Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browsers Redirecting


  • This topic is locked This topic is locked
31 replies to this topic

#1 Kiki21

Kiki21

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 15 February 2012 - 11:03 AM

I have been handed a colleague's laptop that is having major problems with the browsers redirecting to random sites such as 'Easy A-Z' Apparently she has been having problems with pop-ups and received 'help' from her son before handing it to me.
I have run a virus scan, malwarebytes and other spyware removal tools with no luck

It runs XP and has McAfee, which are both up to date

I have run DeFogger, DDS & GMER and have attached the files

I am posting from another computer

Thank you in advance

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Teacher at 14:17:27 on 2012-02-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.93 [GMT 0:00]
.
AV: McAfee VirusScan Enterprise+AntiSpyware Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SMART Board Software\SMARTBoardService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\WINDOWS\system32\DrvMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SMART Board Software\SMARTBoardTools.exe
C:\Program Files\SMART Board Software\Aware.exe
C:\Program Files\SMART Board Software\Marker.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\SMART Technologies Inc\SMART Product Update\SmartProductUpdate.exe
C:\Program Files\McAfee\Common Framework\McScript_InUse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bbc.co.uk/
uInternet Connection Wizard,ShellNext = hxxp://www.euro.dell.com/
uInternet Settings,ProxyServer = ftp=proxy.intra.thegrid.org.uk:3128;http=wf1.thegrid.org.uk:80;https=wf1.thegrid.org.uk:80
uInternet Settings,ProxyOverride = hccwdprd2.*;*.klp.rm.com;NAI-Update;<local>
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart board software\NotebookPlugin.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111116084730.dll
uRun: [DrvMon.exe] c:\windows\system32\DrvMon.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [Broadbandadvisor.exe] "c:\program files\virgin broadband\advisor\Broadbandadvisor.exe" /AUTORUN
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smartb~1.lnk - c:\program files\smart board software\SMARTBoardTools.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{26F79A22-BAAF-49B8-80D6-B0F2F0E43D9D} : DhcpNameServer = 192.168.1.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\teacher\application data\mozilla\firefox\profiles\rr3nf63m.default\
FF - prefs.js: network.proxy.ftp - proxy.intra.thegrid.org.uk
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - wf1.thegrid.org.uk
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.ssl - wf1.thegrid.org.uk
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-9-9 461864]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-9-9 89624]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2011-11-15 132672]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-9-9 166024]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2011-1-12 209760]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-9-9 148520]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-9-9 180072]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-9-9 59288]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-9-9 87808]
S4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
.
=============== Created Last 30 ================
.
2012-02-14 11:11:21 -------- d-----w- c:\windows\system32\XPSViewer
2012-02-14 11:10:33 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-02-14 11:09:46 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-02-14 11:09:46 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-02-14 11:09:46 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-02-14 11:09:46 117760 ------w- c:\windows\system32\prntvpt.dll
2012-02-14 11:09:45 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-02-14 11:09:45 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-02-14 11:09:44 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-02-14 11:09:44 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2012-02-14 11:09:42 -------- d-----w- C:\e2338e0525d7446be2abb1
2012-02-14 11:03:34 -------- d-----w- c:\documents and settings\teacher\application data\Windows Desktop Search
2012-02-14 11:02:30 -------- d-----w- c:\program files\Windows Desktop Search
2012-02-14 11:02:29 -------- d-----w- c:\windows\system32\GroupPolicy
2012-02-14 10:59:35 -------- d-----w- c:\program files\Windows Media Connect 2
2012-02-14 10:56:51 -------- d-----w- c:\windows\system32\LogFiles
2012-02-14 10:17:40 -------- d-sha-r- C:\cmdcons
2012-02-14 10:14:23 208896 ----a-w- c:\windows\MBR.exe
2012-02-14 10:14:19 98816 ----a-w- c:\windows\sed.exe
2012-02-14 10:14:19 518144 ----a-w- c:\windows\SWREG.exe
2012-02-14 10:14:19 256000 ----a-w- c:\windows\PEV.exe
2012-02-13 23:08:31 2321288 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\backup\mpengine.dll
2012-02-13 23:07:53 6557240 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{0a7bc85c-eea9-4131-ad0e-7ffed8b4d904}\mpengine.dll
2012-02-13 23:07:51 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-13 22:18:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-13 22:18:19 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-02-13 15:11:27 -------- d-----w- c:\windows\system32\appmgmt
2012-02-13 15:10:16 266240 ----a-w- c:\windows\system32\hpdj5100
2012-02-13 14:35:28 -------- d-----w- c:\documents and settings\teacher\application data\GlarySoft
2012-02-13 14:25:36 -------- d-----w- c:\documents and settings\teacher\application data\SUPERAntiSpyware.com
2012-02-13 14:25:36 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-02-13 14:23:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-13 14:22:43 -------- d-----w- c:\documents and settings\teacher\local settings\application data\Mozilla
2012-02-13 14:22:39 -------- d-----w- c:\program files\Glary Utilities
2012-02-13 14:12:15 -------- d-sh--w- c:\documents and settings\teacher\IECompatCache
2012-02-13 14:11:56 -------- d-sh--w- c:\documents and settings\teacher\PrivacIE
2012-02-13 14:09:23 -------- d-sh--w- c:\documents and settings\teacher\IETldCache
2012-02-13 13:41:06 6144 ------w- c:\windows\system32\dllcache\iecompat.dll
2012-02-13 13:36:14 -------- d-----w- c:\windows\ie8updates
2012-02-13 13:32:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2012-02-13 13:32:18 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2012-02-13 13:32:18 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-02-13 13:32:13 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2012-02-13 13:32:13 2000384 ------w- c:\windows\system32\dllcache\iertutil.dll
2012-02-13 13:32:09 11081728 ------w- c:\windows\system32\dllcache\ieframe.dll
2012-02-13 13:32:08 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2012-02-13 13:28:01 -------- dc-h--w- c:\windows\ie8
2012-02-12 04:42:58 102400 --sha-r- c:\windows\system32\msimtfk.dll
2012-01-26 11:06:12 -------- d-----w- C:\spoolerlogs
.
==================== Find3M ====================
.
2011-12-10 15:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
.
============= FINISH: 14:18:32.15 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:49 AM

Posted 15 February 2012 - 07:02 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Kiki21

Kiki21
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 15 February 2012 - 07:13 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Teacher at 14:17:27 on 2012-02-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.93 [GMT 0:00]
.
AV: McAfee VirusScan Enterprise+AntiSpyware Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SMART Board Software\SMARTBoardService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\WINDOWS\system32\DrvMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SMART Board Software\SMARTBoardTools.exe
C:\Program Files\SMART Board Software\Aware.exe
C:\Program Files\SMART Board Software\Marker.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\SMART Technologies Inc\SMART Product Update\SmartProductUpdate.exe
C:\Program Files\McAfee\Common Framework\McScript_InUse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bbc.co.uk/
uInternet Connection Wizard,ShellNext = hxxp://www.euro.dell.com/
uInternet Settings,ProxyServer = ftp=proxy.intra.thegrid.org.uk:3128;http=wf1.thegrid.org.uk:80;https=wf1.thegrid.org.uk:80
uInternet Settings,ProxyOverride = hccwdprd2.*;*.klp.rm.com;NAI-Update;<local>
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart board software\NotebookPlugin.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111116084730.dll
uRun: [DrvMon.exe] c:\windows\system32\DrvMon.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [Broadbandadvisor.exe] "c:\program files\virgin broadband\advisor\Broadbandadvisor.exe" /AUTORUN
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smartb~1.lnk - c:\program files\smart board software\SMARTBoardTools.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{26F79A22-BAAF-49B8-80D6-B0F2F0E43D9D} : DhcpNameServer = 192.168.1.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\teacher\application data\mozilla\firefox\profiles\rr3nf63m.default\
FF - prefs.js: network.proxy.ftp - proxy.intra.thegrid.org.uk
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - wf1.thegrid.org.uk
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.ssl - wf1.thegrid.org.uk
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-9-9 461864]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-9-9 89624]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2011-11-15 132672]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-9-9 166024]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2011-1-12 209760]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-9-9 148520]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-9-9 180072]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-9-9 59288]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-9-9 87808]
S4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
.
=============== Created Last 30 ================
.
2012-02-14 11:11:21 -------- d-----w- c:\windows\system32\XPSViewer
2012-02-14 11:10:33 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-02-14 11:09:46 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-02-14 11:09:46 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-02-14 11:09:46 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-02-14 11:09:46 117760 ------w- c:\windows\system32\prntvpt.dll
2012-02-14 11:09:45 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-02-14 11:09:45 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-02-14 11:09:44 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-02-14 11:09:44 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2012-02-14 11:09:42 -------- d-----w- C:\e2338e0525d7446be2abb1
2012-02-14 11:03:34 -------- d-----w- c:\documents and settings\teacher\application data\Windows Desktop Search
2012-02-14 11:02:30 -------- d-----w- c:\program files\Windows Desktop Search
2012-02-14 11:02:29 -------- d-----w- c:\windows\system32\GroupPolicy
2012-02-14 10:59:35 -------- d-----w- c:\program files\Windows Media Connect 2
2012-02-14 10:56:51 -------- d-----w- c:\windows\system32\LogFiles
2012-02-14 10:17:40 -------- d-sha-r- C:\cmdcons
2012-02-14 10:14:23 208896 ----a-w- c:\windows\MBR.exe
2012-02-14 10:14:19 98816 ----a-w- c:\windows\sed.exe
2012-02-14 10:14:19 518144 ----a-w- c:\windows\SWREG.exe
2012-02-14 10:14:19 256000 ----a-w- c:\windows\PEV.exe
2012-02-13 23:08:31 2321288 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\backup\mpengine.dll
2012-02-13 23:07:53 6557240 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{0a7bc85c-eea9-4131-ad0e-7ffed8b4d904}\mpengine.dll
2012-02-13 23:07:51 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-13 22:18:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-13 22:18:19 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-02-13 15:11:27 -------- d-----w- c:\windows\system32\appmgmt
2012-02-13 15:10:16 266240 ----a-w- c:\windows\system32\hpdj5100
2012-02-13 14:35:28 -------- d-----w- c:\documents and settings\teacher\application data\GlarySoft
2012-02-13 14:25:36 -------- d-----w- c:\documents and settings\teacher\application data\SUPERAntiSpyware.com
2012-02-13 14:25:36 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-02-13 14:23:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-13 14:22:43 -------- d-----w- c:\documents and settings\teacher\local settings\application data\Mozilla
2012-02-13 14:22:39 -------- d-----w- c:\program files\Glary Utilities
2012-02-13 14:12:15 -------- d-sh--w- c:\documents and settings\teacher\IECompatCache
2012-02-13 14:11:56 -------- d-sh--w- c:\documents and settings\teacher\PrivacIE
2012-02-13 14:09:23 -------- d-sh--w- c:\documents and settings\teacher\IETldCache
2012-02-13 13:41:06 6144 ------w- c:\windows\system32\dllcache\iecompat.dll
2012-02-13 13:36:14 -------- d-----w- c:\windows\ie8updates
2012-02-13 13:32:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2012-02-13 13:32:18 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2012-02-13 13:32:18 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-02-13 13:32:13 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2012-02-13 13:32:13 2000384 ------w- c:\windows\system32\dllcache\iertutil.dll
2012-02-13 13:32:09 11081728 ------w- c:\windows\system32\dllcache\ieframe.dll
2012-02-13 13:32:08 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2012-02-13 13:28:01 -------- dc-h--w- c:\windows\ie8
2012-02-12 04:42:58 102400 --sha-r- c:\windows\system32\msimtfk.dll
2012-01-26 11:06:12 -------- d-----w- C:\spoolerlogs
.
==================== Find3M ====================
.
2011-12-10 15:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
.
============= FINISH: 14:18:32.15 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 21/10/2005 13:04:30
System Uptime: 15/02/2012 13:54:27 (1 hours ago)
.
Motherboard: Dell Inc. | | 0N8719
Processor: Intel® Pentium® M processor 1.73GHz | Microprocessor | 1729/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 56 GiB total, 41.609 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP12: 14/02/2012 12:15:53 - System Checkpoint
RP13: 14/02/2012 12:56:35 - Removed Primary Target Tracker 11.3
RP14: 14/02/2012 13:03:44 - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
1999 World Book (International)
2Simple Music Toolkit
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
ALPS Touch Pad Driver
Amazing Animals
Become a World Explorer
Brain Buster Quiz
Broadcom Management Programs 2
BroadJump Client Foundation
Business Contact Manager for Outlook 2003
CCleaner
Conexant D110 MDC V.9x Modem
Digital Blue™ PC Digital Movie Creator
Digital Line Detect
DirectX Media Runtime 5.1
Easiteach
Easiteach Maths Content
Epson Event Manager
EPSON Scan
EPSON SX125 Series Manual
EPSON SX125 Series Printer Uninstall
Folens Accessing Series History_4 Module 2
Full Marks KS2 Spelling
Full Marks KS2 Vocabulary
GCaD Dwr NGfL Water
Glary Utilities 2.39.0.1310
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Memories Disc
HP Photo and Imaging 2.0 - Deskjet Series
hp print screen utility
Intel® Graphics Media Accelerator Driver for Mobile
Intel® Play™ QX3™ Computer Microscope
Intel® PROSet/Wireless Software
Intel® System Information Viewer
InterActual Player
Internal Network Card Power Management
InterWrite
Java 2 Runtime Environment, SE v1.4.2_03
Key Stage 2 Spelling
Key Stage 2 Tables
Key Stage Two Science
KONICA MINOLTA magicolor 5430DL
Malwarebytes Anti-Malware version 1.60.1.1000
Mapping Skills
Mavis Beacon Teaches Typing - Version 8
McAfee Agent
McAfee VirusScan Enterprise
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Mozilla Firefox 10.0.1 (x86 en-GB)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mToolkit
Mult-e-Maths Primary Maths Toolbox
mWlsSafe
mXML
mZConfig
NetWaiting
PowerDVD 5.1
Primary Target Tracker 11.9
Pupil Achievement Tracker
Pupil Achievement Tracker Question Papers 2005
Puzzler Sudoku
QuickSet
QuickTime
QuickTime 3.0
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2586448)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618444)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sellardore Tales
Senior Word Games
SMART Essentials for Educators
Sonic RecordNow! Plus
Sonic Update Manager
Spelling CD-ROM 2
Spybot - Search & Destroy
SUPERAntiSpyware
Testbase Key Stage 1 Mathematics
Testbase Key Stage 2 Mathematics
The Electronic Library
Think & Talk French
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
VideoLAN VLC media player 0.8.6d
Virgin Broadband advisor 1.5.14
Virgin Media Broadband Help
WebFldrs XP
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
Wordshark 4
.
==== Event Viewer Messages From Past Week ========
.
15/02/2012 14:09:54, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
15/02/2012 12:43:48, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV Fips intelppm SASDIFSV SASKUTIL
13/02/2012 20:25:20, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
13/02/2012 16:22:05, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
13/02/2012 16:19:41, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
13/02/2012 16:14:35, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
13/02/2012 15:59:09, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV Fips intelppm IPSec mfehidk mfetdi2k MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
13/02/2012 15:59:09, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
13/02/2012 15:59:09, error: Service Control Manager [7001] - The SMART Board Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
13/02/2012 15:59:09, error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
13/02/2012 15:59:09, error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
13/02/2012 15:59:09, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
13/02/2012 15:59:09, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
13/02/2012 15:59:09, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
13/02/2012 15:59:08, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
13/02/2012 15:59:01, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
13/02/2012 14:09:48, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
13/02/2012 14:09:45, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
12/02/2012 15:36:24, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0013CE65BF46. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
08/02/2012 09:00:36, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
.
==== End Of File ===========================



As per my original post:
I have been handed a colleague's laptop that is having major problems with the browsers redirecting to random sites such as 'Easy A-Z' Apparently she has been having problems with pop-ups and received 'help' from her son before handing it to me.
I have run a virus scan, malwarebytes and other spyware removal tools with no luck

It runs XP and has McAfee, which are both up to date

I have not done anything else with it so these logs are still the same

#4 Kiki21

Kiki21
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 15 February 2012 - 07:57 PM

It is late here now so will have to pick this up tomorrow

Just to let you know I am having difficulty disabling the antivirus. It is a version of McAfee provided by an IT department.It has no way of disabling from the Taskbar and from within the VirusScan Console the user interface is locked by a password that I do not have access to at the moment.I could uninstall it if needed and would be able to reinstall it later.

