Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zeroaccess and Tidserv


  • This topic is locked This topic is locked
26 replies to this topic

#1 BlScoDe

BlScoDe

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 22 February 2012 - 09:21 PM

Hi All,

I am getting N I S warning pop-ups "zeroaccess activity 4" and "tidserv activity2".
I tried all the fixes listed on their website with no joy.

I am running windows xp spc3 32bit.

Any help welcome

Logs:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by R W at 18:59:17 on 2012-02-22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2814.1717 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TiVo\Desktop\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Documents and Settings\R W\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Documents and Settings\R W\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Internet Explorer\iexplore.exe
svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.verizon.net/central/vzc.portal
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
uURLSearchHooks: FCToolbarURLSearchHook Class: {96b985b7-3cf9-456a-9db6-791710e60f5f} - c:\program files\mypoints point finder\Helper.dll
uURLSearchHooks: H - No File
uURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCou0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.5.0.145\coIEPlg.dll
BHO: MyPoints Point Finder BHO: {614bda1f-9bef-4cd1-bde4-fa4804929b4a} - c:\program files\mypoints point finder\Toolbar.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.5.0.145\ips\IPSBHO.DLL
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: MyPoints Point Finder: {89a2510a-b4b6-4683-bec9-1b96700bc7f1} - c:\program files\mypoints point finder\Toolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.5.0.145\coIEPlg.dll
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [TivoServer] c:\program files\tivo\desktop\TiVoServer.exe /service /registry /auto:TivoServer
uRun: [TivoTransfer] c:\program files\tivo\desktop\TiVoTransfer.exe
uRun: [TivoNotify] c:\program files\tivo\desktop\TiVoNotify.exe /service /registry /auto:TivoNotify
uRun: [TranscodingService] c:\program files\tivo\desktop\plus\\TranscodingService.exe
uRun: [Akamai NetSession Interface] "c:\documents and settings\r w\local settings\application data\akamai\netsession_win.exe"
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [VMware hqtray] "c:\program files\vmware\vmware player\hqtray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AmazonGSDownloaderTray] c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderTray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [Zboard] c:\program files\ideazon\zengine\Zboard.exe
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvLsp.dll
LSP: mswsock.dll
Trusted Zone: amazon.com\www
Trusted Zone: intuit.com\ttlc
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxps://s3.amazonaws.com/content.systemrequirementslab.com/global/bin/srldetect_cyri_4.1.72.0_x.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243342093468
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} - hxxp://www.iolo.com/app/ocx/UpgradeVerify.cab
TCP: Interfaces\{799FFFC0-F404-418A-96B9-B1CEFB94D169} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1305000.091\symds.sys [2012-2-21 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1305000.091\symefa.sys [2012-2-21 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.1.3\definitions\bashdefs\20120215.001\BHDrvx86.sys [2012-2-15 820344]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1305000.091\ccsetx86.sys [2012-2-21 132744]
R1 ccSet_NST;Norton Safe Web Lite Settings Manager;c:\windows\system32\drivers\nst\0200000.010\ccSetx86.sys [2012-2-2 132744]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1305000.091\ironx86.sys [2012-2-21 149624]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2003-3-31 14336]
R2 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2011-12-7 401920]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2010-10-13 290832]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-5-23 722616]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2010-3-11 10384]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.5.0.145\ccsvchst.exe [2012-2-21 138248]
R2 NSL;Norton Safe Web Lite;c:\program files\norton safe web lite\engine\2.0.0.16\ccSvcHst.exe [2012-2-2 138760]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-1-19 2345792]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-22 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.1.3\definitions\ipsdefs\20120218.003\IDSXpx86.sys [2012-2-21 356280]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.1.3\definitions\virusdefs\20120222.001\NAVENG.SYS [2012-2-22 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.1.3\definitions\virusdefs\20120222.001\NAVEX15.SYS [2012-2-22 1576312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-13 136176]
S3 Alpham;Ideazon Merc Composite Keyboard Driver;c:\windows\system32\drivers\Alpham.sys [2005-12-4 34944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-5-27 1691480]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-13 136176]
S3 JabraDFU;Jabra Bluecore headset DFU driver;c:\windows\system32\drivers\jabramobilecsrdfux86.sys --> c:\windows\system32\drivers\JabraMobileCsrDfuX86.sys [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2003-3-31 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 TivoBeacon2;TiVo Beacon Service;c:\program files\tivo\desktop\TiVoBeacon.exe [2010-8-24 1104656]
.
=============== Created Last 30 ================
.
2012-02-22 19:01:11 -------- d-----w- C:\NPE
2012-02-22 17:43:20 -------- d-----w- C:\NBRT
2012-02-22 01:55:55 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2012-02-22 01:55:55 -------- d-----w- c:\documents and settings\r w\application data\FixTDSS
2012-02-21 23:15:53 44024 ----a-r- c:\windows\system32\drivers\SymIM.sys
2012-02-21 21:51:09 905336 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symefa.sys
2012-02-21 21:51:09 574584 ----a-w- c:\windows\system32\drivers\nis\1305000.091\srtsp.sys
2012-02-21 21:51:09 388216 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symtdi.sys
2012-02-21 21:51:09 345208 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symtdiv.sys
2012-02-21 21:51:09 340088 ----a-r- c:\windows\system32\drivers\nis\1305000.091\symds.sys
2012-02-21 21:51:09 32888 ----a-w- c:\windows\system32\drivers\nis\1305000.091\srtspx.sys
2012-02-21 21:51:09 318584 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symnets.sys
2012-02-21 21:51:09 149624 ----a-w- c:\windows\system32\drivers\nis\1305000.091\ironx86.sys
2012-02-21 21:51:09 132744 ----a-w- c:\windows\system32\drivers\nis\1305000.091\ccsetx86.sys
2012-02-21 21:04:00 4782 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symvtcer.dat
2012-02-21 21:04:00 -------- d-----w- c:\windows\system32\drivers\nis\1305000.091
2012-02-21 19:06:03 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-02-21 19:06:03 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-02-21 19:06:02 -------- d-----w- c:\program files\Symantec
2012-02-21 19:06:02 -------- d-----w- c:\program files\common files\Symantec Shared
2012-02-21 19:05:39 -------- d-----w- c:\windows\system32\drivers\NIS
2012-02-21 19:05:38 -------- d-----w- c:\program files\Norton Internet Security
2012-02-19 14:23:23 -------- d-----w- c:\documents and settings\r w\local settings\application data\NPE
2012-02-17 12:18:04 1932256 ----a-w- C:\FixTDSS.exe
2012-02-17 12:18:04 1766312 ----a-w- C:\FixZeroAccess.exe
2012-02-16 23:32:19 -------- d-----w- c:\documents and settings\r w\application data\DDMSettings
2012-02-16 11:01:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 11:01:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-15 16:06:32 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-15 15:36:39 -------- d-----w- c:\documents and settings\r w\local settings\application data\SKIDROW
2012-02-15 15:36:39 -------- d-----w- c:\documents and settings\r w\local settings\application data\BigHugeEngine
2012-02-03 11:55:10 -------- d-----w- c:\program files\Diablo III Beta
2012-02-03 11:52:05 -------- d-----w- c:\documents and settings\all users\application data\Battle.net
2012-02-03 01:36:34 132744 ----a-r- c:\windows\system32\drivers\nst\0200000.010\ccSetx86.sys
2012-02-03 01:36:32 -------- d-----w- c:\windows\system32\drivers\nst\0200000.010
2012-02-03 01:36:32 -------- d-----w- c:\windows\system32\drivers\NST
2012-02-03 01:36:32 -------- d-----w- c:\program files\Norton Safe Web Lite
2012-02-03 01:32:51 -------- d-----w- c:\documents and settings\all users\application data\Amazon
.
==================== Find3M ====================
.
2012-02-18 14:57:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-07 21:36:23 292176 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-02-07 21:36:23 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-02-07 21:36:21 292176 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-01-26 14:43:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-01-26 14:43:00 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-01-26 14:43:00 5918720 ----a-w- c:\windows\system32\nvcuda.dll
2012-01-26 14:43:00 4309888 ----a-w- c:\windows\system32\nv4_disp.dll
2012-01-26 14:43:00 2522944 ----a-w- c:\windows\system32\nvcuvid.dll
2012-01-26 14:43:00 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-01-26 14:43:00 2292224 ----a-w- c:\windows\system32\nvapi.dll
2012-01-26 14:43:00 18620416 ----a-w- c:\windows\system32\nvoglnt.dll
2012-01-26 14:43:00 17534976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-01-26 14:43:00 13411584 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-01-26 14:43:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-01-26 11:02:52 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-01-26 11:02:19 15494464 ----a-w- c:\windows\system32\nvcpl.dll
2012-01-26 11:02:19 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-01-26 11:02:11 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-01-26 11:02:10 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-06 16:51:24 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
2012-01-06 16:51:16 11776 ----a-w- c:\windows\system32\smrgdf.exe
2012-01-06 16:29:06 2083464 ----a-w- c:\windows\system32\Incinerator32.dll
2012-01-04 00:48:42 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
.
============= FINISH: 18:59:59.62 ===============


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-22 20:20:36
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0 WDC_WD10 rev.01.0
Running: y617yinr.exe; Driver: C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\uftdrpog.sys


---- System - GMER 1.0.15 ----

SSDT 89D2A6C0 ZwAlertResumeThread
SSDT 89D2A7A0 ZwAlertThread
SSDT 89D141E8 ZwAllocateVirtualMemory
SSDT 89732E10 ZwAssignProcessToJobObject
SSDT 89F01B10 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB4239D40]
SSDT 89D2A3C8 ZwCreateMutant
SSDT 89732C30 ZwCreateSymbolicLinkObject
SSDT 89D14690 ZwCreateThread
SSDT 89732EF0 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB4239FC0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB423A680]
SSDT 89D143B8 ZwDuplicateObject
SSDT 89D2AED0 ZwFreeVirtualMemory
SSDT 89D2A4B8 ZwImpersonateAnonymousToken
SSDT 89D2A598 ZwImpersonateThread
SSDT 8B21DB90 ZwLoadDriver
SSDT 89D2ADD0 ZwMapViewOfSection
SSDT 89D2A2E8 ZwOpenEvent
SSDT 89D14578 ZwOpenProcess
SSDT 89D142D8 ZwOpenProcessToken
SSDT 89D2A128 ZwOpenSection
SSDT 89D144A8 ZwOpenThread
SSDT 89732D20 ZwProtectVirtualMemory
SSDT 89D2A880 ZwResumeThread
SSDT 89D2AB20 ZwSetContextThread
SSDT 89D2AC00 ZwSetInformationProcess
SSDT 89732FD0 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB423A910]
SSDT 89D2A208 ZwSuspendProcess
SSDT 89D2A960 ZwSuspendThread
SSDT 8A14F908 ZwTerminateProcess
SSDT 89D2AA40 ZwTerminateThread
SSDT 89D2ACF0 ZwUnmapViewOfSection
SSDT 89D2AFC0 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C28 805044C4 4 Bytes [E8, 41, D1, 89]
.text ntkrnlpa.exe!ZwCallbackReturn + 2DAC 80504648 4 Bytes CALL FEDA18EF
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6F323C0, 0x95AAEA, 0xE8000020]
? C:\WINDOWS\System32\DRIVERS\i8042prt.sys suspicious PE modification
? C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[428] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FE000A
.text C:\WINDOWS\System32\svchost.exe[428] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00FF000A
.text C:\WINDOWS\System32\svchost.exe[428] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00FD000C
? C:\WINDOWS\System32\svchost.exe[428] C:\WINDOWS\System32\smss.exe image checksum mismatch; time/date stamp mismatch;
.text C:\Program Files\Internet Explorer\iexplore.exe[924] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[924] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[924] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[924] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[924] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[924] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[924] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[924] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[924] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Ideazon\ZEngine\Zboard.exe[1248] ntdll.dll!DbgUiRemoteBreakin 7C9520EC 1 Byte [C3]
.text C:\Program Files\Ideazon\ZEngine\Zboard.exe[1248] KERNEL32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0AFD5230 C:\Program Files\Ideazon\ZEngine\ZESystem.dll (rscoree/Remotesoft, Inc.)
.text C:\Program Files\Ideazon\ZEngine\Zboard.exe[1248] USER32.dll!GetSysColor 7E418E78 5 Bytes JMP 6305DA75 C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\Ideazon\ZEngine\Zboard.exe[1248] USER32.dll!GetSysColorBrush 7E418EAB 5 Bytes JMP 6305CBDD C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\Ideazon\ZEngine\Zboard.exe[1248] USER32.dll!DefWindowProcW 7E428D20 5 Bytes JMP 630019DB C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\Ideazon\ZEngine\Zboard.exe[1248] USER32.dll!DefWindowProcA 7E42C17E 5 Bytes JMP 630019AC C:\WINDOWS\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1976] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0249000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1976] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 026C000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1976] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0248000C
.text C:\Program Files\Internet Explorer\iexplore.exe[1976] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1976] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1976] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1976] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1976] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1976] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1976] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1976] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1976] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1976] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1976] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1976] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1976] ole32.dll!CreateBindCtx + B5F 774FF15F 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[1976] ole32.dll!CreateBindCtx + B5F 774FF15F 7 Bytes JMP 068B00F4
.text C:\Program Files\Internet Explorer\iexplore.exe[1976] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1976] ole32.dll!CoImpersonateClient + 51 77515200 7 Bytes JMP 068B003A
.text C:\Program Files\Internet Explorer\iexplore.exe[1976] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4364] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 079C000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4364] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 079D000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4364] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0789000C
.text C:\Program Files\Internet Explorer\iexplore.exe[4364] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4364] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4364] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4364] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4364] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4364] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4364] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4364] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4364] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4364] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4364] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4364] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4364] ole32.dll!CreateBindCtx + B5F 774FF15F 7 Bytes JMP 030A00F2
.text C:\Program Files\Internet Explorer\iexplore.exe[4364] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4364] ole32.dll!CoImpersonateClient + 51 77515200 7 Bytes JMP 030A003A
.text C:\Program Files\Internet Explorer\iexplore.exe[4364] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\System32\ping.exe[4620] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BE000A
.text C:\WINDOWS\System32\ping.exe[4620] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00BF000A
.text C:\WINDOWS\System32\ping.exe[4620] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006F000A
.text C:\WINDOWS\System32\ping.exe[4620] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00AA000A
.text C:\WINDOWS\System32\ping.exe[4620] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 006E000C
.text C:\WINDOWS\System32\ping.exe[4620] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00C2000A
.text C:\WINDOWS\System32\ping.exe[4620] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 00C3000A
.text C:\WINDOWS\System32\ping.exe[4620] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 00C4000A
.text C:\WINDOWS\System32\ping.exe[4620] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 00C1000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbohci \Device\USBFDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbehci \Device\USBFDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\0000008a hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\0000008c hcmon.sys (VMware USB monitor/VMware, Inc.)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) B82D8000-B82E8000 (65536 bytes)

---- Processes - GMER 1.0.15 ----

Process C:\WINDOWS\System32\ping.exe (*** hidden *** ) 4620

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF2 0x41 0x0C 0x0C ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x25 0x2F 0xCE 0x2B ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x0F 0xA1 0x57 0x1A ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x5C 0x44 0x73 0xCC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF2 0x41 0x0C 0x0C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x25 0x2F 0xCE 0x2B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x0F 0xA1 0x57 0x1A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x5C 0x44 0x73 0xCC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF2 0x41 0x0C 0x0C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x25 0x2F 0xCE 0x2B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x0F 0xA1 0x57 0x1A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x5C 0x44 0x73 0xCC ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF2 0x41 0x0C 0x0C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x25 0x2F 0xCE 0x2B ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x0F 0xA1 0x57 0x1A ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x5C 0x44 0x73 0xCC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x1C 0xF7 0x91 0x18 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xD9 0x28 0xF1 0x22 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB5 0x7E 0xE6 0xF6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x5C 0x44 0x73 0xCC ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x1C 0xF7 0x91 0x18 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xD9 0x28 0xF1 0x22 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB5 0x7E 0xE6 0xF6 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x5C 0x44 0x73 0xCC ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\NetworkService\Cookies\1HNF9MA2.txt 560 bytes
File C:\Documents and Settings\NetworkService\Cookies\60C4440A.txt 92 bytes
File C:\Documents and Settings\NetworkService\Cookies\JR166RM5.txt 141 bytes
File C:\Documents and Settings\NetworkService\Cookies\2JXO1JC7.txt 1452 bytes
File C:\Documents and Settings\NetworkService\Cookies\QKCD043J.txt 367 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BM70YUHD\boost-gzip-cookie-test[1].html 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BM70YUHD\default[1].aspx 0 bytes
File C:\WINDOWS\Temp\fla4B5.tmp 0 bytes
File C:\WINDOWS\$NtUninstallKB30639$\1504668395 0 bytes
File C:\WINDOWS\$NtUninstallKB30639$\909984146 0 bytes
File C:\WINDOWS\$NtUninstallKB30639$\909984146\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB30639$\909984146\cfg.ini 179 bytes
File C:\WINDOWS\$NtUninstallKB30639$\909984146\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB30639$\909984146\L 0 bytes
File C:\WINDOWS\$NtUninstallKB30639$\909984146\L\evxjwjem 52480 bytes
File C:\WINDOWS\$NtUninstallKB30639$\909984146\oemid 59 bytes
File C:\WINDOWS\$NtUninstallKB30639$\909984146\U 0 bytes
File C:\WINDOWS\$NtUninstallKB30639$\909984146\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB30639$\909984146\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB30639$\909984146\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB30639$\909984146\U\80000000.@ 66560 bytes
File C:\WINDOWS\$NtUninstallKB30639$\909984146\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB30639$\909984146\U\80000032.@ 73216 bytes
File C:\WINDOWS\$NtUninstallKB30639$\909984146\version 844 bytes

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:31 AM

Posted 23 February 2012 - 03:43 AM

Hi BlScoDe!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:


Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Copy and Paste the following code into the Posted Image textbox.
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    tdx.sys
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
Agent ST.

Edited by SweetTech, 23 February 2012 - 03:44 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 BlScoDe

BlScoDe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 23 February 2012 - 09:38 AM

Hello Agent ST,

Thanks for your quick reply and help.

1) I ran through your list of steps, everything went well.

