Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SVChost.exe Problem - Possible Malware Issue


  • This topic is locked This topic is locked
47 replies to this topic

#1 TravelinMan

TravelinMan

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 04 June 2012 - 05:47 PM

Problem started several weeks ago with svchost.exe errors appearing multiple times upon boot-up. After running multiple malware, spyware, scanners (SuperAntiSpyware, Malwarebytes, ComboFix, and Avast... the problem seemed to go away and several Trojans were identified and erradicated. After a few days of seemingly having my computer back in excellent condition, it started with the error messages again.. eventually... any and all executables would not respond... then I did a system Restore Point, and disk clean-up per one of the "Bleeping Computer" Techy guys... and it worked very well... for a few days... then here we are back again... I don't visit dangerous sites etc... I don't open risky emails etc. I am pretty wise usually on how to keep my PC clean... but this one keeps coming back... here are my Scan logs...

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by Bob at 16:55:04 on 2012-06-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.1140 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\COMMON\COSService.exe
C:\Documents and Settings\Bob\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\COMODO\COMMON\SynchronizationService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Conexant\SmartAudio\SmAudio.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe
C:\Program Files\Start Magic\start magic.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Bob\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Win7Keys\Win7Keys.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchqu.com/102
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi9130~1\datamngr\toolbar\searchqudtx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: QT Breadcrumbs Address Bar: {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi9130~1\datamngr\toolbar\searchqudtx.dll
uRun: [PhotoshopElements8SyncAgent] c:\program files\adobe\elements 9 organizer\ElementsOrganizerSyncAgent.exe
uRun: [Start Magic 2.0] c:\program files\start magic\start magic.exe -startup
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Copernic Desktop Search - Home] "c:\program files\copernic desktop search - home\DesktopSearchService.exe" /tray
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [nwiz] nwiz.exe /install
mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SmAudio] c:\program files\conexant\smartaudio\SmAudio.exe -c
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\bob\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\win7keys.lnk - c:\program files\win7keys\Win7Keys.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {0cca191d-13a6-4e29-b746-314dee697d83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {5ed80217-570b-4da9-bf44-be107c0ec166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{031D7118-EEE1-4D64-98ED-733AD8872808} : DhcpNameServer = 192.168.1.254
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 nwprovau
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bob\application data\mozilla\firefox\profiles\ox3biacj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1969417&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://freedomquestinternational.org/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=100&systemid=102&sr=0&q=
FF - plugin: c:\documents and settings\bob\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\bob\application data\mozilla\firefox\profiles\ox3biacj.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\bob\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\bob\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\bob\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R0 cbvd;Comodo Encrypted Virtual Disk;c:\windows\system32\drivers\CBVD.sys [2012-3-22 474472]
R0 clbstor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [2008-7-24 10368]
R0 reparse;Reparse;c:\windows\system32\drivers\cbreparse.sys [2012-3-22 464672]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-1-31 14776]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-20 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-20 337880]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-10-17 201320]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\adobe\elements 9 organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-20 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-20 44768]
R2 COSService.exe;Comodo Online Storage Service;c:\program files\comodo\common\COSService.exe [2011-10-25 3837744]
R2 CrossLoopService;CrossLoop Service;c:\documents and settings\bob\local settings\application data\crossloop\CrossLoopService.exe [2011-9-8 563216]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-18 55152]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2008-7-2 14336]
R2 mcproxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-10-17 359248]
R2 SynchronizationService.exe;Comodo BackUp Service;c:\program files\comodo\common\SynchronizationService.exe [2011-10-25 3454768]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-11-29 193840]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 e0e9d137;e0e9d137;c:\windows\system32\drivers\e0e9d137.sys --> c:\windows\system32\drivers\e0e9d137.sys [?]
S2 gupdate1c951e5929dad5c;Google Update Service (gupdate1c951e5929dad5c);c:\program files\google\update\GoogleUpdate.exe [2008-11-29 133104]
S2 mcshield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-10-17 144704]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-5-8 20032]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2008-11-29 133104]
S3 mcsysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-10-17 695624]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-10-17 79304]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-10-17 35240]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-10-17 33832]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-10-17 40488]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-8 129976]
S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2009-4-12 23096]
S3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [2009-4-12 3768]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-1-20 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-1-20 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-1-20 136680]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2009-3-25 18432]
S3 tvnserver;TightVNC Server;c:\documents and settings\bob\local settings\application data\crossloop\tvnserver.exe [2011-9-8 814080]
S4 Ascioo;Ascioo; [x]
.
=============== Created Last 30 ================
.
2012-06-04 20:10:00 -------- d-----w- c:\program files\Dropbox
2012-06-01 17:16:29 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-06-01 17:16:29 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-06-01 17:16:03 -------- d-----w- c:\program files\Bonjour
2012-05-31 02:00:22 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-05-31 02:00:22 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-26 03:23:42 -------- d-----w- c:\documents and settings\bob\local settings\application data\Sun
2012-05-26 03:11:39 772552 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-26 03:11:39 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-24 18:41:34 -------- d-----w- c:\program files\ESET
2012-05-22 19:51:11 -------- d-----w- c:\documents and settings\bob\local settings\application data\Copernic
2012-05-22 19:51:10 -------- d-----w- c:\documents and settings\bob\application data\Copernic
2012-05-21 22:13:57 1266056 ----a-w- C:\WindowsXP-KB927891-v3-x86-ENU.exe
2012-05-21 22:12:55 3038 ----a-w- C:\fix_svchost.bat
2012-05-21 22:08:23 6216032 ----a-w- C:\windowsupdateagent30-x86.exe
2012-05-21 18:21:17 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-05-20 04:26:07 77312 ----a-w- c:\windows\ua2.dll
2012-05-18 05:00:24 389 ----a-w- c:\documents and settings\bob\GenericHostErrorProblem.bat
2012-05-17 14:35:29 -------- d-----w- c:\program files\CCleaner
2012-05-10 18:24:05 -------- d-----w- C:\9a9eea192c93fb12324278
2012-05-08 15:50:42 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-08 15:50:34 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-05-08 15:50:33 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-05-08 02:34:54 58208 ----a-w- c:\windows\system32\wsimd.sys
2012-05-08 02:34:54 58208 ----a-w- c:\windows\system32\drivers\wsimd.sys
2012-05-08 02:34:30 -------- d-----w- c:\windows\Options
2012-05-08 02:34:30 -------- d-----w- c:\program files\Atheros
2012-05-08 02:33:21 -------- d-----w- c:\documents and settings\all users.windows\application data\Atheros
2012-05-07 13:43:10 -------- d-----w- C:\ERDNT
2012-05-06 04:59:41 18944 -c--a-w- c:\windows\system32\dllcache\simptcp.dll
2012-05-06 04:59:41 18944 ----a-w- c:\windows\system32\simptcp.dll
.
==================== Find3M ====================
.
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-26 03:11:08 687560 -c--a-w- c:\windows\system32\deployJava1.dll
2012-05-10 21:18:08 5280 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-04-11 13:14:41 2148352 -c--a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 07:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 06:09:54 474472 -c--a-w- c:\windows\system32\drivers\CBVD.sys
2012-03-22 06:09:46 464672 -c--a-w- c:\windows\system32\drivers\cbreparse.sys
2012-03-06 23:15:19 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-22 22:08:47 21073936 -c--a-w- c:\program files\vlc-1.1.11-win32.exe
.
============= FINISH: 16:56:06.68 ===============


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-04 17:02:39
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Bob\LOCALS~1\Temp\pxtdipow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB6956DF8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB6A0BA5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xB695785E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB6983D5D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB695C2E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB695C330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB695C422]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB6983711]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB695C252]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB695C374]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB695C29A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB695C3DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB6956E44]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB6984423]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB69846D9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB69599A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB698428E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB69840F9]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB6A0BB34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB6956AD6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB6956E90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB6959D1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB6957B02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB695C30E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB695C352]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB695C446]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB6983A6D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB695C278]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB6959518]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB695C3AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB695C2C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB695974C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB695C400]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB6A0BCA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB6983F74]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB69579CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB6983DC6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB6A15B68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB6982D84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB6956EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB6956F28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB6956B46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB6956CEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB698452A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB6956C92]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB6956D5A]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB6B44640]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB6956F74]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0xB6A0BBE0]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB6A21D92]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 05 June 2012 - 02:52 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

<insert av's>

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 TravelinMan

TravelinMan
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 05 June 2012 - 09:37 AM

Leaving for Nicaragua tomorrow Wednesday, will return on the 14th...
I anticipate limited use of internet while there.
I will be available most of today to work on the clean-up.
And of course, will resume, on the 14th or 15th if you are willing and able.
Thanks so much for your attention in this...

I uninstalled Malwarebytes, Superantispyware, and all others that suggest may be running scans...

I will send this and then run Combofix and send you the results... again... thank you...

Results of screen317's Security Check version 0.99.41
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
CA Yahoo! Anti-Spy (remove only)
CCleaner
Adobe Flash Player 11.1.102.62
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (12.0)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 2%
````````````````````End of Log``````````````````````

#4 TravelinMan

TravelinMan
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 05 June 2012 - 10:12 AM

At the moment, my computer seems to be running fine. I will reboot to re-start Avast, and I can usually tell then if svchost.exe error messages come up on the boot up of XP... thanks...


ComboFix 12-06-05.01 - Bob 06/05/2012 9:40.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.1243 [GMT -5:00]
Running from: c:\documents and settings\Bob\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Bob\LOCALS~1\Temp\SAS8.tmp
c:\documents and settings\Bob\Local Settings\temp\SAS8.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-05 to 2012-06-05 )))))))))))))))))))))))))))))))
.
.
2012-06-04 20:10 . 2012-06-04 20:10 -------- d-----w- c:\program files\Dropbox
2012-06-01 17:16 . 2012-06-01 17:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2012-06-01 17:16 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-06-01 17:16 . 2012-02-15 16:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-06-01 17:16 . 2012-06-01 17:16 -------- d-----w- c:\program files\Bonjour
2012-05-31 02:00 . 2012-05-31 02:00 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-26 03:23 . 2012-05-26 03:23 -------- d-----w- c:\documents and settings\Bob\Local Settings\Application Data\Sun
2012-05-26 03:13 . 2012-05-26 03:13 -------- d-----w- c:\program files\Common Files\Java
2012-05-26 03:11 . 2012-05-26 03:11 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-26 03:11 . 2012-05-26 03:11 772552 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-24 18:41 . 2012-05-24 18:41 -------- d-----w- c:\program files\ESET
2012-05-22 19:51 . 2012-05-22 19:51 -------- d-----w- c:\documents and settings\Bob\Local Settings\Application Data\Copernic
2012-05-22 19:51 . 2012-05-22 19:51 -------- d-----w- c:\documents and settings\Bob\Application Data\Copernic
2012-05-21 22:13 . 2012-05-21 22:13 1266056 ----a-w- C:\WindowsXP-KB927891-v3-x86-ENU.exe
2012-05-21 22:12 . 2012-05-21 22:12 3038 ----a-w- C:\fix_svchost.bat
2012-05-21 22:08 . 2012-05-21 22:08 6216032 ----a-w- C:\windowsupdateagent30-x86.exe
2012-05-21 18:21 . 2011-06-21 04:09 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-05-20 04:26 . 2012-05-20 04:26 77312 ----a-w- c:\windows\ua2.dll
2012-05-18 05:00 . 2012-05-18 05:00 389 ----a-w- c:\documents and settings\Bob\GenericHostErrorProblem.bat
2012-05-10 18:24 . 2012-05-10 18:24 -------- d-----w- C:\9a9eea192c93fb12324278
2012-05-08 15:50 . 2012-05-08 15:50 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-08 15:50 . 2012-05-08 15:50 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-08 15:50 . 2012-05-08 15:50 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-08 02:34 . 2009-03-16 15:19 58208 ----a-w- c:\windows\system32\wsimd.sys
2012-05-08 02:34 . 2009-03-16 15:19 58208 ----a-w- c:\windows\system32\drivers\wsimd.sys
2012-05-08 02:34 . 2012-05-08 02:34 -------- d-----w- c:\program files\Atheros
2012-05-08 02:34 . 2012-05-08 02:34 -------- d-----w- c:\windows\Options
2012-05-08 02:33 . 2012-05-08 02:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Atheros
2012-05-07 13:43 . 2012-05-07 13:43 -------- d-----w- C:\ERDNT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 13:22 . 2008-07-02 16:20 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-26 03:11 . 2010-04-22 03:17 687560 -c--a-w- c:\windows\system32\deployJava1.dll
2012-05-10 21:18 . 2011-03-15 02:11 5280 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-04-11 13:14 . 2004-08-03 23:18 2148352 -c--a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2008-07-02 16:21 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-03 22:59 2026496 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-22 06:09 . 2012-03-22 06:09 474472 -c--a-w- c:\windows\system32\drivers\CBVD.sys
2012-03-22 06:09 . 2012-03-22 06:09 464672 -c--a-w- c:\windows\system32\drivers\cbreparse.sys
2011-08-22 22:08 . 2011-08-22 22:08 21073936 -c--a-w- c:\program files\vlc-1.1.11-win32.exe
2012-05-08 15:50 . 2011-03-11 15:50 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-21_02.42.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-05 13:47 . 2012-06-05 13:47 16384 c:\windows\temp\Perflib_Perfdata_b98.dat
+ 2008-07-06 14:16 . 2009-02-27 09:42 66440 c:\windows\system32\spool\drivers\w32x86\msonpui.dll
+ 2008-07-06 14:16 . 2009-02-27 01:18 64360 c:\windows\system32\spool\drivers\w32x86\mdiui.dll
