 6.2
GOG.com Downloader
Google Chrome
Google Talk Plugin
GoToAssist 8.0.0.514
GPL MPEG-1/2 DirectShow Decoder Filter
GTK+ Runtime 2.14.7 rev a (remove only)
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Husqvarna Viking 4D Bonus Designs
Indeo® Software
Jar2Exe Wizard
Java Auto Updater
Java™ 6 Update 23
Junk Mail filter update
LAME v3.98.2 for Audacity
ljArchive
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
mIRC
Mozilla Firefox (3.6.13)
MSVCRT
NOOK for PC
Paradox
PDF Settings
PDF to Kindle Converter 3.0.5
PE-DESIGN Ver7
PhotoScape
Pidgin
Planescape Torment
Planescape Torment Hack
PowerDVD DX
PrimoPDF -- by Nitro PDF Software
Quest for Glory II: Trial by Fire (2.0)
QuickTime Alternative 1.95
Real Alternative 1.9.0
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Skype Toolbars
Skype™ 5.1
Sophos Anti-Rootkit 1.5.4
Sound Blaster X-Fi MB
Spybot - Search & Destroy
SpywareBlaster 4.4
Switch Sound File Converter
The Darkest Day (remove and restore BG2)
The Weather Channel Desktop 6
TweakNow RegCleaner
Ultima 4 - Quest of the Avatar
Unlocker 1.9.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.4053
Vim 7.2 (self-installing)
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
VLC media player 1.0.1
Vuze
Vuze_Remote Toolbar
Whitesmoke Translator
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinPatrol 2009
WinRAR archiver
XChat 2 (remove only)
ZalmanFrisbee
Zork Anthology
.
==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:14 PM

Posted 17 November 2011 - 11:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/427642 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 PaedragGaidin

PaedragGaidin
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Little Rock, Arkansas
  • Local time:07:14 PM

Posted 17 November 2011 - 11:22 PM

Adding reply per HelpBot's instructions!

Yes, I am still having pop-up problems, and in addition I am now getting Google redirects in both IE and Firefox. IE is also continually launching on its own, and WinPatrol periodically warns me about new mysterious ActiveX controls. Have run twice-daily scans with MalwareBytes and Microsoft Security Essentials. MB finds nothing, but a couple of days ago MSE found (and allegedly removed) Alureon (again), Sirefef.B, and FakeSysdef. However, the popups and redirects are ongoing. My Internet connection is also still very slow.

I do not have an original Windows CD (computer did not ship with one). New DDS logs below. Thanks! :)

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19048 BrowserJavaVersion: 1.6.0_23
Run by Patrick at 22:11:59 on 2011-11-17
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3034.1017 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe
C:\Program Files\DriveHQ\DriveHQ FileManager\DHQFMSvc.exe
C:\Windows\system32\hasplms.exe
c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 0.0.0.0:80
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
uRun: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [WinPatrol] "C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe" -expressboot
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 166.102.165.11 166.102.165.13
TCP: Interfaces\{C3EA8C15-6D33-444D-A5EB-65E45D5E8CEF} : DhcpNameServer = 166.102.165.11 166.102.165.13
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
mRun-x64: [WinPatrol] "C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe" -expressboot
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\2mtmaghv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Patrick\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Patrick\AppData\Roaming\Facebook\npfbplugin_1_0_0.dll
FF - plugin: C:\Users\Patrick\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: LittleFox: {29852C08-1E91-4889-A6BF-C77F91D6A8F3} - %profile%\extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}
FF - Ext: Classic Compact Options: notreal.ccoptions@environmentalchemistry.com - %profile%\extensions\notreal.ccoptions@environmentalchemistry.com
FF - Ext: Upromise TurboSaver: FFToolbar@upromise - %profile%\extensions\FFToolbar@upromise
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Amazon Toolbar: amznUWL@amazon.com - %profile%\extensions\amznUWL@amazon.com
FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
FF - Ext: BlockSite: {dd3d7613-0246-469d-bc65-2a3cc1668adc} - %profile%\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
FF - Ext: <![CDATA[1-ClickWeather]]>: {DCBD1271-D228-4082-9FBC-36D9B7660B03} - %profile%\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
FF - Ext: Classic Compact: {D46E8522-6E86-44b1-A622-58C0668AD78E} - %profile%\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [?]
R2 aksdf;aksdf;C:\Windows\system32\DRIVERS\aksdf.sys --> C:\Windows\system32\DRIVERS\aksdf.sys [?]
R2 Apache2.2;Remote Access Media Server;C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe [2007-9-21 15872]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 dsl-db;Remote Access DB;C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe [2007-9-14 5730304]
R2 dsl-fs-sync;Remote Access File Sync Service;C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [2009-4-13 189680]
R2 FileManagerFun;FileManagerFun;C:\Program Files\DriveHQ\DriveHQ FileManager\DHQFMSvc.exe [2011-7-7 55808]
R2 hasplms;HASP License Manager;C:\Windows\system32\hasplms.exe -run --> C:\Windows\system32\hasplms.exe -run [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-8-25 1153368]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-7-15 636144]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc --> RUNDLL32.EXE ykx64coinst,serviceStartProc [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 PCD5SRVC{048DBD20-445E8C82-05040104};PCD5SRVC{048DBD20-445E8C82-05040104} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms [2008-11-4 28152]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S3 busbcrw;USB Card Reader Writer driver;C:\Windows\system32\Drivers\bucrw64.sys --> C:\Windows\system32\Drivers\bucrw64.sys [?]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-4-24 93184]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-7-15 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-7-15 79360]
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\10E6.tmp --> C:\Windows\system32\10E6.tmp [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2009-7-15 79360]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-11-16 22:07:01 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A82BF384-3D0F-48C5-926E-F070FACBC7FA}\offreg.dll
2011-11-16 22:06:56 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A82BF384-3D0F-48C5-926E-F070FACBC7FA}\mpengine.dll
2011-11-12 20:05:22 -------- d-----w- C:\Program Files (x86)\PDF to Kindle Converter
2011-11-09 20:54:00 -------- d-----w- C:\Pix
2011-10-27 05:17:54 -------- d-----w- C:\Users\Patrick\taxes
.
==================== Find3M ====================
.
2011-09-05 02:47:41 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-31 22:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-30 05:31:48 17327195 ----a-w- C:\Users\Patrick\PhotoScapeSetup_V3.5.exe
.
============= FINISH: 22:20:26.46 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 7/15/2009 00:27:24
System Uptime: 11/16/2011 14:09:05 (32 hours ago)
.
Motherboard: Dell Inc. | | 0G848F
Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz | Microprocessor | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 12.237 GiB free.
E: is FIXED (NTFS) - 15 GiB total, 2.684 GiB free.
F: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
.
4D Embroidery System 8.1
7-Zip 9.11 beta
AC3Filter (remove only)
Acrobat.com
Adobe AIR
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS
Adobe Photoshop CS3
Adobe Reader X (10.1.1)
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AIM 6
Amazon Kindle
Amazon MP3 Downloader 1.0.10
Amazon MP3 Uploader
Ask Toolbar
Audacity 1.2.6
Baldur's Gate
Baldur's Gate II
Best Authority
Best Authority Setup
BN eReader
CCleaner (remove only)
Choice Guard
Compatibility Pack for the 2007 Office system
CSE HTML Validator Lite v9.03
Dell-eBay
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Getting Started Guide
Dell Remote Access
Dell Support Center (Support Software)
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
DivX Setup
DivX Version Checker
DriveHQ FileManager 5.0
EMCO UnLock IT 3.0
EncVorbis 1.1
ESET Online Scanner v3
Facebook Plug-In
Fallout
Fallout 2
Farming Extreme Manager
FarmVille Tools V2.3.3
FarmVilleBot 2.1.17.4
FileZilla Client 3.3.4.1
Free DVD Ripper Version 2.25
GOG.com Downloader
Google Chrome
GoToAssist 8.0.0.514
GPL MPEG-1/2 DirectShow Decoder Filter
GTK+ Runtime 2.14.7 rev a (remove only)
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Husqvarna Viking 4D Bonus Designs
Indeo® Software
Jar2Exe Wizard
Java Auto Updater
Java™ 6 Update 23
Junk Mail filter update
LAME v3.98.2 for Audacity
ljArchive
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
mIRC
Mozilla Firefox (3.6.13)
MSVCRT
NOOK for PC
Paradox
PDF Settings
PDF to Kindle Converter 3.0.5
PE-DESIGN Ver7
PhotoScape
Pidgin
Planescape Torment
Planescape Torment Hack
PowerDVD DX
PrimoPDF -- by Nitro PDF Software
Quest for Glory II: Trial by Fire (2.0)
QuickTime Alternative 1.95
Real Alternative 1.9.0
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Skype™ 5.1
Sophos Anti-Rootkit 1.5.4
Sound Blaster X-Fi MB
Spybot - Search & Destroy
SpywareBlaster 4.4
Switch Sound File Converter
The Darkest Day (remove and restore BG2)
The Weather Channel Desktop 6
TweakNow RegCleaner
Ultima 4 - Quest of the Avatar
Unlocker 1.9.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.4053
Vim 7.2 (self-installing)
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
VLC media player 1.0.1
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinPatrol 2009
WinRAR archiver
XChat 2 (remove only)
Zork Anthology
.
==== End Of File ===========================

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:14 PM

Posted 19 November 2011 - 11:30 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Before I suggest any remedial tool please run these tools and post the logs for my review.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.


#5 PaedragGaidin

PaedragGaidin
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Little Rock, Arkansas
  • Local time:07:14 PM

Posted 19 November 2011 - 04:54 PM

Hi! Thank you! here are the logs. :)

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-19 14:20:34
-----------------------------
14:20:34.038 OS Version: Windows x64 6.0.6001 Service Pack 1
14:20:34.038 Number of processors: 2 586 0x170A
14:20:34.038 ComputerName: AVIENDHA UserName: Patrick
14:20:35.961 Initialize success
14:20:45.829 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:20:45.833 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
14:20:45.838 Disk 0 MBR read error 0
14:20:45.843 Disk 0 MBR scan
14:20:45.847 Disk 0 unknown MBR code
14:20:45.852 MBR BIOS signature not found 0
14:20:45.858 Service scanning
14:20:47.170 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
14:20:47.401 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
14:20:48.057 Modules scanning
14:20:48.064 Disk 0 trace - called modules:
14:20:48.115 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80038af334]<<
14:20:48.121 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003653740]
14:20:48.129 3 CLASSPNP.SYS[fffffa60007b7b3a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80033ea050]
14:20:48.137 \Driver\iaStor[0xfffffa8003372e70] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa80038af334
14:20:48.146 Scan finished successfully
14:25:21.651 Disk 0 MBR has been saved successfully to "C:\Users\Patrick\Desktop\MBR.dat"
14:25:21.662 The log file has been saved successfully to "C:\Users\Patrick\Desktop\aswMBR.txt"




