Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TDSS ...Google keeps redirecting .


  • This topic is locked This topic is locked
86 replies to this topic

#1 pattilou

pattilou

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 05 June 2012 - 12:25 PM



BC AdBot (Login to Remove)

 


#2 pattilou

pattilou
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 05 June 2012 - 12:50 PM

Attached File  dds.zip   4.8KB   2 downloads

#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:43 AM

Posted 05 June 2012 - 04:07 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Then proceed to run aswMbr.exe as noted below.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Note:
If you are unable to run a Gmer scan due the fact you are running a 64bit machine please run the following tool and post its log.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Thanks and again sorry for the delay.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 pattilou

pattilou
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 05 June 2012 - 04:30 PM

Thanks.......
I've used this site before under my Husbands name a while back. Would be most happy to donate again. Thanks Patti



#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:43 AM

Posted 05 June 2012 - 05:50 PM

Can you please post the Gmer And AswMBR logs from my previous post.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 pattilou

pattilou
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 05 June 2012 - 10:14 PM

Attached File  ark.tex3.log   11.26KB   0 downloadsAttached File  aswMBR.txt   1.9KB   0 downloads
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-05 19:52:48
-----------------------------
19:52:48.953 OS Version: Windows 5.1.2600 Service Pack 3
19:52:48.953 Number of processors: 2 586 0x401
19:52:48.953 ComputerName: RONS UserName: Ron
19:52:49.906 Initialize success
19:54:48.796 AVAST engine defs: 12060501
19:54:53.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
19:54:53.812 Disk 0 Vendor: WDC_WD25 08.0 Size: 238418MB BusType: 3
19:54:53.828 Disk 0 MBR read successfully
19:54:53.828 Disk 0 MBR scan
19:54:53.890 Disk 0 unknown MBR code
19:54:53.890 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 47 MB offset 63
19:54:53.953 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 235107 MB offset 96390
19:54:54.031 Disk 0 Partition 3 00 DB CP/M / CTOS MSWIN4.1 3255 MB offset 481596570
19:54:54.062 Disk 0 scanning sectors +488263545
19:54:54.218 Disk 0 scanning C:\WINDOWS\system32\drivers
19:55:23.953 Service scanning
19:55:24.656 Modules scanning
19:55:25.093 Disk 0 trace - called modules:
19:55:25.125 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:55:25.140 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87172358]
19:55:25.140 3 CLASSPNP.SYS[f7612fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x87160030]
19:55:25.156 AVAST engine scan C:\WINDOWS
19:55:25.875 AVAST engine scan C:\WINDOWS\system32
19:58:42.296 File: C:\WINDOWS\system32\svchost.exe **INFECTED** Win32:Malware-gen
20:04:00.843 AVAST engine scan C:\WINDOWS\system32\drivers
20:05:40.750 AVAST engine scan C:\Documents and Settings\Ron
20:11:10.765 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Ron\Desktop\MBR.dat"
20:11:10.781 The log file has been saved successfully to "C:\Documents and Settings\Ron\Desktop\aswMBR.txt"

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-05 19:48:52
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.08.0
Running: gmer.exe; Driver: C:\DOCUME~1\Ron\LOCALS~1\Temp\pxtdrpog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwCreateFile [0xA772F36A]
SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwOpenFile [0xA772FCD8]
SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwQueryDirectoryFile [0xA772F842]
SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwQueryInformationProcess [0xA772C1E0]
SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwSetInformationFile [0xA7730142]

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF61A9F80]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 00634844
.text C:\WINDOWS\Explorer.EXE[2028] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 00B44844
.text C:\Program Files\internet explorer\iexplore.exe[3936] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 0015486C
.text C:\Program Files\internet explorer\iexplore.exe[3936] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3936] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3936] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3936] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3936] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3936] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3936] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3936] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3936] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4116] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 0015486C
.text C:\Program Files\internet explorer\iexplore.exe[4116] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4116] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4116] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4116] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4116] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4116] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4116] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4116] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4116] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4116] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4116] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4116] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4116] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4116] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdePort0 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c dvd43llh.sys (dvd43llh.sys/RIF)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device 9B5DED20

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Officejet Pro 8500 A909g Series@ChangeID 16660812
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{287F5D07-0EEB-F081-8E6D-B938A48CC580}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{287F5D07-0EEB-F081-8E6D-B938A48CC580}@eamjhkfipi 0x66 0x61 0x6F 0x69 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{287F5D07-0EEB-F081-8E6D-B938A48CC580}@dapjmnab 0x64 0x62 0x61 0x65 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{287F5D07-0EEB-F081-8E6D-B938A48CC580}@iaeegcjcckogcnkgob 0x69 0x61 0x6A 0x65 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{287F5D07-0EEB-F081-8E6D-B938A48CC580}@haglmdlhkjldjfjm 0x69 0x61 0x65 0x66 ...

---- EOF - GMER 1.0.15 ----


Thanks for the fast response....


Edited by pattilou, 06 June 2012 - 07:50 AM.


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:43 AM

Posted 06 June 2012 - 08:16 PM

Hello pattilou,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.



1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 pattilou

pattilou
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 07 June 2012 - 01:08 PM