+ 2008-07-06 14:16 . 2009-02-27 09:42 66440 c:\windows\system32\spool\drivers\w32x86\3\msonpui.dll
+ 2008-07-06 14:16 . 2009-02-27 01:18 64360 c:\windows\system32\spool\drivers\w32x86\3\mdiui.dll
+ 2012-05-06 04:59 . 2004-08-04 15:00 18944 c:\windows\system32\simptcp.dll
+ 2012-06-01 17:16 . 2008-04-13 18:45 26368 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\USBSTOR.SYS
- 2008-07-02 16:21 . 2011-10-31 23:43 44544 c:\windows\system32\pngfilt.dll
+ 2008-07-02 16:21 . 2012-03-01 01:25 44544 c:\windows\system32\pngfilt.dll
+ 2008-07-06 14:16 . 2009-02-27 09:42 31640 c:\windows\system32\msonpmon.dll
+ 2007-08-13 22:54 . 2012-03-01 01:25 52224 c:\windows\system32\msfeedsbs.dll
- 2007-08-13 22:54 . 2011-10-31 23:43 52224 c:\windows\system32\msfeedsbs.dll
+ 2008-12-12 16:54 . 2012-05-12 19:42 86072 c:\windows\system32\mlfcache.dat
+ 2008-07-06 14:16 . 2009-02-27 01:18 29552 c:\windows\system32\mdimon.dll
+ 2008-07-02 16:21 . 2012-03-01 01:25 27648 c:\windows\system32\jsproxy.dll
- 2008-07-02 16:21 . 2011-10-31 23:43 27648 c:\windows\system32\jsproxy.dll
+ 2011-08-31 04:05 . 2011-08-31 04:05 50536 c:\windows\system32\jdns_sd.dll
+ 2008-09-14 19:24 . 2008-04-14 00:11 35328 c:\windows\system32\iprip.dll
+ 2007-08-13 22:39 . 2012-02-29 12:16 13824 c:\windows\system32\ieudinit.exe
- 2007-08-13 22:39 . 2011-10-31 20:56 13824 c:\windows\system32\ieudinit.exe
+ 2008-07-02 16:21 . 2012-03-01 01:25 44544 c:\windows\system32\iernonce.dll
- 2008-07-02 16:21 . 2011-10-31 23:43 44544 c:\windows\system32\iernonce.dll
- 2008-07-02 16:21 . 2011-10-31 23:43 78336 c:\windows\system32\ieencode.dll
+ 2008-07-02 16:21 . 2012-03-01 01:25 78336 c:\windows\system32\ieencode.dll
- 2008-07-02 16:21 . 2011-10-31 20:56 70656 c:\windows\system32\ie4uinit.exe
+ 2008-07-02 16:21 . 2012-02-29 12:16 70656 c:\windows\system32\ie4uinit.exe
- 2007-08-13 22:36 . 2011-10-31 23:43 63488 c:\windows\system32\icardie.dll
+ 2007-08-13 22:36 . 2012-03-01 01:25 63488 c:\windows\system32\icardie.dll
+ 2012-06-01 17:16 . 2012-02-15 16:01 43520 c:\windows\system32\DRVSTORE\usbaapl_87F84F5DA3368BC69CA5BE7F6A79CAA709E36E13\usbaapl.sys
- 2011-07-30 20:52 . 2010-12-21 05:55 12416 c:\windows\system32\DRVSTORE\sscesdm2_7AD4829229782EAD7A14A10BC5E01E956779886D\i386\sscecmnt.sys
+ 2012-01-21 03:56 . 2010-12-21 05:55 12416 c:\windows\system32\DRVSTORE\sscesdm2_7AD4829229782EAD7A14A10BC5E01E956779886D\i386\sscecmnt.sys
- 2011-07-30 20:52 . 2010-12-21 05:55 14848 c:\windows\system32\DRVSTORE\sscemdm2_34771A624205C079100D51ABFD3F0EFDC377F971\i386\sscemdfl.sys
+ 2012-01-21 03:56 . 2010-12-21 05:55 14848 c:\windows\system32\DRVSTORE\sscemdm2_34771A624205C079100D51ABFD3F0EFDC377F971\i386\sscemdfl.sys
+ 2012-01-21 03:56 . 2010-12-21 05:55 12416 c:\windows\system32\DRVSTORE\sscemdm2_34771A624205C079100D51ABFD3F0EFDC377F971\i386\sscecmnt.sys
- 2011-07-30 20:52 . 2010-12-21 05:55 12416 c:\windows\system32\DRVSTORE\sscemdm2_34771A624205C079100D51ABFD3F0EFDC377F971\i386\sscecmnt.sys
+ 2012-01-21 03:56 . 2010-12-21 05:55 12288 c:\windows\system32\DRVSTORE\sscebus_659A3532090130C12253E064E99D5D4049A341E9\i386\sscewhnt.sys
- 2011-07-30 20:52 . 2010-12-21 05:55 12288 c:\windows\system32\DRVSTORE\sscebus_659A3532090130C12253E064E99D5D4049A341E9\i386\sscewhnt.sys
+ 2012-01-21 03:56 . 2010-12-21 05:55 98560 c:\windows\system32\DRVSTORE\sscebus_659A3532090130C12253E064E99D5D4049A341E9\i386\sscebus.sys
- 2011-07-30 20:52 . 2010-12-21 05:55 98560 c:\windows\system32\DRVSTORE\sscebus_659A3532090130C12253E064E99D5D4049A341E9\i386\sscebus.sys
+ 2012-01-21 03:55 . 2010-12-21 05:55 14920 c:\windows\system32\DRVSTORE\sscdw2k_C833F1412DB0171B8840782A43AA24F668608CB7\i386\sscdmdfl.sys
- 2011-07-30 20:52 . 2010-12-21 05:55 14920 c:\windows\system32\DRVSTORE\sscdw2k_C833F1412DB0171B8840782A43AA24F668608CB7\i386\sscdmdfl.sys
- 2011-07-30 20:52 . 2010-12-21 05:55 12616 c:\windows\system32\DRVSTORE\sscdw2k_C833F1412DB0171B8840782A43AA24F668608CB7\i386\sscdcmnt.sys
+ 2012-01-21 03:55 . 2010-12-21 05:55 12616 c:\windows\system32\DRVSTORE\sscdw2k_C833F1412DB0171B8840782A43AA24F668608CB7\i386\sscdcmnt.sys
+ 2012-01-21 03:55 . 2010-12-21 05:55 12616 c:\windows\system32\DRVSTORE\sscdsdm2_7603A16BDC6AEC71028353A67D30D6F9F311DD0C\i386\sscdcmnt.sys
- 2011-07-30 20:52 . 2010-12-21 05:55 12616 c:\windows\system32\DRVSTORE\sscdsdm2_7603A16BDC6AEC71028353A67D30D6F9F311DD0C\i386\sscdcmnt.sys
+ 2012-01-21 03:55 . 2010-12-21 05:55 12488 c:\windows\system32\DRVSTORE\sscdbus_B653065950D06847C32293776FB04B48F46BC5CD\i386\sscdwhnt.sys
- 2011-07-30 20:52 . 2010-12-21 05:55 12488 c:\windows\system32\DRVSTORE\sscdbus_B653065950D06847C32293776FB04B48F46BC5CD\i386\sscdwhnt.sys
- 2011-07-30 20:52 . 2011-01-03 08:38 10472 c:\windows\system32\DRVSTORE\ssadsdm2_CB0D6A64C81E723D813A6F2A9668D95F91F371C0\i386\ssadcmnt.sys
+ 2012-01-21 03:56 . 2011-01-03 08:38 10472 c:\windows\system32\DRVSTORE\ssadsdm2_CB0D6A64C81E723D813A6F2A9668D95F91F371C0\i386\ssadcmnt.sys
- 2011-07-30 20:52 . 2011-01-03 08:38 12776 c:\windows\system32\DRVSTORE\ssadmdm2_3B9F84FDB4850DC91A3CAFF448723EA532732F1F\i386\ssadmdfl.sys
+ 2012-01-21 03:56 . 2011-01-03 08:38 12776 c:\windows\system32\DRVSTORE\ssadmdm2_3B9F84FDB4850DC91A3CAFF448723EA532732F1F\i386\ssadmdfl.sys
- 2011-07-30 20:52 . 2011-01-03 08:38 10472 c:\windows\system32\DRVSTORE\ssadmdm2_3B9F84FDB4850DC91A3CAFF448723EA532732F1F\i386\ssadcmnt.sys
+ 2012-01-21 03:56 . 2011-01-03 08:38 10472 c:\windows\system32\DRVSTORE\ssadmdm2_3B9F84FDB4850DC91A3CAFF448723EA532732F1F\i386\ssadcmnt.sys
- 2011-07-30 20:52 . 2011-01-03 08:38 10344 c:\windows\system32\DRVSTORE\ssadbus_2112C6E16CA9C1DAD7D12BFCA60FCA72A02EBB81\i386\ssadwhnt.sys
+ 2012-01-21 03:56 . 2011-01-03 08:38 10344 c:\windows\system32\DRVSTORE\ssadbus_2112C6E16CA9C1DAD7D12BFCA60FCA72A02EBB81\i386\ssadwhnt.sys
+ 2012-01-21 03:56 . 2010-12-21 05:55 30312 c:\windows\system32\DRVSTORE\ssadadb2_6FBFB7BD831F97C0C49FFC637EF8E261B1BD5DBD\i386\ssadadb.sys
- 2011-07-30 20:52 . 2010-12-21 05:55 30312 c:\windows\system32\DRVSTORE\ssadadb2_6FBFB7BD831F97C0C49FFC637EF8E261B1BD5DBD\i386\ssadadb.sys
+ 2012-06-01 17:16 . 2011-08-02 21:38 18432 c:\windows\system32\DRVSTORE\netaapl_63AA05C4700EB9CAF2D048DAC1D06D764A0D4C41\netaapl.sys
+ 2012-01-21 03:56 . 2011-01-03 08:38 10344 c:\windows\system32\drivers\ssadwhnt.sys
- 2011-07-30 20:52 . 2011-01-03 08:38 10344 c:\windows\system32\drivers\ssadwhnt.sys
- 2011-07-30 20:52 . 2011-01-03 08:38 12776 c:\windows\system32\drivers\ssadmdfl.sys
+ 2012-01-21 03:56 . 2011-01-03 08:38 12776 c:\windows\system32\drivers\ssadmdfl.sys
+ 2012-01-21 03:56 . 2011-01-03 08:38 10472 c:\windows\system32\drivers\ssadcmnt.sys
- 2011-07-30 20:52 . 2011-01-03 08:38 10472 c:\windows\system32\drivers\ssadcmnt.sys
+ 2012-01-21 03:00 . 2012-03-06 23:01 53848 c:\windows\system32\drivers\aswTdi.sys
+ 2012-01-21 03:00 . 2012-03-06 23:02 35672 c:\windows\system32\drivers\aswRdr.sys
+ 2012-01-21 03:00 . 2012-03-06 23:01 95704 c:\windows\system32\drivers\aswmon2.sys
+ 2012-01-21 03:00 . 2012-03-06 23:01 89048 c:\windows\system32\drivers\aswmon.sys
+ 2012-01-21 03:00 . 2012-03-06 23:01 20696 c:\windows\system32\drivers\aswFsBlk.sys
+ 2012-01-21 03:00 . 2012-03-06 22:58 24920 c:\windows\system32\drivers\aavmker4.sys
+ 2011-08-31 04:05 . 2011-08-31 04:05 73064 c:\windows\system32\dnssd.dll
+ 2011-08-31 04:05 . 2011-08-31 04:05 83816 c:\windows\system32\dns-sd.exe
+ 2012-05-06 04:59 . 2004-08-04 15:00 18944 c:\windows\system32\dllcache\simptcp.dll
- 2008-07-02 16:42 . 2004-08-04 15:00 18944 c:\windows\system32\dllcache\simptcp.dll
+ 2008-07-02 16:21 . 2012-03-01 01:25 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2008-07-02 16:21 . 2011-10-31 23:43 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2008-07-03 13:46 . 2011-10-31 23:43 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-07-03 13:46 . 2012-03-01 01:25 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-07-02 16:21 . 2012-03-01 01:25 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2008-07-02 16:21 . 2011-10-31 23:43 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2008-07-03 13:46 . 2012-02-29 12:16 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2008-07-03 13:46 . 2011-10-31 20:56 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2008-07-02 16:21 . 2012-03-01 01:25 44544 c:\windows\system32\dllcache\iernonce.dll
- 2008-07-02 16:21 . 2011-10-31 23:43 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2008-07-02 16:21 . 2012-03-01 01:25 78336 c:\windows\system32\dllcache\ieencode.dll
- 2008-07-02 16:21 . 2011-10-31 23:43 78336 c:\windows\system32\dllcache\ieencode.dll
- 2008-07-02 16:21 . 2011-10-31 20:56 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-07-02 16:21 . 2012-02-29 12:16 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-07-03 13:46 . 2012-03-01 01:25 63488 c:\windows\system32\dllcache\icardie.dll
- 2008-07-03 13:46 . 2011-10-31 23:43 63488 c:\windows\system32\dllcache\icardie.dll
- 2008-07-02 16:20 . 2011-10-31 23:43 17408 c:\windows\system32\dllcache\corpol.dll
+ 2008-07-02 16:20 . 2012-03-01 01:25 17408 c:\windows\system32\dllcache\corpol.dll
- 2008-07-02 16:20 . 2011-10-31 23:43 17408 c:\windows\system32\corpol.dll
+ 2008-07-02 16:20 . 2012-03-01 01:25 17408 c:\windows\system32\corpol.dll
+ 2008-07-02 16:44 . 2012-01-23 12:35 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-02 16:44 . 2012-01-01 15:11 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-02 16:44 . 2012-01-01 15:11 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-07-02 16:44 . 2012-01-23 12:35 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-03-25 22:08 . 2012-03-25 22:08 22016 c:\windows\Installer\11389ef5.msi
- 2008-07-06 14:16 . 2012-01-12 03:32 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-07-06 14:16 . 2012-05-10 21:22 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-07-06 14:16 . 2012-05-10 21:22 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-07-06 14:16 . 2012-01-12 03:32 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-07-06 14:16 . 2012-05-10 21:22 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-07-06 14:16 . 2012-01-12 03:32 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2012-05-31 17:26 . 2012-05-31 17:26 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2011-12-15 05:42 . 2011-12-15 05:42 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-06-04 13:12 . 2012-05-10 18:09 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-06-04 13:12 . 2011-10-12 23:24 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2012-05-17 15:10 . 2012-05-17 15:10 27136 c:\windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
+ 2009-02-26 18:09 . 2009-02-26 18:09 10120 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\XLCALL32.DLL
+ 2009-02-26 23:43 . 2009-02-26 23:43 71520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\XL12CNVP.DLL
+ 2009-02-26 22:45 . 2009-02-26 22:45 20808 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\WRD12EXE.EXE
+ 1999-11-24 21:40 . 1999-11-24 21:40 40960 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\VBAME.DLL
+ 2009-02-26 16:09 . 2009-02-26 16:09 43352 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OUTLRPC.DLL
+ 2009-02-26 20:24 . 2009-02-26 20:24 71536 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\ONFILTER.DLL
+ 2009-02-26 20:24 . 2009-02-26 20:24 97680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\ONENOTEM.EXE
+ 2006-07-24 14:50 . 2006-07-24 14:50 92976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\MSADDNDR.DLL
+ 2009-02-26 16:09 . 2009-02-26 16:09 20352 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\MLSHEXT.DLL
+ 2008-11-27 01:48 . 2008-11-27 01:48 35648 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OLCTLPIA.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 56192 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACECNFLT.EXE
+ 2009-02-26 23:43 . 2009-02-26 23:43 71520 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\XL12CNVP.DLL
+ 2009-02-26 22:45 . 2009-02-26 22:45 20808 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\WRD12EXE.EXE
+ 2009-02-26 18:06 . 2009-02-26 18:06 16712 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PXBPROXY.DLL
+ 2009-02-26 18:06 . 2009-02-26 18:06 68488 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PXBCOM.EXE
+ 2012-05-26 02:17 . 2011-10-31 23:43 44544 c:\windows\ie7updates\KB2675157-IE7\pngfilt.dll
+ 2012-05-26 02:17 . 2011-10-31 23:43 52224 c:\windows\ie7updates\KB2675157-IE7\msfeedsbs.dll
+ 2012-05-26 02:17 . 2011-10-31 23:43 27648 c:\windows\ie7updates\KB2675157-IE7\jsproxy.dll
+ 2012-05-26 02:17 . 2011-10-31 20:56 13824 c:\windows\ie7updates\KB2675157-IE7\ieudinit.exe
+ 2012-05-26 02:17 . 2011-10-31 23:43 44544 c:\windows\ie7updates\KB2675157-IE7\iernonce.dll
+ 2012-05-26 02:17 . 2011-10-31 23:43 78336 c:\windows\ie7updates\KB2675157-IE7\ieencode.dll
+ 2012-05-26 02:17 . 2011-10-31 20:56 70656 c:\windows\ie7updates\KB2675157-IE7\ie4uinit.exe
+ 2012-05-26 02:17 . 2011-10-31 23:43 63488 c:\windows\ie7updates\KB2675157-IE7\icardie.dll
+ 2012-05-26 02:17 . 2011-10-31 23:43 17408 c:\windows\ie7updates\KB2675157-IE7\corpol.dll
+ 2012-01-21 02:59 . 2012-03-06 23:15 41184 c:\windows\avastSS.scr
+ 2012-05-10 21:45 . 2012-05-10 21:45 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\ba143319226cb9cb4c0b5eb41f8d6775\WindowsLiveWriter.ni.exe
+ 2012-05-10 21:46 . 2012-05-10 21:46 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c49a16ac795dc88cbcd93e39800e1a5a\WindowsLive.Writer.Api.ni.dll
+ 2012-05-10 21:22 . 2012-05-10 21:22 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\f121ccced1aa14badb316d8d9be5154d\UIAutomationProvider.ni.dll
+ 2012-05-10 21:49 . 2012-05-10 21:49 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\316e223f2ab8c69cd6a5a06de21650ec\System.Windows.Presentation.ni.dll
+ 2012-05-10 21:48 . 2012-05-10 21:48 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\7aac1fe67890463655aeeb3b8e4f2884\System.Web.DynamicData.Design.ni.dll
+ 2012-05-10 21:47 . 2012-05-10 21:47 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\34c988dea48c291b4e648941207e83fb\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-05-10 21:47 . 2012-05-10 21:47 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\7bb7e51275fa19f8b4894c772bdb1e10\System.AddIn.Contract.ni.dll
+ 2012-05-10 21:19 . 2012-05-10 21:19 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\f0c4a4528f130ef2ff1ae63dd7b39075\PresentationFontCache.ni.exe
+ 2012-05-10 21:19 . 2012-05-10 21:19 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\53931181e5a5e194da82605613cda6af\PresentationCFFRasterizer.ni.dll
+ 2012-05-10 21:48 . 2012-05-10 21:48 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2be3ad4cda6853d7959a84cec0414c5\Microsoft.Vsa.ni.dll
+ 2012-05-10 21:46 . 2012-05-10 21:46 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\f00a18225430e7531135589688d650a1\Microsoft.VisualC.ni.dll
+ 2012-05-10 21:47 . 2012-05-10 21:47 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\8fab9cd28bbc860a34feec119512664d\Microsoft.Build.Framework.ni.dll
+ 2012-05-10 21:47 . 2012-05-10 21:47 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\0eac132c7c36f1c100ae23c956b379e7\Microsoft.Build.Framework.ni.dll
+ 2012-05-10 21:47 . 2012-05-10 21:47 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\d66bc03eb7eae89b4dde2d09eda1414f\dfsvc.ni.exe
+ 2012-05-10 21:45 . 2012-05-10 21:45 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-02-18 15:39 . 2012-02-18 15:39 11144 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
+ 2012-02-18 15:39 . 2012-02-18 15:39 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
- 2009-11-10 15:01 . 2009-11-10 15:01 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2012-02-18 15:39 . 2012-02-18 15:39 34696 c:\windows\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2012-05-26 02:18 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2675157-IE7\update\spcustom.dll
+ 2012-05-26 02:18 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2675157-IE7\spmsg.dll
+ 2012-05-21 23:27 . 2012-03-01 01:23 44544 c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\pngfilt.dll
+ 2012-05-21 23:27 . 2012-03-01 01:23 52224 c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\msfeedsbs.dll
+ 2012-05-21 23:27 . 2012-03-01 01:23 27648 c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\jsproxy.dll
+ 2012-05-21 23:27 . 2012-02-29 12:29 13824 c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\ieudinit.exe
+ 2012-05-21 23:27 . 2012-03-01 01:23 44544 c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\iernonce.dll
+ 2012-05-21 23:27 . 2012-03-01 01:22 78336 c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\ieencode.dll
+ 2012-05-21 23:27 . 2012-02-29 12:29 70656 c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\ie4uinit.exe
+ 2012-05-21 23:27 . 2012-03-01 01:22 63488 c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\icardie.dll
+ 2012-05-21 23:27 . 2012-03-01 01:22 17408 c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\corpol.dll
+ 2012-02-18 15:17 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2661637\update\spcustom.dll
+ 2012-02-18 15:17 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2661637\spmsg.dll
+ 2012-02-18 15:52 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2660465\update\spcustom.dll
+ 2012-02-18 15:52 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2660465\spmsg.dll
+ 2012-04-10 23:56 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2653956\update\spcustom.dll
+ 2012-04-10 23:56 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2653956\spmsg.dll
+ 2012-03-14 03:45 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2647518\update\spcustom.dll
+ 2012-03-14 03:45 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2647518\spmsg.dll
+ 2012-03-14 03:50 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2641653\update\spcustom.dll
+ 2012-03-14 03:50 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2641653\spmsg.dll
+ 2012-03-14 04:06 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2621440\update\spcustom.dll
+ 2012-03-14 04:06 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2621440\spmsg.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-02-16 14:53 . 2012-01-11 19:06 3072 c:\windows\system32\iacenc.dll
+ 2012-02-16 14:53 . 2012-01-11 19:06 3072 c:\windows\system32\dllcache\iacenc.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-02-16 14:53 . 2012-01-11 19:05 3072 c:\windows\$hf_mig$\KB2661637\SP3QFE\iacenc.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-10-25 03:15 . 2008-10-25 03:15 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