2)TDSSKILLER LOG

08:28:21.0000 5500 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
08:28:21.0359 5500 ============================================================
08:28:21.0359 5500 Current date / time: 2012/02/23 08:28:21.0359
08:28:21.0359 5500 SystemInfo:
08:28:21.0359 5500
08:28:21.0359 5500 OS Version: 5.1.2600 ServicePack: 3.0
08:28:21.0359 5500 Product type: Workstation
08:28:21.0359 5500 ComputerName:
08:28:21.0359 5500 UserName:
08:28:21.0359 5500 Windows directory: C:\WINDOWS
08:28:21.0359 5500 System windows directory: C:\WINDOWS
08:28:21.0359 5500 Processor architecture: Intel x86
08:28:21.0359 5500 Number of processors: 4
08:28:21.0359 5500 Page size: 0x1000
08:28:21.0359 5500 Boot type: Normal boot
08:28:21.0359 5500 ============================================================
08:28:25.0890 5500 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
08:28:25.0906 5500 \Device\Harddisk0\DR0:
08:28:25.0906 5500 MBR used
08:28:25.0906 5500 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D
08:28:25.0921 5500 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC34F30B, BlocksNum 0xF422F40
08:28:25.0921 5500 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B77228A, BlocksNum 0x1ADAFBCF
08:28:25.0937 5500 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x36521E98, BlocksNum 0x1ADAFBCF
08:28:25.0953 5500 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x512D1AA6, BlocksNum 0x2343005A
08:28:26.0156 5500 Initialize success
08:28:26.0156 5500 ============================================================
08:30:43.0281 4464 ============================================================
08:30:43.0281 4464 Scan started
08:30:43.0281 4464 Mode: Manual; SigCheck; TDLFS;
08:30:43.0281 4464 ============================================================
08:30:43.0843 4464 Abiosdsk - ok
08:30:43.0843 4464 abp480n5 - ok
08:30:43.0875 4464 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:30:44.0937 4464 ACPI - ok
08:30:44.0984 4464 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:30:45.0078 4464 ACPIEC ( UnsignedFile.Multi.Generic ) - warning
08:30:45.0078 4464 ACPIEC - detected UnsignedFile.Multi.Generic (1)
08:30:45.0078 4464 adpu160m - ok
08:30:45.0109 4464 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:30:45.0234 4464 aec - ok
08:30:45.0250 4464 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:30:45.0296 4464 AFD - ok
08:30:45.0296 4464 Aha154x - ok
08:30:45.0296 4464 aic78u2 - ok
08:30:45.0312 4464 aic78xx - ok
08:30:45.0312 4464 AliIde - ok
08:30:45.0343 4464 Alpham (7a4aedb2d0c25ab8b95683c2944891c6) C:\WINDOWS\system32\DRIVERS\Alpham.sys
08:30:45.0359 4464 Alpham ( UnsignedFile.Multi.Generic ) - warning
08:30:45.0359 4464 Alpham - detected UnsignedFile.Multi.Generic (1)
08:30:45.0406 4464 Alpham1 (acd2f2df292b6cc28f58095bba63a068) C:\WINDOWS\system32\DRIVERS\Alpham1.sys
08:30:45.0453 4464 Alpham1 - ok
08:30:45.0468 4464 Alpham2 (f4fafb2e74b83a156408b1b02302799e) C:\WINDOWS\system32\DRIVERS\Alpham2.sys
08:30:45.0500 4464 Alpham2 - ok
08:30:45.0562 4464 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
08:30:45.0625 4464 Ambfilt - ok
08:30:45.0656 4464 amsint - ok
08:30:45.0671 4464 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
08:30:45.0781 4464 Arp1394 - ok
08:30:45.0796 4464 asc - ok
08:30:45.0796 4464 asc3350p - ok
08:30:45.0796 4464 asc3550 - ok
08:30:45.0828 4464 Aspi32 (20d04091eba710f6988f710507d85868) C:\WINDOWS\system32\drivers\Aspi32.sys
08:30:45.0843 4464 Aspi32 ( UnsignedFile.Multi.Generic ) - warning
08:30:45.0843 4464 Aspi32 - detected UnsignedFile.Multi.Generic (1)
08:30:45.0859 4464 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:30:45.0968 4464 AsyncMac - ok
08:30:46.0000 4464 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:30:46.0109 4464 atapi - ok
08:30:46.0109 4464 Atdisk - ok
08:30:46.0125 4464 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:30:46.0250 4464 Atmarpc - ok
08:30:46.0265 4464 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:30:46.0328 4464 audstub ( UnsignedFile.Multi.Generic ) - warning
08:30:46.0328 4464 audstub - detected UnsignedFile.Multi.Generic (1)
08:30:46.0343 4464 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:30:46.0406 4464 Beep ( UnsignedFile.Multi.Generic ) - warning
08:30:46.0406 4464 Beep - detected UnsignedFile.Multi.Generic (1)
08:30:46.0640 4464 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120215.001\BHDrvx86.sys
08:30:46.0656 4464 BHDrvx86 - ok
08:30:46.0687 4464 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:30:46.0765 4464 cbidf2k ( UnsignedFile.Multi.Generic ) - warning
08:30:46.0765 4464 cbidf2k - detected UnsignedFile.Multi.Generic (1)
08:30:46.0828 4464 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\NIS\1305000.091\ccSetx86.sys
08:30:46.0828 4464 ccSet_NIS - ok
08:30:46.0859 4464 ccSet_NST (2b2f9b4a08190334a9c36446b208bae9) C:\WINDOWS\system32\drivers\NST\0200000.010\ccSetx86.sys
08:30:46.0890 4464 ccSet_NST - ok
08:30:46.0890 4464 cd20xrnt - ok
08:30:46.0906 4464 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:30:46.0984 4464 Cdaudio ( UnsignedFile.Multi.Generic ) - warning
08:30:46.0984 4464 Cdaudio - detected UnsignedFile.Multi.Generic (1)
08:30:47.0000 4464 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:30:47.0125 4464 Cdfs - ok
08:30:47.0140 4464 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:30:47.0250 4464 Cdrom - ok
08:30:47.0250 4464 Changer - ok
08:30:47.0265 4464 CmdIde - ok
08:30:47.0265 4464 Cpqarray - ok
08:30:47.0296 4464 dac2w2k - ok
08:30:47.0296 4464 dac960nt - ok
08:30:47.0328 4464 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:30:47.0437 4464 Disk - ok
08:30:47.0453 4464 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:30:47.0593 4464 dmboot - ok
08:30:47.0609 4464 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:30:47.0718 4464 dmio - ok
08:30:47.0734 4464 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:30:47.0796 4464 dmload ( UnsignedFile.Multi.Generic ) - warning
08:30:47.0796 4464 dmload - detected UnsignedFile.Multi.Generic (1)
08:30:47.0812 4464 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:30:47.0921 4464 DMusic - ok
08:30:47.0937 4464 dpti2o - ok
08:30:47.0953 4464 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:30:48.0078 4464 drmkaud - ok
08:30:48.0125 4464 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
08:30:48.0140 4464 eeCtrl - ok
08:30:48.0171 4464 Eplpdx02 (f9472131367d39435d750f5fa3d23582) C:\WINDOWS\system32\Drivers\EPLPDX02.SYS
08:30:48.0171 4464 Eplpdx02 ( UnsignedFile.Multi.Generic ) - warning
08:30:48.0171 4464 Eplpdx02 - detected UnsignedFile.Multi.Generic (1)
08:30:48.0203 4464 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
08:30:48.0218 4464 EraserUtilRebootDrv - ok
08:30:48.0250 4464 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:30:48.0343 4464 Fastfat - ok
08:30:48.0359 4464 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
08:30:48.0468 4464 Fdc - ok
08:30:48.0515 4464 FileDisk (0694585d54bf46379ce41aee2b6864aa) C:\WINDOWS\system32\drivers\FileDisk.sys
08:30:48.0515 4464 FileDisk ( UnsignedFile.Multi.Generic ) - warning
08:30:48.0515 4464 FileDisk - detected UnsignedFile.Multi.Generic (1)
08:30:48.0531 4464 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:30:48.0640 4464 Fips - ok
08:30:48.0656 4464 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:30:48.0765 4464 Flpydisk - ok
08:30:48.0781 4464 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
08:30:48.0906 4464 FltMgr - ok
08:30:48.0921 4464 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:30:48.0984 4464 Fs_Rec ( UnsignedFile.Multi.Generic ) - warning
08:30:48.0984 4464 Fs_Rec - detected UnsignedFile.Multi.Generic (1)
08:30:49.0000 4464 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:30:49.0062 4464 Ftdisk ( UnsignedFile.Multi.Generic ) - warning
08:30:49.0062 4464 Ftdisk - detected UnsignedFile.Multi.Generic (1)
08:30:49.0078 4464 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
08:30:49.0093 4464 GEARAspiWDM - ok
08:30:49.0109 4464 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:30:49.0218 4464 Gpc - ok
08:30:49.0234 4464 hcmon (0b81c71589033cf6ab5020f257029378) C:\WINDOWS\system32\Drivers\hcmon.sys
08:30:49.0250 4464 hcmon - ok
08:30:49.0265 4464 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:30:49.0375 4464 HDAudBus - ok
08:30:49.0406 4464 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:30:49.0500 4464 hidusb - ok
08:30:49.0515 4464 hpn - ok
08:30:49.0531 4464 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:30:49.0562 4464 HTTP - ok
08:30:49.0562 4464 i2omgmt - ok
08:30:49.0578 4464 i2omp - ok
08:30:49.0593 4464 i8042prt (49574e6539c2f460f54328391abbd243) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:30:49.0593 4464 i8042prt ( Virus.Win32.ZAccess.c ) - infected
08:30:49.0593 4464 i8042prt - detected Virus.Win32.ZAccess.c (0)
08:30:49.0750 4464 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120222.002\IDSxpx86.sys
08:30:49.0765 4464 IDSxpx86 - ok
08:30:49.0781 4464 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:30:49.0890 4464 Imapi - ok
08:30:49.0937 4464 InCDfs (ccb643c38661011f64faa04c0df499dc) C:\WINDOWS\system32\drivers\InCDfs.sys
08:30:49.0953 4464 InCDfs ( UnsignedFile.Multi.Generic ) - warning
08:30:49.0953 4464 InCDfs - detected UnsignedFile.Multi.Generic (1)
08:30:49.0968 4464 InCDPass (e09681d8ceb387fd343afb432e5a7c6d) C:\WINDOWS\system32\DRIVERS\InCDPass.sys
08:30:50.0015 4464 InCDPass ( UnsignedFile.Multi.Generic ) - warning
08:30:50.0015 4464 InCDPass - detected UnsignedFile.Multi.Generic (1)
08:30:50.0046 4464 InCDrec (1c70fca13187877d91ee66c90d170d07) C:\WINDOWS\system32\drivers\InCDrec.sys
08:30:50.0046 4464 InCDrec ( UnsignedFile.Multi.Generic ) - warning
08:30:50.0046 4464 InCDrec - detected UnsignedFile.Multi.Generic (1)
08:30:50.0078 4464 incdrm (3d02fc921c4e814802c141fdb89a2aad) C:\WINDOWS\system32\drivers\incdrm.sys
08:30:50.0078 4464 incdrm ( UnsignedFile.Multi.Generic ) - warning
08:30:50.0078 4464 incdrm - detected UnsignedFile.Multi.Generic (1)
08:30:50.0093 4464 ini910u - ok
08:30:50.0218 4464 IntcAzAudAddService (85ab23f3e4ba6696fae8beb9d434edd6) C:\WINDOWS\system32\drivers\RtkHDAud.sys
08:30:50.0453 4464 IntcAzAudAddService - ok
08:30:50.0453 4464 IntelIde - ok
08:30:50.0484 4464 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:30:50.0578 4464 intelppm - ok
08:30:50.0593 4464 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
08:30:50.0718 4464 ip6fw - ok
08:30:50.0718 4464 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:30:50.0781 4464 IpFilterDriver ( UnsignedFile.Multi.Generic ) - warning
08:30:50.0781 4464 IpFilterDriver - detected UnsignedFile.Multi.Generic (1)
08:30:50.0796 4464 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:30:50.0890 4464 IpInIp - ok
08:30:50.0921 4464 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:30:51.0015 4464 IpNat - ok
08:30:51.0046 4464 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:30:51.0156 4464 IPSec - ok
08:30:51.0171 4464 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:30:51.0203 4464 IRENUM - ok
08:30:51.0218 4464 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:30:51.0312 4464 isapnp - ok
08:30:51.0312 4464 JabraDFU - ok
08:30:51.0343 4464 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:30:51.0437 4464 Kbdclass - ok
08:30:51.0453 4464 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:30:51.0562 4464 kbdhid - ok
08:30:51.0578 4464 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:30:51.0687 4464 kmixer - ok
08:30:51.0718 4464 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:30:51.0765 4464 KSecDD - ok
08:30:51.0781 4464 L8042pr2 (42dec1fbcfa291720460705a8881a1c4) C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys
08:30:51.0828 4464 L8042pr2 - ok
08:30:51.0843 4464 LBeepKE (9ffd1cf2a782f2560e78eec4b8b8689e) C:\WINDOWS\system32\Drivers\LBeepKE.sys
08:30:51.0859 4464 LBeepKE - ok
08:30:51.0859 4464 lbrtfdc - ok
08:30:51.0890 4464 LHidFilt (f5e165b4e3df145f6e8bf3c0573f94d8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
08:30:51.0906 4464 LHidFilt - ok
08:30:51.0921 4464 LMouFilt (b46e39b8ae439d7ce75a923e7f950040) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
08:30:51.0921 4464 LMouFilt - ok
08:30:51.0953 4464 LMouFlt2 (26407519fca64ec4091fe1f815b4afc4) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
08:30:51.0968 4464 LMouFlt2 - ok
08:30:52.0000 4464 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:30:52.0078 4464 mnmdd ( UnsignedFile.Multi.Generic ) - warning
08:30:52.0078 4464 mnmdd - detected UnsignedFile.Multi.Generic (1)
08:30:52.0109 4464 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:30:52.0218 4464 Modem - ok
08:30:52.0265 4464 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
08:30:52.0312 4464 Monfilt - ok
08:30:52.0328 4464 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:30:52.0437 4464 Mouclass - ok
08:30:52.0453 4464 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:30:52.0531 4464 mouhid ( UnsignedFile.Multi.Generic ) - warning
08:30:52.0531 4464 mouhid - detected UnsignedFile.Multi.Generic (1)
08:30:52.0546 4464 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:30:52.0656 4464 MountMgr - ok
08:30:52.0671 4464 mraid35x - ok
08:30:52.0703 4464 MREMP50 - ok
08:30:52.0703 4464 MREMPR5 - ok
08:30:52.0703 4464 MRENDIS5 - ok
08:30:52.0703 4464 MRESP50 - ok
08:30:52.0718 4464 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:30:52.0828 4464 MRxDAV - ok
08:30:52.0859 4464 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:30:52.0906 4464 MRxSmb - ok
08:30:52.0921 4464 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:30:53.0062 4464 Msfs - ok
08:30:53.0093 4464 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:30:53.0203 4464 MSKSSRV - ok
08:30:53.0218 4464 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:30:53.0312 4464 MSPCLOCK - ok
08:30:53.0328 4464 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:30:53.0437 4464 MSPQM - ok
08:30:53.0453 4464 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:30:53.0546 4464 mssmbios - ok
08:30:53.0562 4464 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:30:53.0593 4464 Mup - ok
08:30:53.0750 4464 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120222.032\NAVENG.SYS
08:30:53.0750 4464 NAVENG - ok
08:30:53.0796 4464 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120222.032\NAVEX15.SYS
08:30:53.0828 4464 NAVEX15 - ok
08:30:53.0859 4464 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:30:53.0984 4464 NDIS - ok
08:30:54.0015 4464 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:30:54.0046 4464 NdisTapi - ok
08:30:54.0078 4464 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:30:54.0187 4464 Ndisuio - ok
08:30:54.0203 4464 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:30:54.0296 4464 NdisWan - ok
08:30:54.0328 4464 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:30:54.0359 4464 NDProxy - ok
08:30:54.0375 4464 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:30:54.0500 4464 NetBIOS - ok
08:30:54.0515 4464 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:30:54.0625 4464 NetBT - ok
08:30:54.0640 4464 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
08:30:54.0734 4464 NIC1394 - ok
08:30:54.0750 4464 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:30:54.0859 4464 Npfs - ok
08:30:54.0875 4464 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:30:55.0000 4464 Ntfs - ok
08:30:55.0015 4464 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:30:55.0078 4464 Null ( UnsignedFile.Multi.Generic ) - warning
08:30:55.0078 4464 Null - detected UnsignedFile.Multi.Generic (1)
08:30:55.0531 4464 nv (decf37169e5bfe91561888446351ffcb) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:30:55.0906 4464 nv ( UnsignedFile.Multi.Generic ) - warning
08:30:55.0906 4464 nv - detected UnsignedFile.Multi.Generic (1)
08:30:55.0984 4464 NVENETFD (85f2ffe9aa05487c7e48503b0c336d70) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
08:30:56.0015 4464 NVENETFD - ok
08:30:56.0046 4464 nvgts (619d8943725402d1179941fd58574cc8) C:\WINDOWS\system32\DRIVERS\nvgts.sys
08:30:56.0046 4464 nvgts - ok
08:30:56.0078 4464 nvnetbus (683ed64f70cb63c8ea84657e45a66974) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
08:30:56.0109 4464 nvnetbus - ok
08:30:56.0125 4464 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:30:56.0187 4464 NwlnkFlt ( UnsignedFile.Multi.Generic ) - warning
08:30:56.0187 4464 NwlnkFlt - detected UnsignedFile.Multi.Generic (1)
08:30:56.0187 4464 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:30:56.0250 4464 NwlnkFwd ( UnsignedFile.Multi.Generic ) - warning
08:30:56.0250 4464 NwlnkFwd - detected UnsignedFile.Multi.Generic (1)
08:30:56.0281 4464 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
08:30:56.0375 4464 ohci1394 - ok
08:30:56.0390 4464 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
08:30:56.0500 4464 Parport - ok
08:30:56.0515 4464 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:30:56.0625 4464 PartMgr - ok
08:30:56.0640 4464 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:30:56.0718 4464 ParVdm ( UnsignedFile.Multi.Generic ) - warning
08:30:56.0718 4464 ParVdm - detected UnsignedFile.Multi.Generic (1)
08:30:56.0734 4464 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:30:56.0843 4464 PCI - ok
08:30:56.0859 4464 PCIDump - ok
08:30:56.0890 4464 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:30:56.0953 4464 PCIIde ( UnsignedFile.Multi.Generic ) - warning
08:30:56.0953 4464 PCIIde - detected UnsignedFile.Multi.Generic (1)
08:30:56.0968 4464 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:30:57.0078 4464 Pcmcia - ok
08:30:57.0078 4464 PDCOMP - ok
08:30:57.0078 4464 PDFRAME - ok
08:30:57.0093 4464 PDRELI - ok
08:30:57.0093 4464 PDRFRAME - ok
08:30:57.0093 4464 perc2 - ok
08:30:57.0109 4464 perc2hib - ok
08:30:57.0125 4464 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:30:57.0234 4464 PptpMiniport - ok
08:30:57.0234 4464 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
08:30:57.0343 4464 Processor - ok
08:30:57.0359 4464 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:30:57.0468 4464 PSched - ok
08:30:57.0468 4464 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:30:57.0531 4464 Ptilink ( UnsignedFile.Multi.Generic ) - warning
08:30:57.0531 4464 Ptilink - detected UnsignedFile.Multi.Generic (1)
08:30:57.0562 4464 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:30:57.0578 4464 PxHelp20 - ok
08:30:57.0578 4464 ql1080 - ok
08:30:57.0578 4464 Ql10wnt - ok
08:30:57.0593 4464 ql12160 - ok
08:30:57.0593 4464 ql1240 - ok
08:30:57.0609 4464 ql1280 - ok
08:30:57.0609 4464 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:30:57.0671 4464 RasAcd ( UnsignedFile.Multi.Generic ) - warning
08:30:57.0671 4464 RasAcd - detected UnsignedFile.Multi.Generic (1)
08:30:57.0687 4464 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:30:57.0796 4464 Rasl2tp - ok
08:30:57.0812 4464 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:30:57.0921 4464 RasPppoe - ok
08:30:57.0937 4464 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:30:58.0000 4464 Raspti ( UnsignedFile.Multi.Generic ) - warning
08:30:58.0000 4464 Raspti - detected UnsignedFile.Multi.Generic (1)
08:30:58.0015 4464 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:30:58.0125 4464 Rdbss - ok
08:30:58.0140 4464 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:30:58.0203 4464 RDPCDD ( UnsignedFile.Multi.Generic ) - warning
08:30:58.0203 4464 RDPCDD - detected UnsignedFile.Multi.Generic (1)
08:30:58.0234 4464 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
08:30:58.0265 4464 RDPWD - ok
08:30:58.0281 4464 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:30:58.0390 4464 redbook - ok
08:30:58.0406 4464 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
08:30:58.0515 4464 sbp2port - ok
08:30:58.0531 4464 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:30:58.0562 4464 Secdrv - ok
08:30:58.0578 4464 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:30:58.0671 4464 serenum - ok
08:30:58.0671 4464 Serial - ok
08:30:58.0687 4464 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:30:58.0796 4464 Sfloppy - ok
08:30:58.0812 4464 Simbad - ok
08:30:58.0812 4464 Sparrow - ok
08:30:58.0843 4464 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:30:58.0937 4464 splitter - ok
08:30:58.0968 4464 sptd (a199171385be17973fd800fa91f8f78a) C:\WINDOWS\System32\Drivers\sptd.sys
08:30:58.0984 4464 sptd - ok
08:30:59.0015 4464 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:30:59.0046 4464 sr - ok
08:30:59.0125 4464 SRTSP (c16d048faf2978d2121f9f40594a6bdc) C:\WINDOWS\System32\Drivers\NIS\1305000.091\SRTSP.SYS
08:30:59.0140 4464 SRTSP - ok
08:30:59.0156 4464 SRTSPX (f0d02c2e25970c9c72a5cd278c17cdb6) C:\WINDOWS\system32\drivers\NIS\1305000.091\SRTSPX.SYS
08:30:59.0171 4464 SRTSPX - ok
08:30:59.0187 4464 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:30:59.0234 4464 Srv - ok
08:30:59.0250 4464 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:30:59.0359 4464 swenum - ok
08:30:59.0375 4464 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:30:59.0484 4464 swmidi - ok
08:30:59.0484 4464 symc810 - ok
08:30:59.0500 4464 symc8xx - ok
08:30:59.0531 4464 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\NIS\1305000.091\SYMDS.SYS
08:30:59.0546 4464 SymDS - ok
08:30:59.0578 4464 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\NIS\1305000.091\SYMEFA.SYS
08:30:59.0609 4464 SymEFA - ok
08:30:59.0687 4464 SymEvent (74e2521e96176a4449570e50be91954d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
08:30:59.0703 4464 SymEvent - ok
08:30:59.0812 4464 SymIM (a7100ea17ed9eaf365362a05bf430e77) C:\WINDOWS\system32\DRIVERS\SymIM.sys
08:30:59.0828 4464 SymIM - ok
08:30:59.0843 4464 SymIMMP (a7100ea17ed9eaf365362a05bf430e77) C:\WINDOWS\system32\DRIVERS\SymIM.sys
08:30:59.0859 4464 SymIMMP - ok
08:31:00.0000 4464 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\NIS\1305000.091\Ironx86.SYS
08:31:00.0062 4464 SymIRON - ok
08:31:00.0171 4464 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\System32\Drivers\NIS\1305000.091\SYMTDI.SYS
08:31:00.0187 4464 SYMTDI - ok
08:31:00.0187 4464 sym_hi - ok
08:31:00.0203 4464 sym_u3 - ok
08:31:00.0234 4464 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:31:00.0343 4464 sysaudio - ok
08:31:00.0375 4464 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:31:00.0421 4464 Tcpip - ok
08:31:00.0453 4464 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:31:00.0578 4464 TDPIPE - ok
08:31:00.0578 4464 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:31:00.0703 4464 TDTCP - ok
08:31:00.0718 4464 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:31:00.0828 4464 TermDD - ok
08:31:00.0843 4464 TosIde - ok
08:31:00.0859 4464 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:31:00.0968 4464 Udfs - ok
08:31:00.0984 4464 ultra - ok
08:31:01.0000 4464 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:31:01.0125 4464 Update - ok
08:31:01.0140 4464 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:31:01.0250 4464 usbccgp - ok
08:31:01.0281 4464 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:31:01.0390 4464 usbehci - ok
08:31:01.0406 4464 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:31:01.0515 4464 usbhub - ok
08:31:01.0531 4464 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
08:31:01.0625 4464 usbohci - ok
08:31:01.0656 4464 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:31:01.0750 4464 usbprint - ok
08:31:01.0781 4464 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:31:01.0890 4464 usbscan - ok
08:31:01.0921 4464 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:31:02.0015 4464 USBSTOR - ok
08:31:02.0046 4464 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:31:02.0156 4464 VgaSave - ok
08:31:02.0156 4464 ViaIde - ok
08:31:02.0187 4464 vmkbd (a5dbbb82c4508e985bd16081b7e578e0) C:\WINDOWS\system32\drivers\VMkbd.sys
08:31:02.0203 4464 vmkbd - ok
08:31:02.0218 4464 VMnetAdapter (f68c99f41c3cf6e1c3c542fadd2e20cf) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
08:31:02.0218 4464 VMnetAdapter - ok
08:31:02.0234 4464 VMnetBridge (121fbda3a14f0744a8c213d3e9f14d63) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
08:31:02.0234 4464 VMnetBridge - ok
08:31:02.0250 4464 VMnetuserif (377fbb615ea020a505cda3d6e4b13958) C:\WINDOWS\system32\drivers\vmnetuserif.sys
08:31:02.0265 4464 VMnetuserif - ok
08:31:02.0296 4464 vmx86 (6b48e7f4c9926a3697eaf559246673ac) C:\WINDOWS\system32\Drivers\vmx86.sys
08:31:02.0328 4464 vmx86 - ok
08:31:02.0375 4464 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:31:02.0484 4464 VolSnap - ok
08:31:02.0531 4464 vstor2 (9e4ff401725fe6a26d8fe492bf0ea2b1) C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys
08:31:02.0546 4464 vstor2 - ok
08:31:02.0562 4464 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:31:02.0671 4464 Wanarp - ok
08:31:02.0703 4464 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
08:31:02.0718 4464 Wdf01000 - ok
08:31:02.0734 4464 WDICA - ok
08:31:02.0765 4464 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:31:02.0875 4464 wdmaud - ok
08:31:02.0906 4464 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
08:31:02.0968 4464 WpdUsb - ok
08:31:03.0000 4464 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:31:03.0062 4464 WS2IFSL ( UnsignedFile.Multi.Generic ) - warning
08:31:03.0062 4464 WS2IFSL - detected UnsignedFile.Multi.Generic (1)
08:31:03.0078 4464 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:31:03.0093 4464 WudfPf - ok
08:31:03.0109 4464 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
08:31:03.0343 4464 \Device\Harddisk0\DR0 - ok
08:31:03.0359 4464 Boot (0x1200) (a73bc0822a31bbaca53b54b3bbcd784f) \Device\Harddisk0\DR0\Partition0
08:31:03.0359 4464 \Device\Harddisk0\DR0\Partition0 - ok
08:31:03.0359 4464 Boot (0x1200) (5204faa50879d3eb9e7f90cf996b3566) \Device\Harddisk0\DR0\Partition1
08:31:03.0359 4464 \Device\Harddisk0\DR0\Partition1 - ok
08:31:03.0375 4464 Boot (0x1200) (febb75af18995a05363217e089e34211) \Device\Harddisk0\DR0\Partition2
08:31:03.0375 4464 \Device\Harddisk0\DR0\Partition2 - ok
08:31:03.0406 4464 Boot (0x1200) (915c8e9fca8e68ecc732591ce3791bb0) \Device\Harddisk0\DR0\Partition3
08:31:03.0406 4464 \Device\Harddisk0\DR0\Partition3 - ok
08:31:03.0406 4464 Boot (0x1200) (768800153754aa7177d7557f89066a01) \Device\Harddisk0\DR0\Partition4
08:31:03.0406 4464 \Device\Harddisk0\DR0\Partition4 - ok
08:31:03.0406 4464 ============================================================
08:31:03.0406 4464 Scan finished
08:31:03.0406 4464 ============================================================
08:31:03.0515 5524 Detected object count: 31
08:31:03.0515 5524 Actual detected object count: 31
08:36:55.0296 5524 ACPIEC ( UnsignedFile.Multi.Generic ) - skipped by user
08:36:55.0296 5524 ACPIEC ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:36:55.0296 5524 Alpham ( UnsignedFile.Multi.Generic ) - skipped by user
08:36:55.0296 5524 Alpham ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:36:55.0296 5524 Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user
08:36:55.0296 5524 Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:36:55.0296 5524 audstub ( UnsignedFile.Multi.Generic ) - skipped by user
08:36:55.0296 5524 audstub ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:36:55.0296 5524 Beep ( UnsignedFile.Multi.Generic ) - skipped by user
08:36:55.0296 5524 Beep ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:36:55.0296 5524 cbidf2k ( UnsignedFile.Multi.Generic ) - skipped by user
08:36:55.0296 5524 cbidf2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:36:55.0296 5524 Cdaudio ( UnsignedFile.Multi.Generic ) - skipped by user
08:36:55.0296 5524 Cdaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:36:55.0296 5524 dmload ( UnsignedFile.Multi.Generic ) - skipped by user
08:36:55.0296 5524 dmload ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:36:55.0312 5524 Eplpdx02 ( UnsignedFile.Multi.Generic ) - skipped by user
08:36:55.0312 5524 Eplpdx02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:36:55.0312 5524 FileDisk ( UnsignedFile.Multi.Generic ) - skipped by user
08:36:55.0312 5524 FileDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:36:55.0312 5524 Fs_Rec ( UnsignedFile.Multi.Generic ) - skipped by user
08:36:55.0312 5524 Fs_Rec ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:36:55.0312 5524 Ftdisk ( UnsignedFile.Multi.Generic ) - skipped by user
08:36:55.0312 5524 Ftdisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:36:55.0390 5524 C:\WINDOWS\system32\DRIVERS\i8042prt.sys - copied to quarantine
08:36:55.0406 5524 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\i8042prt.sys) error 1813
08:36:56.0968 5524 Backup copy found, using it..
08:36:56.0984 5524 C:\WINDOWS\system32\DRIVERS\i8042prt.sys - will be cured on reboot
08:37:03.0796 5524 i8042prt ( Virus.Win32.ZAccess.c ) - User select action: Cure
08:37:03.0796 5524 InCDfs ( UnsignedFile.Multi.Generic ) - skipped by user
08:37:03.0796 5524 InCDfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:37:03.0796 5524 InCDPass ( UnsignedFile.Multi.Generic ) - skipped by user
08:37:03.0796 5524 InCDPass ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:37:03.0796 5524 InCDrec ( UnsignedFile.Multi.Generic ) - skipped by user
08:37:03.0796 5524 InCDrec ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:37:03.0796 5524 incdrm ( UnsignedFile.Multi.Generic ) - skipped by user
08:37:03.0796 5524 incdrm ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:37:03.0796 5524 IpFilterDriver ( UnsignedFile.Multi.Generic ) - skipped by user
08:37:03.0796 5524 IpFilterDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:37:03.0796 5524 mnmdd ( UnsignedFile.Multi.Generic ) - skipped by user
08:37:03.0796 5524 mnmdd ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:37:03.0796 5524 mouhid ( UnsignedFile.Multi.Generic ) - skipped by user
08:37:03.0796 5524 mouhid ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:37:03.0796 5524 Null ( UnsignedFile.Multi.Generic ) - skipped by user
08:37:03.0796 5524 Null ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:37:03.0796 5524 nv ( UnsignedFile.Multi.Generic ) - skipped by user
08:37:03.0796 5524 nv ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:37:03.0812 5524 NwlnkFlt ( UnsignedFile.Multi.Generic ) - skipped by user
08:37:03.0812 5524 NwlnkFlt ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:37:03.0812 5524 NwlnkFwd ( UnsignedFile.Multi.Generic ) - skipped by user
08:37:03.0812 5524 NwlnkFwd ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:37:03.0812 5524 ParVdm ( UnsignedFile.Multi.Generic ) - skipped by user
08:37:03.0812 5524 ParVdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:37:03.0812 5524 PCIIde ( UnsignedFile.Multi.Generic ) - skipped by user
08:37:03.0812 5524 PCIIde ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:37:03.0812 5524 Ptilink ( UnsignedFile.Multi.Generic ) - skipped by user
08:37:03.0812 5524 Ptilink ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:37:03.0812 5524 RasAcd ( UnsignedFile.Multi.Generic ) - skipped by user
08:37:03.0812 5524 RasAcd ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:37:03.0812 5524 Raspti ( UnsignedFile.Multi.Generic ) - skipped by user
08:37:03.0812 5524 Raspti ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:37:03.0812 5524 RDPCDD ( UnsignedFile.Multi.Generic ) - skipped by user
08:37:03.0812 5524 RDPCDD ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:37:03.0812 5524 WS2IFSL ( UnsignedFile.Multi.Generic ) - skipped by user
08:37:03.0812 5524 WS2IFSL ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:37:18.0671 3400 Deinitialize success


3)FARBAR S S Log

Farbar Service Scanner Version: 22-02-2012
Ran by R W (administrator) on 23-02-2012 at 08:43:01
Running from "C:\Documents and Settings\R W\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) SYMTDI(11) Tcpip(4) VMnetBridge(9)
0x0B00000005000000010000000200000003000000040000000B0000000A00000008000000060000000700000009000000
IpSec Tag value is correct.

**** End of log ****

4) OTL Log

OTL logfile created on: 2/23/2012 8:47:25 AM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\R W\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 65.67% Memory free
4.59 Gb Paging File | 3.39 Gb Available in Paging File | 73.83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 61.55 Gb Free Space | 63.03% Space Free | Partition Type: NTFS
Drive D: | 122.07 Gb Total Space | 86.12 Gb Free Space | 70.55% Space Free | Partition Type: NTFS
Drive E: | 214.84 Gb Total Space | 106.49 Gb Free Space | 49.57% Space Free | Partition Type: NTFS
Drive F: | 214.84 Gb Total Space | 65.58 Gb Free Space | 30.53% Space Free | Partition Type: NTFS
Drive G: | 282.09 Gb Total Space | 226.24 Gb Free Space | 80.20% Space Free | Partition Type: NTFS

Computer Name: cx | User Name: R W | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/23 08:36:13 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\R W\Desktop\OTL.exe
PRC - [2012/02/22 18:27:22 | 000,107,000 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/02/02 02:44:30 | 003,329,824 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\R W\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2012/01/26 09:43:00 | 002,345,792 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/01/06 11:26:06 | 000,722,616 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2011/12/12 11:03:40 | 000,290,832 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/11/29 21:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe
PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/08/10 15:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/02/22 09:52:12 | 000,182,784 | ---- | M] (Ideazon, Inc.) -- C:\Program Files\Ideazon\ZEngine\Zboard.exe
PRC - [2010/08/24 17:02:20 | 000,608,528 | ---- | M] (TiVo Inc.) -- C:\Program Files\TiVo\Desktop\TiVoTransfer.exe
PRC - [2010/08/24 17:02:18 | 002,264,336 | ---- | M] (TiVo Inc.) -- C:\Program Files\TiVo\Desktop\TiVoServer.exe
PRC - [2010/08/24 17:02:14 | 000,437,520 | ---- | M] (TiVo Inc.) -- C:\Program Files\TiVo\Desktop\TiVoNotify.exe
PRC - [2010/03/25 09:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/12/23 16:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009/10/23 12:31:44 | 000,401,920 | ---- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
PRC - [2009/07/15 00:32:20 | 000,387,616 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2009/07/15 00:32:20 | 000,178,720 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2008/10/09 09:07:56 | 000,107,912 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/03 19:06:10 | 000,109,104 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe
PRC - [2008/03/03 19:05:22 | 000,055,856 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\hqtray.exe
PRC - [2007/03/23 09:02:52 | 000,269,104 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
PRC - [2004/08/27 09:00:20 | 001,192,050 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2003/12/18 08:50:00 | 000,038,912 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE


========== Modules (No Company Name) ==========

MOD - [2012/02/22 17:51:41 | 000,112,318 | ---- | M] () -- C:\Documents and Settings\R W\Local Settings\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll
MOD - [2012/02/16 11:23:33 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\f9977bade8fa997882aa57b430820765\System.ServiceProcess.ni.dll
MOD - [2012/02/16 11:23:08 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\9eb937785d5a8bc2767ae7efcdd29d43\System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 11:23:06 | 000,787,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\06c498e1b0e11e9de295c02f1519b8ff\System.EnterpriseServices.ni.dll
MOD - [2012/02/16 11:23:05 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\07db951fbbd939fc70b0b91a8fa83185\System.Transactions.ni.dll
MOD - [2012/02/16 11:20:52 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.ni.dll
MOD - [2012/02/16 11:20:52 | 000,280,064 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.Wrapper.dll
MOD - [2012/02/16 11:20:51 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\f25d114cb629d1f512f98883c6535a75\System.Transactions.ni.dll
MOD - [2012/02/16 06:16:45 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll
MOD - [2012/02/16 06:11:00 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
MOD - [2012/02/16 06:10:53 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
MOD - [2012/02/16 06:10:49 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/16 06:10:45 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/02/16 06:10:44 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
MOD - [2012/02/16 06:10:42 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/02/16 06:10:17 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/02/16 06:10:10 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/02/16 06:10:10 | 000,113,664 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2012/02/16 06:05:46 | 006,815,232 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\25a90057cd6623c3b3cc07e53c8de77a\System.Data.ni.dll
MOD - [2012/02/16 06:05:44 | 013,138,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\edfa0f31cc4950e16011ecb549f553f7\System.Windows.Forms.ni.dll
MOD - [2012/02/16 06:05:38 | 007,069,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\b6ac99f2787a9a672d7a696ef25588ee\System.Core.ni.dll
MOD - [2012/02/16 06:05:36 | 005,617,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\a588133985ef7510d4cc8cc7924f8ec3\System.Xml.ni.dll
MOD - [2012/02/16 06:05:36 | 001,652,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\9d5b252266a6084a611b2be84fac9e1c\System.Drawing.ni.dll
MOD - [2012/02/16 06:05:33 | 000,982,528 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\1702c5e18cdd96c022d87c38561f19c9\System.Configuration.ni.dll
MOD - [2012/02/16 06:05:32 | 009,091,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\9c4788acc8f93c33214865395cee2e1c\System.ni.dll
MOD - [2012/02/10 22:22:55 | 003,340,064 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_7de0ed9.dll
MOD - [2011/10/12 05:04:32 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011/10/12 05:04:10 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/12 04:59:02 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll
MOD - [2011/10/05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/22 11:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2011/02/16 13:38:44 | 000,015,872 | ---- | M] () -- C:\Program Files\Ideazon\ZEngine\AxWBOCXLib.dll
MOD - [2010/11/15 06:48:46 | 001,531,904 | ---- | M] () -- C:\Program Files\MyPoints Point Finder\Toolbar.dll
MOD - [2010/11/15 06:48:46 | 001,531,904 | ---- | M] () -- C:\Documents and Settings\R W\Application Data\FCTB000060497\Toolbar\Toolbar.dll
MOD - [2010/08/24 17:02:02 | 000,050,960 | ---- | M] () -- C:\Program Files\TiVo\Desktop\Plus\TranscodingServicePS.dll
MOD - [2010/08/24 16:40:42 | 000,259,584 | ---- | M] () -- C:\Program Files\TiVo\Desktop\Id3Lib.dll
MOD - [2010/07/06 14:39:50 | 000,034,816 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\Aquarius.dll
MOD - [2010/05/17 22:52:16 | 000,684,032 | ---- | M] () -- C:\Program Files\TiVo\Desktop\LibEay32.dll
MOD - [2010/05/17 22:52:16 | 000,155,648 | ---- | M] () -- C:\Program Files\TiVo\Desktop\SslEay32.dll
MOD - [2010/05/17 22:51:14 | 000,716,800 | ---- | M] () -- C:\Program Files\TiVo\Desktop\loudmouth.dll
MOD - [2010/01/27 08:19:54 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2009/10/23 12:31:44 | 000,038,912 | ---- | M] () -- C:\Program Files\Amazon\Amazon Games & Software Downloader\utility.dll
MOD - [2009/07/15 00:32:20 | 000,387,616 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
MOD - [2009/07/15 00:32:20 | 000,178,720 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
MOD - [2009/07/15 00:32:14 | 000,436,768 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
MOD - [2009/07/15 00:31:38 | 000,068,128 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
MOD - [2009/02/26 13:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2008/10/09 09:07:56 | 000,107,912 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/03/03 19:06:02 | 000,080,432 | ---- | M] () -- C:\Program Files\VMware\VMware Player\zlib1.dll
MOD - [2008/03/03 19:05:46 | 000,970,288 | ---- | M] () -- C:\Program Files\VMware\VMware Player\libxml2.dll
MOD - [2007/04/02 17:19:22 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2007/03/23 09:03:02 | 000,834,352 | ---- | M] () -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\libeay32.dll
MOD - [2007/03/23 09:02:50 | 000,166,704 | ---- | M] () -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\ssleay32.dll
MOD - [2003/01/30 07:04:00 | 000,618,496 | ---- | M] () -- C:\Program Files\TiVo\Desktop\StlpMt45.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2012/02/10 22:22:55 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2012/01/26 09:43:00 | 002,345,792 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/01/06 11:26:06 | 000,722,616 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2011/12/12 11:03:40 | 000,290,832 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/11/29 21:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe -- (NIS)
SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/08/10 15:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe -- (NSL)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/08/24 17:02:08 | 001,104,656 | ---- | M] (TiVo Inc.) [Disabled | Stopped] -- C:\Program Files\TiVo\Desktop\TiVoBeacon.exe -- (TivoBeacon2)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/12/23 16:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/10/23 12:31:44 | 000,401,920 | ---- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2009/07/15 00:32:20 | 000,387,616 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2009/07/15 00:32:20 | 000,178,720 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009/06/29 15:21:52 | 003,110,016 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008/10/09 09:07:56 | 000,107,912 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/04/14 04:42:38 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\tdpipe.dll -- (SGHIDI)
SRV - [2008/03/03 19:06:26 | 000,121,392 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2008/03/03 19:06:12 | 000,150,064 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2008/03/03 19:06:10 | 000,109,104 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2007/03/23 09:02:52 | 000,269,104 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2)
SRV - [2004/08/27 09:00:20 | 001,192,050 | ---- | M] (Ahead Software AG) [Auto | Stopped] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR) InCD Helper (read only)
SRV - [2004/08/27 09:00:20 | 001,192,050 | ---- | M] (Ahead Software AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - [2012/02/21 16:51:15 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/02/21 14:11:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120222.032\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/02/21 14:11:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/21 14:11:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/02/21 14:11:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120222.032\NAVENG.SYS -- (NAVENG)
DRV - [2012/02/17 16:28:52 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120222.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/02/15 21:50:02 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120215.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/23 21:23:47 | 000,905,336 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1305000.091\SYMEFA.SYS -- (SymEFA)
DRV - [2011/11/23 21:23:20 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2011/11/23 21:23:20 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2011/11/23 20:50:26 | 000,574,584 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1305000.091\SRTSP.SYS -- (SRTSP)
DRV - [2011/11/23 20:50:26 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1305000.091\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/11/16 22:37:59 | 000,388,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1305000.091\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/11/16 22:17:48 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1305000.091\Ironx86.SYS -- (SymIRON)
DRV - [2011/11/04 18:59:35 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1305000.091\ccSetx86.sys -- (ccSet_NIS)
DRV - [2011/08/30 17:28:46 | 006,435,432 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2011/08/08 18:38:11 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NST\0200000.010\ccSetx86.sys -- (ccSet_NST)
DRV - [2011/07/25 21:18:35 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1305000.091\SYMDS.SYS -- (SymDS)
DRV - [2010/10/04 07:05:55 | 000,436,792 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/11/10 06:55:08 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/11/10 06:54:52 | 000,035,984 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/07/01 11:52:02 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2009/07/01 11:52:00 | 000,067,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2009/06/30 17:31:00 | 000,164,896 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2009/06/17 11:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2008/04/17 09:45:38 | 000,009,341 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk)
DRV - [2008/03/03 19:06:38 | 000,034,864 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2008/03/03 19:06:36 | 000,925,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2008/03/03 19:06:34 | 000,025,136 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2008/03/03 19:06:32 | 000,020,912 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2008/03/03 18:12:22 | 000,028,592 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2008/03/03 18:12:22 | 000,016,816 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2007/07/23 09:56:58 | 000,042,624 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Alpham1.sys -- (Alpham1)
DRV - [2007/03/23 09:03:00 | 000,018,480 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys -- (vstor2)
DRV - [2007/03/20 11:49:52 | 000,018,432 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Alpham2.sys -- (Alpham2)
DRV - [2005/12/04 13:55:40 | 000,034,944 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Alpham.sys -- (Alpham)
DRV - [2004/08/27 09:02:46 | 000,028,672 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2004/08/27 09:02:30 | 000,092,928 | ---- | M] (Ahead Software AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2004/08/26 21:02:50 | 000,027,648 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2003/12/11 08:50:00 | 000,070,894 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/12/11 08:50:00 | 000,051,582 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2)
DRV - [2001/08/10 04:03:00 | 000,070,084 | ---- | M] (MK Systems CO., LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS -- (Eplpdx02)
DRV - [1997/12/22 21:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1547161642-1284227242-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.verizon.net/central/vzc.portal
IE - HKU\S-1-5-21-1547161642-1284227242-725345543-1004\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1547161642-1284227242-725345543-1004\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files\Coupons.com\prxtbCou0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1547161642-1284227242-725345543-1004\..\URLSearchHook: {96b985b7-3cf9-456a-9db6-791710e60f5f} - C:\Program Files\MyPoints Point Finder\Helper.dll ()
IE - HKU\S-1-5-21-1547161642-1284227242-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1547161642-1284227242-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;

IE - HKU\S-1-5-21-1547161642-1284227242-725345543-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/23 06:02:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\ [2012/02/21 14:18:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\ [2012/02/23 08:41:49 | 000,000,000 | ---D | M]

[2011/07/26 14:13:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\R W\Application Data\Mozilla\Extensions

O1 HOSTS File: ([2009/05/23 07:01:02 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
O2 - BHO: (MyPoints Point Finder BHO) - {614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A} - C:\Program Files\MyPoints Point Finder\Toolbar.dll ()
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (MyPoints Point Finder) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files\MyPoints Point Finder\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1547161642-1284227242-725345543-1004\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-1547161642-1284227242-725345543-1004\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-1547161642-1284227242-725345543-1004\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1547161642-1284227242-725345543-1004\..\Toolbar\WebBrowser: (MyPoints Point Finder) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files\MyPoints Point Finder\Toolbar.dll ()
O3 - HKU\S-1-5-21-1547161642-1284227242-725345543-1004\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKLM..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe (Ideazon, Inc.)
O4 - HKU\S-1-5-21-1547161642-1284227242-725345543-1004..\Run: [Akamai NetSession Interface] C:\Documents and Settings\R W\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-1547161642-1284227242-725345543-1004..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKU\S-1-5-21-1547161642-1284227242-725345543-1004..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-1547161642-1284227242-725345543-1004..\Run: [TivoNotify] C:\Program Files\TiVo\Desktop\TiVoNotify.exe (TiVo Inc.)
O4 - HKU\S-1-5-21-1547161642-1284227242-725345543-1004..\Run: [TivoServer] C:\Program Files\TiVo\Desktop\TiVoServer.exe (TiVo Inc.)
O4 - HKU\S-1-5-21-1547161642-1284227242-725345543-1004..\Run: [TivoTransfer] C:\Program Files\TiVo\Desktop\TiVoTransfer.exe (TiVo Inc.)
O4 - HKU\S-1-5-21-1547161642-1284227242-725345543-1004..\Run: [TranscodingService] C:\Program Files\TiVo\Desktop\Plus\\TranscodingService.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-1284227242-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1547161642-1284227242-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1547161642-1284227242-725345543-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O15 - HKU\S-1-5-21-1547161642-1284227242-725345543-1004\..Trusted Domains: amazon.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1547161642-1284227242-725345543-1004\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} https://s3.amazonaws.com/content.systemrequirementslab.com/global/bin/srldetect_cyri_4.1.72.0_x.cab (SysInfo Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll (ContactExtractor Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243342093468 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-centives.com/cif/download/bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} http://www.iolo.com/app/ocx/UpgradeVerify.cab (iolo.ProductDetector)
O16 - DPF: vzTCPConfig http://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{799FFFC0-F404-418A-96B9-B1CEFB94D169}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\R W\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\R W\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{137abbfb-46c9-11de-814d-00044b198387}\Shell - "" = AutoRun
O33 - MountPoints2\{137abbfb-46c9-11de-814d-00044b198387}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{23125f13-4c55-11de-96c3-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{23125f13-4c55-11de-96c3-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{23125f13-4c55-11de-96c3-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com h:
O33 - MountPoints2\{23125f13-4c55-11de-96c3-806d6172696f}\Shell\Open\command - "" = "resycled\boot.com h:
O33 - MountPoints2\{23125f14-4c55-11de-96c3-806d6172696f}\Shell - "" = Autorun
O33 - MountPoints2\{23125f14-4c55-11de-96c3-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{23125f14-4c55-11de-96c3-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com i:
O33 - MountPoints2\{23125f14-4c55-11de-96c3-806d6172696f}\Shell\Open\command - "" = resycled\boot.com i:
O34 - HKLM BootExecute: (autocheck msln)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: 43679288.sys - Driver
SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: ioloSystemService - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup -
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0E9A3196-39EA-409D-8EB4-20D7FABC191A} - Microsoft .NET Framework 1.0 Hotfix (KB928367)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {14303301-758B-402B-9A0D-2C6A591680DB} - Microsoft .NET Framework 1.0 Service Pack 3 (KB867461)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {78705f0d-e8db-4b2d-8193-982bdda15ecd} - .NET Framework
ActiveX: {81B52903-4C11-11D6-B6E1-00B0D049139F} - Microsoft .NET Framework 1.0 Service Pack 2 (KB867461)
ActiveX: {871F8A30-15A2-11D6-8711-0002B3281F8B} - Microsoft .NET Framework 1.0 Service Pack 1 (KB867461)
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - DOTNETFRAMEWORKS
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.VMnc - C:\WINDOWS\System32\vmnc.dll (VMware, Inc.)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SGHIDI - C:\WINDOWS\system32\tdpipe.dll (Oak Technology Inc.)
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/02/23 08:36:55 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/23 08:36:13 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\R W\Desktop\OTL.exe
[2012/02/23 08:27:30 | 002,060,336 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\R W\Desktop\tdsskiller.exe
[2012/02/22 18:59:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\R W\Start Menu\Programs\Administrative Tools
[2012/02/22 18:55:21 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\R W\Desktop\dds.scr
[2012/02/22 18:27:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RoboForm
[2012/02/22 14:01:11 | 000,000,000 | ---D | C] -- C:\NPE
[2012/02/22 12:43:20 | 000,000,000 | ---D | C] -- C:\NBRT
[2012/02/21 20:55:55 | 000,026,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\FixTDSS.sys
[2012/02/21 20:55:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\R W\Application Data\FixTDSS
[2012/02/21 18:17:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2012/02/21 18:15:53 | 000,044,024 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2012/02/21 16:51:09 | 000,905,336 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symefa.sys
[2012/02/21 16:51:09 | 000,574,584 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1305000.091\srtsp.sys
[2012/02/21 16:51:09 | 000,388,216 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symtdi.sys
[2012/02/21 16:51:09 | 000,345,208 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symtdiv.sys
[2012/02/21 16:51:09 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symds.sys
[2012/02/21 16:51:09 | 000,318,584 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symnets.sys
[2012/02/21 16:51:09 | 000,149,624 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1305000.091\ironx86.sys
[2012/02/21 16:51:09 | 000,132,744 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1305000.091\ccsetx86.sys
[2012/02/21 16:51:09 | 000,032,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1305000.091\srtspx.sys
[2012/02/21 16:04:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1305000.091
[2012/02/21 14:06:03 | 000,141,944 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2012/02/21 14:06:03 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2012/02/21 14:06:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/02/21 14:06:02 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/02/21 14:05:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2012/02/21 14:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2012/02/21 14:05:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[2012/02/19 09:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\R W\Local Settings\Application Data\NPE
[2012/02/17 07:18:04 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\FixTDSS.exe
[2012/02/17 07:18:04 | 001,766,312 | ---- | C] (Symantec Corporation) -- C:\FixZeroAccess.exe
[2012/02/16 18:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\R W\Application Data\DDMSettings
[2012/02/16 07:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Sun
[2012/02/16 07:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/02/15 11:17:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/02/15 11:16:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/02/15 10:36:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\R W\Local Settings\Application Data\SKIDROW
[2012/02/15 10:36:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\R W\Local Settings\Application Data\BigHugeEngine
[2012/02/03 07:37:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\R W\My Documents\Diablo III
[2012/02/03 06:55:10 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo III Beta
[2012/02/03 06:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Diablo III Beta
[2012/02/03 06:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Battle.net
[2012/02/02 20:36:34 | 000,132,744 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NST\0200000.010\ccSetx86.sys
[2012/02/02 20:36:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NST
[2012/02/02 20:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Safe Web Lite
[2012/02/02 20:36:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NST\0200000.010
[2012/02/02 20:32:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2012/02/02 20:32:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Amazon