Thank you for your help

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:49 AM

Posted 15 February 2012 - 09:03 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Kiki21

Kiki21
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 16 February 2012 - 05:00 AM

09:01:49.0000 1772 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
09:01:49.0093 1772 ============================================================
09:01:49.0093 1772 Current date / time: 2012/02/16 09:01:49.0093
09:01:49.0093 1772 SystemInfo:
09:01:49.0093 1772
09:01:49.0093 1772 OS Version: 5.1.2600 ServicePack: 3.0
09:01:49.0093 1772 Product type: Workstation
09:01:49.0093 1772 ComputerName: PTO01
09:01:49.0093 1772 UserName: Teacher
09:01:49.0093 1772 Windows directory: C:\WINDOWS
09:01:49.0093 1772 System windows directory: C:\WINDOWS
09:01:49.0093 1772 Processor architecture: Intel x86
09:01:49.0093 1772 Number of processors: 1
09:01:49.0093 1772 Page size: 0x1000
09:01:49.0093 1772 Boot type: Normal boot
09:01:49.0093 1772 ============================================================
09:01:52.0796 1772 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:01:52.0812 1772 \Device\Harddisk0\DR0:
09:01:52.0812 1772 MBR used
09:01:52.0812 1772 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2738A, BlocksNum 0x6F9CA35
09:01:52.0890 1772 Initialize success
09:01:52.0890 1772 ============================================================
09:02:16.0750 1836 ============================================================
09:02:16.0750 1836 Scan started
09:02:16.0750 1836 Mode: Manual;
09:02:16.0750 1836 ============================================================
09:02:17.0000 1836 Abiosdsk - ok
09:02:17.0046 1836 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
09:02:17.0062 1836 abp480n5 - ok
09:02:17.0109 1836 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:02:17.0125 1836 ACPI - ok
09:02:17.0171 1836 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:02:17.0171 1836 ACPIEC - ok
09:02:17.0218 1836 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:02:17.0218 1836 adpu160m - ok
09:02:17.0265 1836 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:02:17.0281 1836 aec - ok
09:02:17.0359 1836 AegisP (076394a345ee5e9e3911fc0f058f4f38) C:\WINDOWS\system32\DRIVERS\AegisP.sys
09:02:17.0359 1836 AegisP - ok
09:02:17.0437 1836 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:02:17.0437 1836 AFD - ok
09:02:17.0515 1836 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
09:02:17.0515 1836 AFS2K - ok
09:02:17.0562 1836 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
09:02:17.0593 1836 agp440 - ok
09:02:17.0796 1836 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
09:02:17.0796 1836 agpCPQ - ok
09:02:17.0828 1836 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
09:02:17.0828 1836 Aha154x - ok
09:02:17.0859 1836 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
09:02:17.0859 1836 aic78u2 - ok
09:02:17.0890 1836 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
09:02:17.0890 1836 aic78xx - ok
09:02:17.0953 1836 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
09:02:17.0953 1836 AliIde - ok
09:02:17.0984 1836 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
09:02:17.0984 1836 alim1541 - ok
09:02:18.0015 1836 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
09:02:18.0015 1836 amdagp - ok
09:02:18.0046 1836 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
09:02:18.0046 1836 amsint - ok
09:02:18.0093 1836 ApfiltrService (aeb775a2bae0f392ba6adc0bb706233a) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
09:02:18.0093 1836 ApfiltrService - ok
09:02:18.0171 1836 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
09:02:18.0171 1836 APPDRV - ok
09:02:18.0203 1836 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:02:18.0218 1836 Arp1394 - ok
09:02:18.0328 1836 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
09:02:18.0328 1836 asc - ok
09:02:18.0343 1836 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
09:02:18.0343 1836 asc3350p - ok
09:02:18.0375 1836 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
09:02:18.0375 1836 asc3550 - ok
09:02:18.0421 1836 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:02:18.0421 1836 AsyncMac - ok
09:02:18.0484 1836 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:02:18.0484 1836 atapi - ok
09:02:18.0515 1836 Atdisk - ok
09:02:18.0562 1836 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:02:18.0562 1836 Atmarpc - ok
09:02:18.0609 1836 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:02:18.0609 1836 audstub - ok
09:02:18.0703 1836 bcm4sbxp (78123f44be9e4768852a3a017e02d637) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
09:02:18.0703 1836 bcm4sbxp - ok
09:02:18.0734 1836 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:02:18.0734 1836 Beep - ok
09:02:18.0765 1836 bvrp_pci - ok
09:02:19.0000 1836 catchme - ok
09:02:19.0046 1836 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
09:02:19.0046 1836 cbidf - ok
09:02:19.0062 1836 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:02:19.0062 1836 cbidf2k - ok
09:02:19.0109 1836 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
09:02:19.0125 1836 cd20xrnt - ok
09:02:19.0140 1836 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:02:19.0140 1836 Cdaudio - ok
09:02:19.0171 1836 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:02:19.0171 1836 Cdfs - ok
09:02:19.0218 1836 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:02:19.0218 1836 Cdrom - ok
09:02:19.0234 1836 Changer - ok
09:02:19.0437 1836 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
09:02:19.0484 1836 CmBatt - ok
09:02:19.0859 1836 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:02:19.0859 1836 CmdIde - ok
09:02:19.0953 1836 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
09:02:19.0953 1836 Compbatt - ok
09:02:20.0000 1836 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
09:02:20.0000 1836 Cpqarray - ok
09:02:20.0046 1836 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
09:02:20.0062 1836 dac2w2k - ok
09:02:20.0093 1836 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
09:02:20.0093 1836 dac960nt - ok
09:02:20.0140 1836 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:02:20.0140 1836 Disk - ok
09:02:20.0203 1836 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:02:20.0265 1836 dmboot - ok
09:02:20.0421 1836 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:02:20.0421 1836 dmio - ok
09:02:20.0531 1836 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:02:20.0531 1836 dmload - ok
09:02:20.0593 1836 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:02:20.0593 1836 DMusic - ok
09:02:20.0640 1836 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
09:02:20.0640 1836 dpti2o - ok
09:02:20.0687 1836 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:02:20.0703 1836 drmkaud - ok
09:02:20.0750 1836 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:02:20.0765 1836 E100B - ok
09:02:20.0781 1836 EntDrv51 - ok
09:02:20.0843 1836 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:02:20.0875 1836 Fastfat - ok
09:02:20.0953 1836 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:02:20.0953 1836 Fdc - ok
09:02:21.0000 1836 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:02:21.0015 1836 Fips - ok
09:02:21.0062 1836 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:02:21.0062 1836 Flpydisk - ok
09:02:21.0093 1836 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:02:21.0109 1836 FltMgr - ok
09:02:21.0234 1836 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:02:21.0234 1836 Fs_Rec - ok
09:02:21.0312 1836 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:02:21.0312 1836 Ftdisk - ok
09:02:21.0375 1836 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:02:21.0375 1836 Gpc - ok
09:02:21.0437 1836 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:02:21.0437 1836 HidUsb - ok
09:02:21.0484 1836 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
09:02:21.0484 1836 hpn - ok
09:02:21.0562 1836 HSFHWICH (140ba850417896b6b3322048de280368) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
09:02:21.0562 1836 HSFHWICH - ok
09:02:21.0640 1836 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
09:02:21.0671 1836 HSF_DP - ok
09:02:21.0765 1836 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:02:21.0765 1836 HTTP - ok
09:02:21.0953 1836 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
09:02:21.0953 1836 i2omgmt - ok
09:02:22.0000 1836 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
09:02:22.0000 1836 i2omp - ok
09:02:22.0015 1836 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:02:22.0015 1836 i8042prt - ok
09:02:22.0140 1836 ialm (737da0be27652c4482ac5cde099bfce9) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
09:02:22.0171 1836 ialm - ok
09:02:22.0203 1836 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:02:22.0203 1836 Imapi - ok
09:02:22.0265 1836 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
09:02:22.0265 1836 ini910u - ok
09:02:22.0328 1836 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:02:22.0328 1836 IntelIde - ok
09:02:22.0375 1836 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:02:22.0375 1836 intelppm - ok
09:02:22.0421 1836 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:02:22.0421 1836 Ip6Fw - ok
09:02:22.0531 1836 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:02:22.0578 1836 IpFilterDriver - ok
09:02:23.0796 1836 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:02:23.0796 1836 IpInIp - ok
09:02:23.0843 1836 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:02:23.0843 1836 IpNat - ok
09:02:23.0921 1836 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:02:23.0921 1836 IPSec - ok
09:02:23.0968 1836 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:02:23.0968 1836 IRENUM - ok
09:02:24.0015 1836 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:02:24.0015 1836 isapnp - ok
09:02:24.0078 1836 IWCA (872d090ca5c306f62d1982bce6302376) C:\WINDOWS\system32\DRIVERS\iwca.sys
09:02:24.0078 1836 IWCA - ok
09:02:24.0109 1836 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:02:24.0125 1836 Kbdclass - ok
09:02:24.0140 1836 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:02:24.0140 1836 kmixer - ok
09:02:24.0203 1836 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:02:24.0203 1836 KSecDD - ok
09:02:24.0234 1836 lbrtfdc - ok
09:02:24.0343 1836 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:02:24.0359 1836 mdmxsdk - ok
09:02:24.0421 1836 mfeapfk (80d337a6104f6f69c89f42602c50e5d8) C:\WINDOWS\system32\drivers\mfeapfk.sys
09:02:24.0421 1836 mfeapfk - ok
09:02:24.0453 1836 mfeavfk (54ee8eec41c2f9f03cad1874b6af54b0) C:\WINDOWS\system32\drivers\mfeavfk.sys
09:02:24.0453 1836 mfeavfk - ok
09:02:24.0484 1836 mfeavfk01 - ok
09:02:24.0515 1836 mfebopk (61b36c8a0992b813cb2445e29296c654) C:\WINDOWS\system32\drivers\mfebopk.sys
09:02:24.0515 1836 mfebopk - ok
09:02:24.0671 1836 mfehidk (87dfa0244a4cbc817a24d067b4e4ed24) C:\WINDOWS\system32\drivers\mfehidk.sys
09:02:24.0703 1836 mfehidk - ok
09:02:24.0750 1836 mferkdet (60a05b48c781c0a69ff2e2e4fe3cf27c) C:\WINDOWS\system32\drivers\mferkdet.sys
09:02:24.0765 1836 mferkdet - ok
09:02:24.0859 1836 mferkdk - ok
09:02:24.0937 1836 mfetdi2k (98d63d6bd19484edac7788eb1bff421c) C:\WINDOWS\system32\drivers\mfetdi2k.sys
09:02:24.0953 1836 mfetdi2k - ok
09:02:25.0031 1836 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:02:25.0046 1836 mnmdd - ok
09:02:25.0109 1836 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:02:25.0109 1836 Modem - ok
09:02:25.0140 1836 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:02:25.0140 1836 Mouclass - ok
09:02:25.0203 1836 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:02:25.0203 1836 mouhid - ok
09:02:25.0281 1836 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:02:25.0281 1836 MountMgr - ok
09:02:25.0343 1836 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:02:25.0343 1836 mraid35x - ok
09:02:25.0359 1836 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:02:25.0375 1836 MRxDAV - ok
09:02:25.0484 1836 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:02:25.0500 1836 MRxSmb - ok
09:02:25.0531 1836 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:02:25.0531 1836 Msfs - ok
09:02:25.0578 1836 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:02:25.0593 1836 MSKSSRV - ok
09:02:25.0671 1836 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:02:25.0671 1836 MSPCLOCK - ok
09:02:25.0718 1836 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:02:25.0718 1836 MSPQM - ok
09:02:25.0796 1836 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:02:25.0796 1836 mssmbios - ok
09:02:25.0859 1836 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:02:25.0859 1836 Mup - ok
09:02:25.0968 1836 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:02:25.0968 1836 NDIS - ok
09:02:26.0046 1836 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:02:26.0046 1836 NdisTapi - ok
09:02:26.0078 1836 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:02:26.0093 1836 Ndisuio - ok
09:02:26.0109 1836 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:02:26.0109 1836 NdisWan - ok
09:02:26.0156 1836 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:02:26.0171 1836 NDProxy - ok
09:02:26.0218 1836 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:02:26.0218 1836 NetBIOS - ok
09:02:26.0250 1836 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:02:26.0250 1836 NetBT - ok
09:02:26.0359 1836 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:02:26.0359 1836 NIC1394 - ok
09:02:26.0406 1836 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:02:26.0406 1836 Npfs - ok
09:02:26.0468 1836 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:02:26.0484 1836 Ntfs - ok
09:02:26.0531 1836 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:02:26.0531 1836 Null - ok
09:02:26.0703 1836 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:02:26.0765 1836 nv - ok
09:02:26.0921 1836 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:02:26.0921 1836 NwlnkFlt - ok
09:02:26.0984 1836 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:02:26.0984 1836 NwlnkFwd - ok
09:02:27.0015 1836 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:02:27.0031 1836 ohci1394 - ok
09:02:27.0078 1836 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:02:27.0078 1836 Parport - ok
09:02:27.0109 1836 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:02:27.0109 1836 PartMgr - ok
09:02:27.0140 1836 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:02:27.0140 1836 ParVdm - ok
09:02:27.0187 1836 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:02:27.0187 1836 PCI - ok
09:02:27.0203 1836 PCIDump - ok
09:02:27.0218 1836 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:02:27.0218 1836 PCIIde - ok
09:02:27.0250 1836 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
09:02:27.0250 1836 Pcmcia - ok
09:02:27.0265 1836 PDCOMP - ok
09:02:27.0281 1836 PDFRAME - ok
09:02:27.0296 1836 PDRELI - ok
09:02:27.0328 1836 PDRFRAME - ok
09:02:27.0375 1836 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
09:02:27.0390 1836 perc2 - ok
09:02:27.0437 1836 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
09:02:27.0437 1836 perc2hib - ok
09:02:27.0515 1836 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:02:27.0515 1836 PptpMiniport - ok
09:02:27.0546 1836 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:02:27.0546 1836 PSched - ok
09:02:27.0578 1836 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:02:27.0578 1836 Ptilink - ok
09:02:27.0656 1836 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:02:27.0656 1836 PxHelp20 - ok
09:02:27.0703 1836 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
09:02:27.0703 1836 ql1080 - ok
09:02:27.0875 1836 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
09:02:27.0890 1836 Ql10wnt - ok
09:02:27.0984 1836 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
09:02:28.0000 1836 ql12160 - ok
09:02:28.0015 1836 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
09:02:28.0031 1836 ql1240 - ok
09:02:28.0062 1836 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
09:02:28.0062 1836 ql1280 - ok
09:02:28.0109 1836 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:02:28.0109 1836 RasAcd - ok
09:02:28.0187 1836 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:02:28.0187 1836 Rasl2tp - ok
09:02:28.0218 1836 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:02:28.0218 1836 RasPppoe - ok
09:02:28.0250 1836 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:02:28.0250 1836 Raspti - ok
09:02:28.0296 1836 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:02:28.0296 1836 Rdbss - ok
09:02:28.0328 1836 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:02:28.0328 1836 RDPCDD - ok
09:02:28.0359 1836 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:02:28.0359 1836 rdpdr - ok
09:02:28.0437 1836 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
09:02:28.0437 1836 RDPWD - ok
09:02:28.0500 1836 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:02:28.0500 1836 redbook - ok
09:02:28.0625 1836 s24trans (81aa6f0d6a2be1c550f814b036215888) C:\WINDOWS\system32\DRIVERS\s24trans.sys
09:02:28.0625 1836 s24trans - ok
09:02:28.0781 1836 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
09:02:28.0781 1836 SASDIFSV - ok
09:02:28.0796 1836 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
09:02:28.0796 1836 SASKUTIL - ok
09:02:28.0984 1836 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:02:28.0984 1836 Secdrv - ok
09:02:29.0046 1836 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:02:29.0046 1836 serenum - ok
09:02:29.0078 1836 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:02:29.0078 1836 Serial - ok
09:02:29.0156 1836 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:02:29.0171 1836 Sfloppy - ok
09:02:29.0187 1836 Simbad - ok
09:02:29.0250 1836 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
09:02:29.0250 1836 sisagp - ok
09:02:29.0328 1836 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
09:02:29.0328 1836 Sparrow - ok
09:02:29.0359 1836 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:02:29.0359 1836 splitter - ok
09:02:29.0406 1836 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:02:29.0421 1836 sr - ok
09:02:29.0500 1836 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:02:29.0500 1836 Srv - ok
09:02:29.0593 1836 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys
09:02:29.0609 1836 STAC97 - ok
09:02:29.0734 1836 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:02:29.0734 1836 swenum - ok
09:02:29.0781 1836 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:02:29.0781 1836 swmidi - ok
09:02:29.0859 1836 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
09:02:29.0875 1836 symc810 - ok
09:02:29.0921 1836 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
09:02:29.0921 1836 symc8xx - ok
09:02:29.0953 1836 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
09:02:29.0953 1836 sym_hi - ok
09:02:29.0984 1836 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
09:02:29.0984 1836 sym_u3 - ok
09:02:30.0046 1836 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:02:30.0046 1836 sysaudio - ok
09:02:30.0156 1836 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:02:30.0171 1836 Tcpip - ok
09:02:30.0265 1836 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:02:30.0265 1836 TDPIPE - ok
09:02:30.0296 1836 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:02:30.0312 1836 TDTCP - ok
09:02:30.0359 1836 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:02:30.0359 1836 TermDD - ok
09:02:30.0437 1836 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
09:02:30.0437 1836 TosIde - ok
09:02:30.0531 1836 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:02:30.0531 1836 Udfs - ok
09:02:30.0593 1836 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
09:02:30.0609 1836 ultra - ok
09:02:30.0703 1836 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:02:30.0718 1836 Update - ok
09:02:30.0796 1836 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:02:30.0796 1836 usbccgp - ok
09:02:30.0843 1836 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:02:30.0843 1836 usbehci - ok
09:02:30.0984 1836 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:02:30.0984 1836 usbhub - ok
09:02:31.0062 1836 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:02:31.0062 1836 usbprint - ok
09:02:31.0109 1836 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:02:31.0109 1836 usbscan - ok
09:02:31.0156 1836 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:02:31.0156 1836 USBSTOR - ok
09:02:31.0187 1836 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:02:31.0187 1836 usbuhci - ok
09:02:31.0218 1836 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:02:31.0218 1836 VgaSave - ok
09:02:31.0281 1836 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
09:02:31.0281 1836 viaagp - ok
09:02:31.0359 1836 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
09:02:31.0359 1836 ViaIde - ok
09:02:31.0406 1836 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:02:31.0406 1836 VolSnap - ok
09:02:31.0640 1836 w29n51 (f0f902220910c4fbe42a51964bd33599) C:\WINDOWS\system32\DRIVERS\w29n51.sys
09:02:31.0875 1836 w29n51 - ok
09:02:32.0109 1836 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:02:32.0109 1836 Wanarp - ok
09:02:32.0140 1836 WDICA - ok
09:02:32.0171 1836 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:02:32.0171 1836 wdmaud - ok
09:02:32.0281 1836 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
09:02:32.0296 1836 winachsf - ok
09:02:32.0437 1836 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:02:32.0437 1836 WS2IFSL - ok
09:02:32.0531 1836 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:02:32.0531 1836 WudfPf - ok
09:02:32.0578 1836 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:02:32.0578 1836 WudfRd - ok
09:02:32.0640 1836 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:02:32.0937 1836 \Device\Harddisk0\DR0 - ok
09:02:32.0953 1836 Boot (0x1200) (e31496d4eabf7be8474e866709487eb3) \Device\Harddisk0\DR0\Partition0
09:02:32.0953 1836 \Device\Harddisk0\DR0\Partition0 - ok
09:02:32.0953 1836 ============================================================
09:02:32.0953 1836 Scan finished
09:02:32.0953 1836 ============================================================
09:02:32.0968 1124 Detected object count: 0
09:02:32.0968 1124 Actual detected object count: 0
09:02:55.0734 0864 Deinitialize success






aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-16 09:03:26
-----------------------------
09:03:26.250 OS Version: Windows 5.1.2600 Service Pack 3
09:03:26.250 Number of processors: 1 586 0xD08
09:03:26.250 ComputerName: PTO01 UserName:
09:03:27.203 Initialize success
09:14:10.343 AVAST engine defs: 12021600
09:31:27.406 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:31:27.468 Disk 0 Vendor: Hitachi_HTS541060G9AT00 MB3OA61A Size: 57231MB BusType: 3
09:31:27.546 Disk 0 MBR read successfully
09:31:27.546 Disk 0 MBR scan
09:31:32.171 Disk 0 Windows XP default MBR code
09:31:32.203 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
09:31:33.156 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 57145 MB offset 160650
09:31:39.656 Disk 0 scanning sectors +117194175
09:31:40.671 Disk 0 scanning C:\WINDOWS\system32\drivers
09:32:19.593 Service scanning
09:32:23.015 Modules scanning
09:32:29.125 Disk 0 trace - called modules:
09:32:29.156 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
09:32:29.218 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f80030]
09:32:29.218 3 CLASSPNP.SYS[f85f2fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82fe63f0]
09:32:31.578 AVAST engine scan C:\WINDOWS
09:32:59.125 AVAST engine scan C:\WINDOWS\system32
09:34:42.921 File: C:\WINDOWS\system32\msimtfk.dll **INFECTED** Win32:Diller-BU [Trj]
09:37:36.718 AVAST engine scan C:\WINDOWS\system32\drivers
09:38:02.734 AVAST engine scan C:\Documents and Settings\Teacher
09:44:29.875 AVAST engine scan C:\Documents and Settings\All Users
09:51:23.468 Scan finished successfully
09:56:13.750 Disk 0 MBR has been saved successfully to "E:\Handy\MBR.dat"
09:56:13.937 The log file has been saved successfully to "E:\Handy\aswMBR.txt"


Thanks

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:49 AM

Posted 16 February 2012 - 08:06 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Kiki21

Kiki21
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 16 February 2012 - 12:18 PM

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix


I am having difficulty disabling the antivirus. It is a version of McAfee provided by an IT department,it has no way of disabling from the Taskbar and from within the VirusScan Console the user interface is locked by a password that I do not have access to at the moment. I could uninstall it if needed and would be able to reinstall it later.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:49 AM

Posted 16 February 2012 - 12:36 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Kiki21

Kiki21
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 16 February 2012 - 01:28 PM