- 2006-12-02 02:54 . 2006-12-02 02:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2008-10-25 03:15 . 2008-10-25 03:15 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
- 2006-12-02 02:54 . 2006-12-02 02:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2008-10-25 03:15 . 2008-10-25 03:15 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
- 2006-12-02 02:54 . 2006-12-02 02:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2012-04-06 04:13 . 2012-04-06 04:13 299080 c:\windows\system32\XPSViewer\XPSViewer.exe
+ 2008-07-02 16:21 . 2012-02-29 14:10 177664 c:\windows\system32\wintrust.dll
- 2008-07-02 16:21 . 2009-12-24 06:59 177664 c:\windows\system32\wintrust.dll
+ 2008-07-02 16:21 . 2012-03-01 01:25 832512 c:\windows\system32\wininet.dll
- 2008-07-02 16:21 . 2011-10-31 23:43 832512 c:\windows\system32\wininet.dll
- 2008-07-02 16:21 . 2011-10-31 23:43 233472 c:\windows\system32\webcheck.dll
+ 2008-07-02 16:21 . 2012-03-01 01:25 233472 c:\windows\system32\webcheck.dll
- 2008-07-02 16:21 . 2011-10-31 23:43 106496 c:\windows\system32\url.dll
+ 2008-07-02 16:21 . 2012-03-01 01:25 106496 c:\windows\system32\url.dll
+ 2008-07-06 14:16 . 2009-02-27 09:42 863128 c:\windows\system32\spool\drivers\w32x86\msonpdrv.dll
+ 2008-07-06 14:16 . 2012-02-17 15:19 792368 c:\windows\system32\spool\drivers\w32x86\mdigraph.dll
+ 2008-07-06 14:16 . 2009-02-27 09:42 863128 c:\windows\system32\spool\drivers\w32x86\3\msonpdrv.dll
+ 2008-07-06 14:16 . 2012-02-17 15:19 792368 c:\windows\system32\spool\drivers\w32x86\3\mdigraph.dll
+ 2008-07-02 16:21 . 2012-03-01 01:25 102912 c:\windows\system32\occache.dll
- 2008-07-02 16:21 . 2011-10-31 23:43 102912 c:\windows\system32\occache.dll
+ 2008-07-02 16:21 . 2012-03-01 01:25 671232 c:\windows\system32\mstime.dll
- 2008-07-02 16:21 . 2011-10-31 23:43 671232 c:\windows\system32\mstime.dll
- 2008-07-02 16:21 . 2011-10-31 23:43 193024 c:\windows\system32\msrating.dll
+ 2008-07-02 16:21 . 2012-03-01 01:25 193024 c:\windows\system32\msrating.dll
+ 2008-07-02 16:21 . 2012-03-01 01:25 478720 c:\windows\system32\mshtmled.dll
- 2008-07-02 16:21 . 2011-10-31 23:43 478720 c:\windows\system32\mshtmled.dll
- 2007-08-13 22:54 . 2011-10-31 23:43 468480 c:\windows\system32\msfeeds.dll
+ 2007-08-13 22:54 . 2012-03-01 01:25 468480 c:\windows\system32\msfeeds.dll
+ 2012-02-18 16:47 . 2012-02-18 16:47 250016 c:\windows\system32\Macromed\Flash\FlashUtil11f_Plugin.exe
+ 2012-05-26 03:11 . 2012-05-26 03:11 227784 c:\windows\system32\javaws.exe
+ 2012-05-26 03:11 . 2012-05-26 03:11 174024 c:\windows\system32\javaw.exe
+ 2012-05-26 03:11 . 2012-05-26 03:11 174024 c:\windows\system32\java.exe
+ 2008-07-02 16:21 . 2012-02-29 14:10 148480 c:\windows\system32\imagehlp.dll
+ 2007-08-13 22:34 . 2012-03-01 01:25 268288 c:\windows\system32\iertutil.dll
- 2007-08-13 22:34 . 2011-10-31 23:43 268288 c:\windows\system32\iertutil.dll
- 2008-07-02 16:21 . 2011-10-31 23:43 192512 c:\windows\system32\iepeers.dll
+ 2008-07-02 16:21 . 2012-03-01 01:25 192512 c:\windows\system32\iepeers.dll
- 2008-07-02 16:21 . 2011-10-31 23:43 384512 c:\windows\system32\iedkcs32.dll
+ 2008-07-02 16:21 . 2012-03-01 01:25 384512 c:\windows\system32\iedkcs32.dll
- 2007-07-11 16:27 . 2011-10-31 23:43 380928 c:\windows\system32\ieapfltr.dll
+ 2007-07-11 16:27 . 2012-03-01 01:25 380928 c:\windows\system32\ieapfltr.dll
- 2008-07-02 16:21 . 2011-10-27 12:49 161792 c:\windows\system32\ieakui.dll
+ 2008-07-02 16:21 . 2012-02-29 10:59 161792 c:\windows\system32\ieakui.dll
- 2008-07-02 16:21 . 2011-10-31 23:43 230400 c:\windows\system32\ieaksie.dll
+ 2008-07-02 16:21 . 2012-03-01 01:25 230400 c:\windows\system32\ieaksie.dll
+ 2008-07-02 16:21 . 2012-03-01 01:25 153088 c:\windows\system32\ieakeng.dll
- 2008-07-02 16:21 . 2011-10-31 23:43 153088 c:\windows\system32\ieakeng.dll
+ 2008-07-02 12:29 . 2012-05-10 20:10 381632 c:\windows\system32\FNTCACHE.DAT
+ 2008-07-02 16:20 . 2012-03-01 01:25 133120 c:\windows\system32\extmgr.dll
- 2008-07-02 16:20 . 2011-10-31 23:43 133120 c:\windows\system32\extmgr.dll
- 2008-07-02 16:20 . 2011-10-31 23:43 214528 c:\windows\system32\dxtrans.dll
+ 2008-07-02 16:20 . 2012-03-01 01:25 214528 c:\windows\system32\dxtrans.dll
+ 2008-07-02 16:20 . 2012-03-01 01:25 347136 c:\windows\system32\dxtmsft.dll
- 2008-07-02 16:20 . 2011-10-31 23:43 347136 c:\windows\system32\dxtmsft.dll
+ 2012-01-21 03:56 . 2010-12-21 05:55 100352 c:\windows\system32\DRVSTORE\sscesdm2_7AD4829229782EAD7A14A10BC5E01E956779886D\i386\ssceserd.sys
- 2011-07-30 20:52 . 2010-12-21 05:55 100352 c:\windows\system32\DRVSTORE\sscesdm2_7AD4829229782EAD7A14A10BC5E01E956779886D\i386\ssceserd.sys
- 2011-07-30 20:52 . 2010-12-21 05:55 123648 c:\windows\system32\DRVSTORE\sscemdm2_34771A624205C079100D51ABFD3F0EFDC377F971\i386\sscemdm.sys
+ 2012-01-21 03:56 . 2010-12-21 05:55 123648 c:\windows\system32\DRVSTORE\sscemdm2_34771A624205C079100D51ABFD3F0EFDC377F971\i386\sscemdm.sys
- 2011-07-30 20:52 . 2010-12-21 05:55 132424 c:\windows\system32\DRVSTORE\sscdw2k_C833F1412DB0171B8840782A43AA24F668608CB7\i386\sscdmdm.sys
+ 2012-01-21 03:55 . 2010-12-21 05:55 132424 c:\windows\system32\DRVSTORE\sscdw2k_C833F1412DB0171B8840782A43AA24F668608CB7\i386\sscdmdm.sys
+ 2012-01-21 03:55 . 2010-12-21 05:55 110280 c:\windows\system32\DRVSTORE\sscdsdm2_7603A16BDC6AEC71028353A67D30D6F9F311DD0C\i386\sscdserd.sys
- 2011-07-30 20:52 . 2010-12-21 05:55 110280 c:\windows\system32\DRVSTORE\sscdsdm2_7603A16BDC6AEC71028353A67D30D6F9F311DD0C\i386\sscdserd.sys
- 2011-07-30 20:52 . 2010-12-21 05:55 104648 c:\windows\system32\DRVSTORE\sscdbus_B653065950D06847C32293776FB04B48F46BC5CD\i386\sscdbus.sys
+ 2012-01-21 03:55 . 2010-12-21 05:55 104648 c:\windows\system32\DRVSTORE\sscdbus_B653065950D06847C32293776FB04B48F46BC5CD\i386\sscdbus.sys
+ 2012-01-21 03:56 . 2011-01-03 08:38 114152 c:\windows\system32\DRVSTORE\ssadsdm2_CB0D6A64C81E723D813A6F2A9668D95F91F371C0\i386\ssadserd.sys
- 2011-07-30 20:52 . 2011-01-03 08:38 114152 c:\windows\system32\DRVSTORE\ssadsdm2_CB0D6A64C81E723D813A6F2A9668D95F91F371C0\i386\ssadserd.sys
- 2011-07-30 20:52 . 2011-01-03 08:38 136680 c:\windows\system32\DRVSTORE\ssadmdm2_3B9F84FDB4850DC91A3CAFF448723EA532732F1F\i386\ssadmdm.sys
+ 2012-01-21 03:56 . 2011-01-03 08:38 136680 c:\windows\system32\DRVSTORE\ssadmdm2_3B9F84FDB4850DC91A3CAFF448723EA532732F1F\i386\ssadmdm.sys
+ 2012-01-21 03:56 . 2011-01-03 08:38 121192 c:\windows\system32\DRVSTORE\ssadbus_2112C6E16CA9C1DAD7D12BFCA60FCA72A02EBB81\i386\ssadbus.sys
- 2011-07-30 20:52 . 2011-01-03 08:38 121192 c:\windows\system32\DRVSTORE\ssadbus_2112C6E16CA9C1DAD7D12BFCA60FCA72A02EBB81\i386\ssadbus.sys
- 2011-07-30 20:52 . 2011-01-03 08:38 136680 c:\windows\system32\drivers\ssadmdm.sys
+ 2012-01-21 03:56 . 2011-01-03 08:38 136680 c:\windows\system32\drivers\ssadmdm.sys
- 2011-07-30 20:52 . 2011-01-03 08:38 121192 c:\windows\system32\drivers\ssadbus.sys
+ 2012-01-21 03:56 . 2011-01-03 08:38 121192 c:\windows\system32\drivers\ssadbus.sys
+ 2008-07-02 16:37 . 2012-01-09 16:20 139784 c:\windows\system32\drivers\rdpwd.sys
+ 2012-01-21 03:00 . 2012-03-06 23:03 337880 c:\windows\system32\drivers\aswSP.sys
+ 2012-01-21 03:00 . 2012-03-06 23:03 612184 c:\windows\system32\drivers\aswSnx.sys
+ 2011-08-31 04:05 . 2011-08-31 04:05 178536 c:\windows\system32\dnssdX.dll
- 2008-07-02 16:21 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2008-07-02 16:21 . 2012-02-29 14:10 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2008-07-02 12:30 . 2008-04-14 00:12 146432 c:\windows\system32\dllcache\winspool.drv
- 2008-07-02 16:21 . 2008-04-14 00:12 146432 c:\windows\system32\dllcache\winspool.drv
- 2008-07-02 16:21 . 2011-10-31 23:43 832512 c:\windows\system32\dllcache\wininet.dll
+ 2008-07-02 16:21 . 2012-03-01 01:25 832512 c:\windows\system32\dllcache\wininet.dll
- 2008-07-02 16:21 . 2011-10-31 23:43 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2008-07-02 16:21 . 2012-03-01 01:25 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2008-07-02 16:21 . 2012-03-01 01:25 106496 c:\windows\system32\dllcache\url.dll
- 2008-07-02 16:21 . 2011-10-31 23:43 106496 c:\windows\system32\dllcache\url.dll
+ 2008-07-02 16:37 . 2012-01-09 16:20 139784 c:\windows\system32\dllcache\rdpwd.sys
+ 2008-07-02 16:21 . 2012-03-01 01:25 102912 c:\windows\system32\dllcache\occache.dll
- 2008-07-02 16:21 . 2011-10-31 23:43 102912 c:\windows\system32\dllcache\occache.dll
+ 2008-07-02 16:21 . 2012-03-01 01:25 671232 c:\windows\system32\dllcache\mstime.dll
- 2008-07-02 16:21 . 2011-10-31 23:43 671232 c:\windows\system32\dllcache\mstime.dll
- 2008-07-02 16:21 . 2011-10-31 23:43 193024 c:\windows\system32\dllcache\msrating.dll
+ 2008-07-02 16:21 . 2012-03-01 01:25 193024 c:\windows\system32\dllcache\msrating.dll
+ 2008-07-02 16:21 . 2012-03-01 01:25 478720 c:\windows\system32\dllcache\mshtmled.dll
- 2008-07-02 16:21 . 2011-10-31 23:43 478720 c:\windows\system32\dllcache\mshtmled.dll
- 2008-07-03 13:46 . 2011-10-31 23:43 468480 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-07-03 13:46 . 2012-03-01 01:25 468480 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-07-02 16:21 . 2012-02-29 14:10 148480 c:\windows\system32\dllcache\imagehlp.dll
+ 2008-07-02 16:38 . 2012-02-29 11:01 634680 c:\windows\system32\dllcache\iexplore.exe
- 2008-07-03 13:46 . 2011-10-31 23:43 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2008-07-03 13:46 . 2012-03-01 01:25 268288 c:\windows\system32\dllcache\iertutil.dll
- 2008-07-02 16:21 . 2011-10-31 23:43 192512 c:\windows\system32\dllcache\iepeers.dll
+ 2008-07-02 16:21 . 2012-03-01 01:25 192512 c:\windows\system32\dllcache\iepeers.dll
+ 2008-07-02 16:21 . 2012-03-01 01:25 384512 c:\windows\system32\dllcache\iedkcs32.dll
- 2008-07-02 16:21 . 2011-10-31 23:43 384512 c:\windows\system32\dllcache\iedkcs32.dll
- 2008-07-03 13:46 . 2011-10-31 23:43 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-07-03 13:46 . 2012-03-01 01:25 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2008-07-02 16:21 . 2011-10-27 12:49 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2008-07-02 16:21 . 2012-02-29 10:59 161792 c:\windows\system32\dllcache\ieakui.dll
- 2008-07-02 16:21 . 2011-10-31 23:43 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2008-07-02 16:21 . 2012-03-01 01:25 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2008-07-02 16:21 . 2011-10-31 23:43 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2008-07-02 16:21 . 2012-03-01 01:25 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2008-07-02 16:20 . 2012-03-01 01:25 133120 c:\windows\system32\dllcache\extmgr.dll
- 2008-07-02 16:20 . 2011-10-31 23:43 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2008-07-02 16:20 . 2012-03-01 01:25 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2008-07-02 16:20 . 2011-10-31 23:43 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2008-07-02 16:20 . 2012-03-01 01:25 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2008-07-02 16:20 . 2011-10-31 23:43 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2008-07-02 16:20 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll
+ 2008-07-02 16:20 . 2012-05-31 13:22 599040 c:\windows\system32\dllcache\crypt32.dll
- 2008-07-02 16:20 . 2011-10-31 23:43 124928 c:\windows\system32\dllcache\advpack.dll
+ 2008-07-02 16:20 . 2012-03-01 01:25 124928 c:\windows\system32\dllcache\advpack.dll
+ 2012-01-21 02:59 . 2012-03-06 23:15 201352 c:\windows\system32\aswBoot.exe
+ 2008-07-02 16:20 . 2012-03-01 01:25 124928 c:\windows\system32\advpack.dll
- 2008-07-02 16:20 . 2011-10-31 23:43 124928 c:\windows\system32\advpack.dll
+ 2012-04-06 04:52 . 2012-04-06 04:52 131168 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2012-01-30 19:38 . 2012-01-30 19:38 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2011-12-25 08:50 . 2011-12-25 08:50 389888 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-12-25 08:50 . 2011-12-25 08:50 364816 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-12-25 08:50 . 2011-12-25 08:50 989968 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2012-04-23 02:04 . 2012-04-23 02:04 552448 c:\windows\Installer\9aa1f.msi
+ 2011-12-22 21:50 . 2011-12-22 21:50 256000 c:\windows\Installer\3b495b.msp
+ 2012-05-26 03:13 . 2012-05-26 03:13 176128 c:\windows\Installer\13e329.msi
+ 2012-05-26 03:11 . 2012-05-26 03:11 863744 c:\windows\Installer\13e323.msi
+ 2012-02-02 15:56 . 2012-02-02 15:56 963584 c:\windows\Installer\105469.msp
+ 2012-02-18 15:23 . 2012-02-18 15:23 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2009-11-10 14:58 . 2009-11-10 14:58 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2008-07-06 14:16 . 2012-01-12 03:32 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-07-06 14:16 . 2012-05-10 21:22 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-07-06 14:16 . 2012-01-12 03:32 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-07-06 14:16 . 2012-05-10 21:22 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-07-06 14:16 . 2012-01-12 03:32 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-07-06 14:16 . 2012-05-10 21:22 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-07-06 14:16 . 2012-05-10 21:22 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-07-06 14:16 . 2012-01-12 03:32 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-07-06 14:16 . 2012-01-12 03:32 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-07-06 14:16 . 2012-05-10 21:22 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-07-06 14:16 . 2012-01-12 03:32 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-07-06 14:16 . 2012-05-10 21:22 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-07-06 14:16 . 2012-01-12 03:32 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-07-06 14:16 . 2012-05-10 21:22 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2012-06-01 17:20 . 2012-06-01 17:20 380928 c:\windows\Installer\{23B8A91D-680B-462B-87AD-3D70F7341731}\iTunesIco.exe
+ 2011-09-16 02:41 . 2011-09-16 02:41 408936 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\WINWORD.EXE
+ 2007-06-08 01:51 . 2007-06-08 01:51 125320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\SSGEN.DLL
+ 2007-06-07 23:51 . 2007-06-07 23:51 465800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OUTLFLTR.DLL
+ 2008-03-19 12:27 . 2008-03-19 12:27 661536 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OGALEGIT.DLL
+ 2011-07-27 11:52 . 2011-07-27 11:52 436096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\MSPVIEW.EXE
+ 2011-07-27 11:52 . 2011-07-27 11:52 154528 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\MSPSCAN.EXE
+ 2011-05-31 23:25 . 2011-05-31 23:25 771984 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\MSPFILT.DLL
+ 2011-05-31 23:25 . 2011-05-31 23:25 524704 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\MDIVWCTL.DLL
+ 2011-05-31 23:25 . 2011-05-31 23:25 792432 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\MDIGRAPH.DLL
+ 2008-10-25 12:18 . 2008-10-25 12:18 172880 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\IEAWSDC.DLL
+ 2009-02-26 16:09 . 2009-02-26 16:09 154000 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\ENVELOPE.DLL
+ 2006-10-27 21:35 . 2006-10-27 21:35 436512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\UMOUTLOOKADDIN.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 764800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACECNF.DLL
+ 2009-02-26 22:45 . 2009-02-26 22:45 509256 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\WRD12CVR.DLL
+ 2009-02-26 03:27 . 2009-02-26 03:27 843680 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\OICE.EXE
+ 2009-02-26 22:07 . 2009-02-26 22:07 395624 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\MOC.EXE
+ 2012-05-26 02:17 . 2011-10-31 23:43 832512 c:\windows\ie7updates\KB2675157-IE7\wininet.dll
+ 2012-05-26 02:17 . 2011-10-31 23:43 233472 c:\windows\ie7updates\KB2675157-IE7\webcheck.dll
+ 2012-05-26 02:17 . 2011-10-31 23:43 106496 c:\windows\ie7updates\KB2675157-IE7\url.dll
+ 2012-05-26 02:17 . 2010-07-05 13:16 382840 c:\windows\ie7updates\KB2675157-IE7\spuninst\updspapi.dll
+ 2012-05-26 02:17 . 2010-07-05 13:15 231288 c:\windows\ie7updates\KB2675157-IE7\spuninst\spuninst.exe
+ 2012-05-26 02:17 . 2011-10-31 23:43 102912 c:\windows\ie7updates\KB2675157-IE7\occache.dll
+ 2012-05-26 02:17 . 2011-10-31 23:43 671232 c:\windows\ie7updates\KB2675157-IE7\mstime.dll
+ 2012-05-26 02:17 . 2011-10-31 23:43 193024 c:\windows\ie7updates\KB2675157-IE7\msrating.dll
+ 2012-05-26 02:17 . 2011-10-31 23:43 478720 c:\windows\ie7updates\KB2675157-IE7\mshtmled.dll
+ 2012-05-26 02:17 . 2011-10-31 23:43 468480 c:\windows\ie7updates\KB2675157-IE7\msfeeds.dll
+ 2012-05-26 02:17 . 2011-10-31 10:46 634504 c:\windows\ie7updates\KB2675157-IE7\iexplore.exe
+ 2012-05-26 02:17 . 2011-10-31 23:43 268288 c:\windows\ie7updates\KB2675157-IE7\iertutil.dll
+ 2012-05-26 02:17 . 2011-10-31 23:43 192512 c:\windows\ie7updates\KB2675157-IE7\iepeers.dll
+ 2012-05-26 02:17 . 2011-10-31 23:43 384512 c:\windows\ie7updates\KB2675157-IE7\iedkcs32.dll
+ 2012-05-26 02:17 . 2011-10-31 23:43 380928 c:\windows\ie7updates\KB2675157-IE7\ieapfltr.dll
+ 2012-05-26 02:17 . 2011-10-27 12:49 161792 c:\windows\ie7updates\KB2675157-IE7\ieakui.dll
+ 2012-05-26 02:17 . 2011-10-31 23:43 230400 c:\windows\ie7updates\KB2675157-IE7\ieaksie.dll
+ 2012-05-26 02:17 . 2011-10-31 23:43 153088 c:\windows\ie7updates\KB2675157-IE7\ieakeng.dll
+ 2012-05-26 02:17 . 2011-10-31 23:43 133120 c:\windows\ie7updates\KB2675157-IE7\extmgr.dll
+ 2012-05-26 02:17 . 2011-10-31 23:43 214528 c:\windows\ie7updates\KB2675157-IE7\dxtrans.dll
+ 2012-05-26 02:17 . 2011-10-31 23:43 347136 c:\windows\ie7updates\KB2675157-IE7\dxtmsft.dll
+ 2012-05-26 02:17 . 2011-10-31 23:43 124928 c:\windows\ie7updates\KB2675157-IE7\advpack.dll
+ 2012-05-10 21:44 . 2012-05-10 21:44 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\ac4fc3032c19946f9b2729468888206d\WsatConfig.ni.exe
+ 2012-05-10 21:47 . 2012-05-10 21:47 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\b10c188136ae13a204e4adf8bbeadc36\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-05-10 21:46 . 2012-05-10 21:46 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\fc5429931ab14f5d6efd9944fdc0a8cd\WindowsLive.Writer.SpellChecker.ni.dll
+ 2012-05-10 21:45 . 2012-05-10 21:45 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f4b2680f66f11b32f52dfcdd3e966052\WindowsLive.Writer.BrowserControl.ni.dll