14:27:27.0497 14020 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
14:27:27.0913 14020 ============================================================
14:27:27.0914 14020 Current date / time: 2011/11/19 14:27:27.0913
14:27:27.0914 14020 SystemInfo:
14:27:27.0914 14020
14:27:27.0914 14020 OS Version: 6.0.6001 ServicePack: 1.0
14:27:27.0914 14020 Product type: Workstation
14:27:27.0914 14020 ComputerName: AVIENDHA
14:27:27.0914 14020 UserName: Patrick
14:27:27.0914 14020 Windows directory: C:\Windows
14:27:27.0914 14020 System windows directory: C:\Windows
14:27:27.0914 14020 Running under WOW64
14:27:27.0914 14020 Processor architecture: Intel x64
14:27:27.0914 14020 Number of processors: 2
14:27:27.0914 14020 Page size: 0x1000
14:27:27.0914 14020 Boot type: Normal boot
14:27:27.0914 14020 ============================================================
14:27:28.0525 14020 Initialize success
14:28:41.0251 14296 ============================================================
14:28:41.0251 14296 Scan started
14:28:41.0251 14296 Mode: Manual;
14:28:41.0251 14296 ============================================================
14:28:42.0742 14296 ACPI (af3a1aa81f875169dd9e55b1320057d6) C:\Windows\system32\drivers\acpi.sys
14:28:42.0749 14296 ACPI - ok
14:28:42.0984 14296 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
14:28:42.0994 14296 adp94xx - ok
14:28:43.0290 14296 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
14:28:43.0298 14296 adpahci - ok
14:28:43.0877 14296 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
14:28:43.0881 14296 adpu160m - ok
14:28:44.0129 14296 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
14:28:44.0133 14296 adpu320 - ok
14:28:44.0663 14296 AFD (db37041ab857abc7e179e856d8e1582c) C:\Windows\system32\drivers\afd.sys
14:28:44.0672 14296 AFD - ok
14:28:44.0919 14296 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
14:28:44.0921 14296 agp440 - ok
14:28:45.0182 14296 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
14:28:45.0185 14296 aic78xx - ok
14:28:45.0362 14296 aksdf (e0020ccea89ffbc52777b7f97e97bbf2) C:\Windows\system32\DRIVERS\aksdf.sys
14:28:45.0364 14296 aksdf - ok
14:28:45.0938 14296 aksfridge (be9d606d055ece803a7c2be2b1bd374c) C:\Windows\system32\DRIVERS\aksfridge.sys
14:28:45.0941 14296 aksfridge - ok
14:28:46.0131 14296 akshasp (803bba4d450f0e3fe3a4e54b6527f307) C:\Windows\system32\DRIVERS\akshasp.sys
14:28:46.0133 14296 akshasp - ok
14:28:46.0691 14296 akshhl (619b5e4f6a0c9e6b33993ec8f032d642) C:\Windows\system32\DRIVERS\akshhl.sys
14:28:46.0693 14296 akshhl - ok
14:28:46.0791 14296 aksusb (cd10307b77cd13f6c77d9c593a2ee3c5) C:\Windows\system32\DRIVERS\aksusb.sys
14:28:46.0793 14296 aksusb - ok
14:28:47.0091 14296 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
14:28:47.0094 14296 aliide - ok
14:28:47.0918 14296 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
14:28:47.0921 14296 amdide - ok
14:28:48.0151 14296 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
14:28:48.0153 14296 AmdK8 - ok
14:28:48.0729 14296 ApfiltrService (1412e9a88fe1f7e35ce6058a2ef03664) C:\Windows\system32\DRIVERS\Apfiltr.sys
14:28:48.0734 14296 ApfiltrService - ok
14:28:49.0017 14296 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
14:28:49.0020 14296 arc - ok
14:28:49.0773 14296 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
14:28:49.0775 14296 arcsas - ok
14:28:49.0894 14296 ASPI - ok
14:28:51.0040 14296 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
14:28:51.0042 14296 AsyncMac - ok
14:28:51.0424 14296 atapi (f988bb0690cd660318037908e9b8dbf7) C:\Windows\system32\drivers\atapi.sys
14:28:51.0426 14296 atapi - ok
14:28:51.0673 14296 Beep - ok
14:28:52.0361 14296 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
14:28:52.0363 14296 blbdrive - ok
14:28:52.0823 14296 bowser (f0f035fcec3554cc1b70c5611bd87951) C:\Windows\system32\DRIVERS\bowser.sys
14:28:52.0826 14296 bowser - ok
14:28:53.0132 14296 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
14:28:53.0134 14296 BrFiltLo - ok
14:28:53.0463 14296 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
14:28:53.0465 14296 BrFiltUp - ok
14:28:53.0758 14296 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
14:28:53.0797 14296 Brserid - ok
14:28:54.0131 14296 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
14:28:54.0133 14296 BrSerWdm - ok
14:28:54.0565 14296 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
14:28:54.0566 14296 BrUsbMdm - ok
14:28:55.0132 14296 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
14:28:55.0133 14296 BrUsbSer - ok
14:28:55.0410 14296 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
14:28:55.0411 14296 BTHMODEM - ok
14:28:55.0541 14296 busbcrw (849fd07960bc259f9c04ae9087258ba0) C:\Windows\system32\Drivers\bucrw64.sys
14:28:55.0543 14296 busbcrw - ok
14:28:55.0547 14296 catchme - ok
14:28:55.0998 14296 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
14:28:56.0001 14296 cdfs - ok
14:28:56.0224 14296 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
14:28:56.0227 14296 cdrom - ok
14:28:56.0666 14296 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
14:28:56.0668 14296 circlass - ok
14:28:56.0843 14296 CLFS (c12c4ee07843b595036da0baa6317936) C:\Windows\system32\CLFS.sys
14:28:56.0850 14296 CLFS - ok
14:28:57.0021 14296 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
14:28:57.0022 14296 CmBatt - ok
14:28:57.0216 14296 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
14:28:57.0217 14296 cmdide - ok
14:28:57.0439 14296 Compbatt (34a6aa82aa36c87fc8816f2097efa345) C:\Windows\system32\DRIVERS\compbatt.sys
14:28:57.0440 14296 Compbatt - ok
14:28:57.0710 14296 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
14:28:57.0712 14296 crcdisk - ok
14:28:58.0100 14296 DfsC (bd4acc56e477ad7419cbe90fceeb621b) C:\Windows\system32\Drivers\dfsc.sys
14:28:58.0103 14296 DfsC - ok
14:28:58.0302 14296 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
14:28:58.0304 14296 disk - ok
14:28:58.0612 14296 drmkaud (97dc2a789c1be458976507846a1a8ced) C:\Windows\system32\drivers\drmkaud.sys
14:28:58.0613 14296 drmkaud - ok
14:28:58.0795 14296 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
14:28:58.0869 14296 DXGKrnl - ok
14:28:59.0002 14296 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
14:28:59.0008 14296 e1express - ok
14:28:59.0206 14296 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
14:28:59.0210 14296 E1G60 - ok
14:28:59.0975 14296 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
14:28:59.0979 14296 Ecache - ok
14:29:00.0193 14296 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
14:29:00.0201 14296 elxstor - ok
14:29:00.0412 14296 ErrDev (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys
14:29:00.0414 14296 ErrDev - ok
14:29:00.0601 14296 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
14:29:00.0608 14296 exfat - ok
14:29:00.0736 14296 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
14:29:00.0741 14296 fastfat - ok
14:29:00.0911 14296 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
14:29:00.0913 14296 fdc - ok
14:29:01.0043 14296 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
14:29:01.0071 14296 FileInfo - ok
14:29:01.0236 14296 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
14:29:01.0238 14296 Filetrace - ok
14:29:01.0860 14296 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:29:01.0863 14296 flpydisk - ok
14:29:02.0036 14296 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
14:29:02.0042 14296 FltMgr - ok
14:29:02.0256 14296 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
14:29:02.0258 14296 Fs_Rec - ok
14:29:02.0384 14296 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
14:29:02.0386 14296 gagp30kx - ok
14:29:02.0574 14296 Hardlock (c8f8745e431a8a59830b969abdef7882) C:\Windows\system32\drivers\hardlock.sys
14:29:02.0580 14296 Hardlock - ok
14:29:02.0958 14296 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:29:02.0960 14296 HDAudBus - ok
14:29:03.0433 14296 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
14:29:03.0434 14296 HidBth - ok
14:29:03.0660 14296 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
14:29:03.0663 14296 HidIr - ok
14:29:03.0935 14296 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
14:29:03.0936 14296 HidUsb - ok
14:29:04.0115 14296 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
14:29:04.0117 14296 HpCISSs - ok
14:29:04.0290 14296 HTTP (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys
14:29:04.0335 14296 HTTP - ok
14:29:04.0652 14296 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
14:29:04.0654 14296 i2omp - ok
14:29:05.0027 14296 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
14:29:05.0030 14296 i8042prt - ok
14:29:05.0450 14296 iaStor (07fb761600eff44af02c35b8b57e5863) C:\Windows\system32\drivers\iastor.sys
14:29:05.0454 14296 iaStor - ok
14:29:05.0792 14296 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
14:29:05.0798 14296 iaStorV - ok
14:29:06.0275 14296 igfx (f7ab8285bbecfaa5ed4050ccb89e073d) C:\Windows\system32\DRIVERS\igdkmd64.sys
14:29:06.0528 14296 igfx - ok
14:29:06.0737 14296 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
14:29:06.0739 14296 iirsp - ok
14:29:06.0870 14296 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
14:29:06.0872 14296 intelide - ok
14:29:06.0931 14296 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
14:29:06.0934 14296 intelppm - ok
14:29:07.0058 14296 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:29:07.0060 14296 IpFilterDriver - ok
14:29:07.0149 14296 IpInIp - ok
14:29:07.0191 14296 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
14:29:07.0194 14296 IPMIDRV - ok
14:29:07.0345 14296 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
14:29:07.0368 14296 IPNAT - ok
14:29:07.0591 14296 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
14:29:07.0593 14296 IRENUM - ok
14:29:07.0719 14296 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
14:29:07.0721 14296 isapnp - ok
14:29:07.0793 14296 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
14:29:07.0799 14296 iScsiPrt - ok
14:29:07.0918 14296 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
14:29:07.0919 14296 iteatapi - ok
14:29:08.0013 14296 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
14:29:08.0015 14296 iteraid - ok
14:29:08.0063 14296 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
14:29:08.0065 14296 kbdclass - ok
14:29:08.0136 14296 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
14:29:08.0137 14296 kbdhid - ok
14:29:08.0207 14296 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys
14:29:08.0228 14296 KSecDD - ok
14:29:08.0337 14296 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
14:29:08.0339 14296 ksthunk - ok
14:29:08.0510 14296 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
14:29:08.0513 14296 lltdio - ok
14:29:08.0694 14296 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
14:29:08.0698 14296 LSI_FC - ok
14:29:08.0765 14296 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
14:29:08.0768 14296 LSI_SAS - ok
14:29:08.0888 14296 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
14:29:08.0891 14296 LSI_SCSI - ok
14:29:08.0965 14296 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
14:29:08.0968 14296 luafv - ok
14:29:09.0063 14296 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
14:29:09.0064 14296 megasas - ok
14:29:09.0184 14296 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
14:29:09.0194 14296 MegaSR - ok
14:29:09.0294 14296 MEMSWEEP2 (d70476ad02d6fd75282b196d3b58831d) C:\Windows\system32\10E6.tmp
14:29:09.0296 14296 MEMSWEEP2 - ok
14:29:09.0393 14296 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
14:29:09.0396 14296 Modem - ok
14:29:09.0463 14296 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
14:29:09.0464 14296 monitor - ok
14:29:09.0546 14296 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
14:29:09.0548 14296 mouclass - ok
14:29:09.0719 14296 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
14:29:09.0721 14296 mouhid - ok
14:29:09.0803 14296 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
14:29:09.0806 14296 MountMgr - ok
14:29:09.0956 14296 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys
14:29:09.0961 14296 MpFilter - ok
14:29:10.0092 14296 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
14:29:10.0095 14296 mpio - ok
14:29:10.0247 14296 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys
14:29:10.0249 14296 MpNWMon - ok
14:29:10.0301 14296 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
14:29:10.0304 14296 mpsdrv - ok
14:29:11.0048 14296 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
14:29:11.0050 14296 Mraid35x - ok
14:29:11.0200 14296 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
14:29:11.0205 14296 MRxDAV - ok
14:29:11.0402 14296 mrxsmb (d2fc7c6c263a759c3f0ccf5c26831b50) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:29:11.0406 14296 mrxsmb - ok
14:29:11.0553 14296 mrxsmb10 (b48b14105724e7f3925d89cbaa8fc7a5) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:29:11.0560 14296 mrxsmb10 - ok
14:29:11.0787 14296 mrxsmb20 (effa581e7c5afba1163aafbfa09db475) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:29:11.0790 14296 mrxsmb20 - ok
14:29:11.0999 14296 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
14:29:12.0001 14296 msahci - ok
14:29:12.0157 14296 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
14:29:12.0160 14296 msdsm - ok
14:29:12.0368 14296 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
14:29:12.0370 14296 Msfs - ok
14:29:12.0962 14296 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
14:29:12.0964 14296 msisadrv - ok
14:29:13.0128 14296 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
14:29:13.0130 14296 MSKSSRV - ok
14:29:13.0347 14296 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
14:29:13.0349 14296 MSPCLOCK - ok
14:29:13.0515 14296 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
14:29:13.0516 14296 MSPQM - ok
14:29:13.0816 14296 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
14:29:13.0823 14296 MsRPC - ok
14:29:14.0070 14296 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
14:29:14.0072 14296 mssmbios - ok
14:29:14.0305 14296 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
14:29:14.0306 14296 MSTEE - ok
14:29:14.0438 14296 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
14:29:14.0440 14296 Mup - ok
14:29:14.0646 14296 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
14:29:14.0651 14296 NativeWifiP - ok
14:29:14.0997 14296 NDIS (f9a3ae5c9f047d71a36a99f9abca7d02) C:\Windows\system32\drivers\ndis.sys
14:29:15.0019 14296 NDIS - ok
14:29:15.0172 14296 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
14:29:15.0173 14296 NdisTapi - ok
14:29:15.0340 14296 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
14:29:15.0342 14296 Ndisuio - ok
14:29:15.0586 14296 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
14:29:15.0590 14296 NdisWan - ok
14:29:15.0826 14296 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
14:29:15.0828 14296 NDProxy - ok
14:29:15.0965 14296 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
14:29:15.0967 14296 NetBIOS - ok
14:29:16.0098 14296 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
14:29:16.0104 14296 netbt - ok
14:29:16.0355 14296 NETw5v64 (f17eda58c8c5b1a4f873b322729168ff) C:\Windows\system32\DRIVERS\NETw5v64.sys
14:29:16.0465 14296 NETw5v64 - ok
14:29:16.0871 14296 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
14:29:16.0873 14296 nfrd960 - ok
14:29:17.0052 14296 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:29:17.0055 14296 NisDrv - ok
14:29:17.0226 14296 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
14:29:17.0228 14296 Npfs - ok
14:29:17.0509 14296 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
14:29:17.0511 14296 nsiproxy - ok
14:29:17.0735 14296 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
14:29:17.0791 14296 Ntfs - ok
14:29:17.0914 14296 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
14:29:17.0917 14296 Null - ok
14:29:18.0131 14296 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
14:29:18.0136 14296 nvraid - ok
14:29:18.0576 14296 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
14:29:18.0577 14296 nvstor - ok
14:29:18.0817 14296 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
14:29:18.0820 14296 nv_agp - ok
14:29:18.0936 14296 NwlnkFlt - ok
14:29:18.0951 14296 NwlnkFwd - ok
14:29:19.0107 14296 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
14:29:19.0113 14296 ohci1394 - ok
14:29:19.0245 14296 Packet (43e24699a18126f11e3d9bf6db85518b) C:\Windows\system32\DRIVERS\packet.sys
14:29:19.0247 14296 Packet - ok
14:29:19.0397 14296 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
14:29:19.0400 14296 Parport - ok
14:29:19.0507 14296 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
14:29:19.0510 14296 partmgr - ok
14:29:19.0632 14296 PCD5SRVC{048DBD20-445E8C82-05040104} (58c1cd52347c4835dc3606cd4723f426) C:\PROGRA~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms
14:29:19.0770 14296 PCD5SRVC{048DBD20-445E8C82-05040104} - ok
14:29:19.0876 14296 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
14:29:19.0880 14296 pci - ok
14:29:20.0131 14296 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
14:29:20.0133 14296 pciide - ok
14:29:20.0380 14296 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
14:29:20.0385 14296 pcmcia - ok
14:29:20.0597 14296 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
14:29:20.0642 14296 PEAUTH - ok
14:29:21.0046 14296 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
14:29:21.0049 14296 PptpMiniport - ok
14:29:21.0176 14296 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
14:29:21.0178 14296 Processor - ok
14:29:21.0333 14296 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
14:29:21.0336 14296 PSched - ok
14:29:21.0792 14296 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
14:29:21.0794 14296 PxHlpa64 - ok
14:29:22.0152 14296 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
14:29:22.0192 14296 ql2300 - ok
14:29:22.0696 14296 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
14:29:22.0700 14296 ql40xx - ok
14:29:22.0915 14296 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
14:29:22.0917 14296 QWAVEdrv - ok
14:29:23.0156 14296 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
14:29:23.0248 14296 R300 - ok
14:29:23.0360 14296 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
14:29:23.0362 14296 RasAcd - ok
14:29:23.0584 14296 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:29:23.0588 14296 Rasl2tp - ok
14:29:23.0700 14296 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
14:29:23.0704 14296 RasPppoe - ok
14:29:23.0871 14296 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
14:29:23.0874 14296 RasSstp - ok
14:29:23.0993 14296 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
14:29:24.0036 14296 rdbss - ok
14:29:24.0153 14296 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:29:24.0154 14296 RDPCDD - ok
14:29:24.0526 14296 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
14:29:24.0533 14296 rdpdr - ok
14:29:25.0076 14296 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
14:29:25.0077 14296 RDPENCDD - ok
14:29:25.0223 14296 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
14:29:25.0228 14296 RDPWD - ok
14:29:25.0415 14296 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
14:29:25.0418 14296 rspndr - ok
14:29:26.0142 14296 RTSTOR (39e74e264338934dbf11f8db79a3e116) C:\Windows\system32\drivers\RTSTOR64.SYS
14:29:26.0144 14296 RTSTOR - ok
14:29:26.0417 14296 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
14:29:26.0420 14296 sbp2port - ok
14:29:26.0613 14296 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:29:26.0614 14296 secdrv - ok
14:29:27.0164 14296 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
14:29:27.0167 14296 Serenum - ok
14:29:27.0263 14296 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
14:29:27.0266 14296 Serial - ok
14:29:27.0714 14296 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
14:29:27.0716 14296 sermouse - ok
14:29:27.0832 14296 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
14:29:27.0834 14296 sffdisk - ok
14:29:28.0224 14296 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
14:29:28.0226 14296 sffp_mmc - ok
14:29:28.0585 14296 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
14:29:28.0587 14296 sffp_sd - ok
14:29:28.0715 14296 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
14:29:28.0717 14296 sfloppy - ok
14:29:28.0898 14296 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
14:29:28.0900 14296 SiSRaid2 - ok
14:29:29.0111 14296 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
14:29:29.0114 14296 SiSRaid4 - ok
14:29:29.0257 14296 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
14:29:29.0260 14296 Smb - ok
14:29:29.0406 14296 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
14:29:29.0408 14296 spldr - ok
14:29:29.0698 14296 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
14:29:29.0698 14296 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
14:29:29.0701 14296 sptd ( LockedFile.Multi.Generic ) - warning
14:29:29.0701 14296 sptd - detected LockedFile.Multi.Generic (1)
14:29:29.0925 14296 srv (a8abd7d0d907b45cf3831f4dd8644349) C:\Windows\system32\DRIVERS\srv.sys
14:29:29.0934 14296 srv - ok
14:29:30.0123 14296 srv2 (72e529d52f87341918b90635d3a01517) C:\Windows\system32\DRIVERS\srv2.sys
14:29:30.0127 14296 srv2 - ok
14:29:30.0263 14296 srvnet (1ee5fd978582764f0f280cf44efe3e9a) C:\Windows\system32\DRIVERS\srvnet.sys
14:29:30.0268 14296 srvnet - ok
14:29:30.0465 14296 STHDA (ba16447226abfd342e130d2f24f73d32) C:\Windows\system32\DRIVERS\stwrt64.sys
14:29:30.0476 14296 STHDA - ok
14:29:30.0592 14296 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
14:29:30.0594 14296 swenum - ok
14:29:30.0683 14296 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
14:29:30.0686 14296 Symc8xx - ok
14:29:30.0780 14296 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
14:29:30.0782 14296 Sym_hi - ok
14:29:30.0879 14296 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
14:29:30.0881 14296 Sym_u3 - ok
14:29:31.0067 14296 Tcpip (d43d5336be9dd93e02ee124297295713) C:\Windows\system32\drivers\tcpip.sys
14:29:31.0100 14296 Tcpip - ok
14:29:31.0233 14296 Tcpip6 (d43d5336be9dd93e02ee124297295713) C:\Windows\system32\DRIVERS\tcpip.sys
14:29:31.0242 14296 Tcpip6 - ok
14:29:31.0318 14296 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
14:29:31.0320 14296 tcpipreg - ok
14:29:31.0365 14296 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
14:29:31.0367 14296 TDPIPE - ok
14:29:31.0431 14296 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
14:29:31.0433 14296 TDTCP - ok
14:29:31.0496 14296 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
14:29:31.0498 14296 tdx - ok
14:29:31.0542 14296 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
14:29:31.0544 14296 TermDD - ok
14:29:31.0641 14296 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:29:31.0642 14296 tssecsrv - ok
14:29:31.0714 14296 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
14:29:31.0716 14296 tunmp - ok
14:29:31.0767 14296 tunnel (2dc2c423572946e9a3131425bda73cb6) C:\Windows\system32\DRIVERS\tunnel.sys
14:29:31.0768 14296 tunnel - ok
14:29:31.0827 14296 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
14:29:31.0830 14296 uagp35 - ok
14:29:31.0870 14296 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys
14:29:31.0876 14296 udfs - ok
14:29:31.0985 14296 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
14:29:31.0987 14296 uliagpkx - ok
14:29:32.0045 14296 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
14:29:32.0050 14296 uliahci - ok
14:29:32.0108 14296 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
14:29:32.0112 14296 UlSata - ok
14:29:32.0262 14296 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
14:29:32.0267 14296 ulsata2 - ok
14:29:32.0371 14296 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
14:29:32.0373 14296 umbus - ok
14:29:32.0506 14296 usbccgp (ae3dea342f01249317b2bb3df0424238) C:\Windows\system32\DRIVERS\usbccgp.sys
14:29:32.0509 14296 usbccgp - ok
14:29:32.0568 14296 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
14:29:32.0570 14296 usbcir - ok
14:29:32.0632 14296 usbehci (b89f9fe9fc1e7c9cb03acb8819eb511d) C:\Windows\system32\DRIVERS\usbehci.sys
14:29:32.0635 14296 usbehci - ok
14:29:32.0712 14296 usbhub (f2c1d8eff9c7cf84ff0235408acd3f4b) C:\Windows\system32\DRIVERS\usbhub.sys
14:29:32.0720 14296 usbhub - ok
14:29:32.0776 14296 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
14:29:32.0778 14296 usbohci - ok
14:29:32.0838 14296 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
14:29:32.0839 14296 usbprint - ok
14:29:33.0061 14296 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:29:33.0064 14296 USBSTOR - ok
14:29:33.0167 14296 usbuhci (225e107785315874ba5c1abc7dda7bfc) C:\Windows\system32\DRIVERS\usbuhci.sys
14:29:33.0169 14296 usbuhci - ok
14:29:33.0237 14296 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
14:29:33.0241 14296 usbvideo - ok
14:29:33.0293 14296 Uxsidekrsd - ok
14:29:33.0356 14296 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
14:29:33.0358 14296 vga - ok
14:29:33.0389 14296 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
14:29:33.0391 14296 VgaSave - ok
14:29:33.0429 14296 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
14:29:33.0431 14296 viaide - ok
14:29:33.0724 14296 vmm (091e009ef749c9d65cf9adfad316d251) C:\Windows\system32\Drivers\vmm.sys
14:29:33.0730 14296 vmm - ok
14:29:34.0011 14296 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
14:29:34.0014 14296 volmgr - ok
14:29:34.0146 14296 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
14:29:34.0166 14296 volmgrx - ok
14:29:34.0233 14296 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
14:29:34.0240 14296 volsnap - ok
14:29:34.0302 14296 VPCNetS2 (bc2ea40b98b5e866d9a4f98afb66b682) C:\Windows\system32\DRIVERS\VMNetSrv.sys
14:29:34.0303 14296 VPCNetS2 - ok
14:29:34.0352 14296 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
14:29:34.0356 14296 vsmraid - ok
14:29:34.0458 14296 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
14:29:34.0460 14296 WacomPen - ok
14:29:34.0501 14296 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
14:29:34.0504 14296 Wanarp - ok
14:29:34.0519 14296 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
14:29:34.0520 14296 Wanarpv6 - ok
14:29:34.0612 14296 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
14:29:34.0614 14296 Wd - ok
14:29:34.0677 14296 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
14:29:34.0718 14296 Wdf01000 - ok
14:29:34.0846 14296 WmiAcpi (7999dfb1c555efc0db69576f70027867) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:29:34.0848 14296 WmiAcpi - ok
14:29:35.0107 14296 WPRO_40_1340 - ok
14:29:35.0209 14296 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
14:29:35.0211 14296 ws2ifsl - ok
14:29:35.0278 14296 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:29:35.0281 14296 WUDFRd - ok
14:29:35.0450 14296 yukonx64 (b681cadb266b151061e7baa82b0d77b7) C:\Windows\system32\DRIVERS\yk60x64.sys
14:29:35.0458 14296 yukonx64 - ok
14:29:35.0961 14296 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
14:29:36.0006 14296 \Device\Harddisk0\DR0 - ok
14:29:36.0044 14296 Boot (0x1200) (369490361fd77503299eb2caecb2e6ed) \Device\Harddisk0\DR0\Partition0
14:29:36.0045 14296 \Device\Harddisk0\DR0\Partition0 - ok
14:29:36.0052 14296 Boot (0x1200) (40bb0420a4aab2904e919c66049fee8e) \Device\Harddisk0\DR0\Partition1
14:29:36.0053 14296 \Device\Harddisk0\DR0\Partition1 - ok
14:29:36.0055 14296 ============================================================
14:29:36.0055 14296 Scan finished
14:29:36.0055 14296 ============================================================
14:29:36.0078 12224 Detected object count: 1
14:29:36.0078 12224 Actual detected object count: 1
15:49:50.0746 12224 sptd ( LockedFile.Multi.Generic ) - skipped by user
15:49:50.0746 12224 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

Attached Files

  • Attached File  MBR.zip   120bytes   0 downloads


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:14 PM

Posted 20 November 2011 - 09:35 AM

Disable the CD emulators....

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed. Or when this computer is clean.

HOW TO: Enable the CD Emulators... < to be enable later.

To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.
===

Please run the awsMBR and the Tdsskiller again.
Post the logs.

#7 PaedragGaidin

PaedragGaidin
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Little Rock, Arkansas
  • Local time:07:14 PM

Posted 20 November 2011 - 10:28 AM

Oh man, I am sorry about that. Running now....