ComboFix 12-06-07.03 - Ron 06/07/2012 10:36:15.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.493 [GMT -7:00]
Running from: c:\documents and settings\Ron\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\cpcoaaa.tmp
c:\documents and settings\All Users\Application Data\ioznaaa.tmp
c:\documents and settings\All Users\Application Data\qqioaaa.tmp
c:\documents and settings\Ron\Application Data\.#
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe
.
Infected copy of c:\windows\system32\svchost.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\svchost.exe
.
c:\windows\explorer.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-05-07 to 2012-06-07 )))))))))))))))))))))))))))))))
.
.
2012-06-07 17:28 . 2012-06-07 17:28 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0BF567D5-75C2-4E44-BE95-687E0B913661}\offreg.dll
2012-06-07 17:21 . 2012-06-07 17:21 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0BF567D5-75C2-4E44-BE95-687E0B913661}\MpKsl67ee76b8.sys
2012-06-07 16:29 . 2012-06-07 17:17 -------- d-----w- c:\documents and settings\Ron\Local Settings\Application Data\NPE
2012-06-07 16:29 . 2012-06-07 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2012-06-06 20:42 . 2012-05-15 08:43 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0BF567D5-75C2-4E44-BE95-687E0B913661}\mpengine.dll
2012-06-06 20:05 . 2012-06-06 20:06 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-06 20:05 . 2012-06-06 20:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-06-05 00:32 . 2012-05-15 08:43 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-04 22:35 . 2012-06-04 22:43 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-01 17:05 . 2012-06-01 17:05 -------- d-----w- c:\program files\ESET
2012-05-31 18:04 . 2012-05-31 18:05 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-29 22:39 . 2012-05-29 22:39 -------- d-----w- c:\program files\iPod
2012-05-29 22:39 . 2012-05-29 22:40 -------- d-----w- c:\program files\iTunes
2012-05-09 22:08 . 2012-05-09 22:13 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-09 19:26 . 2012-05-09 19:26 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-09 19:25 . 2012-05-09 19:25 588728 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-05-09 19:25 . 2012-05-09 19:25 43960 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-05-09 19:25 . 2012-05-09 19:25 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-09 19:25 . 2012-05-09 19:25 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-09 19:25 . 2012-05-09 19:25 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-05-09 19:25 . 2012-05-09 19:25 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-05-09 19:25 . 2012-05-09 19:25 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 13:22 . 2004-08-04 11:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-09 22:13 . 2012-01-21 20:08 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:14 . 1980-01-01 06:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2004-08-04 11:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 1980-01-01 06:00 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 22:56 . 2011-06-05 19:25 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 03:44 . 2012-03-21 03:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-05-09 19:25 . 2011-12-22 16:46 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . B4164BFF999FC08D93682E7C65096860 . 545280 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\winlogon.exe
[7] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 9046A0B24DCD42E7611E62369E68411A . 39936 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\svchost.exe
[7] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 . 00663B23577D319678EB5C8A90DBA6EC . 1058816 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2012-06-05_00.14.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-19 05:51 . 2011-04-19 05:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll
+ 2012-06-07 17:04 . 2012-06-07 17:04 16384 c:\windows\Temp\Perflib_Perfdata_5a8.dat
+ 2012-06-07 17:54 . 2012-06-07 17:54 16384 c:\windows\Temp\Perflib_Perfdata_4c4.dat
- 2005-02-03 19:18 . 2012-03-17 20:43 72160 c:\windows\SYSTEM32\PERFC009.DAT
+ 2005-02-03 19:18 . 2012-06-05 20:20 72160 c:\windows\SYSTEM32\PERFC009.DAT
+ 2004-08-04 11:00 . 2011-11-18 12:35 60416 c:\windows\SYSTEM32\packager.exe
+ 2004-08-04 11:00 . 2012-03-01 11:01 66560 c:\windows\SYSTEM32\mshtmled.dll
- 2004-08-04 11:00 . 2009-03-08 11:31 66560 c:\windows\SYSTEM32\mshtmled.dll
+ 2007-08-14 01:54 . 2012-03-01 11:01 55296 c:\windows\SYSTEM32\msfeedsbs.dll
- 2007-08-14 01:54 . 2009-03-08 11:31 55296 c:\windows\SYSTEM32\msfeedsbs.dll
+ 2004-08-04 11:00 . 2011-10-14 14:47 23040 c:\windows\SYSTEM32\mciseq.dll
- 2004-08-04 11:00 . 2008-04-14 00:11 23040 c:\windows\SYSTEM32\mciseq.dll
+ 2004-08-04 11:00 . 2012-03-01 11:01 43520 c:\windows\SYSTEM32\licmgr10.dll
+ 2004-08-04 11:00 . 2012-03-01 11:01 25600 c:\windows\SYSTEM32\jsproxy.dll
- 2004-08-04 11:00 . 2009-03-08 11:33 25600 c:\windows\SYSTEM32\jsproxy.dll
+ 2009-06-11 20:00 . 2012-03-01 11:01 12800 c:\windows\SYSTEM32\DLLCACHE\xpshims.dll
- 2009-06-11 20:00 . 2011-11-04 19:20 12800 c:\windows\SYSTEM32\DLLCACHE\xpshims.dll
+ 2011-11-18 12:35 . 2011-11-18 12:35 60416 c:\windows\SYSTEM32\DLLCACHE\packager.exe
+ 2004-08-04 11:00 . 2012-03-01 11:01 66560 c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
- 2004-08-04 11:00 . 2009-03-08 11:31 66560 c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
- 2007-05-09 00:05 . 2009-03-08 11:31 55296 c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
+ 2007-05-09 00:05 . 2012-03-01 11:01 55296 c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
+ 2011-10-14 14:47 . 2011-10-14 14:47 23040 c:\windows\SYSTEM32\DLLCACHE\mciseq.dll
+ 2004-08-04 11:00 . 2012-03-01 11:01 43520 c:\windows\SYSTEM32\DLLCACHE\licmgr10.dll
- 2004-08-04 11:00 . 2009-03-08 11:33 25600 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2004-08-04 11:00 . 2012-03-01 11:01 25600 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2005-02-11 02:56 . 2012-06-07 17:34 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-02-11 02:56 . 2012-06-04 22:57 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-06-05 19:21 . 2012-06-07 17:34 16384 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
+ 2011-12-25 10:49 . 2011-12-25 10:49 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2011-07-08 21:00 . 2011-07-08 21:00 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2011-12-25 18:07 . 2011-12-25 18:07 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2011-12-25 05:55 . 2011-12-25 05:55 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2011-07-07 19:04 . 2011-07-07 19:04 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2011-07-07 19:04 . 2011-07-07 19:04 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2011-12-25 05:55 . 2011-12-25 05:55 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2011-07-07 19:03 . 2011-07-07 19:03 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2011-12-25 05:55 . 2011-12-25 05:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2011-12-25 06:49 . 2011-12-25 06:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2011-07-07 20:09 . 2011-07-07 20:09 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2011-12-25 06:49 . 2011-12-25 06:49 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2011-07-07 20:09 . 2011-07-07 20:09 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2006-11-20 02:25 . 2012-06-05 19:31 90112 c:\windows\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2006-11-20 02:25 . 2011-06-15 10:17 90112 c:\windows\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2006-11-20 02:25 . 2012-06-05 19:31 45056 c:\windows\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2006-11-20 02:25 . 2011-06-15 10:17 45056 c:\windows\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2006-11-20 02:25 . 2011-06-15 10:17 22528 c:\windows\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2006-11-20 02:25 . 2012-06-05 19:31 22528 c:\windows\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2006-11-20 02:25 . 2011-06-15 10:17 30720 c:\windows\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2006-11-20 02:25 . 2012-06-05 19:31 30720 c:\windows\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2006-11-20 02:25 . 2012-06-05 19:31 16384 c:\windows\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2006-11-20 02:25 . 2011-06-15 10:17 16384 c:\windows\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2006-11-20 02:25 . 2011-06-15 10:17 34304 c:\windows\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2006-11-20 02:25 . 2012-06-05 19:31 34304 c:\windows\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2012-06-05 19:49 . 2012-06-05 19:49 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2011-12-15 11:07 . 2011-12-15 11:07 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-06-05 10:04 . 2012-06-05 00:39 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-06-05 10:04 . 2011-10-14 10:11 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2009-02-26 19:43 . 2009-02-26 19:43 71520 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\XL12CNVP.DLL
+ 2009-02-26 18:45 . 2009-02-26 18:45 20808 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\WRD12EXE.EXE
+ 2009-02-26 14:06 . 2009-02-26 14:06 16712 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PXBPROXY.DLL
+ 2009-02-26 14:06 . 2009-02-26 14:06 68488 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PXBCOM.EXE
+ 2012-06-05 19:47 . 2009-03-08 11:33 12288 c:\windows\ie8updates\KB2675157-IE8\xpshims.dll
+ 2012-06-05 19:47 . 2009-03-08 11:31 66560 c:\windows\ie8updates\KB2675157-IE8\mshtmled.dll
+ 2012-06-05 19:47 . 2009-03-08 11:31 55296 c:\windows\ie8updates\KB2675157-IE8\msfeedsbs.dll
+ 2012-06-05 19:47 . 2009-03-08 11:34 43008 c:\windows\ie8updates\KB2675157-IE8\licmgr10.dll
+ 2012-06-05 19:47 . 2009-03-08 11:33 25600 c:\windows\ie8updates\KB2675157-IE8\jsproxy.dll
+ 2012-06-05 19:31 . 2010-07-05 13:15 17272 c:\windows\ie8updates\KB2544521-IE8\spmsg.dll
+ 2012-06-05 19:31 . 2010-07-05 13:15 26488 c:\windows\ie8updates\KB2544521-IE8\spcustom.dll
+ 2012-06-05 19:31 . 2010-07-05 13:15 17272 c:\windows\ie8updates\KB2510531-IE8\spmsg.dll
+ 2012-06-05 19:31 . 2010-07-05 13:15 26488 c:\windows\ie8updates\KB2510531-IE8\spcustom.dll
+ 2012-06-05 19:44 . 2012-06-05 19:44 90112 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_bfaf9a63\System.Drawing.Design.dll
+ 2012-06-05 19:34 . 2012-06-05 19:34 90112 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_043576e8\System.Drawing.Design.dll
+ 2012-06-05 19:34 . 2012-06-05 19:34 61440 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_bbc5711a\CustomMarshalers.dll
+ 2012-06-05 20:24 . 2012-06-05 20:24 60928 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\UIAutomationProvider\f121ccced1aa14badb316d8d9be5154d\UIAutomationProvider.ni.dll
+ 2012-06-05 20:53 . 2012-06-05 20:53 37888 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Windows.Pres#\316e223f2ab8c69cd6a5a06de21650ec\System.Windows.Presentation.ni.dll
+ 2012-06-05 20:52 . 2012-06-05 20:52 36864 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.DynamicD#\7aac1fe67890463655aeeb3b8e4f2884\System.Web.DynamicData.Design.ni.dll
+ 2012-06-05 20:27 . 2012-06-05 20:27 94208 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.ComponentMod#\34c988dea48c291b4e648941207e83fb\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-06-05 20:27 . 2012-06-05 20:27 82944 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.AddIn.Contra#\7bb7e51275fa19f8b4894c772bdb1e10\System.AddIn.Contract.ni.dll
+ 2012-06-05 20:17 . 2012-06-05 20:17 47104 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationFontCac#\f0c4a4528f130ef2ff1ae63dd7b39075\PresentationFontCache.ni.exe
+ 2012-06-05 20:16 . 2012-06-05 20:16 39424 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationCFFRast#\53931181e5a5e194da82605613cda6af\PresentationCFFRasterizer.ni.dll
+ 2012-06-05 20:42 . 2012-06-05 20:42 55296 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2be3ad4cda6853d7959a84cec0414c5\Microsoft.Vsa.ni.dll
+ 2012-06-05 20:27 . 2012-06-05 20:27 30208 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\c8fc74b6f19de1a403f0e557a11aa9ca\Microsoft.PowerShell.Commands.Utility.resources.ni.dll
+ 2012-06-05 20:27 . 2012-06-05 20:27 35328 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\a2bb2449699f12ceb3eaff60a5a0632d\Microsoft.PowerShell.ConsoleHost.resources.ni.dll
+ 2012-06-05 20:27 . 2012-06-05 20:27 17408 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\3056b7bb6c5f44fd998e89d397f6fc79\Microsoft.PowerShell.Security.resources.ni.dll
+ 2012-06-05 20:27 . 2012-06-05 20:27 19456 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\0a5d8c3e21d8683958868496373bb435\Microsoft.PowerShell.Commands.Management.resources.ni.dll
+ 2012-06-05 20:26 . 2012-06-05 20:26 65024 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\8fab9cd28bbc860a34feec119512664d\Microsoft.Build.Framework.ni.dll
+ 2012-06-05 20:26 . 2012-06-05 20:26 74752 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\0eac132c7c36f1c100ae23c956b379e7\Microsoft.Build.Framework.ni.dll
+ 2012-06-05 20:26 . 2012-06-05 20:26 14336 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\dfsvc\d66bc03eb7eae89b4dde2d09eda1414f\dfsvc.ni.exe
+ 2012-06-05 20:26 . 2012-06-05 20:26 25600 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