========== Files - Modified Within 30 Days ==========

[2012/02/23 08:41:09 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/02/23 08:38:56 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/23 08:38:55 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2012/02/23 08:38:51 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/23 08:38:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/23 08:38:23 | 000,004,782 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\VT20111023.024
[2012/02/23 08:37:32 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/23 08:36:13 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\R W\Desktop\OTL.exe
[2012/02/23 08:35:42 | 000,337,133 | ---- | M] () -- C:\Documents and Settings\R W\Desktop\FSS.exe
[2012/02/23 08:27:30 | 002,060,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\R W\Desktop\tdsskiller.exe
[2012/02/23 08:27:00 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/23 07:58:18 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{39BCF131-12D7-4485-A793-DB59621F2AB9}.job
[2012/02/22 19:10:22 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\R W\Desktop\y617yinr.exe
[2012/02/22 18:55:21 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\R W\Desktop\dds.scr
[2012/02/22 18:46:56 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\R W\defogger_reenable
[2012/02/22 18:45:33 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\R W\Desktop\Defogger.exe
[2012/02/22 18:44:28 | 000,001,383 | ---- | M] () -- C:\Documents and Settings\R W\My Documents\ax_files.xml
[2012/02/22 17:57:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2012/02/21 20:55:55 | 000,026,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\FixTDSS.sys
[2012/02/21 19:45:33 | 000,000,836 | ---- | M] () -- C:\Documents and Settings\R W\Desktop\Norton Installation Files.lnk
[2012/02/21 19:44:32 | 000,614,882 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\Cat.DB
[2012/02/21 18:36:24 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
[2012/02/21 17:53:01 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2012/02/21 17:41:45 | 000,001,984 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\N I S.LNK
[2012/02/21 16:51:15 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2012/02/21 16:51:15 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2012/02/21 16:51:15 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2012/02/21 16:51:15 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2012/02/19 07:54:13 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\R W\Desktop\Excel 2007.lnk
[2012/02/18 09:57:20 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/02/16 06:12:55 | 000,296,456 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/16 06:10:23 | 000,508,286 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/16 06:10:23 | 000,090,254 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/15 11:25:14 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\FixTDSS.exe
[2012/02/15 11:24:41 | 001,766,312 | ---- | M] (Symantec Corporation) -- C:\FixZeroAccess.exe
[2012/02/15 08:01:29 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\R W\Desktop\Word 2007.lnk
[2012/02/07 16:36:23 | 000,292,176 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/02/07 16:36:23 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/02/07 16:36:21 | 000,292,176 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/02/03 06:55:41 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Diablo III Beta.lnk
[2012/01/26 23:26:45 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\isolate.ini
[2012/01/26 09:43:00 | 018,620,416 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2012/01/26 09:43:00 | 017,534,976 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2012/01/26 09:43:00 | 005,918,720 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2012/01/26 09:43:00 | 004,309,888 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2012/01/26 09:43:00 | 002,783,770 | ---- | M] () -- C:\WINDOWS\System32\nvdata.data
[2012/01/26 09:43:00 | 002,522,944 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2012/01/26 09:43:00 | 002,437,440 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2012/01/26 09:43:00 | 002,292,224 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2012/01/26 09:43:00 | 001,000,256 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco32.dll
[2012/01/26 09:43:00 | 000,881,984 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco32.dll
[2012/01/26 09:43:00 | 000,065,536 | ---- | M] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2012/01/26 09:43:00 | 000,007,785 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb
[2012/01/26 06:02:52 | 000,054,272 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
[2012/01/26 06:02:19 | 015,494,464 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
[2012/01/26 06:02:19 | 000,108,352 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
[2012/01/26 06:02:10 | 000,143,680 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe

========== Files Created - No Company Name ==========

[2012/02/23 08:35:42 | 000,337,133 | ---- | C] () -- C:\Documents and Settings\R W\Desktop\FSS.exe
[2012/02/22 19:10:22 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\R W\Desktop\y617yinr.exe
[2012/02/22 18:46:45 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\R W\defogger_reenable
[2012/02/22 18:45:33 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\R W\Desktop\Defogger.exe
[2012/02/21 17:41:45 | 000,001,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\N I S.LNK
[2012/02/21 17:39:28 | 000,614,882 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\Cat.DB
[2012/02/21 17:39:28 | 000,004,782 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\VT20111023.024
[2012/02/21 16:51:09 | 000,007,877 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symnetv.cat
[2012/02/21 16:51:09 | 000,007,492 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symds.cat
[2012/02/21 16:51:09 | 000,007,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\ccsetx86.cat
[2012/02/21 16:51:09 | 000,007,458 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symnet.cat
[2012/02/21 16:51:09 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symefa.cat
[2012/02/21 16:51:09 | 000,007,454 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\srtspx.cat
[2012/02/21 16:51:09 | 000,007,450 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\srtsp.cat
[2012/02/21 16:51:09 | 000,007,450 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\iron.cat
[2012/02/21 16:51:09 | 000,003,434 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symefa.inf
[2012/02/21 16:51:09 | 000,002,852 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symds.inf
[2012/02/21 16:51:09 | 000,001,469 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symnetv.inf
[2012/02/21 16:51:09 | 000,001,441 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symnet.inf
[2012/02/21 16:51:09 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\srtspx.inf
[2012/02/21 16:51:09 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\srtsp.inf
[2012/02/21 16:51:09 | 000,000,827 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\ccsetx86.inf
[2012/02/21 16:51:09 | 000,000,742 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\iron.inf
[2012/02/21 16:04:00 | 000,004,782 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\symvtcer.dat
[2012/02/21 16:04:00 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1305000.091\isolate.ini
[2012/02/21 14:06:03 | 000,007,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2012/02/21 14:06:03 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2012/02/16 06:01:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/16 06:01:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/15 11:17:23 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/15 11:06:32 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/02/03 06:55:10 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Diablo III Beta.lnk
[2012/02/02 20:36:32 | 000,007,510 | R--- | C] () -- C:\WINDOWS\System32\drivers\NST\0200000.010\ccSetx86.cat
[2012/02/02 20:36:32 | 000,000,828 | R--- | C] () -- C:\WINDOWS\System32\drivers\NST\0200000.010\ccSetx86.inf
[2012/02/02 20:36:32 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NST\0200000.010\isolate.ini
[2011/12/28 12:04:21 | 000,292,990 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1547161642-1284227242-725345543-1004-0.dat
[2011/12/28 12:04:20 | 000,292,990 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/12/28 08:52:49 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2011/06/05 07:46:01 | 002,783,770 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2011/02/01 09:24:01 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/01/04 07:12:23 | 000,292,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/04 07:12:17 | 000,292,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/04 07:12:17 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/12/28 10:57:48 | 010,462,120 | ---- | C] () -- C:\Documents and Settings\R W\Application Data\lotpro32.exe
[2010/11/07 11:52:07 | 000,000,273 | ---- | C] () -- C:\WINDOWS\SysMech.INI
[2010/10/04 07:31:38 | 000,000,305 | ---- | C] () -- C:\WINDOWS\game.ini
[2010/10/02 06:34:07 | 002,601,752 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_moh.exe
[2010/08/27 18:31:11 | 005,344,920 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

========== Custom Scans ==========


< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/05/21 05:04:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009/05/21 05:04:34 | 000,602,112 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009/05/21 05:04:34 | 000,442,368 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2012/02/21 20:55:55 | 000,026,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\FixTDSS.sys
[2012/02/23 08:38:20 | 000,052,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\i8042prt.sys
[2012/01/26 09:43:00 | 013,411,584 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys
[2012/02/21 16:51:15 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS

< %SYSTEMDRIVE%\*.exe >
[2012/02/15 11:25:14 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\FixTDSS.exe
[2012/02/15 11:24:41 | 001,766,312 | ---- | M] (Symantec Corporation) -- C:\FixZeroAccess.exe
[2009/05/15 14:37:30 | 000,424,816 | ---- | M] () -- C:\smpro_dm.exe
[2009/05/23 07:00:24 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\WinsockxpFix.exe


< MD5 for: ATAPI.SYS >
[2003/03/31 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2003/03/31 07:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2003/03/31 07:00:00 | 001,004,032 | ---- | M] (Microsoft Corporation) MD5=A82B28BFC2E4455FE43022A498C0EF0A -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: VOLSNAP.SYS >
[2008/04/13 23:11:02 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\Documents and Settings\R W\Application Data\FixTDSS\Archive\VolSnap.sys
[2008/04/13 23:11:02 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 23:11:02 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2003/03/31 07:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=6FDC9523EF81617CF5028F47FCAF0FBE -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2003/03/31 07:00:00 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 04:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 04:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 07:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 07:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 07:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 07:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 07:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 07:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< >

< >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB30639$] -> Error: Cannot create file handle -> Unknown point type
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2\3.1.31.0__540d4816ead86321] -> C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv2_540d4816ead86321_3.1.31.0_x-ww_8b778a47 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\3.1.31.0__540d4816ead86321] -> C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_540d4816ead86321_3.1.31.0_x-ww_46ee423f -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv4\v4.0_4.0.56.0__3ff6b78e2989595a] -> C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv4_3ff6b78e2989595a_4.0.56.0_x-ww_4c48c2f3 -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\v4.0_4.0.56.0__3ff6b78e2989595a] -> C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_3ff6b78e2989595a_4.0.56.0_x-ww_aab1d96d -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35] -> C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 500 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8A67568
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F8C9007
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D6BE1CEA
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:193426B4
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF89A86D
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B623B5B8
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81F83028

< End of report >

4b) EXTRA LOG

OTL Extras logfile created on: 2/23/2012 8:47:25 AM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\R W\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 65.67% Memory free
4.59 Gb Paging File | 3.39 Gb Available in Paging File | 73.83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 61.55 Gb Free Space | 63.03% Space Free | Partition Type: NTFS
Drive D: | 122.07 Gb Total Space | 86.12 Gb Free Space | 70.55% Space Free | Partition Type: NTFS
Drive E: | 214.84 Gb Total Space | 106.49 Gb Free Space | 49.57% Space Free | Partition Type: NTFS
Drive F: | 214.84 Gb Total Space | 65.58 Gb Free Space | 30.53% Space Free | Partition Type: NTFS
Drive G: | 282.09 Gb Total Space | 226.24 Gb Free Space | 80.20% Space Free | Partition Type: NTFS

Computer Name: | User Name: R W | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
"5353:UDP" = 5353:UDP:LocalSubNet:Enabled:mDNS-SD/Bonjour
"7288:TCP" = 7288:TCP:LocalSubNet:Enabled:TiVo HME Host: Port %d
"50000:UDP" = 50000:UDP:*:Enabled:IHA_MessageCenter
"1042:TCP" = 1042:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"E:\Curse\CurseClient.exe" = E:\Curse\CurseClient.exe:*:Enabled:Curse Client -- ()
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"E:\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = E:\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ -- ()
"C:\Program Files\TiVo\Desktop\TiVoTransfer.exe" = C:\Program Files\TiVo\Desktop\TiVoTransfer.exe:LocalSubNet:Enabled:TiVo Transfer Service -- (TiVo Inc.)
"C:\Program Files\TiVo\Desktop\TiVoServer.exe" = C:\Program Files\TiVo\Desktop\TiVoServer.exe:LocalSubNet:Enabled:TiVo Server Service -- (TiVo Inc.)
"C:\Program Files\TiVo\Desktop\TiVoDesktop.exe" = C:\Program Files\TiVo\Desktop\TiVoDesktop.exe:LocalSubNet:Enabled:TiVo Desktop User Interface -- (TiVo Inc.)
"C:\Program Files\TiVo\Desktop\curl.exe" = C:\Program Files\TiVo\Desktop\curl.exe:LocalSubNet:Enabled:TiVo Curl Service -- ()
"C:\Program Files\TiVo\Desktop\TiVoBeacon.exe" = C:\Program Files\TiVo\Desktop\TiVoBeacon.exe:LocalSubNet:Enabled:TiVo Beacon Service -- (TiVo Inc.)
"C:\Program Files\TiVo\Desktop\TiVoDiag.exe" = C:\Program Files\TiVo\Desktop\TiVoDiag.exe:LocalSubNet:Enabled:TiVo Diag Service -- (TiVo Inc.)
"C:\Program Files\MyPoints Point Finder\TroubleShooter.exe" = C:\Program Files\MyPoints Point Finder\TroubleShooter.exe:*:Enabled:MyPoints Point Finder (Helper) -- (FreeCause Inc.)
"C:\Program Files\MyPoints Point Finder\ToolbarUpdate.exe" = C:\Program Files\MyPoints Point Finder\ToolbarUpdate.exe:*:Enabled:MyPoints Point Finder (Update) -- (FreeCause Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Documents and Settings\Robert Witkowski\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\Robert Witkowski\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface -- (Akamai Technologies, Inc)
"C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Diablo III Beta\Diablo III.exe" = C:\Program Files\Diablo III Beta\Diablo III.exe:*:Enabled:Diablo III Beta -- (Blizzard Entertainment)
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty® - World at War™ 1.6 Patch
"{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}" = Quicken 2012
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX330_series" = Canon MX330 series MP Drivers
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War™ 1.2 Patch
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E839090-3B68-436A-B3CF-A2A08C38DD26}" = TiVo Desktop 2.8.2
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.80
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{64E47A5F-B3C4-476A-9100-2D006BD1FFB4}" = Z Engine
"{65AF6E26-80A7-45F2-A7DA-9FBF407398BE}" = TurboTax 2010 wriiper
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74B65337-CCF1-4664-A7FC-954A288A4C72}" = Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC_AR)
"{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty® - World at War™ 1.7 Patch
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{80813829-BE27-4799-8BC7-2F75A7B6CB50}" = IHA_MessageCenter
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War™ 1.4 Patch
"{9F153AD3-3523-4542-818E-AE2F92249667}" = SAMSUNG USB Driver for Mobile Phones
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 295.51
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 295.51
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.02
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.1111
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1" = iolo technologies' System Mechanic Professional
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C383CBAD-61FA-417E-B784-2E9F1E843DF2}" = TurboTax 2010 wmaiper
"{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty® - World at War™ 1.5 Patch
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F97272B4-82C4-46B2-BCF1-C4D6E8CAB3E6}" = Avery Wizard 4.0
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AI RoboForm" = RoboForm 7-1-3 (All Users)
"Akamai" = Akamai NetSession Interface Service
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"AVIConverter" = AVIConverter 5.1.0
"Bejeweled 31.0" = Bejeweled 3
"BitTorrent" = BitTorrent
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"Canon MX330 series User Registration" = Canon MX330 series User Registration
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Coupons.com Toolbar" = Coupons.com Toolbar
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Diablo III Beta" = Diablo III Beta
"DivX Setup" = DivX Setup
"Download Manager" = Download Manager 2.3.9
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fallout New Vegas_is1" = Fallout New Vegas
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty® - World at War™ 1.6 Patch
"InstallShield_{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War™ 1.2 Patch
"InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty® - World at War™ 1.7 Patch
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War™ 1.4 Patch
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty® - World at War™ 1.5 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"IrfanView" = IrfanView (remove only)
"Lotto Pro" = Lotto Pro
"LyricsSeeker plugins" = LyricsSeeker plugins 2.3
"MailWasher Pro_is1" = MailWasher Pro
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"MP Navigator EX 2.1" = Canon MP Navigator EX 2.1
"Mp3tag" = Mp3tag v2.45a
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyPoints Point Finder" = MyPoints Point Finder
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NST" = Norton Safe Web Lite
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Origin" = Origin
"Precision" = EVGA Precision 1.8.1
"PunkBusterSvc" = PunkBuster Services
"RaidCall" = RaidCall
"ShopAtHome.com Toolbar" = ShopAtHome.com Toolbar
"SolSuite_is1" = SolSuite 2010 v10.0
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TurboTax 2010" = TurboTax 2010
"TurboTax 2011" = TurboTax 2011
"Warhammer Online - Age of Reckoning" = Warhammer Online - Age of Reckoning
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 6.14
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1547161642-1284227242-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Akamai" = Akamai NetSession Interface
"baabf1caae50e80a" = EmpireResourceCalc
"CNET TechTracker" = CNET TechTracker
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/7/2012 9:29:35 AM | Computer Name = | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0x80070002 .

Error - 2/7/2012 5:41:25 PM | Computer Name = | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0xC004F00E .

Error - 2/10/2012 9:26:03 AM | Computer Name = | Source = VMware Virtual Mount Service Extended | ID = 458755
Description = invalid vstor id

Error - 2/16/2012 7:16:25 AM | Computer Name = | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 2/21/2012 12:10:20 PM | Computer Name = | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
memory or insufficient security rights. DETAIL - The process cannot access the
file because it is being used by another process. for C:\Documents and Settings\UpdatusUser\ntuser.dat

Error - 2/21/2012 12:10:20 PM | Computer Name = | Source = Userenv | ID = 1502
Description = Windows cannot load the locally stored profile. Possible causes of
this error include insufficient security rights or a corrupt local profile. If
this problem persists, contact your network administrator. DETAIL - The process
cannot access the file because it is being used by another process.

Error - 2/21/2012 12:10:20 PM | Computer Name = | Source = Userenv | ID = 1515
Description = Windows has backed up this user's profile. Windows will automatically
try to use the backed up profile the next time this user logs on.

Error - 2/21/2012 12:10:20 PM | Computer Name = | Source = Userenv | ID = 1511
Description = Windows cannot find the local profile and is logging you on with a
temporary profile. Changes you make to this profile will be lost when you log off.

Error - 2/21/2012 12:26:05 PM | Computer Name = | Source = VMware Virtual Mount Service Extended | ID = 458755
Description = invalid vstor id

Error - 2/21/2012 1:54:32 PM | Computer Name = | Source = ioloServiceManager.exe | ID = 0
Description =

[ OSession Events ]
Error - 7/17/2009 2:45:35 PM | Computer Name = | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 145
seconds with 120 seconds of active time. This session ended with a crash.

Error - 7/6/2010 1:09:39 PM | Computer Name = | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 277
seconds with 60 seconds of active time. This session ended with a crash.

Error - 6/15/2011 5:37:10 PM | Computer Name = | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 409
seconds with 240 seconds of active time. This session ended with a crash.

Error - 6/15/2011 5:54:46 PM | Computer Name = | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 15
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/15/2011 6:00:12 PM | Computer Name = | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 297
seconds with 60 seconds of active time. This session ended with a crash.

Error - 6/15/2011 6:00:35 PM | Computer Name = | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/15/2011 6:02:18 PM | Computer Name = | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 97
seconds with 60 seconds of active time. This session ended with a crash.

Error - 6/15/2011 6:02:59 PM | Computer Name = | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 34
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/20/2011 7:12:09 AM | Computer Name = | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 313
seconds with 300 seconds of active time. This session ended with a crash.

Error - 11/16/2011 7:38:18 PM | Computer Name = | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/23/2012 9:04:37 AM | Computer Name = | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 2/23/2012 9:06:41 AM | Computer Name = | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 2/23/2012 9:08:30 AM | Computer Name = | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 2/23/2012 9:09:17 AM | Computer Name = | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 2/23/2012 9:10:06 AM | Computer Name = | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 2/23/2012 9:15:35 AM | Computer Name = | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 2/23/2012 9:18:03 AM | Computer Name = | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 2/23/2012 9:32:14 AM | Computer Name = | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 2/23/2012 9:33:57 AM | Computer Name = | Source = Print | ID = 6161
Description = The document http://www.bleepingcomputer.com/forums/topic443768.html/page__p
owned by R W failed to print on printer Canon MX330 series Printer.
Data type: NT EMF 1.008. Size of the spool file in bytes: 8201332. Number of bytes
printed: 141808. Total number of pages in the document: 18. Number of pages printed:
0. Client machine: \\. Win32 error code returned by the print processor:
259 (0x103).

Error - 2/23/2012 9:38:50 AM | Computer Name = | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.


< End of report >


5)Computer is running the same. I can go on the internet and I can check emails.
I am getting some lag while typing this, not sure what that is about.
I still get the Nortons Internet Security pop ups.
Scanning quickly through the logs I noticed some settings are leftover from running the tools the Symantec web site suggested.

This is a lot of information to look at and I very much appreciate you taking the time to help me.
Thanks

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:31 AM

Posted 23 February 2012 - 11:09 AM

Hi,

I just saw you responded to the thread just as I was getting ready to sign off for the evening.

I'm going to respond to your thread tomorrow when I get up.

While I'm reviewing your logs, I'd like to have you run this scan report for me to review when I get back.


Running aswMBR.exe

Download aswMBR.exe (4.5mb) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 BlScoDe

BlScoDe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 23 February 2012 - 02:18 PM

Hi,

Here is the result of running aswMBR:

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-23 13:52:23
-----------------------------
13:52:23.453 OS Version: Windows 5.1.2600 Service Pack 3
13:52:23.453 Number of processors: 4 586 0x170A
13:52:23.453 ComputerName: CX-C UserName:
13:52:25.828 Initialize success
13:53:19.750 AVAST engine defs: 12022301
13:53:52.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0
13:53:52.609 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3
13:53:52.609 Device \Driver\nvgts -> DriverStartIo SCSIPORT.SYS b7eda40e
13:53:52.609 Disk 0 MBR read successfully
13:53:52.609 Disk 0 MBR scan
13:53:52.640 Disk 0 Windows XP default MBR code
13:53:52.640 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 99998 MB offset 63
13:53:52.640 Disk 0 Partition - 00 0F Extended LBA 853861 MB offset 204796620
13:53:52.671 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 124997 MB offset 204796683
13:53:52.671 Disk 0 Partition - 00 05 Extended 219999 MB offset 460792395
13:53:52.687 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 219999 MB offset 460792458
13:53:52.687 Disk 0 Partition - 00 05 Extended 219999 MB offset 1167347160
13:53:52.703 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 219999 MB offset 911351448
13:53:52.718 Disk 0 Partition - 00 05 Extended 288864 MB offset 2068465140
13:53:52.734 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 288864 MB offset 1361910438
13:53:52.734 Disk 0 scanning sectors +1953504000
13:53:52.796 Disk 0 scanning C:\WINDOWS\system32\drivers
13:53:53.953 File: C:\WINDOWS\system32\drivers\cdrom.sys_backup **INFECTED** Win32:Sirefef-JQ [Trj]
13:53:54.859 File: C:\WINDOWS\system32\drivers\i8042prt.sys **INFECTED** Win32:Sirefef-JQ [Trj]
13:53:55.656 File: C:\WINDOWS\system32\drivers\mrxsmb.sys_backup **INFECTED** Win32:Aluroot-B [Rtk]
13:53:58.703 Disk 0 trace - called modules:
13:53:58.718 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xaf7aafc0]<<
13:53:58.718 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b2969c0]
13:53:58.718 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> [0x88db97c0]
13:53:58.718 \Driver\00008021[0x89304da0] -> IRP_MJ_CREATE -> 0xaf7aafc0
13:53:59.578 AVAST engine scan C:\WINDOWS
13:54:09.625 AVAST engine scan C:\WINDOWS\system32
13:56:15.984 AVAST engine scan C:\WINDOWS\system32\drivers
13:56:17.953 File: C:\WINDOWS\system32\drivers\cdrom.sys_backup **INFECTED** Win32:Sirefef-JQ [Trj]
13:56:19.281 File: C:\WINDOWS\system32\drivers\i8042prt.sys **INFECTED** Win32:Sirefef-JQ [Trj]
13:56:20.500 File: C:\WINDOWS\system32\drivers\mrxsmb.sys_backup **INFECTED** Win32:Aluroot-B [Rtk]
13:56:27.984 AVAST engine scan C:\Documents and Settings\r w
13:56:46.015 File: C:\Documents and Settings\r w\Application Data\FixTDSS\Archive\serial.sys **INFECTED** Win32:Sirefef-JQ [Trj]
14:06:29.171 AVAST engine scan C:\Documents and Settings\All Users
14:08:52.265 Scan finished successfully
14:13:13.468 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\r w\Desktop\MBR.dat"
14:13:13.468 The log file has been saved successfully to "C:\Documents and Settings\r w\Desktop\aswMBR.txt"


Thanks

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:31 AM

Posted 24 February 2012 - 01:16 AM

Good Evening BlScoDe!

It looks like you have a newer variant of the Siref/ZeroAccess infection.

It can be very stubborn. I can see that it has patched a system file.

Lets first back up your registry before we do anything else.

ERUNT - Emergency Recovery Utility NT
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
This is a free program that allows you to keep a complete backup of your registry and restore it when needed.

ERUNT utility program
Download:

  • Please download ERUNT...by Lars Hederer. Save it to your desktop.
  • Double-click erunt-setup-exe to start the install process. Follow the install prompts.
  • Use the default install settings...
    say "NO" to the section that asks you to add ERUNT to the Start-Up folder. Enable this option later if desired.
  • Start ERUNT by opting to start the program at the end of setup -or- double click the desktop icon.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK ... Then click on "YES" to create the folder.
Run:
  • Please navigate to Start >> All Programs >> ERUNT. Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  • Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  • Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


NEXT:



OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Processes
    KILLALLPROCESSES
    :Services
    SGHIDI
    :OTL
    SRV - [2008/04/14 04:42:38 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\tdpipe.dll -- (SGHIDI)
    IE - HKU\S-1-5-21-1547161642-1284227242-725345543-1004\..\URLSearchHook: - No CLSID value found
    IE - HKU\S-1-5-21-1547161642-1284227242-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;
    O4 - HKLM..\Run: [] File not found
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: vzTCPConfig http://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB (Reg Error: Key error.)
    O33 - MountPoints2\{137abbfb-46c9-11de-814d-00044b198387}\Shell - "" = AutoRun
    O33 - MountPoints2\{137abbfb-46c9-11de-814d-00044b198387}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{23125f13-4c55-11de-96c3-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{23125f13-4c55-11de-96c3-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{23125f13-4c55-11de-96c3-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com h:
    O33 - MountPoints2\{23125f13-4c55-11de-96c3-806d6172696f}\Shell\Open\command - "" = "resycled\boot.com h:
    O33 - MountPoints2\{23125f14-4c55-11de-96c3-806d6172696f}\Shell - "" = Autorun
    O33 - MountPoints2\{23125f14-4c55-11de-96c3-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{23125f14-4c55-11de-96c3-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com i:
    O33 - MountPoints2\{23125f14-4c55-11de-96c3-806d6172696f}\Shell\Open\command - "" = resycled\boot.com i:
    NetSvcs: SGHIDI - C:\WINDOWS\system32\tdpipe.dll (Oak Technology Inc.)
    :Files
    C:\WINDOWS\system32\drivers\cdrom.sys_backup
    C:\WINDOWS\system32\drivers\mrxsmb.sys_backup
    C:\Documents and Settings\r w\Application Data\FixTDSS\Archive\serial.sys
    dir /s /a "C:\Documents and Settings\R W\Application Data\DDMSettings" /c
    type "C:\WINDOWS\tasks\DataUpload.job" /c
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
    Posted Image
    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. OTL fix log.
3. ComboFix log.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 BlScoDe

BlScoDe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 24 February 2012 - 09:15 AM

Hi ST,

I ran Erunt with no problems.

However when I ran OTL with the copy and pasted script it go hung up at this line

"O33 - MountPoints2\{23125f13-4c55-11de-96c3-806d6172696f}\Shell\Open\command - "" = "resycled\boot.com h:"
I let it sit for quite a while, task manager reported it as not responding.

When I restarted windows I noticed a screen that said msln program missing ternimating autocheck.
I dont usually watch the computer bootup so this could have been happening previously.

Thanks

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:31 AM

Posted 24 February 2012 - 09:21 AM

Hi BIScoDe!

Sorry to hear you encountered issues with the previously OTL fix.

Please attempt to run this one below:

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Processes
    KILLALLPROCESSES
    :Services
    SGHIDI
    :OTL
    SRV - [2008/04/14 04:42:38 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\tdpipe.dll -- (SGHIDI)
    NetSvcs: SGHIDI - C:\WINDOWS\system32\tdpipe.dll (Oak Technology Inc.)
    :Files
    C:\WINDOWS\system32\drivers\cdrom.sys_backup
    C:\WINDOWS\system32\drivers\mrxsmb.sys_backup
    C:\Documents and Settings\r w\Application Data\FixTDSS\Archive\serial.sys
    dir /s /a "C:\Documents and Settings\R W\Application Data\DDMSettings" /c
    type "C:\WINDOWS\tasks\DataUpload.job" /c
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
    Posted Image
    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. OTL fix log.
3. ComboFix log.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 BlScoDe

BlScoDe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 24 February 2012 - 10:40 AM

Hi ST,

I ran OTL again, it seemed to be in a loop. I let it run for some time before I exited and rebooted.
it did create this log:


Files\Folders moved on Reboot...
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YRPJ4ZCA\0%3B~sscs%3D%3f;ord=4837539[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YRPJ4ZCA\01&17125218[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YRPJ4ZCA\14837539@x90[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YRPJ4ZCA\920205174@x96[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YRPJ4ZCA\adpage[2].aspx moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YRPJ4ZCA\adpage[3].aspx moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YRPJ4ZCA\ads[2].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YRPJ4ZCA\ads[3].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YRPJ4ZCA\ad[4].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YRPJ4ZCA\afr[2].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YRPJ4ZCA\B6218040[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YRPJ4ZCA\beacon[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YRPJ4ZCA\buddytv-guide[1].aspx moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YRPJ4ZCA\buddytv[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YRPJ4ZCA\ddc[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YRPJ4ZCA\ddc[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YRPJ4ZCA\ddc[3].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YRPJ4ZCA\digitaltrends_com[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YRPJ4ZCA\Drive-160x600-Double[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YRPJ4ZCA\fpi[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YRPJ4ZCA\if[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YRPJ4ZCA\pixel[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YRPJ4ZCA\st[5] moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WK49FXBR\xd_proxy[1].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W47HL5PW\hub.1329950604[1].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V37LWL0G\01&1145588937[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V37LWL0G\1151480[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V37LWL0G\afr[3].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V37LWL0G\afr[4].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V37LWL0G\audmeasure[1].gif moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V37LWL0G\B6114634[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V37LWL0G\beacon[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V37LWL0G\best-iphone-games[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V37LWL0G\buddytv-guide-googletv[1].aspx moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V37LWL0G\connect[1].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V37LWL0G\ddc[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V37LWL0G\Drive-160x600-Double[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V37LWL0G\drts[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V37LWL0G\fpi[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V37LWL0G\GAM-A-Channel-300x250[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V37LWL0G\like[3].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V37LWL0G\like[4].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V37LWL0G\like[5].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V37LWL0G\p-01-0VIaSjnOLg[2].gif moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V37LWL0G\statstracker[2].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V37LWL0G\st[2] moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S8HRZGGT\01&2104492704[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S8HRZGGT\11382450929@x23[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S8HRZGGT\1330093792[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S8HRZGGT\1330093830[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S8HRZGGT\1574506733[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S8HRZGGT\1x1[1].gif moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S8HRZGGT\4651[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S8HRZGGT\549278964@x96[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S8HRZGGT\694126189@x96[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S8HRZGGT\853331727@x96[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S8HRZGGT\adpage[1].aspx moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S8HRZGGT\ads[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S8HRZGGT\B6156848[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S8HRZGGT\B6285486[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S8HRZGGT\beacon[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S8HRZGGT\beacon[5].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S8HRZGGT\beacon[6].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S8HRZGGT\ddc[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S8HRZGGT\ddc[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S8HRZGGT\fpi[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S8HRZGGT\GAM-A-Channel-728x90-Footer[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S8HRZGGT\google-tv-grid-large[1].png moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S8HRZGGT\hub.1329950604[1].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S8HRZGGT\iframe3[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S8HRZGGT\if[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S8HRZGGT\if[4].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S8HRZGGT\LbVEwPg4Eq0[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S8HRZGGT\like[3].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S8HRZGGT\like[4].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S8HRZGGT\like[5].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S8HRZGGT\like[6].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S8HRZGGT\making-taylor-swifts-safe-and-sound-ft-civil-wars[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S8HRZGGT\printer_12063[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S8HRZGGT\proxy[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S8HRZGGT\st[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S8HRZGGT\st[2] moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S8HRZGGT\tvs-100-sexiest-women-of-2011-27145[1].aspx moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\E1Z8R6R7\01[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\E1Z8R6R7\144757246@x96[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\E1Z8R6R7\adpage[2].aspx moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\E1Z8R6R7\adpage[3].aspx moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\E1Z8R6R7\adpage[4].aspx moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\E1Z8R6R7\afr[1].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\E1Z8R6R7\bones-personalityquiz[1].aspx moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\E1Z8R6R7\buddytv[2].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\E1Z8R6R7\ddc[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\E1Z8R6R7\ddc[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\E1Z8R6R7\GAM-A-Channel-728x90-footer[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\E1Z8R6R7\if[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\E1Z8R6R7\if[2].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\E1Z8R6R7\if[3].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\E1Z8R6R7\like[5].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\E1Z8R6R7\like[6].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\E1Z8R6R7\like[7].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\E1Z8R6R7\like[8].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\E1Z8R6R7\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\E1Z8R6R7\st[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\E1Z8R6R7\st[3] moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\E1Z8R6R7\xd_proxy[2].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\3PLY3V88\follow_button.1329950604[1].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\11RX28ID\tweet_button.1329950604[1].html moved successfully.