+ 2012-05-10 21:46 . 2012-05-10 21:46 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\afa2c88ca1c6145db6ab609d7dbecaf7\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2012-05-10 21:46 . 2012-05-10 21:46 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\aaec2f14e39b9f7e6eceb805372bf509\WindowsLive.Writer.Localization.ni.dll
+ 2012-05-10 21:46 . 2012-05-10 21:46 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9be0501c7419ec0e15458baa8c1fe959\WindowsLive.Writer.Passport.ni.dll
+ 2012-05-10 21:46 . 2012-05-10 21:46 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7c3199e055c50651bea7bec89462abff\WindowsLive.Writer.Mshtml.ni.dll
+ 2012-05-10 21:46 . 2012-05-10 21:46 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\75d2ac453acac1fb070cedb99ed942bf\WindowsLive.Writer.FileDestinations.ni.dll
+ 2012-05-10 21:46 . 2012-05-10 21:46 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\609d335fe7114303f401a23a7a704182\WindowsLive.Writer.HtmlParser.ni.dll
+ 2012-05-10 21:45 . 2012-05-10 21:45 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\569231b01872f2fa8ae91e49308b47ce\WindowsLive.Writer.Interop.ni.dll
+ 2012-05-10 21:46 . 2012-05-10 21:46 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\544462ea58f6abfb32278e1316778d21\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-05-10 21:46 . 2012-05-10 21:46 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3f4e76ebdfc34116cf17386d262a7da4\WindowsLive.Writer.Instrumentation.ni.dll
+ 2012-05-10 21:46 . 2012-05-10 21:46 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\37f744b866f6f04c68aefec39987f34d\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-05-10 21:46 . 2012-05-10 21:46 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\29e8f27943707613416f76a0357c8f41\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2012-05-10 21:46 . 2012-05-10 21:46 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1e842386993a608d446b3171d5f71478\WindowsLive.Writer.Extensibility.ni.dll
+ 2012-05-10 21:45 . 2012-05-10 21:45 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0bff4ab818c7e97bc6f692d9c79bae99\WindowsLive.Writer.Controls.ni.dll
+ 2012-05-10 21:46 . 2012-05-10 21:46 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\b28bed8baf595e12c6e7c371c959f101\WindowsLive.Client.ni.dll
+ 2012-05-10 21:22 . 2012-05-10 21:22 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6198de2c5b8f7d89404c2ba39d69ae56\WindowsFormsIntegration.ni.dll
+ 2012-05-10 21:22 . 2012-05-10 21:22 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\be27ab5913cec2b292a019c2a13ec701\UIAutomationTypes.ni.dll
+ 2012-05-10 21:22 . 2012-05-10 21:22 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\04e5e2be34a70ee7f4c87550238095a0\UIAutomationClient.ni.dll
+ 2012-05-10 21:49 . 2012-05-10 21:49 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\1c13b08593e99d6f5bef49ae7939c78b\System.Xml.Linq.ni.dll
+ 2012-05-10 21:48 . 2012-05-10 21:48 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\8bffbaa5d5abe40674d0bc124dfe8622\System.Web.Routing.ni.dll
+ 2012-05-10 21:46 . 2012-05-10 21:46 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6c7765c10516d375e9ddedad2dbab848\System.Web.RegularExpressions.ni.dll
+ 2012-05-10 21:48 . 2012-05-10 21:48 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\a7908debe80c209b599529685a159fa0\System.Web.Extensions.Design.ni.dll
+ 2012-05-10 21:48 . 2012-05-10 21:48 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\44ecb9f7be54a2ba46e6102d343e2e7e\System.Web.Entity.ni.dll
+ 2012-05-10 21:48 . 2012-05-10 21:48 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\fee8237aa2daa36e48aec379ee642422\System.Web.Entity.Design.ni.dll
+ 2012-05-10 21:48 . 2012-05-10 21:48 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\40d90d2c1484164b786067320ce778f4\System.Web.DynamicData.ni.dll
+ 2012-05-10 21:48 . 2012-05-10 21:48 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\6b4ce8cf2c3307b75ea7ebe77258bb26\System.Web.Abstractions.ni.dll
+ 2012-05-10 21:46 . 2012-05-10 21:46 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll
+ 2012-05-10 21:46 . 2012-05-10 21:46 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8dc4a28c456f81ee7399da21bd9d55aa\System.ServiceProcess.ni.dll
+ 2012-05-10 21:45 . 2012-05-10 21:45 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\129b15861e200613ff78ae15581f9093\System.Security.ni.dll
+ 2012-05-10 21:45 . 2012-05-10 21:45 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a644ec04e18202b60f9d828bc207972b\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-05-10 21:46 . 2012-05-10 21:46 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
+ 2012-05-10 21:48 . 2012-05-10 21:48 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\4a9eb43005a041959ddc5c7e586ab746\System.Net.ni.dll
+ 2012-05-10 21:48 . 2012-05-10 21:48 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
+ 2012-05-10 21:48 . 2012-05-10 21:48 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\3182a049ba953010dec649cf290a9e90\System.Management.Instrumentation.ni.dll
+ 2012-05-10 21:43 . 2012-05-10 21:43 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\8991f21d4b3676bf6f779110db8d4ac9\System.IO.Log.ni.dll
+ 2012-05-10 21:45 . 2012-05-10 21:45 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cd9c60a35d4958e94d2e3dd2f778e2e9\System.IdentityModel.Selectors.ni.dll
+ 2012-05-10 21:46 . 2012-05-10 21:46 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.Wrapper.dll
+ 2012-05-10 21:46 . 2012-05-10 21:46 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.ni.dll
+ 2012-05-10 21:21 . 2012-05-10 21:21 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\88aa4f80c7e5ac25f06f8950e42a1678\System.Drawing.Design.ni.dll
+ 2012-05-10 21:46 . 2012-05-10 21:46 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\ca484772955bc4db03b5dcb611c09423\System.DirectoryServices.Protocols.ni.dll
+ 2012-05-10 21:48 . 2012-05-10 21:48 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8ba5e68dddfd3279a8469d39eded48f3\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-05-10 21:48 . 2012-05-10 21:48 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a0109fce606a3110a5e7f9a4773f517e\System.Data.Services.Design.ni.dll
+ 2012-05-10 21:48 . 2012-05-10 21:48 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3a68d0441f509ffa6f8f0fb9cfcc5780\System.Data.Services.Client.ni.dll
+ 2012-05-10 21:48 . 2012-05-10 21:48 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\04440b3dd5d822da4973a525ee04b05d\System.Data.Entity.Design.ni.dll
+ 2012-05-10 21:47 . 2012-05-10 21:47 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\7bbb5d9e3b161b4d4b968e590442d3ae\System.Data.DataSetExtensions.ni.dll
+ 2012-05-10 21:45 . 2012-05-10 21:45 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
+ 2012-05-10 21:46 . 2012-05-10 21:46 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\bf7d6af03e1230ccad546a8659245ae9\System.Configuration.Install.ni.dll
+ 2012-05-10 21:47 . 2012-05-10 21:47 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\931a2bece4668863db4f852401c828cf\System.AddIn.ni.dll
+ 2012-05-10 21:44 . 2012-05-10 21:44 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6762f1ee780fa9c0b4ef66b285c64844\SMSvcHost.ni.exe
+ 2012-05-10 21:44 . 2012-05-10 21:44 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\660c4d6dd69ef22bc05587e1998cd135\SMDiagnostics.ni.dll
+ 2012-05-10 21:44 . 2012-05-10 21:44 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\47ed5bc9f42ea0054ce9acfde5e640b8\ServiceModelReg.ni.exe
+ 2012-05-10 21:47 . 2012-05-10 21:47 362496 c:\windows\assembly\NativeImages_v2.0.50727_32\QTAddressBar\76226f6e6ace200e2e424b0d513a8a56\QTAddressBar.ni.dll
+ 2012-05-10 21:21 . 2012-05-10 21:21 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a4706b850df9a3483f2fc439b6abe616\PresentationFramework.Royale.ni.dll
+ 2012-05-10 21:20 . 2012-05-10 21:20 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8b873631a0855fb6aa0ad25f1d9de7fe\PresentationFramework.Luna.ni.dll
+ 2012-05-10 21:20 . 2012-05-10 21:20 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7416fe825e6e49a87fa8ff60c8971813\PresentationFramework.Classic.ni.dll
+ 2012-05-10 21:20 . 2012-05-10 21:20 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\186c27fbd7b38b5551889274f6fa2ccd\PresentationFramework.Aero.ni.dll
+ 2012-05-10 21:47 . 2012-05-10 21:47 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5a121969a115d11b6256eb960c145686\MSBuild.ni.exe
+ 2012-05-10 21:44 . 2012-05-10 21:44 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\97c613d3899b320a6765793bdf490272\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-05-10 21:47 . 2012-05-10 21:47 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\dec22fb7d6b8929a41380e5359741a07\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-05-10 21:47 . 2012-05-10 21:47 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\1009b31c86a1b798fffa9e0127cec29c\Microsoft.Build.Utilities.ni.dll
+ 2012-05-10 21:47 . 2012-05-10 21:47 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\21d88631ef629715d3eecdd08e62e0b8\Microsoft.Build.Engine.ni.dll
+ 2012-05-10 21:47 . 2012-05-10 21:47 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a0f38c6478cca8297fb160291346c1c9\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-05-10 21:47 . 2012-05-10 21:47 312320 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.SHDocVw\db4b6ae485fa48b3526d45e499269ca0\Interop.SHDocVw.ni.dll
+ 2012-05-10 21:47 . 2012-05-10 21:47 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\bb26dd100d656605c576881a1a823667\CustomMarshalers.ni.dll
+ 2012-05-10 21:44 . 2012-05-10 21:44 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\9869c02d18825fdd32e64135a3e7246b\ComSvcConfig.ni.exe
+ 2012-05-10 21:45 . 2012-05-10 21:45 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\e414683ec4cff1cac0c77aaefd67144e\AspNetMMCExt.ni.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-05-10 21:18 . 2012-05-10 21:18 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
- 2009-08-09 07:06 . 2009-08-09 07:06 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-05-10 18:14 . 2012-05-10 18:14 532480 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-05-10 18:14 . 2012-05-10 18:14 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2009-08-09 07:05 . 2009-08-09 07:05 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-02-18 15:39 . 2012-02-18 15:39 870256 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
- 2009-11-10 15:02 . 2009-11-10 15:02 870256 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2012-02-18 15:38 . 2012-02-18 15:38 149368 c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2012-02-18 15:17 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2661637$\spuninst\updspapi.dll
+ 2012-02-18 15:17 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2661637$\spuninst\spuninst.exe
+ 2012-02-18 15:52 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2660465$\spuninst\updspapi.dll
+ 2012-02-18 15:52 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2660465$\spuninst\spuninst.exe
+ 2012-04-10 23:56 . 2009-12-24 06:59 177664 c:\windows\$NtUninstallKB2653956$\wintrust.dll
+ 2012-04-10 23:56 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2653956$\spuninst\updspapi.dll
+ 2012-04-10 23:56 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2653956$\spuninst\spuninst.exe
+ 2012-04-10 23:56 . 2008-04-14 00:11 144384 c:\windows\$NtUninstallKB2653956$\imagehlp.dll
+ 2012-03-14 03:45 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2647518$\spuninst\updspapi.dll
+ 2012-03-14 03:45 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2647518$\spuninst\spuninst.exe
+ 2012-03-14 03:50 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2641653$\spuninst\updspapi.dll
+ 2012-03-14 03:50 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2641653$\spuninst\spuninst.exe
+ 2012-03-14 04:06 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2621440$\spuninst\updspapi.dll
+ 2012-03-14 04:06 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2621440$\spuninst\spuninst.exe
+ 2012-03-14 04:06 . 2011-06-24 14:10 139656 c:\windows\$NtUninstallKB2621440$\rdpwd.sys
+ 2012-05-26 02:18 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2675157-IE7\update\updspapi.dll
+ 2012-05-26 02:18 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2675157-IE7\update\update.exe
+ 2012-05-26 02:18 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2675157-IE7\spuninst.exe
+ 2012-05-21 23:27 . 2012-03-01 01:23 841216 c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\wininet.dll
+ 2012-05-21 23:27 . 2012-03-01 01:23 233472 c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\webcheck.dll
+ 2012-05-21 23:27 . 2012-03-01 01:23 106496 c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\url.dll
+ 2012-05-21 23:27 . 2012-03-01 01:23 102912 c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\occache.dll
+ 2012-05-21 23:27 . 2012-03-01 01:23 671232 c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\mstime.dll
+ 2012-05-21 23:27 . 2012-03-01 01:23 193024 c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\msrating.dll
+ 2012-05-21 23:27 . 2012-03-01 01:23 478720 c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\mshtmled.dll
+ 2012-05-21 23:27 . 2012-03-01 01:23 468480 c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\msfeeds.dll
+ 2012-05-21 23:27 . 2012-02-29 10:34 634680 c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\iexplore.exe
+ 2012-05-21 23:27 . 2012-03-01 01:23 268288 c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\iertutil.dll
+ 2012-05-21 23:27 . 2012-03-01 01:23 193024 c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\iepeers.dll
+ 2012-05-21 23:27 . 2012-03-01 01:22 388608 c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\iedkcs32.dll
+ 2012-05-21 23:27 . 2012-03-01 01:22 380928 c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\ieapfltr.dll
+ 2012-05-21 23:27 . 2012-02-29 10:33 161792 c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\ieakui.dll
+ 2012-05-21 23:27 . 2012-03-01 01:22 230400 c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\ieaksie.dll
+ 2012-05-21 23:27 . 2012-03-01 01:22 153088 c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\ieakeng.dll
+ 2012-05-21 23:27 . 2012-03-01 01:22 132608 c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\extmgr.dll
+ 2012-05-21 23:27 . 2012-03-01 01:22 214528 c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\dxtrans.dll
+ 2012-05-21 23:27 . 2012-03-01 01:22 347136 c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\dxtmsft.dll
+ 2012-05-21 23:27 . 2012-03-01 01:22 124928 c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\advpack.dll
+ 2012-02-18 15:17 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2661637\update\updspapi.dll
+ 2012-02-18 15:17 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2661637\update\update.exe
+ 2012-02-18 15:17 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2661637\spuninst.exe
+ 2012-02-18 15:52 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2660465\update\updspapi.dll
+ 2012-02-18 15:52 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2660465\update\update.exe
+ 2012-02-18 15:52 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2660465\spuninst.exe
+ 2012-04-10 23:56 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2653956\update\updspapi.dll
+ 2012-04-10 23:56 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2653956\update\update.exe
+ 2012-04-10 23:56 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2653956\spuninst.exe
+ 2012-02-29 14:08 . 2012-02-29 14:08 178176 c:\windows\$hf_mig$\KB2653956\SP3QFE\wintrust.dll
+ 2012-02-29 14:08 . 2012-02-29 14:08 148480 c:\windows\$hf_mig$\KB2653956\SP3QFE\imagehlp.dll
+ 2012-03-14 03:45 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2647518\update\updspapi.dll
+ 2012-03-14 03:45 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2647518\update\update.exe
+ 2012-03-14 03:45 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2647518\spuninst.exe
+ 2012-03-14 03:50 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2641653\update\updspapi.dll
+ 2012-03-14 03:50 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2641653\update\update.exe
+ 2012-03-14 03:50 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2641653\spuninst.exe
+ 2012-03-14 04:06 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2621440\update\updspapi.dll
+ 2012-03-14 04:06 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2621440\update\update.exe
+ 2012-03-14 04:06 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2621440\spuninst.exe
+ 2012-03-14 03:51 . 2012-01-09 16:19 139784 c:\windows\$hf_mig$\KB2621440\SP3QFE\rdpwd.sys
+ 2012-05-10 18:05 . 2012-02-09 15:43 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
- 2008-07-02 16:21 . 2011-10-31 23:43 1168896 c:\windows\system32\urlmon.dll
+ 2008-07-02 16:21 . 2012-03-01 01:25 1168896 c:\windows\system32\urlmon.dll
+ 2012-05-08 02:34 . 2008-05-19 10:00 1312576 c:\windows\system32\ReinstallBackups\0009\DriverFiles\athw.sys
+ 2008-07-02 16:21 . 2012-03-01 01:25 3616768 c:\windows\system32\mshtml.dll
- 2009-07-18 03:21 . 2011-11-13 14:28 8527008 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-07-18 03:21 . 2012-02-18 16:47 8527008 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2007-08-13 22:54 . 2012-03-01 01:25 6076928 c:\windows\system32\ieframe.dll
+ 2011-07-07 08:28 . 2011-07-07 08:28 1193320 c:\windows\system32\FM20.DLL
+ 2012-06-01 17:16 . 2012-02-15 16:01 4547944 c:\windows\system32\DRVSTORE\usbaapl_87F84F5DA3368BC69CA5BE7F6A79CAA709E36E13\usbaaplrc.dll
- 2011-07-30 20:52 . 2010-12-21 05:55 1416680 c:\windows\system32\DRVSTORE\ssadadb2_6FBFB7BD831F97C0C49FFC637EF8E261B1BD5DBD\i386\WdfCoInstaller01005.dll
+ 2012-01-21 03:56 . 2010-12-21 05:55 1416680 c:\windows\system32\DRVSTORE\ssadadb2_6FBFB7BD831F97C0C49FFC637EF8E261B1BD5DBD\i386\WdfCoInstaller01005.dll
+ 2012-06-01 17:16 . 2011-08-02 21:38 1461992 c:\windows\system32\DRVSTORE\netaapl_63AA05C4700EB9CAF2D048DAC1D06D764A0D4C41\wdfcoinstaller01009.dll
+ 2008-05-19 10:00 . 2010-09-27 04:52 1816128 c:\windows\system32\drivers\athw.sys
+ 2008-07-02 16:21 . 2012-04-11 13:12 1862272 c:\windows\system32\dllcache\win32k.sys
- 2008-07-02 16:21 . 2011-10-31 23:43 1168896 c:\windows\system32\dllcache\urlmon.dll