#8 PaedragGaidin

PaedragGaidin
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Little Rock, Arkansas
  • Local time:07:14 PM

Posted 20 November 2011 - 10:36 AM

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-20 09:32:50
-----------------------------
09:32:50.924 OS Version: Windows x64 6.0.6001 Service Pack 1
09:32:50.924 Number of processors: 2 586 0x170A
09:32:50.924 ComputerName: AVIENDHA UserName: Patrick
09:32:52.047 Initialize success
09:33:01.180 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:33:01.180 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
09:33:01.195 Disk 0 MBR read successfully
09:33:01.195 Disk 0 MBR scan
09:33:01.195 Disk 0 Windows VISTA default MBR code
09:33:01.211 Service scanning
09:33:02.662 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
09:33:03.629 Modules scanning
09:33:03.629 Disk 0 trace - called modules:
09:33:03.645 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa800372b334]<<
09:33:03.660 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80034b3400]
09:33:03.660 3 CLASSPNP.SYS[fffffa6000d37b3a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8003348050]
09:33:03.676 \Driver\iaStor[0xfffffa80032f3e70] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa800372b334
09:33:03.676 Scan finished successfully
09:33:15.657 Disk 0 MBR has been saved successfully to "C:\Users\Patrick\Desktop\MBR.dat"
09:33:15.672 The log file has been saved successfully to "C:\Users\Patrick\Desktop\aswMBR.txt"




09:34:07.0569 4660 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
09:34:09.0519 4660 ============================================================
09:34:09.0519 4660 Current date / time: 2011/11/20 09:34:09.0519
09:34:09.0519 4660 SystemInfo:
09:34:09.0519 4660
09:34:09.0519 4660 OS Version: 6.0.6001 ServicePack: 1.0
09:34:09.0519 4660 Product type: Workstation
09:34:09.0519 4660 ComputerName: AVIENDHA
09:34:09.0519 4660 UserName: Patrick
09:34:09.0519 4660 Windows directory: C:\Windows
09:34:09.0519 4660 System windows directory: C:\Windows
09:34:09.0519 4660 Running under WOW64
09:34:09.0519 4660 Processor architecture: Intel x64
09:34:09.0519 4660 Number of processors: 2
09:34:09.0519 4660 Page size: 0x1000
09:34:09.0519 4660 Boot type: Normal boot
09:34:09.0519 4660 ============================================================
09:34:10.0065 4660 Initialize success
09:34:16.0741 5012 ============================================================
09:34:16.0741 5012 Scan started
09:34:16.0741 5012 Mode: Manual;
09:34:16.0741 5012 ============================================================
09:34:17.0147 5012 ACPI (af3a1aa81f875169dd9e55b1320057d6) C:\Windows\system32\drivers\acpi.sys
09:34:17.0147 5012 ACPI - ok
09:34:17.0272 5012 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
09:34:17.0272 5012 adp94xx - ok
09:34:17.0334 5012 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
09:34:17.0381 5012 adpahci - ok
09:34:17.0397 5012 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
09:34:17.0397 5012 adpu160m - ok
09:34:17.0428 5012 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
09:34:17.0428 5012 adpu320 - ok
09:34:17.0490 5012 AFD (db37041ab857abc7e179e856d8e1582c) C:\Windows\system32\drivers\afd.sys
09:34:17.0506 5012 AFD - ok
09:34:17.0537 5012 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
09:34:17.0537 5012 agp440 - ok
09:34:17.0568 5012 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
09:34:17.0568 5012 aic78xx - ok
09:34:17.0615 5012 aksdf (e0020ccea89ffbc52777b7f97e97bbf2) C:\Windows\system32\DRIVERS\aksdf.sys
09:34:17.0615 5012 aksdf - ok
09:34:17.0662 5012 aksfridge (be9d606d055ece803a7c2be2b1bd374c) C:\Windows\system32\DRIVERS\aksfridge.sys
09:34:17.0677 5012 aksfridge - ok
09:34:17.0724 5012 akshasp (803bba4d450f0e3fe3a4e54b6527f307) C:\Windows\system32\DRIVERS\akshasp.sys
09:34:17.0724 5012 akshasp - ok
09:34:17.0740 5012 akshhl (619b5e4f6a0c9e6b33993ec8f032d642) C:\Windows\system32\DRIVERS\akshhl.sys
09:34:17.0740 5012 akshhl - ok
09:34:17.0771 5012 aksusb (cd10307b77cd13f6c77d9c593a2ee3c5) C:\Windows\system32\DRIVERS\aksusb.sys
09:34:17.0771 5012 aksusb - ok
09:34:17.0802 5012 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
09:34:17.0802 5012 aliide - ok
09:34:17.0833 5012 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
09:34:17.0833 5012 amdide - ok
09:34:17.0880 5012 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
09:34:17.0880 5012 AmdK8 - ok
09:34:17.0958 5012 ApfiltrService (1412e9a88fe1f7e35ce6058a2ef03664) C:\Windows\system32\DRIVERS\Apfiltr.sys
09:34:17.0958 5012 ApfiltrService - ok
09:34:18.0036 5012 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
09:34:18.0036 5012 arc - ok
09:34:18.0067 5012 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
09:34:18.0067 5012 arcsas - ok
09:34:18.0114 5012 ASPI - ok
09:34:18.0145 5012 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
09:34:18.0145 5012 AsyncMac - ok
09:34:18.0177 5012 atapi (f988bb0690cd660318037908e9b8dbf7) C:\Windows\system32\drivers\atapi.sys
09:34:18.0177 5012 atapi - ok
09:34:18.0223 5012 Beep - ok
09:34:18.0255 5012 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
09:34:18.0255 5012 blbdrive - ok
09:34:18.0317 5012 bowser (f0f035fcec3554cc1b70c5611bd87951) C:\Windows\system32\DRIVERS\bowser.sys
09:34:18.0317 5012 bowser - ok
09:34:18.0348 5012 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
09:34:18.0348 5012 BrFiltLo - ok
09:34:18.0364 5012 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
09:34:18.0364 5012 BrFiltUp - ok
09:34:18.0411 5012 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
09:34:18.0411 5012 Brserid - ok
09:34:18.0426 5012 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
09:34:18.0442 5012 BrSerWdm - ok
09:34:18.0457 5012 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
09:34:18.0457 5012 BrUsbMdm - ok
09:34:18.0473 5012 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
09:34:18.0473 5012 BrUsbSer - ok
09:34:18.0504 5012 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
09:34:18.0504 5012 BTHMODEM - ok
09:34:18.0567 5012 busbcrw (849fd07960bc259f9c04ae9087258ba0) C:\Windows\system32\Drivers\bucrw64.sys
09:34:18.0567 5012 busbcrw - ok
09:34:18.0567 5012 catchme - ok
09:34:18.0582 5012 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
09:34:18.0598 5012 cdfs - ok
09:34:18.0629 5012 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
09:34:18.0629 5012 cdrom - ok
09:34:18.0660 5012 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
09:34:18.0660 5012 circlass - ok
09:34:18.0707 5012 CLFS (c12c4ee07843b595036da0baa6317936) C:\Windows\system32\CLFS.sys
09:34:18.0707 5012 CLFS - ok
09:34:18.0785 5012 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
09:34:18.0785 5012 CmBatt - ok
09:34:18.0816 5012 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
09:34:18.0816 5012 cmdide - ok
09:34:18.0847 5012 Compbatt (34a6aa82aa36c87fc8816f2097efa345) C:\Windows\system32\DRIVERS\compbatt.sys
09:34:18.0847 5012 Compbatt - ok
09:34:18.0863 5012 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
09:34:18.0863 5012 crcdisk - ok
09:34:18.0941 5012 DfsC (bd4acc56e477ad7419cbe90fceeb621b) C:\Windows\system32\Drivers\dfsc.sys
09:34:18.0941 5012 DfsC - ok
09:34:18.0988 5012 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
09:34:18.0988 5012 disk - ok
09:34:19.0066 5012 drmkaud (97dc2a789c1be458976507846a1a8ced) C:\Windows\system32\drivers\drmkaud.sys
09:34:19.0066 5012 drmkaud - ok
09:34:19.0159 5012 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
09:34:19.0206 5012 DXGKrnl - ok
09:34:19.0253 5012 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
09:34:19.0269 5012 e1express - ok
09:34:19.0315 5012 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
09:34:19.0331 5012 E1G60 - ok
09:34:19.0362 5012 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
09:34:19.0362 5012 Ecache - ok
09:34:19.0440 5012 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
09:34:19.0440 5012 elxstor - ok
09:34:19.0471 5012 ErrDev (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys
09:34:19.0471 5012 ErrDev - ok
09:34:19.0534 5012 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
09:34:19.0534 5012 exfat - ok
09:34:19.0581 5012 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
09:34:19.0581 5012 fastfat - ok
09:34:19.0612 5012 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
09:34:19.0612 5012 fdc - ok
09:34:19.0643 5012 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
09:34:19.0643 5012 FileInfo - ok
09:34:19.0705 5012 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
09:34:19.0705 5012 Filetrace - ok
09:34:19.0721 5012 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
09:34:19.0737 5012 flpydisk - ok
09:34:19.0783 5012 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
09:34:19.0783 5012 FltMgr - ok
09:34:19.0815 5012 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
09:34:19.0815 5012 Fs_Rec - ok
09:34:19.0830 5012 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
09:34:19.0830 5012 gagp30kx - ok
09:34:19.0924 5012 Hardlock (c8f8745e431a8a59830b969abdef7882) C:\Windows\system32\drivers\hardlock.sys
09:34:19.0939 5012 Hardlock - ok
09:34:19.0971 5012 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:34:19.0971 5012 HDAudBus - ok
09:34:19.0986 5012 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
09:34:20.0002 5012 HidBth - ok
09:34:20.0017 5012 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
09:34:20.0017 5012 HidIr - ok
09:34:20.0064 5012 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
09:34:20.0064 5012 HidUsb - ok
09:34:20.0158 5012 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
09:34:20.0158 5012 HpCISSs - ok
09:34:20.0205 5012 HTTP (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys
09:34:20.0220 5012 HTTP - ok
09:34:20.0251 5012 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
09:34:20.0251 5012 i2omp - ok
09:34:20.0283 5012 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
09:34:20.0283 5012 i8042prt - ok
09:34:20.0376 5012 iaStor (07fb761600eff44af02c35b8b57e5863) C:\Windows\system32\drivers\iastor.sys
09:34:20.0376 5012 iaStor - ok
09:34:20.0454 5012 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
09:34:20.0454 5012 iaStorV - ok
09:34:20.0829 5012 igfx (f7ab8285bbecfaa5ed4050ccb89e073d) C:\Windows\system32\DRIVERS\igdkmd64.sys
09:34:21.0109 5012 igfx - ok
09:34:21.0141 5012 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
09:34:21.0156 5012 iirsp - ok
09:34:21.0203 5012 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
09:34:21.0203 5012 intelide - ok
09:34:21.0234 5012 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
09:34:21.0234 5012 intelppm - ok
09:34:21.0281 5012 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:34:21.0281 5012 IpFilterDriver - ok
09:34:21.0297 5012 IpInIp - ok
09:34:21.0328 5012 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
09:34:21.0343 5012 IPMIDRV - ok
09:34:21.0375 5012 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
09:34:21.0375 5012 IPNAT - ok
09:34:21.0421 5012 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
09:34:21.0421 5012 IRENUM - ok
09:34:21.0453 5012 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
09:34:21.0453 5012 isapnp - ok
09:34:21.0484 5012 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
09:34:21.0499 5012 iScsiPrt - ok
09:34:21.0546 5012 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
09:34:21.0546 5012 iteatapi - ok
09:34:21.0577 5012 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
09:34:21.0577 5012 iteraid - ok
09:34:21.0609 5012 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
09:34:21.0609 5012 kbdclass - ok
09:34:21.0640 5012 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
09:34:21.0640 5012 kbdhid - ok
09:34:21.0687 5012 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys
09:34:21.0687 5012 KSecDD - ok
09:34:21.0718 5012 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
09:34:21.0733 5012 ksthunk - ok
09:34:21.0765 5012 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
09:34:21.0765 5012 lltdio - ok
09:34:21.0796 5012 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
09:34:21.0811 5012 LSI_FC - ok
09:34:21.0827 5012 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
09:34:21.0827 5012 LSI_SAS - ok
09:34:21.0858 5012 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
09:34:21.0874 5012 LSI_SCSI - ok
09:34:21.0889 5012 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
09:34:21.0905 5012 luafv - ok
09:34:21.0936 5012 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
09:34:21.0936 5012 megasas - ok
09:34:21.0967 5012 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
09:34:21.0983 5012 MegaSR - ok
09:34:22.0030 5012 MEMSWEEP2 (d70476ad02d6fd75282b196d3b58831d) C:\Windows\system32\10E6.tmp
09:34:22.0045 5012 MEMSWEEP2 - ok
09:34:22.0077 5012 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
09:34:22.0077 5012 Modem - ok
09:34:22.0092 5012 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
09:34:22.0092 5012 monitor - ok
09:34:22.0108 5012 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
09:34:22.0108 5012 mouclass - ok
09:34:22.0139 5012 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
09:34:22.0139 5012 mouhid - ok
09:34:22.0170 5012 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
09:34:22.0170 5012 MountMgr - ok
09:34:22.0233 5012 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys
09:34:22.0233 5012 MpFilter - ok
09:34:22.0279 5012 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
09:34:22.0279 5012 mpio - ok
09:34:22.0311 5012 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys
09:34:22.0311 5012 MpNWMon - ok
09:34:22.0326 5012 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
09:34:22.0342 5012 mpsdrv - ok
09:34:22.0373 5012 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
09:34:22.0373 5012 Mraid35x - ok
09:34:22.0404 5012 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
09:34:22.0420 5012 MRxDAV - ok
09:34:22.0451 5012 mrxsmb (d2fc7c6c263a759c3f0ccf5c26831b50) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:34:22.0451 5012 mrxsmb - ok
09:34:22.0482 5012 mrxsmb10 (b48b14105724e7f3925d89cbaa8fc7a5) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:34:22.0482 5012 mrxsmb10 - ok
09:34:22.0529 5012 mrxsmb20 (effa581e7c5afba1163aafbfa09db475) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:34:22.0529 5012 mrxsmb20 - ok
09:34:22.0560 5012 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
09:34:22.0560 5012 msahci - ok
09:34:22.0591 5012 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
09:34:22.0591 5012 msdsm - ok
09:34:22.0638 5012 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
09:34:22.0638 5012 Msfs - ok
09:34:22.0669 5012 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
09:34:22.0669 5012 msisadrv - ok
09:34:22.0716 5012 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
09:34:22.0716 5012 MSKSSRV - ok
09:34:22.0779 5012 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
09:34:22.0779 5012 MSPCLOCK - ok
09:34:22.0794 5012 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
09:34:22.0810 5012 MSPQM - ok
09:34:22.0841 5012 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
09:34:22.0841 5012 MsRPC - ok
09:34:22.0872 5012 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
09:34:22.0872 5012 mssmbios - ok
09:34:22.0888 5012 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
09:34:22.0888 5012 MSTEE - ok
09:34:22.0903 5012 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
09:34:22.0903 5012 Mup - ok
09:34:22.0950 5012 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
09:34:22.0966 5012 NativeWifiP - ok
09:34:23.0013 5012 NDIS (f9a3ae5c9f047d71a36a99f9abca7d02) C:\Windows\system32\drivers\ndis.sys
09:34:23.0028 5012 NDIS - ok
09:34:23.0075 5012 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
09:34:23.0075 5012 NdisTapi - ok
09:34:23.0091 5012 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
09:34:23.0106 5012 Ndisuio - ok
09:34:23.0122 5012 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
09:34:23.0137 5012 NdisWan - ok
09:34:23.0137 5012 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
09:34:23.0137 5012 NDProxy - ok
09:34:23.0169 5012 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
09:34:23.0169 5012 NetBIOS - ok
09:34:23.0200 5012 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
09:34:23.0215 5012 netbt - ok
09:34:23.0387 5012 NETw5v64 (f17eda58c8c5b1a4f873b322729168ff) C:\Windows\system32\DRIVERS\NETw5v64.sys
09:34:23.0512 5012 NETw5v64 - ok
09:34:23.0527 5012 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
09:34:23.0543 5012 nfrd960 - ok
09:34:23.0621 5012 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:34:23.0621 5012 NisDrv - ok
09:34:23.0637 5012 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
09:34:23.0652 5012 Npfs - ok
09:34:23.0683 5012 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
09:34:23.0683 5012 nsiproxy - ok
09:34:23.0761 5012 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
09:34:23.0793 5012 Ntfs - ok
09:34:23.0808 5012 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
09:34:23.0808 5012 Null - ok
09:34:23.0855 5012 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
09:34:23.0855 5012 nvraid - ok
09:34:23.0886 5012 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
09:34:23.0886 5012 nvstor - ok
09:34:23.0917 5012 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
09:34:23.0917 5012 nv_agp - ok
09:34:23.0933 5012 NwlnkFlt - ok
09:34:23.0933 5012 NwlnkFwd - ok
09:34:23.0995 5012 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
09:34:23.0995 5012 ohci1394 - ok
09:34:24.0058 5012 Packet (43e24699a18126f11e3d9bf6db85518b) C:\Windows\system32\DRIVERS\packet.sys
09:34:24.0058 5012 Packet - ok
09:34:24.0073 5012 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
09:34:24.0089 5012 Parport - ok
09:34:24.0120 5012 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
09:34:24.0120 5012 partmgr - ok
09:34:24.0245 5012 PCD5SRVC{048DBD20-445E8C82-05040104} (58c1cd52347c4835dc3606cd4723f426) C:\PROGRA~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms
09:34:24.0276 5012 PCD5SRVC{048DBD20-445E8C82-05040104} - ok
09:34:24.0370 5012 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
09:34:24.0370 5012 pci - ok
09:34:24.0448 5012 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
09:34:24.0448 5012 pciide - ok
09:34:24.0479 5012 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
09:34:24.0479 5012 pcmcia - ok
09:34:24.0526 5012 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
09:34:24.0541 5012 PEAUTH - ok
09:34:24.0604 5012 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
09:34:24.0604 5012 PptpMiniport - ok
09:34:24.0635 5012 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
09:34:24.0635 5012 Processor - ok
09:34:24.0697 5012 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
09:34:24.0697 5012 PSched - ok
09:34:24.0744 5012 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
09:34:24.0744 5012 PxHlpa64 - ok
09:34:24.0807 5012 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
09:34:24.0838 5012 ql2300 - ok
09:34:24.0885 5012 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
09:34:24.0885 5012 ql40xx - ok
09:34:24.0916 5012 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
09:34:24.0916 5012 QWAVEdrv - ok
09:34:25.0025 5012 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
09:34:25.0087 5012 R300 - ok
09:34:25.0103 5012 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
09:34:25.0103 5012 RasAcd - ok
09:34:25.0134 5012 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:34:25.0150 5012 Rasl2tp - ok
09:34:25.0150 5012 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
09:34:25.0150 5012 RasPppoe - ok
09:34:25.0181 5012 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
09:34:25.0181 5012 RasSstp - ok
09:34:25.0212 5012 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
09:34:25.0212 5012 rdbss - ok
09:34:25.0228 5012 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:34:25.0228 5012 RDPCDD - ok
09:34:25.0275 5012 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
09:34:25.0275 5012 rdpdr - ok
09:34:25.0290 5012 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
09:34:25.0290 5012 RDPENCDD - ok
09:34:25.0337 5012 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
09:34:25.0337 5012 RDPWD - ok
09:34:25.0384 5012 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
09:34:25.0384 5012 rspndr - ok
09:34:25.0415 5012 RTSTOR (39e74e264338934dbf11f8db79a3e116) C:\Windows\system32\drivers\RTSTOR64.SYS
09:34:25.0431 5012 RTSTOR - ok
09:34:25.0446 5012 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
09:34:25.0462 5012 sbp2port - ok
09:34:25.0509 5012 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:34:25.0509 5012 secdrv - ok
09:34:25.0555 5012 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
09:34:25.0555 5012 Serenum - ok
09:34:25.0602 5012 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
09:34:25.0618 5012 Serial - ok
09:34:25.0633 5012 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
09:34:25.0633 5012 sermouse - ok
09:34:25.0680 5012 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
09:34:25.0680 5012 sffdisk - ok
09:34:25.0711 5012 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
09:34:25.0711 5012 sffp_mmc - ok
09:34:25.0727 5012 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
09:34:25.0727 5012 sffp_sd - ok
09:34:25.0758 5012 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
09:34:25.0758 5012 sfloppy - ok
09:34:25.0805 5012 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
09:34:25.0805 5012 SiSRaid2 - ok
09:34:25.0821 5012 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
09:34:25.0821 5012 SiSRaid4 - ok
09:34:25.0867 5012 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
09:34:25.0867 5012 Smb - ok
09:34:25.0930 5012 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
09:34:25.0930 5012 spldr - ok
09:34:26.0023 5012 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
09:34:26.0070 5012 sptd - ok
09:34:26.0133 5012 srv (a8abd7d0d907b45cf3831f4dd8644349) C:\Windows\system32\DRIVERS\srv.sys
09:34:26.0133 5012 srv - ok
09:34:26.0179 5012 srv2 (72e529d52f87341918b90635d3a01517) C:\Windows\system32\DRIVERS\srv2.sys
09:34:26.0179 5012 srv2 - ok
09:34:26.0211 5012 srvnet (1ee5fd978582764f0f280cf44efe3e9a) C:\Windows\system32\DRIVERS\srvnet.sys
09:34:26.0211 5012 srvnet - ok
09:34:26.0273 5012 STHDA (ba16447226abfd342e130d2f24f73d32) C:\Windows\system32\DRIVERS\stwrt64.sys
09:34:26.0289 5012 STHDA - ok
09:34:26.0335 5012 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
09:34:26.0335 5012 swenum - ok
09:34:26.0367 5012 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
09:34:26.0382 5012 Symc8xx - ok
09:34:26.0398 5012 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
09:34:26.0413 5012 Sym_hi - ok
09:34:26.0429 5012 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
09:34:26.0445 5012 Sym_u3 - ok
09:34:26.0523 5012 Tcpip (d43d5336be9dd93e02ee124297295713) C:\Windows\system32\drivers\tcpip.sys
09:34:26.0538 5012 Tcpip - ok
09:34:26.0616 5012 Tcpip6 (d43d5336be9dd93e02ee124297295713) C:\Windows\system32\DRIVERS\tcpip.sys
09:34:26.0632 5012 Tcpip6 - ok
09:34:26.0694 5012 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
09:34:26.0694 5012 tcpipreg - ok
09:34:26.0741 5012 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
09:34:26.0741 5012 TDPIPE - ok
09:34:26.0772 5012 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
09:34:26.0772 5012 TDTCP - ok
09:34:26.0803 5012 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
09:34:26.0803 5012 tdx - ok
09:34:26.0819 5012 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
09:34:26.0819 5012 TermDD - ok
09:34:26.0881 5012 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:34:26.0881 5012 tssecsrv - ok
09:34:26.0928 5012 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
09:34:26.0928 5012 tunmp - ok
09:34:26.0975 5012 tunnel (2dc2c423572946e9a3131425bda73cb6) C:\Windows\system32\DRIVERS\tunnel.sys
09:34:26.0975 5012 tunnel - ok
09:34:27.0006 5012 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
09:34:27.0006 5012 uagp35 - ok
09:34:27.0037 5012 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys
09:34:27.0037 5012 udfs - ok
09:34:27.0084 5012 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
09:34:27.0084 5012 uliagpkx - ok
09:34:27.0115 5012 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
09:34:27.0115 5012 uliahci - ok
09:34:27.0131 5012 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
09:34:27.0131 5012 UlSata - ok
09:34:27.0147 5012 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
09:34:27.0162 5012 ulsata2 - ok
09:34:27.0178 5012 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
09:34:27.0178 5012 umbus - ok
09:34:27.0240 5012 usbccgp (ae3dea342f01249317b2bb3df0424238) C:\Windows\system32\DRIVERS\usbccgp.sys
09:34:27.0240 5012 usbccgp - ok
09:34:27.0303 5012 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
09:34:27.0303 5012 usbcir - ok
09:34:27.0349 5012 usbehci (b89f9fe9fc1e7c9cb03acb8819eb511d) C:\Windows\system32\DRIVERS\usbehci.sys
09:34:27.0349 5012 usbehci - ok
09:34:27.0365 5012 usbhub (f2c1d8eff9c7cf84ff0235408acd3f4b) C:\Windows\system32\DRIVERS\usbhub.sys
09:34:27.0381 5012 usbhub - ok
09:34:27.0396 5012 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
09:34:27.0396 5012 usbohci - ok
09:34:27.0443 5012 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
09:34:27.0443 5012 usbprint - ok
09:34:27.0490 5012 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:34:27.0490 5012 USBSTOR - ok
09:34:27.0552 5012 usbuhci (225e107785315874ba5c1abc7dda7bfc) C:\Windows\system32\DRIVERS\usbuhci.sys
09:34:27.0552 5012 usbuhci - ok
09:34:27.0630 5012 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
09:34:27.0630 5012 usbvideo - ok
09:34:27.0677 5012 Uxsidekrsd - ok
09:34:27.0739 5012 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
09:34:27.0739 5012 vga - ok
09:34:27.0786 5012 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
09:34:27.0786 5012 VgaSave - ok
09:34:27.0802 5012 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
09:34:27.0817 5012 viaide - ok
09:34:27.0880 5012 vmm (091e009ef749c9d65cf9adfad316d251) C:\Windows\system32\Drivers\vmm.sys
09:34:27.0880 5012 vmm - ok
09:34:27.0911 5012 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
09:34:27.0911 5012 volmgr - ok
09:34:27.0942 5012 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
09:34:27.0958 5012 volmgrx - ok
09:34:27.0973 5012 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
09:34:27.0973 5012 volsnap - ok
09:34:28.0020 5012 VPCNetS2 (bc2ea40b98b5e866d9a4f98afb66b682) C:\Windows\system32\DRIVERS\VMNetSrv.sys
09:34:28.0020 5012 VPCNetS2 - ok
09:34:28.0067 5012 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
09:34:28.0067 5012 vsmraid - ok
09:34:28.0114 5012 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
09:34:28.0114 5012 WacomPen - ok
09:34:28.0161 5012 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
09:34:28.0161 5012 Wanarp - ok
09:34:28.0176 5012 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
09:34:28.0176 5012 Wanarpv6 - ok
09:34:28.0223 5012 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
09:34:28.0223 5012 Wd - ok
09:34:28.0285 5012 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
09:34:28.0301 5012 Wdf01000 - ok
09:34:28.0441 5012 WmiAcpi (7999dfb1c555efc0db69576f70027867) C:\Windows\system32\DRIVERS\wmiacpi.sys
09:34:28.0441 5012 WmiAcpi - ok
09:34:28.0504 5012 WPRO_40_1340 - ok
09:34:28.0535 5012 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
09:34:28.0535 5012 ws2ifsl - ok
09:34:28.0582 5012 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:34:28.0582 5012 WUDFRd - ok
09:34:28.0660 5012 yukonx64 (b681cadb266b151061e7baa82b0d77b7) C:\Windows\system32\DRIVERS\yk60x64.sys
09:34:28.0675 5012 yukonx64 - ok
09:34:28.0722 5012 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
09:34:28.0738 5012 \Device\Harddisk0\DR0 - ok
09:34:28.0753 5012 Boot (0x1200) (369490361fd77503299eb2caecb2e6ed) \Device\Harddisk0\DR0\Partition0
09:34:28.0753 5012 \Device\Harddisk0\DR0\Partition0 - ok
09:34:28.0769 5012 Boot (0x1200) (40bb0420a4aab2904e919c66049fee8e) \Device\Harddisk0\DR0\Partition1
09:34:28.0769 5012 \Device\Harddisk0\DR0\Partition1 - ok
09:34:28.0769 5012 ============================================================
09:34:28.0769 5012 Scan finished
09:34:28.0769 5012 ============================================================
09:34:28.0785 2184 Detected object count: 0
09:34:28.0785 2184 Actual detected object count: 0