+ 2012-06-05 20:19 . 2012-06-05 20:19 77824 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 77824 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 81920 c:\windows\ASSEMBLY\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-06-05 20:19 . 2012-06-05 20:19 81920 c:\windows\ASSEMBLY\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-06-05 20:20 . 2012-06-05 20:20 81920 c:\windows\ASSEMBLY\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 81920 c:\windows\ASSEMBLY\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-06-05 20:19 . 2012-06-05 20:19 32768 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 32768 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-06-05 20:19 . 2012-06-05 20:19 12800 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 12800 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 28672 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-06-05 20:19 . 2012-06-05 20:19 28672 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 77824 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-06-05 20:20 . 2012-06-05 20:20 77824 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-06-05 20:20 . 2012-06-05 20:20 36864 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 36864 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-06-05 20:19 . 2012-06-05 20:19 77824 c:\windows\ASSEMBLY\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 77824 c:\windows\ASSEMBLY\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 13312 c:\windows\ASSEMBLY\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-06-05 20:19 . 2012-06-05 20:19 13312 c:\windows\ASSEMBLY\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-06-05 20:19 . 2012-06-05 20:19 10752 c:\windows\ASSEMBLY\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 10752 c:\windows\ASSEMBLY\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-06-05 20:19 . 2012-06-05 20:19 72192 c:\windows\ASSEMBLY\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 72192 c:\windows\ASSEMBLY\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 69120 c:\windows\ASSEMBLY\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-06-05 20:19 . 2012-06-05 20:19 69120 c:\windows\ASSEMBLY\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-10-14 10:00 . 2011-10-14 10:00 81920 c:\windows\ASSEMBLY\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-06-05 19:34 . 2012-06-05 19:34 81920 c:\windows\ASSEMBLY\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-06-05 20:19 . 2012-06-05 20:19 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2006-11-20 02:25 . 2012-06-05 19:31 3584 c:\windows\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2006-11-20 02:25 . 2011-06-15 10:17 3584 c:\windows\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2006-11-20 02:25 . 2012-06-05 19:31 8192 c:\windows\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2006-11-20 02:25 . 2011-06-15 10:17 8192 c:\windows\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2006-11-20 02:25 . 2012-06-05 19:31 2560 c:\windows\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2006-11-20 02:25 . 2011-06-15 10:17 2560 c:\windows\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2012-06-05 20:19 . 2012-06-05 20:19 7168 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 7168 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 5632 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-06-05 20:20 . 2012-06-05 20:20 5632 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-10-14 10:09 . 2011-10-14 10:09 6656 c:\windows\ASSEMBLY\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-06-05 20:19 . 2012-06-05 20:19 6656 c:\windows\ASSEMBLY\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 8192 c:\windows\ASSEMBLY\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-06-05 20:19 . 2012-06-05 20:19 8192 c:\windows\ASSEMBLY\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-06-05 20:19 . 2012-06-05 20:19 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2012-06-05 20:19 . 2012-06-05 20:19 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll
+ 2012-04-06 06:13 . 2012-04-06 06:13 299080 c:\windows\SYSTEM32\XPSViewer\XPSViewer.exe
+ 2004-08-04 11:00 . 2012-02-29 14:10 177664 c:\windows\SYSTEM32\wintrust.dll
- 2004-08-04 11:00 . 2009-12-24 06:59 177664 c:\windows\SYSTEM32\wintrust.dll
+ 2004-08-04 11:00 . 2011-11-25 21:57 293376 c:\windows\SYSTEM32\winsrv.dll
- 2004-08-04 11:00 . 2011-06-20 17:44 293376 c:\windows\SYSTEM32\winsrv.dll
- 2004-08-04 11:00 . 2008-04-14 00:12 176128 c:\windows\SYSTEM32\winmm.dll
+ 2004-08-04 11:00 . 2011-10-14 14:47 176128 c:\windows\SYSTEM32\winmm.dll
+ 2004-08-04 11:00 . 2012-03-01 11:01 916992 c:\windows\SYSTEM32\wininet.dll
- 2004-08-04 11:00 . 2009-08-25 09:17 354816 c:\windows\SYSTEM32\winhttp.dll
+ 2004-08-04 11:00 . 2011-11-16 14:21 354816 c:\windows\SYSTEM32\winhttp.dll
+ 2004-08-04 11:00 . 2011-03-04 06:37 420864 c:\windows\SYSTEM32\vbscript.dll
- 2004-08-04 11:00 . 2009-03-08 11:34 105984 c:\windows\SYSTEM32\url.dll
+ 2004-08-04 11:00 . 2012-03-01 11:01 105984 c:\windows\SYSTEM32\url.dll
+ 2004-08-04 11:00 . 2011-11-16 14:21 152064 c:\windows\SYSTEM32\schannel.dll
+ 2004-08-04 11:00 . 2011-11-03 15:28 386048 c:\windows\SYSTEM32\qdvd.dll
- 2004-08-04 11:00 . 2008-04-14 00:12 386048 c:\windows\SYSTEM32\qdvd.dll
- 2005-02-03 19:18 . 2012-03-17 20:43 442894 c:\windows\SYSTEM32\PERFH009.DAT
+ 2005-02-03 19:18 . 2012-06-05 20:20 442894 c:\windows\SYSTEM32\PERFH009.DAT
+ 2004-08-04 11:00 . 2012-03-01 11:01 206848 c:\windows\SYSTEM32\occache.dll
- 2004-08-04 11:00 . 2009-03-08 11:32 611840 c:\windows\SYSTEM32\mstime.dll
+ 2004-08-04 11:00 . 2012-03-01 11:01 611840 c:\windows\SYSTEM32\mstime.dll
+ 2007-08-14 01:54 . 2012-03-01 11:01 602112 c:\windows\SYSTEM32\msfeeds.dll
+ 2004-08-04 11:00 . 2011-03-04 06:37 726528 c:\windows\SYSTEM32\jscript.dll
- 2004-08-04 11:00 . 2009-03-08 11:33 726528 c:\windows\SYSTEM32\jscript.dll
+ 2004-08-04 11:00 . 2012-02-29 14:10 148480 c:\windows\SYSTEM32\imagehlp.dll
+ 2004-08-04 11:00 . 2012-03-01 11:01 184320 c:\windows\SYSTEM32\iepeers.dll
+ 2004-08-04 11:00 . 2012-03-01 11:01 387584 c:\windows\SYSTEM32\iedkcs32.dll
+ 2004-08-04 11:00 . 2012-02-29 12:17 174080 c:\windows\SYSTEM32\ie4uinit.exe
+ 2004-08-11 23:20 . 2012-06-05 20:31 266208 c:\windows\SYSTEM32\FNTCACHE.DAT
- 2004-08-11 23:20 . 2011-12-15 11:23 266208 c:\windows\SYSTEM32\FNTCACHE.DAT
+ 2004-08-04 11:00 . 2012-01-09 16:20 139784 c:\windows\SYSTEM32\DRIVERS\rdpwd.sys
- 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\SYSTEM32\DLLCACHE\wintrust.dll
+ 2009-12-24 06:59 . 2012-02-29 14:10 177664 c:\windows\SYSTEM32\DLLCACHE\wintrust.dll
- 2010-06-18 17:45 . 2011-06-20 17:44 293376 c:\windows\SYSTEM32\DLLCACHE\winsrv.dll
+ 2010-06-18 17:45 . 2011-11-25 21:57 293376 c:\windows\SYSTEM32\DLLCACHE\winsrv.dll
+ 2011-10-14 14:47 . 2011-10-14 14:47 176128 c:\windows\SYSTEM32\DLLCACHE\winmm.dll
+ 2004-08-04 11:00 . 2012-03-01 11:01 916992 c:\windows\SYSTEM32\DLLCACHE\wininet.dll
- 2008-12-16 12:30 . 2009-08-25 09:17 354816 c:\windows\SYSTEM32\DLLCACHE\winhttp.dll
+ 2008-12-16 12:30 . 2011-11-16 14:21 354816 c:\windows\SYSTEM32\DLLCACHE\winhttp.dll
+ 2006-09-18 14:15 . 2011-04-30 03:01 758784 c:\windows\SYSTEM32\DLLCACHE\vgx.dll
+ 2008-05-09 10:53 . 2011-03-04 06:37 420864 c:\windows\SYSTEM32\DLLCACHE\vbscript.dll
+ 2004-08-04 11:00 . 2012-03-01 11:01 105984 c:\windows\SYSTEM32\DLLCACHE\url.dll
- 2004-08-04 11:00 . 2009-03-08 11:34 105984 c:\windows\SYSTEM32\DLLCACHE\url.dll
+ 2008-12-05 06:54 . 2011-11-16 14:21 152064 c:\windows\SYSTEM32\DLLCACHE\schannel.dll
+ 2011-08-10 20:27 . 2012-01-09 16:20 139784 c:\windows\SYSTEM32\DLLCACHE\rdpwd.sys
+ 2011-11-03 15:28 . 2011-11-03 15:28 386048 c:\windows\SYSTEM32\DLLCACHE\qdvd.dll
+ 2004-08-04 11:00 . 2012-03-01 11:01 206848 c:\windows\SYSTEM32\DLLCACHE\occache.dll
+ 2004-08-04 11:00 . 2012-03-01 11:01 611840 c:\windows\SYSTEM32\DLLCACHE\mstime.dll
- 2004-08-04 11:00 . 2009-03-08 11:32 611840 c:\windows\SYSTEM32\DLLCACHE\mstime.dll
+ 2007-05-09 00:05 . 2012-03-01 11:01 602112 c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
+ 2008-05-09 10:53 . 2011-03-04 06:37 726528 c:\windows\SYSTEM32\DLLCACHE\jscript.dll
- 2008-05-09 10:53 . 2009-03-08 11:33 726528 c:\windows\SYSTEM32\DLLCACHE\jscript.dll
+ 2012-02-29 14:10 . 2012-02-29 14:10 148480 c:\windows\SYSTEM32\DLLCACHE\imagehlp.dll
- 2009-06-11 20:00 . 2011-11-04 19:20 247808 c:\windows\SYSTEM32\DLLCACHE\ieproxy.dll
+ 2009-06-11 20:00 . 2012-03-01 11:01 247808 c:\windows\SYSTEM32\DLLCACHE\ieproxy.dll
+ 2004-08-04 11:00 . 2012-03-01 11:01 184320 c:\windows\SYSTEM32\DLLCACHE\iepeers.dll
+ 2010-06-11 20:20 . 2012-03-01 11:01 743424 c:\windows\SYSTEM32\DLLCACHE\iedvtool.dll
- 2010-06-11 20:20 . 2011-11-04 19:20 743424 c:\windows\SYSTEM32\DLLCACHE\iedvtool.dll
+ 2004-08-04 11:00 . 2012-03-01 11:01 387584 c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll
+ 2004-08-04 11:00 . 2012-02-29 12:17 174080 c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
- 2011-09-03 10:17 . 2011-09-28 07:06 599040 c:\windows\SYSTEM32\DLLCACHE\crypt32.dll
+ 2011-09-03 10:17 . 2012-05-31 13:22 599040 c:\windows\SYSTEM32\DLLCACHE\crypt32.dll
+ 2012-04-06 06:52 . 2012-04-06 06:52 131168 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2011-12-25 10:49 . 2011-12-25 10:49 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2012-01-31 10:38 . 2012-01-31 10:38 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2011-12-25 10:50 . 2011-12-25 10:50 389888 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-12-25 10:50 . 2011-12-25 10:50 364816 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-12-25 10:50 . 2011-12-25 10:50 989968 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2012-01-28 00:35 . 2012-01-28 00:35 471040 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
- 2011-07-07 19:04 . 2011-07-07 19:04 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2011-12-25 05:55 . 2011-12-25 05:55 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2011-12-25 05:53 . 2011-12-25 05:53 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2011-07-07 19:01 . 2011-07-07 19:01 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2011-07-07 20:09 . 2011-07-07 20:09 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2011-12-25 06:49 . 2011-12-25 06:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2011-12-22 23:50 . 2011-12-22 23:50 256000 c:\windows\Installer\ee364.msp
+ 2012-02-03 06:56 . 2012-02-03 06:56 963584 c:\windows\Installer\ee356.msp
+ 2012-06-05 19:39 . 2012-06-05 19:39 223744 c:\windows\Installer\ee350.msi
+ 2011-12-25 12:40 . 2011-12-25 12:40 819200 c:\windows\Installer\ee331.msp
- 2006-11-20 02:25 . 2011-06-15 10:17 114688 c:\windows\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2006-11-20 02:25 . 2012-06-05 19:31 114688 c:\windows\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2009-02-26 18:45 . 2009-02-26 18:45 509256 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\WRD12CVR.DLL
+ 2009-02-25 23:27 . 2009-02-25 23:27 843680 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\OICE.EXE
+ 2009-02-26 18:07 . 2009-02-26 18:07 395624 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\MOC.EXE
+ 2012-06-05 19:47 . 2009-03-08 11:34 914944 c:\windows\ie8updates\KB2675157-IE8\wininet.dll
+ 2012-06-05 19:47 . 2009-03-08 11:34 105984 c:\windows\ie8updates\KB2675157-IE8\url.dll
+ 2012-06-05 19:47 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2675157-IE8\spuninst\updspapi.dll
+ 2012-06-05 19:47 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2675157-IE8\spuninst\spuninst.exe
+ 2012-06-05 19:47 . 2009-03-08 11:34 109568 c:\windows\ie8updates\KB2675157-IE8\occache.dll
+ 2012-06-05 19:47 . 2009-03-08 11:32 611840 c:\windows\ie8updates\KB2675157-IE8\mstime.dll
+ 2012-06-05 19:47 . 2009-03-08 11:32 594432 c:\windows\ie8updates\KB2675157-IE8\msfeeds.dll
+ 2012-06-05 19:47 . 2009-03-08 11:33 246784 c:\windows\ie8updates\KB2675157-IE8\ieproxy.dll
+ 2012-06-05 19:47 . 2009-03-08 11:31 183808 c:\windows\ie8updates\KB2675157-IE8\iepeers.dll
+ 2012-06-05 19:47 . 2009-03-08 11:35 742912 c:\windows\ie8updates\KB2675157-IE8\iedvtool.dll
+ 2012-06-05 19:47 . 2009-03-08 21:09 391536 c:\windows\ie8updates\KB2675157-IE8\iedkcs32.dll
+ 2012-06-05 19:47 . 2009-03-08 11:32 173056 c:\windows\ie8updates\KB2675157-IE8\ie4uinit.exe
+ 2012-06-05 19:31 . 2009-03-08 11:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll
+ 2012-06-05 19:31 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\updspapi.dll
+ 2012-06-05 19:31 . 2010-07-05 13:15 755576 c:\windows\ie8updates\KB2544521-IE8\update.exe
+ 2012-06-05 19:31 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll
+ 2012-06-05 19:31 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
+ 2012-06-05 19:31 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst.exe
+ 2012-06-05 19:31 . 2009-03-08 11:33 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
+ 2012-06-05 19:31 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\updspapi.dll
+ 2012-06-05 19:31 . 2010-07-05 13:15 755576 c:\windows\ie8updates\KB2510531-IE8\update.exe
+ 2012-06-05 19:31 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
+ 2012-06-05 19:31 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
+ 2012-06-05 19:31 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst.exe
+ 2012-06-05 19:31 . 2009-03-08 11:33 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll
+ 2011-06-15 10:20 . 2011-10-14 10:09 626688 c:\windows\ASSEMBLY\TEMP\Q6BLLOME5A\System.Drawing.dll
+ 2012-06-05 19:35 . 2012-06-05 19:35 835584 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_7237de75\System.Drawing.dll
+ 2012-06-05 19:45 . 2012-06-05 19:45 843776 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_609fb361\System.Drawing.dll
+ 2012-06-05 19:45 . 2012-06-05 19:45 192512 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_f72effc2\System.Drawing.Design.dll
+ 2012-06-05 19:36 . 2012-06-05 19:36 192512 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_79a9a264\System.Drawing.Design.dll
+ 2012-06-05 19:36 . 2012-06-05 19:36 118784 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_5a5c0032\CustomMarshalers.dll
+ 2012-06-05 20:26 . 2012-06-05 20:26 321536 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\WsatConfig\ac4fc3032c19946f9b2729468888206d\WsatConfig.ni.exe
+ 2012-06-05 20:24 . 2012-06-05 20:24 240128 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6198de2c5b8f7d89404c2ba39d69ae56\WindowsFormsIntegration.ni.dll
+ 2012-06-05 20:24 . 2012-06-05 20:24 187904 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\UIAutomationTypes\be27ab5913cec2b292a019c2a13ec701\UIAutomationTypes.ni.dll
+ 2012-06-05 20:24 . 2012-06-05 20:24 447488 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\UIAutomationClient\04e5e2be34a70ee7f4c87550238095a0\UIAutomationClient.ni.dll
+ 2012-06-05 20:54 . 2012-06-05 20:54 400896 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Xml.Linq\1c13b08593e99d6f5bef49ae7939c78b\System.Xml.Linq.ni.dll
+ 2012-06-05 20:52 . 2012-06-05 20:52 129536 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Routing\8bffbaa5d5abe40674d0bc124dfe8622\System.Web.Routing.ni.dll
+ 2012-06-05 20:53 . 2012-06-05 20:53 202240 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.RegularE#\6c7765c10516d375e9ddedad2dbab848\System.Web.RegularExpressions.ni.dll
+ 2012-06-05 20:53 . 2012-06-05 20:53 859648 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Extensio#\a7908debe80c209b599529685a159fa0\System.Web.Extensions.Design.ni.dll
+ 2012-06-05 20:52 . 2012-06-05 20:52 328704 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Entity\44ecb9f7be54a2ba46e6102d343e2e7e\System.Web.Entity.ni.dll
+ 2012-06-05 20:53 . 2012-06-05 20:53 301056 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Entity.D#\fee8237aa2daa36e48aec379ee642422\System.Web.Entity.Design.ni.dll
+ 2012-06-05 20:52 . 2012-06-05 20:52 547328 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.DynamicD#\40d90d2c1484164b786067320ce778f4\System.Web.DynamicData.ni.dll
+ 2012-06-05 20:51 . 2012-06-05 20:51 141312 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Abstract#\6b4ce8cf2c3307b75ea7ebe77258bb26\System.Web.Abstractions.ni.dll