ComboFix 12-02-13.01 - Teacher 16/02/2012 17:53:08.2.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.347 [GMT 0:00]
Running from: c:\documents and settings\Teacher\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise+AntiSpyware Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-16 to 2012-02-16 )))))))))))))))))))))))))))))))
.
.
2012-02-16 09:20 . 2012-02-16 09:20 -------- d-----w- c:\windows\LastGood
2012-02-14 11:11 . 2012-02-14 11:11 -------- d-----w- c:\windows\system32\XPSViewer
2012-02-14 11:11 . 2012-02-14 11:11 -------- d-----w- c:\program files\MSBuild
2012-02-14 11:11 . 2012-02-14 11:11 -------- d-----w- c:\program files\Reference Assemblies
2012-02-14 11:10 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-02-14 11:09 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-02-14 11:09 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2012-02-14 11:09 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-02-14 11:09 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-02-14 11:09 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-02-14 11:09 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-02-14 11:09 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-02-14 11:09 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2012-02-14 11:09 . 2012-02-14 11:10 -------- d-----w- C:\e2338e0525d7446be2abb1
2012-02-14 11:03 . 2012-02-14 11:03 -------- d-----w- c:\documents and settings\Teacher\Application Data\Windows Desktop Search
2012-02-14 11:03 . 2012-02-14 11:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-02-14 11:02 . 2012-02-14 11:02 -------- d-----w- c:\program files\Windows Desktop Search
2012-02-14 11:02 . 2012-02-14 11:02 -------- d-----w- c:\windows\system32\GroupPolicy
2012-02-14 10:59 . 2012-02-14 10:59 -------- d-----w- c:\program files\Windows Media Connect 2
2012-02-14 10:56 . 2012-02-14 10:58 -------- d-----w- c:\windows\system32\drivers\UMDF
2012-02-14 10:56 . 2012-02-14 10:56 -------- d-----w- c:\windows\system32\LogFiles
2012-02-13 23:08 . 2007-03-09 11:25 2321288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-02-13 23:07 . 2012-01-17 04:39 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{0A7BC85C-EEA9-4131-AD0E-7FFED8B4D904}\mpengine.dll
2012-02-13 23:07 . 2012-01-29 05:10 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-13 22:58 . 2012-02-13 22:59 -------- d-----w- c:\program files\Windows Defender
2012-02-13 22:18 . 2012-02-14 12:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-02-13 22:18 . 2012-02-13 22:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-13 20:23 . 2012-02-13 20:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2012-02-13 18:47 . 2012-02-13 18:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-02-13 16:31 . 2012-02-13 16:31 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-02-13 15:59 . 2012-02-13 15:59 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-02-13 15:10 . 2003-03-26 06:14 266240 ----a-w- c:\windows\system32\hpdj5100
2012-02-13 14:35 . 2012-02-13 14:35 -------- d-----w- c:\documents and settings\Teacher\Application Data\GlarySoft
2012-02-13 14:25 . 2012-02-13 14:25 -------- d-----w- c:\documents and settings\Teacher\Application Data\SUPERAntiSpyware.com
2012-02-13 14:25 . 2012-02-13 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-02-13 14:23 . 2012-02-13 14:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-13 14:22 . 2012-02-13 14:22 -------- d-----w- c:\documents and settings\Teacher\Local Settings\Application Data\Mozilla
2012-02-13 14:22 . 2012-02-13 14:23 -------- d-----w- c:\program files\Glary Utilities
2012-02-13 14:12 . 2012-02-13 14:12 -------- d-sh--w- c:\documents and settings\Teacher\IECompatCache
2012-02-13 14:11 . 2012-02-13 14:11 -------- d-sh--w- c:\documents and settings\Teacher\PrivacIE
2012-02-13 14:09 . 2012-02-13 14:09 -------- d-sh--w- c:\documents and settings\Teacher\IETldCache
2012-02-13 13:41 . 2011-08-16 10:45 6144 ------w- c:\windows\system32\dllcache\iecompat.dll
2012-02-13 13:32 . 2011-11-04 19:20 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2012-02-13 13:32 . 2011-11-04 19:20 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2012-02-13 13:32 . 2011-11-04 19:20 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-02-13 13:32 . 2011-11-04 19:20 2000384 ------w- c:\windows\system32\dllcache\iertutil.dll
2012-02-13 13:32 . 2011-11-04 19:20 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2012-02-13 13:32 . 2011-11-04 19:20 11081728 ------w- c:\windows\system32\dllcache\ieframe.dll
2012-02-13 13:32 . 2011-11-04 19:20 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2012-02-13 13:28 . 2012-02-13 13:31 -------- dc-h--w- c:\windows\ie8
2012-02-12 04:42 . 2012-02-12 04:42 102400 --sha-r- c:\windows\system32\msimtfk.dll
2012-01-26 11:06 . 2012-01-26 11:06 -------- d-----w- C:\spoolerlogs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 15:24 . 2009-03-02 10:13 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2004-08-11 16:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-11 16:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2012-02-08 20:31 . 2012-02-13 14:21 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-14_10.38.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-26 22:18 . 2008-05-26 22:18 56320 c:\windows\system32\xmlfilter.dll
+ 2006-09-28 18:56 . 2006-09-28 18:56 55808 c:\windows\system32\WudfSvc.dll
+ 2006-09-28 20:13 . 2006-09-28 20:13 95344 c:\windows\system32\WUDFCoinstaller.dll
+ 2006-10-18 21:47 . 2006-10-18 21:47 38400 c:\windows\system32\wpdshextres.dll
+ 2006-10-18 20:00 . 2006-10-18 20:00 17408 c:\windows\system32\wpdshextautoplay.exe
+ 2006-10-18 21:47 . 2006-10-18 21:47 63488 c:\windows\system32\wpdmtpus.dll
+ 2006-10-18 21:47 . 2006-10-18 21:47 35840 c:\windows\system32\wpdconns.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 99840 c:\windows\system32\wmpshell.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 37376 c:\windows\system32\wmdmps.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 33792 c:\windows\system32\wmdmlog.dll
+ 2008-05-26 22:19 . 2008-05-26 22:19 97792 c:\windows\system32\UncCplExt.dll
+ 2008-07-29 21:10 . 2008-07-29 21:10 26112 c:\windows\system32\TsWpfWrp.exe
+ 2008-05-26 21:59 . 2008-05-26 21:59 18904 c:\windows\system32\structuredqueryschematrivial.bin
+ 2012-02-14 11:00 . 2007-07-27 23:11 16760 c:\windows\system32\spmsg.dll
+ 2008-05-26 22:17 . 2008-05-26 22:17 87552 c:\windows\system32\searchfilterhost.exe
+ 2008-05-26 22:18 . 2008-05-26 22:18 38400 c:\windows\system32\rtffilt.dll
+ 2008-05-26 22:18 . 2008-05-26 22:18 71680 c:\windows\system32\propdefs.dll
+ 2008-07-29 19:59 . 2008-07-29 19:59 43544 c:\windows\system32\PresentationHostProxy.dll
+ 2005-10-28 23:49 . 2005-10-28 23:49 84480 c:\windows\system32\pintool.exe
+ 2004-08-11 16:00 . 2012-02-14 11:23 87682 c:\windows\system32\perfc009.dat
+ 2008-05-26 22:19 . 2008-05-26 22:19 11264 c:\windows\system32\oephRes.dll
+ 2004-08-11 16:00 . 2008-03-07 17:02 98304 c:\windows\system32\nlhtml.dll
- 2004-08-11 16:00 . 2008-04-14 00:12 98304 c:\windows\system32\nlhtml.dll
+ 2008-05-26 22:18 . 2008-05-26 22:18 44032 c:\windows\system32\msstrc.dll
+ 2008-05-26 22:17 . 2008-05-26 22:17 32768 c:\windows\system32\mssprxy.dll
+ 2008-05-26 22:17 . 2008-05-26 22:17 87552 c:\windows\system32\mssitlb.dll
+ 2008-05-26 22:17 . 2008-05-26 22:17 11776 c:\windows\system32\msshooks.dll
+ 2008-05-26 22:17 . 2008-05-26 22:17 60416 c:\windows\system32\msscntrs.dll
+ 2008-05-26 22:17 . 2008-05-26 22:17 34816 c:\windows\system32\msscb.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 27136 c:\windows\system32\mspmsnsv.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 83968 c:\windows\system32\mscories.dll
- 2004-08-11 16:00 . 2008-04-14 00:11 29696 c:\windows\system32\mimefilt.dll
+ 2004-08-11 16:00 . 2008-03-07 17:02 29696 c:\windows\system32\mimefilt.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 11264 c:\windows\system32\LAPRXY.dll
+ 2008-07-29 19:24 . 2008-07-29 19:24 97800 c:\windows\system32\infocardapi.dll
+ 2008-07-29 19:24 . 2008-07-29 19:24 11264 c:\windows\system32\icardres.dll
+ 2008-07-29 21:10 . 2008-07-29 21:10 73720 c:\windows\system32\dxva2.dll
+ 2006-09-28 19:00 . 2006-09-28 19:00 82944 c:\windows\system32\drivers\WudfRd.sys
+ 2006-09-28 18:55 . 2006-09-28 18:55 77568 c:\windows\system32\drivers\WudfPf.sys
+ 2006-10-18 20:00 . 2006-10-18 20:00 38528 c:\windows\system32\drivers\wpdusb.sys
+ 2004-08-11 16:00 . 2006-10-18 21:47 99840 c:\windows\system32\dllcache\wmpshell.dll
+ 2008-08-24 17:47 . 2006-10-18 21:46 64000 c:\windows\system32\dllcache\wmplayer.exe
+ 2004-08-11 16:12 . 2006-10-18 21:47 96256 c:\windows\system32\dllcache\wmpband.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 37376 c:\windows\system32\dllcache\wmdmps.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 33792 c:\windows\system32\dllcache\wmdmlog.dll
- 2004-08-11 16:00 . 2008-04-14 00:12 98304 c:\windows\system32\dllcache\nlhtml.dll
+ 2004-08-11 16:00 . 2008-03-07 17:02 98304 c:\windows\system32\dllcache\nlhtml.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 27136 c:\windows\system32\dllcache\mspmsnsv.dll
- 2004-08-11 16:00 . 2008-04-14 00:11 29696 c:\windows\system32\dllcache\mimefilt.dll
+ 2004-08-11 16:00 . 2008-03-07 17:02 29696 c:\windows\system32\dllcache\mimefilt.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 11264 c:\windows\system32\dllcache\LAPRXY.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 96760 c:\windows\system32\dfshim.dll
+ 2005-10-28 23:49 . 2005-10-28 23:49 25600 c:\windows\system32\bcsprsrc.dll
+ 2005-10-28 16:40 . 2005-10-28 16:40 96792 c:\windows\system32\basecsp.dll
+ 2008-07-29 23:40 . 2008-07-29 23:40 70648 c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
+ 2008-07-29 23:40 . 2008-07-29 23:40 91136 c:\windows\Microsoft.NET\Framework\v3.5\MSBuild.exe
+ 2008-07-29 23:40 . 2008-07-29 23:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll
+ 2008-07-29 23:40 . 2008-07-29 23:40 40960 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Data.Entity.Build.Tasks.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 89080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2052.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 92664 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1042.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 95224 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1041.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 89592 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1028.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 84480 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2052.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 94720 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1042.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 97792 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1041.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 84992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1028.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 97280 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe
+ 2008-07-29 23:40 . 2008-07-29 23:40 95224 c:\windows\Microsoft.NET\Framework\v3.5\EdmGen.exe
+ 2008-07-29 23:40 . 2008-07-29 23:40 78856 c:\windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe
+ 2008-07-29 23:40 . 2008-07-29 23:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
+ 2008-07-29 23:40 . 2008-07-29 23:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
+ 2008-07-29 23:40 . 2008-07-29 23:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe
+ 2008-07-29 21:10 . 2008-07-29 21:10 46104 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2008-07-29 19:59 . 2008-07-29 19:59 32768 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2008-07-29 21:10 . 2008-07-29 21:10 71160 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2008-07-29 19:32 . 2008-07-29 19:32 17448 c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2008-07-29 19:16 . 2008-07-29 19:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2008-07-29 19:16 . 2008-07-29 19:16 73728 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2008-07-29 19:16 . 2008-07-29 19:16 20504 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2008-07-29 19:16 . 2008-07-29 19:16 11280 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 37896 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 81400 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2008-07-25 11:17 . 2008-07-25 11:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 57392 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 95232 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 16896 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 61952 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2008-07-25 11:17 . 2008-07-25 11:17 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2008-07-25 11:17 . 2008-07-25 11:17 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2008-07-25 11:17 . 2008-07-25 11:17 88584 c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 24584 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 31744 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 19456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2008-07-25 11:16 . 2008-07-25 11:16 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 77312 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 94208 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 46592 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2008-07-25 11:16 . 2008-07-25 11:16 97792 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2008-07-25 11:17 . 2008-07-25 11:17 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 65032 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2008-07-25 11:17 . 2008-07-25 11:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 18936 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 62968 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 35320 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2008-07-25 11:17 . 2008-07-25 11:17 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 27136 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 80376 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2008-07-25 11:17 . 2008-07-25 11:17 89608 c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2008-11-25 04:59 . 2008-11-25 04:59 31560 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2008-07-25 11:16 . 2008-07-25 11:16 34312 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2008-07-25 11:16 . 2008-07-25 11:16 33288 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2008-07-25 11:16 . 2008-07-25 11:16 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2008-07-25 11:16 . 2008-07-25 11:16 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 33800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 17416 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 22024 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2008-07-25 11:17 . 2008-07-25 11:17 58880 c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2008-07-25 11:16 . 2008-07-25 11:16 98808 c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 96768 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 16896 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 16896 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 82944 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2008-07-29 21:07 . 2008-07-29 21:07 23040 c:\windows\Installer\54d1cd.msp
+ 2012-02-14 11:08 . 2012-02-14 11:08 88576 c:\windows\Installer\4fde9f.msi
+ 2012-02-14 11:09 . 2008-07-06 12:06 89088 c:\windows\Driver Cache\i386\filterpipelineprintproc.dll
+ 2012-02-14 11:35 . 2012-02-14 11:35 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\a715aa442ef87ae99b3ade185599249d\UIAutomationProvider.ni.dll
+ 2012-02-14 11:52 . 2012-02-14 11:52 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\423f794d1f4ed6e120fbb02e436491cb\System.Windows.Presentation.ni.dll
+ 2012-02-14 11:51 . 2012-02-14 11:51 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\19ca1747c1ea18a3b639b302bca8df93\System.Web.DynamicData.Design.ni.dll
+ 2012-02-14 11:49 . 2012-02-14 11:49 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\532438e2acfcadc469a4d468c51f8451\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-14 11:48 . 2012-02-14 11:48 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\597b20e1b053d6a510cfe033c07a63e6\System.AddIn.Contract.ni.dll
+ 2012-02-14 11:29 . 2012-02-14 11:29 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\2d7408a0232f2e2efd0d7adf5dfa733a\PresentationFontCache.ni.exe
+ 2012-02-14 11:26 . 2012-02-14 11:26 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\c8fd2d9233f8ea3031fb16f697635231\PresentationCFFRasterizer.ni.dll
+ 2012-02-14 11:51 . 2012-02-14 11:51 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\790cf1edb17ee41b59be62ecbd59613b\Microsoft.Vsa.ni.dll
+ 2012-02-14 11:48 . 2012-02-14 11:48 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e9aba2eab90d647356f65e66053da02b\Microsoft.Build.Framework.ni.dll
+ 2012-02-14 11:48 . 2012-02-14 11:48 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\28343d470d992f169ca0e7cdb3cc3117\Microsoft.Build.Framework.ni.dll
+ 2012-02-14 11:48 . 2012-02-14 11:48 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\f4e38208e88cb4cc314a1d6543b9fcc6\dfsvc.ni.exe
+ 2012-02-14 11:48 . 2012-02-14 11:48 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\11eb4f6606ba01e5128805759121ea6c\Accessibility.ni.dll