Registry entries deleted on Reboot...

Since I was not sure of it's success I did not run Combofix.

I am affraid I am doing somthing wrong, is there anything I should be turning off/closing?

Thanks again for you time and help.

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:31 AM

Posted 24 February 2012 - 10:48 AM

Nah, it's nothing you're doing wrong. You're doing just fine, so don't worry. It's the infection causing all of this trouble.

Please attempt to proceed with the ComboFix instructions, and let me know how that goes.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 BlScoDe

BlScoDe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 25 February 2012 - 12:48 AM

Hi St,

I ran Combofix,

ComboFix 12-02-24.01 - Robert Witkowski 02/24/2012 11:30:29.1.4 - x86
Running from: c:\documents and settings\Robert Witkowski\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Robert Witkowski\Application Data\PriceGong
c:\documents and settings\Robert Witkowski\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Robert Witkowski\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Robert Witkowski\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Robert Witkowski\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Robert Witkowski\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Robert Witkowski\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Robert Witkowski\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Robert Witkowski\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Robert Witkowski\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Robert Witkowski\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Robert Witkowski\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Robert Witkowski\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Robert Witkowski\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Robert Witkowski\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Robert Witkowski\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Robert Witkowski\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Robert Witkowski\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Robert Witkowski\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Robert Witkowski\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Robert Witkowski\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Robert Witkowski\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Robert Witkowski\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Robert Witkowski\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Robert Witkowski\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Robert Witkowski\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Robert Witkowski\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Robert Witkowski\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Robert Witkowski\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Robert Witkowski\Local Settings\Application Data\assembly\tmp
c:\documents and settings\Robert Witkowski\Recent\Thumbs.db
c:\documents and settings\Robert Witkowski\WINDOWS
c:\windows\$NtUninstallKB30639$
c:\windows\$NtUninstallKB30639$\3413646030
c:\windows\$NtUninstallKB30639$\909984146\@
c:\windows\$NtUninstallKB30639$\909984146\cfg.ini
c:\windows\$NtUninstallKB30639$\909984146\Desktop.ini
c:\windows\$NtUninstallKB30639$\909984146\L\evxjwjem
c:\windows\$NtUninstallKB30639$\909984146\oemid
c:\windows\$NtUninstallKB30639$\909984146\U\00000001.@
c:\windows\$NtUninstallKB30639$\909984146\U\00000002.@
c:\windows\$NtUninstallKB30639$\909984146\U\00000004.@
c:\windows\$NtUninstallKB30639$\909984146\U\80000000.@
c:\windows\$NtUninstallKB30639$\909984146\U\80000004.@
c:\windows\$NtUninstallKB30639$\909984146\U\80000032.@
c:\windows\$NtUninstallKB30639$\909984146\version
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\system32\drivers\etc\hosts.ics
G:\install.exe
.
c:\windows\system32\drivers\Serial.sys was missing
Restored copy from - c:\windows\ServicePackFiles\i386\serial.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-01-24 to 2012-02-24 )))))))))))))))))))))))))))))))
.
.
2012-02-24 16:35 . 2008-04-14 04:45 64512 -c--a-w- c:\windows\system32\dllcache\serial.sys
2012-02-24 16:35 . 2008-04-14 04:45 64512 ----a-w- c:\windows\system32\drivers\Serial.sys
2012-02-24 16:29 . 2012-02-24 16:29 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-02-24 12:20 . 2012-02-24 12:20 -------- d-----w- c:\program files\ERUNT
2012-02-23 13:36 . 2012-02-23 13:36 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-22 19:01 . 2012-02-22 19:01 -------- d-----w- C:\NPE
2012-02-22 17:43 . 2012-02-22 17:45 -------- d-----w- C:\NBRT
2012-02-22 01:55 . 2012-02-22 01:55 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2012-02-22 01:55 . 2012-02-22 01:55 -------- d-----w- c:\documents and settings\Robert Witkowski\Application Data\FixTDSS
2012-02-21 23:17 . 2012-02-21 23:17 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2012-02-21 23:15 . 2011-11-24 02:23 44024 ----a-r- c:\windows\system32\drivers\SymIM.sys
2012-02-21 19:06 . 2012-02-21 21:51 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-02-21 19:06 . 2012-02-21 21:51 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-02-21 19:06 . 2012-02-21 21:51 -------- d-----w- c:\program files\Symantec
2012-02-21 19:06 . 2012-02-21 19:19 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-02-21 19:05 . 2012-02-21 22:42 -------- d-----w- c:\windows\system32\drivers\NIS
2012-02-21 19:05 . 2012-02-21 19:05 -------- d-----w- c:\program files\Norton Internet Security
2012-02-19 14:23 . 2012-02-21 23:00 -------- d-----w- c:\documents and settings\Robert Witkowski\Local Settings\Application Data\NPE
2012-02-17 12:18 . 2012-02-15 16:25 1932256 ----a-w- C:\FixTDSS.exe
2012-02-17 12:18 . 2012-02-15 16:24 1766312 ----a-w- C:\FixZeroAccess.exe
2012-02-16 23:32 . 2012-02-16 23:32 -------- d-----w- c:\documents and settings\Robert Witkowski\Application Data\DDMSettings
2012-02-16 12:18 . 2012-02-16 12:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Sun
2012-02-16 11:01 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 11:01 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-15 16:06 . 2012-02-24 15:15 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-15 15:36 . 2012-02-15 15:36 -------- d-----w- c:\documents and settings\Robert Witkowski\Local Settings\Application Data\SKIDROW
2012-02-15 15:36 . 2012-02-15 15:36 -------- d-----w- c:\documents and settings\Robert Witkowski\Local Settings\Application Data\BigHugeEngine
2012-02-03 11:55 . 2012-02-07 13:49 -------- d-----w- c:\program files\Diablo III Beta
2012-02-03 11:52 . 2012-02-03 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Battle.net
2012-02-03 01:36 . 2012-02-03 01:36 -------- d-----w- c:\windows\system32\drivers\NST
2012-02-03 01:36 . 2012-02-03 01:36 -------- d-----w- c:\program files\Norton Safe Web Lite
2012-02-03 01:32 . 2012-02-03 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Amazon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-18 14:57 . 2011-05-15 14:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-26 14:43 . 2011-01-04 11:40 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-01-26 14:43 . 2011-01-04 11:40 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-01-26 14:43 . 2011-01-04 11:40 5918720 ----a-w- c:\windows\system32\nvcuda.dll
2012-01-26 14:43 . 2011-01-04 11:40 2522944 ----a-w- c:\windows\system32\nvcuvid.dll
2012-01-26 14:43 . 2011-01-04 11:40 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-01-26 14:43 . 2011-01-04 11:40 2292224 ----a-w- c:\windows\system32\nvapi.dll
2012-01-26 14:43 . 2011-01-04 11:40 18620416 ----a-w- c:\windows\system32\nvoglnt.dll
2012-01-26 14:43 . 2011-01-04 11:40 17534976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-01-26 14:43 . 2011-01-04 11:40 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-01-26 14:43 . 2009-05-21 14:43 4309888 ----a-w- c:\windows\system32\nv4_disp.dll
2012-01-26 14:43 . 2009-05-21 14:42 13411584 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-01-26 11:02 . 2011-04-08 02:15 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-01-26 11:02 . 2011-04-08 02:15 15494464 ----a-w- c:\windows\system32\nvcpl.dll
2012-01-26 11:02 . 2011-04-08 02:15 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-01-26 11:02 . 2011-04-08 02:15 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-01-26 11:02 . 2011-04-08 02:15 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-01-12 16:53 . 2003-03-31 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-06 16:51 . 2009-05-23 12:34 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
2012-01-06 16:51 . 2009-05-23 12:34 11776 ----a-w- c:\windows\system32\smrgdf.exe
2012-01-06 16:29 . 2011-06-25 19:31 2083464 ----a-w- c:\windows\system32\Incinerator32.dll
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2011-12-17 19:48 . 2012-01-19 13:58 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-12-17 19:48 . 2012-01-19 13:58 249856 ----a-w- c:\windows\system32\nvrseng.dll
2011-12-17 19:48 . 2012-01-19 13:58 126976 ----a-w- c:\windows\system32\nvrszht.dll
2011-12-17 19:48 . 2012-01-19 13:58 331776 ----a-w- c:\windows\system32\nvrshe.dll
2011-12-17 19:48 . 2012-01-19 13:58 282624 ----a-w- c:\windows\system32\nvrsel.dll
2011-12-17 19:48 . 2012-01-19 13:58 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2011-12-17 19:48 . 2012-01-19 13:58 270336 ----a-w- c:\windows\system32\nvrsru.dll
2011-12-17 19:48 . 2012-01-19 13:58 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2011-12-17 19:48 . 2012-01-19 13:58 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2011-12-17 19:48 . 2012-01-19 13:58 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2011-12-17 19:48 . 2012-01-19 13:58 262144 ----a-w- c:\windows\system32\nvrshu.dll
2011-12-17 19:48 . 2012-01-19 13:58 253952 ----a-w- c:\windows\system32\nvrsda.dll
2011-12-17 19:48 . 2012-01-19 13:58 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2011-12-17 19:48 . 2012-01-19 13:58 258048 ----a-w- c:\windows\system32\nvrstr.dll
2011-12-17 19:48 . 2012-01-19 13:58 258048 ----a-w- c:\windows\system32\nvrssl.dll
2011-12-17 19:48 . 2012-01-19 13:58 253952 ----a-w- c:\windows\system32\nvrssv.dll
2011-12-17 19:48 . 2012-01-19 13:58 282624 ----a-w- c:\windows\system32\nvrses.dll
2011-12-17 19:48 . 2012-01-19 13:58 249856 ----a-w- c:\windows\system32\nvrscs.dll
2011-12-17 19:48 . 2012-01-19 13:58 274432 ----a-w- c:\windows\system32\nvrspt.dll
2011-12-17 19:48 . 2012-01-19 13:58 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2011-12-17 19:48 . 2012-01-19 13:58 258048 ----a-w- c:\windows\system32\nvrssk.dll
2011-12-17 19:48 . 2012-01-19 13:58 335872 ----a-w- c:\windows\system32\nvrsar.dll
2011-12-17 19:48 . 2012-01-19 13:58 278528 ----a-w- c:\windows\system32\nvrsde.dll
2011-12-17 19:48 . 2012-01-19 13:58 266240 ----a-w- c:\windows\system32\nvrsko.dll
2011-12-17 19:48 . 2012-01-19 13:58 253952 ----a-w- c:\windows\system32\nvrsno.dll
2011-12-17 19:48 . 2012-01-19 13:58 282624 ----a-w- c:\windows\system32\nvrsit.dll
2011-12-17 19:48 . 2012-01-19 13:58 270336 ----a-w- c:\windows\system32\nvrsja.dll
2011-12-17 19:48 . 2012-01-19 13:58 258048 ----a-w- c:\windows\system32\nvrspl.dll
2011-12-17 19:46 . 2003-03-31 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2003-03-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2003-03-31 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2009-05-21 14:43 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{96b985b7-3cf9-456a-9db6-791710e60f5f}"= "c:\program files\MyPoints Point Finder\Helper.dll" [2010-11-15 356864]
"{37153479-1976-43c3-a1ee-557513977b64}"= "c:\program files\Coupons.com\prxtbCou0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{96b985b7-3cf9-456a-9db6-791710e60f5f}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{9FEBEA6D-4801-4D23-97E7-A771B698E442}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{37153479-1976-43c3-a1ee-557513977b64}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A}]
2010-11-15 11:48 1531904 ----a-w- c:\program files\MyPoints Point Finder\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 17:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}"= "c:\program files\MyPoints Point Finder\Toolbar.dll" [2010-11-15 1531904]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{89a2510a-b4b6-4683-bec9-1b96700bc7f1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{061ED138-E065-4356-82AA-578F7F1EEAF1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}"= "c:\program files\MyPoints Point Finder\Toolbar.dll" [2010-11-15 1531904]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{89a2510a-b4b6-4683-bec9-1b96700bc7f1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{061ED138-E065-4356-82AA-578F7F1EEAF1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-05-15 1103216]
"TivoServer"="c:\program files\TiVo\Desktop\TiVoServer.exe" [2010-08-24 2264336]
"TivoTransfer"="c:\program files\TiVo\Desktop\TiVoTransfer.exe" [2010-08-24 608528]
"TivoNotify"="c:\program files\TiVo\Desktop\TiVoNotify.exe" [2010-08-24 437520]
"TranscodingService"="c:\program files\TiVo\Desktop\Plus\\TranscodingService.exe" [2010-08-24 856336]
"Akamai NetSession Interface"="c:\documents and settings\Robert Witkowski\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-02-02 3329824]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-02-22 107000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 20992]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2008-03-04 55856]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"RTHDCPL"="RTHDCPL.EXE" [2011-08-17 20064872]
"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-01-26 15494464]
"NvMediaCenter"="NvMCTray.dll" [2012-01-26 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-01-26 1634112]
"Zboard"="c:\program files\Ideazon\ZEngine\Zboard.exe" [2011-02-22 182784]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck msln\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Curse\\CurseClient.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"e:\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\MyPoints Point Finder\\TroubleShooter.exe"=
"c:\\Program Files\\MyPoints Point Finder\\ToolbarUpdate.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Robert Witkowski\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Diablo III Beta\\Diablo III.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"50000:UDP"= 50000:UDP:IHA_MessageCenter
"1043:TCP"= 1043:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1305000.091\symds.sys [2/21/2012 4:51 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1305000.091\symefa.sys [2/21/2012 4:51 PM 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120215.001\BHDrvx86.sys [2/15/2012 9:50 PM 820344]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1305000.091\ccsetx86.sys [2/21/2012 4:51 PM 132744]
R1 ccSet_NST;Norton Safe Web Lite Settings Manager;c:\windows\system32\drivers\NST\0200000.010\ccSetx86.sys [2/2/2012 8:36 PM 132744]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1305000.091\ironx86.sys [2/21/2012 4:51 PM 149624]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [3/31/2003 7:00 AM 14336]
R2 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [12/7/2011 7:55 AM 401920]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/13/2010 5:06 PM 290832]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [5/23/2009 7:34 AM 722616]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [3/11/2010 10:51 AM 10384]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe [2/21/2012 4:04 PM 138248]
R2 NSL;Norton Safe Web Lite;c:\program files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [2/2/2012 8:36 PM 138760]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1/19/2012 8:59 AM 2345792]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/22/2012 8:13 AM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120223.002\IDSXpx86.sys [2/24/2012 7:21 AM 356280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/13/2010 1:51 PM 136176]
S3 Alpham;Ideazon Merc Composite Keyboard Driver;c:\windows\system32\drivers\Alpham.sys [12/4/2005 12:55 PM 34944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/27/2009 12:52 PM 1691480]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/13/2010 1:51 PM 136176]
S3 JabraDFU;Jabra Bluecore headset DFU driver;c:\windows\system32\Drivers\JabraMobileCsrDfuX86.sys --> c:\windows\system32\Drivers\JabraMobileCsrDfuX86.sys [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [3/31/2003 7:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/22/2009 6:47 AM 436792]
S4 TivoBeacon2;TiVo Beacon Service;c:\program files\TiVo\Desktop\TiVoBeacon.exe [8/24/2010 5:02 PM 1104656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wbutton
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-02-24 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 03:09]
.
2012-02-24 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 03:09]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-13 18:51]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-13 18:51]
.
2012-02-24 c:\windows\Tasks\User_Feed_Synchronization-{39BCF131-12D7-4485-A793-DB59621F2AB9}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.verizon.net/central/vzc.portal
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
LSP: mswsock.dll
Trusted Zone: amazon.com\www
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} - hxxp://www.iolo.com/app/ocx/UpgradeVerify.cab
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-43679288.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-24 11:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\$NtUninstallKB30639$:SummaryInformation 0 bytes hidden from API
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.5.0.145\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NSL]
"ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files\Norton Safe Web Lite\Engine\2.0.0.16\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1504)
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
.
- - - - - - - > 'explorer.exe'(644)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\hnetcfg.dll
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
c:\windows\system32\mswsock.dll
mswsock.dll 71a50000 258048 \\.\globalroot\systemroot\system32\mswsock.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\Logi_MwX.Exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\program files\VMware\VMware Player\vmware-authd.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-02-24 11:46:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-24 16:46
.
Pre-Run: 64,848,957,440 bytes free
Post-Run: 66,195,791,872 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 8C2774BC783C46F1E6115629D5D1B735

I had to go a little off script, I had to reboot a few times trying to get the mouse to work I also got an Epson printer port error.
I ran Windows Repair and ran Service pack 3. reestablished internet access.
Computer "seems" to be working ok I still get the Epson printer port error ( I have a canon printer installed), Norton Internet Security did
some self repair of an error. I have not yet gotten a warning poppup about zeroaccess or tidserv fro N I S.
I still get a message at boot up that says msln program missing skipping auto check.
I am hoping I just need some tweeking to get the system back to what it was before.

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:31 AM

Posted 25 February 2012 - 09:56 AM

Hi BlScoDe!

This infection is definitely being stubborn.

You're still infected.

Lets run a few more scans.

OTL Custom Scan

We need to create a new OTL Report
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Click on the NONE button at the top.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    i8042prt.sys
    /md5stop
    
  • Push the Posted Image button.
  • One report will open, copy and paste it in a reply here:
  • OTL.txt <-- Will be opened


NEXT:




ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
ClearJavaCache::
DirLook::
C:\documents and settings\Robert Witkowski\Application Data\DDMSettings
Driver::
wbutton
SGHIDI
NetSVC::
wbutton
SGHIDI
File::
C:\WINDOWS\system32\tdpipe.dll
C:\WINDOWS\system32\drivers\cdrom.sys_backup
C:\WINDOWS\system32\drivers\mrxsmb.sys_backup
C:\Documents and Settings\r w\Application Data\FixTDSS\Archive\serial.sys

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 BlScoDe

BlScoDe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 25 February 2012 - 08:17 PM

HI ST,

I ran OTL :

OTL logfile created on: 2/25/2012 6:48:01 PM - Run 2
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Robert Witkowski\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 69.43% Memory free
5.34 Gb Paging File | 4.60 Gb Available in Paging File | 86.15% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 58.17 Gb Free Space | 59.57% Space Free | Partition Type: NTFS
Drive D: | 122.07 Gb Total Space | 86.12 Gb Free Space | 70.55% Space Free | Partition Type: NTFS
Drive E: | 214.84 Gb Total Space | 106.47 Gb Free Space | 49.56% Space Free | Partition Type: NTFS
Drive F: | 214.84 Gb Total Space | 65.65 Gb Free Space | 30.56% Space Free | Partition Type: NTFS
Drive G: | 282.09 Gb Total Space | 226.08 Gb Free Space | 80.14% Space Free | Partition Type: NTFS
Drive J: | 1.94 Gb Total Space | 1.51 Gb Free Space | 77.85% Space Free | Partition Type: FAT32

Computer Name: CX10754-C | User Name: Robert Witkowski | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days


SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: ioloSystemService - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - File not found
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup -
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0E9A3196-39EA-409D-8EB4-20D7FABC191A} - Microsoft .NET Framework 1.0 Hotfix (KB928367)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {14303301-758B-402B-9A0D-2C6A591680DB} - Microsoft .NET Framework 1.0 Service Pack 3 (KB867461)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player 8
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {78705f0d-e8db-4b2d-8193-982bdda15ecd} - .NET Framework
ActiveX: {81B52903-4C11-11D6-B6E1-00B0D049139F} - Microsoft .NET Framework 1.0 Service Pack 2 (KB867461)
ActiveX: {871F8A30-15A2-11D6-8711-0002B3281F8B} - Microsoft .NET Framework 1.0 Service Pack 1 (KB867461)
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - DOTNETFRAMEWORKS
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.VMnc - C:\WINDOWS\System32\vmnc.dll (VMware, Inc.)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Custom Scans ==========


< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2012/02/24 18:01:36 | 000,524,288 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2012/02/24 22:41:42 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\config\security.sav
[2012/02/24 18:01:36 | 042,205,184 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2012/02/24 18:01:36 | 016,252,928 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2012/02/21 20:55:55 | 000,026,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\FixTDSS.sys
[2012/02/21 16:51:15 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS

< %SYSTEMDRIVE%\*.exe >
[2012/02/15 11:25:14 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\FixTDSS.exe
[2012/02/15 11:24:41 | 001,766,312 | ---- | M] (Symantec Corporation) -- C:\FixZeroAccess.exe
[2009/05/15 14:37:30 | 000,424,816 | ---- | M] () -- C:\smpro_dm.exe
[2009/05/23 07:00:24 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\WinsockxpFix.exe


< MD5 for: I8042PRT.SYS >
[2003/03/31 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:i8042prt.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:i8042prt.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:i8042prt.sys
[2008/04/13 23:48:02 | 000,052,480 | ---- | M] (Microsoft Corporation) MD5=4A0B06AA8943C1E332520F7440C0AA30 -- C:\Documents and Settings\Robert Witkowski\Application Data\FixTDSS\Archive\i8042prt.sys
[2008/04/14 00:48:02 | 000,052,480 | ---- | M] (Microsoft Corporation) MD5=4A0B06AA8943C1E332520F7440C0AA30 -- C:\WINDOWS\ServicePackFiles\i386\i8042prt.sys
[2008/04/14 00:48:02 | 000,052,480 | ---- | M] (Microsoft Corporation) MD5=4A0B06AA8943C1E332520F7440C0AA30 -- C:\WINDOWS\system32\drivers\i8042prt.sys
[2003/03/31 07:00:00 | 000,051,072 | ---- | M] (Microsoft Corporation) MD5=7080F46568108CC6EA73E460EE6EE702 -- C:\WINDOWS\$NtServicePackUninstall$\i8042prt.sys

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB30639$] -> Error: Cannot create file handle -> Unknown point type
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2\3.1.31.0__540d4816ead86321] -> C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv2_540d4816ead86321_3.1.31.0_x-ww_8b778a47 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\3.1.31.0__540d4816ead86321] -> C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_540d4816ead86321_3.1.31.0_x-ww_46ee423f -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv4\v4.0_4.0.66.0__3ff6b78e2989595a] -> C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv4_3ff6b78e2989595a_4.0.66.0_x-ww_7acf93b2 -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\v4.0_4.0.66.0__3ff6b78e2989595a] -> C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_3ff6b78e2989595a_4.0.66.0_x-ww_d938aa2c -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35] -> C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 -> Junction

< End of report >
Cont...

#14 BlScoDe

BlScoDe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 25 February 2012 - 08:29 PM

Seems the log from Combo fix is rather long.

ComboFix 12-02-25.02 - Robert Witkowski 02/25/2012 19:06:17.2.4 - x86
Running from: c:\documents and settings\Robert Witkowski\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Robert Witkowski\Desktop\CFScript.txt
.
FILE ::
"c:\documents and settings\r w\Application Data\FixTDSS\Archive\serial.sys"
"c:\windows\system32\drivers\cdrom.sys_backup"
"c:\windows\system32\drivers\mrxsmb.sys_backup"
"c:\windows\system32\tdpipe.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\ROBERT~1\LOCALS~1\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll
c:\documents and settings\Robert Witkowski\Local Settings\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll
c:\documents and settings\Robert Witkowski\WINDOWS
c:\windows\$NtUninstallKB30639$
c:\windows\$NtUninstallKB30639$\1290181292
c:\windows\$NtUninstallKB30639$\909984146\@
c:\windows\$NtUninstallKB30639$\909984146\cfg.ini
c:\windows\$NtUninstallKB30639$\909984146\Desktop.ini
c:\windows\$NtUninstallKB30639$\909984146\L\evxjwjem
c:\windows\$NtUninstallKB30639$\909984146\U\00000001.@
c:\windows\$NtUninstallKB30639$\909984146\U\00000002.@
c:\windows\$NtUninstallKB30639$\909984146\U\00000004.@
c:\windows\$NtUninstallKB30639$\909984146\U\80000000.@
c:\windows\$NtUninstallKB30639$\909984146\U\80000004.@
c:\windows\$NtUninstallKB30639$\909984146\U\80000032.@
c:\windows\$NtUninstallKB30639$\909984146\version
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WBUTTON
-------\Service_Wbutton
.
.
((((((((((((((((((((((((( Files Created from 2012-01-26 to 2012-02-26 )))))))))))))))))))))))))))))))
.
.
2012-02-25 23:23 . 2011-02-08 13:33 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
2012-02-25 23:23 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-02-25 23:23 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-02-25 23:23 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-02-25 23:21 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-02-25 23:21 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-02-25 23:21 . 2010-06-14 07:41 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2012-02-25 23:21 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2012-02-25 23:20 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2012-02-25 23:19 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2012-02-25 23:19 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2012-02-25 23:19 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-02-25 23:19 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2012-02-25 23:18 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-02-25 23:18 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2012-02-25 23:17 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-02-25 23:17 . 2012-01-12 16:53 1859968 -c----w- c:\windows\system32\dllcache\win32k.sys
2012-02-25 23:16 . 2011-12-18 19:46 11082240 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-02-25 23:16 . 2011-12-17 19:46 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-02-25 23:16 . 2011-12-17 19:46 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-02-25 23:16 . 2011-12-17 19:46 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-02-25 23:16 . 2011-12-17 19:46 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-02-25 23:16 . 2011-12-17 19:46 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-02-25 23:16 . 2011-12-17 19:46 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-02-25 06:02 . 2012-02-25 06:03 -------- d-----w- c:\program files\BackRex Internet Explorer Backup
2012-02-25 04:58 . 2008-04-14 04:53 11868 ------w- c:\windows\system32\drivers\mdmxsdk.sys
2012-02-25 04:57 . 2006-12-29 05:31 19569 ----a-w- c:\windows\003240_.tmp
2012-02-25 04:23 . 2003-03-31 12:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2012-02-25 04:22 . 2008-04-14 10:42 45568 ----a-w- c:\windows\system32\safrslv.dll
2012-02-25 04:21 . 2008-04-14 10:42 68608 ----a-w- c:\windows\system32\access.cpl
2012-02-25 04:20 . 2008-04-14 05:02 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2012-02-25 04:20 . 2008-03-03 23:12 28592 ----a-r- c:\windows\system32\drivers\vmnetbridge.sys
2012-02-25 04:20 . 2008-03-03 23:12 17712 ----a-r- c:\windows\system32\drivers\vmnet.sys
2012-02-25 04:19 . 2008-04-14 05:15 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2012-02-25 04:19 . 2008-04-14 05:15 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2012-02-25 04:18 . 2008-04-14 05:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-02-25 04:18 . 2003-11-07 09:50 70798 ----a-w- c:\windows\system32\drivers\LMouFlt2.Sys
2012-02-25 04:05 . 2003-03-31 12:00 13608 ----a-r- c:\windows\SET167.tmp
2012-02-25 04:05 . 2003-03-31 12:00 1086182 ----a-r- c:\windows\SET15B.tmp
2012-02-25 03:41 . 1999-09-01 13:59 87680 ----a-w- c:\windows\system32\drivers\L8042prt.sys
2012-02-25 03:41 . 1999-09-01 13:59 57872 ----a-w- c:\windows\system32\drivers\Lsermous.sys
2012-02-25 03:41 . 1999-09-01 13:59 57104 ----a-w- c:\windows\system32\drivers\Lmoufltr.sys
2012-02-25 03:41 . 1999-09-01 13:59 4240 ----a-w- c:\windows\system32\drivers\Lkbdfltr.sys
2012-02-25 03:41 . 1999-09-01 13:59 29184 ----a-w- c:\windows\system32\LOGILANG.DLL
2012-02-24 12:24 . 2012-02-24 12:24 -------- d-----w- C:\_OTL
2012-02-24 12:20 . 2012-02-24 12:20 -------- d-----w- c:\program files\ERUNT
2012-02-23 13:36 . 2012-02-23 13:36 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-22 19:01 . 2012-02-22 19:01 -------- d-----w- C:\NPE
2012-02-22 17:43 . 2012-02-22 17:45 -------- d-----w- C:\NBRT
2012-02-22 01:55 . 2012-02-22 01:55 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2012-02-22 01:55 . 2012-02-22 01:55 -------- d-----w- c:\documents and settings\Robert Witkowski\Application Data\FixTDSS
2012-02-21 23:17 . 2012-02-21 23:17 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2012-02-21 23:15 . 2011-11-24 02:23 44024 ----a-r- c:\windows\system32\drivers\SymIM.sys
2012-02-21 19:06 . 2012-02-21 21:51 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-02-21 19:06 . 2012-02-21 21:51 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-02-21 19:06 . 2012-02-21 21:51 -------- d-----w- c:\program files\Symantec
2012-02-21 19:06 . 2012-02-21 19:19 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-02-21 19:05 . 2012-02-21 22:42 -------- d-----w- c:\windows\system32\drivers\NIS
2012-02-21 19:05 . 2012-02-21 19:05 -------- d-----w- c:\program files\Norton Internet Security
2012-02-19 14:23 . 2012-02-21 23:00 -------- d-----w- c:\documents and settings\Robert Witkowski\Local Settings\Application Data\NPE
2012-02-17 12:18 . 2012-02-15 16:25 1932256 ----a-w- C:\FixTDSS.exe
2012-02-17 12:18 . 2012-02-15 16:24 1766312 ----a-w- C:\FixZeroAccess.exe
2012-02-16 23:32 . 2012-02-16 23:32 -------- d-----w- c:\documents and settings\Robert Witkowski\Application Data\DDMSettings
2012-02-16 12:18 . 2012-02-16 12:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Sun
2012-02-16 11:01 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-15 16:06 . 2012-02-25 03:30 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-15 15:36 . 2012-02-15 15:36 -------- d-----w- c:\documents and settings\Robert Witkowski\Local Settings\Application Data\SKIDROW
2012-02-15 15:36 . 2012-02-15 15:36 -------- d-----w- c:\documents and settings\Robert Witkowski\Local Settings\Application Data\BigHugeEngine
2012-02-03 11:55 . 2012-02-07 13:49 -------- d-----w- c:\program files\Diablo III Beta
2012-02-03 11:52 . 2012-02-03 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Battle.net
2012-02-03 01:36 . 2012-02-03 01:36 -------- d-----w- c:\windows\system32\drivers\NST
2012-02-03 01:36 . 2012-02-03 01:36 -------- d-----w- c:\program files\Norton Safe Web Lite
2012-02-03 01:32 . 2012-02-03 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Amazon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-25 03:41 . 2009-06-09 23:43 278528 ----a-w- c:\windows\IsUninst.exe
2012-01-26 11:02 . 2011-04-08 02:15 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-01-26 11:02 . 2011-04-08 02:15 15494464 ----a-w- c:\windows\system32\nvcpl.dll
2012-01-26 11:02 . 2011-04-08 02:15 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-01-26 11:02 . 2011-04-08 02:15 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-01-26 11:02 . 2011-04-08 02:15 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-01-12 16:53 . 2003-03-31 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-06 16:51 . 2009-05-23 12:34 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
2012-01-06 16:51 . 2009-05-23 12:34 11776 ----a-w- c:\windows\system32\smrgdf.exe
2012-01-06 16:29 . 2011-06-25 19:31 2083464 ----a-w- c:\windows\system32\Incinerator32.dll
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2011-12-17 19:48 . 2012-01-19 13:58 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-12-17 19:48 . 2012-01-19 13:58 249856 ----a-w- c:\windows\system32\nvrseng.dll
2011-12-17 19:48 . 2012-01-19 13:58 126976 ----a-w- c:\windows\system32\nvrszht.dll
2011-12-17 19:48 . 2012-01-19 13:58 331776 ----a-w- c:\windows\system32\nvrshe.dll
2011-12-17 19:48 . 2012-01-19 13:58 282624 ----a-w- c:\windows\system32\nvrsel.dll
2011-12-17 19:48 . 2012-01-19 13:58 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2011-12-17 19:48 . 2012-01-19 13:58 270336 ----a-w- c:\windows\system32\nvrsru.dll
2011-12-17 19:48 . 2012-01-19 13:58 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2011-12-17 19:48 . 2012-01-19 13:58 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2011-12-17 19:48 . 2012-01-19 13:58 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2011-12-17 19:48 . 2012-01-19 13:58 262144 ----a-w- c:\windows\system32\nvrshu.dll
2011-12-17 19:48 . 2012-01-19 13:58 253952 ----a-w- c:\windows\system32\nvrsda.dll
2011-12-17 19:48 . 2012-01-19 13:58 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2011-12-17 19:48 . 2012-01-19 13:58 258048 ----a-w- c:\windows\system32\nvrstr.dll
2011-12-17 19:48 . 2012-01-19 13:58 258048 ----a-w- c:\windows\system32\nvrssl.dll
2011-12-17 19:48 . 2012-01-19 13:58 253952 ----a-w- c:\windows\system32\nvrssv.dll
2011-12-17 19:48 . 2012-01-19 13:58 282624 ----a-w- c:\windows\system32\nvrses.dll
2011-12-17 19:48 . 2012-01-19 13:58 249856 ----a-w- c:\windows\system32\nvrscs.dll
2011-12-17 19:48 . 2012-01-19 13:58 274432 ----a-w- c:\windows\system32\nvrspt.dll
2011-12-17 19:48 . 2012-01-19 13:58 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2011-12-17 19:48 . 2012-01-19 13:58 258048 ----a-w- c:\windows\system32\nvrssk.dll
2011-12-17 19:48 . 2012-01-19 13:58 335872 ----a-w- c:\windows\system32\nvrsar.dll
2011-12-17 19:48 . 2012-01-19 13:58 278528 ----a-w- c:\windows\system32\nvrsde.dll
2011-12-17 19:48 . 2012-01-19 13:58 266240 ----a-w- c:\windows\system32\nvrsko.dll
2011-12-17 19:48 . 2012-01-19 13:58 253952 ----a-w- c:\windows\system32\nvrsno.dll
2011-12-17 19:48 . 2012-01-19 13:58 282624 ----a-w- c:\windows\system32\nvrsit.dll
2011-12-17 19:48 . 2012-01-19 13:58 270336 ----a-w- c:\windows\system32\nvrsja.dll
2011-12-17 19:48 . 2012-01-19 13:58 258048 ----a-w- c:\windows\system32\nvrspl.dll
2011-12-17 19:46 . 2003-03-31 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2003-03-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2003-03-31 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2009-05-21 14:43 385024 ----a-w- c:\windows\system32\html.iec
.
.I will break it up the best I can

#15 BlScoDe

BlScoDe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 25 February 2012 - 08:37 PM

The next section seem to have double entries. I am guessing it's from when I ran Window's repair and now I have two installs
Windows XP home and the rapair.