+ 2008-07-02 16:21 . 2012-03-01 01:25 1168896 c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-15 05:43 . 2012-04-11 13:10 2192640 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2004-08-03 22:59 . 2012-04-11 12:35 2026496 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-15 05:43 . 2012-04-11 12:35 2069120 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2004-08-03 23:18 . 2012-04-11 13:14 2148352 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-07-02 16:21 . 2012-03-01 01:25 3616768 c:\windows\system32\dllcache\mshtml.dll
+ 2008-07-03 13:46 . 2012-03-01 01:25 6076928 c:\windows\system32\dllcache\ieframe.dll
- 2011-03-25 11:15 . 2011-03-25 11:15 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2011-12-25 08:50 . 2011-12-25 08:50 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2011-12-25 08:50 . 2011-12-25 08:50 3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-12-25 08:50 . 2011-12-25 08:50 5913360 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2011-07-07 10:18 . 2011-07-07 10:18 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-12-25 08:50 . 2011-12-25 08:50 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-10-31 04:54 . 2011-10-31 04:54 2748416 c:\windows\Installer\a9f27b9.msp
+ 2011-09-16 00:40 . 2011-09-16 00:40 7959552 c:\windows\Installer\a6a8935.msp
+ 2011-09-16 00:35 . 2011-09-16 00:35 1411072 c:\windows\Installer\a6a873d.msp
+ 2012-02-03 21:13 . 2012-02-03 21:13 4988928 c:\windows\Installer\a6a8730.msp
+ 2012-04-05 03:38 . 2012-04-05 03:38 2831360 c:\windows\Installer\3b4983.msp
+ 2012-04-29 02:44 . 2012-04-29 02:44 9101824 c:\windows\Installer\3b497a.msp
+ 2012-06-01 17:20 . 2012-06-01 17:20 4288000 c:\windows\Installer\39db56.msi
+ 2012-06-01 17:16 . 2012-06-01 17:16 1718784 c:\windows\Installer\39d2b5.msi
+ 2012-06-01 17:16 . 2012-06-01 17:16 2002432 c:\windows\Installer\39d2af.msi
+ 2012-06-01 17:14 . 2012-06-01 17:14 1530368 c:\windows\Installer\39d27d.msi
+ 2012-05-17 15:10 . 2012-05-17 15:10 1769984 c:\windows\Installer\2be678.msi
+ 2012-03-01 04:45 . 2012-03-01 04:45 4989440 c:\windows\Installer\2bdf96.msp
+ 2012-04-29 02:44 . 2012-04-29 02:44 9586176 c:\windows\Installer\18a980.msp
+ 2012-04-30 19:38 . 2012-04-30 19:38 5011456 c:\windows\Installer\18a968.msp
+ 2012-04-05 03:38 . 2012-04-05 03:38 3620864 c:\windows\Installer\18a93d.msp
+ 2012-03-15 07:24 . 2012-03-15 07:24 1795584 c:\windows\Installer\18a927.msp
+ 2012-04-29 02:43 . 2012-04-29 02:43 8459264 c:\windows\Installer\18a8fc.msp
+ 2012-02-17 13:45 . 2012-02-17 13:45 2299392 c:\windows\Installer\18a8f3.msp
+ 2012-03-26 16:28 . 2012-03-26 16:28 5009920 c:\windows\Installer\105497.msp
+ 2012-03-23 06:59 . 2012-03-23 06:59 7899648 c:\windows\Installer\105480.msp
+ 2011-11-01 05:34 . 2011-11-01 05:34 1169920 c:\windows\Installer\105461.msp
+ 2008-07-06 14:16 . 2012-05-10 21:22 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-07-06 14:16 . 2012-01-12 03:32 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-07-06 14:16 . 2012-01-12 03:32 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-07-06 14:16 . 2012-05-10 21:22 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-10-10 04:10 . 2009-10-10 04:10 2594632 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\VBE6.DLL
+ 2011-05-31 23:25 . 2011-05-31 23:25 1057184 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\MSPCORE.DLL
+ 2006-10-27 00:25 . 2006-10-27 00:25 2172688 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PSRCHFEA.DLL
+ 2011-08-03 05:14 . 2011-08-03 05:14 8579448 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\OARTCONV.DLL
+ 2012-05-26 02:17 . 2011-10-31 23:43 1168896 c:\windows\ie7updates\KB2675157-IE7\urlmon.dll
+ 2012-05-26 02:17 . 2011-11-04 15:16 3616256 c:\windows\ie7updates\KB2675157-IE7\mshtml.dll
+ 2012-05-26 02:17 . 2011-10-31 23:43 6076416 c:\windows\ie7updates\KB2675157-IE7\ieframe.dll
+ 2008-10-15 05:43 . 2012-04-11 13:10 2192640 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-15 05:43 . 2012-04-11 12:35 2026496 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-15 05:43 . 2012-04-11 12:35 2069120 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-15 05:43 . 2012-04-11 13:14 2148352 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2012-04-11 00:04 . 2012-04-11 00:04 5025792 c:\windows\assembly\tmp\7GNU18FN\System.Windows.Forms.dll
+ 2012-05-10 21:46 . 2012-05-10 21:46 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d65bf4ec97966536d01b991488acf506\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2012-05-10 21:45 . 2012-05-10 21:45 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8f8c754cca7141abf623c9ac27b70c26\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-05-10 21:45 . 2012-05-10 21:45 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\76323b65eae2d63a981ce32ad4ef9b10\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-05-10 21:19 . 2012-05-10 21:19 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll
+ 2012-05-10 21:22 . 2012-05-10 21:22 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\41a81b97625c113b591ed082c95276e2\UIAutomationClientsideProviders.ni.dll
+ 2012-05-10 21:19 . 2012-05-10 21:19 7953408 c:\windows\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
+ 2012-05-10 21:22 . 2012-05-10 21:22 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
+ 2012-05-10 21:49 . 2012-05-10 21:49 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\33fa6a2055bf857bff2e31020279b5e9\System.WorkflowServices.ni.dll
+ 2012-05-10 21:49 . 2012-05-10 21:49 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\5eccf6fef6bee8a2f93bc65ff33699bb\System.Workflow.Runtime.ni.dll
+ 2012-05-10 21:49 . 2012-05-10 21:49 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\62bd2e1bf98b04ceca2102c8f54aab9d\System.Workflow.ComponentModel.ni.dll
+ 2012-05-10 21:49 . 2012-05-10 21:49 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\8215548b3d4aabbaa0557ab747700778\System.Workflow.Activities.ni.dll
+ 2012-05-10 21:46 . 2012-05-10 21:46 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\3e11aea7d742b5eddbd0b6bd1012f7df\System.Web.Services.ni.dll
+ 2012-05-10 21:48 . 2012-05-10 21:48 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\ff995dde9cd34ff1e8ac7ab55fc92d32\System.Web.Mobile.ni.dll
+ 2012-05-10 21:48 . 2012-05-10 21:48 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\8899d1091e64a4d0b6ae69060197091a\System.Web.Extensions.ni.dll
+ 2012-05-10 21:48 . 2012-05-10 21:48 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5efb50c91f3c5e49be2079f625d933b7\System.Speech.ni.dll
+ 2012-05-10 21:48 . 2012-05-10 21:48 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\97d635f5c656ae43d94b55e67fc4ab50\System.ServiceModel.Web.ni.dll
+ 2012-05-10 21:43 . 2012-05-10 21:43 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\505e12638acd6fdb22e1fd2d4c6fc232\System.Runtime.Serialization.ni.dll
+ 2012-05-10 21:22 . 2012-05-10 21:22 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\1d6707a5a9da16c1d1b88529837884d6\System.Printing.ni.dll
+ 2012-05-10 21:43 . 2012-05-10 21:43 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\e09496ddb2bf6f3b69707924f2e6b5ff\System.IdentityModel.ni.dll
+ 2012-05-10 21:21 . 2012-05-10 21:21 1591808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll
+ 2012-05-10 21:46 . 2012-05-10 21:46 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\b55887436d2cfbe1fb32dd18d554185b\System.DirectoryServices.ni.dll
+ 2012-05-10 21:45 . 2012-05-10 21:45 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\832196527f0497078f085eaf9189265f\System.Deployment.ni.dll
+ 2012-05-10 21:21 . 2012-05-10 21:21 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll
+ 2012-05-10 21:45 . 2012-05-10 21:45 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\982b508698278c6ffb3d143bbe1e8bb8\System.Data.SqlXml.ni.dll
+ 2012-05-10 21:48 . 2012-05-10 21:48 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\2de7666b1cd0a1bc363726c9553dc39c\System.Data.Services.ni.dll
+ 2012-05-10 21:46 . 2012-05-10 21:46 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\7afb1abdbb8ba32cf578ff8ea4e45d99\System.Data.OracleClient.ni.dll
+ 2012-05-10 21:21 . 2012-05-10 21:21 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\44a5fc9e7c71b1fe1e2c79b03ecc3bc7\System.Data.Linq.ni.dll
+ 2012-05-10 21:48 . 2012-05-10 21:48 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\772c94f595cd87b7fa187d592ef46fcf\System.Data.Entity.ni.dll
+ 2012-05-10 21:21 . 2012-05-10 21:21 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\38d07a5ac34b99d94fd14f42e779f625\System.Core.ni.dll
+ 2012-05-10 21:21 . 2012-05-10 21:21 2146304 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\2ecefd16184a78f19aaf0f02cc0a7e1f\ReachFramework.ni.dll
+ 2012-05-10 21:21 . 2012-05-10 21:21 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\51204805c71113e0db2103faa064b313\PresentationUI.ni.dll
+ 2012-05-10 21:19 . 2012-05-10 21:19 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\8c509044eea2ab22689ea43926b30108\PresentationBuildTasks.ni.dll
+ 2012-05-10 21:47 . 2012-05-10 21:47 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b49dd780ba8e3501b0adcf108b431e7b\Microsoft.VisualBasic.ni.dll
+ 2012-05-10 21:44 . 2012-05-10 21:44 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\42145ebf75f77cabad442f0801a81c64\Microsoft.Transactions.Bridge.ni.dll
+ 2012-05-10 21:48 . 2012-05-10 21:48 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\cfe15312373b4668398404b5822bab7d\Microsoft.JScript.ni.dll
+ 2012-05-10 21:47 . 2012-05-10 21:47 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\f3fcd65eca42d13b746cf3f5bd993ee0\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-05-10 21:47 . 2012-05-10 21:47 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\2091903cd9b359e96f05ac2d6d25ef4e\Microsoft.Build.Tasks.ni.dll
+ 2012-05-10 21:47 . 2012-05-10 21:47 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5aa63a1cb41e3a5e1e8ed17072e60ec3\Microsoft.Build.Engine.ni.dll
- 2010-06-24 02:32 . 2010-06-24 02:32 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-05-10 18:14 . 2012-05-10 18:14 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-05-10 18:14 . 2012-05-10 18:14 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-05-10 18:14 . 2012-05-10 18:14 4214784 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-01-12 03:34 . 2012-01-12 03:34 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-05-10 21:17 . 2012-05-10 21:17 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-02-18 15:39 . 2012-02-18 15:39 1279864 c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2012-02-18 15:52 . 2011-11-23 13:25 1859584 c:\windows\$NtUninstallKB2660465$\win32k.sys
+ 2012-03-14 03:50 . 2012-01-12 16:53 1859968 c:\windows\$NtUninstallKB2641653$\win32k.sys
+ 2012-05-21 23:27 . 2012-03-01 01:23 1172992 c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\urlmon.dll
+ 2012-05-21 23:27 . 2012-03-01 01:23 3619328 c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\mshtml.dll
+ 2012-05-21 23:27 . 2012-03-01 01:23 6081024 c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\ieframe.dll
+ 2012-05-21 23:27 . 2009-06-29 08:33 2452872 c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\ieapfltr.dat
+ 2012-01-12 16:54 . 2012-01-12 16:54 1869056 c:\windows\$hf_mig$\KB2660465\SP3QFE\win32k.sys
+ 2012-03-14 03:07 . 2012-02-03 09:26 1869184 c:\windows\$hf_mig$\KB2641653\SP3QFE\win32k.sys
+ 2008-07-04 12:58 . 2012-04-27 01:08 55656824 c:\windows\system32\MRT.exe
+ 2011-09-15 23:37 . 2011-09-15 23:37 38176256 c:\windows\Installer\d60c4.msp
+ 2012-02-18 15:47 . 2012-02-18 15:47 20333056 c:\windows\Installer\a6a8942.msp
+ 2011-09-16 00:39 . 2011-09-16 00:39 11163136 c:\windows\Installer\a6a892a.msp
+ 2011-09-16 00:38 . 2011-09-16 00:38 10838528 c:\windows\Installer\a6a891d.msp
+ 2011-09-16 00:37 . 2011-09-16 00:37 16691712 c:\windows\Installer\a6a875a.msp
+ 2011-09-16 00:37 . 2011-09-16 00:37 34428416 c:\windows\Installer\a6a873e.msp
+ 2012-04-06 07:12 . 2012-04-06 07:12 15709696 c:\windows\Installer\3b4963.msp
+ 2012-01-04 07:25 . 2012-01-04 07:25 17751552 c:\windows\Installer\3b4953.msp
+ 2012-01-04 07:25 . 2012-01-04 07:25 17751552 c:\windows\Installer\18a98e.msp
+ 2012-04-06 08:13 . 2012-04-06 08:13 16527872 c:\windows\Installer\18a934.msp
+ 2012-05-10 18:07 . 2012-05-10 18:07 20343808 c:\windows\Installer\18a8d8.msp
+ 2011-09-15 23:37 . 2011-09-15 23:37 38176256 c:\windows\Installer\14d04f.msp
+ 2011-09-16 02:42 . 2011-09-16 02:42 18115432 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\WWLIB.DLL
+ 2011-08-04 00:53 . 2011-08-04 00:53 17324928 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\MSO.DLL
+ 2012-05-10 21:22 . 2012-05-10 21:22 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\995fcf39ead2c2a53e084505c2c67d49\System.Windows.Forms.ni.dll
+ 2012-05-10 21:46 . 2012-05-10 21:46 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\7861cd979ea5db3fb7d30ed94fb0edd2\System.Web.ni.dll
+ 2012-05-10 21:44 . 2012-05-10 21:44 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\bc254d2fa26664898ae21d45643bc194\System.ServiceModel.ni.dll
+ 2012-05-10 21:21 . 2012-05-10 21:21 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\a9256d2ad7e4be2bbb4e9b18c3997b84\System.Design.ni.dll
+ 2012-05-10 21:20 . 2012-05-10 21:20 14329856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5b8ff47c1db373a2a4c638ca31988bd2\PresentationFramework.ni.dll
+ 2012-05-10 21:20 . 2012-05-10 21:20 12218368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\4eb3cd1f1d5a83617524a9dfb96a657d\PresentationCore.ni.dll
+ 2012-05-10 21:18 . 2012-05-10 21:18 11492352 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
+ 2011-09-16 00:34 . 2011-09-16 00:34 428804608 c:\windows\Installer\a6a8911.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 18:58 333192 -c--a-w- c:\program files\AskBarDis\bar\bin\askbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\COSDriveIconOverlay]
@="{5FDACB62-6B7B-4116-9403-C5E0D3852A57}"
[HKEY_CLASSES_ROOT\CLSID\{5FDACB62-6B7B-4116-9403-C5E0D3852A57}]
2012-03-22 06:09 5131056 ----a-w- c:\program files\COMODO\COMMON\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\COSSyncItemInSyncIconOverlay]
@="{68F287EF-DA6D-4595-AF52-90FF6CE52AFE}"
[HKEY_CLASSES_ROOT\CLSID\{68F287EF-DA6D-4595-AF52-90FF6CE52AFE}]
2012-03-22 06:09 5131056 ----a-w- c:\program files\COMODO\COMMON\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\COSSyncItemModifiedIconOverlay]
@="{AE67D273-7253-4236-B55E-D40055B305D6}"
[HKEY_CLASSES_ROOT\CLSID\{AE67D273-7253-4236-B55E-D40055B305D6}]
2012-03-22 06:09 5131056 ----a-w- c:\program files\COMODO\COMMON\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\COSSyncItemNewIconOverlay]
@="{022F23E9-DA0F-4A86-A728-CAF6150C0B63}"
[HKEY_CLASSES_ROOT\CLSID\{022F23E9-DA0F-4A86-A728-CAF6150C0B63}]
2012-03-22 06:09 5131056 ----a-w- c:\program files\COMODO\COMMON\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Bob\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Bob\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Bob\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Bob\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoshopElements8SyncAgent"="c:\program files\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe" [2010-09-30 1945536]
"Start Magic 2.0"="c:\program files\Start Magic\start magic.exe" [2008-12-24 86016]
"Copernic Desktop Search - Home"="c:\program files\Copernic Desktop Search - Home\DesktopSearchService.exe" [2011-11-22 1648600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1040384]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"nwiz"="nwiz.exe" [2007-08-23 1626112]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-24 827904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-23 8478720]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"SmAudio"="c:\program files\Conexant\SmartAudio\SmAudio.exe" [2010-12-01 3495240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\documents and settings\Bob\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Bob\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Win7Keys.lnk - c:\program files\Win7Keys\Win7Keys.exe [2010-5-6 40960]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\common files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-7-8 113664]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcods]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-07-29 06:25 497648 -c--a-w- c:\program files\common files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-01-04 20:17 1937408 -c----w- c:\program files\Ahead\Nero BackItUp\NBJ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Documents and Settings\\Bob\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Bob\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\Bob\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Bob\\Local Settings\\Application Data\\CrossLoop\\vncviewer.exe"=
"c:\\Documents and Settings\\Bob\\Local Settings\\Application Data\\CrossLoop\\tvnserver.exe"=
"c:\\Program Files\\common files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list]
"86:TCP"= 86:TCP:BroadCam Video Streaming Server Web Server
"1935:TCP"= 1935:TCP:BroadCam Video Streaming Server Flash Video Server
"5910:TCP"= 5910:TCP:vnc5910
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 cbvd;Comodo Encrypted Virtual Disk;c:\windows\system32\drivers\CBVD.sys [3/22/2012 1:09 He's Coming 474472]
R0 clbstor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [7/24/2008 8:50 He's Coming 10368]
R0 reparse;Reparse;c:\windows\system32\drivers\cbreparse.sys [3/22/2012 1:09 He's Coming 464672]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/20/2012 10:00 He's Coming 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/20/2012 10:00 He's Coming 337880]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [9/30/2010 3:06 He's Coming 169408]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/20/2012 10:00 He's Coming 20696]
R2 COSService.exe;Comodo Online Storage Service;c:\program files\COMODO\COMMON\COSService.exe [10/25/2011 12:03 He's Coming 3837744]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [7/2/2008 11:21 He's Coming 14336]
R2 SynchronizationService.exe;Comodo BackUp Service;c:\program files\COMODO\COMMON\SynchronizationService.exe [10/25/2011 12:03 He's Coming 3454768]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [11/29/2010 10:32 He's Coming 193840]
RUnknown SASKUTIL;SASKUTIL; [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 e0e9d137;e0e9d137;c:\windows\system32\drivers\e0e9d137.sys --> c:\windows\system32\drivers\e0e9d137.sys [?]