Attached Files

  • Attached File  MBR.zip   574bytes   0 downloads


#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:14 PM

Posted 20 November 2011 - 11:12 AM

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

#10 PaedragGaidin

PaedragGaidin
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Little Rock, Arkansas
  • Local time:07:14 PM

Posted 20 November 2011 - 04:27 PM

ComboFix 11-11-20.01 - Patrick 11/20/2011 14:06:23.4.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3034.1771 [GMT -6:00]
Running from: c:\users\Patrick\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install_flash_player_ax.exe
c:\users\Patrick\19406753309593649.jpg
c:\users\Patrick\2855.jpg
c:\users\Patrick\2997.jpg
c:\users\Patrick\4217.jpg
c:\users\Patrick\4246.jpg
c:\users\Patrick\48.png
c:\users\Patrick\4842.gif
c:\users\Patrick\4846.jpg
c:\users\Patrick\48gf.png
c:\users\Patrick\6-3.doc
c:\users\Patrick\6a010535647bf3970b0112790d78ef28a4-800wi.jpg
c:\users\Patrick\8065.jpg
c:\users\Patrick\857.gif
c:\users\Patrick\a6d1319428a836376d280f1ad03f0357.jpg
c:\users\Patrick\c17dcfd88ad84d82c8a88a1690ddae92.jpg
c:\users\Patrick\d0fd9274379916b8946e80297f58edbb.jpg
c:\users\Patrick\widescreen-v3.05.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_COMSysApp
.
.
((((((((((((((((((((((((( Files Created from 2011-10-20 to 2011-11-20 )))))))))))))))))))))))))))))))
.
.
2011-11-20 20:50 . 2011-11-20 20:50 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D7CD52AE-0B56-4184-839E-5CFE1D5040B4}\offreg.dll
2011-11-20 20:47 . 2011-11-20 20:56 -------- d-----w- c:\users\Patrick\AppData\Local\temp
2011-11-20 20:47 . 2011-11-20 20:47 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp
2011-11-20 20:47 . 2011-11-20 20:47 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-11-20 20:47 . 2011-11-20 20:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-20 20:47 . 2011-11-20 20:47 -------- d-----w- c:\users\AppData\AppData\Local\temp
2011-11-20 01:23 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D7CD52AE-0B56-4184-839E-5CFE1D5040B4}\mpengine.dll
2011-11-19 02:42 . 2011-11-19 02:42 -------- d-----w- c:\users\Patrick\.swt
2011-11-12 20:05 . 2011-11-12 20:05 -------- d-----w- c:\program files (x86)\PDF to Kindle Converter
2011-11-09 20:54 . 2011-11-09 20:55 -------- d-----w- C:\Pix
2011-10-27 05:17 . 2011-10-27 05:25 -------- d-----w- c:\users\Patrick\taxes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-12 01:16 . 2011-10-12 01:17 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA7D76AD-EEEC-41CC-927E-C0484C0A8D05}\gapaengine.dll
2011-10-07 04:16 . 2010-11-28 01:53 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-05 02:47 . 2011-06-25 18:30 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-31 22:00 . 2010-12-14 00:36 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-30 05:31 . 2011-08-30 05:31 17327195 ----a-w- c:\users\Patrick\PhotoScapeSetup_V3.5.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-01-09_23.23.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-24 03:43 . 1999-12-17 14:13 86016 c:\windows\unvise32.exe
- 2010-12-16 21:41 . 2010-11-02 05:58 66560 c:\windows\SysWOW64\mshtmled.dll
+ 2011-04-21 02:54 . 2011-02-22 06:17 66560 c:\windows\SysWOW64\mshtmled.dll
- 2010-12-16 21:41 . 2010-11-02 04:25 13312 c:\windows\SysWOW64\msfeedssync.exe
+ 2011-04-21 02:54 . 2011-02-22 04:43 13312 c:\windows\SysWOW64\msfeedssync.exe
+ 2011-04-21 02:54 . 2011-02-22 06:17 55296 c:\windows\SysWOW64\msfeedsbs.dll
- 2010-12-16 21:41 . 2010-11-02 05:58 55296 c:\windows\SysWOW64\msfeedsbs.dll
+ 2011-04-21 02:54 . 2011-02-22 06:21 64512 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2010-12-16 21:41 . 2010-11-02 06:01 64512 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2010-03-12 02:45 . 2010-03-12 02:45 11152 c:\windows\SysWOW64\mfcuia32.dll
+ 2011-04-21 02:54 . 2011-02-22 06:17 43520 c:\windows\SysWOW64\licmgr10.dll
- 2010-12-16 21:41 . 2010-11-02 05:57 43520 c:\windows\SysWOW64\licmgr10.dll
+ 2011-04-21 02:54 . 2011-02-22 06:16 25600 c:\windows\SysWOW64\jsproxy.dll
- 2010-12-16 21:41 . 2010-11-02 05:57 25600 c:\windows\SysWOW64\jsproxy.dll
- 2010-12-16 21:41 . 2010-11-02 05:57 71680 c:\windows\SysWOW64\iesetup.dll
+ 2011-04-21 02:54 . 2011-02-22 06:16 71680 c:\windows\SysWOW64\iesetup.dll
- 2010-12-16 21:41 . 2010-11-02 05:57 55808 c:\windows\SysWOW64\iernonce.dll
+ 2011-04-21 02:54 . 2011-02-22 06:16 55808 c:\windows\SysWOW64\iernonce.dll
+ 2010-11-12 00:44 . 2010-11-12 00:44 94208 c:\windows\SysWOW64\dpl100.dll
- 2008-01-21 02:49 . 2008-01-21 02:49 25088 c:\windows\SysWOW64\dnscacheugc.exe
+ 2011-04-21 02:52 . 2009-05-04 10:11 25088 c:\windows\SysWOW64\dnscacheugc.exe
+ 2008-01-21 03:20 . 2011-11-20 20:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2011-01-09 17:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-17 19:21 . 2011-11-20 20:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-01-01 20:17 . 2011-01-09 17:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2011-01-09 17:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:20 . 2011-11-20 20:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-16 21:41 . 2010-10-28 15:02 34304 c:\windows\SysWOW64\atmlib.dll
+ 2011-04-21 02:53 . 2011-02-16 15:29 34304 c:\windows\SysWOW64\atmlib.dll
+ 2008-01-21 02:23 . 2011-11-14 04:54 65470 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-08-06 17:23 . 2011-11-20 20:53 23754 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-904478146-2865234613-2160127318-1000_UserData.bin
+ 2011-04-21 02:54 . 2011-02-22 06:47 96768 c:\windows\system32\mshtmled.dll
- 2010-12-16 21:41 . 2010-11-02 06:24 96768 c:\windows\system32\mshtmled.dll
- 2010-12-16 21:41 . 2010-11-02 04:44 12288 c:\windows\system32\msfeedssync.exe
+ 2011-04-21 02:54 . 2011-02-22 05:14 12288 c:\windows\system32\msfeedssync.exe
- 2010-12-16 21:41 . 2010-11-02 06:24 71680 c:\windows\system32\msfeedsbs.dll
+ 2011-04-21 02:54 . 2011-02-22 06:47 71680 c:\windows\system32\msfeedsbs.dll
+ 2011-04-21 02:54 . 2011-02-22 06:50 93184 c:\windows\system32\migration\WininetPlugin.dll
- 2010-12-16 21:41 . 2010-11-02 06:27 93184 c:\windows\system32\migration\WininetPlugin.dll
- 2010-12-16 21:41 . 2010-11-02 06:24 56832 c:\windows\system32\licmgr10.dll
+ 2011-04-21 02:54 . 2011-02-22 06:46 56832 c:\windows\system32\licmgr10.dll
+ 2011-04-21 02:52 . 2011-02-27 15:53 20880 c:\windows\system32\kdusb.dll
+ 2011-04-21 02:52 . 2011-02-27 15:53 18320 c:\windows\system32\kdcom.dll
+ 2011-04-21 02:52 . 2011-02-27 15:53 18832 c:\windows\system32\kd1394.dll
- 2010-12-16 21:41 . 2010-11-02 06:23 31744 c:\windows\system32\jsproxy.dll
+ 2011-04-21 02:54 . 2011-02-22 06:46 31744 c:\windows\system32\jsproxy.dll
- 2010-12-16 21:41 . 2010-11-02 06:23 77312 c:\windows\system32\iesetup.dll
+ 2011-04-21 02:54 . 2011-02-22 06:46 77312 c:\windows\system32\iesetup.dll
- 2010-12-16 21:41 . 2010-11-02 06:23 72192 c:\windows\system32\iernonce.dll
+ 2011-04-21 02:54 . 2011-02-22 06:46 72192 c:\windows\system32\iernonce.dll
+ 2011-04-21 02:54 . 2011-02-22 05:15 70656 c:\windows\system32\ie4uinit.exe
- 2010-12-16 21:41 . 2010-11-02 04:45 70656 c:\windows\system32\ie4uinit.exe
+ 2007-01-29 12:20 . 2007-01-29 12:20 79760 c:\windows\system32\DriverStore\FileRepository\vmnetsrv.inf_788e102d\VMNetSrv.sys
+ 2007-01-29 12:20 . 2007-01-29 12:20 79760 c:\windows\system32\drivers\VMNetSrv.sys
+ 2009-07-15 10:49 . 2010-07-12 18:36 55856 c:\windows\system32\drivers\PxHlpa64.sys
+ 2010-10-25 03:25 . 2010-10-25 03:25 72064 c:\windows\system32\drivers\NisDrvWFP.sys
+ 2010-03-26 03:30 . 2010-10-25 03:25 40832 c:\windows\system32\drivers\MpNWMon.sys
- 2010-03-26 03:30 . 2010-03-26 03:30 40832 c:\windows\system32\drivers\MpNWMon.sys
+ 2011-04-21 02:52 . 2011-02-18 13:50 90624 c:\windows\system32\drivers\bowser.sys
- 2008-01-21 02:50 . 2008-01-21 02:50 90624 c:\windows\system32\drivers\bowser.sys
+ 2011-01-23 05:10 . 1999-05-06 04:22 57344 c:\windows\system32\DPLAY.DLL
+ 2011-04-21 02:52 . 2009-05-04 10:38 28672 c:\windows\system32\dnscacheugc.exe
- 2008-01-21 02:48 . 2008-01-21 02:48 28672 c:\windows\system32\dnscacheugc.exe
+ 2010-05-17 07:25 . 2011-06-30 22:27 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-05-17 07:25 . 2010-12-24 00:50 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-08-06 17:20 . 2011-01-05 16:48 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-08-06 17:20 . 2011-11-18 02:25 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-06 17:20 . 2011-01-05 16:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-06 17:20 . 2011-11-18 02:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-06 17:20 . 2011-01-05 16:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-06 17:20 . 2011-11-18 02:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-21 02:53 . 2011-02-16 15:36 48128 c:\windows\system32\atmlib.dll
- 2010-12-16 21:41 . 2010-10-28 15:18 48128 c:\windows\system32\atmlib.dll
+ 2009-08-22 04:31 . 2011-11-20 20:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-22 04:31 . 2009-08-22 04:31 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-22 04:31 . 2009-08-22 04:31 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-22 04:31 . 2011-11-20 20:50 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-22 04:31 . 2011-11-20 20:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-08-22 04:31 . 2009-08-22 04:31 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-21 02:08 . 2011-11-14 04:52 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-21 02:08 . 2011-01-05 16:44 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-21 02:08 . 2011-01-05 16:44 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-21 02:08 . 2011-11-14 04:52 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-29 05:50 . 2011-04-29 05:50 26624 c:\windows\Installer\7f5e722.msi
+ 2011-06-03 06:15 . 2011-06-03 06:15 28160 c:\windows\Installer\77c3c21.msi
+ 2011-09-26 22:22 . 2011-09-26 22:22 29696 c:\windows\Installer\23197c3e.msi
+ 2011-06-11 09:44 . 2011-06-11 09:44 57344 c:\windows\Installer\{B568643E-076D-48A2-B5C3-7F0144D668D8}\pdxshortcut.exe
+ 2011-06-11 09:44 . 2011-06-11 09:44 40960 c:\windows\Installer\{B568643E-076D-48A2-B5C3-7F0144D668D8}\NewShortcut3.exe
+ 2011-06-11 09:44 . 2011-06-11 09:44 57344 c:\windows\Installer\{B568643E-076D-48A2-B5C3-7F0144D668D8}\ARPPRODUCTICON.exe
+ 2011-10-21 21:24 . 2011-10-21 21:24 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2009-08-13 01:16 . 2011-04-21 03:05 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2009-08-13 01:16 . 2010-12-16 21:49 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2009-08-13 01:16 . 2011-04-21 03:05 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2009-08-13 01:16 . 2010-12-16 21:49 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2009-08-13 01:16 . 2010-12-16 21:49 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2009-08-13 01:16 . 2011-04-21 03:05 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2009-08-13 01:16 . 2010-12-16 21:49 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2009-08-13 01:16 . 2011-04-21 03:05 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2009-08-13 01:16 . 2011-04-21 03:05 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2009-08-13 01:16 . 2010-12-16 21:49 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2009-08-13 01:16 . 2010-12-16 21:49 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2009-08-13 01:16 . 2011-04-21 03:05 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2009-08-13 01:16 . 2010-12-16 21:49 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2009-08-13 01:16 . 2011-04-21 03:05 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2011-04-21 03:02 . 2011-04-21 03:02 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2010-11-28 06:54 . 2010-11-28 06:54 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2010-09-13 02:29 . 2010-12-20 17:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-09-13 02:29 . 2011-04-21 03:09 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-06-11 09:42 . 2011-06-11 09:42 58768 c:\windows\Installer\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}\ARPPRODUCTICON.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 73624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\wow_helper.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2006-11-02 12:40 . 2011-01-24 00:11 86016 c:\windows\inf\infstor.dat
- 2006-11-02 12:40 . 2010-12-31 07:19 86016 c:\windows\inf\infstor.dat
- 2006-11-02 12:40 . 2010-12-31 07:19 51200 c:\windows\inf\infpub.dat
+ 2006-11-02 12:40 . 2011-01-24 00:12 51200 c:\windows\inf\infpub.dat
+ 2011-01-23 05:10 . 1999-05-06 04:22 57344 c:\windows\DPLAY.DLL
+ 2011-04-21 05:47 . 2011-04-21 05:47 60416 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Pres#\aba8c4d598a35eea73cc008067228f48\System.Windows.Presentation.ni.dll
+ 2011-04-21 05:46 . 2011-04-21 05:46 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\ada89e8100a9a304fd48a8633acc30b9\System.Web.DynamicData.Design.ni.dll
+ 2011-04-21 05:04 . 2011-04-21 05:04 72192 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\eab4d3128cabac23ef0bafaa19ccbaa1\PresentationFontCache.ni.exe
+ 2011-04-21 04:58 . 2011-04-21 04:58 61952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\87570039bba9a0e7efd52b571e2c19d5\PresentationCFFRasterizer.ni.dll
+ 2011-04-21 04:56 . 2011-04-21 04:56 32256 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualC\6596f63f05841d71c4152ee462b113c6\Microsoft.VisualC.ni.dll
+ 2011-04-21 05:01 . 2011-04-21 05:01 62464 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtCOM\1a102e2d15aaf3a2d76014d9fdfa1b1c\ehiExtCOM.ni.dll
+ 2011-04-21 05:01 . 2011-04-21 05:01 62976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtCOM\d7852e71cb31d150048a785106762919\ehExtCOM.ni.dll
+ 2011-04-21 05:01 . 2011-04-21 05:01 28672 c:\windows\assembly\NativeImages_v2.0.50727_64\dfsvc\c3f6972fe801d1955884712219167e8e\dfsvc.ni.exe
+ 2011-04-21 04:56 . 2011-04-21 04:56 78848 c:\windows\assembly\NativeImages_v2.0.50727_64\Accessibility\df7f525db993e035d0dede856f200dd8\Accessibility.ni.dll
+ 2011-04-21 05:47 . 2011-04-21 05:47 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\4fc9d46432a3a06af39c87322b8e9ce8\WindowsLiveWriter.ni.exe
+ 2011-04-21 05:48 . 2011-04-21 05:48 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a3383516a982825daa2cb4df089cb704\WindowsLive.Writer.Api.ni.dll
+ 2011-04-21 05:50 . 2011-04-21 05:50 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\35f81d781aaeb3d65f1724647b8af8cb\UIAutomationProvider.ni.dll
+ 2011-04-21 05:53 . 2011-04-21 05:53 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\f397e0a408be793e475ca72b6680318d\System.Windows.Presentation.ni.dll
+ 2011-04-21 05:52 . 2011-04-21 05:52 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\6227cef04b8aa372cca1be265a877581\System.Web.DynamicData.Design.ni.dll
+ 2011-04-21 05:51 . 2011-04-21 05:51 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ebcb16b5ec7845f55c8066d4dae7589b\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-04-21 05:51 . 2011-04-21 05:51 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\bb163b0b6fdabcb3485a3aadd8170a41\System.AddIn.Contract.ni.dll
+ 2011-04-21 05:50 . 2011-04-21 05:50 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\0ff80045be02da4e3b9080959d621cbd\PresentationFontCache.ni.exe
+ 2011-04-21 05:50 . 2011-04-21 05:50 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\d2b0d23db455e664f47b981bbc675b6a\PresentationCFFRasterizer.ni.dll
+ 2011-04-21 05:50 . 2011-04-21 05:50 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\3df142e59eb5db7060495df5bf02485f\napcrypt.ni.dll
+ 2011-04-21 05:52 . 2011-04-21 05:52 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\7f6e475430fcf615bdccda547fce324a\Microsoft.Vsa.ni.dll
+ 2011-04-21 05:48 . 2011-04-21 05:48 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\c8c8063351c9c9852f771e8c29db86f5\Microsoft.VisualC.ni.dll
+ 2011-04-21 05:50 . 2011-04-21 05:50 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\ba19a61c9adc67272d4f88096ff7c765\Microsoft.Build.Framework.ni.dll
+ 2011-04-21 05:49 . 2011-04-21 05:49 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\555e06638cbbc873afc7e3447e5243a3\Microsoft.Build.Framework.ni.dll
+ 2011-04-21 05:50 . 2011-04-21 05:50 57856 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\8ddf1283a2aed6139f31107bcb66cb86\ehiUserXp.ni.dll
+ 2011-04-21 05:49 . 2011-04-21 05:49 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a7aa07523154f1cb719b6540be153bd8\dfsvc.ni.exe
+ 2011-04-21 05:47 . 2011-04-21 05:47 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\02dd63e721531315e891b88e5e6cf5b1\Accessibility.ni.dll
+ 2009-08-29 09:48 . 2011-11-05 16:13 2206 c:\windows\system32\WDI\ERCQueuedResolutions.dat
+ 2011-11-20 20:50 . 2011-11-20 20:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-01-05 16:44 . 2011-01-05 16:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-01-05 16:44 . 2011-01-05 16:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-20 20:50 . 2011-11-20 20:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-08-13 01:16 . 2011-04-21 03:05 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2009-08-13 01:16 . 2010-12-16 21:49 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2009-08-13 01:16 . 2011-04-21 03:05 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2009-08-13 01:16 . 2010-12-16 21:49 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2009-08-13 01:16 . 2010-12-16 21:49 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2009-08-13 01:16 . 2011-04-21 03:05 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2010-12-16 21:41 . 2010-11-02 06:01 916480 c:\windows\SysWOW64\wininet.dll
+ 2011-04-21 02:54 . 2011-02-22 06:21 916480 c:\windows\SysWOW64\wininet.dll
+ 2011-04-21 02:52 . 2011-02-17 06:23 420864 c:\windows\SysWOW64\vbscript.dll
+ 2011-04-22 20:44 . 2009-07-10 12:21 247808 c:\windows\SysWOW64\shsvcs.dll
+ 2011-02-24 20:47 . 2011-01-21 15:46 351744 c:\windows\SysWOW64\shlwapi.dll
- 2008-01-21 02:50 . 2008-01-21 02:50 351744 c:\windows\SysWOW64\shlwapi.dll
+ 2011-04-21 02:53 . 2010-12-29 17:41 153088 c:\windows\SysWOW64\sbeio.dll
- 2008-01-21 02:47 . 2008-01-21 02:47 153088 c:\windows\SysWOW64\sbeio.dll
+ 2011-04-21 02:53 . 2010-12-29 17:41 323072 c:\windows\SysWOW64\sbe.dll
+ 2011-02-24 20:47 . 2010-12-28 14:57 409600 c:\windows\SysWOW64\odbc32.dll
- 2008-01-21 02:50 . 2008-01-21 02:50 409600 c:\windows\SysWOW64\odbc32.dll
- 2010-12-16 21:41 . 2010-11-02 06:00 206848 c:\windows\SysWOW64\occache.dll
+ 2011-04-21 02:54 . 2011-02-22 06:19 206848 c:\windows\SysWOW64\occache.dll
- 2008-01-21 02:48 . 2008-01-21 02:48 677888 c:\windows\SysWOW64\mstsc.exe
+ 2011-04-21 02:52 . 2010-12-17 15:06 677888 c:\windows\SysWOW64\mstsc.exe
+ 2011-04-21 02:54 . 2011-02-22 06:18 611840 c:\windows\SysWOW64\mstime.dll
- 2010-12-16 21:42 . 2010-11-02 05:58 611840 c:\windows\SysWOW64\mstime.dll
- 2010-12-16 21:41 . 2010-11-02 05:58 602112 c:\windows\SysWOW64\msfeeds.dll
+ 2011-04-21 02:54 . 2011-02-22 06:17 602112 c:\windows\SysWOW64\msfeeds.dll
+ 2010-03-12 02:45 . 2010-03-12 02:45 139424 c:\windows\SysWOW64\MFCANS32.DLL
+ 2011-09-05 02:47 . 2011-09-05 02:47 243360 c:\windows\SysWOW64\Macromed\Flash\FlashUtil10w_Plugin.exe
+ 2011-04-21 02:52 . 2011-02-17 06:19 726528 c:\windows\SysWOW64\jscript.dll
- 2010-07-21 02:06 . 2009-12-04 07:19 726528 c:\windows\SysWOW64\jscript.dll
- 2010-10-06 22:33 . 2010-05-27 19:16 738816 c:\windows\SysWOW64\inetcomm.dll
+ 2011-04-21 02:52 . 2011-03-03 15:00 738816 c:\windows\SysWOW64\inetcomm.dll
- 2010-12-16 21:41 . 2010-11-02 04:26 133632 c:\windows\SysWOW64\ieUnatt.exe
+ 2011-04-21 02:54 . 2011-02-22 04:43 133632 c:\windows\SysWOW64\ieUnatt.exe
+ 2011-04-21 02:54 . 2011-02-22 06:16 164352 c:\windows\SysWOW64\ieui.dll
- 2010-12-16 21:41 . 2010-11-02 05:57 164352 c:\windows\SysWOW64\ieui.dll
+ 2011-04-21 02:54 . 2011-02-22 06:16 109056 c:\windows\SysWOW64\iesysprep.dll
- 2010-12-16 21:41 . 2010-11-02 05:57 109056 c:\windows\SysWOW64\iesysprep.dll
+ 2011-04-21 02:54 . 2011-02-22 06:16 184320 c:\windows\SysWOW64\iepeers.dll
- 2010-12-16 21:41 . 2010-11-02 05:57 184320 c:\windows\SysWOW64\iepeers.dll
+ 2011-04-21 02:54 . 2011-02-22 06:16 387584 c:\windows\SysWOW64\iedkcs32.dll