Log cont....
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Robert Witkowski\Application Data\DDMSettings ----
.
2012-02-16 23:32 . 2012-02-16 23:32 106 ----a-w- c:\documents and settings\Robert Witkowski\Application Data\DDMSettings\settings.ddi
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-24_16.40.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-14 10:42 . 2008-04-14 10:42 57344 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcirt.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 57344 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcirt.dll
+ 2008-04-14 10:42 . 2008-04-14 10:42 74802 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 74802 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 50688 c:\windows\twain_32.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 50688 c:\windows\twain_32.dll
+ 2012-02-26 00:46 . 2012-02-26 00:46 16384 c:\windows\Temp\Perflib_Perfdata_8c0.dat
+ 2012-02-26 00:09 . 2012-02-26 00:09 16384 c:\windows\Temp\Perflib_Perfdata_528.dat
+ 2012-02-26 00:47 . 2012-02-26 00:47 16384 c:\windows\Temp\Perflib_Perfdata_524.dat
- 2009-05-21 10:07 . 2003-03-31 12:00 15360 c:\windows\TASKMAN.EXE
+ 2003-03-31 12:00 . 2003-03-31 12:00 15360 c:\windows\taskman.exe
- 2009-05-21 14:34 . 2008-04-14 09:42 11776 c:\windows\system32\xolehlp.dll
+ 2012-02-25 04:21 . 2008-04-14 10:42 11776 c:\windows\system32\xolehlp.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 30720 c:\windows\system32\xcopy.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 30720 c:\windows\system32\xcopy.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 91648 c:\windows\system32\xactsrv.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 91648 c:\windows\system32\xactsrv.dll
+ 2002-08-29 03:41 . 2008-04-14 10:42 52736 c:\windows\system32\wzcsapi.dll
- 2002-08-29 03:41 . 2008-04-14 09:42 52736 c:\windows\system32\wzcsapi.dll
+ 2012-02-25 04:21 . 2009-08-07 00:24 53472 c:\windows\system32\wuauclt.exe
- 2009-05-21 14:34 . 2009-08-06 23:24 53472 c:\windows\system32\wuauclt.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 18432 c:\windows\system32\wtsapi32.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 18432 c:\windows\system32\wtsapi32.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 50688 c:\windows\system32\wstdecod.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 50688 c:\windows\system32\wstdecod.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 22528 c:\windows\system32\wsock32.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 22528 c:\windows\system32\wsock32.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 41984 c:\windows\system32\wsnmp32.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 41984 c:\windows\system32\wsnmp32.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 19456 c:\windows\system32\wshtcpip.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 19456 c:\windows\system32\wshtcpip.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 11264 c:\windows\system32\wshrm.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 11264 c:\windows\system32\wshrm.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 14336 c:\windows\system32\wship6.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 14336 c:\windows\system32\wship6.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 36864 c:\windows\system32\wshcon.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 36864 c:\windows\system32\wshcon.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 19968 c:\windows\system32\ws2help.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 19968 c:\windows\system32\ws2help.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 82432 c:\windows\system32\ws2_32.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 82432 c:\windows\system32\ws2_32.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 11264 c:\windows\system32\wpnpinst.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 11264 c:\windows\system32\wpnpinst.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 32256 c:\windows\system32\wpabaln.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 32256 c:\windows\system32\wpabaln.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 20480 c:\windows\system32\wmpui.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 20480 c:\windows\system32\wmpui.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 20480 c:\windows\system32\wmpcore.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 20480 c:\windows\system32\wmpcore.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 20480 c:\windows\system32\wmpcd.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 20480 c:\windows\system32\wmpcd.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 23552 c:\windows\system32\wmdmps.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 27136 c:\windows\system32\wmdmlog.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 92672 c:\windows\system32\wlnotify.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 92672 c:\windows\system32\wlnotify.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 53760 c:\windows\system32\winsta.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 53760 c:\windows\system32\winsta.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 99328 c:\windows\system32\winscard.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 99328 c:\windows\system32\winscard.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 16896 c:\windows\system32\winrnr.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 16896 c:\windows\system32\winrnr.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 32256 c:\windows\system32\winipsec.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 32256 c:\windows\system32\winipsec.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 75776 c:\windows\system32\wiascr.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 75776 c:\windows\system32\wiascr.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 65024 c:\windows\system32\wextract.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 65024 c:\windows\system32\wextract.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 68096 c:\windows\system32\webclnt.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 68096 c:\windows\system32\webclnt.dll
+ 2001-08-17 22:37 . 2008-04-14 10:42 23552 c:\windows\system32\wdmaud.drv
- 2001-08-17 22:37 . 2008-04-14 09:42 23552 c:\windows\system32\wdmaud.drv
+ 2012-02-25 04:21 . 2008-04-14 10:42 95232 c:\windows\system32\wbem\wmiutils.dll
- 2009-05-21 14:34 . 2008-04-14 09:42 95232 c:\windows\system32\wbem\wmiutils.dll
- 2009-05-21 14:34 . 2008-04-14 09:42 41472 c:\windows\system32\wbem\wmipsess.dll
+ 2012-02-25 04:21 . 2008-04-14 10:42 41472 c:\windows\system32\wbem\wmipsess.dll
- 2009-05-21 14:34 . 2008-04-14 09:42 62464 c:\windows\system32\wbem\wmipjobj.dll
+ 2012-02-25 04:21 . 2008-04-14 10:42 62464 c:\windows\system32\wbem\wmipjobj.dll
+ 2012-02-25 04:21 . 2008-04-14 10:42 61952 c:\windows\system32\wbem\wmipiprt.dll
- 2009-05-21 14:34 . 2008-04-14 09:42 61952 c:\windows\system32\wbem\wmipiprt.dll
+ 2012-02-25 04:21 . 2008-04-14 10:42 60928 c:\windows\system32\wbem\wmicookr.dll
- 2009-05-21 14:34 . 2008-04-14 09:42 60928 c:\windows\system32\wbem\wmicookr.dll
- 2009-05-21 14:34 . 2008-04-14 09:42 88576 c:\windows\system32\wbem\wmiaprpl.dll
+ 2012-02-25 04:21 . 2008-04-14 10:42 88576 c:\windows\system32\wbem\wmiaprpl.dll
- 2009-05-21 14:34 . 2008-04-14 09:42 43520 c:\windows\system32\wbem\wbemsvc.dll
+ 2012-02-25 04:21 . 2008-04-14 10:42 43520 c:\windows\system32\wbem\wbemsvc.dll
+ 2012-02-25 04:21 . 2008-04-14 10:42 18944 c:\windows\system32\wbem\wbemprox.dll
- 2009-05-21 14:34 . 2008-04-14 09:42 18944 c:\windows\system32\wbem\wbemprox.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 43008 c:\windows\system32\wbem\wbemperf.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 43008 c:\windows\system32\wbem\wbemperf.dll
- 2009-05-21 14:34 . 2008-04-14 09:42 71680 c:\windows\system32\wbem\wbemcons.dll
+ 2012-02-25 04:21 . 2008-04-14 10:42 71680 c:\windows\system32\wbem\wbemcons.dll
- 2009-05-21 14:34 . 2008-04-14 09:42 86528 c:\windows\system32\wbem\stdprov.dll
+ 2012-02-25 04:21 . 2008-04-14 10:42 86528 c:\windows\system32\wbem\stdprov.dll
+ 2012-02-25 04:21 . 2008-04-14 10:42 36352 c:\windows\system32\wbem\scrcons.exe
- 2009-05-21 14:34 . 2008-04-14 09:42 36352 c:\windows\system32\wbem\scrcons.exe
+ 2012-02-25 04:21 . 2008-04-14 10:42 47104 c:\windows\system32\wbem\ncprov.dll
- 2009-05-21 14:34 . 2008-04-14 09:42 47104 c:\windows\system32\wbem\ncprov.dll
- 2009-05-21 14:34 . 2008-04-14 09:42 16384 c:\windows\system32\wbem\mofcomp.exe
+ 2012-02-25 04:21 . 2008-04-14 10:42 16384 c:\windows\system32\wbem\mofcomp.exe
+ 2012-02-25 04:21 . 2008-04-14 10:41 24576 c:\windows\system32\wbem\krnlprov.dll
- 2009-05-21 14:34 . 2008-04-14 09:41 24576 c:\windows\system32\wbem\krnlprov.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 21504 c:\windows\system32\wbem\evntrprv.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 21504 c:\windows\system32\wbem\evntrprv.dll
- 2003-03-31 12:00 . 2008-04-14 04:15 17664 c:\windows\system32\watchdog.sys
+ 2003-03-31 12:00 . 2008-04-14 05:15 17664 c:\windows\system32\watchdog.sys
- 2003-03-31 12:00 . 2008-04-14 09:42 18944 c:\windows\system32\version.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 18944 c:\windows\system32\version.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 26624 c:\windows\system32\verifier.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 26624 c:\windows\system32\verifier.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 51712 c:\windows\system32\vdmredir.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 51712 c:\windows\system32\vdmredir.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 26112 c:\windows\system32\vdmdbg.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 26112 c:\windows\system32\vdmdbg.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 30749 c:\windows\system32\vbajet32.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 30749 c:\windows\system32\vbajet32.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 50176 c:\windows\system32\utilman.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 50176 c:\windows\system32\utilman.exe
+ 2003-03-31 12:00 . 2008-04-14 10:41 19968 c:\windows\system32\usmt\log.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 19968 c:\windows\system32\usmt\log.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 26112 c:\windows\system32\userinit.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 26112 c:\windows\system32\userinit.exe
+ 2001-08-17 22:36 . 2008-04-14 10:42 74240 c:\windows\system32\usbui.dll
- 2009-05-21 10:08 . 2008-04-14 09:42 74240 c:\windows\system32\usbui.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 16896 c:\windows\system32\usbmon.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 16896 c:\windows\system32\usbmon.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 18432 c:\windows\system32\ups.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 18432 c:\windows\system32\ups.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 16896 c:\windows\system32\upnpcont.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 16896 c:\windows\system32\upnpcont.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 13824 c:\windows\system32\uniplat.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 13824 c:\windows\system32\uniplat.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 74240 c:\windows\system32\unimdmat.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 74240 c:\windows\system32\unimdmat.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 35840 c:\windows\system32\umandlg.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 35840 c:\windows\system32\umandlg.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 26624 c:\windows\system32\udhisapi.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 26624 c:\windows\system32\udhisapi.dll
- 2003-03-31 12:00 . 2008-04-14 09:43 12168 c:\windows\system32\tsddd.dll
+ 2003-03-31 12:00 . 2008-04-14 10:43 12168 c:\windows\system32\tsddd.dll
- 2009-05-21 14:34 . 2008-04-14 09:42 93696 c:\windows\system32\tscfgwmi.dll
+ 2012-02-25 04:21 . 2008-04-14 10:42 93696 c:\windows\system32\tscfgwmi.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 90112 c:\windows\system32\trkwks.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 90112 c:\windows\system32\trkwks.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 12800 c:\windows\system32\tree.com
+ 2003-03-31 12:00 . 2008-04-14 10:42 12800 c:\windows\system32\tree.com
- 2003-03-31 12:00 . 2008-04-14 09:42 12288 c:\windows\system32\tracert.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 12288 c:\windows\system32\tracert.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 45568 c:\windows\system32\tcpmonui.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 45568 c:\windows\system32\tcpmonui.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 45568 c:\windows\system32\tcpmon.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 45568 c:\windows\system32\tcpmon.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 14848 c:\windows\system32\tcpmib.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 14848 c:\windows\system32\tcpmib.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 57856 c:\windows\system32\synceng.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 57856 c:\windows\system32\synceng.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 14336 c:\windows\system32\svchost.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 14336 c:\windows\system32\svchost.exe
- 2009-05-21 10:07 . 2008-04-14 09:42 74752 c:\windows\system32\storprop.dll
+ 2012-02-25 04:05 . 2008-04-14 10:42 74752 c:\windows\system32\storprop.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 14848 c:\windows\system32\stimon.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 14848 c:\windows\system32\stimon.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 68096 c:\windows\system32\sti.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 68096 c:\windows\system32\sti.dll
- 2009-05-21 14:34 . 2008-04-14 09:42 59392 c:\windows\system32\stclient.dll
+ 2012-02-25 04:21 . 2008-04-14 10:42 59392 c:\windows\system32\stclient.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 14336 c:\windows\system32\ssstars.scr
+ 2003-03-31 12:00 . 2008-04-14 10:42 14336 c:\windows\system32\ssstars.scr
+ 2003-03-31 12:00 . 2008-04-14 10:42 18944 c:\windows\system32\ssmyst.scr
- 2003-03-31 12:00 . 2008-04-14 09:42 18944 c:\windows\system32\ssmyst.scr
+ 2003-03-31 12:00 . 2008-04-14 10:42 47104 c:\windows\system32\ssmypics.scr
- 2003-03-31 12:00 . 2008-04-14 09:42 47104 c:\windows\system32\ssmypics.scr
- 2003-03-31 12:00 . 2008-04-14 09:42 20992 c:\windows\system32\ssmarque.scr
+ 2003-03-31 12:00 . 2008-04-14 10:42 20992 c:\windows\system32\ssmarque.scr
+ 2003-03-31 12:00 . 2008-04-14 10:42 71680 c:\windows\system32\ssdpsrv.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 71680 c:\windows\system32\ssdpsrv.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 34816 c:\windows\system32\ssdpapi.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 34816 c:\windows\system32\ssdpapi.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 19968 c:\windows\system32\ssbezier.scr
- 2003-03-31 12:00 . 2008-04-14 09:42 19968 c:\windows\system32\ssbezier.scr
+ 2003-03-31 12:00 . 2008-04-14 10:42 96768 c:\windows\system32\srvsvc.dll
- 2009-05-21 14:35 . 2008-04-14 09:42 67584 c:\windows\system32\srclient.dll
+ 2012-02-25 04:22 . 2008-04-14 10:42 67584 c:\windows\system32\srclient.dll
- 2009-05-21 10:07 . 2003-03-31 12:00 24661 c:\windows\system32\spxcoins.dll
+ 2012-02-25 04:05 . 2003-03-31 12:00 24661 c:\windows\system32\spxcoins.dll
+ 2009-05-21 14:42 . 2009-01-07 23:21 26144 c:\windows\system32\spupdsvc.exe
- 2009-05-21 14:42 . 2009-05-12 20:12 26144 c:\windows\system32\spupdsvc.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 75264 c:\windows\system32\spoolss.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 75264 c:\windows\system32\spoolss.dll
- 2009-11-15 18:00 . 2009-05-12 20:12 16928 c:\windows\system32\spmsg.dll
+ 2009-11-15 18:00 . 2009-01-07 23:20 16928 c:\windows\system32\spmsg.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 24576 c:\windows\system32\sort.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 24576 c:\windows\system32\sort.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 18944 c:\windows\system32\snmpapi.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 18944 c:\windows\system32\snmpapi.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 50688 c:\windows\system32\smss.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 50688 c:\windows\system32\smss.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 89600 c:\windows\system32\smlogsvc.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 89600 c:\windows\system32\smlogsvc.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 98304 c:\windows\system32\slbiop.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 98304 c:\windows\system32\slbiop.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 25088 c:\windows\system32\slayerxp.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 25088 c:\windows\system32\slayerxp.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 26112 c:\windows\system32\skeys.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 26112 c:\windows\system32\skeys.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 70144 c:\windows\system32\sigverif.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 70144 c:\windows\system32\sigverif.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 13312 c:\windows\system32\sigtab.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 13312 c:\windows\system32\sigtab.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 19456 c:\windows\system32\shutdown.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 19456 c:\windows\system32\shutdown.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 27648 c:\windows\system32\shscrap.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 27648 c:\windows\system32\shscrap.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 77824 c:\windows\system32\shrpubw.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 77824 c:\windows\system32\shrpubw.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 45056 c:\windows\system32\shmgrate.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 45056 c:\windows\system32\shmgrate.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 65024 c:\windows\system32\shimeng.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 65024 c:\windows\system32\shimeng.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 68096 c:\windows\system32\shgina.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 68096 c:\windows\system32\shgina.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 25088 c:\windows\system32\shfolder.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 25088 c:\windows\system32\shfolder.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 17408 c:\windows\system32\Setup\ocmsn.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 17408 c:\windows\system32\Setup\ocmsn.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 15360 c:\windows\system32\Setup\ocgen.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 15360 c:\windows\system32\Setup\ocgen.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 62976 c:\windows\system32\Setup\ntoc.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 62976 c:\windows\system32\Setup\ntoc.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 77312 c:\windows\system32\Setup\netoc.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 77312 c:\windows\system32\Setup\netoc.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 15360 c:\windows\system32\Setup\msgrocm.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 15360 c:\windows\system32\Setup\msgrocm.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 90112 c:\windows\system32\Setup\msdtcstp.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 90112 c:\windows\system32\Setup\msdtcstp.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 32828 c:\windows\system32\Setup\fp40ext.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 32828 c:\windows\system32\Setup\fp40ext.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 23040 c:\windows\system32\setup.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 23040 c:\windows\system32\setup.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 31232 c:\windows\system32\sethc.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 31232 c:\windows\system32\sethc.exe
+ 2012-02-25 04:21 . 2008-04-14 10:42 56320 c:\windows\system32\servdeps.dll
- 2009-05-21 14:34 . 2008-04-14 09:42 56320 c:\windows\system32\servdeps.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 39424 c:\windows\system32\sens.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 39424 c:\windows\system32\sens.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 54784 c:\windows\system32\sendmail.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 54784 c:\windows\system32\sendmail.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 29184 c:\windows\system32\sendcmsg.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 29184 c:\windows\system32\sendcmsg.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 18944 c:\windows\system32\seclogon.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 18944 c:\windows\system32\seclogon.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 77312 c:\windows\system32\sdbinst.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 77312 c:\windows\system32\sdbinst.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 20480 c:\windows\system32\sclgntfy.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 20480 c:\windows\system32\sclgntfy.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 95744 c:\windows\system32\scardsvr.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 95744 c:\windows\system32\scardsvr.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 69632 c:\windows\system32\scarddlg.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 69632 c:\windows\system32\scarddlg.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 13312 c:\windows\system32\savedump.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 13312 c:\windows\system32\savedump.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 64000 c:\windows\system32\samlib.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 64000 c:\windows\system32\samlib.dll
- 2009-05-21 14:36 . 2008-04-14 09:42 29696 c:\windows\system32\safrdm.dll
+ 2012-02-25 04:22 . 2008-04-14 10:42 29696 c:\windows\system32\safrdm.dll
+ 2012-02-25 04:22 . 2008-04-14 10:42 43520 c:\windows\system32\safrcdlg.dll
- 2009-05-21 14:36 . 2008-04-14 09:42 43520 c:\windows\system32\safrcdlg.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 14336 c:\windows\system32\runonce.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 14336 c:\windows\system32\runonce.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 33280 c:\windows\system32\rundll32.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 33280 c:\windows\system32\rundll32.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 44032 c:\windows\system32\rtutils.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 44032 c:\windows\system32\rtutils.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 31744 c:\windows\system32\rtipxmib.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 31744 c:\windows\system32\rtipxmib.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 77312 c:\windows\system32\rtcshare.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 77312 c:\windows\system32\rtcshare.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 92672 c:\windows\system32\rsvpsp.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 92672 c:\windows\system32\rsvpsp.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 18944 c:\windows\system32\rsmps.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 18944 c:\windows\system32\rsmps.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 39936 c:\windows\system32\rshx32.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 39936 c:\windows\system32\rshx32.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 14848 c:\windows\system32\rsh.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 14848 c:\windows\system32\rsh.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 13824 c:\windows\system32\rexec.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 13824 c:\windows\system32\rexec.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 58880 c:\windows\system32\resutils.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 58880 c:\windows\system32\resutils.dll
- 2009-05-21 14:34 . 2008-04-14 09:42 60416 c:\windows\system32\remotepg.dll
+ 2012-02-25 04:21 . 2008-04-14 10:42 60416 c:\windows\system32\remotepg.dll
+ 2012-02-25 04:57 . 2003-03-31 12:00 30592 c:\windows\system32\ReinstallBackups\0043\DriverFiles\i386\processr.sys
+ 2012-02-25 04:57 . 2003-03-31 12:00 30592 c:\windows\system32\ReinstallBackups\0042\DriverFiles\i386\processr.sys
+ 2012-02-25 04:57 . 2003-03-31 12:00 30592 c:\windows\system32\ReinstallBackups\0041\DriverFiles\i386\processr.sys
+ 2012-02-25 04:57 . 2003-03-31 12:00 30592 c:\windows\system32\ReinstallBackups\0040\DriverFiles\i386\processr.sys
+ 2012-02-25 04:18 . 2012-01-26 14:43 65536 c:\windows\system32\ReinstallBackups\0039\DriverFiles\OpenCL.dll
+ 2012-02-25 04:11 . 2009-07-01 16:52 67328 c:\windows\system32\ReinstallBackups\0038\DriverFiles\nvefdxp.sys
+ 2012-02-25 04:06 . 2009-07-01 16:52 67328 c:\windows\system32\ReinstallBackups\0036\DriverFiles\nvefdxp.sys
+ 2003-03-31 12:00 . 2008-04-14 10:42 11776 c:\windows\system32\regsvr32.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 11776 c:\windows\system32\regsvr32.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 59904 c:\windows\system32\regsvc.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 59904 c:\windows\system32\regsvc.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 49664 c:\windows\system32\regapi.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 49664 c:\windows\system32\regapi.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 50176 c:\windows\system32\reg.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 50176 c:\windows\system32\reg.exe
+ 2012-02-25 04:21 . 2008-04-14 10:42 67072 c:\windows\system32\rdshost.exe
- 2009-05-21 14:34 . 2008-04-14 09:42 67072 c:\windows\system32\rdshost.exe
+ 2012-02-25 04:21 . 2008-04-14 10:42 13824 c:\windows\system32\rdsaddin.exe
- 2009-05-21 14:34 . 2008-04-14 09:42 13824 c:\windows\system32\rdsaddin.exe
+ 2012-02-25 04:21 . 2008-04-14 10:43 87176 c:\windows\system32\rdpwsx.dll
- 2009-05-21 14:34 . 2008-04-14 09:43 87176 c:\windows\system32\rdpwsx.dll
- 2009-05-21 14:34 . 2008-04-14 09:42 19968 c:\windows\system32\rdpsnd.dll
+ 2012-02-25 04:21 . 2008-04-14 10:42 19968 c:\windows\system32\rdpsnd.dll
- 2003-03-31 12:00 . 2008-04-14 09:43 92424 c:\windows\system32\rdpdd.dll
+ 2003-03-31 12:00 . 2008-04-14 10:43 92424 c:\windows\system32\rdpdd.dll
+ 2012-02-25 04:21 . 2008-04-14 10:42 62976 c:\windows\system32\rdpclip.exe
- 2009-05-21 14:34 . 2008-04-14 09:42 62976 c:\windows\system32\rdpclip.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 21504 c:\windows\system32\rcp.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 21504 c:\windows\system32\rcp.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 35840 c:\windows\system32\rcimlby.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 35840 c:\windows\system32\rcimlby.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 58368 c:\windows\system32\rastapi.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 58368 c:\windows\system32\rastapi.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 16384 c:\windows\system32\rassapi.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 16384 c:\windows\system32\rassapi.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 56832 c:\windows\system32\rasphone.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 56832 c:\windows\system32\rasphone.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 61440 c:\windows\system32\rasman.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 61440 c:\windows\system32\rasman.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 88576 c:\windows\system32\rasauto.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 88576 c:\windows\system32\rasauto.dll
- 2009-05-21 14:36 . 2008-04-14 09:42 43520 c:\windows\system32\racpldlg.dll
+ 2012-02-25 04:22 . 2008-04-14 10:42 43520 c:\windows\system32\racpldlg.dll
+ 2012-02-25 04:21 . 2008-04-14 10:42 19968 c:\windows\system32\qprocess.exe
- 2009-05-21 14:34 . 2008-04-14 09:42 19968 c:\windows\system32\qprocess.exe
- 2009-05-21 14:35 . 2008-04-14 09:42 18944 c:\windows\system32\qmgrprxy.dll
+ 2012-02-25 04:22 . 2008-04-14 10:42 18944 c:\windows\system32\qmgrprxy.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 34304 c:\windows\system32\pstorsvc.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 34304 c:\windows\system32\pstorsvc.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 43520 c:\windows\system32\pstorec.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 43520 c:\windows\system32\pstorec.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 96768 c:\windows\system32\psbase.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 96768 c:\windows\system32\psbase.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 23040 c:\windows\system32\psapi.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 23040 c:\windows\system32\psapi.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 50176 c:\windows\system32\proquota.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 50176 c:\windows\system32\proquota.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 27648 c:\windows\system32\profmap.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 27648 c:\windows\system32\profmap.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 17408 c:\windows\system32\powrprof.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 17408 c:\windows\system32\powrprof.dll
+ 2003-03-31 12:00 . 2009-03-08 09:31 46592 c:\windows\system32\pngfilt.dll
- 2003-03-31 12:00 . 2009-03-08 08:31 46592 c:\windows\system32\pngfilt.dll
+ 2001-08-17 22:36 . 2008-04-14 10:42 15360 c:\windows\system32\pjlmon.dll
- 2001-08-17 22:36 . 2008-04-14 09:42 15360 c:\windows\system32\pjlmon.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 17920 c:\windows\system32\ping.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 17920 c:\windows\system32\ping.exe
- 2003-03-31 12:00 . 2008-04-14 04:05 24064 c:\windows\system32\pidgen.dll
+ 2003-03-31 12:00 . 2008-04-14 05:05 24064 c:\windows\system32\pidgen.dll
- 2002-08-29 03:41 . 2008-04-14 09:42 35328 c:\windows\system32\pid.dll
+ 2002-08-29 03:41 . 2008-04-14 10:42 35328 c:\windows\system32\pid.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 34816 c:\windows\system32\perfproc.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 34816 c:\windows\system32\perfproc.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 25088 c:\windows\system32\perfos.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 25088 c:\windows\system32\perfos.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 17920 c:\windows\system32\perfnet.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 17920 c:\windows\system32\perfnet.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 15872 c:\windows\system32\perfmon.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 15872 c:\windows\system32\perfmon.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 26624 c:\windows\system32\perfdisk.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 26624 c:\windows\system32\perfdisk.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 39936 c:\windows\system32\perfctrs.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 39936 c:\windows\system32\perfctrs.dll
+ 2003-03-31 12:00 . 2012-02-25 23:44 90466 c:\windows\system32\perfc009.dat