S2 CrossLoopService;CrossLoop Service;c:\documents and settings\Bob\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [9/8/2011 9:23 He's Coming 563216]
S2 gupdate1c951e5929dad5c;Google Update Service (gupdate1c951e5929dad5c);c:\program files\Google\Update\GoogleUpdate.exe [11/29/2008 12:44 He's Coming 133104]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [5/8/2011 8:29 He's Coming 20032]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/29/2008 12:44 He's Coming 133104]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/8/2012 10:50 He's Coming 129976]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11/24/2009 8:38 He's Coming 47360]
S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [4/12/2009 7:09 He's Coming 23096]
S3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [4/12/2009 7:09 He's Coming 3768]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [1/20/2012 10:56 He's Coming 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [1/20/2012 10:56 He's Coming 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [1/20/2012 10:56 He's Coming 136680]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [3/25/2009 3:51 He's Coming 18432]
S3 tvnserver;TightVNC Server;c:\documents and settings\Bob\Local Settings\Application Data\CrossLoop\tvnserver.exe [9/8/2011 9:23 He's Coming 814080]
S4 Ascioo;Ascioo; [x]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - SmartDefragDriver
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-09-16 19:11 451872 -c--a-w- c:\program files\common files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2010-11-29 c:\windows\Tasks\$~$Sys0$.job
- c:\windows\System32\SchedSvc.dll [2008-07-02 00:12]
.
2010-11-29 c:\windows\Tasks\$~$Sys1$.job
- c:\windows\System32\SchedSvc.dll [2008-07-02 00:12]
.
2010-11-29 c:\windows\Tasks\$~$Sys2$.job
- c:\windows\System32\SchedSvc.dll [2008-07-02 00:12]
.
2011-11-18 c:\windows\Tasks\AdobeAAMUpdater-1.0 Fallback-HP-Bob.job
- c:\program files\common files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe [2010-07-29 06:40]
.
2011-05-30 c:\windows\Tasks\AdobeAAMUpdater-1.0-HP-Bob.job
- c:\program files\common files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-29 06:25]
.
2012-05-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
.
2010-03-17 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-01-08 17:09]
.
2012-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd0ad3907004d0.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-11-29 05:44]
.
2011-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-879983540-682003330-1003Core1cc8f46421cb6c4.job
- c:\documents and settings\Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-11 14:11]
.
2008-11-15 c:\windows\Tasks\User_Feed_Synchronization-{439D3F61-4239-4B30-84DB-CFE7528829A1}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 22:36]
.
2009-05-14 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 03:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.searchqu.com/102
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Bob\Application Data\Mozilla\Firefox\Profiles\ox3biacj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1969417&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://freedomquestinternational.org/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=100&systemid=102&sr=0&q=
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-05 09:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-06-05 09:57:15
ComboFix-quarantined-files.txt 2012-06-05 14:57
ComboFix2.txt 2012-05-30 18:39
ComboFix3.txt 2012-01-21 02:56
.
Pre-Run: 26,547,408,896 bytes free
Post-Run: 26,533,048,320 bytes free
.
- - End Of File - - FA463449561158FD4DC9821EF7FD134A

#5 TravelinMan

TravelinMan
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 05 June 2012 - 10:50 AM

On the boot up, I got an error message says 0x0000000 referenced mem at 0x0000000 mem could not be read, terminate or debug, etc.

The system freezes up and won't do anything... I have to hold down the power button to shut down.

I restarted in Safe Mode with Networking, and I got the same above message, plus it says it has found new hardware, but I hit cancel for that...

I am typing this in safe mode with Networking... thanks.. :thumbup2: :thumbup2:

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 05 June 2012 - 01:14 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
c:\windows\Tasks\$~$Sys0$.job
c:\windows\Tasks\$~$Sys1$.job
c:\windows\Tasks\$~$Sys2$.job

DDS::
uStart Page = hxxp://www.searchqu.com/102
mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f


Firefox::
FF - ProfilePath - c:\documents and settings\Bob\Application Data\Mozilla\Firefox\Profiles\ox3biacj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1969417&SearchSource=3&q={searchTerms}

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 TravelinMan

TravelinMan
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 05 June 2012 - 10:40 PM

I let the combofix run while I was running errands.. just walked in the door... I will post this and reboot and see how that script does... I will post it after reboot... thanks... :clapping:

ComboFix 12-06-05.03 - Bob 06/05/2012 14:17:43.3.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.1472 [GMT -5:00]
Running from: c:\documents and settings\Bob\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Bob\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\Tasks\$~$Sys0$.job"
"c:\windows\Tasks\$~$Sys1$.job"
"c:\windows\Tasks\$~$Sys2$.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\$~$Sys0$.job
c:\windows\Tasks\$~$Sys1$.job
c:\windows\Tasks\$~$Sys2$.job
.
.
((((((((((((((((((((((((( Files Created from 2012-05-05 to 2012-06-05 )))))))))))))))))))))))))))))))
.
.
2012-06-04 20:10 . 2012-06-04 20:10 -------- d-----w- c:\program files\Dropbox
2012-06-01 17:16 . 2012-06-01 17:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2012-06-01 17:16 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-06-01 17:16 . 2012-02-15 16:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-06-01 17:16 . 2012-06-01 17:16 -------- d-----w- c:\program files\Bonjour
2012-05-31 02:00 . 2012-05-31 02:00 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-26 03:23 . 2012-05-26 03:23 -------- d-----w- c:\documents and settings\Bob\Local Settings\Application Data\Sun
2012-05-26 03:13 . 2012-05-26 03:13 -------- d-----w- c:\program files\Common Files\Java
2012-05-26 03:11 . 2012-05-26 03:11 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-26 03:11 . 2012-05-26 03:11 772552 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-22 19:51 . 2012-05-22 19:51 -------- d-----w- c:\documents and settings\Bob\Local Settings\Application Data\Copernic
2012-05-22 19:51 . 2012-05-22 19:51 -------- d-----w- c:\documents and settings\Bob\Application Data\Copernic
2012-05-21 22:13 . 2012-05-21 22:13 1266056 ----a-w- C:\WindowsXP-KB927891-v3-x86-ENU.exe
2012-05-21 22:12 . 2012-05-21 22:12 3038 ----a-w- C:\fix_svchost.bat
2012-05-21 22:08 . 2012-05-21 22:08 6216032 ----a-w- C:\windowsupdateagent30-x86.exe
2012-05-21 18:21 . 2011-06-21 04:09 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-05-20 04:26 . 2012-05-20 04:26 77312 ----a-w- c:\windows\ua2.dll
2012-05-18 05:00 . 2012-05-18 05:00 389 ----a-w- c:\documents and settings\Bob\GenericHostErrorProblem.bat
2012-05-10 18:24 . 2012-05-10 18:24 -------- d-----w- C:\9a9eea192c93fb12324278
2012-05-08 15:50 . 2012-05-08 15:50 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-08 15:50 . 2012-05-08 15:50 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-08 15:50 . 2012-05-08 15:50 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-08 02:34 . 2009-03-16 15:19 58208 ----a-w- c:\windows\system32\wsimd.sys
2012-05-08 02:34 . 2009-03-16 15:19 58208 ----a-w- c:\windows\system32\drivers\wsimd.sys
2012-05-08 02:34 . 2012-05-08 02:34 -------- d-----w- c:\program files\Atheros
2012-05-08 02:34 . 2012-05-08 02:34 -------- d-----w- c:\windows\Options
2012-05-08 02:33 . 2012-05-08 02:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Atheros
2012-05-07 13:43 . 2012-05-07 13:43 -------- d-----w- C:\ERDNT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 13:22 . 2008-07-02 16:20 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-26 03:11 . 2010-04-22 03:17 687560 -c--a-w- c:\windows\system32\deployJava1.dll
2012-05-10 21:18 . 2011-03-15 02:11 5280 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-04-11 13:14 . 2004-08-03 23:18 2148352 -c--a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2008-07-02 16:21 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-03 22:59 2026496 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-22 06:09 . 2012-03-22 06:09 474472 -c--a-w- c:\windows\system32\drivers\CBVD.sys
2012-03-22 06:09 . 2012-03-22 06:09 464672 -c--a-w- c:\windows\system32\drivers\cbreparse.sys
2011-08-22 22:08 . 2011-08-22 22:08 21073936 -c--a-w- c:\program files\vlc-1.1.11-win32.exe
2012-05-08 15:50 . 2011-03-11 15:50 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 18:58 333192 -c--a-w- c:\program files\AskBarDis\bar\bin\askbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\COSDriveIconOverlay]
@="{5FDACB62-6B7B-4116-9403-C5E0D3852A57}"
[HKEY_CLASSES_ROOT\CLSID\{5FDACB62-6B7B-4116-9403-C5E0D3852A57}]
2012-03-22 06:09 5131056 ----a-w- c:\program files\COMODO\COMMON\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\COSSyncItemInSyncIconOverlay]
@="{68F287EF-DA6D-4595-AF52-90FF6CE52AFE}"
[HKEY_CLASSES_ROOT\CLSID\{68F287EF-DA6D-4595-AF52-90FF6CE52AFE}]
2012-03-22 06:09 5131056 ----a-w- c:\program files\COMODO\COMMON\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\COSSyncItemModifiedIconOverlay]
@="{AE67D273-7253-4236-B55E-D40055B305D6}"
[HKEY_CLASSES_ROOT\CLSID\{AE67D273-7253-4236-B55E-D40055B305D6}]
2012-03-22 06:09 5131056 ----a-w- c:\program files\COMODO\COMMON\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\COSSyncItemNewIconOverlay]
@="{022F23E9-DA0F-4A86-A728-CAF6150C0B63}"
[HKEY_CLASSES_ROOT\CLSID\{022F23E9-DA0F-4A86-A728-CAF6150C0B63}]
2012-03-22 06:09 5131056 ----a-w- c:\program files\COMODO\COMMON\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Bob\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Bob\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Bob\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Bob\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoshopElements8SyncAgent"="c:\program files\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe" [2010-09-30 1945536]
"Start Magic 2.0"="c:\program files\Start Magic\start magic.exe" [2008-12-24 86016]
"Copernic Desktop Search - Home"="c:\program files\Copernic Desktop Search - Home\DesktopSearchService.exe" [2011-11-22 1648600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1040384]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"nwiz"="nwiz.exe" [2007-08-23 1626112]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-24 827904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-23 8478720]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"SmAudio"="c:\program files\Conexant\SmartAudio\SmAudio.exe" [2010-12-01 3495240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\documents and settings\Bob\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Bob\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Win7Keys.lnk - c:\program files\Win7Keys\Win7Keys.exe [2010-5-6 40960]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\common files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-7-8 113664]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcods]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-07-29 06:25 497648 -c--a-w- c:\program files\common files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-01-04 20:17 1937408 -c----w- c:\program files\Ahead\Nero BackItUp\NBJ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Documents and Settings\\Bob\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Bob\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\Bob\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Bob\\Local Settings\\Application Data\\CrossLoop\\vncviewer.exe"=
"c:\\Documents and Settings\\Bob\\Local Settings\\Application Data\\CrossLoop\\tvnserver.exe"=
"c:\\Program Files\\common files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list]
"86:TCP"= 86:TCP:BroadCam Video Streaming Server Web Server
"1935:TCP"= 1935:TCP:BroadCam Video Streaming Server Flash Video Server
"5910:TCP"= 5910:TCP:vnc5910
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 cbvd;Comodo Encrypted Virtual Disk;c:\windows\system32\drivers\CBVD.sys [3/22/2012 1:09 He's Coming 474472]
R0 clbstor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [7/24/2008 8:50 He's Coming 10368]
R0 reparse;Reparse;c:\windows\system32\drivers\cbreparse.sys [3/22/2012 1:09 He's Coming 464672]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/20/2012 10:00 He's Coming 612184]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/20/2012 10:00 He's Coming 337880]
S1 e0e9d137;e0e9d137;c:\windows\system32\drivers\e0e9d137.sys --> c:\windows\system32\drivers\e0e9d137.sys [?]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [9/30/2010 3:06 He's Coming 169408]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/20/2012 10:00 He's Coming 20696]
S2 COSService.exe;Comodo Online Storage Service;c:\program files\COMODO\COMMON\COSService.exe [10/25/2011 12:03 He's Coming 3837744]
S2 CrossLoopService;CrossLoop Service;c:\documents and settings\Bob\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [9/8/2011 9:23 He's Coming 563216]
S2 gupdate1c951e5929dad5c;Google Update Service (gupdate1c951e5929dad5c);c:\program files\Google\Update\GoogleUpdate.exe [11/29/2008 12:44 He's Coming 133104]
S2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [7/2/2008 11:21 He's Coming 14336]
S2 SynchronizationService.exe;Comodo BackUp Service;c:\program files\COMODO\COMMON\SynchronizationService.exe [10/25/2011 12:03 He's Coming 3454768]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [11/29/2010 10:32 He's Coming 193840]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [5/8/2011 8:29 He's Coming 20032]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/29/2008 12:44 He's Coming 133104]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/8/2012 10:50 He's Coming 129976]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11/24/2009 8:38 He's Coming 47360]
S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [4/12/2009 7:09 He's Coming 23096]
S3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [4/12/2009 7:09 He's Coming 3768]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [1/20/2012 10:56 He's Coming 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [1/20/2012 10:56 He's Coming 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [1/20/2012 10:56 He's Coming 136680]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [3/25/2009 3:51 He's Coming 18432]
S3 tvnserver;TightVNC Server;c:\documents and settings\Bob\Local Settings\Application Data\CrossLoop\tvnserver.exe [9/8/2011 9:23 He's Coming 814080]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MDMXSDK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-09-16 19:11 451872 -c--a-w- c:\program files\common files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-18 c:\windows\Tasks\AdobeAAMUpdater-1.0 Fallback-HP-Bob.job
- c:\program files\common files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe [2010-07-29 06:40]
.
2011-05-30 c:\windows\Tasks\AdobeAAMUpdater-1.0-HP-Bob.job
- c:\program files\common files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-29 06:25]
.
2012-05-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
.
2010-03-17 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-01-08 17:09]
.
2012-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd0ad3907004d0.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-11-29 05:44]
.
2011-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-879983540-682003330-1003Core1cc8f46421cb6c4.job
- c:\documents and settings\Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-11 14:11]
.
2008-11-15 c:\windows\Tasks\User_Feed_Synchronization-{439D3F61-4239-4B30-84DB-CFE7528829A1}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 22:36]
.
2009-05-14 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 03:18]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Bob\Application Data\Mozilla\Firefox\Profiles\ox3biacj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://freedomquestinternational.org/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=100&systemid=102&sr=0&q=
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-05 14:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-06-05 14:27:20
ComboFix-quarantined-files.txt 2012-06-05 19:27
ComboFix2.txt 2012-06-05 14:57
ComboFix3.txt 2012-05-30 18:39
ComboFix4.txt 2012-01-21 02:56
.
Pre-Run: 26,615,267,328 bytes free
Post-Run: 26,599,731,200 bytes free
.
- - End Of File - - 91E38D88555D8C0E9109D695896A6DE9

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 05 June 2012 - 10:57 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 TravelinMan

TravelinMan
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 05 June 2012 - 11:19 PM

When I rebooted in normal mode... my computer froze... I couldn't even open FireFox... I am now in Safe Mode with Networking... normal mode boot up, I got an error message says 0x0000000 referenced mem at 0x0000000 mem could not be read, terminate or debug, etc.

The system freezes up and won't do anything... I have to hold down the power button to shut down.

Will download and run the scans now...

#10 TravelinMan

TravelinMan
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 05 June 2012 - 11:30 PM

I'm running in safe mode... does that matter?
Nothing found with TDSS...

I will run the other one... no reboot was required...

23:23:58.0453 1668 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
23:23:59.0359 1668 ============================================================
23:23:59.0359 1668 Current date / time: 2012/06/05 23:23:59.0359
23:23:59.0359 1668 SystemInfo:
23:23:59.0359 1668
23:23:59.0359 1668 OS Version: 5.1.2600 ServicePack: 3.0
23:23:59.0359 1668 Product type: Workstation
23:23:59.0359 1668 ComputerName: HP
23:23:59.0359 1668 UserName: Bob
23:23:59.0359 1668 Windows directory: C:\WINDOWS
23:23:59.0359 1668 System windows directory: C:\WINDOWS
23:23:59.0359 1668 Processor architecture: Intel x86
23:23:59.0359 1668 Number of processors: 2
23:23:59.0359 1668 Page size: 0x1000
23:23:59.0359 1668 Boot type: Safe boot with network
23:23:59.0359 1668 ============================================================
23:24:02.0625 1668 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:24:02.0625 1668 ============================================================
23:24:02.0625 1668 \Device\Harddisk0\DR0:
23:24:02.0625 1668 MBR partitions:
23:24:02.0625 1668 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x11249AF0
23:24:02.0625 1668 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x11249B2F, BlocksNum 0x17CEF92
23:24:02.0625 1668 ============================================================
23:24:02.0921 1668 C: <-> \Device\Harddisk0\DR0\Partition0
23:24:02.0968 1668 D: <-> \Device\Harddisk0\DR0\Partition1
23:24:02.0984 1668 ============================================================
23:24:02.0984 1668 Initialize success
23:24:02.0984 1668 ============================================================
23:24:45.0578 0248 ============================================================
23:24:45.0578 0248 Scan started
23:24:45.0578 0248 Mode: Manual; TDLFS;
23:24:45.0578 0248 ============================================================
23:24:46.0656 0248 Scan interrupted by user!
23:24:46.0656 0248 Scan interrupted by user!
23:24:46.0656 0248 Scan interrupted by user!