+ 2012-02-14 11:11 . 2012-02-14 11:11 94208 c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-02-14 11:11 . 2012-02-14 11:11 98304 c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-02-14 11:11 . 2012-02-14 11:11 40960 c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-02-14 11:14 . 2012-02-14 11:14 12288 c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-02-14 11:14 . 2012-02-14 11:14 61440 c:\windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2012-02-14 11:21 . 2012-02-14 11:21 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-02-14 11:14 . 2012-02-14 11:14 32768 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2012-02-14 11:14 . 2012-02-14 11:14 77824 c:\windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2012-02-14 11:11 . 2012-02-14 11:11 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2012-02-14 11:11 . 2012-02-14 11:11 73728 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
+ 2012-02-14 11:21 . 2012-02-14 11:21 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-02-14 11:14 . 2012-02-14 11:14 53248 c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-02-14 11:22 . 2012-02-14 11:22 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-02-14 11:14 . 2012-02-14 11:14 57344 c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-02-14 11:14 . 2012-02-14 11:14 45056 c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-02-14 11:11 . 2012-02-14 11:11 46104 c:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
+ 2012-02-14 11:11 . 2012-02-14 11:11 32768 c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
+ 2012-02-14 11:21 . 2012-02-14 11:21 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-02-14 11:21 . 2012-02-14 11:21 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-02-14 11:14 . 2012-02-14 11:14 41984 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
+ 2012-02-14 11:21 . 2012-02-14 11:21 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-02-14 11:22 . 2012-02-14 11:22 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-02-14 11:14 . 2012-02-14 11:14 94208 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
+ 2012-02-14 11:14 . 2012-02-14 11:14 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-02-14 11:22 . 2012-02-14 11:22 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-02-14 11:21 . 2012-02-14 11:21 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-02-14 11:21 . 2012-02-14 11:21 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-02-14 11:21 . 2012-02-14 11:21 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-02-14 11:21 . 2012-02-14 11:21 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-02-14 11:21 . 2012-02-14 11:21 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-02-14 11:21 . 2012-02-14 11:21 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 4096 c:\windows\system32\wmvdmoe2.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 4096 c:\windows\system32\wmvdmod.dll
+ 2006-10-18 21:47 . 2006-10-18 21:47 4096 c:\windows\system32\WMVADVE.DLL
+ 2006-10-18 21:47 . 2006-10-18 21:47 4096 c:\windows\system32\WMVADVD.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 4096 c:\windows\system32\wmsdmoe2.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 4096 c:\windows\system32\wmsdmod.dll
+ 2006-10-18 21:58 . 2006-10-18 21:58 8704 c:\windows\system32\wdfmgr.exe
+ 2006-10-18 21:47 . 2006-10-18 21:47 4096 c:\windows\system32\wdfapi.dll
+ 2006-10-18 21:58 . 2006-10-18 21:58 8704 c:\windows\system32\uwdf.exe
+ 2008-05-26 22:19 . 2008-05-26 22:19 2048 c:\windows\system32\UncRes.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 4096 c:\windows\system32\MPG4DMOD.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 4096 c:\windows\system32\MP4SDMOD.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 4096 c:\windows\system32\MP43DMOD.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 4096 c:\windows\system32\dllcache\wmvdmoe2.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 4096 c:\windows\system32\dllcache\wmvdmod.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 4096 c:\windows\system32\dllcache\wmsdmoe2.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 4096 c:\windows\system32\dllcache\wmsdmod.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 4096 c:\windows\system32\dllcache\MPG4DMOD.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 4096 c:\windows\system32\dllcache\MP4SDMOD.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 4096 c:\windows\system32\dllcache\MP43DMOD.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 7168 c:\windows\system32\dllcache\asferror.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 7168 c:\windows\system32\asferror.dll
+ 2008-07-29 23:40 . 2008-07-29 23:40 5632 c:\windows\Microsoft.NET\Framework\v3.5\Sentinel.v3.5Client.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 6656 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2008-07-25 11:16 . 2008-07-25 11:16 5120 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2012-02-14 11:14 . 2012-02-14 11:14 5632 c:\windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll
+ 2012-02-14 11:21 . 2012-02-14 11:21 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-02-14 11:22 . 2012-02-14 11:22 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-02-14 11:21 . 2012-02-14 11:21 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-02-14 11:21 . 2012-02-14 11:21 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-02-14 11:21 . 2012-02-14 11:21 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-02-14 11:21 . 2012-02-14 11:21 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2007-11-07 02:19 . 2007-11-07 02:19 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
+ 2007-11-07 02:19 . 2007-11-07 02:19 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2007-11-06 21:23 . 2007-11-06 21:23 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 635904 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 558080 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll
+ 2008-07-29 21:26 . 2008-07-29 21:26 301568 c:\windows\system32\XPSViewer\XPSViewer.exe
+ 2006-09-28 18:56 . 2006-09-28 18:56 316416 c:\windows\system32\WUDFx.dll
+ 2006-09-28 18:56 . 2006-09-28 18:56 165376 c:\windows\system32\WudfPlatform.dll
+ 2006-09-28 18:56 . 2006-09-28 18:56 146432 c:\windows\system32\WudfHost.exe
+ 2006-10-18 21:47 . 2006-10-18 21:47 356352 c:\windows\system32\wpdsp.dll
+ 2006-10-18 21:47 . 2006-10-18 21:47 133632 c:\windows\system32\WPDShServiceObj.dll
+ 2006-10-18 21:47 . 2006-10-18 21:47 154624 c:\windows\system32\wpdmtp.dll
+ 2006-10-18 21:47 . 2006-10-18 21:47 629760 c:\windows\system32\wpd_ci.dll
+ 2006-10-18 21:47 . 2006-10-18 21:47 656896 c:\windows\system32\WMVXENCD.dll
+ 2006-10-18 21:47 . 2006-10-18 21:47 767488 c:\windows\system32\WMVSENCD.dll
+ 2004-08-11 16:00 . 2009-04-01 23:02 604160 c:\windows\system32\wmspdmod.dll
+ 2006-10-18 21:47 . 2006-10-18 21:47 204288 c:\windows\system32\wmpsrcwp.dll
+ 2006-10-18 21:47 . 2006-10-18 21:47 130048 c:\windows\system32\wmpps.dll
+ 2006-10-18 21:47 . 2006-10-18 21:47 613376 c:\windows\system32\wmpmde.dll
+ 2006-10-18 21:47 . 2006-10-18 21:47 295936 c:\windows\system32\wmpeffects.dll
+ 2004-08-11 16:00 . 2009-07-13 23:43 286208 c:\windows\system32\wmpdxm.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 242688 c:\windows\system32\wmpasf.dll
+ 2004-08-11 16:00 . 2008-06-18 05:03 938496 c:\windows\system32\WMNetmgr.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 157184 c:\windows\system32\wmidx.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 227328 c:\windows\system32\wmerror.dll
+ 2006-10-18 21:47 . 2006-10-18 21:47 535040 c:\windows\system32\wmdrmsdk.dll
+ 2006-10-18 21:47 . 2006-10-18 21:47 348672 c:\windows\system32\wmdrmnet.dll
+ 2006-10-18 21:47 . 2006-10-18 21:47 429056 c:\windows\system32\wmdrmdev.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 222208 c:\windows\system32\WMASF.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 757248 c:\windows\system32\WMADMOD.dll
+ 2008-05-26 22:19 . 2008-05-26 22:19 131072 c:\windows\system32\UncPH.dll
+ 2008-05-26 22:19 . 2008-05-26 22:19 108032 c:\windows\system32\UncNE.dll
+ 2008-05-26 22:19 . 2008-05-26 22:19 143872 c:\windows\system32\UncDMS.dll
+ 2008-05-26 21:59 . 2008-05-26 21:59 106605 c:\windows\system32\structuredqueryschema.bin
+ 2008-05-26 22:17 . 2008-05-26 22:17 301568 c:\windows\system32\srchadmin.dll
+ 2012-02-14 11:10 . 2008-07-06 12:06 765440 c:\windows\system32\spool\XPSEP\i386\mxdwdrv.dll
+ 2012-02-14 11:10 . 2008-07-06 12:06 765440 c:\windows\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
+ 2012-02-14 11:10 . 2008-07-06 12:06 748032 c:\windows\system32\spool\XPSEP\amd64\mxdwdrv.dll
+ 2012-02-14 11:10 . 2008-07-06 12:06 748032 c:\windows\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
+ 2012-02-14 11:10 . 2008-07-06 12:06 147456 c:\windows\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
- 2009-03-09 11:24 . 2007-05-15 09:08 761344 c:\windows\system32\spool\drivers\w32x86\3\UNIRES.DLL
+ 2009-03-09 11:24 . 2008-03-13 04:52 761344 c:\windows\system32\spool\drivers\w32x86\3\unires.dll
+ 2009-03-09 11:24 . 2008-07-06 12:06 744960 c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll
- 2009-03-09 11:24 . 2008-04-14 01:12 373248 c:\windows\system32\spool\drivers\w32x86\3\UNIDRV.DLL
+ 2009-03-09 11:24 . 2008-07-06 12:06 373248 c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll
+ 2012-02-14 11:09 . 2008-07-06 12:06 198656 c:\windows\system32\spool\drivers\w32x86\3\mxdwdui.dll
+ 2012-02-14 11:09 . 2008-07-06 12:06 765440 c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll
+ 2008-05-26 22:18 . 2008-05-26 22:18 184832 c:\windows\system32\searchprotocolhost.exe
+ 2008-05-26 22:18 . 2008-05-26 22:18 439808 c:\windows\system32\searchindexer.exe
+ 2006-08-24 16:15 . 2006-08-24 16:15 150808 c:\windows\system32\rgb9rast_2.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 211456 c:\windows\system32\qasf.dll
+ 2008-05-26 22:17 . 2008-05-26 22:17 754176 c:\windows\system32\propsys.dll
+ 2008-07-29 19:59 . 2008-07-29 19:59 781344 c:\windows\system32\PresentationNative_v0300.dll
+ 2008-07-29 20:35 . 2008-07-29 20:35 326160 c:\windows\system32\PresentationHost.exe
+ 2008-07-29 19:59 . 2008-07-29 19:59 105016 c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
+ 2006-10-18 21:47 . 2006-10-18 21:47 199168 c:\windows\system32\PortableDeviceWMDRM.dll
+ 2006-10-18 21:47 . 2006-10-18 21:47 132096 c:\windows\system32\PortableDeviceWiaCompat.dll
+ 2006-10-18 21:47 . 2006-10-18 21:47 166912 c:\windows\system32\PortableDeviceTypes.dll
+ 2006-10-18 21:47 . 2006-10-18 21:47 101888 c:\windows\system32\PortableDeviceClassExtension.dll
+ 2006-10-18 21:47 . 2006-10-18 21:47 284160 c:\windows\system32\PortableDeviceApi.dll
+ 2004-08-11 16:00 . 2012-02-14 11:23 484812 c:\windows\system32\perfh009.dat
- 2004-08-11 16:00 . 2008-04-14 00:12 192000 c:\windows\system32\offfilt.dll
+ 2004-08-11 16:00 . 2008-03-07 17:02 192000 c:\windows\system32\offfilt.dll
+ 2008-05-26 22:19 . 2008-05-26 22:19 273408 c:\windows\system32\oeph.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 321536 c:\windows\system32\mswmdm.dll
+ 2008-05-26 22:18 . 2008-05-26 22:18 203776 c:\windows\system32\mssphtb.dll
+ 2008-05-26 22:18 . 2008-05-26 22:18 350208 c:\windows\system32\mssph.dll
+ 2008-05-26 22:18 . 2008-05-26 22:18 231936 c:\windows\system32\msshsq.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 414208 c:\windows\system32\msscp.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 175616 c:\windows\system32\mspmsp.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 179712 c:\windows\system32\msnetobj.dll
+ 2006-10-02 15:28 . 2006-10-02 15:28 312128 c:\windows\system32\msdelta.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 158720 c:\windows\system32\mscorier.dll
+ 2006-10-18 21:47 . 2006-10-18 21:47 259072 c:\windows\system32\MPG4DECD.dll
+ 2006-10-18 21:47 . 2010-03-30 12:24 317440 c:\windows\system32\mp4sdecd.dll
+ 2006-10-18 21:47 . 2006-10-18 21:47 259072 c:\windows\system32\MP43DECD.dll
+ 2006-10-18 21:47 . 2006-10-18 21:47 212992 c:\windows\system32\MFPLAT.dll
+ 2004-08-11 16:00 . 2008-06-18 01:09 100864 c:\windows\system32\logagent.exe
- 2004-08-11 16:00 . 2011-03-04 06:37 726528 c:\windows\system32\jscript.dll
+ 2004-08-11 16:00 . 2011-10-28 16:07 726528 c:\windows\system32\jscript.dll
+ 2005-10-28 23:49 . 2005-10-28 23:49 151552 c:\windows\system32\ifxcardm.dll
+ 2008-07-29 19:24 . 2008-07-29 19:24 622080 c:\windows\system32\icardagt.exe
+ 2004-08-11 16:06 . 2012-02-14 11:40 254272 c:\windows\system32\FNTCACHE.DAT
+ 2008-07-29 21:10 . 2008-07-29 21:10 493048 c:\windows\system32\evr.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 991744 c:\windows\system32\drmv2clt.dll
+ 2006-10-18 20:00 . 2006-10-18 20:00 249856 c:\windows\system32\drmupgds.exe
+ 2006-10-18 21:47 . 2006-10-18 21:47 671232 c:\windows\system32\drivers\UMDF\wpdmtpdr.dll
+ 2004-08-11 16:00 . 2009-04-01 23:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
+ 2004-08-11 16:00 . 2009-07-13 23:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 242688 c:\windows\system32\dllcache\wmpasf.dll
+ 2004-08-11 16:00 . 2008-06-18 05:03 938496 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 157184 c:\windows\system32\dllcache\wmidx.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 227328 c:\windows\system32\dllcache\wmerror.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 222208 c:\windows\system32\dllcache\WMASF.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 757248 c:\windows\system32\dllcache\WMADMOD.dll
+ 2008-08-24 17:46 . 2006-11-01 18:31 315904 c:\windows\system32\dllcache\unregmp2.exe
+ 2004-08-11 16:00 . 2006-10-18 21:47 211456 c:\windows\system32\dllcache\qasf.dll
- 2004-08-11 16:00 . 2008-04-14 00:12 192000 c:\windows\system32\dllcache\offfilt.dll
+ 2004-08-11 16:00 . 2008-03-07 17:02 192000 c:\windows\system32\dllcache\offfilt.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 321536 c:\windows\system32\dllcache\mswmdm.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 414208 c:\windows\system32\dllcache\msscp.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 175616 c:\windows\system32\dllcache\mspmsp.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 179712 c:\windows\system32\dllcache\msnetobj.dll
+ 2004-08-11 16:12 . 2006-10-18 21:47 243712 c:\windows\system32\dllcache\mpvis.dll
+ 2010-03-30 12:24 . 2010-03-30 12:24 317440 c:\windows\system32\dllcache\mp4sdecd.dll
+ 2004-08-11 16:00 . 2008-06-18 01:09 100864 c:\windows\system32\dllcache\logagent.exe
- 2008-05-09 10:53 . 2011-03-04 06:37 726528 c:\windows\system32\dllcache\jscript.dll
+ 2008-05-09 10:53 . 2011-10-28 16:07 726528 c:\windows\system32\dllcache\jscript.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 991744 c:\windows\system32\dllcache\drmv2clt.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 229376 c:\windows\system32\dllcache\cewmdm.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 542720 c:\windows\system32\dllcache\blackbox.dll
+ 2004-08-11 16:00 . 2011-03-11 14:10 471552 c:\windows\system32\dllcache\aclayers.dll
- 2004-08-11 16:00 . 2009-11-21 15:51 471552 c:\windows\system32\dllcache\aclayers.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 229376 c:\windows\system32\cewmdm.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 542720 c:\windows\system32\blackbox.dll
+ 2005-10-28 23:49 . 2005-10-28 23:49 133120 c:\windows\system32\axaltocm.dll
+ 2006-10-18 21:47 . 2006-10-18 21:47 276992 c:\windows\system32\audiodev.dll
+ 2008-07-29 23:40 . 2008-07-29 23:40 196104 c:\windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe
+ 2008-07-29 23:40 . 2008-07-29 23:40 802816 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 984056 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapUI.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.3082.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2070.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1055.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 105976 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1053.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 107000 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1049.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1046.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 109048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1045.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1044.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1043.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1040.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1038.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 101368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1037.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 112120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1036.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1035.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 113656 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1032.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 111608 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1031.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1030.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1029.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 102904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1025.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 689152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsscenario.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 413184 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsbasereqs.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 632320 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs70uimgr.dll