+ 2003-03-31 12:00 . 2008-04-14 10:42 67584 c:\windows\system32\pautoenr.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 67584 c:\windows\system32\pautoenr.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 67584 c:\windows\system32\osuninst.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 67584 c:\windows\system32\osuninst.dll
- 2011-01-04 11:40 . 2012-01-26 14:43 65536 c:\windows\system32\OpenCL.dll
+ 2011-12-22 11:49 . 2011-10-08 04:50 65536 c:\windows\system32\OpenCL.dll
+ 2012-02-25 04:22 . 2008-04-14 10:42 51200 c:\windows\system32\oobe\oobebaln.exe
- 2009-05-21 14:35 . 2008-04-14 09:42 51200 c:\windows\system32\oobe\oobebaln.exe
- 2009-05-21 14:36 . 2008-04-14 09:42 29184 c:\windows\system32\oobe\msoobe.exe
+ 2012-02-25 04:22 . 2008-04-14 10:42 29184 c:\windows\system32\oobe\msoobe.exe
- 2009-05-21 14:36 . 2008-04-14 09:42 19456 c:\windows\system32\oobe\msobweb.dll
+ 2012-02-25 04:22 . 2008-04-14 10:42 19456 c:\windows\system32\oobe\msobweb.dll
+ 2012-02-25 04:22 . 2008-04-14 10:42 30720 c:\windows\system32\oobe\msobshel.dll
- 2009-05-21 14:36 . 2008-04-14 09:42 30720 c:\windows\system32\oobe\msobshel.dll
- 2009-05-21 14:36 . 2008-04-14 09:42 16384 c:\windows\system32\oobe\msobdl.dll
+ 2012-02-25 04:22 . 2008-04-14 10:42 16384 c:\windows\system32\oobe\msobdl.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 84992 c:\windows\system32\olepro32.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 84992 c:\windows\system32\olepro32.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 37376 c:\windows\system32\olecnv32.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 37376 c:\windows\system32\olecnv32.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 74752 c:\windows\system32\olecli32.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 74752 c:\windows\system32\olecli32.dll
- 2003-03-31 12:00 . 2011-09-26 15:41 20480 c:\windows\system32\oleaccrc.dll
+ 2003-03-31 12:00 . 2011-09-26 16:41 20480 c:\windows\system32\oleaccrc.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 20511 c:\windows\system32\odtext32.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 20511 c:\windows\system32\odtext32.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 20510 c:\windows\system32\odpdx32.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 20510 c:\windows\system32\odpdx32.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 20510 c:\windows\system32\odfox32.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 20510 c:\windows\system32\odfox32.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 20510 c:\windows\system32\odexl32.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 20510 c:\windows\system32\odexl32.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 20511 c:\windows\system32\oddbse32.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 20511 c:\windows\system32\oddbse32.dll
+ 2003-03-31 12:00 . 2008-04-14 03:56 12288 c:\windows\system32\odbcp32r.dll
- 2003-03-31 12:00 . 2008-04-14 02:56 12288 c:\windows\system32\odbcp32r.dll
- 2003-03-31 12:00 . 2008-04-14 09:40 53279 c:\windows\system32\odbcji32.dll
+ 2003-03-31 12:00 . 2008-04-14 10:40 53279 c:\windows\system32\odbcji32.dll
- 2003-03-31 12:00 . 2008-04-14 02:56 94208 c:\windows\system32\odbcint.dll
+ 2003-03-31 12:00 . 2008-04-14 03:56 94208 c:\windows\system32\odbcint.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 65536 c:\windows\system32\odbccu32.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 65536 c:\windows\system32\odbccu32.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 65536 c:\windows\system32\odbccr32.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 65536 c:\windows\system32\odbccr32.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 69632 c:\windows\system32\odbcconf.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 69632 c:\windows\system32\odbcconf.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 24576 c:\windows\system32\odbcbcp.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 24576 c:\windows\system32\odbcbcp.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 32768 c:\windows\system32\odbcad32.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 32768 c:\windows\system32\odbcad32.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 16384 c:\windows\system32\odbc32gt.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 16384 c:\windows\system32\odbc32gt.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 67584 c:\windows\system32\ocmanage.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 67584 c:\windows\system32\ocmanage.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 15360 c:\windows\system32\ntvdmd.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 15360 c:\windows\system32\ntvdmd.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 91136 c:\windows\system32\ntprint.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 91136 c:\windows\system32\ntprint.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 40960 c:\windows\system32\ntmsapi.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 40960 c:\windows\system32\ntmsapi.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 44032 c:\windows\system32\ntlanman.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 44032 c:\windows\system32\ntlanman.dll
+ 2003-03-31 12:00 . 2008-04-14 03:19 34560 c:\windows\system32\ntio804.sys
- 2003-03-31 12:00 . 2008-04-14 02:19 34560 c:\windows\system32\ntio804.sys
- 2003-03-31 12:00 . 2008-04-14 02:19 35424 c:\windows\system32\ntio412.sys
+ 2003-03-31 12:00 . 2008-04-14 03:19 35424 c:\windows\system32\ntio412.sys
- 2003-03-31 12:00 . 2008-04-14 02:19 35648 c:\windows\system32\ntio411.sys
+ 2003-03-31 12:00 . 2008-04-14 03:19 35648 c:\windows\system32\ntio411.sys
- 2003-03-31 12:00 . 2008-04-14 02:19 34560 c:\windows\system32\ntio404.sys
+ 2003-03-31 12:00 . 2008-04-14 03:19 34560 c:\windows\system32\ntio404.sys
+ 2003-03-31 12:00 . 2008-04-14 03:19 33840 c:\windows\system32\ntio.sys
- 2003-03-31 12:00 . 2008-04-14 02:19 33840 c:\windows\system32\ntio.sys
- 2003-03-31 12:00 . 2008-04-14 09:42 67072 c:\windows\system32\ntdsapi.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 67072 c:\windows\system32\ntdsapi.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 76800 c:\windows\system32\nslookup.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 76800 c:\windows\system32\nslookup.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 54784 c:\windows\system32\npptools.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 54784 c:\windows\system32\npptools.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 15360 c:\windows\system32\npp\nppagent.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 15360 c:\windows\system32\npp\nppagent.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 57344 c:\windows\system32\npp\ndisnpp.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 57344 c:\windows\system32\npp\ndisnpp.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 69120 c:\windows\system32\notepad.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 69120 c:\windows\system32\notepad.exe
- 2006-06-29 12:05 . 2009-01-07 22:20 23552 c:\windows\system32\normaliz.dll
+ 2006-06-29 12:05 . 2009-01-07 23:20 23552 c:\windows\system32\normaliz.dll
+ 2012-02-25 04:22 . 2008-04-14 10:42 28672 c:\windows\system32\nmmkcert.dll
- 2009-05-21 14:35 . 2008-04-14 09:42 28672 c:\windows\system32\nmmkcert.dll
+ 2006-06-28 21:59 . 2009-01-07 23:20 24576 c:\windows\system32\nlsdl.dll
- 2006-06-28 21:59 . 2009-01-07 22:20 24576 c:\windows\system32\nlsdl.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 98304 c:\windows\system32\nlhtml.dll
- 2003-03-31 12:00 . 2008-03-07 17:02 98304 c:\windows\system32\nlhtml.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 80896 c:\windows\system32\netui0.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 80896 c:\windows\system32\netui0.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 36864 c:\windows\system32\netstat.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 36864 c:\windows\system32\netstat.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 86016 c:\windows\system32\netsh.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 86016 c:\windows\system32\netsh.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 11776 c:\windows\system32\netrap.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 11776 c:\windows\system32\netrap.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 42496 c:\windows\system32\net.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 42496 c:\windows\system32\net.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 18944 c:\windows\system32\nddenb32.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 18944 c:\windows\system32\nddenb32.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 17920 c:\windows\system32\nddeapi.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 17920 c:\windows\system32\nddeapi.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 36352 c:\windows\system32\ncobjapi.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 36352 c:\windows\system32\ncobjapi.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 53760 c:\windows\system32\narrator.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 53760 c:\windows\system32\narrator.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 90624 c:\windows\system32\mydocs.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 90624 c:\windows\system32\mydocs.dll
- 2009-05-21 14:34 . 2008-06-12 14:23 91648 c:\windows\system32\mtxoci.dll
+ 2012-02-25 04:21 . 2008-06-12 14:23 91648 c:\windows\system32\mtxoci.dll
- 2009-05-21 14:34 . 2008-04-14 09:42 34304 c:\windows\system32\mtxlegih.dll
+ 2012-02-25 04:21 . 2008-04-14 10:42 34304 c:\windows\system32\mtxlegih.dll
+ 2012-02-25 04:21 . 2008-04-14 10:42 30720 c:\windows\system32\mtxdm.dll
- 2009-05-21 14:34 . 2008-04-14 09:42 30720 c:\windows\system32\mtxdm.dll
+ 2003-03-31 12:00 . 2008-08-28 07:46 74752 c:\windows\system32\msw3prt.dll
+ 2003-03-31 12:00 . 2008-04-14 05:00 61440 c:\windows\system32\msvcrt40.dll
- 2003-03-31 12:00 . 2008-04-14 04:00 61440 c:\windows\system32\msvcrt40.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 57344 c:\windows\system32\msvcirt.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 57344 c:\windows\system32\msvcirt.dll
+ 2012-02-25 04:22 . 2008-04-14 10:42 12288 c:\windows\system32\mstinit.exe
- 2009-05-21 14:35 . 2008-04-14 09:42 12288 c:\windows\system32\mstinit.exe
- 2003-03-31 12:00 . 2008-04-14 01:53 48128 c:\windows\system32\msprivs.dll
+ 2003-03-31 12:00 . 2008-04-14 02:53 48128 c:\windows\system32\msprivs.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 29696 c:\windows\system32\mspatcha.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 29696 c:\windows\system32\mspatcha.dll
+ 2003-03-31 12:00 . 2008-04-14 03:54 20480 c:\windows\system32\msorc32r.dll
- 2003-03-31 12:00 . 2008-04-14 02:54 20480 c:\windows\system32\msorc32r.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 25088 c:\windows\system32\mslbui.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 25088 c:\windows\system32\mslbui.dll
+ 2003-03-31 12:00 . 2007-04-02 23:19 60192 c:\windows\system32\msjter40.dll
- 2003-03-31 12:00 . 2007-04-02 22:19 60192 c:\windows\system32\msjter40.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 15360 c:\windows\system32\msisip.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 15360 c:\windows\system32\msisip.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 40960 c:\windows\system32\msiregmv.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 78848 c:\windows\system32\msiexec.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 78848 c:\windows\system32\msiexec.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 51712 c:\windows\system32\msident.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 51712 c:\windows\system32\msident.dll
- 2003-03-31 12:00 . 2009-03-08 08:31 48128 c:\windows\system32\mshtmler.dll
+ 2003-03-31 12:00 . 2009-03-08 09:31 48128 c:\windows\system32\mshtmler.dll
- 2003-03-31 12:00 . 2009-03-08 08:31 45568 c:\windows\system32\mshta.exe
+ 2003-03-31 12:00 . 2009-03-08 09:31 45568 c:\windows\system32\mshta.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 33792 c:\windows\system32\msgsvc.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 33792 c:\windows\system32\msgsvc.dll
+ 2012-02-25 04:21 . 2008-06-12 14:23 58880 c:\windows\system32\msdtclog.dll
- 2009-05-21 14:34 . 2008-06-12 14:23 58880 c:\windows\system32\msdtclog.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 14336 c:\windows\system32\msdmo.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 14336 c:\windows\system32\msdmo.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 68608 c:\windows\system32\msctfp.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 68608 c:\windows\system32\msctfp.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 36864 c:\windows\system32\mscpxl32.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 36864 c:\windows\system32\mscpxl32.dll
+ 2003-03-31 12:00 . 2008-04-14 03:56 12288 c:\windows\system32\mscpx32r.dll
- 2003-03-31 12:00 . 2008-04-14 02:56 12288 c:\windows\system32\mscpx32r.dll
- 2009-05-21 14:35 . 2008-04-14 09:42 69632 c:\windows\system32\msconf.dll
+ 2012-02-25 04:22 . 2008-04-14 10:42 69632 c:\windows\system32\msconf.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 86016 c:\windows\system32\msapsspc.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 86016 c:\windows\system32\msapsspc.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 71680 c:\windows\system32\msacm32.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 71680 c:\windows\system32\msacm32.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 53248 c:\windows\system32\mprdim.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 53248 c:\windows\system32\mprdim.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 87040 c:\windows\system32\mprapi.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 87040 c:\windows\system32\mprapi.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 59904 c:\windows\system32\mpr.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 59904 c:\windows\system32\mpr.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 16896 c:\windows\system32\more.com
- 2003-03-31 12:00 . 2008-04-14 09:42 16896 c:\windows\system32\more.com
- 2009-05-21 14:35 . 2008-04-14 09:42 32768 c:\windows\system32\mnmsrvc.exe
+ 2012-02-25 04:22 . 2008-04-14 10:42 32768 c:\windows\system32\mnmsrvc.exe
+ 2012-02-25 04:22 . 2008-04-14 10:41 34560 c:\windows\system32\mnmdd.dll
- 2009-05-21 14:35 . 2008-04-14 09:41 34560 c:\windows\system32\mnmdd.dll
- 2003-03-31 12:00 . 2008-04-14 02:24 68768 c:\windows\system32\mmsystem.dll
+ 2003-03-31 12:00 . 2008-04-14 03:24 68768 c:\windows\system32\mmsystem.dll
- 2009-05-21 14:34 . 2008-04-14 09:41 17408 c:\windows\system32\mmfutil.dll
+ 2012-02-25 04:21 . 2008-04-14 10:41 17408 c:\windows\system32\mmfutil.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 61440 c:\windows\system32\mmcshext.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 61440 c:\windows\system32\mmcshext.dll
- 2003-03-31 12:00 . 2008-03-07 17:02 29696 c:\windows\system32\mimefilt.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 29696 c:\windows\system32\mimefilt.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 60928 c:\windows\system32\miglibnt.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 60928 c:\windows\system32\miglibnt.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 18944 c:\windows\system32\midimap.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 18944 c:\windows\system32\midimap.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 14848 c:\windows\system32\mgmtapi.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 14848 c:\windows\system32\mgmtapi.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 22528 c:\windows\system32\mfcsubs.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 22528 c:\windows\system32\mfcsubs.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 40960 c:\windows\system32\mf3216.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 40960 c:\windows\system32\mf3216.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 23552 c:\windows\system32\mciwave.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 23552 c:\windows\system32\mciwave.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 35328 c:\windows\system32\mciqtz32.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 35328 c:\windows\system32\mciqtz32.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 84480 c:\windows\system32\mciavi32.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 84480 c:\windows\system32\mciavi32.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 14336 c:\windows\system32\mcastmib.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 14336 c:\windows\system32\mcastmib.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 57344 c:\windows\system32\makecab.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 57344 c:\windows\system32\makecab.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 72704 c:\windows\system32\magnify.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 72704 c:\windows\system32\magnify.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 13312 c:\windows\system32\lsass.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 13312 c:\windows\system32\lsass.exe
- 2009-05-21 14:43 . 2008-04-14 09:41 18944 c:\windows\system32\lprmon.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 18944 c:\windows\system32\lprmon.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 10240 c:\windows\system32\lprhelp.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 10240 c:\windows\system32\lprhelp.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 22016 c:\windows\system32\lpk.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 22016 c:\windows\system32\lpk.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 22528 c:\windows\system32\lpdsvc.dll
- 2009-05-21 14:43 . 2008-04-14 09:41 22528 c:\windows\system32\lpdsvc.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 75264 c:\windows\system32\locator.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 75264 c:\windows\system32\locator.exe
- 2003-03-31 12:00 . 2008-04-14 09:41 11776 c:\windows\system32\localui.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 11776 c:\windows\system32\localui.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 97280 c:\windows\system32\loadperf.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 97280 c:\windows\system32\loadperf.dll
+ 2010-03-16 10:26 . 1999-09-01 13:59 17408 c:\windows\system32\LMOUSE32.DLL
+ 2003-03-31 12:00 . 2008-04-14 10:41 13824 c:\windows\system32\lmhsvc.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 13824 c:\windows\system32\lmhsvc.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 19968 c:\windows\system32\linkinfo.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 19968 c:\windows\system32\linkinfo.dll
- 2009-05-21 14:34 . 2008-04-14 09:41 58880 c:\windows\system32\licwmi.dll
+ 2012-02-25 04:21 . 2008-04-14 10:41 58880 c:\windows\system32\licwmi.dll
- 2003-03-31 12:00 . 2008-04-14 02:23 92224 c:\windows\system32\krnl386.exe
+ 2003-03-31 12:00 . 2008-04-14 03:23 92224 c:\windows\system32\krnl386.exe
- 2003-03-31 12:00 . 2008-04-14 09:41 27648 c:\windows\system32\jgpl400.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 27648 c:\windows\system32\jgpl400.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 54272 c:\windows\system32\ixsso.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 54272 c:\windows\system32\ixsso.dll
+ 2012-02-25 04:22 . 2008-04-14 10:41 32768 c:\windows\system32\isrdbg32.dll
- 2009-05-21 14:35 . 2008-04-14 09:41 32768 c:\windows\system32\isrdbg32.dll
+ 2012-02-25 04:22 . 2010-11-18 18:12 81920 c:\windows\system32\isign32.dll
- 2009-05-21 14:35 . 2010-11-18 18:12 81920 c:\windows\system32\isign32.dll
+ 2012-02-25 04:05 . 2003-03-31 12:00 13312 c:\windows\system32\irclass.dll
- 2009-05-21 10:07 . 2003-03-31 12:00 13312 c:\windows\system32\irclass.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 22016 c:\windows\system32\ipxwan.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 22016 c:\windows\system32\ipxwan.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 23552 c:\windows\system32\ipxroute.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 23552 c:\windows\system32\ipxroute.exe
+ 2003-03-31 12:00 . 2008-04-14 10:41 59904 c:\windows\system32\ipv6mon.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 59904 c:\windows\system32\ipv6mon.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 53248 c:\windows\system32\ipv6.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 53248 c:\windows\system32\ipv6.exe
- 2003-03-31 12:00 . 2008-04-14 09:41 94720 c:\windows\system32\iphlpapi.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 94720 c:\windows\system32\iphlpapi.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 55808 c:\windows\system32\ipconfig.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 55808 c:\windows\system32\ipconfig.exe
- 2003-03-31 12:00 . 2009-03-08 08:32 94720 c:\windows\system32\inseng.dll
+ 2003-03-31 12:00 . 2009-03-08 09:32 94720 c:\windows\system32\inseng.dll
+ 2012-02-25 04:22 . 2008-04-14 02:52 48128 c:\windows\system32\inetres.dll
- 2009-05-21 14:35 . 2008-04-14 01:52 48128 c:\windows\system32\inetres.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 15872 c:\windows\system32\inetppui.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 15872 c:\windows\system32\inetppui.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 75264 c:\windows\system32\inetpp.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 75264 c:\windows\system32\inetpp.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 32768 c:\windows\system32\inetmib1.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 32768 c:\windows\system32\inetmib1.dll
- 2003-03-31 12:00 . 2009-03-08 08:31 34816 c:\windows\system32\imgutil.dll
+ 2003-03-31 12:00 . 2009-03-08 09:31 34816 c:\windows\system32\imgutil.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 36921 c:\windows\system32\imeshare.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 36921 c:\windows\system32\imeshare.dll
+ 2012-02-25 04:22 . 2008-04-14 10:41 81920 c:\windows\system32\ils.dll
- 2009-05-21 14:35 . 2008-04-14 09:41 81920 c:\windows\system32\ils.dll
+ 2007-08-13 22:39 . 2009-03-08 09:32 36864 c:\windows\system32\ieudinit.exe
- 2007-08-13 22:39 . 2009-03-08 08:32 36864 c:\windows\system32\ieudinit.exe
+ 2003-03-31 12:00 . 2009-03-08 09:32 71680 c:\windows\system32\iesetup.dll
- 2003-03-31 12:00 . 2009-03-08 08:32 71680 c:\windows\system32\iesetup.dll
- 2003-03-31 12:00 . 2009-03-08 08:32 55808 c:\windows\system32\iernonce.dll
+ 2003-03-31 12:00 . 2009-03-08 09:32 55808 c:\windows\system32\iernonce.dll
- 2006-06-29 12:05 . 2009-01-07 22:20 26112 c:\windows\system32\idndl.dll
+ 2006-06-29 12:05 . 2009-01-07 23:20 26112 c:\windows\system32\idndl.dll
+ 2012-02-25 04:22 . 2008-04-14 10:41 65536 c:\windows\system32\icwphbk.dll
- 2009-05-21 14:35 . 2008-04-14 09:41 65536 c:\windows\system32\icwphbk.dll
- 2009-05-21 14:35 . 2008-04-14 09:41 73728 c:\windows\system32\icwdial.dll
+ 2012-02-25 04:22 . 2008-04-14 10:41 73728 c:\windows\system32\icwdial.dll
+ 2012-02-25 04:21 . 2008-04-14 10:41 11264 c:\windows\system32\icaapi.dll
- 2009-05-21 14:34 . 2008-04-14 09:41 11264 c:\windows\system32\icaapi.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 41984 c:\windows\system32\htui.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 41984 c:\windows\system32\htui.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 72704 c:\windows\system32\hlink.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 72704 c:\windows\system32\hlink.dll
- 2009-05-21 10:08 . 2008-04-14 09:41 21504 c:\windows\system32\hidserv.dll
+ 2002-08-29 03:40 . 2008-04-14 10:41 21504 c:\windows\system32\hidserv.dll
- 2001-08-17 22:36 . 2008-04-14 09:41 20992 c:\windows\system32\hid.dll
+ 2001-08-17 22:36 . 2008-04-14 10:41 20992 c:\windows\system32\hid.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 41472 c:\windows\system32\hhsetup.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 41472 c:\windows\system32\hhsetup.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 15872 c:\windows\system32\help.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 15872 c:\windows\system32\help.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 39424 c:\windows\system32\grpconv.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 39424 c:\windows\system32\grpconv.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 42496 c:\windows\system32\ftp.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 42496 c:\windows\system32\ftp.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 29696 c:\windows\system32\format.com
- 2003-03-31 12:00 . 2008-04-14 09:42 29696 c:\windows\system32\format.com
- 2003-03-31 12:00 . 2008-04-14 09:42 20992 c:\windows\system32\fontview.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 20992 c:\windows\system32\fontview.exe
+ 2003-03-31 12:00 . 2008-04-14 10:41 87552 c:\windows\system32\fldrclnr.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 87552 c:\windows\system32\fldrclnr.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 27136 c:\windows\system32\findstr.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 27136 c:\windows\system32\findstr.exe
+ 2003-03-31 12:00 . 2008-04-14 10:41 21504 c:\windows\system32\feclient.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 21504 c:\windows\system32\feclient.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 80384 c:\windows\system32\faultrep.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 80384 c:\windows\system32\faultrep.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 24064 c:\windows\system32\extrac32.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 24064 c:\windows\system32\extrac32.exe
- 2003-03-31 12:00 . 2008-04-14 09:41 56320 c:\windows\system32\eventlog.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 56320 c:\windows\system32\eventlog.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 23040 c:\windows\system32\ersvc.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 23040 c:\windows\system32\ersvc.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 20480 c:\windows\system32\encapi.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 20480 c:\windows\system32\encapi.dll
+ 2009-05-21 14:35 . 2012-02-25 04:21 23680 c:\windows\system32\emptyregdb.dat
+ 2003-03-31 12:00 . 2008-04-14 10:42 17920 c:\windows\system32\dvdupgrd.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 17920 c:\windows\system32\dvdupgrd.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 10752 c:\windows\system32\dumprep.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 10752 c:\windows\system32\dumprep.exe
- 2003-03-31 12:00 . 2008-04-14 09:41 19456 c:\windows\system32\dswave.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 19456 c:\windows\system32\dswave.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 51200 c:\windows\system32\dssec.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 51200 c:\windows\system32\dssec.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 92672 c:\windows\system32\dskquota.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 92672 c:\windows\system32\dskquota.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 71680 c:\windows\system32\dsdmoprp.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 71680 c:\windows\system32\dsdmoprp.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 16384 c:\windows\system32\ds32gt.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 16384 c:\windows\system32\ds32gt.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 14336 c:\windows\system32\drprov.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 14336 c:\windows\system32\drprov.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 87040 c:\windows\system32\drmstor.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 87040 c:\windows\system32\drmstor.dll
+ 2002-08-29 02:00 . 2008-04-14 05:47 83072 c:\windows\system32\drivers\wdmaud.sys
- 2009-05-26 14:36 . 2008-04-14 04:47 83072 c:\windows\system32\drivers\wdmaud.sys
+ 2003-03-31 12:00 . 2008-04-14 05:27 34560 c:\windows\system32\drivers\wanarp.sys
- 2003-03-31 12:00 . 2008-04-14 04:27 34560 c:\windows\system32\drivers\wanarp.sys
- 2009-05-21 14:42 . 2008-04-14 04:13 14208 c:\windows\system32\drivers\wacompen.sys
+ 2009-05-21 14:42 . 2008-04-14 05:13 14208 c:\windows\system32\drivers\wacompen.sys
- 2003-03-31 12:00 . 2008-04-14 04:11 52352 c:\windows\system32\drivers\volsnap.sys
+ 2003-03-31 12:00 . 2008-04-14 05:11 52352 c:\windows\system32\drivers\volsnap.sys
+ 2003-03-31 12:00 . 2008-04-14 05:14 81664 c:\windows\system32\drivers\videoprt.sys
- 2003-03-31 12:00 . 2008-04-14 04:14 81664 c:\windows\system32\drivers\videoprt.sys
+ 2001-08-17 13:58 . 2008-04-14 05:06 42240 c:\windows\system32\drivers\viaagp.sys
- 2009-05-21 14:42 . 2008-04-14 04:06 42240 c:\windows\system32\drivers\viaagp.sys
+ 2003-03-31 12:00 . 2008-04-14 05:14 20992 c:\windows\system32\drivers\vga.sys
- 2003-03-31 12:00 . 2008-04-14 04:14 20992 c:\windows\system32\drivers\vga.sys
- 2009-11-20 15:16 . 2008-04-14 05:15 26368 c:\windows\system32\drivers\USBSTOR.SYS
+ 2003-03-31 12:00 . 2008-04-14 05:15 26368 c:\windows\system32\drivers\usbstor.sys
- 2009-05-27 17:40 . 2008-04-14 04:15 15104 c:\windows\system32\drivers\usbscan.sys
+ 2009-05-27 17:40 . 2008-04-14 05:15 15104 c:\windows\system32\drivers\usbscan.sys
- 2009-05-26 14:01 . 2008-04-14 04:17 25856 c:\windows\system32\drivers\usbprint.sys
+ 2009-05-26 14:01 . 2008-04-14 05:17 25856 c:\windows\system32\drivers\usbprint.sys
- 2003-03-31 12:00 . 2008-04-14 04:15 17152 c:\windows\system32\drivers\usbohci.sys
+ 2003-03-31 12:00 . 2008-04-14 05:15 17152 c:\windows\system32\drivers\usbohci.sys
+ 2002-08-29 01:32 . 2008-04-14 05:15 15872 c:\windows\system32\drivers\usbintel.sys
- 2002-08-29 01:32 . 2008-04-14 04:15 15872 c:\windows\system32\drivers\usbintel.sys
+ 2003-03-31 12:00 . 2008-04-14 05:15 59520 c:\windows\system32\drivers\usbhub.sys
- 2003-03-31 12:00 . 2008-04-14 04:15 59520 c:\windows\system32\drivers\usbhub.sys
- 2003-03-31 12:00 . 2008-04-14 04:15 30208 c:\windows\system32\drivers\usbehci.sys
+ 2003-03-31 12:00 . 2008-04-14 05:15 30208 c:\windows\system32\drivers\usbehci.sys
- 2001-08-17 14:03 . 2008-04-14 04:15 25728 c:\windows\system32\drivers\usbcamd2.sys
+ 2001-08-17 14:03 . 2008-04-14 05:15 25728 c:\windows\system32\drivers\usbcamd2.sys
+ 2001-08-17 14:03 . 2008-04-14 05:15 25600 c:\windows\system32\drivers\usbcamd.sys
- 2001-08-17 14:03 . 2008-04-14 04:15 25600 c:\windows\system32\drivers\usbcamd.sys
+ 2003-03-31 12:00 . 2008-04-14 05:26 12800 c:\windows\system32\drivers\usb8023.sys
- 2003-03-31 12:00 . 2008-04-14 04:26 12800 c:\windows\system32\drivers\usb8023.sys
- 2003-03-31 12:00 . 2008-04-14 04:02 66048 c:\windows\system32\drivers\udfs.sys
+ 2003-03-31 12:00 . 2008-04-14 05:02 66048 c:\windows\system32\drivers\udfs.sys
+ 2002-08-29 01:35 . 2008-04-14 05:26 12288 c:\windows\system32\drivers\tunmp.sys
- 2002-08-29 01:35 . 2008-04-14 04:26 12288 c:\windows\system32\drivers\tunmp.sys
- 2009-05-21 14:34 . 2008-04-14 09:43 40840 c:\windows\system32\drivers\termdd.sys
+ 2012-02-25 04:05 . 2008-04-14 10:43 40840 c:\windows\system32\drivers\termdd.sys
+ 2012-02-25 04:21 . 2008-04-14 10:43 21896 c:\windows\system32\drivers\tdtcp.sys
- 2009-05-21 14:34 . 2008-04-14 09:43 21896 c:\windows\system32\drivers\tdtcp.sys
- 2009-05-21 14:34 . 2008-04-14 09:43 12040 c:\windows\system32\drivers\tdpipe.sys
+ 2012-02-25 04:21 . 2008-04-14 10:43 12040 c:\windows\system32\drivers\tdpipe.sys
- 2003-03-31 12:00 . 2008-04-14 04:30 19072 c:\windows\system32\drivers\tdi.sys
+ 2003-03-31 12:00 . 2008-04-14 05:30 19072 c:\windows\system32\drivers\tdi.sys
+ 2003-03-31 12:00 . 2008-04-14 05:10 14976 c:\windows\system32\drivers\tape.sys
- 2003-03-31 12:00 . 2008-04-14 04:10 14976 c:\windows\system32\drivers\tape.sys
- 2009-05-26 14:35 . 2008-04-14 04:45 60800 c:\windows\system32\drivers\sysaudio.sys
+ 2002-08-29 02:01 . 2008-04-14 05:45 60800 c:\windows\system32\drivers\sysaudio.sys
- 2009-05-26 14:36 . 2008-04-14 04:15 56576 c:\windows\system32\drivers\swmidi.sys
+ 2001-08-17 14:00 . 2008-04-14 05:15 56576 c:\windows\system32\drivers\swmidi.sys