+ 2012-06-05 20:49 . 2012-06-05 20:49 627200 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll
+ 2012-06-05 20:49 . 2012-06-05 20:49 212992 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.ServiceProce#\8dc4a28c456f81ee7399da21bd9d55aa\System.ServiceProcess.ni.dll
+ 2012-06-05 20:26 . 2012-06-05 20:26 679936 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Security\129b15861e200613ff78ae15581f9093\System.Security.ni.dll
+ 2012-06-05 20:28 . 2012-06-05 20:28 311296 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a644ec04e18202b60f9d828bc207972b\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-06-05 20:42 . 2012-06-05 20:42 621056 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Net\4a9eb43005a041959ddc5c7e586ab746\System.Net.ni.dll
+ 2012-06-05 20:28 . 2012-06-05 20:28 998400 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
+ 2012-06-05 20:28 . 2012-06-05 20:28 330752 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Management.I#\3182a049ba953010dec649cf290a9e90\System.Management.Instrumentation.ni.dll
+ 2012-06-05 20:28 . 2012-06-05 20:28 160256 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Management.A#\565bc89beb2fb404b1612721a9d56d3a\System.Management.Automation.resources.ni.dll
+ 2012-06-05 20:25 . 2012-06-05 20:25 381440 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.IO.Log\8991f21d4b3676bf6f779110db8d4ac9\System.IO.Log.ni.dll
+ 2012-06-05 20:26 . 2012-06-05 20:26 212992 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.IdentityMode#\cd9c60a35d4958e94d2e3dd2f778e2e9\System.IdentityModel.Selectors.ni.dll
+ 2012-06-05 20:28 . 2012-06-05 20:28 280064 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.Wrapper.dll
+ 2012-06-05 20:28 . 2012-06-05 20:28 627712 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.ni.dll
+ 2012-06-05 20:23 . 2012-06-05 20:23 208384 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Drawing.Desi#\88aa4f80c7e5ac25f06f8950e42a1678\System.Drawing.Design.ni.dll
+ 2012-06-05 20:28 . 2012-06-05 20:28 455680 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.DirectorySer#\ca484772955bc4db03b5dcb611c09423\System.DirectoryServices.Protocols.ni.dll
+ 2012-06-05 20:28 . 2012-06-05 20:28 881152 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.DirectorySer#\8ba5e68dddfd3279a8469d39eded48f3\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-06-05 20:28 . 2012-06-05 20:28 354816 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data.Service#\a0109fce606a3110a5e7f9a4773f517e\System.Data.Services.Design.ni.dll
+ 2012-06-05 20:28 . 2012-06-05 20:28 939008 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data.Service#\3a68d0441f509ffa6f8f0fb9cfcc5780\System.Data.Services.Client.ni.dll
+ 2012-06-05 20:27 . 2012-06-05 20:27 756736 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data.Entity.#\04440b3dd5d822da4973a525ee04b05d\System.Data.Entity.Design.ni.dll
+ 2012-06-05 20:27 . 2012-06-05 20:27 135680 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data.DataSet#\7bbb5d9e3b161b4d4b968e590442d3ae\System.Data.DataSetExtensions.ni.dll
+ 2012-06-05 20:26 . 2012-06-05 20:26 971264 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
+ 2012-06-05 20:28 . 2012-06-05 20:28 141312 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Configuratio#\bf7d6af03e1230ccad546a8659245ae9\System.Configuration.Install.ni.dll
+ 2012-06-05 20:27 . 2012-06-05 20:27 634368 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.AddIn\931a2bece4668863db4f852401c828cf\System.AddIn.ni.dll
+ 2012-06-05 20:26 . 2012-06-05 20:26 366080 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\SMSvcHost\6762f1ee780fa9c0b4ef66b285c64844\SMSvcHost.ni.exe
+ 2012-06-05 20:26 . 2012-06-05 20:26 256000 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\SMDiagnostics\660c4d6dd69ef22bc05587e1998cd135\SMDiagnostics.ni.dll
+ 2012-06-05 20:26 . 2012-06-05 20:26 320512 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\ServiceModelReg\47ed5bc9f42ea0054ce9acfde5e640b8\ServiceModelReg.ni.exe
+ 2012-06-05 20:18 . 2012-06-05 20:18 258048 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationFramewo#\a4706b850df9a3483f2fc439b6abe616\PresentationFramework.Royale.ni.dll
+ 2012-06-05 20:18 . 2012-06-05 20:18 539648 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationFramewo#\8b873631a0855fb6aa0ad25f1d9de7fe\PresentationFramework.Luna.ni.dll
+ 2012-06-05 20:18 . 2012-06-05 20:18 224768 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationFramewo#\7416fe825e6e49a87fa8ff60c8971813\PresentationFramework.Classic.ni.dll
+ 2012-06-05 20:18 . 2012-06-05 20:18 368128 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationFramewo#\186c27fbd7b38b5551889274f6fa2ccd\PresentationFramework.Aero.ni.dll
+ 2012-06-05 20:26 . 2012-06-05 20:26 133632 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\MSBuild\5a121969a115d11b6256eb960c145686\MSBuild.ni.exe
+ 2012-06-05 20:26 . 2012-06-05 20:26 386560 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Transacti#\97c613d3899b320a6765793bdf490272\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-06-05 20:27 . 2012-06-05 20:27 492032 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\d4375675fc5879a48c22dc8d7c80e841\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-06-05 20:27 . 2012-06-05 20:27 968192 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b0ec75b69d7a18a98de94e7b635d5b44\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-06-05 20:27 . 2012-06-05 20:27 148480 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\937d2550dddbd2e5995ec8f93083f357\Microsoft.PowerShell.Security.ni.dll
+ 2012-06-05 20:27 . 2012-06-05 20:27 433664 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\15b7846d6acc551a7afdf5cc3de7547b\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-06-05 20:26 . 2012-06-05 20:26 175104 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\dec22fb7d6b8929a41380e5359741a07\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-06-05 20:26 . 2012-06-05 20:26 144384 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\1009b31c86a1b798fffa9e0127cec29c\Microsoft.Build.Utilities.ni.dll
+ 2012-06-05 20:26 . 2012-06-05 20:26 839680 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\21d88631ef629715d3eecdd08e62e0b8\Microsoft.Build.Engine.ni.dll
+ 2012-06-05 20:26 . 2012-06-05 20:26 222720 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a0f38c6478cca8297fb160291346c1c9\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-06-05 20:26 . 2012-06-05 20:26 220672 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\CustomMarshalers\bb26dd100d656605c576881a1a823667\CustomMarshalers.ni.dll
+ 2012-06-05 20:26 . 2012-06-05 20:26 410112 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\ComSvcConfig\9869c02d18825fdd32e64135a3e7246b\ComSvcConfig.ni.exe
+ 2012-06-05 20:26 . 2012-06-05 20:26 842240 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\AspNetMMCExt\e414683ec4cff1cac0c77aaefd67144e\AspNetMMCExt.ni.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 839680 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-06-05 20:19 . 2012-06-05 20:19 839680 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 835584 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-06-05 20:19 . 2012-06-05 20:19 835584 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-06-05 20:19 . 2012-06-05 20:19 114688 c:\windows\ASSEMBLY\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 114688 c:\windows\ASSEMBLY\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 258048 c:\windows\ASSEMBLY\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-06-05 20:19 . 2012-06-05 20:19 258048 c:\windows\ASSEMBLY\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-06-05 20:19 . 2012-06-05 20:19 131072 c:\windows\ASSEMBLY\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 131072 c:\windows\ASSEMBLY\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 303104 c:\windows\ASSEMBLY\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-06-05 20:20 . 2012-06-05 20:20 303104 c:\windows\ASSEMBLY\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-06-05 20:20 . 2012-06-05 20:20 258048 c:\windows\ASSEMBLY\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 258048 c:\windows\ASSEMBLY\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 372736 c:\windows\ASSEMBLY\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-06-05 20:20 . 2012-06-05 20:20 372736 c:\windows\ASSEMBLY\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-06-05 20:20 . 2012-06-05 20:20 630784 c:\windows\ASSEMBLY\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-06-05 20:19 . 2012-06-05 20:19 401408 c:\windows\ASSEMBLY\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 401408 c:\windows\ASSEMBLY\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-06-05 20:19 . 2012-06-05 20:19 188416 c:\windows\ASSEMBLY\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 188416 c:\windows\ASSEMBLY\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 970752 c:\windows\ASSEMBLY\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-06-05 20:20 . 2012-06-05 20:20 970752 c:\windows\ASSEMBLY\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-06-05 20:20 . 2012-06-05 20:20 745472 c:\windows\ASSEMBLY\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 745472 c:\windows\ASSEMBLY\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-06-05 20:20 . 2012-06-05 20:20 425984 c:\windows\ASSEMBLY\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 425984 c:\windows\ASSEMBLY\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-06-05 19:48 . 2012-06-05 19:48 163840 c:\windows\ASSEMBLY\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
- 2009-08-07 10:10 . 2009-08-07 10:10 163840 c:\windows\ASSEMBLY\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 110592 c:\windows\ASSEMBLY\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-06-05 20:20 . 2012-06-05 20:20 110592 c:\windows\ASSEMBLY\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-06-05 20:21 . 2012-06-05 20:21 532480 c:\windows\ASSEMBLY\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 659456 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-06-05 20:19 . 2012-06-05 20:19 659456 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-06-05 20:19 . 2012-06-05 20:19 372736 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 372736 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 110592 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-06-05 20:19 . 2012-06-05 20:19 110592 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 749568 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-06-05 20:19 . 2012-06-05 20:19 749568 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-06-05 20:20 . 2012-06-05 20:20 655360 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 655360 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-06-05 20:19 . 2012-06-05 20:19 348160 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 348160 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-06-05 20:19 . 2012-06-05 20:19 507904 c:\windows\ASSEMBLY\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 507904 c:\windows\ASSEMBLY\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 261632 c:\windows\ASSEMBLY\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-06-05 20:19 . 2012-06-05 20:19 261632 c:\windows\ASSEMBLY\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-06-05 20:21 . 2012-06-05 20:21 368640 c:\windows\ASSEMBLY\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2009-08-07 10:09 . 2009-08-07 10:09 368640 c:\windows\ASSEMBLY\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 113664 c:\windows\ASSEMBLY\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-06-05 20:19 . 2012-06-05 20:19 113664 c:\windows\ASSEMBLY\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 258048 c:\windows\ASSEMBLY\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-06-05 20:19 . 2012-06-05 20:19 258048 c:\windows\ASSEMBLY\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-06-05 20:20 . 2012-06-05 20:20 486400 c:\windows\ASSEMBLY\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 486400 c:\windows\ASSEMBLY\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-06-05 19:44 . 2012-06-05 19:44 471040 c:\windows\ASSEMBLY\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-06-05 16:33 . 2012-02-09 15:43 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 3781960 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 3766600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll
+ 2004-08-04 11:00 . 2012-03-01 11:01 1212416 c:\windows\SYSTEM32\urlmon.dll
+ 2004-08-04 11:00 . 2011-11-03 15:28 1292288 c:\windows\SYSTEM32\quartz.dll
+ 2004-08-04 11:00 . 2012-03-01 11:01 5978624 c:\windows\SYSTEM32\mshtml.dll
+ 2007-08-14 01:34 . 2012-03-01 11:01 2000384 c:\windows\SYSTEM32\iertutil.dll
+ 2009-08-20 22:09 . 2009-08-20 22:09 1193832 c:\windows\SYSTEM32\FM20.DLL
+ 2008-10-15 03:52 . 2012-04-11 13:12 1862272 c:\windows\SYSTEM32\DLLCACHE\win32k.sys
+ 2004-08-04 11:00 . 2012-03-01 11:01 1212416 c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
+ 2008-05-07 05:12 . 2011-11-03 15:28 1292288 c:\windows\SYSTEM32\DLLCACHE\quartz.dll
+ 2008-10-15 03:51 . 2012-04-11 13:10 2192640 c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
+ 2008-10-15 03:51 . 2012-04-11 12:35 2026496 c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
+ 2008-10-15 03:51 . 2012-04-11 12:35 2069120 c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
+ 2008-10-15 03:51 . 2012-04-11 13:14 2148352 c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
+ 2004-08-04 11:00 . 2012-03-01 11:01 5978624 c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
+ 2007-05-09 00:05 . 2012-03-01 11:01 2000384 c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
- 2011-03-25 13:15 . 2011-03-25 13:15 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2011-12-25 10:50 . 2011-12-25 10:50 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2011-12-25 10:50 . 2011-12-25 10:50 5246976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2011-12-25 10:50 . 2011-12-25 10:50 3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-12-25 10:50 . 2011-12-25 10:50 5913360 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2011-12-25 10:50 . 2011-12-25 10:50 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2011-07-07 12:18 . 2011-07-07 12:18 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2012-01-31 11:46 . 2012-01-31 11:46 6385664 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2656370\M2656370Uninstall.msp