+ 2012-02-14 11:13 . 2012-02-14 11:13 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2008-07-29 18:47 . 2008-07-29 18:47 110080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 131584 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.3082.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 131072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2070.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1055.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1053.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 123904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1049.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 122880 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1046.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1045.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 121856 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1044.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 129024 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1043.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1040.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 132096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1038.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 111104 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1037.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 133120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1036.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 122368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1035.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 137728 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1032.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 130048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1031.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 126464 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1030.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 125440 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1029.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 113152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1025.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 269304 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
+ 2008-07-29 18:47 . 2008-07-29 18:47 177152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\HtmlLite.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 276984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\dlmgr.dll
+ 2008-07-29 23:15 . 2008-07-29 23:15 225490 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\baseline.dat
+ 2008-07-29 23:40 . 2008-07-29 23:40 233976 c:\windows\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll
+ 2008-07-29 23:40 . 2008-07-29 23:40 168448 c:\windows\Microsoft.NET\Framework\v3.5\1033\cscompui.dll
+ 2008-07-29 20:35 . 2008-07-29 20:35 864256 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2008-07-29 19:59 . 2008-07-29 19:59 132120 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2008-07-29 21:10 . 2008-07-29 21:10 806928 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll
+ 2008-07-29 19:16 . 2008-07-29 19:16 152576 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2008-07-29 19:16 . 2008-07-29 19:16 966656 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2008-07-29 19:16 . 2008-07-29 19:16 132096 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2008-07-29 19:16 . 2008-07-29 19:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2008-07-29 19:16 . 2008-07-29 19:16 156688 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2008-07-29 19:16 . 2008-07-29 19:16 163840 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2008-07-29 19:16 . 2008-07-29 19:16 397312 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2008-07-29 19:24 . 2008-07-29 19:24 881664 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2008-07-29 19:16 . 2008-07-29 19:16 168968 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2008-11-25 04:59 . 2008-11-25 04:59 436040 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 839680 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 261632 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 303104 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 113664 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 626688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 401408 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 970752 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 745472 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2008-11-25 04:59 . 2008-11-25 04:59 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 425984 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 392184 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 118784 c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 143360 c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 100856 c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2008-07-25 11:17 . 2008-07-25 11:17 230912 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 345600 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 114176 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2008-11-25 04:59 . 2008-11-25 04:59 364872 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 308224 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2008-11-25 04:59 . 2008-11-25 04:59 990032 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 659456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 749568 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 655360 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 348160 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 230904 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2008-07-25 11:17 . 2008-07-25 11:17 798224 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 575496 c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2008-07-25 11:16 . 2008-07-25 11:16 507904 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2008-07-25 11:17 . 2008-07-25 11:17 147968 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 218112 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 193016 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 145408 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2008-12-13 09:58 . 2008-12-13 09:58 754688 c:\windows\Installer\57afc8.msp
+ 2012-02-14 11:14 . 2012-02-14 11:14 648192 c:\windows\Installer\57afa5.msi
+ 2008-07-29 21:23 . 2008-07-29 21:23 250880 c:\windows\Installer\54d1d6.msp
+ 2008-07-29 21:28 . 2008-07-29 21:28 278016 c:\windows\Installer\54d1d4.msp
+ 2008-07-29 19:40 . 2008-07-29 19:40 291840 c:\windows\Installer\54d1d2.msp
+ 2012-02-14 11:12 . 2012-02-14 11:12 137728 c:\windows\Installer\54d1cc.msi
+ 2008-07-29 17:35 . 2008-07-29 17:35 553472 c:\windows\Installer\4fdea4.msp
+ 2008-07-29 17:33 . 2008-07-29 17:33 506368 c:\windows\Installer\4fdea2.msp
+ 2008-07-29 17:37 . 2008-07-29 17:37 911360 c:\windows\Installer\4fdea1.msp
+ 2004-08-11 16:00 . 2006-11-01 18:31 315904 c:\windows\inf\unregmp2.exe
+ 2012-02-14 11:31 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2632503-IE8\spuninst\updspapi.dll
+ 2012-02-14 11:31 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2632503-IE8\spuninst\spuninst.exe
+ 2012-02-14 11:31 . 2011-03-04 06:37 726528 c:\windows\ie8updates\KB2632503-IE8\jscript.dll
+ 2012-02-14 11:09 . 2008-03-13 04:52 761344 c:\windows\Driver Cache\i386\unires.dll
+ 2012-02-14 11:09 . 2008-07-06 12:06 744960 c:\windows\Driver Cache\i386\unidrvui.dll
+ 2012-02-14 11:09 . 2008-07-06 12:06 373248 c:\windows\Driver Cache\i386\unidrv.dll
+ 2012-02-14 11:09 . 2008-07-06 12:06 198656 c:\windows\Driver Cache\i386\mxdwdui.dll
+ 2012-02-14 11:09 . 2008-07-06 12:06 765440 c:\windows\Driver Cache\i386\mxdwdrv.dll
+ 2012-02-14 11:47 . 2012-02-14 11:47 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\2ef5bc3a2edd7570bb23886a4f32294a\WsatConfig.ni.exe
+ 2012-02-14 11:35 . 2012-02-14 11:35 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6a818099f0386e2356ae94f886a2196f\WindowsFormsIntegration.ni.dll
+ 2012-02-14 11:35 . 2012-02-14 11:35 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a6d9503962d47c722231c1478f180695\UIAutomationTypes.ni.dll
+ 2012-02-14 11:35 . 2012-02-14 11:35 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\5c028c3d8db6c0f0277673ea4a2d89fb\UIAutomationClient.ni.dll
+ 2012-02-14 11:53 . 2012-02-14 11:53 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c338a470b14851ce5987bb0f0869c310\System.Xml.Linq.ni.dll
+ 2012-02-14 11:51 . 2012-02-14 11:51 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\bb77ea11f46ab438b2b7ed7c180011a1\System.Web.Routing.ni.dll
+ 2012-02-14 11:52 . 2012-02-14 11:52 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6ee255220d90dcbe80c990e443051cc5\System.Web.RegularExpressions.ni.dll
+ 2012-02-14 11:52 . 2012-02-14 11:52 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\58f62044fa702ea6f936071aa5520baa\System.Web.Extensions.Design.ni.dll
+ 2012-02-14 11:51 . 2012-02-14 11:51 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\79c29ac85dd57dd485ab60118ac292ff\System.Web.Entity.ni.dll
+ 2012-02-14 11:51 . 2012-02-14 11:51 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d3d65e34fa60f0b6c72ca0d12ec89933\System.Web.Entity.Design.ni.dll
+ 2012-02-14 11:51 . 2012-02-14 11:51 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\b7891f5659db299dbd1b3c72db7edb9f\System.Web.DynamicData.ni.dll
+ 2012-02-14 11:51 . 2012-02-14 11:51 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\00ec08741a765c707bd9169346064a81\System.Web.Abstractions.ni.dll
+ 2012-02-14 11:51 . 2012-02-14 11:51 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5a555c9ae6984c40157cf940bb519f7c\System.Transactions.ni.dll
+ 2012-02-14 11:51 . 2012-02-14 11:51 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ea3366939280c1715f1c620e33ee3c8a\System.ServiceProcess.ni.dll
+ 2012-02-14 11:48 . 2012-02-14 11:48 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\1c8df2da33222c048d683017f2095f04\System.Security.ni.dll
+ 2012-02-14 11:50 . 2012-02-14 11:50 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bfd6e16d8c3589cd2bd3f8d46f0a5402\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-14 11:51 . 2012-02-14 11:51 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\519d9c618341b136f9b963ffb7495308\System.Net.ni.dll
+ 2012-02-14 11:50 . 2012-02-14 11:50 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\8642fdfbf02a6cb6f01169fe6fdb5d11\System.Management.ni.dll
+ 2012-02-14 11:50 . 2012-02-14 11:50 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\1d3fbbd23ce1e8637ef4f40a8d23cd32\System.Management.Instrumentation.ni.dll
+ 2012-02-14 11:46 . 2012-02-14 11:46 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7c367a96b10d626ec8cbf8149272d845\System.IO.Log.ni.dll
+ 2012-02-14 11:46 . 2012-02-14 11:46 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\68e71147704ef0d34d9a4bece7767fc5\System.IdentityModel.Selectors.ni.dll
+ 2012-02-14 11:50 . 2012-02-14 11:50 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.Wrapper.dll
+ 2012-02-14 11:50 . 2012-02-14 11:50 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.ni.dll
+ 2012-02-14 11:34 . 2012-02-14 11:34 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\18bbe2b6717e7f1d1dd672526e9889ee\System.Drawing.Design.ni.dll
+ 2012-02-14 11:50 . 2012-02-14 11:50 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c434a07332ce490711c27fd0edb7562f\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-14 11:50 . 2012-02-14 11:50 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8b3bb7a2c2f3ffe94c866283f1cd5957\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-14 11:50 . 2012-02-14 11:50 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a4b887f476fa4b8746a93a9fc2208560\System.Data.Services.Client.ni.dll
+ 2012-02-14 11:50 . 2012-02-14 11:50 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1cf3acad6553d6c59df576794f4e8bd6\System.Data.Services.Design.ni.dll
+ 2012-02-14 11:50 . 2012-02-14 11:50 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\392de34573f9f8ec885714f2f3e7f07f\System.Data.Entity.Design.ni.dll
+ 2012-02-14 11:49 . 2012-02-14 11:49 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\1db495ff00bbd14df4af6680c4de0653\System.Data.DataSetExtensions.ni.dll
+ 2012-02-14 11:48 . 2012-02-14 11:48 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll
+ 2012-02-14 11:50 . 2012-02-14 11:50 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\de514e484e49b04b016949d57ffac03e\System.Configuration.Install.ni.dll
+ 2012-02-14 11:48 . 2012-02-14 11:48 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\ce984d754e3c0b6be4504b785cc43574\System.AddIn.ni.dll
+ 2012-02-14 11:47 . 2012-02-14 11:47 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\045dd501b7257b1cc26083538ae69045\SMSvcHost.ni.exe
+ 2012-02-14 11:47 . 2012-02-14 11:47 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9790551187e294b4ed3aaa1c221891c7\SMDiagnostics.ni.dll
+ 2012-02-14 11:47 . 2012-02-14 11:47 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\10a0c9707876fc1f65e64b811a28b020\ServiceModelReg.ni.exe
+ 2012-02-14 11:31 . 2012-02-14 11:31 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f475294d8c7dc2dd4febeef27bc0417e\PresentationFramework.Classic.ni.dll
+ 2012-02-14 11:31 . 2012-02-14 11:31 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8003abaf6bcf70f7eb620d06837e897b\PresentationFramework.Luna.ni.dll
+ 2012-02-14 11:31 . 2012-02-14 11:31 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\59a67874d8d8475faa5be1d993083d12\PresentationFramework.Aero.ni.dll
+ 2012-02-14 11:31 . 2012-02-14 11:31 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2c980c9a5051d723c6ec2a78a3d0e2b3\PresentationFramework.Royale.ni.dll
+ 2012-02-14 11:48 . 2012-02-14 11:48 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\6d38e317128608bc4516ea46ab94590e\MSBuild.ni.exe
+ 2012-02-14 11:47 . 2012-02-14 11:47 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1820d6a012fc0e16c3e1d29d973cd2d0\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-14 11:48 . 2012-02-14 11:48 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\55b9eff9e23359faed4351386c062238\Microsoft.Build.Utilities.ni.dll
+ 2012-02-14 11:48 . 2012-02-14 11:48 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4217124db1ea5de5f1a1f3eea75e8d32\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-02-14 11:48 . 2012-02-14 11:48 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\96825c34d7e1f7df1923ff2123bed8da\Microsoft.Build.Engine.ni.dll
+ 2012-02-14 11:48 . 2012-02-14 11:48 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\9b321ebf67587237f576df6104a32588\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-02-14 11:48 . 2012-02-14 11:48 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\9bea05938bee3555c5aa8763d89a68f9\CustomMarshalers.ni.dll
+ 2012-02-14 11:47 . 2012-02-14 11:47 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\12629e2f3e315459bee67cbbaac85cb2\ComSvcConfig.ni.exe
+ 2012-02-14 11:48 . 2012-02-14 11:48 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\b5b2feadc3943e3976daebc0bcd2b5e2\AspNetMMCExt.ni.dll
+ 2012-02-14 11:11 . 2012-02-14 11:11 385024 c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-02-14 11:11 . 2012-02-14 11:11 167936 c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-02-14 11:14 . 2012-02-14 11:14 139264 c:\windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-02-14 11:13 . 2012-02-14 11:13 507904 c:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2012-02-14 11:11 . 2012-02-14 11:11 540672 c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2012-02-14 11:21 . 2012-02-14 11:21 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-02-14 11:21 . 2012-02-14 11:21 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-02-14 11:14 . 2012-02-14 11:14 335872 c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2012-02-14 11:28 . 2012-02-14 11:28 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2012-02-14 11:14 . 2012-02-14 11:14 131072 c:\windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2012-02-14 11:28 . 2012-02-14 11:28 229376 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2012-02-14 11:11 . 2012-02-14 11:11 688128 c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-02-14 11:21 . 2012-02-14 11:21 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-02-14 11:13 . 2012-02-14 11:13 569344 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
+ 2012-02-14 11:21 . 2012-02-14 11:21 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-02-14 11:11 . 2012-02-14 11:11 966656 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-02-14 11:21 . 2012-02-14 11:21 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-02-14 11:21 . 2012-02-14 11:21 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-02-14 11:14 . 2012-02-14 11:14 233472 c:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-02-14 11:22 . 2012-02-14 11:22 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-02-14 11:22 . 2012-02-14 11:22 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-02-14 11:14 . 2012-02-14 11:14 143360 c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-02-14 11:11 . 2012-02-14 11:11 131072 c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-02-14 11:11 . 2012-02-14 11:11 430080 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-02-14 11:11 . 2012-02-14 11:11 126976 c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-02-14 11:21 . 2012-02-14 11:21 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-02-14 11:21 . 2012-02-14 11:21 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-02-14 11:21 . 2012-02-14 11:21 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-02-14 11:14 . 2012-02-14 11:14 286720 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-02-14 11:22 . 2012-02-14 11:22 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-02-14 11:22 . 2012-02-14 11:22 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-02-14 11:27 . 2012-02-14 11:28 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2012-02-14 11:14 . 2012-02-14 11:14 114688 c:\windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2012-02-14 11:27 . 2012-02-14 11:27 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-02-14 11:14 . 2012-02-14 11:14 684032 c:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-02-14 11:14 . 2012-02-14 11:14 229376 c:\windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2012-02-14 11:14 . 2012-02-14 11:14 667648 c:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