- 2010-12-16 21:41 . 2010-11-02 05:57 387584 c:\windows\SysWOW64\iedkcs32.dll
+ 2011-04-21 02:54 . 2011-02-22 04:43 173568 c:\windows\SysWOW64\ie4uinit.exe
- 2010-12-16 21:41 . 2010-11-02 04:25 173568 c:\windows\SysWOW64\ie4uinit.exe
- 2008-01-21 02:48 . 2008-01-21 02:48 595456 c:\windows\SysWOW64\FWPUCLNT.DLL
+ 2010-10-06 22:35 . 2010-06-16 15:10 595456 c:\windows\SysWOW64\FWPUCLNT.DLL
+ 2011-04-21 02:53 . 2010-12-29 17:13 429056 c:\windows\SysWOW64\EncDec.dll
+ 2011-04-21 02:52 . 2011-03-02 14:49 167936 c:\windows\SysWOW64\dnsapi.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 843776 c:\windows\SysWOW64\divx_xx16.dll
- 2009-11-14 00:47 . 2009-11-14 00:47 843776 c:\windows\SysWOW64\divx_xx16.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 839680 c:\windows\SysWOW64\divx_xx11.dll
- 2009-11-14 00:47 . 2009-11-14 00:47 839680 c:\windows\SysWOW64\divx_xx11.dll
- 2009-11-14 00:47 . 2009-11-14 00:47 856064 c:\windows\SysWOW64\divx_xx0c.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 856064 c:\windows\SysWOW64\divx_xx0c.dll
- 2009-11-14 00:47 . 2009-11-14 00:47 847872 c:\windows\SysWOW64\divx_xx0a.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 847872 c:\windows\SysWOW64\divx_xx0a.dll
- 2009-11-14 00:47 . 2009-11-14 00:47 856064 c:\windows\SysWOW64\divx_xx07.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 856064 c:\windows\SysWOW64\divx_xx07.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 720384 c:\windows\SysWOW64\DivX.dll
+ 2003-03-07 08:58 . 2003-03-07 08:58 753664 c:\windows\SysWOW64\CRLCTL90.dll
+ 2009-08-19 22:30 . 2011-04-21 03:20 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-08-19 22:30 . 2010-10-06 23:10 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-04-21 02:53 . 2011-02-16 13:24 292864 c:\windows\SysWOW64\atmfd.dll
+ 2011-04-21 02:52 . 2011-02-27 15:53 979344 c:\windows\system32\winresume.exe
+ 2009-08-19 20:46 . 2011-10-14 22:07 292562 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-08-07 03:01 . 2011-11-20 19:46 777536 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 15:45 . 2011-11-20 20:53 100828 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-01-29 12:20 . 2007-01-29 12:20 188320 c:\windows\system32\VMNetSrv.dll
+ 2011-04-21 02:52 . 2011-02-17 07:21 613376 c:\windows\system32\vbscript.dll
+ 2011-04-22 20:44 . 2009-07-10 12:37 301568 c:\windows\system32\shsvcs.dll
- 2008-01-21 02:50 . 2008-01-21 02:50 301568 c:\windows\system32\shsvcs.dll
- 2008-01-21 02:49 . 2008-01-21 02:49 454144 c:\windows\system32\shlwapi.dll
+ 2011-02-24 20:47 . 2011-01-21 15:57 454144 c:\windows\system32\shlwapi.dll
- 2008-01-21 02:47 . 2008-01-21 02:47 210944 c:\windows\system32\sbeio.dll
+ 2011-04-21 02:53 . 2010-12-29 17:53 210944 c:\windows\system32\sbeio.dll
+ 2011-04-21 02:53 . 2010-12-29 17:53 416768 c:\windows\system32\sbe.dll
- 2008-01-21 02:47 . 2008-01-21 02:47 416768 c:\windows\system32\sbe.dll
+ 2006-11-02 12:46 . 2011-11-20 15:35 599460 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2011-11-20 15:35 103066 c:\windows\system32\perfc009.dat
+ 2011-02-24 20:47 . 2010-12-28 15:26 462848 c:\windows\system32\odbc32.dll
- 2010-12-16 21:41 . 2010-11-02 06:26 243712 c:\windows\system32\occache.dll
+ 2011-04-21 02:54 . 2011-02-22 06:49 243712 c:\windows\system32\occache.dll
+ 2011-04-21 02:52 . 2010-12-17 15:35 730624 c:\windows\system32\mstsc.exe
- 2008-01-21 02:50 . 2008-01-21 02:50 730624 c:\windows\system32\mstsc.exe
+ 2011-04-21 02:54 . 2011-02-22 06:47 710656 c:\windows\system32\msfeeds.dll
- 2010-12-16 21:41 . 2010-11-02 06:24 710656 c:\windows\system32\msfeeds.dll
- 2010-07-21 02:06 . 2009-12-04 07:30 817664 c:\windows\system32\jscript.dll
+ 2011-04-21 02:52 . 2011-02-17 07:15 817664 c:\windows\system32\jscript.dll
+ 2011-04-21 02:52 . 2011-03-03 15:09 975872 c:\windows\system32\inetcomm.dll
- 2008-01-21 02:50 . 2008-01-21 02:50 454656 c:\windows\system32\IKEEXT.DLL
+ 2010-10-06 22:35 . 2010-06-16 22:41 454656 c:\windows\system32\IKEEXT.DLL
+ 2011-04-21 02:54 . 2011-02-22 05:15 162816 c:\windows\system32\ieUnatt.exe
- 2010-12-16 21:41 . 2010-11-02 04:45 162816 c:\windows\system32\ieUnatt.exe
- 2010-12-16 21:41 . 2010-11-02 06:23 219136 c:\windows\system32\ieui.dll
+ 2011-04-21 02:54 . 2011-02-22 06:46 219136 c:\windows\system32\ieui.dll
+ 2011-04-21 02:54 . 2011-02-22 06:46 132096 c:\windows\system32\iesysprep.dll
- 2010-12-16 21:41 . 2010-11-02 06:23 132096 c:\windows\system32\iesysprep.dll
- 2010-12-16 21:41 . 2010-11-02 06:23 252416 c:\windows\system32\iepeers.dll
+ 2011-04-21 02:54 . 2011-02-22 06:46 252416 c:\windows\system32\iepeers.dll
+ 2011-04-21 02:54 . 2011-02-22 06:46 459776 c:\windows\system32\iedkcs32.dll
- 2010-12-16 21:41 . 2010-11-02 06:23 459776 c:\windows\system32\iedkcs32.dll
+ 2010-10-06 22:35 . 2010-06-16 22:40 779776 c:\windows\system32\FWPUCLNT.DLL
- 2008-01-21 02:50 . 2008-01-21 02:50 779776 c:\windows\system32\FWPUCLNT.DLL
+ 2011-04-21 02:53 . 2010-12-29 17:34 560128 c:\windows\system32\EncDec.dll
+ 2007-01-29 12:20 . 2007-01-29 12:20 188320 c:\windows\system32\DriverStore\FileRepository\vmnetsrv.inf_788e102d\VMNetSrv.dll
+ 2011-02-24 20:53 . 2011-02-24 20:53 294232 c:\windows\system32\drivers\VMM.sys
+ 2008-01-21 02:47 . 2008-01-21 02:47 168704 c:\windows\system32\drivers\usbvideo.sys
- 2010-11-27 01:13 . 2010-09-06 13:44 144896 c:\windows\system32\drivers\srvnet.sys
+ 2011-04-21 02:52 . 2011-02-18 13:51 144896 c:\windows\system32\drivers\srvnet.sys
+ 2011-04-21 02:52 . 2011-02-18 13:51 176128 c:\windows\system32\drivers\srv2.sys
+ 2011-04-21 02:52 . 2011-02-18 13:51 461312 c:\windows\system32\drivers\srv.sys
+ 2010-10-06 22:35 . 2010-06-16 23:28 342920 c:\windows\system32\drivers\netio.sys
+ 2011-04-21 02:52 . 2011-02-18 13:50 105472 c:\windows\system32\drivers\mrxsmb20.sys
- 2010-07-21 02:07 . 2010-02-23 11:46 105472 c:\windows\system32\drivers\mrxsmb20.sys
- 2010-07-21 02:07 . 2010-02-23 11:46 273920 c:\windows\system32\drivers\mrxsmb10.sys
+ 2011-04-21 02:52 . 2011-02-18 13:50 273920 c:\windows\system32\drivers\mrxsmb10.sys
+ 2011-04-21 02:52 . 2011-02-18 13:50 135168 c:\windows\system32\drivers\mrxsmb.sys
- 2010-07-21 02:07 . 2010-02-23 11:46 135168 c:\windows\system32\drivers\mrxsmb.sys
+ 2010-03-26 03:30 . 2010-10-25 03:25 188928 c:\windows\system32\drivers\MpFilter.sys
+ 2010-10-06 22:35 . 2010-06-16 23:28 165256 c:\windows\system32\drivers\FWPKCLNT.SYS
- 2008-01-21 02:48 . 2008-01-21 02:48 117760 c:\windows\system32\dnsrslvr.dll
+ 2011-04-21 02:52 . 2011-03-02 15:10 117760 c:\windows\system32\dnsrslvr.dll
+ 2011-04-21 02:52 . 2011-03-02 15:10 221184 c:\windows\system32\dnsapi.dll
+ 2011-04-21 02:52 . 2011-02-27 15:53 979344 c:\windows\system32\Boot\winresume.exe
+ 2010-10-06 22:35 . 2010-06-16 22:39 458240 c:\windows\system32\BFE.DLL
- 2008-01-21 02:50 . 2008-01-21 02:50 458240 c:\windows\system32\BFE.DLL
+ 2011-04-21 02:53 . 2011-02-16 13:44 367616 c:\windows\system32\atmfd.dll
+ 2009-08-22 04:31 . 2011-08-29 07:16 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-10-06 22:36 . 2010-05-19 11:36 485192 c:\windows\Microsoft.NET\Framework64\v2.0.50727\SOS.dll
+ 2011-04-21 03:04 . 2010-10-29 10:53 485192 c:\windows\Microsoft.NET\Framework64\v2.0.50727\SOS.dll
- 2010-10-06 22:36 . 2010-05-19 11:31 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-04-21 03:04 . 2010-10-29 10:53 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-04-21 03:04 . 2010-10-29 10:52 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-04-21 03:04 . 2011-02-12 01:54 989528 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-01-24 00:12 . 2011-01-24 00:12 880640 c:\windows\Installer\e92ac08.msi
+ 2011-04-22 20:51 . 2011-04-22 20:51 459264 c:\windows\Installer\bd2092.msi
+ 2011-04-22 20:45 . 2011-04-22 20:45 223232 c:\windows\Installer\bd208b.msi
+ 2011-04-22 20:45 . 2011-04-22 20:45 231424 c:\windows\Installer\bd2084.msi
+ 2011-10-21 21:24 . 2011-10-21 21:24 360448 c:\windows\Installer\adfad6c.msi
+ 2011-02-02 00:27 . 2011-02-02 00:27 907264 c:\windows\Installer\2a756d23.msi
+ 2011-02-02 00:25 . 2011-02-02 00:25 584192 c:\windows\Installer\2a756ce9.msi
+ 2011-01-16 21:06 . 2011-01-16 21:06 371272 c:\windows\Installer\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}\SkypeIcon.exe
+ 2009-08-13 01:16 . 2011-04-21 03:05 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2009-08-13 01:16 . 2010-12-16 21:49 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2009-08-13 01:16 . 2010-12-16 21:49 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2009-08-13 01:16 . 2011-04-21 03:05 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2011-05-25 00:56 . 2011-05-25 00:56 102400 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2006-11-02 12:40 . 2011-01-24 00:11 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 12:40 . 2010-12-31 07:19 143360 c:\windows\inf\infstrng.dat
+ 2011-04-21 05:47 . 2011-04-21 05:47 468992 c:\windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\c45fb3e5e82e1167e53565179e8a2feb\WsatConfig.ni.exe
+ 2011-04-21 05:47 . 2011-04-21 05:47 328704 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\b84cc1cc4e5a1aa57bba6e4a548bd792\WindowsFormsIntegration.ni.dll
+ 2011-04-21 04:58 . 2011-04-21 04:58 472576 c:\windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\1efe36c6196142d49a46bc1e598e16c9\VistaBridgeLibrary.ni.dll
+ 2011-04-21 04:58 . 2011-04-21 04:58 736768 c:\windows\assembly\NativeImages_v2.0.50727_64\VDialog\a5c42151d2fb9db6909200865cddab09\VDialog.ni.dll
+ 2011-04-21 04:58 . 2011-04-21 04:58 257024 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationTypes\e63df95e758750f501a276177179535d\UIAutomationTypes.ni.dll
+ 2011-04-21 04:58 . 2011-04-21 04:58 120320 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationProvider\b9a9989dec54e06334805e01a9d301a9\UIAutomationProvider.ni.dll
+ 2011-04-21 05:47 . 2011-04-21 05:47 648704 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClient\7d63683694bda2c95784003706b83cd5\UIAutomationClient.ni.dll
+ 2011-04-21 05:47 . 2011-04-21 05:47 290304 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\78e0b9b410a0f48db7d688a3ae17c357\TaskScheduler.ni.dll
+ 2011-04-21 05:47 . 2011-04-21 05:47 529920 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\2fde67b7a9bb89830f1a423e65c0a825\System.Xml.Linq.ni.dll
+ 2011-04-21 05:46 . 2011-04-21 05:46 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\7c3786f8ff7495241041e21e0726647c\System.Web.Routing.ni.dll
+ 2011-04-21 04:57 . 2011-04-21 04:57 261120 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.RegularE#\9963614f2ed47ca8c6f108e207cc2d23\System.Web.RegularExpressions.ni.dll
+ 2011-04-21 05:47 . 2011-04-21 05:47 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\ea2d4ea323460b2ec6d240f7665870d3\System.Web.Entity.ni.dll
+ 2011-04-21 05:47 . 2011-04-21 05:47 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\2139dcacfc3c5b41c27278833dae4e3c\System.Web.Entity.Design.ni.dll
+ 2011-04-21 05:46 . 2011-04-21 05:46 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\d73046463a5dca8e165fac7a7a7fdea9\System.Web.DynamicData.ni.dll
+ 2011-04-21 05:46 . 2011-04-21 05:46 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\f5fac020f26eac653bc6e0766558dc61\System.Web.Abstractions.ni.dll
+ 2011-04-21 04:57 . 2011-04-21 04:57 921600 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\5a28cceebddd1cbd2ef39db0920e15d8\System.Transactions.ni.dll
+ 2011-04-21 04:57 . 2011-04-21 04:57 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\2259eacd3d82cf568f29b112bcdf5ada\System.ServiceProcess.ni.dll
+ 2011-04-21 04:56 . 2011-04-21 04:56 928768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Security\00cbaf1c51f910838b8e85912fe8cd2f\System.Security.ni.dll
+ 2011-04-21 04:57 . 2011-04-21 04:57 396288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\e48b6b9794622b5ebe657802f4c2c9b5\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-04-21 05:46 . 2011-04-21 05:46 911872 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Net\56989499bedc855d80391b8247bb7ee0\System.Net.ni.dll
+ 2011-04-21 05:00 . 2011-04-21 05:00 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\6af473f7063dc65fffda465721193cbc\System.Messaging.ni.dll
+ 2011-04-21 05:46 . 2011-04-21 05:46 534016 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.I#\e1d3fe598fdfa973dcdc16b792865329\System.Management.Instrumentation.ni.dll
+ 2011-04-21 05:46 . 2011-04-21 05:46 569856 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IO.Log\fcabb99c3f5c3f0c1382be108cbafda8\System.IO.Log.ni.dll
+ 2011-04-21 05:00 . 2011-04-21 05:00 294400 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\7c01a2305def17b4e127eb638d78db77\System.IdentityModel.Selectors.ni.dll
+ 2011-04-21 04:57 . 2011-04-21 04:57 446464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\d7f3ec18b743efb5886bd57ef5894282\System.EnterpriseServices.Wrapper.dll
+ 2011-04-21 03:26 . 2011-04-21 03:26 288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\8fee7f50caa7420a65d4dc2fdd2734de\System.Drawing.Design.ni.dll
+ 2011-04-21 04:57 . 2011-04-21 04:57 649728 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\30f8c6ff9903ef856e1a93dd81cdee45\System.DirectoryServices.Protocols.ni.dll
+ 2011-04-21 05:46 . 2011-04-21 05:46 493056 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\95b46cd8a6ec1874034d1140275b1fb1\System.Data.Services.Design.ni.dll
+ 2011-04-21 05:04 . 2011-04-21 05:04 194560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\7ede85f7faf210d48e8fbdc3344b5a24\System.Data.DataSetExtensions.ni.dll
+ 2011-04-21 04:57 . 2011-04-21 04:57 192000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\751a83f81d3cd6a6c25971404dbf46b2\System.Configuration.Install.ni.dll
+ 2011-04-21 05:04 . 2011-04-21 05:04 132096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\eb5b4d235ba1f30d50cb1c8916d7ec3c\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-04-21 05:04 . 2011-04-21 05:04 889344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn\71308ca769110f4d8463b1c20e0161c3\System.AddIn.ni.dll
+ 2011-04-21 05:04 . 2011-04-21 05:04 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn.Contra#\ed4f4e9e3285a0129e631137a5ae0446\System.AddIn.Contract.ni.dll
+ 2011-04-21 05:46 . 2011-04-21 05:46 297984 c:\windows\assembly\NativeImages_v2.0.50727_64\sysglobl\b956dde9155da1656a37ad1b3cca42e2\sysglobl.ni.dll
+ 2011-04-21 05:04 . 2011-04-21 05:04 525824 c:\windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\d7169247040eeec85181fa34a8da4ea1\SMSvcHost.ni.exe
+ 2011-04-21 05:00 . 2011-04-21 05:00 349184 c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\c6b99f521c76776a23af01cb515e31fb\SMDiagnostics.ni.dll
+ 2011-04-21 05:04 . 2011-04-21 05:04 438784 c:\windows\assembly\NativeImages_v2.0.50727_64\ServiceModelReg\40c1244ad4797b43239a0b0bde764170\ServiceModelReg.ni.exe
+ 2011-04-21 03:23 . 2011-04-21 03:23 620544 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\a8a928528afcaf7a9c70c36c31e2dbd9\PresentationFramework.Luna.ni.dll
+ 2011-04-21 03:23 . 2011-04-21 03:23 279040 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\9a4da1089b4ed9f7b175fde2d464a31b\PresentationFramework.Classic.ni.dll
+ 2011-04-21 03:23 . 2011-04-21 03:23 463360 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\5a8df21adba58f51d0eb316c8fff7f0c\PresentationFramework.Aero.ni.dll
+ 2011-04-21 03:23 . 2011-04-21 03:23 317440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\05292f2f7b28e0c33bea7db06616dda5\PresentationFramework.Royale.ni.dll
+ 2011-04-21 05:03 . 2011-04-21 05:03 852992 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\cff483b6b3c51469121fa8effda3d582\napsnap.ni.dll
+ 2011-04-21 05:03 . 2011-04-21 05:03 154624 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\d47593ee440bd28bed238eaed4a72b7e\napinit.ni.dll
+ 2011-04-21 05:03 . 2011-04-21 05:03 177152 c:\windows\assembly\NativeImages_v2.0.50727_64\naphlpr\a4c823b02654f4f9d06c6c355e9f25ab\naphlpr.ni.dll
+ 2011-04-21 05:03 . 2011-04-21 05:03 126464 c:\windows\assembly\NativeImages_v2.0.50727_64\napcrypt\d0e0c8302f022c3f5ecc6fcb995b4f67\napcrypt.ni.dll
+ 2011-04-21 04:57 . 2011-04-21 04:57 401408 c:\windows\assembly\NativeImages_v2.0.50727_64\MyDock.Util\64ebcc63b89799685115844a211f9046\MyDock.Util.ni.dll
+ 2011-04-21 04:59 . 2011-04-21 04:59 184320 c:\windows\assembly\NativeImages_v2.0.50727_64\MSBuild\a1684919afdf43c23aea291cd84852f9\MSBuild.ni.exe
+ 2011-04-21 05:03 . 2011-04-21 05:03 412160 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\aaddecc0756308ae87cb5e6458d4f6e1\MMCFxCommon.ni.dll
+ 2011-04-21 04:58 . 2011-04-21 04:58 105984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\2b108befe00710202473418bf2e670ef\Microsoft.Vsa.ni.dll
+ 2011-04-21 05:03 . 2011-04-21 05:03 584192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\85d863afa60f6e89aa63b9d126a7f0c3\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-04-21 05:02 . 2011-04-21 05:02 946688 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\bdd9fd81a3cb1a8a149d859f700c2435\Microsoft.MediaCenter.Sports.ni.dll
+ 2011-04-21 05:02 . 2011-04-21 05:02 313856 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\aa731cf7cc55441dc0e0b84fd5a560f2\Microsoft.MediaCenter.Shell.ni.dll
+ 2011-04-21 05:01 . 2011-04-21 05:01 922624 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\48d78965f601c8f71e3521b8d4037baa\Microsoft.MediaCenter.ni.dll
+ 2011-04-21 05:02 . 2011-04-21 05:02 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\fcb092da5ac3e47104a1d859901ea71e\Microsoft.ManagementConsole.ni.dll
+ 2011-04-21 05:03 . 2011-04-21 05:03 228864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\d7995c5ff37a4fac10ec222a9c0c4afe\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-04-21 05:03 . 2011-04-21 05:03 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\9b2e7ff261e0f2823617d62c6b78ff82\Microsoft.Build.Utilities.ni.dll
+ 2011-04-21 04:59 . 2011-04-21 04:59 142336 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\b4d6c2649a40c47811b2cd37dd1810ad\Microsoft.Build.Framework.ni.dll
+ 2011-04-21 05:03 . 2011-04-21 05:03 121344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\195fa3828c8927ccf6b9990f8d339a74\Microsoft.Build.Framework.ni.dll
+ 2011-04-21 05:03 . 2011-04-21 05:03 294912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Con#\3c278399ae0863269621917f0910b410\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-04-21 05:02 . 2011-04-21 05:02 372224 c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\b580ca5fc855b9ba6db82e356121125d\Mcx2Dvcs.ni.dll
+ 2011-04-21 05:03 . 2011-04-21 05:03 369664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\adc10d62b402c556320b43ae21fb2a53\mcupdate.ni.exe
+ 2011-04-21 05:02 . 2011-04-21 05:02 328704 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\aeee9036d06d07f0b060fc793af214bb\mcstoredb.ni.dll
+ 2011-04-21 05:02 . 2011-04-21 05:02 879616 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\61eea25517b741fd53450f5f85001f7f\mcstore.ni.dll
+ 2011-04-21 05:02 . 2011-04-21 05:02 108032 c:\windows\assembly\NativeImages_v2.0.50727_64\loadmxf\4f25b05216501f0931bc5e10155d1472\loadmxf.ni.exe
+ 2011-04-21 05:02 . 2011-04-21 05:02 645120 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\5cb8a3afa92e25574b2a8dc002745870\EventViewer.ni.dll
+ 2011-04-21 05:02 . 2011-04-21 05:02 313856 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiWUapi\c696afa3b582a0b6119c52ef3f33d043\ehiWUapi.ni.dll
+ 2011-04-21 05:02 . 2011-04-21 05:02 927232 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiwmp\1c9d96dac8ac4b29bcc1b67e838de2d9\ehiwmp.ni.dll
+ 2011-04-21 05:01 . 2011-04-21 05:01 139264 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUserXp\00dd71865e9077fb995708b1410b9b77\ehiUserXp.ni.dll
+ 2011-04-21 05:01 . 2011-04-21 05:01 151040 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiReplay\f3a9178090e0d25d28ddd338d605278c\ehiReplay.ni.dll
+ 2011-04-21 05:01 . 2011-04-21 05:01 397824 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtens\be8eca025162b617ffffccb09ce51e29\ehiExtens.ni.dll
+ 2011-04-21 05:01 . 2011-04-21 05:01 369152 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\1fb04e77bce668d11c204ccc061fc78d\ehExtHost.ni.exe
+ 2011-04-21 05:01 . 2011-04-21 05:01 409600 c:\windows\assembly\NativeImages_v2.0.50727_64\ehepgdat\b24f53c0cbfa5362c4320ae0d96b0708\ehepgdat.ni.dll