+ 2012-02-25 04:22 . 2008-04-14 05:06 73472 c:\windows\system32\drivers\sr.sys
- 2009-05-21 14:35 . 2008-04-14 04:06 73472 c:\windows\system32\drivers\sr.sys
+ 2002-08-29 01:33 . 2008-04-14 05:16 25344 c:\windows\system32\drivers\sonydcam.sys
- 2002-08-29 01:33 . 2008-04-14 04:16 25344 c:\windows\system32\drivers\sonydcam.sys
+ 2001-08-17 13:58 . 2008-04-14 05:06 40960 c:\windows\system32\drivers\sisagp.sys
- 2009-05-21 14:42 . 2008-04-14 04:06 40960 c:\windows\system32\drivers\sisagp.sys
- 2003-03-31 12:00 . 2008-04-14 04:10 11392 c:\windows\system32\drivers\sfloppy.sys
+ 2003-03-31 12:00 . 2008-04-14 05:10 11392 c:\windows\system32\drivers\sfloppy.sys
+ 2003-03-31 12:00 . 2008-04-14 05:45 64512 c:\windows\system32\drivers\serial.sys
- 2012-02-24 16:35 . 2008-04-14 04:45 64512 c:\windows\system32\drivers\Serial.sys
- 2003-03-31 12:00 . 2008-04-14 04:10 15744 c:\windows\system32\drivers\serenum.sys
+ 2003-03-31 12:00 . 2008-04-14 05:10 15744 c:\windows\system32\drivers\serenum.sys
+ 2003-03-31 12:00 . 2008-04-14 03:09 20480 c:\windows\system32\drivers\secdrv.sys
- 2003-03-31 12:00 . 2008-04-14 02:09 20480 c:\windows\system32\drivers\secdrv.sys
+ 2003-03-31 12:00 . 2008-04-14 05:10 96384 c:\windows\system32\drivers\scsiport.sys
- 2003-03-31 12:00 . 2008-04-14 04:10 96384 c:\windows\system32\drivers\scsiport.sys
- 2009-05-29 14:55 . 2008-04-14 04:10 43904 c:\windows\system32\drivers\sbp2port.sys
+ 2003-03-31 12:00 . 2008-04-14 05:10 43904 c:\windows\system32\drivers\sbp2port.sys
- 2003-03-31 12:00 . 2008-04-14 04:26 30592 c:\windows\system32\drivers\rndismp.sys
+ 2003-03-31 12:00 . 2008-04-14 05:26 30592 c:\windows\system32\drivers\rndismp.sys
+ 2003-03-31 12:00 . 2008-04-14 05:49 48384 c:\windows\system32\drivers\raspptp.sys
- 2003-03-31 12:00 . 2008-04-14 04:49 48384 c:\windows\system32\drivers\raspptp.sys
+ 2003-03-31 12:00 . 2008-04-14 05:27 41472 c:\windows\system32\drivers\raspppoe.sys
- 2003-03-31 12:00 . 2008-04-14 04:27 41472 c:\windows\system32\drivers\raspppoe.sys
+ 2003-03-31 12:00 . 2008-04-14 05:49 51328 c:\windows\system32\drivers\rasl2tp.sys
- 2003-03-31 12:00 . 2008-04-14 04:49 51328 c:\windows\system32\drivers\rasl2tp.sys
+ 2003-03-31 12:00 . 2008-04-14 05:26 69120 c:\windows\system32\drivers\psched.sys
- 2003-03-31 12:00 . 2008-04-14 04:26 69120 c:\windows\system32\drivers\psched.sys
- 2002-08-29 01:05 . 2008-04-14 04:01 35840 c:\windows\system32\drivers\processr.sys
+ 2002-08-29 01:05 . 2008-04-14 05:01 35840 c:\windows\system32\drivers\processr.sys
+ 2003-03-31 12:00 . 2008-04-14 05:10 24960 c:\windows\system32\drivers\pciidex.sys
- 2003-03-31 12:00 . 2008-04-14 04:10 24960 c:\windows\system32\drivers\pciidex.sys
+ 2003-03-31 12:00 . 2008-04-14 05:06 68224 c:\windows\system32\drivers\pci.sys
- 2003-03-31 12:00 . 2008-04-14 04:06 68224 c:\windows\system32\drivers\pci.sys
+ 2003-03-31 12:00 . 2008-04-14 05:10 19712 c:\windows\system32\drivers\partmgr.sys
- 2003-03-31 12:00 . 2008-04-14 04:10 19712 c:\windows\system32\drivers\partmgr.sys
- 2002-08-29 01:27 . 2008-04-14 04:10 80128 c:\windows\system32\drivers\parport.sys
+ 2002-08-29 01:27 . 2008-04-14 05:10 80128 c:\windows\system32\drivers\parport.sys
+ 2002-08-29 01:05 . 2008-04-14 05:01 42752 c:\windows\system32\drivers\p3.sys
- 2002-08-29 01:05 . 2008-04-14 04:01 42752 c:\windows\system32\drivers\p3.sys
- 2003-03-31 12:00 . 2008-04-14 04:16 61696 c:\windows\system32\drivers\ohci1394.sys
+ 2003-03-31 12:00 . 2008-04-14 05:16 61696 c:\windows\system32\drivers\ohci1394.sys
- 2003-03-31 12:00 . 2008-04-14 04:26 88320 c:\windows\system32\drivers\nwlnkipx.sys
+ 2003-03-31 12:00 . 2008-04-14 05:26 88320 c:\windows\system32\drivers\nwlnkipx.sys
- 2003-03-31 12:00 . 2008-04-14 04:02 30848 c:\windows\system32\drivers\npfs.sys
+ 2003-03-31 12:00 . 2008-04-14 05:02 30848 c:\windows\system32\drivers\npfs.sys
+ 2003-03-31 12:00 . 2008-04-14 05:23 40320 c:\windows\system32\drivers\nmnt.sys
- 2003-03-31 12:00 . 2008-04-14 04:23 40320 c:\windows\system32\drivers\nmnt.sys
+ 2002-08-29 01:33 . 2008-04-14 05:21 61824 c:\windows\system32\drivers\nic1394.sys
- 2002-08-29 01:33 . 2008-04-14 04:21 61824 c:\windows\system32\drivers\nic1394.sys
+ 2003-03-31 12:00 . 2008-04-14 05:26 34688 c:\windows\system32\drivers\netbios.sys
- 2003-03-31 12:00 . 2008-04-14 04:26 34688 c:\windows\system32\drivers\netbios.sys
- 2003-03-31 12:00 . 2008-04-14 04:50 91520 c:\windows\system32\drivers\ndiswan.sys
+ 2003-03-31 12:00 . 2008-04-14 05:50 91520 c:\windows\system32\drivers\ndiswan.sys
- 2002-08-29 01:35 . 2008-04-14 04:26 14592 c:\windows\system32\drivers\ndisuio.sys
+ 2002-08-29 01:35 . 2008-04-14 05:26 14592 c:\windows\system32\drivers\ndisuio.sys
- 2009-05-21 14:42 . 2008-04-14 04:13 12672 c:\windows\system32\drivers\mutohpen.sys
+ 2009-05-21 14:42 . 2008-04-14 05:13 12672 c:\windows\system32\drivers\mutohpen.sys
- 2003-03-31 12:00 . 2008-04-14 04:26 35072 c:\windows\system32\drivers\msgpc.sys
+ 2003-03-31 12:00 . 2008-04-14 05:26 35072 c:\windows\system32\drivers\msgpc.sys
- 2003-03-31 12:00 . 2008-04-14 04:02 19072 c:\windows\system32\drivers\msfs.sys
+ 2003-03-31 12:00 . 2008-04-14 05:02 19072 c:\windows\system32\drivers\msfs.sys
- 2003-03-31 12:00 . 2008-04-14 04:09 42368 c:\windows\system32\drivers\mountmgr.sys
+ 2003-03-31 12:00 . 2008-04-14 05:09 42368 c:\windows\system32\drivers\mountmgr.sys
- 2001-08-17 13:48 . 2001-08-17 17:48 12160 c:\windows\system32\drivers\mouhid.sys
+ 2001-08-17 13:48 . 2003-03-31 12:00 12160 c:\windows\system32\drivers\mouhid.sys
- 2002-08-29 01:27 . 2008-04-14 04:09 23040 c:\windows\system32\drivers\mouclass.sys
+ 2002-08-29 01:27 . 2008-04-14 05:09 23040 c:\windows\system32\drivers\mouclass.sys
- 2001-08-17 13:57 . 2008-04-14 04:30 30080 c:\windows\system32\drivers\modem.sys
+ 2001-08-17 13:57 . 2008-04-14 05:30 30080 c:\windows\system32\drivers\modem.sys
+ 2001-08-17 13:58 . 2008-04-14 05:06 63744 c:\windows\system32\drivers\mf.sys
- 2001-08-17 13:58 . 2008-04-14 04:06 63744 c:\windows\system32\drivers\mf.sys
+ 2012-02-25 04:18 . 2003-11-07 09:50 51486 c:\windows\system32\drivers\L8042pr2.Sys
- 2003-03-31 12:00 . 2008-04-14 04:09 14592 c:\windows\system32\drivers\kbdhid.sys
+ 2003-03-31 12:00 . 2008-04-14 05:09 14592 c:\windows\system32\drivers\kbdhid.sys
+ 2003-03-31 12:00 . 2008-04-14 05:09 24576 c:\windows\system32\drivers\kbdclass.sys
- 2003-03-31 12:00 . 2008-04-14 04:09 24576 c:\windows\system32\drivers\kbdclass.sys
+ 2003-03-31 12:00 . 2008-04-14 05:06 37248 c:\windows\system32\drivers\isapnp.sys
- 2003-03-31 12:00 . 2008-04-14 04:06 37248 c:\windows\system32\drivers\isapnp.sys
+ 2012-02-25 04:05 . 2008-04-14 05:24 11264 c:\windows\system32\drivers\irenum.sys
- 2009-05-21 10:07 . 2008-04-14 04:24 11264 c:\windows\system32\drivers\irenum.sys
+ 2003-03-31 12:00 . 2008-04-14 05:49 75264 c:\windows\system32\drivers\ipsec.sys
- 2003-03-31 12:00 . 2008-04-14 04:49 75264 c:\windows\system32\drivers\ipsec.sys
+ 2003-03-31 12:00 . 2008-04-14 05:27 20864 c:\windows\system32\drivers\ipinip.sys
- 2003-03-31 12:00 . 2008-04-14 04:27 20864 c:\windows\system32\drivers\ipinip.sys
- 2003-03-31 12:00 . 2008-04-14 04:11 42112 c:\windows\system32\drivers\imapi.sys
+ 2003-03-31 12:00 . 2008-04-14 05:11 42112 c:\windows\system32\drivers\imapi.sys
+ 2003-03-31 12:00 . 2008-04-14 05:48 52480 c:\windows\system32\drivers\i8042prt.sys
- 2003-03-31 12:00 . 2008-04-14 04:48 52480 c:\windows\system32\drivers\i8042prt.sys
+ 2003-03-31 12:00 . 2008-04-14 05:15 24960 c:\windows\system32\drivers\hidparse.sys
- 2003-03-31 12:00 . 2008-04-14 04:15 24960 c:\windows\system32\drivers\hidparse.sys
- 2009-05-21 14:42 . 2008-04-14 04:15 19200 c:\windows\system32\drivers\hidir.sys
+ 2009-05-21 14:42 . 2008-04-14 05:15 19200 c:\windows\system32\drivers\hidir.sys
+ 2003-03-31 12:00 . 2008-04-14 05:15 36864 c:\windows\system32\drivers\hidclass.sys
- 2003-03-31 12:00 . 2008-04-14 04:15 36864 c:\windows\system32\drivers\hidclass.sys
- 2003-03-31 12:00 . 2008-04-14 04:10 20480 c:\windows\system32\drivers\flpydisk.sys
+ 2003-03-31 12:00 . 2008-04-14 05:10 20480 c:\windows\system32\drivers\flpydisk.sys
- 2003-03-31 12:00 . 2008-04-14 04:03 44544 c:\windows\system32\drivers\fips.sys
+ 2003-03-31 12:00 . 2008-04-14 05:03 44544 c:\windows\system32\drivers\fips.sys
+ 2003-03-31 12:00 . 2008-04-14 05:10 27392 c:\windows\system32\drivers\fdc.sys
- 2003-03-31 12:00 . 2008-04-14 04:10 27392 c:\windows\system32\drivers\fdc.sys
+ 2003-03-31 12:00 . 2008-04-14 05:08 71168 c:\windows\system32\drivers\dxg.sys
- 2003-03-31 12:00 . 2008-04-14 04:08 71168 c:\windows\system32\drivers\dxg.sys
+ 2002-08-29 01:32 . 2008-04-14 05:15 60160 c:\windows\system32\drivers\drmk.sys
- 2009-05-26 14:35 . 2008-04-14 05:15 60160 c:\windows\system32\drivers\drmk.sys
+ 2003-03-31 12:00 . 2008-04-14 05:10 14208 c:\windows\system32\drivers\diskdump.sys
- 2003-03-31 12:00 . 2008-04-14 04:10 14208 c:\windows\system32\drivers\diskdump.sys
+ 2003-03-31 12:00 . 2008-04-14 05:10 36352 c:\windows\system32\drivers\disk.sys
- 2003-03-31 12:00 . 2008-04-14 04:10 36352 c:\windows\system32\drivers\disk.sys
- 2002-08-29 01:05 . 2008-04-14 04:01 36736 c:\windows\system32\drivers\crusoe.sys
+ 2002-08-29 01:05 . 2008-04-14 05:01 36736 c:\windows\system32\drivers\crusoe.sys
+ 2003-03-31 12:00 . 2008-04-14 05:46 49536 c:\windows\system32\drivers\classpnp.sys
- 2003-03-31 12:00 . 2008-04-14 04:46 49536 c:\windows\system32\drivers\classpnp.sys
- 2003-03-31 12:00 . 2008-04-14 04:10 62976 c:\windows\system32\drivers\cdrom.sys
+ 2003-03-31 12:00 . 2008-04-14 05:10 62976 c:\windows\system32\drivers\cdrom.sys
- 2003-03-31 12:00 . 2008-04-14 04:44 63744 c:\windows\system32\drivers\cdfs.sys
+ 2003-03-31 12:00 . 2008-04-14 05:44 63744 c:\windows\system32\drivers\cdfs.sys
- 2003-03-31 12:00 . 2008-04-14 04:23 71552 c:\windows\system32\drivers\bridge.sys
+ 2003-03-31 12:00 . 2008-04-14 05:23 71552 c:\windows\system32\drivers\bridge.sys
+ 2003-03-31 12:00 . 2008-04-14 05:21 55808 c:\windows\system32\drivers\atmlane.sys
- 2003-03-31 12:00 . 2008-04-14 04:21 55808 c:\windows\system32\drivers\atmlane.sys
- 2003-03-31 12:00 . 2008-04-14 04:21 59904 c:\windows\system32\drivers\atmarpc.sys
+ 2003-03-31 12:00 . 2008-04-14 05:21 59904 c:\windows\system32\drivers\atmarpc.sys
+ 2009-05-21 14:42 . 2008-04-14 03:04 63488 c:\windows\system32\drivers\atinxsxx.sys
- 2009-05-21 14:42 . 2008-04-14 02:04 63488 c:\windows\system32\drivers\atinxsxx.sys
- 2009-05-21 14:42 . 2008-04-14 02:04 31744 c:\windows\system32\drivers\atinxbxx.sys
+ 2009-05-21 14:42 . 2008-04-14 03:04 31744 c:\windows\system32\drivers\atinxbxx.sys
+ 2009-05-21 14:42 . 2008-04-14 03:04 73216 c:\windows\system32\drivers\atintuxx.sys
- 2009-05-21 14:42 . 2008-04-14 02:04 73216 c:\windows\system32\drivers\atintuxx.sys
+ 2009-05-21 14:42 . 2008-04-14 03:04 13824 c:\windows\system32\drivers\atinttxx.sys
- 2009-05-21 14:42 . 2008-04-14 02:04 13824 c:\windows\system32\drivers\atinttxx.sys
- 2009-05-21 14:42 . 2008-04-14 02:04 28672 c:\windows\system32\drivers\atinsnxx.sys
+ 2009-05-21 14:42 . 2008-04-14 03:04 28672 c:\windows\system32\drivers\atinsnxx.sys
- 2009-05-21 14:42 . 2008-04-14 02:04 52224 c:\windows\system32\drivers\atinraxx.sys
+ 2009-05-21 14:42 . 2008-04-14 03:04 52224 c:\windows\system32\drivers\atinraxx.sys
- 2009-05-21 14:42 . 2008-04-14 02:04 14336 c:\windows\system32\drivers\atinpdxx.sys
+ 2009-05-21 14:42 . 2008-04-14 03:04 14336 c:\windows\system32\drivers\atinpdxx.sys
+ 2009-05-21 14:42 . 2008-04-14 03:04 13824 c:\windows\system32\drivers\atinmdxx.sys
- 2009-05-21 14:42 . 2008-04-14 02:04 13824 c:\windows\system32\drivers\atinmdxx.sys
- 2009-05-21 14:42 . 2008-04-14 02:04 57856 c:\windows\system32\drivers\atinbtxx.sys
+ 2009-05-21 14:42 . 2008-04-14 03:04 57856 c:\windows\system32\drivers\atinbtxx.sys
+ 2003-03-31 12:00 . 2008-04-14 05:10 96512 c:\windows\system32\drivers\atapi.sys
- 2003-03-31 12:00 . 2008-04-14 04:10 96512 c:\windows\system32\drivers\atapi.sys
+ 2003-03-31 12:00 . 2008-04-14 05:27 14336 c:\windows\system32\drivers\asyncmac.sys
- 2003-03-31 12:00 . 2008-04-14 04:27 14336 c:\windows\system32\drivers\asyncmac.sys
+ 2002-08-29 01:33 . 2008-04-14 05:21 60800 c:\windows\system32\drivers\arp1394.sys
- 2002-08-29 01:33 . 2008-04-14 04:21 60800 c:\windows\system32\drivers\arp1394.sys
+ 2002-08-29 01:05 . 2008-04-14 05:01 37760 c:\windows\system32\drivers\amdk7.sys
- 2002-08-29 01:05 . 2008-04-14 04:01 37760 c:\windows\system32\drivers\amdk7.sys
+ 2002-08-29 01:05 . 2008-04-14 05:01 37376 c:\windows\system32\drivers\amdk6.sys
- 2002-08-29 01:05 . 2008-04-14 04:01 37376 c:\windows\system32\drivers\amdk6.sys
+ 2001-08-17 13:58 . 2008-04-14 05:06 43008 c:\windows\system32\drivers\amdagp.sys
- 2009-05-21 14:42 . 2008-04-14 04:06 43008 c:\windows\system32\drivers\amdagp.sys
+ 2001-08-17 13:58 . 2008-04-14 05:06 42752 c:\windows\system32\drivers\alim1541.sys
- 2009-05-21 14:42 . 2008-04-14 04:06 42752 c:\windows\system32\drivers\alim1541.sys
- 2009-05-21 14:42 . 2008-04-14 04:06 44928 c:\windows\system32\drivers\agpcpq.sys
+ 2001-08-17 13:58 . 2008-04-14 05:06 44928 c:\windows\system32\drivers\agpcpq.sys
+ 2001-08-17 13:58 . 2008-04-14 05:06 42368 c:\windows\system32\drivers\agp440.sys
- 2009-05-21 14:42 . 2008-04-14 04:06 42368 c:\windows\system32\drivers\agp440.sys
- 2003-03-31 12:00 . 2008-04-14 04:16 53376 c:\windows\system32\drivers\1394bus.sys
+ 2003-03-31 12:00 . 2008-04-14 05:16 53376 c:\windows\system32\drivers\1394bus.sys
- 2003-03-31 12:00 . 2008-04-14 09:41 57344 c:\windows\system32\dpwsockx.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 57344 c:\windows\system32\dpwsockx.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 83456 c:\windows\system32\dpvsetup.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 83456 c:\windows\system32\dpvsetup.exe
- 2003-03-31 12:00 . 2008-04-14 09:41 21504 c:\windows\system32\dpvacm.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 21504 c:\windows\system32\dpvacm.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 17920 c:\windows\system32\dpnsvr.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 17920 c:\windows\system32\dpnsvr.exe
- 2003-03-31 12:00 . 2008-04-14 09:41 60928 c:\windows\system32\dpnhupnp.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 60928 c:\windows\system32\dpnhupnp.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 35328 c:\windows\system32\dpnhpast.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 35328 c:\windows\system32\dpnhpast.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 23552 c:\windows\system32\dpmodemx.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 23552 c:\windows\system32\dpmodemx.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 29696 c:\windows\system32\dplaysvr.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 29696 c:\windows\system32\dplaysvr.exe
- 2003-03-31 12:00 . 2008-04-14 02:24 53840 c:\windows\system32\dosx.exe
+ 2003-03-31 12:00 . 2008-04-14 03:24 53840 c:\windows\system32\dosx.exe
- 2003-03-31 12:00 . 2008-04-14 09:41 48128 c:\windows\system32\docprop2.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 48128 c:\windows\system32\docprop2.dll
- 2001-08-17 22:36 . 2008-04-14 09:41 52224 c:\windows\system32\dmutil.dll
+ 2001-08-17 22:36 . 2008-04-14 10:41 52224 c:\windows\system32\dmutil.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 23552 c:\windows\system32\dmserver.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 23552 c:\windows\system32\dmserver.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 82432 c:\windows\system32\dmscript.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 82432 c:\windows\system32\dmscript.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 15872 c:\windows\system32\dmremote.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 15872 c:\windows\system32\dmremote.exe
- 2003-03-31 12:00 . 2008-04-14 09:41 35840 c:\windows\system32\dmloader.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 35840 c:\windows\system32\dmloader.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 61440 c:\windows\system32\dmcompos.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 61440 c:\windows\system32\dmcompos.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 28672 c:\windows\system32\dmband.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 28672 c:\windows\system32\dmband.dll
- 2009-05-21 14:34 . 2009-08-06 23:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2012-02-25 04:21 . 2009-08-07 00:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 20480 c:\windows\system32\dllcache\wmpui.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 20480 c:\windows\system32\dllcache\wmpui.dll
+ 2009-05-21 14:35 . 2008-04-14 10:42 73728 c:\windows\system32\dllcache\wmplayer.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 20480 c:\windows\system32\dllcache\wmpcore.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 20480 c:\windows\system32\dllcache\wmpcore.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 20480 c:\windows\system32\dllcache\wmpcd.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 20480 c:\windows\system32\dllcache\wmpcd.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 23552 c:\windows\system32\dllcache\wmdmps.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 27136 c:\windows\system32\dllcache\wmdmlog.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 31232 c:\windows\system32\dllcache\weitekp9.sys
+ 2012-02-25 04:24 . 2003-03-31 12:00 31232 c:\windows\system32\dllcache\weitekp9.sys
+ 2012-02-25 04:24 . 2003-03-31 12:00 41600 c:\windows\system32\dllcache\weitekp9.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 41600 c:\windows\system32\dllcache\weitekp9.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 48256 c:\windows\system32\dllcache\w32.dll
+ 2012-02-25 04:24 . 2003-03-31 12:00 48256 c:\windows\system32\dllcache\w32.dll
+ 2012-02-25 04:24 . 2008-04-14 10:41 86073 c:\windows\system32\dllcache\voicesub.dll
- 2009-05-21 14:37 . 2008-04-14 09:41 86073 c:\windows\system32\dllcache\voicesub.dll
- 2009-05-21 14:37 . 2008-04-14 09:41 76288 c:\windows\system32\dllcache\uniime.dll
+ 2012-02-25 04:24 . 2008-04-14 10:41 76288 c:\windows\system32\dllcache\uniime.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 14336 c:\windows\system32\dllcache\tsprof.exe
+ 2012-02-25 04:24 . 2003-03-31 12:00 14336 c:\windows\system32\dllcache\tsprof.exe
- 2009-05-21 14:35 . 2003-03-31 12:00 40960 c:\windows\system32\dllcache\trialoc.dll
+ 2012-02-25 04:22 . 2003-03-31 12:00 40960 c:\windows\system32\dllcache\trialoc.dll
+ 2012-02-25 04:24 . 2008-04-14 10:41 10240 c:\windows\system32\dllcache\tmigrate.dll
- 2009-05-21 14:37 . 2008-04-14 09:41 10240 c:\windows\system32\dllcache\tmigrate.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 44032 c:\windows\system32\dllcache\tintlphr.exe
+ 2012-02-25 04:24 . 2003-03-31 12:00 44032 c:\windows\system32\dllcache\tintlphr.exe
- 2009-05-21 14:37 . 2003-03-31 12:00 19464 c:\windows\system32\dllcache\tdspx.sys
+ 2012-02-25 04:24 . 2003-03-31 12:00 19464 c:\windows\system32\dllcache\tdspx.sys
+ 2012-02-25 04:24 . 2003-03-31 12:00 21896 c:\windows\system32\dllcache\tdipx.sys
- 2009-05-21 14:37 . 2003-03-31 12:00 21896 c:\windows\system32\dllcache\tdipx.sys
+ 2012-02-25 04:24 . 2003-03-31 12:00 13192 c:\windows\system32\dllcache\tdasync.sys
- 2009-05-21 14:37 . 2003-03-31 12:00 13192 c:\windows\system32\dllcache\tdasync.sys
- 2009-05-21 10:07 . 2003-03-31 12:00 15360 c:\windows\system32\dllcache\taskman.exe
+ 2003-03-31 12:00 . 2003-03-31 12:00 15360 c:\windows\system32\dllcache\taskman.exe
+ 2003-03-31 12:00 . 2003-03-31 12:00 19200 c:\windows\system32\dllcache\tapi.dll
- 2009-05-21 10:07 . 2003-03-31 12:00 19200 c:\windows\system32\dllcache\tapi.dll
- 2009-05-21 10:07 . 2003-03-31 12:00 24661 c:\windows\system32\dllcache\spxcoins.dll
+ 2012-02-25 04:05 . 2003-03-31 12:00 24661 c:\windows\system32\dllcache\spxcoins.dll
+ 2012-02-25 04:24 . 2003-03-31 12:00 10240 c:\windows\system32\dllcache\snmpstup.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 10240 c:\windows\system32\dllcache\snmpstup.dll
+ 2012-02-25 04:24 . 2003-03-31 12:00 15872 c:\windows\system32\dllcache\smierrsm.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 15872 c:\windows\system32\dllcache\smierrsm.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 31744 c:\windows\system32\dllcache\smb6w.dll
+ 2012-02-25 04:24 . 2003-03-31 12:00 31744 c:\windows\system32\dllcache\smb6w.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 31744 c:\windows\system32\dllcache\sma3w.dll
+ 2012-02-25 04:24 . 2003-03-31 12:00 31744 c:\windows\system32\dllcache\sma3w.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 38912 c:\windows\system32\dllcache\sm9aw.dll
+ 2012-02-25 04:24 . 2003-03-31 12:00 38912 c:\windows\system32\dllcache\sm9aw.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 26624 c:\windows\system32\dllcache\sm93w.dll
+ 2012-02-25 04:24 . 2003-03-31 12:00 26624 c:\windows\system32\dllcache\sm93w.dll
+ 2012-02-25 04:24 . 2003-03-31 12:00 26624 c:\windows\system32\dllcache\sm92w.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 26624 c:\windows\system32\dllcache\sm92w.dll
+ 2012-02-25 04:24 . 2003-03-31 12:00 26112 c:\windows\system32\dllcache\sm90w.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 26112 c:\windows\system32\dllcache\sm90w.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 26112 c:\windows\system32\dllcache\sm8dw.dll
+ 2012-02-25 04:24 . 2003-03-31 12:00 26112 c:\windows\system32\dllcache\sm8dw.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 29184 c:\windows\system32\dllcache\sm8cw.dll
+ 2012-02-25 04:24 . 2003-03-31 12:00 29184 c:\windows\system32\dllcache\sm8cw.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 26112 c:\windows\system32\dllcache\sm8aw.dll
+ 2012-02-25 04:24 . 2003-03-31 12:00 26112 c:\windows\system32\dllcache\sm8aw.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 26112 c:\windows\system32\dllcache\sm89w.dll
+ 2012-02-25 04:24 . 2003-03-31 12:00 26112 c:\windows\system32\dllcache\sm89w.dll
+ 2012-02-25 04:24 . 2003-03-31 12:00 30208 c:\windows\system32\dllcache\sm87w.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 30208 c:\windows\system32\dllcache\sm87w.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 30208 c:\windows\system32\dllcache\sm81w.dll
+ 2012-02-25 04:24 . 2003-03-31 12:00 30208 c:\windows\system32\dllcache\sm81w.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 25088 c:\windows\system32\dllcache\sm59w.dll
+ 2012-02-25 04:24 . 2003-03-31 12:00 25088 c:\windows\system32\dllcache\sm59w.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 18944 c:\windows\system32\dllcache\simptcp.dll
+ 2012-02-25 04:24 . 2003-03-31 12:00 18944 c:\windows\system32\dllcache\simptcp.dll
+ 2012-02-25 04:24 . 2003-03-31 12:00 79872 c:\windows\system32\dllcache\rwia330.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 79872 c:\windows\system32\dllcache\rwia330.dll
+ 2012-02-25 04:24 . 2003-03-31 12:00 79872 c:\windows\system32\dllcache\rwia001.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 79872 c:\windows\system32\dllcache\rwia001.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 14848 c:\windows\system32\dllcache\register.exe
+ 2012-02-25 04:24 . 2003-03-31 12:00 14848 c:\windows\system32\dllcache\register.exe
+ 2012-02-25 04:24 . 2003-03-31 12:00 16384 c:\windows\system32\dllcache\quser.exe
- 2009-05-21 14:37 . 2003-03-31 12:00 16384 c:\windows\system32\dllcache\quser.exe
+ 2007-08-13 23:36 . 2009-03-08 09:31 46592 c:\windows\system32\dllcache\pngfilt.dll
- 2007-08-13 22:36 . 2009-03-08 08:31 46592 c:\windows\system32\dllcache\pngfilt.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 11264 c:\windows\system32\dllcache\pmxmcro.dll
+ 2012-02-25 04:24 . 2003-03-31 12:00 11264 c:\windows\system32\dllcache\pmxmcro.dll
- 2009-05-21 14:37 . 2008-04-14 09:40 67584 c:\windows\system32\dllcache\pmigrate.dll
+ 2012-02-25 04:24 . 2008-04-14 10:40 67584 c:\windows\system32\dllcache\pmigrate.dll
+ 2012-02-25 04:24 . 2008-04-14 03:13 70144 c:\windows\system32\dllcache\pintlphr.exe
- 2009-05-21 14:37 . 2008-04-14 02:13 70144 c:\windows\system32\dllcache\pintlphr.exe
+ 2012-02-25 04:24 . 2008-04-14 10:40 53760 c:\windows\system32\dllcache\pintlcsd.dll
- 2009-05-21 14:37 . 2008-04-14 09:40 53760 c:\windows\system32\dllcache\pintlcsd.dll
+ 2012-02-25 04:24 . 2008-04-14 10:40 15360 c:\windows\system32\dllcache\padrs804.dll
- 2009-05-21 14:37 . 2008-04-14 09:40 15360 c:\windows\system32\dllcache\padrs804.dll
+ 2012-02-25 04:24 . 2003-03-31 12:00 14336 c:\windows\system32\dllcache\padrs412.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 14336 c:\windows\system32\dllcache\padrs412.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 36927 c:\windows\system32\dllcache\padrs411.dll
+ 2012-02-25 04:24 . 2003-03-31 12:00 36927 c:\windows\system32\dllcache\padrs411.dll
+ 2012-02-25 04:24 . 2008-04-14 10:40 15872 c:\windows\system32\dllcache\padrs404.dll
- 2009-05-21 14:37 . 2008-04-14 09:40 15872 c:\windows\system32\dllcache\padrs404.dll
- 2009-05-21 10:07 . 2003-03-31 12:00 24064 c:\windows\system32\dllcache\olesvr.dll
+ 2003-03-31 12:00 . 2003-03-31 12:00 24064 c:\windows\system32\dllcache\olesvr.dll
- 2009-05-21 10:07 . 2003-03-31 12:00 82944 c:\windows\system32\dllcache\olecli.dll
+ 2003-03-31 12:00 . 2003-03-31 12:00 82944 c:\windows\system32\dllcache\olecli.dll
- 2003-03-31 12:00 . 2011-09-26 15:41 20480 c:\windows\system32\dllcache\oleaccrc.dll
+ 2003-03-31 12:00 . 2011-09-26 16:41 20480 c:\windows\system32\dllcache\oleaccrc.dll
+ 2012-02-25 04:22 . 2008-04-14 10:42 10240 c:\windows\system32\dllcache\npwmsdrm.dll
- 2009-05-21 14:35 . 2008-04-14 09:42 10240 c:\windows\system32\dllcache\npwmsdrm.dll
+ 2012-02-25 23:22 . 2010-11-02 15:17 40960 c:\windows\system32\dllcache\ndproxy.sys
- 2010-12-17 11:20 . 2010-11-02 15:17 40960 c:\windows\system32\dllcache\ndproxy.sys
+ 2012-02-25 05:00 . 2008-04-14 03:57 79872 c:\windows\system32\dllcache\msxml6r.dll
- 2009-05-21 14:43 . 2008-04-14 02:57 79872 c:\windows\system32\dllcache\msxml6r.dll
+ 2008-08-28 07:46 . 2008-08-28 07:46 74752 c:\windows\system32\dllcache\msw3prt.dll
+ 2007-08-13 23:01 . 2009-03-08 09:31 48128 c:\windows\system32\dllcache\mshtmler.dll
- 2007-08-13 22:01 . 2009-03-08 08:31 48128 c:\windows\system32\dllcache\mshtmler.dll
- 2007-08-13 22:54 . 2011-12-17 19:46 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-08-13 23:54 . 2011-12-17 19:46 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2007-08-13 22:32 . 2009-03-08 08:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2007-08-13 23:32 . 2009-03-08 09:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2012-02-25 04:23 . 2003-03-31 12:00 92416 c:\windows\system32\dllcache\mga.sys
- 2009-05-21 14:37 . 2003-03-31 12:00 92416 c:\windows\system32\dllcache\mga.sys
+ 2012-02-25 04:23 . 2003-03-31 12:00 92032 c:\windows\system32\dllcache\mga.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 92032 c:\windows\system32\dllcache\mga.dll
+ 2003-03-31 12:00 . 2003-03-31 12:00 28160 c:\windows\system32\dllcache\mciwave.drv
- 2009-05-21 10:07 . 2003-03-31 12:00 28160 c:\windows\system32\dllcache\mciwave.drv
- 2009-05-21 10:07 . 2003-03-31 12:00 25264 c:\windows\system32\dllcache\mciseq.drv
+ 2003-03-31 12:00 . 2003-03-31 12:00 25264 c:\windows\system32\dllcache\mciseq.drv
+ 2003-03-31 12:00 . 2003-03-31 12:00 73376 c:\windows\system32\dllcache\mciavi.drv
- 2009-05-21 10:07 . 2003-03-31 12:00 73376 c:\windows\system32\dllcache\mciavi.drv
- 2007-08-13 22:44 . 2011-12-17 19:46 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2007-08-13 23:44 . 2011-12-17 19:46 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2012-02-25 04:23 . 2003-03-31 12:00 70656 c:\windows\system32\dllcache\korwbrkr.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 70656 c:\windows\system32\dllcache\korwbrkr.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 18432 c:\windows\system32\dllcache\jupiw.dll
+ 2012-02-25 04:23 . 2003-03-31 12:00 18432 c:\windows\system32\dllcache\jupiw.dll
+ 2007-08-13 23:54 . 2011-12-17 19:46 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2007-08-13 22:54 . 2011-12-17 19:46 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-05-21 14:35 . 2003-03-31 12:00 16384 c:\windows\system32\dllcache\isignup.exe
+ 2012-02-25 04:22 . 2003-03-31 12:00 16384 c:\windows\system32\dllcache\isignup.exe
+ 2012-02-25 04:05 . 2003-03-31 12:00 13312 c:\windows\system32\dllcache\irclass.dll
- 2009-05-21 10:07 . 2003-03-31 12:00 13312 c:\windows\system32\dllcache\irclass.dll
+ 2007-08-13 23:39 . 2009-03-08 09:32 94720 c:\windows\system32\dllcache\inseng.dll
- 2007-08-13 22:39 . 2009-03-08 08:32 94720 c:\windows\system32\dllcache\inseng.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 59392 c:\windows\system32\dllcache\imscinst.exe
+ 2012-02-25 04:23 . 2003-03-31 12:00 59392 c:\windows\system32\dllcache\imscinst.exe
+ 2012-02-25 04:23 . 2003-03-31 12:00 59904 c:\windows\system32\dllcache\imkrinst.exe
- 2009-05-21 14:37 . 2003-03-31 12:00 59904 c:\windows\system32\dllcache\imkrinst.exe
+ 2012-02-25 04:23 . 2003-03-31 12:00 45109 c:\windows\system32\dllcache\imjpuex.exe
- 2009-05-21 14:37 . 2003-03-31 12:00 45109 c:\windows\system32\dllcache\imjpuex.exe
- 2009-05-21 14:37 . 2008-04-14 09:39 81976 c:\windows\system32\dllcache\imjpdct.dll
+ 2012-02-25 04:23 . 2008-04-14 10:39 81976 c:\windows\system32\dllcache\imjpdct.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 57398 c:\windows\system32\dllcache\imjpdadm.exe
+ 2012-02-25 04:23 . 2003-03-31 12:00 57398 c:\windows\system32\dllcache\imjpdadm.exe
+ 2007-08-13 23:36 . 2009-03-08 09:31 34816 c:\windows\system32\dllcache\imgutil.dll
- 2007-08-13 22:36 . 2009-03-08 08:31 34816 c:\windows\system32\dllcache\imgutil.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 44032 c:\windows\system32\dllcache\imekrmig.exe
+ 2012-02-25 04:23 . 2003-03-31 12:00 44032 c:\windows\system32\dllcache\imekrmig.exe
+ 2012-02-25 04:23 . 2008-04-14 10:39 86016 c:\windows\system32\dllcache\imekrmbx.dll
- 2009-05-21 14:37 . 2008-04-14 09:39 86016 c:\windows\system32\dllcache\imekrmbx.dll
- 2007-08-13 22:39 . 2009-03-08 08:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2007-08-13 23:39 . 2009-03-08 09:32 71680 c:\windows\system32\dllcache\iesetup.dll
- 2007-08-13 22:39 . 2009-03-08 08:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2007-08-13 23:39 . 2009-03-08 09:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2007-08-13 23:44 . 2007-08-13 23:44 69120 c:\windows\system32\dllcache\iedw.exe
- 2007-08-13 22:44 . 2007-08-13 22:44 69120 c:\windows\system32\dllcache\iedw.exe
- 2009-05-21 14:35 . 2003-03-31 12:00 73728 c:\windows\system32\dllcache\icwtutor.exe
+ 2012-02-25 04:22 . 2003-03-31 12:00 73728 c:\windows\system32\dllcache\icwtutor.exe
+ 2012-02-25 04:22 . 2003-03-31 12:00 61440 c:\windows\system32\dllcache\icwres.dll
- 2009-05-21 14:35 . 2003-03-31 12:00 61440 c:\windows\system32\dllcache\icwres.dll
- 2007-08-13 22:18 . 2009-03-08 08:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2007-08-13 23:18 . 2009-03-08 09:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2012-02-25 04:23 . 2003-03-31 12:00 36864 c:\windows\system32\dllcache\hanjadic.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 36864 c:\windows\system32\dllcache\hanjadic.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 11264 c:\windows\system32\dllcache\fxssend.exe
+ 2012-02-25 04:23 . 2003-03-31 12:00 11264 c:\windows\system32\dllcache\fxssend.exe
- 2009-05-21 14:37 . 2003-03-31 12:00 31744 c:\windows\system32\dllcache\fxsroute.dll
+ 2012-02-25 04:23 . 2003-03-31 12:00 31744 c:\windows\system32\dllcache\fxsroute.dll
+ 2012-02-25 23:22 . 2009-10-15 16:28 81920 c:\windows\system32\dllcache\fontsub.dll
- 2009-06-16 14:36 . 2009-10-15 16:28 81920 c:\windows\system32\dllcache\fontsub.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 14848 c:\windows\system32\dllcache\flattemp.exe
+ 2012-02-25 04:23 . 2003-03-31 12:00 14848 c:\windows\system32\dllcache\flattemp.exe
- 2009-05-21 14:37 . 2001-08-18 02:36 12288 c:\windows\system32\dllcache\EXCH_smtpctrs.dll
+ 2012-02-25 04:24 . 2001-08-18 03:36 12288 c:\windows\system32\dllcache\EXCH_smtpctrs.dll
+ 2012-02-25 04:24 . 2001-08-18 03:36 26112 c:\windows\system32\dllcache\EXCH_seos.dll
- 2009-05-21 14:37 . 2001-08-18 02:36 26112 c:\windows\system32\dllcache\EXCH_seos.dll