+ 2011-12-25 18:07 . 2011-12-25 18:07 2064384 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2011-12-25 18:06 . 2011-12-25 18:06 1269760 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2011-12-25 18:06 . 2011-12-25 18:06 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2011-07-08 20:59 . 2011-07-08 20:59 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2011-07-07 19:02 . 2011-07-07 19:02 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2011-12-25 05:54 . 2011-12-25 05:54 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2011-12-25 05:53 . 2011-12-25 05:53 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2011-07-07 19:02 . 2011-07-07 19:02 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2011-07-08 20:59 . 2011-07-08 20:59 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2011-12-25 18:06 . 2011-12-25 18:06 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2012-04-29 04:43 . 2012-04-29 04:43 8459264 c:\windows\Installer\ee37c.msp
+ 2012-04-05 05:38 . 2012-04-05 05:38 3620864 c:\windows\Installer\ee374.msp
+ 2012-04-05 05:38 . 2012-04-05 05:38 2831360 c:\windows\Installer\ee36c.msp
+ 2012-01-31 03:46 . 2012-01-31 03:46 7069184 c:\windows\Installer\ee35e.msp
+ 2011-02-25 21:25 . 2011-02-25 21:25 7968256 c:\windows\Installer\ee31b.msp
+ 2009-08-20 22:27 . 2009-08-20 22:27 3622400 c:\windows\Installer\ee309.msp
+ 2011-12-26 16:59 . 2011-12-26 16:59 4368896 c:\windows\Installer\34a5b9.msp
+ 2011-08-17 16:49 . 2011-08-17 16:49 4683624 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\WRD12CNV.DLL
+ 2011-07-07 09:58 . 2011-07-07 09:58 1616240 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\OGL.DLL
+ 2009-06-13 02:15 . 2009-06-13 02:15 1661792 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6514\OGL.DLL
+ 2012-06-05 19:47 . 2009-03-08 11:34 1206784 c:\windows\ie8updates\KB2675157-IE8\urlmon.dll
+ 2012-06-05 19:47 . 2009-03-08 11:41 5937152 c:\windows\ie8updates\KB2675157-IE8\mshtml.dll
+ 2012-06-05 19:47 . 2009-03-08 11:32 1985024 c:\windows\ie8updates\KB2675157-IE8\iertutil.dll
+ 2008-10-15 03:51 . 2012-04-11 13:10 2192640 c:\windows\Driver Cache\I386\ntoskrnl.exe
+ 2008-10-15 03:51 . 2012-04-11 12:35 2026496 c:\windows\Driver Cache\I386\ntkrpamp.exe
+ 2008-10-15 03:51 . 2012-04-11 12:35 2069120 c:\windows\Driver Cache\I386\ntkrnlpa.exe
+ 2008-10-15 03:51 . 2012-04-11 13:14 2148352 c:\windows\Driver Cache\I386\ntkrnlmp.exe
+ 2011-06-15 10:20 . 2011-10-14 10:09 5025792 c:\windows\ASSEMBLY\TEMP\UFK48HN7XH\System.Windows.Forms.dll
+ 2011-06-15 10:20 . 2011-10-14 10:09 3182592 c:\windows\ASSEMBLY\TEMP\21TQRUEQIL\System.dll
+ 2012-06-05 19:34 . 2012-06-05 19:34 1966080 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_fc5fc369\System.dll
+ 2012-06-05 19:35 . 2012-06-05 19:35 4792320 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_34f2ff6c\System.dll
+ 2012-06-05 19:36 . 2012-06-05 19:36 5513216 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_6f1dfe69\System.Xml.dll
+ 2012-06-05 19:35 . 2012-06-05 19:35 2088960 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_43e9fa44\System.Xml.dll
+ 2012-06-05 19:45 . 2012-06-05 19:45 3035136 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_95b82e1a\System.Windows.Forms.dll
+ 2012-06-05 19:34 . 2012-06-05 19:34 3035136 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_90961229\System.Windows.Forms.dll
+ 2012-06-05 19:45 . 2012-06-05 19:45 7917568 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_797051b3\System.Windows.Forms.dll
+ 2012-06-05 19:36 . 2012-06-05 19:36 7917568 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_054e325e\System.Windows.Forms.dll
+ 2012-06-05 19:45 . 2012-06-05 19:45 2248704 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_b49f3de5\System.Drawing.dll
+ 2012-06-05 19:36 . 2012-06-05 19:36 2244608 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_449644ad\System.Drawing.dll
+ 2012-06-05 19:45 . 2012-06-05 19:45 3395584 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_f3a3ea7c\System.Design.dll
+ 2012-06-05 19:35 . 2012-06-05 19:35 1470464 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_9cb836aa\System.Design.dll
+ 2012-06-05 19:36 . 2012-06-05 19:36 3395584 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_91f4d55e\System.Design.dll
+ 2012-06-05 19:45 . 2012-06-05 19:45 1470464 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_31911186\System.Design.dll
+ 2012-06-05 19:35 . 2012-06-05 19:35 3391488 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\MSCORLIB\1.0.5000.0__b77a5c561934e089_7b98b526\mscorlib.dll
+ 2012-06-05 19:37 . 2012-06-05 19:37 8908800 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\MSCORLIB\1.0.5000.0__b77a5c561934e089_72e8b487\mscorlib.dll
+ 2012-06-05 20:17 . 2012-06-05 20:17 3325440 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll
+ 2012-06-05 20:24 . 2012-06-05 20:24 1049600 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\UIAutomationClients#\41a81b97625c113b591ed082c95276e2\UIAutomationClientsideProviders.ni.dll
+ 2012-06-05 20:18 . 2012-06-05 20:18 2128896 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP446.tmp\ReachFramework.dll
+ 2012-06-05 20:16 . 2012-06-05 20:16 7953408 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
+ 2012-06-05 20:24 . 2012-06-05 20:24 5450752 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
+ 2012-06-05 20:54 . 2012-06-05 20:54 1356288 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.WorkflowServ#\33fa6a2055bf857bff2e31020279b5e9\System.WorkflowServices.ni.dll
+ 2012-06-05 20:53 . 2012-06-05 20:53 1908224 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Workflow.Run#\5eccf6fef6bee8a2f93bc65ff33699bb\System.Workflow.Runtime.ni.dll
+ 2012-06-05 20:53 . 2012-06-05 20:53 4514304 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Workflow.Com#\62bd2e1bf98b04ceca2102c8f54aab9d\System.Workflow.ComponentModel.ni.dll
+ 2012-06-05 20:53 . 2012-06-05 20:53 2992640 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Workflow.Act#\8215548b3d4aabbaa0557ab747700778\System.Workflow.Activities.ni.dll
+ 2012-06-05 20:53 . 2012-06-05 20:53 1840640 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Services\3e11aea7d742b5eddbd0b6bd1012f7df\System.Web.Services.ni.dll
+ 2012-06-05 20:53 . 2012-06-05 20:53 2209280 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Mobile\ff995dde9cd34ff1e8ac7ab55fc92d32\System.Web.Mobile.ni.dll
+ 2012-06-05 20:52 . 2012-06-05 20:52 2405888 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Extensio#\8899d1091e64a4d0b6ae69060197091a\System.Web.Extensions.ni.dll
+ 2012-06-05 20:23 . 2012-06-05 20:23 1917440 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Speech\5efb50c91f3c5e49be2079f625d933b7\System.Speech.ni.dll
+ 2012-06-05 20:49 . 2012-06-05 20:49 1706496 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.ServiceModel#\97d635f5c656ae43d94b55e67fc4ab50\System.ServiceModel.Web.ni.dll
+ 2012-06-05 20:25 . 2012-06-05 20:25 2345472 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Runtime.Seri#\505e12638acd6fdb22e1fd2d4c6fc232\System.Runtime.Serialization.ni.dll
+ 2012-06-05 20:23 . 2012-06-05 20:23 1035776 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Printing\1d6707a5a9da16c1d1b88529837884d6\System.Printing.ni.dll
+ 2012-06-05 20:28 . 2012-06-05 20:28 4950016 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Management.A#\c1b3a38c1e1528e22b8f5531d7b3700c\System.Management.Automation.ni.dll
+ 2012-06-05 20:25 . 2012-06-05 20:25 1070080 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.IdentityModel\e09496ddb2bf6f3b69707924f2e6b5ff\System.IdentityModel.ni.dll
+ 2012-06-05 20:23 . 2012-06-05 20:23 1591808 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll
+ 2012-06-05 20:28 . 2012-06-05 20:28 1116672 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.DirectorySer#\b55887436d2cfbe1fb32dd18d554185b\System.DirectoryServices.ni.dll
+ 2012-06-05 20:28 . 2012-06-05 20:28 1801216 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Deployment\832196527f0497078f085eaf9189265f\System.Deployment.ni.dll
+ 2012-06-05 20:23 . 2012-06-05 20:23 6616576 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll
+ 2012-06-05 20:26 . 2012-06-05 20:26 2510336 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data.SqlXml\982b508698278c6ffb3d143bbe1e8bb8\System.Data.SqlXml.ni.dll
+ 2012-06-05 20:27 . 2012-06-05 20:27 1328128 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data.Services\2de7666b1cd0a1bc363726c9553dc39c\System.Data.Services.ni.dll
+ 2012-06-05 20:23 . 2012-06-05 20:23 2516480 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data.Linq\44a5fc9e7c71b1fe1e2c79b03ecc3bc7\System.Data.Linq.ni.dll
+ 2012-06-05 20:27 . 2012-06-05 20:27 9924096 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data.Entity\772c94f595cd87b7fa187d592ef46fcf\System.Data.Entity.ni.dll
+ 2012-06-05 20:21 . 2012-06-05 20:21 2295296 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Core\38d07a5ac34b99d94fd14f42e779f625\System.Core.ni.dll
+ 2012-06-05 20:22 . 2012-06-05 20:22 2146304 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\ReachFramework\2ecefd16184a78f19aaf0f02cc0a7e1f\ReachFramework.ni.dll
+ 2012-06-05 20:21 . 2012-06-05 20:21 2128896 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\ReachFramework\1121966e9755a168a35364764adfe90e\ReachFramework.ni.dll
+ 2012-06-05 20:18 . 2012-06-05 20:18 1657856 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationUI\87302164fd2a624feba2e449b4e34445\PresentationUI.ni.dll
+ 2012-06-05 20:22 . 2012-06-05 20:22 1657856 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationUI\51204805c71113e0db2103faa064b313\PresentationUI.ni.dll
+ 2012-06-05 20:16 . 2012-06-05 20:16 1451008 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationBuildTa#\8c509044eea2ab22689ea43926b30108\PresentationBuildTasks.ni.dll
+ 2012-06-05 20:27 . 2012-06-05 20:27 1712128 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b49dd780ba8e3501b0adcf108b431e7b\Microsoft.VisualBasic.ni.dll
+ 2012-06-05 20:26 . 2012-06-05 20:26 1093120 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Transacti#\42145ebf75f77cabad442f0801a81c64\Microsoft.Transactions.Bridge.ni.dll
+ 2012-06-05 20:28 . 2012-06-05 20:28 2332160 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.JScript\cfe15312373b4668398404b5822bab7d\Microsoft.JScript.ni.dll
+ 2012-06-05 20:26 . 2012-06-05 20:26 1966080 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\f3fcd65eca42d13b746cf3f5bd993ee0\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-06-05 20:26 . 2012-06-05 20:26 1620992 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\2091903cd9b359e96f05ac2d6d25ef4e\Microsoft.Build.Tasks.ni.dll
+ 2012-06-05 20:26 . 2012-06-05 20:26 1888768 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5aa63a1cb41e3a5e1e8ed17072e60ec3\Microsoft.Build.Engine.ni.dll
+ 2010-06-24 10:05 . 2012-06-05 20:16 1249280 c:\windows\ASSEMBLY\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2010-06-24 10:05 . 2010-06-24 10:05 1249280 c:\windows\ASSEMBLY\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-06-05 20:20 . 2012-06-05 20:20 3186688 c:\windows\ASSEMBLY\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-06-05 20:19 . 2012-06-05 20:19 2048000 c:\windows\ASSEMBLY\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 2048000 c:\windows\ASSEMBLY\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-06-05 20:19 . 2012-06-05 20:19 5025792 c:\windows\ASSEMBLY\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-06-15 10:20 . 2011-10-14 10:09 5025792 c:\windows\ASSEMBLY\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-10-06 10:07 . 2010-10-06 10:07 1277952 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-06-05 19:32 . 2012-06-05 19:32 1277952 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 5062656 c:\windows\ASSEMBLY\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-06-05 20:19 . 2012-06-05 20:19 5062656 c:\windows\ASSEMBLY\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-06-05 20:16 . 2012-06-05 20:16 5283840 c:\windows\ASSEMBLY\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-06-05 20:19 . 2012-06-05 20:19 5246976 c:\windows\ASSEMBLY\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-06-05 20:20 . 2012-06-05 20:20 2933248 c:\windows\ASSEMBLY\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-10-14 10:09 . 2011-10-14 10:09 2933248 c:\windows\ASSEMBLY\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-06-05 20:16 . 2012-06-05 20:16 4214784 c:\windows\ASSEMBLY\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-06-05 20:20 . 2012-06-05 20:20 4550656 c:\windows\ASSEMBLY\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-06-15 10:20 . 2011-10-14 10:09 4550656 c:\windows\ASSEMBLY\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-06-05 19:34 . 2012-06-05 19:34 1232896 c:\windows\ASSEMBLY\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2011-10-14 10:00 . 2011-10-14 10:00 1232896 c:\windows\ASSEMBLY\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2012-06-05 19:34 . 2012-06-05 19:34 2064384 c:\windows\ASSEMBLY\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-06-05 19:34 . 2012-06-05 19:34 1269760 c:\windows\ASSEMBLY\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2005-05-11 10:00 . 2012-04-27 03:08 55656824 c:\windows\SYSTEM32\MRT.exe
+ 2007-08-14 01:54 . 2012-03-02 13:01 11082752 c:\windows\SYSTEM32\ieframe.dll
+ 2007-05-09 00:05 . 2012-03-02 13:01 11082752 c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
+ 2011-12-27 00:02 . 2011-12-27 00:02 12482048 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2656353\M2656353Uninstall.msp
+ 2011-12-26 16:02 . 2011-12-26 16:02 19677184 c:\windows\Installer\ee34a.msp
+ 2011-09-16 01:37 . 2011-09-16 01:37 38176256 c:\windows\Installer\ee32a.msp
+ 2012-06-05 00:38 . 2012-06-05 00:38 20343808 c:\windows\Installer\4ee57b.msp
+ 2012-04-06 10:13 . 2012-04-06 10:13 16527872 c:\windows\Installer\34a5c1.msp
+ 2012-04-06 09:12 . 2012-04-06 09:12 15709696 c:\windows\Installer\34a5af.msp
+ 2012-01-04 09:25 . 2012-01-04 09:25 17751552 c:\windows\Installer\34a5a4.msp
+ 2012-06-05 19:47 . 2009-03-08 11:39 11063808 c:\windows\ie8updates\KB2675157-IE8\ieframe.dll
+ 2012-06-05 20:24 . 2012-06-05 20:24 12430848 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Windows.Forms\995fcf39ead2c2a53e084505c2c67d49\System.Windows.Forms.ni.dll
+ 2012-06-05 20:50 . 2012-06-05 20:51 11817472 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web\7861cd979ea5db3fb7d30ed94fb0edd2\System.Web.ni.dll
+ 2012-06-05 20:26 . 2012-06-05 20:26 17403904 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.ServiceModel\bc254d2fa26664898ae21d45643bc194\System.ServiceModel.ni.dll
+ 2012-06-05 20:23 . 2012-06-05 20:23 10683392 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Design\a9256d2ad7e4be2bbb4e9b18c3997b84\System.Design.ni.dll
+ 2012-06-05 20:18 . 2012-06-05 20:18 14329856 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationFramewo#\88bb6af76d27af11f95f8c630396408f\PresentationFramework.ni.dll