+ 2012-02-14 11:22 . 2012-02-14 11:22 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-02-14 11:14 . 2012-02-14 11:14 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-02-14 11:22 . 2012-02-14 11:22 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-02-14 11:11 . 2012-02-14 11:11 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2012-02-14 11:11 . 2012-02-14 11:11 528384 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-02-14 11:11 . 2012-02-14 11:11 864256 c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-02-14 11:11 . 2012-02-14 11:11 163840 c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-02-14 11:11 . 2012-02-14 11:11 397312 c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-02-14 11:11 . 2012-02-14 11:11 139264 c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-02-14 11:11 . 2012-02-14 11:11 196608 c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-02-14 11:11 . 2012-02-14 11:11 598016 c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2012-02-14 11:21 . 2012-02-14 11:21 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-02-14 11:21 . 2012-02-14 11:21 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-02-14 11:21 . 2012-02-14 11:21 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-02-14 11:11 . 2012-02-14 11:11 397312 c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-02-14 11:21 . 2012-02-14 11:21 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-02-14 11:22 . 2012-02-14 11:22 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-02-14 11:14 . 2012-02-14 11:14 802816 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
+ 2012-02-14 11:14 . 2012-02-14 11:14 733184 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-02-14 11:21 . 2012-02-14 11:21 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-02-14 11:14 . 2012-02-14 11:14 106496 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
+ 2012-02-14 11:21 . 2012-02-14 11:21 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-02-14 11:21 . 2012-02-14 11:21 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-02-14 11:11 . 2012-02-14 11:11 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-02-14 11:21 . 2012-02-14 11:21 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-02-14 11:21 . 2012-02-14 11:21 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-02-14 11:22 . 2012-02-14 11:22 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-02-14 11:11 . 2012-02-14 11:11 163840 c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2004-08-11 16:00 . 2011-03-11 14:10 471552 c:\windows\AppPatch\aclayers.dll
- 2004-08-11 16:00 . 2009-11-21 15:51 471552 c:\windows\AppPatch\aclayers.dll
+ 2006-10-18 21:47 . 2006-10-18 21:47 2603008 c:\windows\system32\WpdShext.dll
+ 2006-10-18 21:47 . 2006-10-18 21:47 1382912 c:\windows\system32\WMVSDECD.dll
+ 2006-10-18 21:47 . 2006-10-18 21:47 1574912 c:\windows\system32\WMVENCOD.dll
+ 2006-10-18 21:47 . 2006-10-18 21:47 1543680 c:\windows\system32\WMVDECOD.dll
+ 2004-08-11 16:00 . 2010-04-06 04:52 2462720 c:\windows\system32\WMVCore.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 1329152 c:\windows\system32\WMSPDMOE.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 8231936 c:\windows\system32\wmploc.dll
+ 2006-10-18 21:47 . 2006-10-18 21:47 1661440 c:\windows\system32\wmpencen.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 1117696 c:\windows\system32\WMADMOE.dll
+ 2008-05-26 22:21 . 2008-05-26 22:21 1582592 c:\windows\system32\tquery.dll
+ 2012-02-14 11:10 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\XPSEP\i386\xpssvcs.dll
+ 2012-02-14 11:10 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\XPSEP\i386\i386\xpssvcs.dll
+ 2012-02-14 11:10 . 2008-07-06 17:36 2936832 c:\windows\system32\spool\XPSEP\amd64\xpssvcs.dll
+ 2012-02-14 11:10 . 2008-07-06 17:36 2936832 c:\windows\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
+ 2012-02-14 11:09 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\drivers\w32x86\3\XpsSvcs.dll
+ 2008-05-26 22:21 . 2008-05-26 22:21 1418240 c:\windows\system32\mssrch.dll
+ 2004-08-11 16:00 . 2010-04-06 04:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 1329152 c:\windows\system32\dllcache\WMSPDMOE.dll
+ 2008-08-24 17:47 . 2006-10-18 21:47 8231936 c:\windows\system32\dllcache\wmploc.dll
+ 2004-08-11 16:00 . 2006-10-18 21:47 1117696 c:\windows\system32\dllcache\WMADMOE.dll
+ 2004-08-11 16:12 . 2006-11-01 18:31 1669120 c:\windows\system32\dllcache\setup_wm.exe
+ 2008-07-29 23:40 . 2008-07-29 23:40 1720824 c:\windows\Microsoft.NET\Framework\v3.5\vbc.exe
+ 2008-07-29 18:47 . 2008-07-29 18:47 1054208 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 1364992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\SITSetup.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 1064448 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\gencomp.dll
+ 2008-07-29 23:40 . 2008-07-29 23:40 1548280 c:\windows\Microsoft.NET\Framework\v3.5\csc.exe
+ 2008-12-05 19:35 . 2008-12-05 19:35 1736528 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
+ 2008-07-29 21:10 . 2008-07-29 21:10 2637840 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll
+ 2008-07-29 21:10 . 2008-07-29 21:10 4883464 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll
+ 2008-12-05 20:12 . 2008-12-05 20:12 5931008 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 1344000 c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 1172472 c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2008-11-25 04:59 . 2008-11-25 04:59 2048000 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2008-11-25 04:59 . 2008-11-25 04:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 3149824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 2933248 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2008-11-25 04:59 . 2008-11-25 04:59 5813576 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2008-11-25 04:59 . 2008-11-25 04:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 1163768 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2008-12-13 09:57 . 2008-12-13 09:57 8397824 c:\windows\Installer\57afb3.msp
+ 2008-07-29 19:26 . 2008-07-29 19:26 1043456 c:\windows\Installer\54d1d5.msp
+ 2008-07-29 20:37 . 2008-07-29 20:37 2679808 c:\windows\Installer\54d1d3.msp
+ 2008-07-29 21:15 . 2008-07-29 21:15 3697664 c:\windows\Installer\54d1d1.msp
+ 2008-07-29 19:34 . 2008-07-29 19:34 1448448 c:\windows\Installer\54d1d0.msp
+ 2008-07-29 20:22 . 2008-07-29 20:22 4137984 c:\windows\Installer\54d1cf.msp
+ 2008-07-29 19:18 . 2008-07-29 19:18 3376640 c:\windows\Installer\54d1ce.msp
+ 2008-07-29 17:45 . 2008-07-29 17:45 2543616 c:\windows\Installer\4fdea8.msp
+ 2008-07-29 17:29 . 2008-07-29 17:29 2926080 c:\windows\Installer\4fdea7.msp
+ 2008-07-29 17:41 . 2008-07-29 17:41 6487040 c:\windows\Installer\4fdea6.msp
+ 2008-07-29 17:39 . 2008-07-29 17:39 3403264 c:\windows\Installer\4fdea5.msp
+ 2008-07-29 17:43 . 2008-07-29 17:43 1013248 c:\windows\Installer\4fdea3.msp
+ 2008-07-29 17:31 . 2008-07-29 17:31 6083072 c:\windows\Installer\4fdea0.msp
+ 2012-02-14 11:27 . 2012-02-14 11:27 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\14cd5f4b61d35f9b76327d6be9853755\WindowsBase.ni.dll
+ 2012-02-14 11:35 . 2012-02-14 11:35 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\f3c7957351aec85f526a3350c9718b1e\UIAutomationClientsideProviders.ni.dll
+ 2012-02-14 11:26 . 2012-02-14 11:26 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\80978a322d7dd39f0a71be1251ae395a\System.ni.dll
+ 2012-02-14 11:35 . 2012-02-14 11:35 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\773a9786013451d3baaeff003dc4230f\System.Xml.ni.dll
+ 2012-02-14 11:53 . 2012-02-14 11:53 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\ac1750e78d79520dcf19195772eff1b6\System.WorkflowServices.ni.dll
+ 2012-02-14 11:53 . 2012-02-14 11:53 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d265da36954fcb4cb7ad5adc693ea0f2\System.Workflow.Runtime.ni.dll
+ 2012-02-14 11:52 . 2012-02-14 11:52 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\693a8fbe6f7ad6e4e429052da4317e59\System.Workflow.ComponentModel.ni.dll
+ 2012-02-14 11:52 . 2012-02-14 11:52 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\cc99fbbac0b6e4e9ca62093e49b0c16b\System.Workflow.Activities.ni.dll
+ 2012-02-14 11:52 . 2012-02-14 11:52 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\b57bb002a655920cbfa2bee29d1e22b7\System.Web.Services.ni.dll
+ 2012-02-14 11:52 . 2012-02-14 11:52 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\81197e32ec931f439b3114e9031b65d6\System.Web.Mobile.ni.dll
+ 2012-02-14 11:51 . 2012-02-14 11:51 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\7f64c9d25471b72e1e957bdfe67947c8\System.Web.Extensions.ni.dll
+ 2012-02-14 11:35 . 2012-02-14 11:35 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\63cf639b6e0a3c25c1643c85016e7422\System.Speech.ni.dll
+ 2012-02-14 11:51 . 2012-02-14 11:51 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\340cad17fe57947eacbc8fa2cea780da\System.ServiceModel.Web.ni.dll
+ 2012-02-14 11:46 . 2012-02-14 11:46 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\034c91b133dee73d452652c52767b5ea\System.Runtime.Serialization.ni.dll
+ 2012-02-14 11:35 . 2012-02-14 11:35 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\646ab52eef343380aa002c220dc31e13\System.Printing.ni.dll
+ 2012-02-14 11:46 . 2012-02-14 11:46 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c2de8479e54852f56996f79bc93acb13\System.IdentityModel.ni.dll
+ 2012-02-14 11:34 . 2012-02-14 11:34 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3da96ee075bab9202626ae44c18d226c\System.Drawing.ni.dll
+ 2012-02-14 11:50 . 2012-02-14 11:50 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\543aced762f6b0c3f8e037955941afc6\System.DirectoryServices.ni.dll
+ 2012-02-14 11:50 . 2012-02-14 11:50 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\a6b58624486714fa71e5e35186850ff0\System.Deployment.ni.dll
+ 2012-02-14 11:33 . 2012-02-14 11:33 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\c70731047b0022638b3f9fb158948a03\System.Data.ni.dll
+ 2012-02-14 11:48 . 2012-02-14 11:48 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\826b09ab0d0e36f4d631b4cd335df511\System.Data.SqlXml.ni.dll
+ 2012-02-14 11:50 . 2012-02-14 11:50 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\956a513dcbd44d5a6801840ef2b0b47b\System.Data.Services.ni.dll
+ 2012-02-14 11:33 . 2012-02-14 11:33 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\0bbec79460b1137df5313f9baf7b246f\System.Data.Linq.ni.dll
+ 2012-02-14 11:49 . 2012-02-14 11:49 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6479f975b105808a8d9e7a7fdc762551\System.Data.Entity.ni.dll
+ 2012-02-14 11:32 . 2012-02-14 11:32 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\47d87251e93256c635eb73403b8db33e\System.Core.ni.dll
+ 2012-02-14 11:32 . 2012-02-14 11:32 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\4bfb3048bf200a6a8592d1b4ba861a7f\ReachFramework.ni.dll
+ 2012-02-14 11:32 . 2012-02-14 11:32 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\6bafb1a2a73794ddb9761cb321c9e7e2\PresentationUI.ni.dll
+ 2012-02-14 11:26 . 2012-02-14 11:26 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\e634bc4c4a00635a0a254febab0e2e2c\PresentationBuildTasks.ni.dll
+ 2012-02-14 11:48 . 2012-02-14 11:48 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1c86afc399d0fdd8e069266ffbe748d1\Microsoft.VisualBasic.ni.dll
+ 2012-02-14 11:47 . 2012-02-14 11:47 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6b2f62f5e981913fce1d223f645d9ddf\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-14 11:51 . 2012-02-14 11:51 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b261961046545831aa60963e84905968\Microsoft.JScript.ni.dll
+ 2012-02-14 11:48 . 2012-02-14 11:48 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\bd241492d96db39f20e758c13c845033\Microsoft.Build.Tasks.ni.dll
+ 2012-02-14 11:48 . 2012-02-14 11:48 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a47100d8f4574bed2d49d83d0ab8964e\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-02-14 11:48 . 2012-02-14 11:48 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6cfe582681724965fb817e8ece5f0909\Microsoft.Build.Engine.ni.dll
+ 2012-02-14 11:11 . 2012-02-14 11:11 1245184 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-02-14 11:22 . 2012-02-14 11:22 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-02-14 11:22 . 2012-02-14 11:22 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-02-14 11:11 . 2012-02-14 11:11 1630208 c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2012-02-14 11:11 . 2012-02-14 11:11 1138688 c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2012-02-14 11:21 . 2012-02-14 11:21 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-02-14 11:28 . 2012-02-14 11:28 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-02-14 11:26 . 2012-02-14 11:26 5931008 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-02-14 11:21 . 2012-02-14 11:21 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-02-14 11:14 . 2012-02-14 11:14 2879488 c:\windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-02-14 11:26 . 2012-02-14 11:26 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-02-14 11:21 . 2012-02-14 11:21 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-02-14 11:22 . 2012-02-14 11:22 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-02-14 11:11 . 2012-02-14 11:11 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-02-14 11:22 . 2012-02-14 11:22 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2004-08-11 16:00 . 2010-08-25 23:36 10841088 c:\windows\system32\wmp.dll
+ 2008-08-24 17:47 . 2010-08-25 23:36 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2008-12-13 10:21 . 2008-12-13 10:21 10473472 c:\windows\Installer\57afbd.msp
+ 2012-02-14 11:35 . 2012-02-14 11:35 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\63406259e94d5c0ff5b79401dfe113ce\System.Windows.Forms.ni.dll
+ 2012-02-14 11:51 . 2012-02-14 11:51 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\3963ce03d445a8619abbf388d590134b\System.Web.ni.dll
+ 2012-02-14 11:47 . 2012-02-14 11:47 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\85a68b5908535729e0458a1a58001df3\System.ServiceModel.ni.dll
+ 2012-02-14 11:34 . 2012-02-14 11:34 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8ee220bc3cce4f7bbd7818946519ed7f\System.Design.ni.dll
+ 2012-02-14 11:31 . 2012-02-14 11:31 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96e710f47c601cba3f2348a8d11ddede\PresentationFramework.ni.dll
+ 2012-02-14 11:28 . 2012-02-14 11:28 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\956375d487cbef36165b3250030e3574\PresentationCore.ni.dll
+ 2012-02-14 11:25 . 2012-02-14 11:25 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvMon.exe"="c:\windows\system32\DrvMon.exe" [2004-09-10 53248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-15 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-15 126976]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"Broadbandadvisor.exe"="c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 2061552]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-12 215360]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-11-15 333376]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SMART Board Tools.lnk - c:\program files\SMART Board Software\SMARTBoardTools.exe [2006-5-10 3248128]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 15:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterWrite Starter.lnk]
backup=c:\windows\pss\InterWrite Starter.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
2002-12-02 19:56 40960 ----a-w- c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-04-26 07:04 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-10-11 22:42 155648 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2003-11-19 16:48 32881 ----a-w- c:\program files\Java\j2re1.4.2_03\bin\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
.
S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [09/09/2011 10:24 89624]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 18:25 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 18:41 67656]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [09/09/2011 10:24 148520]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [09/09/2011 10:24 87808]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-16 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2012-02-13 13:08]
.
2012-02-16 c:\windows\Tasks\kdfk.job
- c:\windows\system32\msimtfk.dll [2012-02-12 04:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/
uInternet Connection Wizard,ShellNext = hxxp://www.euro.dell.com/
uInternet Settings,ProxyServer = ftp=proxy.intra.thegrid.org.uk:3128;http=wf1.thegrid.org.uk:80;https=wf1.thegrid.org.uk:80
uInternet Settings,ProxyOverride = hccwdprd2.*;*.klp.rm.com;NAI-Update;<local>
FF - ProfilePath - c:\documents and settings\Teacher\Application Data\Mozilla\Firefox\Profiles\rr3nf63m.default\
FF - prefs.js: network.proxy.ftp - proxy.intra.thegrid.org.uk
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - wf1.thegrid.org.uk
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.ssl - wf1.thegrid.org.uk
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-16 18:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(240)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
- - - - - - - > 'explorer.exe'(1364)
c:\windows\system32\WININET.dll
.
Completion time: 2012-02-16 18:11:54
ComboFix-quarantined-files.txt 2012-02-16 18:11
ComboFix2.txt 2012-02-14 10:42
.
Pre-Run: 44,851,937,280 bytes free
Post-Run: 44,967,669,760 bytes free
.
- - End Of File - - B303E2C6B000B687FF23070B03BC5643