- 2009-05-21 14:37 . 2001-08-18 02:36 57856 c:\windows\system32\dllcache\EXCH_scripto.dll
+ 2012-02-25 04:24 . 2001-08-18 03:36 57856 c:\windows\system32\dllcache\EXCH_scripto.dll
- 2009-05-21 14:37 . 2001-08-18 02:36 23040 c:\windows\system32\dllcache\EXCH_regtrace.exe
+ 2012-02-25 04:24 . 2001-08-18 03:36 23040 c:\windows\system32\dllcache\EXCH_regtrace.exe
+ 2012-02-25 04:24 . 2001-08-18 03:36 38912 c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
- 2009-05-21 14:37 . 2001-08-18 02:36 38912 c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
+ 2012-02-25 04:23 . 2001-08-18 03:36 65536 c:\windows\system32\dllcache\EXCH_mailmsg.dll
- 2009-05-21 14:37 . 2001-08-18 02:36 65536 c:\windows\system32\dllcache\EXCH_mailmsg.dll
+ 2012-02-25 04:23 . 2001-08-18 03:36 43520 c:\windows\system32\dllcache\EXCH_fcachdll.dll
- 2009-05-21 14:37 . 2001-08-18 02:36 43520 c:\windows\system32\dllcache\EXCH_fcachdll.dll
+ 2012-02-25 04:23 . 2001-08-18 03:36 45056 c:\windows\system32\dllcache\EXCH_aqadmin.dll
- 2009-05-21 14:37 . 2001-08-18 02:36 45056 c:\windows\system32\dllcache\EXCH_aqadmin.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 25856 c:\windows\system32\dllcache\et4000.sys
+ 2012-02-25 04:23 . 2003-03-31 12:00 25856 c:\windows\system32\dllcache\et4000.sys
- 2009-05-21 14:37 . 2003-03-31 12:00 45056 c:\windows\system32\dllcache\esunid.dll
+ 2012-02-25 04:23 . 2003-03-31 12:00 45056 c:\windows\system32\dllcache\esunid.dll
+ 2012-02-25 04:23 . 2003-03-31 12:00 57856 c:\windows\system32\dllcache\esuimgd.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 57856 c:\windows\system32\dllcache\esuimgd.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 31744 c:\windows\system32\dllcache\esucmd.dll
+ 2012-02-25 04:23 . 2003-03-31 12:00 31744 c:\windows\system32\dllcache\esucmd.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 87040 c:\windows\system32\dllcache\drmstor.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 87040 c:\windows\system32\dllcache\drmstor.dll
+ 2003-03-31 12:00 . 2003-03-31 12:00 85020 c:\windows\system32\dllcache\dgsetup.dll
- 2009-05-21 10:07 . 2003-03-31 12:00 85020 c:\windows\system32\dllcache\dgsetup.dll
- 2009-05-21 14:43 . 2007-08-13 22:54 33792 c:\windows\system32\dllcache\custsat.dll
+ 2007-08-13 23:54 . 2007-08-13 23:54 33792 c:\windows\system32\dllcache\custsat.dll
- 2009-12-14 07:08 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2011-04-26 11:07 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2012-02-25 04:23 . 2003-03-31 12:00 18944 c:\windows\system32\dllcache\cprofile.exe
- 2009-05-21 14:37 . 2003-03-31 12:00 18944 c:\windows\system32\dllcache\cprofile.exe
- 2009-05-21 14:37 . 2008-04-14 02:13 57399 c:\windows\system32\dllcache\cplexe.exe
+ 2012-02-25 04:23 . 2008-04-14 03:13 57399 c:\windows\system32\dllcache\cplexe.exe
+ 2007-08-13 23:42 . 2009-03-08 09:33 18944 c:\windows\system32\dllcache\corpol.dll
- 2007-08-13 22:42 . 2009-03-08 08:33 18944 c:\windows\system32\dllcache\corpol.dll
- 2009-05-21 10:07 . 2003-03-31 12:00 32816 c:\windows\system32\dllcache\commdlg.dll
+ 2003-03-31 12:00 . 2003-03-31 12:00 32816 c:\windows\system32\dllcache\commdlg.dll
+ 2012-02-25 04:23 . 2008-04-14 10:39 56320 c:\windows\system32\dllcache\chtskdic.dll
- 2009-05-21 14:37 . 2008-04-14 09:39 56320 c:\windows\system32\dllcache\chtskdic.dll
- 2009-05-21 14:37 . 2008-04-14 09:39 97792 c:\windows\system32\dllcache\chtmbx.dll
+ 2012-02-25 04:23 . 2008-04-14 10:39 97792 c:\windows\system32\dllcache\chtmbx.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 14336 c:\windows\system32\dllcache\chgusr.exe
+ 2012-02-25 04:23 . 2003-03-31 12:00 14336 c:\windows\system32\dllcache\chgusr.exe
- 2009-05-21 14:37 . 2003-03-31 12:00 15872 c:\windows\system32\dllcache\chgport.exe
+ 2012-02-25 04:23 . 2003-03-31 12:00 15872 c:\windows\system32\dllcache\chgport.exe
- 2009-05-21 14:37 . 2003-03-31 12:00 13312 c:\windows\system32\dllcache\chglogon.exe
+ 2012-02-25 04:23 . 2003-03-31 12:00 13312 c:\windows\system32\dllcache\chglogon.exe
- 2003-03-31 12:00 . 2009-08-06 23:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2003-03-31 12:00 . 2009-08-07 00:24 96480 c:\windows\system32\dllcache\cdm.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 54528 c:\windows\system32\dllcache\cap7146.sys
+ 2012-02-25 04:23 . 2003-03-31 12:00 54528 c:\windows\system32\dllcache\cap7146.sys
+ 2012-02-25 04:23 . 2003-03-31 12:00 10752 c:\windows\system32\dllcache\c_iscii.dll
- 2009-05-21 14:37 . 2003-03-31 12:00 10752 c:\windows\system32\dllcache\c_iscii.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 84992 c:\windows\system32\dllcache\avifil32.dll
- 2009-06-10 14:13 . 2009-11-27 16:07 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2010-03-05 14:37 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll
- 2003-03-31 12:00 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2007-08-13 23:39 . 2009-03-08 09:32 72704 c:\windows\system32\dllcache\admparse.dll
- 2007-08-13 22:39 . 2009-03-08 08:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 32768 c:\windows\system32\dispex.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 32768 c:\windows\system32\dispex.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 68608 c:\windows\system32\digest.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 68608 c:\windows\system32\digest.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 87040 c:\windows\system32\diantz.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 87040 c:\windows\system32\diantz.exe
- 2009-05-21 10:07 . 2003-03-31 12:00 85020 c:\windows\system32\dgsetup.dll
+ 2003-03-31 12:00 . 2003-03-31 12:00 85020 c:\windows\system32\dgsetup.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 28672 c:\windows\system32\dfsshlex.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 28672 c:\windows\system32\dfsshlex.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 39424 c:\windows\system32\dfrgsnap.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 39424 c:\windows\system32\dfrgsnap.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 82944 c:\windows\system32\dfrgfat.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 82944 c:\windows\system32\dfrgfat.exe
+ 2003-03-31 12:00 . 2008-04-14 10:41 59904 c:\windows\system32\devenum.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 59904 c:\windows\system32\devenum.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 25088 c:\windows\system32\defrag.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 25088 c:\windows\system32\defrag.exe
+ 2003-03-31 12:00 . 2008-04-14 10:41 27136 c:\windows\system32\ddrawex.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 27136 c:\windows\system32\ddrawex.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 30208 c:\windows\system32\ddeshare.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 30208 c:\windows\system32\ddeshare.exe
- 2003-03-31 12:00 . 2008-04-14 09:41 28672 c:\windows\system32\dbnmpntw.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 28672 c:\windows\system32\dbnmpntw.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 24576 c:\windows\system32\dbmsrpcn.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 24576 c:\windows\system32\dbmsrpcn.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 25088 c:\windows\system32\davclnt.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 25088 c:\windows\system32\davclnt.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 54272 c:\windows\system32\dataclen.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 54272 c:\windows\system32\dataclen.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 15360 c:\windows\system32\ctfmon.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 15360 c:\windows\system32\ctfmon.exe
+ 2003-03-31 12:00 . 2008-04-14 10:41 62464 c:\windows\system32\cryptsvc.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 62464 c:\windows\system32\cryptsvc.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 64512 c:\windows\system32\cryptnet.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 64512 c:\windows\system32\cryptnet.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 53760 c:\windows\system32\cryptext.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 53760 c:\windows\system32\cryptext.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 33280 c:\windows\system32\cryptdll.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 33280 c:\windows\system32\cryptdll.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 74752 c:\windows\system32\cryptdlg.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 74752 c:\windows\system32\cryptdlg.dll
+ 2003-03-31 12:00 . 2009-03-08 09:33 18944 c:\windows\system32\corpol.dll
- 2003-03-31 12:00 . 2009-03-08 08:33 18944 c:\windows\system32\corpol.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 27648 c:\windows\system32\conime.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 27648 c:\windows\system32\conime.exe
- 2009-05-21 14:37 . 2009-05-21 14:46 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-21 14:37 . 2012-02-25 05:07 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2012-02-25 05:07 . 2012-02-25 05:07 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012012022520120226\index.dat
+ 2012-02-25 04:27 . 2012-02-25 04:27 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012012022420120225\index.dat
+ 2009-05-21 14:37 . 2012-02-25 05:07 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-05-21 14:37 . 2009-05-21 14:46 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-05-21 14:37 . 2009-05-21 14:46 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-02-25 04:27 . 2012-02-25 05:07 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-05-21 14:34 . 2008-04-14 09:41 97792 c:\windows\system32\comrepl.dll
+ 2012-02-25 04:21 . 2008-04-14 10:41 97792 c:\windows\system32\comrepl.dll
- 2009-05-21 14:34 . 2008-04-14 09:41 28160 c:\windows\system32\comaddin.dll
+ 2012-02-25 04:21 . 2008-04-14 10:41 28160 c:\windows\system32\comaddin.dll
+ 2012-02-25 04:21 . 2008-04-14 10:41 60416 c:\windows\system32\colbact.dll
- 2009-05-21 14:34 . 2008-04-14 09:41 60416 c:\windows\system32\colbact.dll
+ 2001-08-17 22:36 . 2008-04-14 10:41 47104 c:\windows\system32\cnbjmon.dll
- 2001-08-17 22:36 . 2008-04-14 09:41 47104 c:\windows\system32\cnbjmon.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 39424 c:\windows\system32\cmutil.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 39424 c:\windows\system32\cmutil.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 63488 c:\windows\system32\cmstp.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 63488 c:\windows\system32\cmstp.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 39936 c:\windows\system32\cmmon32.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 39936 c:\windows\system32\cmmon32.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 25600 c:\windows\system32\cmdl32.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 25600 c:\windows\system32\cmdl32.exe
- 2003-03-31 12:00 . 2008-04-14 09:41 15872 c:\windows\system32\cmcfg32.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 15872 c:\windows\system32\cmcfg32.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 58368 c:\windows\system32\clusapi.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 58368 c:\windows\system32\clusapi.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 33280 c:\windows\system32\clipsrv.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 33280 c:\windows\system32\clipsrv.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 20480 c:\windows\system32\cliconfg.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 20480 c:\windows\system32\cliconfg.exe
+ 2003-03-31 12:00 . 2008-04-14 10:41 77824 c:\windows\system32\cliconfg.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 77824 c:\windows\system32\cliconfg.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 64000 c:\windows\system32\cleanmgr.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 64000 c:\windows\system32\cleanmgr.exe
+ 2003-03-31 12:00 . 2008-04-14 10:41 69120 c:\windows\system32\ciodm.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 69120 c:\windows\system32\ciodm.dll
- 2003-03-31 12:00 . 2008-04-14 09:39 16896 c:\windows\system32\cfgmgr32.dll
+ 2003-03-31 12:00 . 2008-04-14 10:39 16896 c:\windows\system32\cfgmgr32.dll
+ 2012-02-25 04:21 . 2008-04-14 10:41 38912 c:\windows\system32\cfgbkend.dll
- 2009-05-21 14:34 . 2008-04-14 09:41 38912 c:\windows\system32\cfgbkend.dll
+ 2003-03-31 12:00 . 2009-08-07 00:24 96480 c:\windows\system32\cdm.dll
- 2003-03-31 12:00 . 2009-08-06 23:24 96480 c:\windows\system32\cdm.dll
+ 2012-02-25 04:21 . 2008-04-14 10:41 85504 c:\windows\system32\catsrvps.dll
- 2009-05-21 14:34 . 2008-04-14 09:41 85504 c:\windows\system32\catsrvps.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 50688 c:\windows\system32\camocx.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 50688 c:\windows\system32\camocx.dll
- 2003-03-31 12:00 . 2008-04-14 09:42 19968 c:\windows\system32\cacls.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 19968 c:\windows\system32\cacls.exe
- 2003-03-31 12:00 . 2008-04-14 09:41 60416 c:\windows\system32\cabinet.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 60416 c:\windows\system32\cabinet.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 78336 c:\windows\system32\browsewm.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 78336 c:\windows\system32\browsewm.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 77824 c:\windows\system32\browser.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 77824 c:\windows\system32\browser.dll
- 2003-03-31 12:00 . 2008-04-14 02:33 63488 c:\windows\system32\browselc.dll
+ 2003-03-31 12:00 . 2008-04-14 03:33 63488 c:\windows\system32\browselc.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 17408 c:\windows\system32\bidispl.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 17408 c:\windows\system32\bidispl.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 29184 c:\windows\system32\batmeter.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 29184 c:\windows\system32\batmeter.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 52736 c:\windows\system32\basesrv.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 52736 c:\windows\system32\basesrv.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 11264 c:\windows\system32\autolfn.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 11264 c:\windows\system32\autolfn.exe
+ 2003-03-31 12:00 . 2008-04-14 10:41 62464 c:\windows\system32\authz.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 62464 c:\windows\system32\authz.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 42496 c:\windows\system32\audiosrv.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 42496 c:\windows\system32\audiosrv.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 12288 c:\windows\system32\attrib.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 12288 c:\windows\system32\attrib.exe
+ 2003-03-31 12:00 . 2008-04-14 10:41 30208 c:\windows\system32\atmlib.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 30208 c:\windows\system32\atmlib.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 11264 c:\windows\system32\atmadm.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 11264 c:\windows\system32\atmadm.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 25088 c:\windows\system32\at.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 25088 c:\windows\system32\at.exe
- 2003-03-31 12:00 . 2008-04-14 09:41 70656 c:\windows\system32\amstream.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 70656 c:\windows\system32\amstream.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 17408 c:\windows\system32\alrsvc.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 17408 c:\windows\system32\alrsvc.dll
+ 2003-03-31 12:00 . 2008-04-14 10:42 44544 c:\windows\system32\alg.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 44544 c:\windows\system32\alg.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 98304 c:\windows\system32\ahui.exe
- 2003-03-31 12:00 . 2008-04-14 09:42 98304 c:\windows\system32\ahui.exe
+ 2003-03-31 12:00 . 2008-04-14 10:41 68096 c:\windows\system32\adsmsext.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 68096 c:\windows\system32\adsmsext.dll
- 2003-03-31 12:00 . 2009-03-08 08:32 72704 c:\windows\system32\admparse.dll
+ 2003-03-31 12:00 . 2009-03-08 09:32 72704 c:\windows\system32\admparse.dll
+ 2003-03-31 12:00 . 2008-04-14 10:41 98304 c:\windows\system32\actxprxy.dll
- 2003-03-31 12:00 . 2008-04-14 09:41 98304 c:\windows\system32\actxprxy.dll
- 2009-05-21 10:07 . 2003-03-31 12:00 19200 c:\windows\system\TAPI.DLL
+ 2003-03-31 12:00 . 2003-03-31 12:00 19200 c:\windows\system\TAPI.DLL
- 2009-05-21 10:07 . 2003-03-31 12:00 24064 c:\windows\system\OLESVR.DLL
+ 2003-03-31 12:00 . 2003-03-31 12:00 24064 c:\windows\system\OLESVR.DLL
+ 2003-03-31 12:00 . 2003-03-31 12:00 82944 c:\windows\system\OLECLI.DLL
- 2009-05-21 10:07 . 2003-03-31 12:00 82944 c:\windows\system\OLECLI.DLL
- 2009-05-21 10:07 . 2008-04-14 02:24 68768 c:\windows\system\mmsystem.dll
+ 2003-03-31 12:00 . 2008-04-14 03:24 68768 c:\windows\system\mmsystem.dll
+ 2003-03-31 12:00 . 2003-03-31 12:00 28160 c:\windows\system\MCIWAVE.DRV
- 2009-05-21 10:07 . 2003-03-31 12:00 28160 c:\windows\system\MCIWAVE.DRV
+ 2003-03-31 12:00 . 2003-03-31 12:00 25264 c:\windows\system\MCISEQ.DRV
- 2009-05-21 10:07 . 2003-03-31 12:00 25264 c:\windows\system\MCISEQ.DRV
+ 2003-03-31 12:00 . 2003-03-31 12:00 73376 c:\windows\system\MCIAVI.DRV
- 2009-05-21 10:07 . 2003-03-31 12:00 73376 c:\windows\system\MCIAVI.DRV
+ 2003-03-31 12:00 . 2003-03-31 12:00 32816 c:\windows\system\COMMDLG.DLL
- 2009-05-21 10:07 . 2003-03-31 12:00 32816 c:\windows\system\COMMDLG.DLL
+ 2012-02-25 04:22 . 2008-04-14 10:42 58434 c:\windows\srchasst\srchctls.dll
- 2009-05-21 14:36 . 2008-04-14 09:42 58434 c:\windows\srchasst\srchctls.dll
- 2012-02-16 11:11 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\cae2e05a002a9ae98c735c66fa6a46be\update\spcustom.dll
- 2012-02-16 11:11 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\cae2e05a002a9ae98c735c66fa6a46be\spmsg.dll
- 2012-02-16 11:01 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\83b7271a07904566b0bfe8939af82b75\update\spcustom.dll
- 2012-02-16 11:01 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\83b7271a07904566b0bfe8939af82b75\spmsg.dll
- 2012-02-16 11:01 . 2011-12-17 19:45 12800 c:\windows\SoftwareDistribution\Download\83b7271a07904566b0bfe8939af82b75\SP3QFE\xpshims.dll
- 2012-02-16 11:01 . 2011-12-17 19:45 66560 c:\windows\SoftwareDistribution\Download\83b7271a07904566b0bfe8939af82b75\SP3QFE\mshtmled.dll
- 2012-02-16 11:01 . 2011-12-17 19:45 55296 c:\windows\SoftwareDistribution\Download\83b7271a07904566b0bfe8939af82b75\SP3QFE\msfeedsbs.dll
- 2012-02-16 11:01 . 2011-12-17 19:45 43520 c:\windows\SoftwareDistribution\Download\83b7271a07904566b0bfe8939af82b75\SP3QFE\licmgr10.dll
- 2012-02-16 11:01 . 2011-12-17 19:45 25600 c:\windows\SoftwareDistribution\Download\83b7271a07904566b0bfe8939af82b75\SP3QFE\jsproxy.dll
- 2012-02-16 11:01 . 2011-12-17 19:46 12800 c:\windows\SoftwareDistribution\Download\83b7271a07904566b0bfe8939af82b75\SP3GDR\xpshims.dll
- 2012-02-16 11:01 . 2011-12-17 19:46 66560 c:\windows\SoftwareDistribution\Download\83b7271a07904566b0bfe8939af82b75\SP3GDR\mshtmled.dll
- 2012-02-16 11:01 . 2011-12-17 19:46 55296 c:\windows\SoftwareDistribution\Download\83b7271a07904566b0bfe8939af82b75\SP3GDR\msfeedsbs.dll
- 2012-02-16 11:01 . 2011-12-17 19:46 43520 c:\windows\SoftwareDistribution\Download\83b7271a07904566b0bfe8939af82b75\SP3GDR\licmgr10.dll
- 2012-02-16 11:01 . 2011-12-17 19:46 25600 c:\windows\SoftwareDistribution\Download\83b7271a07904566b0bfe8939af82b75\SP3GDR\jsproxy.dll
- 2012-02-16 11:01 . 2012-01-12 17:22 30208 c:\windows\SoftwareDistribution\Download\25358c961083ec9ae079c3ddafdfb371\update\w32ksign.dll
- 2012-02-16 11:01 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\25358c961083ec9ae079c3ddafdfb371\update\spcustom.dll
- 2012-02-16 11:01 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\25358c961083ec9ae079c3ddafdfb371\spmsg.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 82944 c:\windows\ServicePackFiles\ServicePackCache\i386\msgsc.dll
+ 2008-04-14 10:42 . 2008-04-14 10:42 82944 c:\windows\ServicePackFiles\ServicePackCache\i386\msgsc.dll
+ 2012-02-25 05:00 . 2008-04-14 10:41 33792 c:\windows\ServicePackFiles\ServicePackCache\i386\custsat.dll
- 2009-05-21 14:43 . 2008-04-14 09:41 33792 c:\windows\ServicePackFiles\ServicePackCache\i386\custsat.dll
+ 2012-02-25 05:00 . 2008-04-14 10:42 18944 c:\windows\ServicePackFiles\i386\xrxscnui.dll
- 2009-05-21 14:43 . 2008-04-14 09:42 18944 c:\windows\ServicePackFiles\i386\xrxscnui.dll
+ 2012-02-25 05:00 . 2008-04-14 10:42 11776 c:\windows\ServicePackFiles\i386\xolehlp.dll
- 2009-05-21 14:43 . 2008-04-14 09:42 11776 c:\windows\ServicePackFiles\i386\xolehlp.dll
- 2009-05-21 14:43 . 2008-04-14 09:42 50176 c:\windows\ServicePackFiles\i386\xmlprovi.dll
+ 2012-02-25 05:00 . 2008-04-14 10:42 50176 c:\windows\ServicePackFiles\i386\xmlprovi.dll
+ 2012-02-25 05:00 . 2008-04-14 10:42 30720 c:\windows\ServicePackFiles\i386\xcopy.exe
- 2009-05-21 14:43 . 2008-04-14 09:42 30720 c:\windows\ServicePackFiles\i386\xcopy.exe
- 2009-05-21 14:43 . 2008-04-14 09:42 91648 c:\windows\ServicePackFiles\i386\xactsrv.dll
+ 2012-02-25 04:59 . 2008-04-14 10:42 91648 c:\windows\ServicePackFiles\i386\xactsrv.dll
+ 2012-02-25 05:00 . 2008-04-14 10:42 52736 c:\windows\ServicePackFiles\i386\wzcsapi.dll
- 2009-05-21 14:43 . 2008-04-14 09:42 52736 c:\windows\ServicePackFiles\i386\wzcsapi.dll
+ 2012-02-25 05:00 . 2008-04-14 03:04 19455 c:\windows\ServicePackFiles\i386\wvchntxx.sys
- 2009-05-21 14:43 . 2008-04-14 02:04 19455 c:\windows\ServicePackFiles\i386\wvchntxx.sys
- 2009-05-21 14:43 . 2008-04-14 09:42 32256 c:\windows\ServicePackFiles\i386\wups.dll
+ 2012-02-25 05:00 . 2008-04-14 10:42 32256 c:\windows\ServicePackFiles\i386\wups.dll
+ 2012-02-25 04:59 . 2008-04-14 10:42 18432 c:\windows\ServicePackFiles\i386\wtsapi32.dll
- 2009-05-21 14:43 . 2008-04-14 09:42 18432 c:\windows\ServicePackFiles\i386\wtsapi32.dll
- 2009-05-21 14:43 . 2008-04-14 09:42 50688 c:\windows\ServicePackFiles\i386\wstdecod.dll
+ 2012-02-25 05:00 . 2008-04-14 10:42 50688 c:\windows\ServicePackFiles\i386\wstdecod.dll
- 2009-05-21 14:43 . 2008-04-14 04:16 19200 c:\windows\ServicePackFiles\i386\wstcodec.sys
+ 2012-02-25 05:00 . 2008-04-14 05:16 19200 c:\windows\ServicePackFiles\i386\wstcodec.sys
- 2009-05-21 14:43 . 2008-04-14 09:42 22528 c:\windows\ServicePackFiles\i386\wsock32.dll
+ 2012-02-25 04:59 . 2008-04-14 10:42 22528 c:\windows\ServicePackFiles\i386\wsock32.dll
- 2009-05-21 14:43 . 2008-04-14 09:42 41984 c:\windows\ServicePackFiles\i386\wsnmp32.dll
+ 2012-02-25 04:59 . 2008-04-14 10:42 41984 c:\windows\ServicePackFiles\i386\wsnmp32.dll
- 2009-05-21 14:43 . 2008-04-14 02:04 12063 c:\windows\ServicePackFiles\i386\wsiintxx.sys
+ 2012-02-25 04:59 . 2008-04-14 03:04 12063 c:\windows\ServicePackFiles\i386\wsiintxx.sys
+ 2012-02-25 05:00 . 2008-04-14 10:42 19456 c:\windows\ServicePackFiles\i386\wshtcpip.dll
- 2009-05-21 14:43 . 2008-04-14 09:42 19456 c:\windows\ServicePackFiles\i386\wshtcpip.dll
+ 2012-02-25 04:59 . 2008-04-14 10:42 11264 c:\windows\ServicePackFiles\i386\wshrm.dll
- 2009-05-21 14:43 . 2008-04-14 09:42 11264 c:\windows\ServicePackFiles\i386\wshrm.dll
+ 2012-02-25 05:00 . 2008-04-14 10:42 14336 c:\windows\ServicePackFiles\i386\wship6.dll
- 2009-05-21 14:43 . 2008-04-14 09:42 14336 c:\windows\ServicePackFiles\i386\wship6.dll
- 2009-05-21 14:43 . 2008-04-14 09:42 90112 c:\windows\ServicePackFiles\i386\wshext.dll
+ 2012-02-25 05:00 . 2008-04-14 10:42 90112 c:\windows\ServicePackFiles\i386\wshext.dll
+ 2012-02-25 04:59 . 2008-04-14 10:42 36864 c:\windows\ServicePackFiles\i386\wshcon.dll
- 2009-05-21 14:43 . 2008-04-14 09:42 36864 c:\windows\ServicePackFiles\i386\wshcon.dll
+ 2012-02-25 04:59 . 2008-04-14 10:42 80896 c:\windows\ServicePackFiles\i386\wscsvc.dll
- 2009-05-21 14:43 . 2008-04-14 09:42 80896 c:\windows\ServicePackFiles\i386\wscsvc.dll
- 2009-05-21 14:43 . 2008-04-14 09:42 13824 c:\windows\ServicePackFiles\i386\wscntfy.exe
+ 2012-02-25 05:00 . 2008-04-14 10:42 13824 c:\windows\ServicePackFiles\i386\wscntfy.exe
- 2009-05-21 14:43 . 2008-04-14 09:42 19968 c:\windows\ServicePackFiles\i386\ws2help.dll
+ 2012-02-25 05:00 . 2008-04-14 10:42 19968 c:\windows\ServicePackFiles\i386\ws2help.dll
- 2009-05-21 14:43 . 2008-04-14 09:42 82432 c:\windows\ServicePackFiles\i386\ws2_32.dll
+ 2012-02-25 04:59 . 2008-04-14 10:42 82432 c:\windows\ServicePackFiles\i386\ws2_32.dll
+ 2012-02-25 04:59 . 2008-04-14 10:42 11264 c:\windows\ServicePackFiles\i386\wpnpinst.exe
- 2009-05-21 14:43 . 2008-04-14 09:42 11264 c:\windows\ServicePackFiles\i386\wpnpinst.exe
+ 2012-02-25 05:00 . 2008-04-14 10:42 32256 c:\windows\ServicePackFiles\i386\wpabaln.exe
- 2009-05-21 14:43 . 2008-04-14 09:42 32256 c:\windows\ServicePackFiles\i386\wpabaln.exe
+ 2012-02-25 05:00 . 2008-04-14 10:42 95232 c:\windows\ServicePackFiles\i386\wmiutils.dll
- 2009-05-21 14:43 . 2008-04-14 09:42 95232 c:\windows\ServicePackFiles\i386\wmiutils.dll
+ 2012-02-25 05:00 . 2008-04-14 10:42 41472 c:\windows\ServicePackFiles\i386\wmipsess.dll
- 2009-05-21 14:43 . 2008-04-14 09:42 41472 c:\windows\ServicePackFiles\i386\wmipsess.dll
+ 2012-02-25 04:59 . 2008-04-14 10:42 62464 c:\windows\ServicePackFiles\i386\wmipjobj.dll
- 2009-05-21 14:43 . 2008-04-14 09:42 62464 c:\windows\ServicePackFiles\i386\wmipjobj.dll
- 2009-05-21 14:43 . 2008-04-14 09:42 61952 c:\windows\ServicePackFiles\i386\wmipiprt.dll
+ 2012-02-25 05:00 . 2008-04-14 10:42 61952 c:\windows\ServicePackFiles\i386\wmipiprt.dll
+ 2012-02-25 04:59 . 2008-04-14 10:42 60928 c:\windows\ServicePackFiles\i386\wmicookr.dll
- 2009-05-21 14:43 . 2008-04-14 09:42 60928 c:\windows\ServicePackFiles\i386\wmicookr.dll
- 2009-05-21 14:43 . 2008-04-14 09:42 88576 c:\windows\ServicePackFiles\i386\wmiaprpl.dll
+ 2012-02-25 04:59 . 2008-04-14 10:42 88576 c:\windows\ServicePackFiles\i386\wmiaprpl.dll
- 2009-05-21 14:43 . 2008-04-14 09:42 92672 c:\windows\ServicePackFiles\i386\wlnotify.dll
+ 2012-02-25 05:00 . 2008-04-14 10:42 92672 c:\windows\ServicePackFiles\i386\wlnotify.dll
- 2009-05-21 14:43 . 2008-04-14 09:42 69120 c:\windows\ServicePackFiles\i386\wlanapi.dll
+ 2012-02-25 04:59 . 2008-04-14 10:42 69120 c:\windows\ServicePackFiles\i386\wlanapi.dll
+ 2012-02-25 05:00 . 2008-04-14 10:42 53760 c:\windows\ServicePackFiles\i386\winsta.dll
- 2009-05-21 14:43 . 2008-04-14 09:42 53760 c:\windows\ServicePackFiles\i386\winsta.dll
+ 2012-02-25 04:59 . 2008-04-14 10:42 17408 c:\windows\ServicePackFiles\i386\winshfhc.dll
- 2009-05-21 14:43 . 2008-04-14 09:42 17408 c:\windows\ServicePackFiles\i386\winshfhc.dll
+ 2012-02-25 05:00 . 2008-04-14 10:42 99328 c:\windows\ServicePackFiles\i386\winscard.dll
- 2009-05-21 14:43 . 2008-04-14 09:42 99328 c:\windows\ServicePackFiles\i386\winscard.dll
- 2009-05-21 14:43 . 2008-04-14 09:42 16896 c:\windows\ServicePackFiles\i386\winrnr.dll
+ 2012-02-25 05:00 . 2008-04-14 10:42 16896 c:\windows\ServicePackFiles\i386\winrnr.dll
- 2009-05-21 14:43 . 2008-04-14 09:42 32256 c:\windows\ServicePackFiles\i386\winipsec.dll
+ 2012-02-25 05:00 . 2008-04-14 10:42 32256 c:\windows\ServicePackFiles\i386\winipsec.dll
- 2009-05-21 14:43 . 2008-04-14 09:42 75776 c:\windows\ServicePackFiles\i386\wiascr.dll
+ 2012-02-25 05:00 . 2008-04-14 10:42 75776 c:\windows\ServicePackFiles\i386\wiascr.dll
- 2009-05-21 14:43 . 2008-04-14 09:42 65024 c:\windows\ServicePackFiles\i386\wextract.exe
+ 2012-02-25 04:59 . 2008-04-14 10:42 65024 c:\windows\ServicePackFiles\i386\wextract.exe
+ 2012-02-25 04:59 . 2008-04-14 10:42 68096 c:\windows\ServicePackFiles\i386\webclnt.dll
- 2009-05-21 14:43 . 2008-04-14 09:42 68096 c:\windows\ServicePackFiles\i386\webclnt.dll
+ 2012-02-25 04:59 . 2008-04-14 05:47 83072 c:\windows\ServicePackFiles\i386\wdmaud.sys
- 2009-05-21 14:43 . 2008-04-14 04:47 83072 c:\windows\ServicePackFiles\i386\wdmaud.sys
+ 2012-02-25 04:59 . 2008-04-14 10:42 23552 c:\windows\ServicePackFiles\i386\wdmaud.drv
- 2009-05-21 14:43 . 2008-04-14 09:42 23552 c:\windows\ServicePackFiles\i386\wdmaud.drv
- 2009-05-21 14:43 . 2008-04-14 09:42 49152 c:\windows\ServicePackFiles\i386\wdigest.dll
+ 2012-02-25 05:00 . 2008-04-14 10:42 49152 c:\windows\ServicePackFiles\i386\wdigest.dll
+ 2012-02-25 05:00 . 2008-04-14 03:04 23615 c:\windows\ServicePackFiles\i386\wch7xxnt.sys
- 2009-05-21 14:43 . 2008-04-14 02:04 23615 c:\windows\ServicePackFiles\i386\wch7xxnt.sys
+ 2012-02-25 05:00 . 2008-04-14 05:15 31744 c:\windows\ServicePackFiles\i386\wceusbsh.sys
- 2009-05-21 14:43 . 2008-04-14 04:15 31744 c:\windows\ServicePackFiles\i386\wceusbsh.sys
+ 2012-02-25 05:00 . 2008-04-14 10:42 43520 c:\windows\ServicePackFiles\i386\wbemsvc.dll
- 2009-05-21 14:43 . 2008-04-14 09:42 43520 c:\windows\ServicePackFiles\i386\wbemsvc.dll
+ 2012-02-25 05:00 . 2008-04-14 10:42 18944 c:\windows\ServicePackFiles\i386\wbemprox.dll
- 2009-05-21 14:43 . 2008-04-14 09:42 18944 c:\windows\ServicePackFiles\i386\wbemprox.dll
+ 2012-02-25 05:00 . 2008-04-14 10:42 43008 c:\windows\ServicePackFiles\i386\wbemperf.dll
- 2009-05-21 14:43 . 2008-04-14 09:42 43008 c:\windows\ServicePackFiles\i386\wbemperf.dll
- 2009-05-21 14:43 . 2008-04-14 09:42 71680 c:\windows\ServicePackFiles\i386\wbemcons.dll
+ 2012-02-25 04:59 . 2008-04-14 10:42 71680 c:\windows\ServicePackFiles\i386\wbemcons.dll
+ 2012-02-25 05:00 . 2008-04-14 03:04 25471 c:\windows\ServicePackFiles\i386\watv10nt.sys
- 2009-05-21 14:43 . 2008-04-14 02:04 25471 c:\windows\ServicePackFiles\i386\watv10nt.sys
- 2009-05-21 14:43 . 2008-04-14 02:04 22271 c:\windows\ServicePackFiles\i386\watv06nt.sys
+ 2012-02-25 04:59 . 2008-04-14 03:04 22271 c:\windows\ServicePackFiles\i386\watv06nt.sys
- 2009-05-21 14:43 . 2008-04-14 02:04 33599 c:\windows\ServicePackFiles\i386\watv04nt.sys
+ 2012-02-25 05:00 . 2008-04-14 03:04 33599 c:\windows\ServicePackFiles\i386\watv04nt.sys
+ 2012-02-25 05:00 . 2008-04-14 03:04 19551 c:\windows\ServicePackFiles\i386\watv02nt.sys
- 2009-05-21 14:43 . 2008-04-14 02:04 19551 c:\windows\ServicePackFiles\i386\watv02nt.sys
+ 2012-02-25 04:59 . 2008-04-14 03:04 29311 c:\windows\ServicePackFiles\i386\watv01nt.sys
- 2009-05-21 14:43 . 2008-04-14 02:04 29311 c:\windows\ServicePackFiles\i386\watv01nt.sys
- 2009-05-21 14:43 . 2008-04-14 04:15 17664 c:\windows\ServicePackFiles\i386\watchdog.sys
+ 2012-02-25 04:59 . 2008-04-14 05:15 17664 c:\windows\ServicePackFiles\i386\watchdog.sys
- 2009-05-21 14:43 . 2008-04-14 04:27 34560 c:\windows\ServicePackFiles\i386\wanarp.sys
+ 2012-02-25 05:00 . 2008-04-14 05:27 34560 c:\windows\ServicePackFiles\i386\wanarp.sys
+ 2012-02-25 04:59 . 2008-04-14 03:04 11935 c:\windows\ServicePackFiles\i386\wadv11nt.sys
- 2009-05-21 14:43 . 2008-04-14 02:04 11935 c:\windows\ServicePackFiles\i386\wadv11nt.sys
- 2009-05-21 14:43 . 2008-04-14 02:04 11871 c:\windows\ServicePackFiles\i386\wadv09nt.sys
+ 2012-02-25 05:00 . 2008-04-14 03:04 11871 c:\windows\ServicePackFiles\i386\wadv09nt.sys
- 2009-05-21 14:43 . 2008-04-14 02:04 11295 c:\windows\ServicePackFiles\i386\wadv08nt.sys
+ 2012-02-25 05:00 . 2008-04-14 03:04 11295 c:\windows\ServicePackFiles\i386\wadv08nt.sys
- 2009-05-21 14:43 . 2008-04-14 02:04 11807 c:\windows\ServicePackFiles\i386\wadv07nt.sys
+ 2012-02-25 05:00 . 2008-04-14 03:04 11807 c:\windows\ServicePackFiles\i386\wadv07nt.sys
+ 2012-02-25 04:59 . 2008-04-14 03:04 11775 c:\windows\ServicePackFiles\i386\wadv05nt.sys
- 2009-05-21 14:43 . 2008-04-14 02:04 11775 c:\windows\ServicePackFiles\i386\wadv05nt.sys
+ 2012-02-25 05:00 . 2008-04-14 03:04 12127 c:\windows\ServicePackFiles\i386\wadv02nt.sys
- 2009-05-21 14:43 . 2008-04-14 02:04 12127 c:\windows\ServicePackFiles\i386\wadv02nt.sys
- 2009-05-21 14:43 . 2008-04-14 02:04 12415 c:\windows\ServicePackFiles\i386\wadv01nt.sys
+ 2012-02-25 04:59 . 2008-04-14 03:04 12415 c:\windows\ServicePackFiles\i386\wadv01nt.sys
+ 2012-02-25 04:59 . 2008-04-14 05:13 14208 c:\windows\ServicePackFiles\i386\wacompen.sys
- 2009-05-21 14:43 . 2008-04-14 04:13 14208 c:\windows\ServicePackFiles\i386\wacompen.sys




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users