+ 2012-06-05 20:22 . 2012-06-05 20:22 14329856 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationFramewo#\5b8ff47c1db373a2a4c638ca31988bd2\PresentationFramework.ni.dll
+ 2012-06-05 20:17 . 2012-06-05 20:17 12218368 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationCore\4eb3cd1f1d5a83617524a9dfb96a657d\PresentationCore.ni.dll
+ 2012-06-05 20:16 . 2012-06-05 20:16 11492352 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-24 68856]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-19 67128]
"Free Internet Eraser"="c:\documents and settings\Ron\Desktop\InternetEraser.exe" [2004-04-18 523776]
"SanDiskSecureAccess_Manager.exe"="c:\documents and settings\Ron\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe" [2011-11-10 27306624]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-05-22 221184]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-06-01 217088]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-06-01 458752]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2005-04-28 788992]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-11-05 980368]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-06 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
.
c:\documents and settings\Ron\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-6-28 385024]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Ron\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Ron\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 MpKsl67ee76b8;MpKsl67ee76b8;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0BF567D5-75C2-4E44-BE95-687E0B913661}\MpKsl67ee76b8.sys [6/7/2012 10:21 AM 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 4:38 PM 116608]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\SYSTEM32\DRIVERS\npf.sys [6/25/2010 10:07 AM 35088]
R3 Pcouffin;Low level access layer for CD devices;c:\windows\SYSTEM32\DRIVERS\Pcouffin.sys [4/15/2005 10:32 AM 39488]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/28/2009 4:38 PM 135664]
S2 hpdj00;hpdj00;c:\docume~1\Ron\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=HP remote printers -product=aio --> c:\docume~1\Ron\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=HP remote printers -product=aio [?]
S2 PMKKNEIM;PMKKNEIM;\??\c:\windows\system32\pmkkneim.ztf --> c:\windows\system32\pmkkneim.ztf [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe [5/9/2012 3:08 PM 257696]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [5/16/2011 10:32 AM 191752]
S3 fd_dbus;FutureDial USB Composite Device driver (WDM);c:\windows\SYSTEM32\DRIVERS\fd_dbus.sys [3/17/2006 2:37 PM 44816]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/28/2009 4:38 PM 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/9/2012 12:26 PM 129976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 22:13]
.
2012-06-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 19:34]
.
2012-06-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-12-27 11:13]
.
2012-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 23:38]
.
2012-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 23:38]
.
2012-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-735002888-2697058314-2201943645-1005Core.job
- c:\documents and settings\Ron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-01 20:53]
.
2012-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-735002888-2697058314-2201943645-1005UA.job
- c:\documents and settings\Ron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-01 20:53]
.
2012-06-07 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-27 00:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: eBay Search
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.2.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Ron\Application Data\Mozilla\Firefox\Profiles\bs3h9njy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-07 10:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PMKKNEIM]
"ImagePath"="\??\c:\windows\system32\pmkkneim.ztf"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(700)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3520)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Logitech\Video\FxSvr2.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2012-06-07 11:01:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-07 18:01
ComboFix2.txt 2012-06-05 00:21
.
Pre-Run: 161,008,455,680 bytes free
Post-Run: 160,964,927,488 bytes free
.
- - End Of File - - 100FF0417F6D2FACD98CC0D9B2010804
10:20:59.0968 3036 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
10:21:00.0546 3036 ============================================================
10:21:00.0546 3036 Current date / time: 2012/06/07 10:21:00.0546
10:21:00.0546 3036 SystemInfo:
10:21:00.0546 3036
10:21:00.0546 3036 OS Version: 5.1.2600 ServicePack: 3.0
10:21:00.0546 3036 Product type: Workstation
10:21:00.0546 3036 ComputerName: RONS
10:21:00.0546 3036 UserName: Ron
10:21:00.0546 3036 Windows directory: C:\WINDOWS
10:21:00.0546 3036 System windows directory: C:\WINDOWS
10:21:00.0546 3036 Processor architecture: Intel x86
10:21:00.0546 3036 Number of processors: 2
10:21:00.0546 3036 Page size: 0x1000
10:21:00.0546 3036 Boot type: Normal boot
10:21:00.0546 3036 ============================================================
10:21:01.0546 3036 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:21:01.0578 3036 ============================================================
10:21:01.0578 3036 \Device\Harddisk0\DR0:
10:21:01.0578 3036 MBR partitions:
10:21:01.0578 3036 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x1CB31C14
10:21:01.0578 3036 ============================================================
10:21:01.0625 3036 C: <-> \Device\Harddisk0\DR0\Partition0
10:21:01.0625 3036 ============================================================
10:21:01.0625 3036 Initialize success
10:21:01.0625 3036 ============================================================
10:21:06.0328 2592 ============================================================
10:21:06.0328 2592 Scan started
10:21:06.0328 2592 Mode: Manual;
10:21:06.0328 2592 ============================================================
10:21:06.0578 2592 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
10:21:06.0578 2592 !SASCORE - ok
10:21:06.0750 2592 Abiosdsk - ok
10:21:06.0781 2592 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
10:21:06.0781 2592 abp480n5 - ok
10:21:06.0812 2592 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:21:06.0812 2592 ACPI - ok
10:21:06.0843 2592 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:21:06.0843 2592 ACPIEC - ok
10:21:06.0921 2592 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:21:06.0937 2592 AdobeFlashPlayerUpdateSvc - ok
10:21:06.0937 2592 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
10:21:06.0937 2592 adpu160m - ok
10:21:06.0968 2592 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:21:06.0968 2592 aec - ok
10:21:07.0000 2592 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
10:21:07.0000 2592 Afc - ok
10:21:07.0046 2592 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:21:07.0046 2592 AFD - ok
10:21:07.0062 2592 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
10:21:07.0062 2592 agp440 - ok
10:21:07.0062 2592 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
10:21:07.0062 2592 agpCPQ - ok
10:21:07.0078 2592 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
10:21:07.0078 2592 Aha154x - ok
10:21:07.0093 2592 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
10:21:07.0093 2592 aic78u2 - ok
10:21:07.0093 2592 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
10:21:07.0093 2592 aic78xx - ok
10:21:07.0140 2592 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
10:21:07.0140 2592 Alerter - ok
10:21:07.0187 2592 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
10:21:07.0187 2592 ALG - ok
10:21:07.0203 2592 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
10:21:07.0203 2592 AliIde - ok
10:21:07.0218 2592 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
10:21:07.0218 2592 alim1541 - ok
10:21:07.0218 2592 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
10:21:07.0218 2592 amdagp - ok
10:21:07.0234 2592 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
10:21:07.0234 2592 amsint - ok
10:21:07.0406 2592 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:21:07.0406 2592 Apple Mobile Device - ok
10:21:07.0453 2592 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
10:21:07.0453 2592 AppMgmt - ok
10:21:07.0468 2592 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:21:07.0468 2592 Arp1394 - ok
10:21:07.0468 2592 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
10:21:07.0468 2592 asc - ok
10:21:07.0484 2592 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
10:21:07.0484 2592 asc3350p - ok
10:21:07.0484 2592 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
10:21:07.0484 2592 asc3550 - ok
10:21:07.0609 2592 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:21:07.0687 2592 aspnet_state - ok
10:21:07.0718 2592 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:21:07.0734 2592 AsyncMac - ok
10:21:07.0765 2592 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:21:07.0765 2592 atapi - ok
10:21:07.0781 2592 Atdisk - ok
10:21:07.0906 2592 Ati HotKey Poller (e9e4caaf26d436d1df177ae484090750) C:\WINDOWS\system32\Ati2evxx.exe
10:21:07.0906 2592 Ati HotKey Poller - ok
10:21:07.0968 2592 ati2mtag (85c673f5862441f231099809235b5657) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
10:21:08.0000 2592 ati2mtag - ok
10:21:08.0046 2592 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:21:08.0046 2592 Atmarpc - ok
10:21:08.0093 2592 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
10:21:08.0093 2592 AudioSrv - ok
10:21:08.0109 2592 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:21:08.0109 2592 audstub - ok
10:21:08.0156 2592 b57w2k (4826fcf97c47b361a2e2f68cd487a19e) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
10:21:08.0156 2592 b57w2k - ok
10:21:08.0281 2592 BBSvc (9c53c3ec25c109badfa2b386a3446f16) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
10:21:08.0281 2592 BBSvc - ok
10:21:08.0312 2592 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:21:08.0312 2592 Beep - ok
10:21:08.0375 2592 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
10:21:08.0593 2592 BITS - ok
10:21:08.0640 2592 BOCDRIVE - ok
10:21:08.0718 2592 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
10:21:08.0734 2592 Bonjour Service - ok
10:21:08.0765 2592 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
10:21:08.0781 2592 Browser - ok
10:21:08.0781 2592 bvrp_pci - ok
10:21:08.0781 2592 catchme - ok
10:21:08.0843 2592 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
10:21:08.0843 2592 cbidf - ok
10:21:08.0859 2592 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:21:08.0859 2592 cbidf2k - ok
10:21:08.0921 2592 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:21:08.0921 2592 CCDECODE - ok
10:21:08.0968 2592 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
10:21:08.0968 2592 cd20xrnt - ok
10:21:09.0000 2592 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:21:09.0000 2592 Cdaudio - ok
10:21:09.0015 2592 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:21:09.0015 2592 Cdfs - ok
10:21:09.0046 2592 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:21:09.0046 2592 Cdrom - ok
10:21:09.0046 2592 Changer - ok
10:21:09.0109 2592 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
10:21:09.0109 2592 CiSvc - ok
10:21:09.0125 2592 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
10:21:09.0125 2592 ClipSrv - ok
10:21:09.0234 2592 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:21:09.0265 2592 clr_optimization_v2.0.50727_32 - ok
10:21:09.0281 2592 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
10:21:09.0281 2592 CmdIde - ok
10:21:09.0281 2592 COMSysApp - ok
10:21:09.0328 2592 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
10:21:09.0328 2592 Cpqarray - ok
10:21:09.0406 2592 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
10:21:09.0406 2592 CryptSvc - ok
10:21:09.0421 2592 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
10:21:09.0421 2592 dac2w2k - ok
10:21:09.0437 2592 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
10:21:09.0437 2592 dac960nt - ok
10:21:09.0500 2592 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
10:21:09.0515 2592 DcomLaunch - ok
10:21:09.0578 2592 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
10:21:09.0593 2592 Dhcp - ok
10:21:09.0609 2592 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:21:09.0609 2592 Disk - ok
10:21:09.0609 2592 dmadmin - ok
10:21:09.0687 2592 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:21:09.0703 2592 dmboot - ok
10:21:09.0734 2592 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:21:09.0750 2592 dmio - ok
10:21:09.0781 2592 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:21:09.0781 2592 dmload - ok
10:21:09.0812 2592 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
10:21:09.0812 2592 dmserver - ok
10:21:09.0843 2592 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:21:09.0843 2592 DMusic - ok
10:21:09.0890 2592 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
10:21:09.0890 2592 Dnscache - ok
10:21:09.0937 2592 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
10:21:09.0937 2592 Dot3svc - ok
10:21:09.0968 2592 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
10:21:09.0968 2592 dpti2o - ok
10:21:09.0968 2592 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:21:09.0968 2592 drmkaud - ok
10:21:10.0000 2592 drvmcdb (b15f9e526ba511a48b1b1b8537815740) C:\WINDOWS\system32\drivers\drvmcdb.sys
10:21:10.0062 2592 drvmcdb - ok
10:21:10.0062 2592 drvnddm (fa4670cae95ae2bb857c68e535661145) C:\WINDOWS\system32\drivers\drvnddm.sys
10:21:11.0203 2592 drvnddm - ok
10:21:11.0328 2592 DSBrokerService (fe80901578e7e3da70299a5aeb2b7fbd) C:\Program Files\DellSupport\brkrsvc.exe
10:21:11.0328 2592 DSBrokerService - ok
10:21:11.0421 2592 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
10:21:11.0421 2592 DSproct - ok
10:21:11.0453 2592 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
10:21:11.0453 2592 dsunidrv - ok
10:21:11.0484 2592 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
10:21:11.0515 2592 dvd43llh - ok
10:21:11.0546 2592 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
10:21:11.0546 2592 E100B - ok
10:21:11.0593 2592 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
10:21:11.0593 2592 EapHost - ok
10:21:11.0625 2592 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
10:21:11.0625 2592 ERSvc - ok
10:21:11.0656 2592 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
10:21:11.0656 2592 Eventlog - ok
10:21:11.0703 2592 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
10:21:11.0703 2592 EventSystem - ok