23:24:46.0656 0248 ============================================================
23:24:46.0656 0248 Scan finished
23:24:46.0656 0248 ============================================================
23:24:46.0671 2040 Detected object count: 0
23:24:46.0671 2040 Actual detected object count: 0
23:24:54.0718 0424 ============================================================
23:24:54.0718 0424 Scan started
23:24:54.0718 0424 Mode: Manual; TDLFS;
23:24:54.0718 0424 ============================================================
23:24:54.0984 0424 6to4 (c07d5197410aab28d0d93f943f59656d) C:\WINDOWS\System32\6to4svc.dll
23:24:54.0984 0424 6to4 - ok
23:24:55.0031 0424 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
23:24:55.0031 0424 Aavmker4 - ok
23:24:55.0046 0424 Abiosdsk - ok
23:24:55.0062 0424 abp480n5 - ok
23:24:55.0109 0424 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:24:55.0109 0424 ACPI - ok
23:24:55.0140 0424 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
23:24:55.0140 0424 ACPIEC - ok
23:24:55.0218 0424 ADOBE LM SERVICE (5ddc0a8d2cd60bda593ddaf45821ce08) C:\PROGRAM FILES\COMMON FILES\ADOBE SYSTEMS SHARED\SERVICE\ADOBELMSVC.EXE
23:24:55.0218 0424 ADOBE LM SERVICE - ok
23:24:55.0343 0424 AdobeActiveFileMonitor9.0 (1474f121c3df1232d3e7239c03691ee6) C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
23:24:55.0343 0424 AdobeActiveFileMonitor9.0 - ok
23:24:55.0359 0424 adpu160m - ok
23:24:55.0390 0424 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:24:55.0390 0424 aec - ok
23:24:55.0437 0424 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:24:55.0437 0424 AFD - ok
23:24:55.0437 0424 Aha154x - ok
23:24:55.0453 0424 aic78u2 - ok
23:24:55.0468 0424 aic78xx - ok
23:24:55.0500 0424 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
23:24:55.0500 0424 Alerter - ok
23:24:55.0515 0424 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
23:24:55.0531 0424 ALG - ok
23:24:55.0531 0424 AliIde - ok
23:24:55.0562 0424 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
23:24:55.0562 0424 AmdK8 - ok
23:24:55.0578 0424 amsint - ok
23:24:55.0640 0424 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:24:55.0640 0424 Apple Mobile Device - ok
23:24:55.0687 0424 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
23:24:55.0687 0424 AppMgmt - ok
23:24:55.0812 0424 AR5416 (1b578a6c2a4648e00ad0dcf3ed7d945a) C:\WINDOWS\system32\DRIVERS\athw.sys
23:24:55.0859 0424 AR5416 - ok
23:24:55.0984 0424 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:24:55.0984 0424 Arp1394 - ok
23:24:56.0000 0424 asc - ok
23:24:56.0015 0424 asc3350p - ok
23:24:56.0015 0424 asc3550 - ok
23:24:56.0125 0424 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:24:56.0140 0424 aspnet_state - ok
23:24:56.0171 0424 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
23:24:56.0187 0424 aswFsBlk - ok
23:24:56.0203 0424 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
23:24:56.0203 0424 aswMon2 - ok
23:24:56.0218 0424 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys
23:24:56.0218 0424 aswRdr - ok
23:24:56.0281 0424 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
23:24:56.0312 0424 aswSnx - ok
23:24:56.0343 0424 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
23:24:56.0343 0424 aswSP - ok
23:24:56.0375 0424 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
23:24:56.0375 0424 aswTdi - ok
23:24:56.0390 0424 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:24:56.0390 0424 AsyncMac - ok
23:24:56.0421 0424 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:24:56.0421 0424 atapi - ok
23:24:56.0437 0424 Atdisk - ok
23:24:56.0453 0424 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:24:56.0468 0424 Atmarpc - ok
23:24:56.0500 0424 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
23:24:56.0500 0424 AudioSrv - ok
23:24:56.0531 0424 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:24:56.0531 0424 audstub - ok
23:24:56.0593 0424 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
23:24:56.0593 0424 avast! Antivirus - ok
23:24:56.0625 0424 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:24:56.0625 0424 Beep - ok
23:24:56.0671 0424 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
23:24:56.0796 0424 BITS - ok
23:24:56.0859 0424 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
23:24:56.0859 0424 Bonjour Service - ok
23:24:56.0890 0424 bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
23:24:56.0890 0424 bridge - ok
23:24:56.0890 0424 bridgemp (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
23:24:56.0890 0424 bridgemp - ok
23:24:56.0921 0424 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
23:24:56.0921 0424 Browser - ok
23:24:57.0015 0424 catchme - ok
23:24:57.0031 0424 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:24:57.0031 0424 cbidf2k - ok
23:24:57.0078 0424 cbvd (0040cfb684100611419b2d8295b0b362) C:\WINDOWS\system32\DRIVERS\cbvd.sys
23:24:57.0093 0424 cbvd - ok
23:24:57.0093 0424 cd20xrnt - ok
23:24:57.0140 0424 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:24:57.0140 0424 Cdaudio - ok
23:24:57.0140 0424 Cddf710 - ok
23:24:57.0171 0424 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:24:57.0171 0424 Cdfs - ok
23:24:57.0187 0424 cdrbsvsd (80ac946628de5deab071474e30d7a071) C:\WINDOWS\system32\drivers\cdrbsvsd.sys
23:24:57.0187 0424 cdrbsvsd - ok
23:24:57.0218 0424 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:24:57.0218 0424 Cdrom - ok
23:24:57.0234 0424 Changer - ok
23:24:57.0265 0424 cisvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
23:24:57.0265 0424 cisvc - ok
23:24:57.0312 0424 clbstor (3f6fd6ab34364d5ae54ee2e011123f4c) C:\WINDOWS\system32\drivers\clbstor.sys
23:24:57.0312 0424 clbstor - ok
23:24:57.0328 0424 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
23:24:57.0328 0424 ClipSrv - ok
23:24:57.0421 0424 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:24:57.0484 0424 clr_optimization_v2.0.50727_32 - ok
23:24:57.0515 0424 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:24:57.0515 0424 CmBatt - ok
23:24:57.0531 0424 CmdIde - ok
23:24:57.0609 0424 Com4QLBEx (7795f8cebc284a426b53f541e538695f) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
23:24:57.0625 0424 Com4QLBEx - ok
23:24:57.0640 0424 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:24:57.0640 0424 Compbatt - ok
23:24:57.0656 0424 COMSysApp - ok
23:24:57.0921 0424 COSService.exe (a58cc8bed7dc949867418f8c32c02360) C:\Program Files\COMODO\COMMON\COSService.exe
23:24:58.0031 0424 COSService.exe - ok
23:24:58.0125 0424 Cpqarray - ok
23:24:58.0312 0424 CrossLoopService (10e45f8bee717a9a2085d2948b531e67) C:\Documents and Settings\Bob\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
23:24:58.0343 0424 CrossLoopService - ok
23:24:58.0359 0424 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
23:24:58.0375 0424 CryptSvc - ok
23:24:58.0375 0424 dac2w2k - ok
23:24:58.0390 0424 dac960nt - ok
23:24:58.0437 0424 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
23:24:58.0453 0424 DcomLaunch - ok
23:24:58.0484 0424 dgderdrv (f4c7c13d736515ed5263d0019a9713b7) C:\WINDOWS\system32\drivers\dgderdrv.sys
23:24:58.0484 0424 dgderdrv - ok
23:24:58.0515 0424 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
23:24:58.0515 0424 Dhcp - ok
23:24:58.0546 0424 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:24:58.0546 0424 Disk - ok
23:24:58.0546 0424 dmadmin - ok
23:24:58.0593 0424 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:24:58.0609 0424 dmboot - ok
23:24:58.0640 0424 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:24:58.0640 0424 dmio - ok
23:24:58.0671 0424 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:24:58.0671 0424 dmload - ok
23:24:58.0703 0424 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
23:24:58.0703 0424 dmserver - ok
23:24:58.0734 0424 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:24:58.0734 0424 DMusic - ok
23:24:58.0765 0424 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
23:24:58.0765 0424 Dnscache - ok
23:24:58.0796 0424 dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
23:24:58.0812 0424 dot3svc - ok
23:24:58.0812 0424 dpti2o - ok
23:24:58.0843 0424 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:24:58.0859 0424 drmkaud - ok
23:24:58.0875 0424 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
23:24:58.0875 0424 dvd43llh - ok
23:24:58.0890 0424 e0e9d137 - ok
23:24:58.0937 0424 eaphost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
23:24:58.0937 0424 eaphost - ok
23:24:58.0953 0424 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
23:24:58.0968 0424 ERSvc - ok
23:24:59.0000 0424 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
23:24:59.0031 0424 Eventlog - ok
23:24:59.0062 0424 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
23:24:59.0078 0424 EventSystem - ok
23:24:59.0093 0424 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:24:59.0109 0424 Fastfat - ok
23:24:59.0140 0424 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:24:59.0156 0424 FastUserSwitchingCompatibility - ok
23:24:59.0171 0424 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
23:24:59.0187 0424 Fdc - ok
23:24:59.0203 0424 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:24:59.0203 0424 Fips - ok
23:24:59.0218 0424 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
23:24:59.0218 0424 Flpydisk - ok
23:24:59.0265 0424 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:24:59.0281 0424 FltMgr - ok
23:24:59.0375 0424 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:24:59.0390 0424 FontCache3.0.0.0 - ok
23:24:59.0406 0424 fssfltr (960f5e5e4e1f720465311ac68a99c2df) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
23:24:59.0406 0424 fssfltr - ok
23:24:59.0531 0424 fsssvc (9b1622ebeb31b3411b13382ffcb8737d) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
23:24:59.0578 0424 fsssvc - ok
23:24:59.0609 0424 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:24:59.0609 0424 Fs_Rec - ok
23:24:59.0640 0424 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:24:59.0640 0424 Ftdisk - ok
23:24:59.0671 0424 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
23:24:59.0671 0424 GEARAspiWDM - ok
23:24:59.0703 0424 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:24:59.0703 0424 Gpc - ok
23:24:59.0796 0424 gupdate1c951e5929dad5c (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
23:24:59.0796 0424 gupdate1c951e5929dad5c - ok
23:24:59.0812 0424 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
23:24:59.0812 0424 gupdatem - ok
23:24:59.0875 0424 HdAudAddService (6cd3629f8352c79bfcfb805d18b1d7a6) C:\WINDOWS\system32\drivers\CHDAud.sys
23:24:59.0906 0424 HdAudAddService - ok
23:24:59.0937 0424 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:24:59.0937 0424 HDAudBus - ok
23:25:00.0000 0424 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:25:00.0000 0424 helpsvc - ok
23:25:00.0031 0424 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
23:25:00.0031 0424 HidServ - ok
23:25:00.0062 0424 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:25:00.0062 0424 hidusb - ok
23:25:00.0093 0424 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
23:25:00.0093 0424 hkmsvc - ok
23:25:00.0109 0424 hpn - ok
23:25:00.0156 0424 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
23:25:00.0156 0424 HpqKbFiltr - ok
23:25:00.0171 0424 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\WINDOWS\system32\DRIVERS\HpqRemHid.sys
23:25:00.0171 0424 HpqRemHid - ok
23:25:00.0250 0424 hpqwmiex (1665c7121a026df10c903db9bc5e9d43) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
23:25:00.0250 0424 hpqwmiex - ok
23:25:00.0281 0424 HSFHWAZL (26ceec543888331c46de98111524bbcb) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
23:25:00.0296 0424 HSFHWAZL - ok
23:25:00.0359 0424 HSF_DPV (e472e0cb4e716cc34c0e045f2c196221) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
23:25:00.0390 0424 HSF_DPV - ok
23:25:00.0437 0424 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:25:00.0437 0424 HTTP - ok
23:25:00.0468 0424 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
23:25:00.0500 0424 HTTPFilter - ok
23:25:00.0515 0424 i2omgmt - ok
23:25:00.0515 0424 i2omp - ok
23:25:00.0562 0424 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:25:00.0562 0424 i8042prt - ok
23:25:00.0687 0424 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:25:00.0718 0424 idsvc - ok
23:25:00.0765 0424 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:25:00.0765 0424 Imapi - ok
23:25:00.0796 0424 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
23:25:00.0812 0424 ImapiService - ok
23:25:00.0828 0424 ini910u - ok
23:25:00.0843 0424 IntelIde - ok
23:25:00.0875 0424 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:25:00.0875 0424 Ip6Fw - ok
23:25:00.0890 0424 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:25:00.0890 0424 IpFilterDriver - ok
23:25:00.0906 0424 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:25:00.0906 0424 IpInIp - ok
23:25:00.0937 0424 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:25:00.0937 0424 IpNat - ok
23:25:01.0031 0424 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
23:25:01.0062 0424 iPod Service - ok
23:25:01.0109 0424 Iprip (f08d74ec300b8ba60ca953c58a24d19e) C:\WINDOWS\System32\iprip.dll
23:25:01.0125 0424 Iprip - ok
23:25:01.0156 0424 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:25:01.0156 0424 IPSec - ok
23:25:01.0187 0424 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:25:01.0187 0424 IRENUM - ok
23:25:01.0234 0424 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:25:01.0234 0424 isapnp - ok
23:25:01.0265 0424 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:25:01.0265 0424 Kbdclass - ok
23:25:01.0281 0424 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:25:01.0281 0424 kbdhid - ok
23:25:01.0312 0424 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:25:01.0312 0424 kmixer - ok
23:25:01.0343 0424 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:25:01.0343 0424 KSecDD - ok
23:25:01.0390 0424 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
23:25:01.0390 0424 lanmanserver - ok
23:25:01.0421 0424 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
23:25:01.0421 0424 lanmanworkstation - ok
23:25:01.0437 0424 Lbd - ok
23:25:01.0453 0424 lbrtfdc - ok
23:25:01.0546 0424 LightScribeService (6e7b4e75e8a226edc8a9a8b1c3510f9b) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
23:25:01.0546 0424 LightScribeService - ok
23:25:01.0578 0424 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
23:25:01.0578 0424 LmHosts - ok
23:25:01.0609 0424 lpdsvc (32933b07fc16d9f778bee12545fa1b1a) C:\WINDOWS\system32\tcpsvcs.exe
23:25:01.0609 0424 lpdsvc - ok
23:25:01.0718 0424 mcods (21456f3051cbefd1f2d60d8b9ab9c6ee) C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
23:25:01.0718 0424 mcods - ok
23:25:01.0796 0424 mcproxy (8cf3da0be6094c34d7c4a85493e60547) c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
23:25:01.0828 0424 mcproxy - ok
23:25:01.0859 0424 mcshield (33734abfa52ec8d096a1254d645e9b4f) C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
23:25:01.0859 0424 mcshield - ok
23:25:01.0906 0424 mcsysmon (fd47df2bcc3544df65b01ad6b6062430) C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
23:25:01.0921 0424 mcsysmon - ok
23:25:02.0015 0424 mdm (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
23:25:02.0015 0424 mdm - ok
23:25:02.0125 0424 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
23:25:02.0125 0424 mdmxsdk - ok
23:25:02.0171 0424 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
23:25:02.0171 0424 Messenger - ok
23:25:02.0203 0424 mfeavfk (c97cbfd71c1c215150a3b3e55f77a7a3) C:\WINDOWS\system32\drivers\mfeavfk.sys
23:25:02.0203 0424 mfeavfk - ok
23:25:02.0234 0424 mfebopk (5447338b83a1a2354fb2fea7604387fd) C:\WINDOWS\system32\drivers\mfebopk.sys
23:25:02.0234 0424 mfebopk - ok
23:25:02.0265 0424 mfehidk (6c9a6ed60b8fc3baf72fe1b1d096445b) C:\WINDOWS\system32\drivers\mfehidk.sys
23:25:02.0265 0424 mfehidk - ok
23:25:02.0281 0424 mferkdk (a551154b51d6a93fccf70fc4e8eaf4bd) C:\WINDOWS\system32\drivers\mferkdk.sys
23:25:02.0281 0424 mferkdk - ok
23:25:02.0312 0424 mfesmfk (299a86b780c9627aaa24e74292363ed2) C:\WINDOWS\system32\drivers\mfesmfk.sys
23:25:02.0312 0424 mfesmfk - ok
23:25:02.0328 0424 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:25:02.0328 0424 mnmdd - ok
23:25:02.0359 0424 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
23:25:02.0359 0424 mnmsrvc - ok
23:25:02.0390 0424 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:25:02.0390 0424 Modem - ok
23:25:02.0421 0424 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:25:02.0421 0424 Mouclass - ok
23:25:02.0453 0424 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:25:02.0453 0424 mouhid - ok
23:25:02.0468 0424 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:25:02.0468 0424 MountMgr - ok
23:25:02.0546 0424 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:25:02.0546 0424 MozillaMaintenance - ok
23:25:02.0578 0424 mpfp (e454f42ae5524d695d76eab5d363b8ac) C:\WINDOWS\system32\Drivers\Mpfp.sys
23:25:02.0593 0424 mpfp - ok
23:25:02.0703 0424 mpfservice (346f30f1ff73553aa466f4ae7948da00) C:\Program Files\McAfee\MPF\MPFSrv.exe
23:25:02.0703 0424 mpfservice - ok
23:25:02.0718 0424 mraid35x - ok
23:25:02.0734 0424 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:25:02.0750 0424 MRxDAV - ok
23:25:02.0796 0424 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:25:02.0812 0424 MRxSmb - ok
23:25:02.0843 0424 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
23:25:02.0843 0424 MSDTC - ok
23:25:02.0890 0424 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:25:02.0890 0424 Msfs - ok
23:25:02.0890 0424 MSIServer - ok
23:25:02.0921 0424 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:25:02.0921 0424 MSKSSRV - ok
23:25:02.0937 0424 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:25:02.0937 0424 MSPCLOCK - ok
23:25:02.0953 0424 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:25:02.0953 0424 MSPQM - ok
23:25:02.0968 0424 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:25:02.0968 0424 mssmbios - ok
23:25:03.0000 0424 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
23:25:03.0000 0424 MSTEE - ok
23:25:03.0031 0424 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:25:03.0031 0424 Mup - ok
23:25:03.0046 0424 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:25:03.0062 0424 NABTSFEC - ok
23:25:03.0109 0424 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
23:25:03.0109 0424 napagent - ok
23:25:03.0156 0424 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:25:03.0156 0424 NDIS - ok
23:25:03.0171 0424 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:25:03.0171 0424 NdisIP - ok
23:25:03.0218 0424 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:25:03.0218 0424 NdisTapi - ok
23:25:03.0234 0424 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:25:03.0234 0424 Ndisuio - ok
23:25:03.0265 0424 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:25:03.0265 0424 NdisWan - ok
23:25:03.0296 0424 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:25:03.0296 0424 NDProxy - ok
23:25:03.0312 0424 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:25:03.0312 0424 NetBIOS - ok
23:25:03.0343 0424 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:25:03.0343 0424 NetBT - ok
23:25:03.0375 0424 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:25:03.0390 0424 NetDDE - ok
23:25:03.0390 0424 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:25:03.0390 0424 NetDDEdsdm - ok
23:25:03.0421 0424 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:25:03.0421 0424 Netlogon - ok
23:25:03.0453 0424 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
23:25:03.0453 0424 Netman - ok
23:25:03.0562 0424 nettcpportsharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:25:03.0562 0424 nettcpportsharing - ok
23:25:03.0593 0424 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:25:03.0593 0424 NIC1394 - ok
23:25:03.0640 0424 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
23:25:03.0640 0424 Nla - ok
23:25:03.0671 0424 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
23:25:03.0687 0424 nm - ok
23:25:03.0703 0424 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:25:03.0703 0424 Npfs - ok
23:25:03.0750 0424 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:25:03.0781 0424 Ntfs - ok
23:25:03.0781 0424 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:25:03.0781 0424 NtLmSsp - ok
23:25:03.0843 0424 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
23:25:03.0859 0424 NtmsSvc - ok
23:25:03.0890 0424 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:25:03.0890 0424 Null - ok
23:25:04.0187 0424 nv (71d5ae11bf1a595d987be8ea36365e83) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:25:04.0515 0424 nv - ok