+ 2011-04-21 05:01 . 2011-04-21 05:01 311808 c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\91328fa7ec536693b1039541ea120150\ehCIR.ni.dll
+ 2011-04-21 05:01 . 2011-04-21 05:01 348672 c:\windows\assembly\NativeImages_v2.0.50727_64\CustomMarshalers\cc70789f37faf0042f0b0ff6e9e0b2cd\CustomMarshalers.ni.dll
+ 2011-04-21 04:59 . 2011-04-21 04:59 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\f5911a7fd680a400f931caad318957cc\ComSvcConfig.ni.exe
+ 2011-04-21 04:56 . 2011-04-21 04:56 568320 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\1c369c6f80f6c094bb3714edffa85eb4\BDATunePIA.ni.dll
+ 2011-04-21 05:53 . 2011-04-21 05:53 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\7421e9af281495e0ae5245a5600c142e\WsatConfig.ni.exe
+ 2011-04-21 05:48 . 2011-04-21 05:48 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\48acbba18ddfa0e39085d0131052b7c6\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2011-04-21 05:48 . 2011-04-21 05:48 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f33cdf821e5fd616ad337da91582b285\WindowsLive.Writer.Instrumentation.ni.dll
+ 2011-04-21 05:48 . 2011-04-21 05:48 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ebe768bd0b5eb615c63a7e35bc61b00f\WindowsLive.Writer.Passport.ni.dll
+ 2011-04-21 05:48 . 2011-04-21 05:48 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c1757ece5480ae75f148b3bf5135c30e\WindowsLive.Writer.BrowserControl.ni.dll
+ 2011-04-21 05:48 . 2011-04-21 05:48 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bd5d389d0288c2ccf1294c9b29c1c8cc\WindowsLive.Writer.BlogClient.ni.dll
+ 2011-04-21 05:48 . 2011-04-21 05:48 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b444432bd063d8c2bf8a4cf5b0687aff\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2011-04-21 05:48 . 2011-04-21 05:48 258560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a35c51742656655dcb58d3cb635a6d9f\WindowsLive.Writer.Mshtml.ni.dll
+ 2011-04-21 05:48 . 2011-04-21 05:48 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9adeb958366ec16516e0deac1a63b75e\WindowsLive.Writer.Interop.ni.dll
+ 2011-04-21 05:48 . 2011-04-21 05:48 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\89834947e607c586be1abc86c38eafa2\WindowsLive.Writer.SpellChecker.ni.dll
+ 2011-04-21 05:48 . 2011-04-21 05:48 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7748f7d06bef4c184d880119dd7a6047\WindowsLive.Writer.Localization.ni.dll
+ 2011-04-21 05:48 . 2011-04-21 05:48 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\70cabee4f894569cbcd8fb67c21d0afa\WindowsLive.Writer.Extensibility.ni.dll
+ 2011-04-21 05:48 . 2011-04-21 05:48 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\50d6b464c9605195bc89d094e6c5849c\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2011-04-21 05:48 . 2011-04-21 05:48 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4dac7c0fefd90f40589208ef52c4e67c\WindowsLive.Writer.FileDestinations.ni.dll
+ 2011-04-21 05:48 . 2011-04-21 05:48 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\473533bcbf7b7da22c013124511581b2\WindowsLive.Writer.HtmlParser.ni.dll
+ 2011-04-21 05:48 . 2011-04-21 05:48 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\32216359d4654f185f1a9b4806732238\WindowsLive.Writer.Controls.ni.dll
+ 2011-04-21 05:48 . 2011-04-21 05:48 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\00b8bad20a94b9a832a8005cd9a74b3f\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2011-04-21 05:48 . 2011-04-21 05:48 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\c5030c2bddf39594ee7f652596ba7df3\WindowsLive.Client.ni.dll
+ 2011-04-21 05:53 . 2011-04-21 05:53 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f2075af8b0addea507e067493c7d136f\WindowsFormsIntegration.ni.dll
+ 2011-04-21 05:50 . 2011-04-21 05:50 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\ad03e6fd4fcc9e593c83a6785c1d652f\UIAutomationTypes.ni.dll
+ 2011-04-21 05:53 . 2011-04-21 05:53 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\a1ffe3eb0dc5d5974b5d3be07b3a3442\UIAutomationClient.ni.dll
+ 2011-04-21 05:53 . 2011-04-21 05:53 235520 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\bd1e6d1159b3019569ef287ac8e31f88\TaskScheduler.ni.dll
+ 2011-04-21 05:53 . 2011-04-21 05:53 401408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\67733ac0a050e47d24bd30aaae61d3d2\System.Xml.Linq.ni.dll
+ 2011-04-21 05:52 . 2011-04-21 05:52 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\745caf6bff9193a4e5f62889f33dfd41\System.Web.Routing.ni.dll
+ 2011-04-21 05:48 . 2011-04-21 05:48 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\532b398107e42c574ebdfa964297deca\System.Web.RegularExpressions.ni.dll
+ 2011-04-21 05:52 . 2011-04-21 05:52 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\3ee6e3ec02c3e788283607bff11e1220\System.Web.Extensions.Design.ni.dll
+ 2011-04-21 05:52 . 2011-04-21 05:52 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\54daa692c0b1b56cb7c08fc44cde4336\System.Web.Entity.ni.dll
+ 2011-04-21 05:52 . 2011-04-21 05:52 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\7b2d8b13a135deebc522566ddc0f2159\System.Web.Entity.Design.ni.dll
+ 2011-04-21 05:52 . 2011-04-21 05:52 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\58494cb66676ac11571e7e566b226bf7\System.Web.DynamicData.ni.dll
+ 2011-04-21 05:52 . 2011-04-21 05:52 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\ef5a7b5351641ad7814977fecb17c8e0\System.Web.Abstractions.ni.dll
+ 2011-04-21 05:48 . 2011-04-21 05:48 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9609c065123989f5dcceb8741a3eea6f\System.Transactions.ni.dll
+ 2011-04-21 05:48 . 2011-04-21 05:48 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\cacc1d8e318bc5ee001d20d73b62d493\System.ServiceProcess.ni.dll
+ 2011-04-21 05:48 . 2011-04-21 05:48 680448 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\08d98aec7ecc7d0c28183a0a4997c94b\System.Security.ni.dll
+ 2011-04-21 05:48 . 2011-04-21 05:48 310784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\18ced3e59baca908ea16db98e844f1b3\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-04-21 05:48 . 2011-04-21 05:48 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\463ff993ba5135c2b37189e3cfaa97fb\System.Runtime.Remoting.ni.dll
+ 2011-04-21 05:52 . 2011-04-21 05:52 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\672c61a445d4fe92e630ab84b17a5606\System.Net.ni.dll
+ 2011-04-21 05:49 . 2011-04-21 05:49 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\7b8efe400ddab50139f0ab8273d363b2\System.Messaging.ni.dll
+ 2011-04-21 05:52 . 2011-04-21 05:52 997888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\5c6c9e073f08fa76debb9a63767e6ba8\System.Management.ni.dll
+ 2011-04-21 05:52 . 2011-04-21 05:52 330240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\17c4a4a9c9255f776e8ea43e5bed0c94\System.Management.Instrumentation.ni.dll
+ 2011-04-21 05:52 . 2011-04-21 05:52 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\1da440b5c434c350f88fe090899cd25b\System.IO.Log.ni.dll
+ 2011-04-21 05:49 . 2011-04-21 05:49 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\a89d45a4bd0085b88a8a92fe64e3fab8\System.IdentityModel.Selectors.ni.dll
+ 2011-04-21 05:48 . 2011-04-21 05:48 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\fca069ad864a67762e2bfea8eea64740\System.EnterpriseServices.Wrapper.dll
+ 2011-04-21 05:48 . 2011-04-21 05:48 628224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\fca069ad864a67762e2bfea8eea64740\System.EnterpriseServices.ni.dll
+ 2011-04-21 03:30 . 2011-04-21 03:30 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\0522edfc089a68a99b9f52544800c0ef\System.Drawing.Design.ni.dll
+ 2011-04-21 05:48 . 2011-04-21 05:48 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\81271a63e1c78817c634c9589fd1f747\System.DirectoryServices.Protocols.ni.dll
+ 2011-04-21 05:52 . 2011-04-21 05:52 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\705228ab2638b3f2f6eaddcd8d87ede2\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-04-21 05:52 . 2011-04-21 05:52 938496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e2f652c1ad9789c93d712512239859ee\System.Data.Services.Client.ni.dll
+ 2011-04-21 05:52 . 2011-04-21 05:52 356864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\9b74833713ae0b01ccb111133a05c22c\System.Data.Services.Design.ni.dll
+ 2011-04-21 05:52 . 2011-04-21 05:52 756224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\f06c1185f17d93841b402f1ba301e565\System.Data.Entity.Design.ni.dll
+ 2011-04-21 05:51 . 2011-04-21 05:51 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\b8088b1d7fee92c77ff247a949e31fbf\System.Data.DataSetExtensions.ni.dll
+ 2011-04-21 05:48 . 2011-04-21 05:48 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ffc3cc2a6ed326334ef542719edc1e84\System.Configuration.ni.dll
+ 2011-04-21 05:48 . 2011-04-21 05:48 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\33fc8f547ef190d49a5049d2410170b9\System.Configuration.Install.ni.dll
+ 2011-04-21 05:51 . 2011-04-21 05:51 633344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\80ff46d246fe7e9f144ea61a6e5f6fcb\System.AddIn.ni.dll
+ 2011-04-21 05:52 . 2011-04-21 05:52 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\19ed2fd626cfa1b92c6ec1ecd9eb2602\sysglobl.ni.dll
+ 2011-04-21 05:51 . 2011-04-21 05:51 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\506a48fa09aa95b819c6573cd8d40586\SMSvcHost.ni.exe
+ 2011-04-21 05:49 . 2011-04-21 05:49 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\b0ec3472d6bd70e19f81131fbe773e39\SMDiagnostics.ni.dll
+ 2011-04-21 05:51 . 2011-04-21 05:51 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\d79bcb4ffb091b710434ef667f108c9f\ServiceModelReg.ni.exe
+ 2011-04-21 03:29 . 2011-04-21 03:29 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d8f37cf2cd2b3509e432561f91671722\PresentationFramework.Luna.ni.dll
+ 2011-04-21 03:29 . 2011-04-21 03:29 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\81a4a9a8056aa2fe0f83270d0424eb33\PresentationFramework.Aero.ni.dll
+ 2011-04-21 03:29 . 2011-04-21 03:29 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\536e9d4fa4f2eaf8a5dfa57b649c6146\PresentationFramework.Classic.ni.dll
+ 2011-04-21 03:29 . 2011-04-21 03:29 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0d8c07dc862f5277e8914b71f980ed52\PresentationFramework.Royale.ni.dll
+ 2011-04-21 05:50 . 2011-04-21 05:50 725504 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\9d13084e7fb79fcf2ad3f121d33740e7\napsnap.ni.dll
+ 2011-04-21 05:50 . 2011-04-21 05:50 110080 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\93b3bbf3d61fa78d6d4a31e98b2d43b2\napinit.ni.dll
+ 2011-04-21 05:50 . 2011-04-21 05:50 115712 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\c770f4cb696f9a0b66aabc9949ae9712\naphlpr.ni.dll
+ 2011-04-21 05:49 . 2011-04-21 05:49 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\da227969479e0c69e3ac40e145217de6\MSBuild.ni.exe
+ 2011-04-21 05:50 . 2011-04-21 05:50 283648 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\78efac78565923c5e088cbfbb15982a6\MMCFxCommon.ni.dll
+ 2011-04-21 05:50 . 2011-04-21 05:50 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\c181b3d69a100171d92b98e1885b90d5\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-04-21 05:49 . 2011-04-21 05:49 582656 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\16aa4b46323c24c16dd6371da16f1011\Microsoft.MediaCenter.ni.dll
+ 2011-04-21 05:50 . 2011-04-21 05:50 550912 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\fa04e86b514460fca165d06f94804365\Microsoft.ManagementConsole.ni.dll
+ 2011-04-21 05:50 . 2011-04-21 05:50 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d345ce4369b2e0ef708478fd4c07cb81\Microsoft.Build.Utilities.ni.dll
+ 2011-04-21 05:50 . 2011-04-21 05:50 160768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\9e25bd57e52d5da04528691a71d46756\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-04-21 05:50 . 2011-04-21 05:50 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\a76efc4e5c440df67c54b595de295413\Microsoft.Build.Engine.ni.dll
+ 2011-04-21 05:50 . 2011-04-21 05:50 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\ea6b700fece7dd013c67285475eb7242\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-04-21 05:50 . 2011-04-21 05:50 543744 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\7c3d3626149e458bbae1391934ef31f5\EventViewer.ni.dll
+ 2011-04-21 05:50 . 2011-04-21 05:50 160768 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\b924ec2b8adc0266bfd83874c5369985\ehiExtens.ni.dll
+ 2011-04-21 05:49 . 2011-04-21 05:49 242688 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\588fb4a6ab5000cb07789a925a4c39b5\ehExtHost32.ni.exe
+ 2011-04-21 05:49 . 2011-04-21 05:49 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\999edb26ef0549e17aa69ed4d0d6a8f5\CustomMarshalers.ni.dll
+ 2011-04-21 05:49 . 2011-04-21 05:49 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\45818fdb42238aa8c82e1faee688f02b\ComSvcConfig.ni.exe
+ 2011-04-21 02:54 . 2011-02-22 06:21 1210880 c:\windows\SysWOW64\urlmon.dll
- 2010-12-16 21:41 . 2010-11-02 06:01 1210880 c:\windows\SysWOW64\urlmon.dll
+ 2011-02-24 20:47 . 2010-10-15 13:43 1168000 c:\windows\SysWOW64\ntdll.dll
+ 2011-04-21 02:52 . 2010-12-17 16:43 2067456 c:\windows\SysWOW64\mstscax.dll
+ 2011-04-21 02:54 . 2011-02-22 06:17 5962240 c:\windows\SysWOW64\mshtml.dll
+ 2011-04-21 02:51 . 2011-03-10 16:12 1161728 c:\windows\SysWOW64\mfc42u.dll
+ 2011-04-21 02:51 . 2011-03-10 16:12 1136640 c:\windows\SysWOW64\mfc42.dll
+ 2009-07-18 03:21 . 2011-09-05 02:47 6277280 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
+ 2011-04-21 02:54 . 2011-02-22 06:16 1991680 c:\windows\SysWOW64\iertutil.dll
- 2010-12-16 21:42 . 2010-11-02 05:57 1991680 c:\windows\SysWOW64\iertutil.dll
+ 2011-04-21 02:52 . 2011-02-27 15:53 1062800 c:\windows\system32\winload.exe
- 2010-12-16 21:42 . 2010-11-02 06:27 1147904 c:\windows\system32\wininet.dll
+ 2011-04-21 02:54 . 2011-02-22 06:50 1147904 c:\windows\system32\wininet.dll
+ 2011-04-21 02:52 . 2011-03-03 13:15 2760704 c:\windows\system32\win32k.sys
- 2010-12-16 21:41 . 2010-11-02 06:27 1486848 c:\windows\system32\urlmon.dll
+ 2011-04-21 02:54 . 2011-02-22 06:50 1486848 c:\windows\system32\urlmon.dll
+ 2011-02-24 20:46 . 2010-12-14 16:20 1251840 c:\windows\system32\sdclt.exe
+ 2011-02-24 20:47 . 2010-10-15 14:02 4678032 c:\windows\system32\ntoskrnl.exe
+ 2011-02-24 20:47 . 2010-10-15 13:43 1562008 c:\windows\system32\ntdll.dll
+ 2011-04-21 02:52 . 2010-12-17 17:12 2424320 c:\windows\system32\mstscax.dll
- 2010-12-16 21:42 . 2010-11-02 06:24 1062912 c:\windows\system32\mstime.dll
+ 2011-04-21 02:54 . 2011-02-22 06:47 1062912 c:\windows\system32\mstime.dll
+ 2011-04-21 02:54 . 2011-02-22 06:47 9265664 c:\windows\system32\mshtml.dll
+ 2011-04-21 02:51 . 2011-03-10 16:30 1360384 c:\windows\system32\mfc42u.dll
+ 2011-04-21 02:51 . 2011-03-10 16:30 1398784 c:\windows\system32\mfc42.dll
+ 2011-04-21 02:54 . 2011-02-22 06:46 2340864 c:\windows\system32\iertutil.dll
- 2010-12-16 21:42 . 2010-11-02 06:23 2340864 c:\windows\system32\iertutil.dll
+ 2006-11-02 15:21 . 2011-06-21 01:55 2209168 c:\windows\system32\FNTCACHE.DAT
+ 2010-10-06 22:35 . 2010-06-16 23:28 1414544 c:\windows\system32\drivers\tcpip.sys
+ 2011-04-21 02:52 . 2011-02-27 15:53 1062800 c:\windows\system32\Boot\winload.exe
+ 2006-11-02 15:22 . 2011-02-24 21:04 2866045 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
- 2006-11-02 15:22 . 2010-11-28 07:01 2866045 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2011-04-21 03:04 . 2011-02-12 01:51 9992528 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
+ 2011-04-21 03:04 . 2011-02-12 01:51 4567040 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
- 2010-10-06 22:36 . 2010-05-19 11:36 4567040 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
+ 2011-04-21 03:04 . 2010-10-29 10:52 1576784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
+ 2011-04-21 03:04 . 2011-02-12 01:51 1755480 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscordacwks.dll
+ 2011-04-21 03:04 . 2011-02-12 01:55 5924176 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2011-04-21 03:04 . 2011-02-12 01:55 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2010-10-06 22:36 . 2010-05-19 11:38 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-05-25 00:56 . 2011-05-25 00:56 2230272 c:\windows\Installer\545b22.msi
+ 2011-06-23 15:55 . 2011-06-23 15:55 2295808 c:\windows\Installer\4ae43cc.msi
+ 2011-01-16 21:06 . 2011-01-16 21:06 1583104 c:\windows\Installer\45b4f28.msi
+ 2010-11-21 04:34 . 2010-11-21 04:34 1198080 c:\windows\Installer\275f34.msp
+ 2011-03-18 01:01 . 2011-03-18 01:01 9563648 c:\windows\Installer\275f2b.msp
+ 2011-01-11 22:50 . 2011-01-11 22:50 8177152 c:\windows\Installer\275f22.msp
+ 2010-12-09 20:25 . 2010-12-09 20:25 9625088 c:\windows\Installer\275f19.msp
+ 2011-02-25 19:25 . 2011-02-25 19:25 7968256 c:\windows\Installer\275f04.msp
+ 2011-06-11 09:42 . 2011-06-11 09:42 1561600 c:\windows\Installer\1305fdc4.msi
+ 2011-06-06 17:55 . 2011-06-06 17:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2011-04-21 03:21 . 2011-04-21 03:21 4890624 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\07c3fbd696e16100386048cf0ad265bf\WindowsBase.ni.dll
+ 2011-04-21 05:47 . 2011-04-21 05:47 1461760 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClients#\b4d1d179ff1155950cec6689dfd463bf\UIAutomationClientsideProviders.ni.dll
+ 2011-04-21 03:28 . 2011-04-21 03:28 6948352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml\6788e995bcda5fa6f086a42d156fd327\System.Xml.ni.dll
+ 2011-04-21 05:47 . 2011-04-21 05:47 1754112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\aeaecbc577a805b22c24fd674dac635a\System.WorkflowServices.ni.dll
+ 2011-04-21 03:27 . 2011-04-21 03:27 2701312 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\898de0c0a3d87bd11a063cee6c67e722\System.Workflow.Runtime.ni.dll
+ 2011-04-21 03:27 . 2011-04-21 03:27 5955584 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\e540ed65e0630083fab74e21f96c36e6\System.Workflow.ComponentModel.ni.dll
+ 2011-04-21 03:27 . 2011-04-21 03:27 3892736 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\a505b5236ff8526e9fbf17e683738374\System.Workflow.Activities.ni.dll
+ 2011-04-21 04:56 . 2011-04-21 04:56 2291712 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\6d1e725f48e28f5760f6884967627137\System.Web.Services.ni.dll
+ 2011-04-21 05:47 . 2011-04-21 05:47 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\75d77d3f764478ec73d9137904da2a2d\System.Web.Mobile.ni.dll
+ 2011-04-21 05:47 . 2011-04-21 05:47 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\e4b1c37a66afa451dea9e011fc4e6054\System.Web.Extensions.Design.ni.dll
+ 2011-04-21 05:46 . 2011-04-21 05:46 3045888 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\9f520d0d78717ac0c035ca54687fcce7\System.Web.Extensions.ni.dll
+ 2011-04-21 05:46 . 2011-04-21 05:46 2727936 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Speech\da47d6d21ce1aeefa6c5bcda47f0af98\System.Speech.ni.dll
+ 2011-04-21 05:46 . 2011-04-21 05:46 2240000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\62b6c342d4e95ffafb1059069906e129\System.ServiceModel.Web.ni.dll
+ 2011-04-21 05:00 . 2011-04-21 05:00 3071488 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\3d497955e92859bf4e640de88d76a297\System.Runtime.Serialization.ni.dll
+ 2011-04-21 04:57 . 2011-04-21 04:57 1022976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\a83e488a1934ca80784f99c5bdadc42f\System.Runtime.Remoting.ni.dll
+ 2011-04-21 04:58 . 2011-04-21 04:58 1453568 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\9b79367baefff8472afff85851e0391e\System.Printing.ni.dll
+ 2011-04-21 04:58 . 2011-04-21 04:58 1408512 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\ad9398da3c926d6d84284d330443e641\System.Management.ni.dll
+ 2011-04-21 05:00 . 2011-04-21 05:00 1429504 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\19172582c17ac146990bb9c82cbdc3cd\System.IdentityModel.ni.dll
+ 2011-04-21 04:57 . 2011-04-21 04:57 1081344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\d7f3ec18b743efb5886bd57ef5894282\System.EnterpriseServices.ni.dll
+ 2011-04-21 03:26 . 2011-04-21 03:26 2313216 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\9b93a0edfe321dccb92a45b7f28d0aee\System.Drawing.ni.dll