10:21:11.0750 2592 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:21:11.0750 2592 Fastfat - ok
10:21:11.0812 2592 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:21:11.0812 2592 FastUserSwitchingCompatibility - ok
10:21:11.0859 2592 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
10:21:11.0859 2592 Fax - ok
10:21:11.0890 2592 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
10:21:11.0890 2592 Fdc - ok
10:21:11.0921 2592 fd_dbus (f4d5053534459a3377456c90b54d9750) C:\WINDOWS\system32\DRIVERS\fd_dbus.sys
10:21:11.0968 2592 fd_dbus - ok
10:21:12.0000 2592 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:21:12.0000 2592 Fips - ok
10:21:12.0031 2592 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:21:12.0031 2592 Flpydisk - ok
10:21:12.0078 2592 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:21:12.0078 2592 FltMgr - ok
10:21:12.0218 2592 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:21:12.0218 2592 FontCache3.0.0.0 - ok
10:21:12.0281 2592 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:21:12.0281 2592 Fs_Rec - ok
10:21:12.0312 2592 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:21:12.0312 2592 Ftdisk - ok
10:21:12.0359 2592 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:21:12.0359 2592 GEARAspiWDM - ok
10:21:12.0375 2592 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:21:12.0375 2592 Gpc - ok
10:21:12.0484 2592 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
10:21:12.0484 2592 gupdate - ok
10:21:12.0484 2592 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
10:21:12.0500 2592 gupdatem - ok
10:21:12.0546 2592 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:21:12.0546 2592 gusvc - ok
10:21:12.0593 2592 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:21:12.0593 2592 helpsvc - ok
10:21:12.0625 2592 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
10:21:12.0625 2592 HidServ - ok
10:21:12.0625 2592 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:21:12.0625 2592 HidUsb - ok
10:21:12.0687 2592 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
10:21:12.0687 2592 hkmsvc - ok
10:21:12.0828 2592 hpdj00 - ok
10:21:12.0890 2592 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
10:21:12.0890 2592 hpn - ok
10:21:12.0984 2592 hpqcxs08 (97aac45a375168c6a2297beeb9692e31) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
10:21:13.0015 2592 hpqcxs08 - ok
10:21:13.0015 2592 hpqddsvc (19a4fb67b1c97ea18edff44340973cd9) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
10:21:13.0031 2592 hpqddsvc - ok
10:21:13.0078 2592 HPSLPSVC (56fc98f1014ea8dc51b92839c32759ec) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
10:21:13.0109 2592 HPSLPSVC - ok
10:21:13.0234 2592 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
10:21:13.0234 2592 HPZid412 - ok
10:21:13.0281 2592 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
10:21:13.0281 2592 HPZipr12 - ok
10:21:13.0343 2592 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
10:21:13.0343 2592 HPZius12 - ok
10:21:13.0421 2592 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
10:21:13.0421 2592 HSFHWBS2 - ok
10:21:13.0468 2592 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
10:21:13.0515 2592 HSF_DP - ok
10:21:13.0546 2592 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:21:13.0562 2592 HTTP - ok
10:21:13.0593 2592 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
10:21:13.0609 2592 HTTPFilter - ok
10:21:13.0656 2592 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
10:21:13.0656 2592 i2omgmt - ok
10:21:13.0656 2592 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
10:21:13.0671 2592 i2omp - ok
10:21:13.0687 2592 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:21:13.0687 2592 i8042prt - ok
10:21:13.0812 2592 IAANTMon (a38bf37fd0795382655f756dd4446fa0) C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
10:21:13.0812 2592 IAANTMon - ok
10:21:13.0875 2592 iaStor (d7731536e183b4397402ca6f9e1d52f7) C:\WINDOWS\system32\drivers\iaStor.sys
10:21:13.0875 2592 iaStor - ok
10:21:14.0000 2592 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
10:21:14.0000 2592 IDriverT - ok
10:21:14.0125 2592 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:21:14.0140 2592 idsvc - ok
10:21:14.0265 2592 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:21:14.0265 2592 Imapi - ok
10:21:14.0312 2592 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
10:21:14.0312 2592 ImapiService - ok
10:21:14.0343 2592 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
10:21:14.0359 2592 ini910u - ok
10:21:14.0359 2592 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
10:21:14.0359 2592 IntelIde - ok
10:21:14.0406 2592 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:21:14.0406 2592 intelppm - ok
10:21:14.0453 2592 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:21:14.0453 2592 Ip6Fw - ok
10:21:14.0500 2592 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:21:14.0500 2592 IpFilterDriver - ok
10:21:14.0515 2592 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:21:14.0515 2592 IpInIp - ok
10:21:14.0562 2592 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:21:14.0562 2592 IpNat - ok
10:21:14.0671 2592 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
10:21:14.0703 2592 iPod Service - ok
10:21:14.0718 2592 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:21:14.0718 2592 IPSec - ok
10:21:14.0765 2592 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:21:14.0765 2592 IRENUM - ok
10:21:14.0765 2592 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:21:14.0765 2592 isapnp - ok
10:21:14.0906 2592 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
10:21:14.0921 2592 JavaQuickStarterService - ok
10:21:14.0921 2592 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:21:14.0937 2592 Kbdclass - ok
10:21:14.0937 2592 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:21:14.0937 2592 kbdhid - ok
10:21:14.0968 2592 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:21:14.0968 2592 kmixer - ok
10:21:15.0000 2592 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:21:15.0015 2592 KSecDD - ok
10:21:15.0046 2592 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
10:21:15.0046 2592 lanmanserver - ok
10:21:15.0093 2592 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
10:21:15.0093 2592 lanmanworkstation - ok
10:21:15.0109 2592 lbrtfdc - ok
10:21:15.0156 2592 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
10:21:15.0156 2592 LmHosts - ok
10:21:15.0218 2592 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
10:21:15.0218 2592 mdmxsdk - ok
10:21:15.0265 2592 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
10:21:15.0265 2592 Messenger - ok
10:21:15.0296 2592 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:21:15.0296 2592 mnmdd - ok
10:21:15.0343 2592 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
10:21:15.0343 2592 mnmsrvc - ok
10:21:15.0375 2592 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:21:15.0375 2592 Modem - ok
10:21:15.0406 2592 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
10:21:15.0406 2592 MODEMCSA - ok
10:21:15.0421 2592 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:21:15.0421 2592 Mouclass - ok
10:21:15.0468 2592 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:21:15.0468 2592 mouhid - ok
10:21:15.0484 2592 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:21:15.0484 2592 MountMgr - ok
10:21:15.0531 2592 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:21:15.0531 2592 MozillaMaintenance - ok
10:21:15.0578 2592 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
10:21:15.0578 2592 MpFilter - ok
10:21:15.0796 2592 MpKsl67ee76b8 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0BF567D5-75C2-4E44-BE95-687E0B913661}\MpKsl67ee76b8.sys
10:21:15.0796 2592 MpKsl67ee76b8 - ok
10:21:15.0796 2592 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
10:21:15.0796 2592 mraid35x - ok
10:21:15.0812 2592 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:21:15.0812 2592 MRxDAV - ok
10:21:15.0859 2592 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:21:15.0875 2592 MRxSmb - ok
10:21:15.0953 2592 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
10:21:15.0953 2592 MSDTC - ok
10:21:15.0953 2592 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:21:15.0968 2592 Msfs - ok
10:21:15.0968 2592 MSIServer - ok
10:21:16.0000 2592 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:21:16.0000 2592 MSKSSRV - ok
10:21:16.0062 2592 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
10:21:16.0062 2592 MsMpSvc - ok
10:21:16.0093 2592 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:21:16.0093 2592 MSPCLOCK - ok
10:21:16.0125 2592 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:21:16.0125 2592 MSPQM - ok
10:21:16.0156 2592 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:21:16.0156 2592 mssmbios - ok
10:21:16.0203 2592 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
10:21:16.0203 2592 MSTEE - ok
10:21:16.0234 2592 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:21:16.0250 2592 Mup - ok
10:21:16.0281 2592 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:21:16.0281 2592 NABTSFEC - ok
10:21:16.0343 2592 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
10:21:16.0343 2592 napagent - ok
10:21:16.0390 2592 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:21:16.0390 2592 NDIS - ok
10:21:16.0437 2592 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:21:16.0437 2592 NdisIP - ok
10:21:16.0468 2592 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:21:16.0468 2592 NdisTapi - ok
10:21:16.0484 2592 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:21:16.0484 2592 Ndisuio - ok
10:21:16.0484 2592 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:21:16.0500 2592 NdisWan - ok
10:21:16.0500 2592 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:21:16.0515 2592 NDProxy - ok
10:21:16.0531 2592 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll
10:21:16.0546 2592 Net Driver HPZ12 - ok
10:21:16.0546 2592 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:21:16.0546 2592 NetBIOS - ok
10:21:16.0578 2592 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:21:16.0578 2592 NetBT - ok
10:21:16.0625 2592 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:21:16.0625 2592 NetDDE - ok
10:21:16.0625 2592 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:21:16.0640 2592 NetDDEdsdm - ok
10:21:16.0687 2592 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:21:16.0687 2592 Netlogon - ok
10:21:16.0718 2592 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
10:21:16.0718 2592 Netman - ok
10:21:16.0843 2592 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:21:16.0843 2592 NetTcpPortSharing - ok
10:21:16.0890 2592 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:21:16.0890 2592 NIC1394 - ok
10:21:16.0937 2592 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
10:21:16.0937 2592 Nla - ok
10:21:16.0953 2592 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\WINDOWS\system32\drivers\npf.sys
10:21:16.0968 2592 NPF - ok
10:21:16.0968 2592 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:21:16.0968 2592 Npfs - ok
10:21:17.0015 2592 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:21:17.0031 2592 Ntfs - ok
10:21:17.0031 2592 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:21:17.0031 2592 NtLmSsp - ok
10:21:17.0093 2592 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
10:21:17.0093 2592 NtmsSvc - ok
10:21:17.0171 2592 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:21:17.0171 2592 Null - ok
10:21:17.0296 2592 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:21:17.0359 2592 nv - ok
10:21:17.0468 2592 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:21:17.0468 2592 NwlnkFlt - ok
10:21:17.0484 2592 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:21:17.0484 2592 NwlnkFwd - ok
10:21:17.0500 2592 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:21:17.0500 2592 ohci1394 - ok
10:21:17.0546 2592 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
10:21:17.0562 2592 omci - ok
10:21:17.0593 2592 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
10:21:17.0593 2592 Parport - ok
10:21:17.0609 2592 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:21:17.0609 2592 PartMgr - ok
10:21:17.0640 2592 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:21:17.0640 2592 ParVdm - ok
10:21:17.0687 2592 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:21:17.0687 2592 PCI - ok
10:21:17.0687 2592 PCIDump - ok
10:21:17.0703 2592 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:21:17.0703 2592 PCIIde - ok
10:21:17.0734 2592 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:21:17.0734 2592 Pcmcia - ok
10:21:17.0781 2592 Pcouffin (5b68c60b01dac03d895ec1ca0a0365da) C:\WINDOWS\system32\Drivers\Pcouffin.sys
10:21:17.0812 2592 Pcouffin - ok
10:21:17.0812 2592 PDCOMP - ok
10:21:17.0828 2592 PDFRAME - ok
10:21:17.0828 2592 PDRELI - ok
10:21:17.0843 2592 PDRFRAME - ok
10:21:17.0843 2592 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
10:21:17.0859 2592 perc2 - ok
10:21:17.0859 2592 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
10:21:17.0859 2592 perc2hib - ok
10:21:17.0937 2592 PhilCam8116 (15670c1686c51b68e58b8e31569f524f) C:\WINDOWS\system32\DRIVERS\CamDrL21.sys
10:21:17.0937 2592 PhilCam8116 - ok
10:21:18.0015 2592 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
10:21:18.0031 2592 PlugPlay - ok
10:21:18.0031 2592 PMKKNEIM - ok
10:21:18.0078 2592 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll
10:21:18.0078 2592 Pml Driver HPZ12 - ok
10:21:18.0109 2592 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:21:18.0109 2592 PolicyAgent - ok
10:21:18.0125 2592 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:21:18.0125 2592 PptpMiniport - ok
10:21:18.0140 2592 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:21:18.0140 2592 ProtectedStorage - ok
10:21:18.0156 2592 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:21:18.0156 2592 PSched - ok
10:21:18.0265 2592 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
10:21:18.0281 2592 PSI_SVC_2 - ok
10:21:18.0281 2592 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:21:18.0281 2592 Ptilink - ok
10:21:18.0312 2592 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:21:18.0312 2592 PxHelp20 - ok
10:21:18.0328 2592 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
10:21:18.0328 2592 ql1080 - ok
10:21:18.0343 2592 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
10:21:18.0343 2592 Ql10wnt - ok
10:21:18.0359 2592 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
10:21:18.0359 2592 ql12160 - ok
10:21:18.0359 2592 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
10:21:18.0375 2592 ql1240 - ok
10:21:18.0375 2592 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
10:21:18.0375 2592 ql1280 - ok