ComboFix did not actually ask me to reboot but I have re-booted back into safe mode

Thank you for your continued help

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:49 AM

Posted 16 February 2012 - 01:57 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Kiki21

Kiki21
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 16 February 2012 - 02:01 PM

Would you like me to run these in Safe Mode or Normal Mode?

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:49 AM

Posted 16 February 2012 - 02:43 PM

Normal mode if possible


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Kiki21

Kiki21
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 16 February 2012 - 05:07 PM

19:54:27.0296 3648 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
19:54:27.0312 3648 ============================================================
19:54:27.0312 3648 Current date / time: 2012/02/16 19:54:27.0312
19:54:27.0312 3648 SystemInfo:
19:54:27.0312 3648
19:54:27.0312 3648 OS Version: 5.1.2600 ServicePack: 3.0
19:54:27.0312 3648 Product type: Workstation
19:54:27.0312 3648 ComputerName: PTO01
19:54:27.0312 3648 UserName: Teacher
19:54:27.0312 3648 Windows directory: C:\WINDOWS
19:54:27.0312 3648 System windows directory: C:\WINDOWS
19:54:27.0312 3648 Processor architecture: Intel x86
19:54:27.0312 3648 Number of processors: 1
19:54:27.0312 3648 Page size: 0x1000
19:54:27.0312 3648 Boot type: Normal boot
19:54:27.0312 3648 ============================================================
19:54:31.0703 3648 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:54:31.0703 3648 \Device\Harddisk0\DR0:
19:54:31.0703 3648 MBR used
19:54:31.0703 3648 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2738A, BlocksNum 0x6F9CA35
19:54:31.0984 3648 Initialize success
19:54:31.0984 3648 ============================================================
19:54:34.0546 3672 ============================================================
19:54:34.0546 3672 Scan started
19:54:34.0546 3672 Mode: Manual;
19:54:34.0546 3672 ============================================================
19:54:36.0500 3672 Abiosdsk - ok
19:54:36.0562 3672 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
19:54:36.0656 3672 abp480n5 - ok
19:54:36.0718 3672 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:54:36.0718 3672 ACPI - ok
19:54:36.0765 3672 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:54:36.0765 3672 ACPIEC - ok
19:54:36.0796 3672 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
19:54:36.0906 3672 adpu160m - ok
19:54:36.0953 3672 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:54:36.0968 3672 aec - ok
19:54:37.0015 3672 AegisP (076394a345ee5e9e3911fc0f058f4f38) C:\WINDOWS\system32\DRIVERS\AegisP.sys
19:54:37.0218 3672 AegisP - ok
19:54:37.0296 3672 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:54:37.0484 3672 AFD - ok
19:54:37.0703 3672 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
19:54:37.0796 3672 AFS2K - ok
19:54:37.0843 3672 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
19:54:37.0843 3672 agp440 - ok
19:54:37.0937 3672 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
19:54:37.0953 3672 agpCPQ - ok
19:54:37.0968 3672 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
19:54:38.0125 3672 Aha154x - ok
19:54:38.0171 3672 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
19:54:38.0328 3672 aic78u2 - ok
19:54:38.0359 3672 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
19:54:38.0453 3672 aic78xx - ok
19:54:38.0500 3672 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
19:54:38.0609 3672 AliIde - ok
19:54:38.0828 3672 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
19:54:38.0828 3672 alim1541 - ok
19:54:38.0937 3672 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
19:54:38.0937 3672 amdagp - ok
19:54:38.0984 3672 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
19:54:39.0140 3672 amsint - ok
19:54:39.0203 3672 ApfiltrService (aeb775a2bae0f392ba6adc0bb706233a) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
19:54:39.0375 3672 ApfiltrService - ok
19:54:39.0437 3672 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
19:54:39.0796 3672 APPDRV - ok
19:54:39.0890 3672 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:54:39.0906 3672 Arp1394 - ok
19:54:40.0109 3672 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
19:54:40.0281 3672 asc - ok
19:54:40.0312 3672 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
19:54:40.0406 3672 asc3350p - ok
19:54:40.0421 3672 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
19:54:40.0500 3672 asc3550 - ok
19:54:40.0562 3672 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:54:40.0578 3672 AsyncMac - ok
19:54:40.0609 3672 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:54:40.0625 3672 atapi - ok
19:54:40.0640 3672 Atdisk - ok
19:54:40.0671 3672 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:54:40.0687 3672 Atmarpc - ok
19:54:40.0718 3672 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:54:40.0734 3672 audstub - ok
19:54:40.0765 3672 bcm4sbxp (78123f44be9e4768852a3a017e02d637) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
19:54:40.0859 3672 bcm4sbxp - ok
19:54:40.0921 3672 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:54:40.0921 3672 Beep - ok
19:54:40.0984 3672 bvrp_pci - ok
19:54:41.0187 3672 catchme - ok
19:54:41.0265 3672 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
19:54:41.0281 3672 cbidf - ok
19:54:41.0312 3672 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:54:41.0312 3672 cbidf2k - ok
19:54:41.0359 3672 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
19:54:41.0531 3672 cd20xrnt - ok
19:54:41.0546 3672 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:54:41.0562 3672 Cdaudio - ok
19:54:41.0609 3672 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:54:41.0609 3672 Cdfs - ok
19:54:41.0640 3672 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:54:41.0656 3672 Cdrom - ok
19:54:41.0671 3672 Changer - ok
19:54:41.0703 3672 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:54:41.0703 3672 CmBatt - ok
19:54:41.0718 3672 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
19:54:41.0734 3672 CmdIde - ok
19:54:41.0750 3672 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:54:41.0765 3672 Compbatt - ok
19:54:41.0812 3672 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
19:54:41.0812 3672 Cpqarray - ok
19:54:41.0859 3672 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
19:54:41.0875 3672 dac2w2k - ok
19:54:41.0906 3672 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
19:54:42.0000 3672 dac960nt - ok
19:54:42.0062 3672 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:54:42.0062 3672 Disk - ok
19:54:42.0140 3672 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:54:42.0171 3672 dmboot - ok
19:54:42.0312 3672 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:54:42.0328 3672 dmio - ok
19:54:42.0359 3672 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:54:42.0359 3672 dmload - ok
19:54:42.0406 3672 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:54:42.0421 3672 DMusic - ok
19:54:42.0468 3672 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
19:54:42.0484 3672 dpti2o - ok
19:54:42.0531 3672 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:54:42.0531 3672 drmkaud - ok
19:54:42.0578 3672 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
19:54:42.0750 3672 E100B - ok
19:54:42.0828 3672 EntDrv51 - ok
19:54:42.0875 3672 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:54:42.0890 3672 Fastfat - ok
19:54:42.0968 3672 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:54:42.0968 3672 Fdc - ok
19:54:43.0015 3672 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:54:43.0031 3672 Fips - ok
19:54:43.0078 3672 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:54:43.0078 3672 Flpydisk - ok
19:54:43.0156 3672 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:54:43.0171 3672 FltMgr - ok
19:54:43.0250 3672 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:54:43.0265 3672 Fs_Rec - ok
19:54:43.0312 3672 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:54:43.0312 3672 Ftdisk - ok
19:54:43.0375 3672 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:54:43.0390 3672 Gpc - ok
19:54:43.0437 3672 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:54:43.0484 3672 HidUsb - ok
19:54:43.0562 3672 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
19:54:43.0734 3672 hpn - ok
19:54:43.0843 3672 HSFHWICH (140ba850417896b6b3322048de280368) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
19:54:44.0062 3672 HSFHWICH - ok
19:54:44.0156 3672 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
19:54:44.0312 3672 HSF_DP - ok
19:54:44.0421 3672 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:54:44.0437 3672 HTTP - ok
19:54:44.0515 3672 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
19:54:44.0515 3672 i2omgmt - ok
19:54:44.0562 3672 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
19:54:44.0578 3672 i2omp - ok
19:54:44.0625 3672 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:54:44.0625 3672 i8042prt - ok
19:54:44.0750 3672 ialm (737da0be27652c4482ac5cde099bfce9) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:54:45.0109 3672 ialm - ok
19:54:45.0312 3672 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:54:45.0312 3672 Imapi - ok
19:54:45.0390 3672 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
19:54:45.0546 3672 ini910u - ok
19:54:45.0609 3672 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
19:54:45.0609 3672 IntelIde - ok
19:54:45.0687 3672 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:54:45.0703 3672 intelppm - ok
19:54:45.0750 3672 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:54:45.0750 3672 Ip6Fw - ok
19:54:45.0781 3672 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:54:45.0796 3672 IpFilterDriver - ok
19:54:45.0828 3672 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:54:45.0828 3672 IpInIp - ok
19:54:45.0890 3672 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:54:45.0906 3672 IpNat - ok
19:54:45.0953 3672 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:54:45.0968 3672 IPSec - ok
19:54:46.0015 3672 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:54:46.0015 3672 IRENUM - ok
19:54:46.0046 3672 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:54:46.0046 3672 isapnp - ok
19:54:46.0171 3672 IWCA (872d090ca5c306f62d1982bce6302376) C:\WINDOWS\system32\DRIVERS\iwca.sys
19:54:46.0328 3672 IWCA - ok
19:54:46.0593 3672 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:54:46.0609 3672 Kbdclass - ok
19:54:46.0671 3672 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:54:46.0734 3672 kmixer - ok
19:54:46.0984 3672 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:54:47.0000 3672 KSecDD - ok
19:54:47.0046 3672 lbrtfdc - ok
19:54:47.0328 3672 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
19:54:47.0343 3672 mdmxsdk - ok
19:54:47.0406 3672 mfeapfk (80d337a6104f6f69c89f42602c50e5d8) C:\WINDOWS\system32\drivers\mfeapfk.sys
19:54:47.0593 3672 mfeapfk - ok
19:54:47.0656 3672 mfeavfk (54ee8eec41c2f9f03cad1874b6af54b0) C:\WINDOWS\system32\drivers\mfeavfk.sys
19:54:47.0875 3672 mfeavfk - ok
19:54:47.0890 3672 mfeavfk01 - ok
19:54:47.0968 3672 mfebopk (61b36c8a0992b813cb2445e29296c654) C:\WINDOWS\system32\drivers\mfebopk.sys
19:54:48.0156 3672 mfebopk - ok
19:54:48.0437 3672 mfehidk (87dfa0244a4cbc817a24d067b4e4ed24) C:\WINDOWS\system32\drivers\mfehidk.sys
19:54:48.0828 3672 mfehidk - ok
19:54:48.0875 3672 mferkdet (60a05b48c781c0a69ff2e2e4fe3cf27c) C:\WINDOWS\system32\drivers\mferkdet.sys
19:54:49.0000 3672 mferkdet - ok
19:54:49.0125 3672 mferkdk - ok
19:54:49.0234 3672 mfetdi2k (98d63d6bd19484edac7788eb1bff421c) C:\WINDOWS\system32\drivers\mfetdi2k.sys
19:54:49.0421 3672 mfetdi2k - ok
19:54:49.0609 3672 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:54:49.0609 3672 mnmdd - ok
19:54:49.0687 3672 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:54:49.0687 3672 Modem - ok
19:54:49.0718 3672 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:54:49.0718 3672 Mouclass - ok
19:54:49.0781 3672 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:54:49.0796 3672 mouhid - ok
19:54:49.0859 3672 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:54:49.0875 3672 MountMgr - ok
19:54:49.0968 3672 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
19:54:50.0125 3672 mraid35x - ok
19:54:50.0156 3672 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:54:50.0171 3672 MRxDAV - ok
19:54:50.0265 3672 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:54:50.0468 3672 MRxSmb - ok
19:54:50.0640 3672 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:54:50.0656 3672 Msfs - ok
19:54:50.0718 3672 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:54:50.0718 3672 MSKSSRV - ok
19:54:50.0750 3672 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:54:50.0765 3672 MSPCLOCK - ok
19:54:50.0781 3672 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:54:50.0796 3672 MSPQM - ok
19:54:50.0859 3672 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:54:50.0875 3672 mssmbios - ok
19:54:50.0937 3672 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:54:51.0062 3672 Mup - ok
19:54:51.0125 3672 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:54:51.0140 3672 NDIS - ok
19:54:51.0218 3672 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:54:51.0390 3672 NdisTapi - ok
19:54:51.0437 3672 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:54:51.0453 3672 Ndisuio - ok
19:54:51.0468 3672 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:54:51.0500 3672 NdisWan - ok
19:54:51.0531 3672 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:54:51.0703 3672 NDProxy - ok
19:54:51.0921 3672 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:54:51.0937 3672 NetBIOS - ok
19:54:51.0984 3672 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:54:52.0000 3672 NetBT - ok
19:54:52.0062 3672 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:54:52.0078 3672 NIC1394 - ok
19:54:52.0109 3672 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:54:52.0109 3672 Npfs - ok
19:54:52.0234 3672 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:54:52.0265 3672 Ntfs - ok
19:54:52.0312 3672 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:54:52.0328 3672 Null - ok
19:54:52.0468 3672 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:54:52.0562 3672 nv - ok
19:54:52.0750 3672 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:54:52.0765 3672 NwlnkFlt - ok
19:54:52.0781 3672 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:54:52.0796 3672 NwlnkFwd - ok
19:54:52.0828 3672 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:54:52.0843 3672 ohci1394 - ok
19:54:52.0937 3672 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:54:52.0953 3672 Parport - ok
19:54:52.0984 3672 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:54:53.0000 3672 PartMgr - ok
19:54:53.0031 3672 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:54:53.0046 3672 ParVdm - ok
19:54:53.0062 3672 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:54:53.0078 3672 PCI - ok
19:54:53.0093 3672 PCIDump - ok
19:54:53.0125 3672 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:54:53.0140 3672 PCIIde - ok
19:54:53.0234 3672 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
19:54:53.0250 3672 Pcmcia - ok
19:54:53.0265 3672 PDCOMP - ok
19:54:53.0296 3672 PDFRAME - ok
19:54:53.0312 3672 PDRELI - ok
19:54:53.0328 3672 PDRFRAME - ok
19:54:53.0375 3672 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
19:54:53.0593 3672 perc2 - ok
19:54:53.0671 3672 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
19:54:53.0671 3672 perc2hib - ok
19:54:53.0765 3672 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:54:53.0765 3672 PptpMiniport - ok
19:54:54.0125 3672 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:54:54.0140 3672 PSched - ok
19:54:54.0187 3672 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:54:54.0187 3672 Ptilink - ok
19:54:54.0250 3672 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:54:54.0359 3672 PxHelp20 - ok
19:54:54.0406 3672 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
19:54:54.0421 3672 ql1080 - ok
19:54:54.0453 3672 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
19:54:54.0453 3672 Ql10wnt - ok
19:54:54.0484 3672 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
19:54:54.0500 3672 ql12160 - ok
19:54:54.0515 3672 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
19:54:54.0531 3672 ql1240 - ok
19:54:54.0546 3672 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
19:54:54.0562 3672 ql1280 - ok
19:54:54.0593 3672 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:54:54.0609 3672 RasAcd - ok
19:54:54.0640 3672 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:54:54.0656 3672 Rasl2tp - ok
19:54:54.0671 3672 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:54:54.0687 3672 RasPppoe - ok
19:54:54.0703 3672 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:54:54.0718 3672 Raspti - ok
19:54:54.0750 3672 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:54:54.0765 3672 Rdbss - ok
19:54:54.0781 3672 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:54:54.0796 3672 RDPCDD - ok
19:54:54.0828 3672 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:54:54.0828 3672 rdpdr - ok
19:54:54.0937 3672 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:54:55.0218 3672 RDPWD - ok
19:54:55.0343 3672 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:54:55.0359 3672 redbook - ok
19:54:55.0468 3672 s24trans (81aa6f0d6a2be1c550f814b036215888) C:\WINDOWS\system32\DRIVERS\s24trans.sys
19:54:55.0484 3672 s24trans - ok
19:54:55.0656 3672 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:54:55.0781 3672 SASDIFSV - ok
19:54:55.0812 3672 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:54:55.0968 3672 SASKUTIL - ok
19:54:56.0062 3672 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:54:56.0078 3672 Secdrv - ok
19:54:56.0125 3672 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:54:56.0140 3672 serenum - ok
19:54:56.0296 3672 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:54:56.0312 3672 Serial - ok
19:54:56.0375 3672 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:54:56.0390 3672 Sfloppy - ok
19:54:56.0437 3672 Simbad - ok
19:54:56.0500 3672 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
19:54:56.0515 3672 sisagp - ok
19:54:56.0609 3672 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
19:54:56.0640 3672 Sparrow - ok
19:54:56.0687 3672 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:54:56.0687 3672 splitter - ok
19:54:56.0734 3672 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:54:56.0750 3672 sr - ok
19:54:56.0828 3672 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:54:57.0000 3672 Srv - ok
19:54:57.0078 3672 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys
19:54:57.0265 3672 STAC97 - ok
19:54:57.0390 3672 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:54:57.0406 3672 swenum - ok
19:54:57.0437 3672 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:54:57.0453 3672 swmidi - ok
19:54:57.0531 3672 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
19:54:57.0703 3672 symc810 - ok
19:54:57.0750 3672 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
19:54:57.0921 3672 symc8xx - ok
19:54:57.0968 3672 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
19:54:57.0984 3672 sym_hi - ok
19:54:58.0015 3672 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
19:54:58.0187 3672 sym_u3 - ok
19:54:58.0250 3672 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:54:58.0265 3672 sysaudio - ok
19:54:58.0359 3672 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:54:58.0390 3672 Tcpip - ok
19:54:58.0484 3672 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:54:58.0500 3672 TDPIPE - ok
19:54:58.0578 3672 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:54:58.0578 3672 TDTCP - ok
19:54:58.0625 3672 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:54:58.0625 3672 TermDD - ok
19:54:58.0703 3672 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
19:54:58.0718 3672 TosIde - ok
19:54:58.0765 3672 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:54:58.0781 3672 Udfs - ok
19:54:58.0828 3672 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
19:54:58.0984 3672 ultra - ok
19:54:59.0062 3672 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:54:59.0093 3672 Update - ok
19:54:59.0203 3672 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:54:59.0203 3672 usbccgp - ok
19:54:59.0250 3672 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:54:59.0250 3672 usbehci - ok
19:54:59.0296 3672 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:54:59.0312 3672 usbhub - ok
19:54:59.0406 3672 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:54:59.0421 3672 usbprint - ok
19:54:59.0500 3672 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:54:59.0515 3672 usbscan - ok
19:54:59.0546 3672 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:54:59.0562 3672 USBSTOR - ok
19:54:59.0609 3672 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:54:59.0625 3672 usbuhci - ok
19:54:59.0640 3672 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:54:59.0656 3672 VgaSave - ok
19:54:59.0718 3672 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
19:54:59.0718 3672 viaagp - ok
19:54:59.0750 3672 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
19:54:59.0750 3672 ViaIde - ok
19:54:59.0796 3672 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:54:59.0812 3672 VolSnap - ok
19:55:00.0125 3672 w29n51 (f0f902220910c4fbe42a51964bd33599) C:\WINDOWS\system32\DRIVERS\w29n51.sys
19:55:00.0437 3672 w29n51 - ok
19:55:00.0609 3672 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:55:00.0609 3672 Wanarp - ok
19:55:00.0625 3672 WDICA - ok
19:55:00.0656 3672 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:55:00.0671 3672 wdmaud - ok
19:55:00.0765 3672 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
19:55:00.0890 3672 winachsf - ok
19:55:01.0031 3672 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:55:01.0031 3672 WS2IFSL - ok
19:55:01.0109 3672 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:55:01.0125 3672 WudfPf - ok
19:55:01.0156 3672 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:55:01.0171 3672 WudfRd - ok
19:55:01.0265 3672 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:55:01.0515 3672 \Device\Harddisk0\DR0 - ok
19:55:01.0515 3672 Boot (0x1200) (e31496d4eabf7be8474e866709487eb3) \Device\Harddisk0\DR0\Partition0
19:55:01.0531 3672 \Device\Harddisk0\DR0\Partition0 - ok
19:55:01.0531 3672 ============================================================
19:55:01.0531 3672 Scan finished
19:55:01.0531 3672 ============================================================
19:55:01.0546 3664 Detected object count: 0
19:55:01.0546 3664 Actual detected object count: 0
19:55:21.0125 3628 Deinitialize success





aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-16 10:33:03
-----------------------------
10:33:03.656 OS Version: Windows 5.1.2600 Service Pack 3
10:33:03.656 Number of processors: 1 586 0xD08
10:33:03.656 ComputerName: PTO01 UserName:
10:33:04.718 Initialize success
10:33:22.187 AVAST engine defs: 12021600
10:33:24.968 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:33:24.968 Disk 0 Vendor: Hitachi_HTS541060G9AT00 MB3OA61A Size: 57231MB BusType: 3
10:33:25.015 Disk 0 MBR read successfully
10:33:25.015 Disk 0 MBR scan
10:33:25.093 Disk 0 Windows XP default MBR code
10:33:25.109 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
10:33:25.390 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 57145 MB offset 160650
10:33:25.515 Disk 0 scanning sectors +117194175
10:33:25.734 Disk 0 scanning C:\WINDOWS\system32\drivers
10:34:01.296 Service scanning
10:34:03.078 Modules scanning
10:34:20.093 Disk 0 trace - called modules:
10:34:20.109 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
10:34:20.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f80030]
10:34:20.156 3 CLASSPNP.SYS[f85f2fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82fe63f0]
10:34:20.875 AVAST engine scan C:\WINDOWS
10:35:03.812 AVAST engine scan C:\WINDOWS\system32
10:37:23.171 File: C:\WINDOWS\system32\msimtfk.dll **INFECTED** Win32:Diller-BU [Trj]
10:41:34.640 AVAST engine scan C:\WINDOWS\system32\drivers
10:42:12.953 AVAST engine scan C:\Documents and Settings\Teacher
10:50:26.453 AVAST engine scan C:\Documents and Settings\All Users
10:57:01.390 Scan finished successfully
10:57:54.078 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Teacher\Desktop\MBR.dat"
10:57:54.156 The log file has been saved successfully to "C:\Documents and Settings\Teacher\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-16 19:56:08
-----------------------------
19:56:08.468 OS Version: Windows 5.1.2600 Service Pack 3
19:56:08.468 Number of processors: 1 586 0xD08
19:56:08.484 ComputerName: PTO01 UserName:
19:56:09.328 Initialize success
20:07:52.796 AVAST engine defs: 12021600
21:05:05.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:05:05.609 Disk 0 Vendor: Hitachi_HTS541060G9AT00 MB3OA61A Size: 57231MB BusType: 3
21:05:05.640 Disk 0 MBR read successfully
21:05:05.640 Disk 0 MBR scan
21:05:05.906 Disk 0 Windows XP default MBR code
21:05:05.937 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
21:05:06.140 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 57145 MB offset 160650
21:05:06.171 Disk 0 scanning sectors +117194175
21:05:06.312 Disk 0 scanning C:\WINDOWS\system32\drivers
21:05:47.093 Service scanning
21:05:49.328 Modules scanning
21:05:59.140 Disk 0 trace - called modules:
21:05:59.156 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
21:05:59.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82b23ab8]
21:05:59.687 3 CLASSPNP.SYS[f84f2fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82be67f8]
21:06:00.546 AVAST engine scan C:\WINDOWS
21:06:37.140 AVAST engine scan C:\WINDOWS\system32
21:08:44.046 File: C:\WINDOWS\system32\msimtfk.dll **INFECTED** Win32:Diller-BU [Trj]
21:12:33.125 AVAST engine scan C:\WINDOWS\system32\drivers
21:13:04.421 AVAST engine scan C:\Documents and Settings\Teacher
21:21:24.984 AVAST engine scan C:\Documents and Settings\All Users
21:29:03.984 Scan finished successfully
22:02:13.687 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Teacher\Desktop\MBR.dat"
22:02:13.796 The log file has been saved successfully to "C:\Documents and Settings\Teacher\Desktop\aswMBR.txt"

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:49 AM

Posted 16 February 2012 - 09:05 PM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

File::
C:\WINDOWS\system32\msimtfk.dll 
c:\windows\Tasks\kdfk.job


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users