+ 2011-04-21 05:46 . 2011-04-21 05:46 1219584 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\c6f76d06525ac8c82620abb5fc1bda01\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-04-21 04:57 . 2011-04-21 04:57 1639424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\7a2748ba95aa69d7d715baf11dadbb11\System.DirectoryServices.ni.dll
+ 2011-04-21 04:57 . 2011-04-21 04:57 2433024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\6699f2195e0362aee238da6ca5cd9ca2\System.Deployment.ni.dll
+ 2011-04-21 03:24 . 2011-04-21 03:24 8609280 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data\db24ae80deb48a3e1da22f45f5dac554\System.Data.ni.dll
+ 2011-04-21 04:56 . 2011-04-21 04:56 3463680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\cb94228e097e40827eb057955efc97f7\System.Data.SqlXml.ni.dll
+ 2011-04-21 05:05 . 2011-04-21 05:05 1845248 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\983e0f642fa799c51e32646db5555a46\System.Data.Services.ni.dll
+ 2011-04-21 05:46 . 2011-04-21 05:46 1276928 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\69b0e87f430b89f0b3d464a3c5f75c27\System.Data.Services.Client.ni.dll
+ 2011-04-21 04:57 . 2011-04-21 04:57 1505792 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.OracleC#\6694899246bd95aa59adca866ff8763c\System.Data.OracleClient.ni.dll
+ 2011-04-21 03:25 . 2011-04-21 03:25 3480576 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Linq\17cecae24b21511ebf562ef14affe7be\System.Data.Linq.ni.dll
+ 2011-04-21 05:05 . 2011-04-21 05:05 1078272 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\4b83a036b428b9bc221b372e536679e5\System.Data.Entity.Design.ni.dll
+ 2011-04-21 03:24 . 2011-04-21 03:24 3312128 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\3886d72b5a67ebc719df96d4a17ddc89\System.Core.ni.dll
+ 2011-04-21 04:56 . 2011-04-21 04:56 1308160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\3f4a1e7d426035928993b02cf064ddc4\System.Configuration.ni.dll
+ 2011-04-21 04:58 . 2011-04-21 04:58 3081216 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\0c2736e1d749158d53400dbad89e4489\ReachFramework.ni.dll
+ 2011-04-21 04:58 . 2011-04-21 04:58 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\f76c109f12b15792576d8a9dbd00ffeb\PresentationUI.ni.dll
+ 2011-04-21 05:04 . 2011-04-21 05:04 1882112 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationBuildTa#\eba4587a610cc6e04553f76cb48a072d\PresentationBuildTasks.ni.dll
+ 2011-04-21 05:04 . 2011-04-21 05:04 3482112 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\30b87e8a582d0a4db82f36c7fae2edac\Narrator.ni.exe
+ 2011-04-21 05:03 . 2011-04-21 05:03 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\4b4be43e9377ea3c4521b0e0639ae88d\MMCEx.ni.dll
+ 2011-04-21 05:03 . 2011-04-21 05:03 7833088 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\4f9f9a50789f0e69899395cfe9859a06\MIGUIControls.ni.dll
+ 2011-04-21 04:58 . 2011-04-21 04:58 2173952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\249064fb75e933e3a6325d55b45213f2\Microsoft.VisualBasic.ni.dll
+ 2011-04-21 05:01 . 2011-04-21 05:01 1598976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\48b2645da40edbc0a0d5181ef8cc7363\Microsoft.Transactions.Bridge.ni.dll
+ 2011-04-21 05:01 . 2011-04-21 05:01 7711232 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\3db7417af27ddd0225c477f2b2b2f804\Microsoft.MediaCenter.UI.ni.dll
+ 2011-04-21 04:58 . 2011-04-21 04:58 3213312 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\0111a4c7f9ab1bff7938e3234e13f762\Microsoft.JScript.ni.dll
+ 2011-04-21 05:03 . 2011-04-21 05:03 2357248 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\0e9fb400f58f13fad8d2abca11d5c4fc\Microsoft.Ink.ni.dll
+ 2011-04-21 05:03 . 2011-04-21 05:03 2576384 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\983f561fa77b6a5b150a61c6e7d819b7\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-04-21 05:03 . 2011-04-21 05:03 2217984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\1084e50cd9614886a2d442fc006a57a6\Microsoft.Build.Tasks.ni.dll
+ 2011-04-21 05:03 . 2011-04-21 05:03 1137152 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\6c6afec7a15cd4f991978f64e454b236\Microsoft.Build.Engine.ni.dll
+ 2011-04-21 04:59 . 2011-04-21 04:59 2433024 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\0b416c102d041c05be64300fa9e36765\Microsoft.Build.Engine.ni.dll
+ 2011-04-21 05:02 . 2011-04-21 05:02 2402304 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\48d8203a963cb8e09971e9502ad661d3\ehRecObj.ni.dll
+ 2011-04-21 05:01 . 2011-04-21 05:01 1984000 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiVidCtl\d764fd8c7e72acf829901e90ea665b1e\ehiVidCtl.ni.dll
+ 2011-04-21 05:01 . 2011-04-21 05:01 2885632 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\a88deb1b9491d74e42d10b0f0792341e\ehiProxy.ni.dll
+ 2011-04-21 05:01 . 2011-04-21 05:01 1039872 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiPlay\682beefe377e9991e9539a05a60cb6dd\ehiPlay.ni.dll
+ 2011-04-21 05:01 . 2011-04-21 05:01 3028992 c:\windows\assembly\NativeImages_v2.0.50727_64\ehepg\6f99b89408c9d593185dcc7fede39b80\ehepg.ni.dll
+ 2011-04-21 04:57 . 2011-04-21 04:57 3373568 c:\windows\assembly\NativeImages_v2.0.50727_64\DellDock\d14318ce3806ba9a678b0a90b7dc0648\DellDock.ni.exe
+ 2011-04-21 05:48 . 2011-04-21 05:48 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e0e7f74fa41cf2709b589ed28f8e7fac\WindowsLive.Writer.CoreServices.ni.dll
+ 2011-04-21 05:48 . 2011-04-21 05:48 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9d4f0cff1a51d6cfecc619c0e7bc8cdf\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2011-04-21 05:47 . 2011-04-21 05:47 6394368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5a5529c11787cd6e11bf80c1821bf699\WindowsLive.Writer.PostEditor.ni.dll
+ 2011-04-21 03:28 . 2011-04-21 03:28 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\25d15d5566bd3c4f440c744a47f56f71\WindowsBase.ni.dll
+ 2011-04-21 05:53 . 2011-04-21 05:53 1050112 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\f71c175334cd8f603fba74633d96e307\UIAutomationClientsideProviders.ni.dll
+ 2011-04-21 03:28 . 2011-04-21 03:28 7950336 c:\windows\assembly\NativeImages_v2.0.50727_32\System\cee6fc7ed4cd1f46c4c3cc55c8ec97cf\System.ni.dll
+ 2011-04-21 03:30 . 2011-04-21 03:30 5451264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1239adac4f88a04113308d4eebffcf9\System.Xml.ni.dll
+ 2011-04-21 05:53 . 2011-04-21 05:53 1316864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\793419c7d8cb3c39d40fd7e93952c465\System.WorkflowServices.ni.dll
+ 2011-04-21 03:30 . 2011-04-21 03:30 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\afd92b554bd8876cda583b5edf6ba2db\System.Workflow.Runtime.ni.dll
+ 2011-04-21 03:30 . 2011-04-21 03:30 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\0582f305dbdd9921b9e182e7f83cc334\System.Workflow.ComponentModel.ni.dll
+ 2011-04-21 03:30 . 2011-04-21 03:30 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\0ffcdeb3674532771dc3c9afe25e5bf6\System.Workflow.Activities.ni.dll
+ 2011-04-21 05:48 . 2011-04-21 05:48 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\54d368341225bfe5c18585860720557b\System.Web.Services.ni.dll
+ 2011-04-21 05:52 . 2011-04-21 05:52 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\75ea0dcdb286cdb5f08254200bad7fff\System.Web.Mobile.ni.dll
+ 2011-04-21 05:52 . 2011-04-21 05:52 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\3310e6023d639ecb9597455747a7e306\System.Web.Extensions.ni.dll
+ 2011-04-21 05:52 . 2011-04-21 05:52 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\7ae2dccf0eae5504e26e133038f6d244\System.Speech.ni.dll
+ 2011-04-21 05:52 . 2011-04-21 05:52 1651712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ed7d4c999efefe0d49a48f8cb5b0048b\System.ServiceModel.Web.ni.dll
+ 2011-04-21 05:49 . 2011-04-21 05:49 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\49c527fc1c65391f7ea142df9d1ed127\System.Runtime.Serialization.ni.dll
+ 2011-04-21 05:50 . 2011-04-21 05:50 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\1fd8c1f9b1157f0b1bf41c5f165b23d3\System.Printing.ni.dll
+ 2011-04-21 05:49 . 2011-04-21 05:49 1070592 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\ada410104e8a321bfeca390afde7a6ab\System.IdentityModel.ni.dll
+ 2011-04-21 03:30 . 2011-04-21 03:30 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\14f954120c50dbf09c61874f35c2341a\System.Drawing.ni.dll
+ 2011-04-21 05:48 . 2011-04-21 05:48 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c71a9c892d7233967b1729d9dbb72d3b\System.DirectoryServices.ni.dll
+ 2011-04-21 05:48 . 2011-04-21 05:48 1800704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\ddac7556c68ba9159002ef59e0e390de\System.Deployment.ni.dll
+ 2011-04-21 03:29 . 2011-04-21 03:29 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\304e191389df6b321dd5a3fed81e2720\System.Data.ni.dll
+ 2011-04-21 05:48 . 2011-04-21 05:48 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\bb8ebe7a17cf012a2ae48558f4477243\System.Data.SqlXml.ni.dll
+ 2011-04-21 05:52 . 2011-04-21 05:52 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\af423b4b59a99fcec5b9e7d11f985eb1\System.Data.Services.ni.dll
+ 2011-04-21 05:48 . 2011-04-21 05:48 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\79397e2a15eb1169b73842395f93f657\System.Data.OracleClient.ni.dll
+ 2011-04-21 03:29 . 2011-04-21 03:29 2516992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\4686026a0122918feb6428ab6963ffa4\System.Data.Linq.ni.dll
+ 2011-04-21 05:52 . 2011-04-21 05:52 9921536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\938a643fdf3ef5fe59e64958038cb86e\System.Data.Entity.ni.dll
+ 2011-04-21 03:29 . 2011-04-21 03:29 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\4ee318aa0bae72155d564e033a78d54a\System.Core.ni.dll
+ 2011-04-21 05:50 . 2011-04-21 05:50 2129920 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\b11d42cdf228149b72e2f8615d4ef2c3\ReachFramework.ni.dll
+ 2011-04-21 05:50 . 2011-04-21 05:50 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\04234175fa06dd4a465eee816536a26d\PresentationUI.ni.dll
+ 2011-04-21 05:50 . 2011-04-21 05:50 1451520 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\dc24a2007c53697d911e2a3f25b8dece\PresentationBuildTasks.ni.dll
+ 2011-04-21 05:50 . 2011-04-21 05:50 2539008 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\05ee2b28c66a62cbdd7b9d0e634f5441\Narrator.ni.exe
+ 2011-04-21 05:50 . 2011-04-21 05:50 1535488 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\923baa04509005022e2d0a62f44553e7\MMCEx.ni.dll
+ 2011-04-21 05:50 . 2011-04-21 05:50 6339584 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\9c8c2286b6fc121ade38769bed7f3723\MIGUIControls.ni.dll
+ 2011-04-21 05:50 . 2011-04-21 05:50 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a5d1c5c2ec82415c22da09b6ced952e6\Microsoft.VisualBasic.ni.dll
+ 2011-04-21 05:49 . 2011-04-21 05:49 1093632 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\cf8e35f289ffe9c28050259f700a82c1\Microsoft.Transactions.Bridge.ni.dll
+ 2011-04-21 05:50 . 2011-04-21 05:50 5475328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\53db10a15c1d3ff3b69f56a7f01142f3\Microsoft.MediaCenter.UI.ni.dll
+ 2011-04-21 05:52 . 2011-04-21 05:52 2335232 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\95ff6983e40da121aae56a4bf868bb26\Microsoft.JScript.ni.dll
+ 2011-04-21 05:50 . 2011-04-21 05:50 1355776 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\273d4891d6335692b9fe82ac0da83542\Microsoft.Ink.ni.dll
+ 2011-04-21 05:50 . 2011-04-21 05:50 1620480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\c5f9326f093ac90929a9b2290f494a71\Microsoft.Build.Tasks.ni.dll
+ 2011-04-21 05:50 . 2011-04-21 05:50 1873408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\3bb3b36c84beae676486f1a8415496f2\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-04-21 05:49 . 2011-04-21 05:49 1778688 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\2f9308c457e27fe04519b2287d1e4e75\Microsoft.Build.Engine.ni.dll
- 2010-10-06 22:36 . 2010-05-19 11:36 4567040 c:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-04-21 03:04 . 2011-02-12 01:51 4567040 c:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-04-21 03:04 . 2011-02-12 01:55 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2010-10-06 22:36 . 2010-05-19 11:38 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-02-24 20:47 . 2011-01-21 15:46 11582464 c:\windows\SysWOW64\shell32.dll
+ 2011-04-21 02:54 . 2011-02-22 06:16 11080704 c:\windows\SysWOW64\ieframe.dll
- 2010-12-16 21:42 . 2010-11-02 05:57 11080704 c:\windows\SysWOW64\ieframe.dll
+ 2006-11-02 12:33 . 2011-10-21 21:24 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2006-11-02 12:33 . 2010-12-17 00:34 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2010-10-06 22:35 . 2010-07-26 15:31 12898304 c:\windows\system32\shell32.dll
+ 2011-02-24 20:47 . 2011-01-21 15:56 12898304 c:\windows\system32\shell32.dll
+ 2006-11-02 12:35 . 2011-04-22 20:46 41455560 c:\windows\system32\mrt.exe
+ 2011-04-21 02:54 . 2011-02-22 06:46 12474880 c:\windows\system32\ieframe.dll
+ 2011-09-05 22:01 . 2011-09-05 22:01 13135872 c:\windows\Installer\938e1f6.msp
+ 2011-04-21 03:08 . 2011-04-21 03:08 20314624 c:\windows\Installer\275f55.msp
+ 2011-01-18 02:36 . 2011-01-18 02:36 17520128 c:\windows\Installer\275f49.msp
+ 2011-06-11 09:44 . 2011-06-11 09:44 14571008 c:\windows\Installer\1305fdec.msi
+ 2011-06-06 17:55 . 2011-06-06 17:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
+ 2011-04-21 03:20 . 2011-04-21 03:20 10596352 c:\windows\assembly\NativeImages_v2.0.50727_64\System\db5d151d1c7f35ae64ae0212c8efd378\System.ni.dll
+ 2011-04-21 03:27 . 2011-04-21 03:27 17377280 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\25a0dc552c9d31b32a59864e4a8ec461\System.Windows.Forms.ni.dll
+ 2011-04-21 04:57 . 2011-04-21 04:57 15221248 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\3bc2e9926aae639a81b504f34d3ffe00\System.Web.ni.dll
+ 2011-04-21 05:00 . 2011-04-21 05:00 23812096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\f17e90da13589bd88543874c832fe822\System.ServiceModel.ni.dll
+ 2011-04-21 03:25 . 2011-04-21 03:26 13718016 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\3e6830ae2cce103c63babb47f1c5eb1b\System.Design.ni.dll
+ 2011-04-21 05:05 . 2011-04-21 05:05 13759488 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity\a6d79124cb8f894145e9c71afd8246b4\System.Data.Entity.ni.dll
+ 2011-04-21 03:23 . 2011-04-21 03:23 19175424 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\3aab834a8447be6b32ed619bb60ffdf6\PresentationFramework.ni.dll
+ 2011-04-21 03:22 . 2011-04-21 03:22 16513024 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\d60767c40183141537a14cb8e72005a3\PresentationCore.ni.dll
+ 2011-04-21 03:20 . 2011-04-21 03:20 15569408 c:\windows\assembly\NativeImages_v2.0.50727_64\mscorlib\b82c91160253fa8860bd0502d3a9b99a\mscorlib.ni.dll
+ 2011-04-21 04:59 . 2011-04-21 04:59 22171136 c:\windows\assembly\NativeImages_v2.0.50727_64\MenuSkinning\ed55627c2cd8d6eb877a55de61d495f3\MenuSkinning.ni.dll
+ 2011-04-21 05:02 . 2011-04-21 05:02 15815168 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\a36280d249995044e0932a112478157b\ehshell.ni.dll
+ 2011-04-21 03:30 . 2011-04-21 03:30 12432896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3003b534f8e67f7fbb9c044a8c12e771\System.Windows.Forms.ni.dll
+ 2011-04-21 05:48 . 2011-04-21 05:48 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\b15487360395d2fbaaf63e81e7f13182\System.Web.ni.dll
+ 2011-04-21 05:49 . 2011-04-21 05:49 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\fe2870166567412cfcf3d36eb5240ba6\System.ServiceModel.ni.dll
+ 2011-04-21 03:30 . 2011-04-21 03:30 10685952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\224d69bcdb885761f6dd34fdf3ec9f7d\System.Design.ni.dll
+ 2011-04-21 03:29 . 2011-04-21 03:29 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2472579e82d5de12ec239d650f442eee\PresentationFramework.ni.dll
+ 2011-04-21 03:29 . 2011-04-21 03:29 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\9f46edcd52359add019079c0fc80fec6\PresentationCore.ni.dll
+ 2011-04-21 03:28 . 2011-04-21 03:28 11492352 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ef1035a95ea3331442da5ef1d3e467a3\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Taskbar Shuffle"="c:\program files\Taskbar Shuffle\taskbarshuffle.exe" [2009-04-29 2384971]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2009-07-27 341312]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R3 busbcrw;USB Card Reader Writer driver;c:\windows\system32\Drivers\bucrw64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-07-15 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-07-15 79360]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\10E6.tmp [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 PCD5SRVC{048DBD20-445E8C82-05040104};PCD5SRVC{048DBD20-445E8C82-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms [2008-11-04 28152]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2009-07-15 79360]
R3 Uxsidekrsd;Uxsidekrsd; [x]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340); [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]
S2 aksdf;aksdf;c:\windows\system32\DRIVERS\aksdf.sys [x]
S2 Apache2.2;Remote Access Media Server;c:\program files (x86)\Common Files\Dell\apache\bin\httpd.exe [2007-09-21 15872]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 dsl-db;Remote Access DB;c:\program files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe [2007-09-14 5730304]
S2 dsl-fs-sync;Remote Access File Sync Service;c:\program files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [2009-04-13 189680]
S2 FileManagerFun;FileManagerFun;c:\program files\DriveHQ\DriveHQ FileManager\DHQFMSvc.exe [2011-01-27 55808]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-04-17 636144]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc [x]
S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-31 305664]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-31 154648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-31 227352]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-31 202264]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2006-11-02 46592]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
"combofix"="c:\combofix\CF7965.3XE" [2008-01-21 363008]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 0.0.0.0:80
IE: Open with WordPerfect - c:\program files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
TCP: DhcpNameServer = 166.102.165.11 166.102.165.13
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\2mtmaghv.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: LittleFox: {29852C08-1E91-4889-A6BF-C77F91D6A8F3} - %profile%\extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}
FF - Ext: Classic Compact Options: notreal.ccoptions@environmentalchemistry.com - %profile%\extensions\notreal.ccoptions@environmentalchemistry.com
FF - Ext: Upromise TurboSaver: FFToolbar@upromise - %profile%\extensions\FFToolbar@upromise
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Amazon Toolbar: amznUWL@amazon.com - %profile%\extensions\amznUWL@amazon.com
FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
FF - Ext: BlockSite: {dd3d7613-0246-469d-bc65-2a3cc1668adc} - %profile%\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
FF - Ext: <![CDATA[1-ClickWeather]]>: {DCBD1271-D228-4082-9FBC-36D9B7660B03} - %profile%\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
FF - Ext: Classic Compact: {D46E8522-6E86-44b1-A622-58C0668AD78E} - %profile%\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe
AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files (x86)\DivX\DivXPlayerUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\10E6.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{048DBD20-445E8C82-05040104}]
"ImagePath"="\??\c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0b\06\13\02*\06?"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\hasplms.exe
c:\program files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2011-11-20 15:22:04 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-20 21:21
ComboFix2.txt 2011-01-10 00:01
.
Pre-Run: 12,569,112,576 bytes free
Post-Run: 12,172,763,136 bytes free
.
- - End Of File - - 809BEC07942F047DB5465E357E190836