23:25:04.0656 0424 nvenetfd (26ceec543888331c46de98111524bbcb) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
23:25:04.0656 0424 nvenetfd - ok
23:25:04.0671 0424 nvnetbus (26ceec543888331c46de98111524bbcb) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
23:25:04.0687 0424 nvnetbus - ok
23:25:04.0718 0424 nvsmu (03dbb885deae94f06c06ec06acdb8b47) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
23:25:04.0718 0424 nvsmu - ok
23:25:04.0765 0424 NVSvc (5e8878f15555ef4dd41ab2908249e843) C:\WINDOWS\system32\nvsvc32.exe
23:25:04.0765 0424 NVSvc - ok
23:25:04.0796 0424 NWCWorkstation (2c2fd0e6b0180f94c260dd26706aa5f4) C:\WINDOWS\System32\nwwks.dll
23:25:04.0796 0424 NWCWorkstation - ok
23:25:04.0828 0424 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:25:04.0828 0424 NwlnkFlt - ok
23:25:04.0843 0424 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:25:04.0843 0424 NwlnkFwd - ok
23:25:04.0875 0424 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
23:25:04.0890 0424 NwlnkIpx - ok
23:25:04.0906 0424 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
23:25:04.0906 0424 NwlnkNb - ok
23:25:04.0937 0424 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
23:25:04.0937 0424 NwlnkSpx - ok
23:25:04.0968 0424 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
23:25:04.0984 0424 NWRDR - ok
23:25:05.0015 0424 NwSapAgent (4b83fcbbe72af5f99d109798653e8b78) C:\WINDOWS\System32\ipxsap.dll
23:25:05.0015 0424 NwSapAgent - ok
23:25:05.0203 0424 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:25:05.0218 0424 odserv - ok
23:25:05.0234 0424 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:25:05.0234 0424 ohci1394 - ok
23:25:05.0296 0424 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:25:05.0296 0424 ose - ok
23:25:05.0359 0424 p2pgasvc (937a02981f11b2ce96b1d493c95aed2b) C:\WINDOWS\system32\p2pgasvc.dll
23:25:05.0359 0424 p2pgasvc - ok
23:25:05.0390 0424 p2pimsvc (4a1035cb8f0d57be41873b5183d96cf4) C:\WINDOWS\system32\p2psvc.dll
23:25:05.0421 0424 p2pimsvc - ok
23:25:05.0437 0424 p2psvc (4a1035cb8f0d57be41873b5183d96cf4) C:\WINDOWS\system32\p2psvc.dll
23:25:05.0437 0424 p2psvc - ok
23:25:05.0468 0424 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
23:25:05.0468 0424 Parport - ok
23:25:05.0500 0424 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:25:05.0500 0424 PartMgr - ok
23:25:05.0531 0424 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:25:05.0531 0424 ParVdm - ok
23:25:05.0562 0424 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:25:05.0562 0424 PCI - ok
23:25:05.0578 0424 PCIDump - ok
23:25:05.0609 0424 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:25:05.0609 0424 PCIIde - ok
23:25:05.0640 0424 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:25:05.0640 0424 Pcmcia - ok
23:25:05.0671 0424 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
23:25:05.0671 0424 pcouffin - ok
23:25:05.0671 0424 PDCOMP - ok
23:25:05.0687 0424 PDFRAME - ok
23:25:05.0703 0424 PDRELI - ok
23:25:05.0718 0424 PDRFRAME - ok
23:25:05.0734 0424 perc2 - ok
23:25:05.0750 0424 perc2hib - ok
23:25:05.0843 0424 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
23:25:05.0843 0424 PlugPlay - ok
23:25:05.0859 0424 PNRPSvc (4a1035cb8f0d57be41873b5183d96cf4) C:\WINDOWS\system32\p2psvc.dll
23:25:05.0859 0424 PNRPSvc - ok
23:25:05.0890 0424 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:25:05.0906 0424 PolicyAgent - ok
23:25:05.0953 0424 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:25:05.0953 0424 PptpMiniport - ok
23:25:05.0968 0424 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
23:25:05.0968 0424 Processor - ok
23:25:05.0968 0424 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:25:05.0968 0424 ProtectedStorage - ok
23:25:06.0000 0424 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:25:06.0000 0424 PSched - ok
23:25:06.0046 0424 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:25:06.0046 0424 Ptilink - ok
23:25:06.0078 0424 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:25:06.0078 0424 PxHelp20 - ok
23:25:06.0078 0424 ql1080 - ok
23:25:06.0093 0424 Ql10wnt - ok
23:25:06.0109 0424 ql12160 - ok
23:25:06.0125 0424 ql1240 - ok
23:25:06.0140 0424 ql1280 - ok
23:25:06.0187 0424 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:25:06.0187 0424 RasAcd - ok
23:25:06.0203 0424 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
23:25:06.0203 0424 RasAuto - ok
23:25:06.0234 0424 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:25:06.0234 0424 Rasl2tp - ok
23:25:06.0250 0424 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
23:25:06.0265 0424 RasMan - ok
23:25:06.0265 0424 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:25:06.0281 0424 RasPppoe - ok
23:25:06.0296 0424 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:25:06.0296 0424 Raspti - ok
23:25:06.0328 0424 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:25:06.0328 0424 Rdbss - ok
23:25:06.0343 0424 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:25:06.0343 0424 RDPCDD - ok
23:25:06.0390 0424 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:25:06.0390 0424 rdpdr - ok
23:25:06.0437 0424 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
23:25:06.0437 0424 RDPWD - ok
23:25:06.0468 0424 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
23:25:06.0484 0424 RDSessMgr - ok
23:25:06.0500 0424 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:25:06.0500 0424 redbook - ok
23:25:06.0531 0424 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
23:25:06.0546 0424 RemoteAccess - ok
23:25:06.0578 0424 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
23:25:06.0578 0424 RemoteRegistry - ok
23:25:06.0625 0424 reparse (7cddeee8c2cfea2cc26b1236ca43168f) C:\WINDOWS\system32\DRIVERS\cbreparse.sys
23:25:06.0640 0424 reparse - ok
23:25:06.0765 0424 richvideo (17e0bef5ca5c9ce52cc8082ac6ebc449) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
23:25:06.0765 0424 richvideo - ok
23:25:06.0796 0424 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
23:25:06.0796 0424 rimmptsk - ok
23:25:06.0812 0424 rimsptsk (8f7012d1b6a71ee9c23ce93dcdbf9f4b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
23:25:06.0812 0424 rimsptsk - ok
23:25:06.0843 0424 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
23:25:06.0843 0424 rismxdp - ok
23:25:06.0890 0424 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
23:25:06.0890 0424 RpcLocator - ok
23:25:06.0937 0424 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
23:25:06.0953 0424 RpcSs - ok
23:25:06.0984 0424 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
23:25:06.0984 0424 RSVP - ok
23:25:07.0015 0424 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:25:07.0015 0424 SamSs - ok
23:25:07.0062 0424 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
23:25:07.0078 0424 sbp2port - ok
23:25:07.0093 0424 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
23:25:07.0093 0424 SCardSvr - ok
23:25:07.0125 0424 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
23:25:07.0140 0424 sdbus - ok
23:25:07.0171 0424 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:25:07.0171 0424 Secdrv - ok
23:25:07.0203 0424 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
23:25:07.0203 0424 seclogon - ok
23:25:07.0218 0424 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
23:25:07.0234 0424 SENS - ok
23:25:07.0265 0424 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
23:25:07.0265 0424 Serial - ok
23:25:07.0328 0424 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
23:25:07.0328 0424 sffdisk - ok
23:25:07.0343 0424 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
23:25:07.0343 0424 sffp_sd - ok
23:25:07.0359 0424 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:25:07.0359 0424 Sfloppy - ok
23:25:07.0406 0424 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
23:25:07.0406 0424 SharedAccess - ok
23:25:07.0453 0424 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:25:07.0453 0424 ShellHWDetection - ok
23:25:07.0453 0424 Simbad - ok
23:25:07.0484 0424 SimpTcp (32933b07fc16d9f778bee12545fa1b1a) C:\WINDOWS\system32\tcpsvcs.exe
23:25:07.0484 0424 SimpTcp - ok
23:25:07.0500 0424 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:25:07.0500 0424 SLIP - ok
23:25:07.0546 0424 SndTAudio (766cab542e1f424c008430ed7443b324) C:\WINDOWS\system32\drivers\SndTAudio.sys
23:25:07.0546 0424 SndTAudio - ok
23:25:07.0578 0424 SndTVideo (aeeb3435ba55fbaa00eb518f29e0c246) C:\WINDOWS\system32\DRIVERS\SndTVideo.sys
23:25:07.0578 0424 SndTVideo - ok
23:25:07.0625 0424 snmp (60c377be6b3cc83f6a8584934b181d2e) C:\WINDOWS\System32\snmp.exe
23:25:07.0625 0424 snmp - ok
23:25:07.0640 0424 snmptrap (80a050795a107a76c2b1cd4cfbe010e6) C:\WINDOWS\System32\snmptrap.exe
23:25:07.0640 0424 snmptrap - ok
23:25:07.0656 0424 Sparrow - ok
23:25:07.0671 0424 SPLITCAM - ok
23:25:07.0703 0424 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:25:07.0703 0424 splitter - ok
23:25:07.0734 0424 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
23:25:07.0734 0424 Spooler - ok
23:25:07.0765 0424 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:25:07.0765 0424 sr - ok
23:25:07.0812 0424 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
23:25:07.0812 0424 srservice - ok
23:25:07.0875 0424 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:25:07.0875 0424 Srv - ok
23:25:07.0921 0424 ssadbus (48f44a1be434830b7c90fb730745f65a) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
23:25:07.0921 0424 ssadbus - ok
23:25:07.0953 0424 ssadmdfl (9630b486b62cc0adb0a89152ed0218d7) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
23:25:07.0953 0424 ssadmdfl - ok
23:25:07.0968 0424 ssadmdm (9afaa23421622c392b55508fa9613949) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
23:25:07.0968 0424 ssadmdm - ok
23:25:08.0000 0424 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
23:25:08.0000 0424 SSDPSRV - ok
23:25:08.0000 0424 StarOpen - ok
23:25:08.0046 0424 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
23:25:08.0062 0424 stisvc - ok
23:25:08.0109 0424 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:25:08.0109 0424 streamip - ok
23:25:08.0125 0424 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:25:08.0125 0424 swenum - ok
23:25:08.0156 0424 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:25:08.0156 0424 swmidi - ok
23:25:08.0156 0424 SwPrv - ok
23:25:08.0171 0424 symc810 - ok
23:25:08.0187 0424 symc8xx - ok
23:25:08.0203 0424 sym_hi - ok
23:25:08.0218 0424 sym_u3 - ok
23:25:08.0328 0424 SynasUSB (418bd80a7fefaa3fcbd3dcfc021cb294) C:\WINDOWS\system32\drivers\SynasUSB.sys
23:25:08.0328 0424 SynasUSB - ok
23:25:08.0609 0424 SynchronizationService.exe (54122fc5bfcc4a2cfabec9b7700e9032) C:\Program Files\COMODO\COMMON\SynchronizationService.exe
23:25:08.0734 0424 SynchronizationService.exe - ok
23:25:08.0875 0424 syntp (926e0bb4cac05d9a0c3b59dc16fe2f1c) C:\WINDOWS\system32\DRIVERS\SynTP.sys
23:25:08.0875 0424 syntp - ok
23:25:08.0921 0424 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:25:08.0921 0424 sysaudio - ok
23:25:08.0953 0424 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
23:25:08.0953 0424 SysmonLog - ok
23:25:09.0000 0424 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
23:25:09.0000 0424 TapiSrv - ok
23:25:09.0046 0424 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:25:09.0062 0424 Tcpip - ok
23:25:09.0093 0424 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
23:25:09.0109 0424 Tcpip6 - ok
23:25:09.0125 0424 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:25:09.0125 0424 TDPIPE - ok
23:25:09.0140 0424 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:25:09.0140 0424 TDTCP - ok
23:25:09.0171 0424 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:25:09.0171 0424 TermDD - ok
23:25:09.0203 0424 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
23:25:09.0218 0424 TermService - ok
23:25:09.0265 0424 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:25:09.0265 0424 Themes - ok
23:25:09.0312 0424 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
23:25:09.0312 0424 TlntSvr - ok
23:25:09.0312 0424 TosIde - ok
23:25:09.0359 0424 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
23:25:09.0375 0424 TrkWks - ok
23:25:09.0406 0424 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
23:25:09.0406 0424 tunmp - ok
23:25:09.0593 0424 tvnserver (7694dca064d0b7e0d1a6972bb9c71b39) C:\Documents and Settings\Bob\Local Settings\Application Data\CrossLoop\tvnserver.exe
23:25:09.0640 0424 tvnserver - ok
23:25:09.0656 0424 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:25:09.0656 0424 Udfs - ok
23:25:09.0671 0424 UIUSys - ok
23:25:09.0687 0424 ultra - ok
23:25:09.0734 0424 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:25:09.0750 0424 Update - ok
23:25:09.0796 0424 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
23:25:09.0796 0424 upnphost - ok
23:25:09.0812 0424 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
23:25:09.0812 0424 UPS - ok
23:25:09.0843 0424 usbaapl (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
23:25:09.0843 0424 usbaapl - ok
23:25:09.0875 0424 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:25:09.0875 0424 usbccgp - ok
23:25:09.0906 0424 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:25:09.0906 0424 usbehci - ok
23:25:09.0921 0424 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:25:09.0921 0424 usbhub - ok
23:25:09.0953 0424 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:25:09.0953 0424 usbohci - ok
23:25:09.0968 0424 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:25:09.0968 0424 usbprint - ok
23:25:09.0984 0424 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:25:09.0984 0424 usbscan - ok
23:25:10.0000 0424 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:25:10.0000 0424 USBSTOR - ok
23:25:10.0031 0424 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
23:25:10.0031 0424 usbvideo - ok
23:25:10.0046 0424 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
23:25:10.0046 0424 usb_rndisx - ok
23:25:10.0062 0424 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:25:10.0062 0424 VgaSave - ok
23:25:10.0078 0424 ViaIde - ok
23:25:10.0093 0424 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:25:10.0093 0424 VolSnap - ok
23:25:10.0140 0424 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
23:25:10.0140 0424 VSS - ok
23:25:10.0171 0424 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
23:25:10.0187 0424 W32Time - ok
23:25:10.0203 0424 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:25:10.0203 0424 Wanarp - ok
23:25:10.0234 0424 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
23:25:10.0234 0424 wceusbsh - ok
23:25:10.0281 0424 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
23:25:10.0281 0424 Wdf01000 - ok
23:25:10.0296 0424 WDICA - ok
23:25:10.0312 0424 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:25:10.0312 0424 wdmaud - ok
23:25:10.0343 0424 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
23:25:10.0359 0424 WebClient - ok
23:25:10.0406 0424 winachsf (0e666ac2766f2fd860cc03f405a2ace1) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
23:25:10.0437 0424 winachsf - ok
23:25:10.0515 0424 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
23:25:10.0515 0424 winmgmt - ok
23:25:10.0562 0424 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
23:25:10.0578 0424 WmdmPmSN - ok
23:25:10.0640 0424 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
23:25:10.0656 0424 Wmi - ok
23:25:10.0687 0424 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
23:25:10.0687 0424 WmiAcpi - ok
23:25:10.0718 0424 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:25:10.0718 0424 WmiApSrv - ok
23:25:10.0750 0424 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:25:10.0750 0424 WS2IFSL - ok
23:25:10.0796 0424 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
23:25:10.0796 0424 wscsvc - ok
23:25:10.0812 0424 WSearch - ok
23:25:10.0859 0424 WSIMD (0091d78c5f8fde0cdf2b214823de6e48) C:\WINDOWS\system32\DRIVERS\wsimd.sys
23:25:10.0859 0424 WSIMD - ok
23:25:10.0875 0424 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:25:10.0890 0424 WSTCODEC - ok
23:25:10.0906 0424 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
23:25:10.0921 0424 wuauserv - ok
23:25:10.0953 0424 wudfpf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:25:10.0953 0424 wudfpf - ok
23:25:10.0968 0424 wudfrd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:25:10.0968 0424 wudfrd - ok
23:25:11.0000 0424 wudfsvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
23:25:11.0000 0424 wudfsvc - ok
23:25:11.0062 0424 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
23:25:11.0078 0424 WZCSVC - ok
23:25:11.0109 0424 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
23:25:11.0125 0424 xmlprov - ok
23:25:11.0187 0424 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
23:25:11.0734 0424 \Device\Harddisk0\DR0 - ok
23:25:11.0750 0424 Boot (0x1200) (f47aaf55a8e1819b78ac43ffc839aaf5) \Device\Harddisk0\DR0\Partition0
23:25:11.0750 0424 \Device\Harddisk0\DR0\Partition0 - ok
23:25:11.0765 0424 Boot (0x1200) (40b9d2cf8f6a6ffd4c3117b398d26baa) \Device\Harddisk0\DR0\Partition1
23:25:11.0781 0424 \Device\Harddisk0\DR0\Partition1 - ok
23:25:11.0781 0424 ============================================================
23:25:11.0781 0424 Scan finished
23:25:11.0781 0424 ============================================================
23:25:11.0796 0416 Detected object count: 0
23:25:11.0796 0416 Actual detected object count: 0

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 05 June 2012 - 11:44 PM

it is better in normal mode


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 TravelinMan

TravelinMan
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 06 June 2012 - 12:47 AM

I leave in the morning at 8am... won't be back til the 14th PM... I will check in the morning before I leave to see if there is a post...thanks.... :busy:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-05 23:32:27
-----------------------------
23:32:27.250 OS Version: Windows 5.1.2600 Service Pack 3
23:32:27.250 Number of processors: 2 586 0x6802
23:32:27.250 ComputerName: HP UserName:
23:32:27.937 Initialize success
23:32:29.734 AVAST engine defs: 12060501
23:33:10.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
23:33:10.828 Disk 0 Vendor: FUJITSU_MHY2160BH 890B Size: 152627MB BusType: 3
23:33:11.203 Disk 0 MBR read successfully
23:33:11.203 Disk 0 MBR scan
23:33:11.734 Disk 0 Windows XP default MBR code
23:33:11.750 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 140435 MB offset 63
23:33:12.203 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 12189 MB offset 287611695
23:33:12.359 Disk 0 scanning sectors +312576705
23:33:12.734 Disk 0 scanning C:\WINDOWS\system32\drivers
23:33:29.578 Service scanning
23:33:49.531 Modules scanning
23:33:57.703 Disk 0 trace - called modules:
23:33:57.734 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
23:33:57.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a31aab8]
23:33:57.921 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000086[0x8a3119e8]
23:33:58.078 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8a2ca940]
23:33:58.906 AVAST engine scan C:\WINDOWS
23:34:04.468 AVAST engine scan C:\WINDOWS\system32
23:35:50.218 AVAST engine scan C:\WINDOWS\system32\drivers
23:36:03.984 AVAST engine scan C:\Documents and Settings\Bob
00:13:18.562 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS
00:18:14.500 Scan finished successfully
00:44:38.468 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Bob\Desktop\MBR.dat"
00:44:38.484 The log file has been saved successfully to "C:\Documents and Settings\Bob\Desktop\aswMBR.txt"

#13 TravelinMan

TravelinMan
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 06 June 2012 - 05:53 AM

I rebooted and received 3 "Generic Host Shutdown for Win 32" error messages, but I am running in normal mode at the moment. It seems to be running okay, strange mouse activity... I hit start, click Firefox at the top, and it opens both Firefox, and the icon (My Computer) which is directly behind it on my desktop screen... twice it did that... weird.... I leave in less than 2 hours.... thanks....

#14 TravelinMan

TravelinMan
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 06 June 2012 - 07:33 AM

I'm having to run in safe mode only... because when I click on any exe files there is no response... in normal mode... I'll be back on the 14th... thanks for all your help thus far.... :clapping:

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 06 June 2012 - 08:35 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo


back on 14th
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users