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:14 PM

Posted 21 November 2011 - 09:59 AM

You can now Enable the CD Emulators

==

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please let me know of any remaining issues with this computer.

#12 PaedragGaidin

PaedragGaidin
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Little Rock, Arkansas
  • Local time:07:14 PM

Posted 22 November 2011 - 10:50 PM

Will run in the morning. :)

#13 PaedragGaidin

PaedragGaidin
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Little Rock, Arkansas
  • Local time:07:14 PM

Posted 24 November 2011 - 01:02 AM

Ok, here is the log. The pop-ups are gone, but I am still getting redirects on Firefox.

Results of screen317's Security Check version 0.99.28
Windows Vista x64 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

WinPatrol 2009 (Outdated! Latest version is WinPatrol 2011)
Malwarebytes' Anti-Malware
CCleaner (remove only)
TweakNow RegCleaner
Java™ 6 Update 23
Java version out of date!
Adobe Flash Player ( 10.3.183.7) Flash Player out of Date!
Adobe Reader X (10.1.1)
Mozilla Firefox ((3.6.13)) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
WinPatrol winpatrol.exe
Spybot Teatimer.exe is disabled!
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
BillP Studios WinPatrol WinPatrol.exe
``````````End of Log````````````

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:14 PM

Posted 24 November 2011 - 09:16 AM

http://support.microsoft.com/lifecycle/search/?sort=PN&alpha=WINDOWS+vista
Support for Windows Vista without any service packs has ended on April 13, 2010.
Windows Vista Service Pack 1 support ended on 12/07/2011

For continued security support from Microsoft get the Service Pack 2.
http://support.microsoft.com/kb/935791

As indicated on the Micosoft page SP1 must be installed before proceeding to install SP2.
You will find the necessary link on the page.
===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java SE Runtime Environment 6 Update 27.
  • In the box labeled "Java Platform, Standard Edition", click the "Download JRE" button to the right.
  • In the Window that opens, select Windows (or Windows x64), and check the "agree" box and click "Continue".
  • Click on the link to download Windows Offline Installation and save to your Desktop.
  • Then from your Desktop double-click on jre-6u27-windows-i586.exe that you have downloaded to install the newest version.

    For the x64 bit version download this on jre-6u27-windows-x64.exe). Make sure you download the correct version.

    - Note: If you are running Vista or Windows 7, you may need to right-click on the installation file and select Run as Administrator.

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 23

===

Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.10 and earlier versions... being exploited in the wild in active targeted attacks... update to Adobe Adobe Flash Player 11.0.1.152

Flash Player 11.0.1.152

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

>>> Download to your Desktop GooredFix by jpshortstuff from here or here
Ensure all Firefox windows are closed and right-click on GooredFix.exe and select Run As Administrator. Click Yes when prompted to run the scan.
GooredFix will check for infections, and then a log will appear and can also be found on your desktop, called GooredFix.txt.
Please copy and paste the contents of this log in your next reply.

p.s. On a Vista or Windows 7 computer right-click and select Run As Administrator.

#15 PaedragGaidin

PaedragGaidin
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Little Rock, Arkansas
  • Local time:07:14 PM

Posted 26 November 2011 - 12:52 AM

Starting these now....




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users