10:21:18.0390 2592 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:21:18.0390 2592 RasAcd - ok
10:21:18.0437 2592 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
10:21:18.0437 2592 RasAuto - ok
10:21:18.0468 2592 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:21:18.0468 2592 Rasl2tp - ok
10:21:18.0515 2592 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
10:21:18.0515 2592 RasMan - ok
10:21:18.0531 2592 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:21:18.0531 2592 RasPppoe - ok
10:21:18.0546 2592 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:21:18.0546 2592 Raspti - ok
10:21:18.0562 2592 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:21:18.0562 2592 Rdbss - ok
10:21:18.0578 2592 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:21:18.0578 2592 RDPCDD - ok
10:21:18.0640 2592 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:21:18.0640 2592 rdpdr - ok
10:21:18.0687 2592 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
10:21:18.0703 2592 RDPWD - ok
10:21:18.0718 2592 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
10:21:18.0718 2592 RDSessMgr - ok
10:21:18.0765 2592 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:21:18.0765 2592 redbook - ok
10:21:18.0828 2592 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
10:21:18.0828 2592 RemoteAccess - ok
10:21:18.0859 2592 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
10:21:18.0875 2592 RemoteRegistry - ok
10:21:18.0968 2592 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files\WinPcap\rpcapd.exe
10:21:18.0968 2592 rpcapd - ok
10:21:19.0031 2592 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
10:21:19.0031 2592 RpcLocator - ok
10:21:19.0078 2592 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
10:21:19.0078 2592 RpcSs - ok
10:21:19.0125 2592 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
10:21:19.0140 2592 RSVP - ok
10:21:19.0171 2592 SABProcEnum - ok
10:21:19.0187 2592 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:21:19.0187 2592 SamSs - ok
10:21:19.0234 2592 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
10:21:19.0234 2592 SASDIFSV - ok
10:21:19.0265 2592 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
10:21:19.0265 2592 SASKUTIL - ok
10:21:19.0312 2592 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
10:21:19.0312 2592 SCardSvr - ok
10:21:19.0359 2592 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
10:21:19.0359 2592 Schedule - ok
10:21:19.0421 2592 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
10:21:19.0421 2592 SeaPort - ok
10:21:19.0515 2592 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:21:19.0531 2592 Secdrv - ok
10:21:19.0546 2592 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
10:21:19.0562 2592 seclogon - ok
10:21:19.0640 2592 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
10:21:19.0640 2592 senfilt - ok
10:21:19.0671 2592 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
10:21:19.0671 2592 SENS - ok
10:21:19.0703 2592 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:21:19.0703 2592 serenum - ok
10:21:19.0718 2592 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:21:19.0718 2592 Serial - ok
10:21:19.0750 2592 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:21:19.0750 2592 Sfloppy - ok
10:21:19.0859 2592 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
10:21:19.0875 2592 SharedAccess - ok
10:21:19.0968 2592 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:21:19.0968 2592 ShellHWDetection - ok
10:21:19.0984 2592 Simbad - ok
10:21:20.0046 2592 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
10:21:20.0046 2592 sisagp - ok
10:21:20.0078 2592 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:21:20.0078 2592 SLIP - ok
10:21:20.0125 2592 SMR250 (ecc0db3be1589dbb7e0fa7c1e0dda0e4) C:\WINDOWS\system32\drivers\SMR250.SYS
10:21:20.0125 2592 SMR250 - ok
10:21:20.0187 2592 smwdm (86c4d93b7b7818d066c52fdb03c6c921) C:\WINDOWS\system32\drivers\smwdm.sys
10:21:20.0187 2592 smwdm - ok
10:21:20.0203 2592 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
10:21:20.0203 2592 Sparrow - ok
10:21:20.0218 2592 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:21:20.0218 2592 splitter - ok
10:21:20.0250 2592 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
10:21:20.0250 2592 Spooler - ok
10:21:20.0281 2592 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:21:20.0296 2592 sr - ok
10:21:20.0343 2592 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
10:21:20.0343 2592 srservice - ok
10:21:20.0390 2592 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:21:20.0390 2592 Srv - ok
10:21:20.0421 2592 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
10:21:20.0437 2592 sscdbhk5 - ok
10:21:20.0468 2592 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
10:21:20.0468 2592 SSDPSRV - ok
10:21:20.0484 2592 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
10:21:20.0531 2592 ssrtln - ok
10:21:20.0578 2592 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
10:21:20.0578 2592 StillCam - ok
10:21:20.0625 2592 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
10:21:20.0640 2592 stisvc - ok
10:21:20.0703 2592 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:21:20.0703 2592 streamip - ok
10:21:20.0734 2592 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:21:20.0734 2592 swenum - ok
10:21:20.0765 2592 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:21:20.0765 2592 swmidi - ok
10:21:20.0765 2592 SwPrv - ok
10:21:20.0859 2592 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
10:21:20.0859 2592 symc810 - ok
10:21:20.0875 2592 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
10:21:20.0875 2592 symc8xx - ok
10:21:20.0875 2592 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
10:21:20.0875 2592 sym_hi - ok
10:21:20.0890 2592 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
10:21:20.0890 2592 sym_u3 - ok
10:21:20.0906 2592 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:21:20.0906 2592 sysaudio - ok
10:21:20.0953 2592 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
10:21:20.0953 2592 SysmonLog - ok
10:21:20.0984 2592 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
10:21:21.0000 2592 TapiSrv - ok
10:21:21.0046 2592 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:21:21.0046 2592 Tcpip - ok
10:21:21.0078 2592 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:21:21.0078 2592 TDPIPE - ok
10:21:21.0093 2592 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:21:21.0093 2592 TDTCP - ok
10:21:21.0125 2592 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:21:21.0125 2592 TermDD - ok
10:21:21.0156 2592 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
10:21:21.0171 2592 TermService - ok
10:21:21.0265 2592 tfsnboio (1d265cd2fb1673a0873bf8cec19ddc7f) C:\WINDOWS\system32\dla\tfsnboio.sys
10:21:21.0281 2592 tfsnboio - ok
10:21:21.0296 2592 tfsncofs (62e4901295e0467cac78e5b4b131ae5c) C:\WINDOWS\system32\dla\tfsncofs.sys
10:21:21.0312 2592 tfsncofs - ok
10:21:21.0328 2592 tfsndrct (a2f380f9252ab3464c859adf91eead9c) C:\WINDOWS\system32\dla\tfsndrct.sys
10:21:21.0343 2592 tfsndrct - ok
10:21:21.0359 2592 tfsndres (eee79bbefe9c6a2a3ce6c8753cfea950) C:\WINDOWS\system32\dla\tfsndres.sys
10:21:21.0375 2592 tfsndres - ok
10:21:21.0390 2592 tfsnifs (9d644eb11fec9487450c4cfcd63a5df4) C:\WINDOWS\system32\dla\tfsnifs.sys
10:21:21.0437 2592 tfsnifs - ok
10:21:21.0437 2592 tfsnopio (e656af05c67edb7c0e9230a5df71ed1b) C:\WINDOWS\system32\dla\tfsnopio.sys
10:21:21.0453 2592 tfsnopio - ok
10:21:21.0468 2592 tfsnpool (64fccb9cce703ca507dffc3cebf6b2cb) C:\WINDOWS\system32\dla\tfsnpool.sys
10:21:21.0484 2592 tfsnpool - ok
10:21:21.0500 2592 tfsnudf (48bc9d8ab4e4b9bff70fb18e55cec3d6) C:\WINDOWS\system32\dla\tfsnudf.sys
10:21:21.0531 2592 tfsnudf - ok
10:21:21.0546 2592 tfsnudfa (79f60822224256b49bfc855da8d651d5) C:\WINDOWS\system32\dla\tfsnudfa.sys
10:21:21.0593 2592 tfsnudfa - ok
10:21:21.0640 2592 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:21:21.0640 2592 Themes - ok
10:21:21.0703 2592 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
10:21:21.0703 2592 TlntSvr - ok
10:21:21.0750 2592 tmcomm (4dc436421c9d745d7e8c37f956701c78) C:\WINDOWS\system32\drivers\tmcomm.sys
10:21:21.0750 2592 tmcomm - ok
10:21:21.0796 2592 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
10:21:21.0796 2592 TosIde - ok
10:21:21.0828 2592 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
10:21:21.0828 2592 TrkWks - ok
10:21:21.0859 2592 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:21:21.0859 2592 Udfs - ok
10:21:21.0875 2592 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
10:21:21.0875 2592 ultra - ok
10:21:21.0937 2592 umpusbxp (1f0b57bc09858d1104128c6ed3d61768) C:\WINDOWS\system32\DRIVERS\umpusbxp.sys
10:21:21.0937 2592 umpusbxp - ok
10:21:22.0015 2592 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:21:22.0015 2592 Update - ok
10:21:22.0062 2592 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
10:21:22.0078 2592 upnphost - ok
10:21:22.0078 2592 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
10:21:22.0093 2592 UPS - ok
10:21:22.0140 2592 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
10:21:22.0171 2592 USBAAPL - ok
10:21:22.0218 2592 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
10:21:22.0218 2592 usbaudio - ok
10:21:22.0218 2592 usbbus - ok
10:21:22.0265 2592 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:21:22.0265 2592 usbccgp - ok
10:21:22.0265 2592 UsbDiag - ok
10:21:22.0312 2592 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:21:22.0312 2592 usbehci - ok
10:21:22.0312 2592 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:21:22.0312 2592 usbhub - ok
10:21:22.0328 2592 USBModem - ok
10:21:22.0343 2592 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:21:22.0343 2592 usbprint - ok
10:21:22.0375 2592 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:21:22.0375 2592 usbscan - ok
10:21:22.0375 2592 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:21:22.0390 2592 USBSTOR - ok
10:21:22.0406 2592 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:21:22.0406 2592 usbuhci - ok
10:21:22.0453 2592 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
10:21:22.0453 2592 USB_RNDIS - ok
10:21:22.0468 2592 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
10:21:22.0468 2592 usb_rndisx - ok
10:21:22.0500 2592 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:21:22.0500 2592 VgaSave - ok
10:21:22.0515 2592 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
10:21:22.0515 2592 viaagp - ok
10:21:22.0515 2592 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
10:21:22.0515 2592 ViaIde - ok
10:21:22.0531 2592 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:21:22.0531 2592 VolSnap - ok
10:21:22.0546 2592 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
10:21:22.0562 2592 VSS - ok
10:21:22.0609 2592 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
10:21:22.0609 2592 w32time - ok
10:21:22.0625 2592 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:21:22.0640 2592 Wanarp - ok
10:21:22.0640 2592 wanatw - ok
10:21:22.0656 2592 WDICA - ok
10:21:22.0656 2592 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:21:22.0671 2592 wdmaud - ok
10:21:22.0687 2592 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
10:21:22.0687 2592 WebClient - ok
10:21:22.0765 2592 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
10:21:22.0765 2592 winachsf - ok
10:21:22.0812 2592 windrvNT (ce291805cb4cd561a5a569df4e28e41f) C:\WINDOWS\system32\windrvNT.sys
10:21:22.0812 2592 windrvNT - ok
10:21:22.0906 2592 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
10:21:22.0906 2592 winmgmt - ok
10:21:22.0953 2592 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
10:21:22.0968 2592 WmdmPmSN - ok
10:21:23.0015 2592 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
10:21:23.0031 2592 Wmi - ok
10:21:23.0062 2592 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:21:23.0078 2592 WmiApSrv - ok
10:21:23.0265 2592 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
10:21:23.0296 2592 WMPNetworkSvc - ok
10:21:23.0421 2592 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:21:23.0421 2592 WS2IFSL - ok
10:21:23.0468 2592 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
10:21:23.0468 2592 wscsvc - ok
10:21:23.0515 2592 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:21:23.0515 2592 WSTCODEC - ok
10:21:23.0562 2592 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
10:21:23.0593 2592 wuauserv - ok
10:21:23.0640 2592 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:21:23.0640 2592 WudfPf - ok
10:21:23.0656 2592 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:21:23.0656 2592 WudfRd - ok
10:21:23.0703 2592 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
10:21:23.0703 2592 WudfSvc - ok
10:21:23.0765 2592 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
10:21:23.0781 2592 WZCSVC - ok
10:21:23.0828 2592 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
10:21:23.0828 2592 xmlprov - ok
10:21:23.0890 2592 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
10:21:24.0343 2592 \Device\Harddisk0\DR0 - ok
10:21:24.0343 2592 Boot (0x1200) (d438540103bd8d0380755255da6702cb) \Device\Harddisk0\DR0\Partition0
10:21:24.0343 2592 \Device\Harddisk0\DR0\Partition0 - ok
10:21:24.0343 2592 ============================================================
10:21:24.0343 2592 Scan finished
10:21:24.0343 2592 ============================================================
10:21:24.0359 3800 Detected object count: 0
10:21:24.0359 3800 Actual detected object count: 0
10:21:27.0218 0296 Deinitialize success

Thanks.....Herewith my Logs.
Looks like explorer is infected..?Thanks again Patti
will post computer behavior as soon as I log out. :)

#9 pattilou

pattilou
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 07 June 2012 - 01:16 PM

After a couple of Google searches... it still is redirecting.
Thanks Patti :(

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:43 AM

Posted 07 June 2012 - 07:05 PM

We need to run a CFScript.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

FCopy::
c:\windows\ServicePackFiles\i386\explorer.exe | C:\windows\explorer.exe

Domains::

DDS::
uInternet Settings,ProxyOverride = localhost;*.local

Driver::
PMKKNEIM


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 pattilou

pattilou
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 07 June 2012 - 09:54 PM

ComboFix 12-06-07.04 - Ron 06/07/2012 18:45:58.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.413 [GMT -7:00]
Running from: c:\documents and settings\Ron\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ron\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Ron\LOCALS~1\Temp\win2.tmp
c:\docume~1\Ron\LOCALS~1\Temp\win4.tmp
c:\documents and settings\Ron\Local Settings\Temp\win2.tmp
c:\documents and settings\Ron\Local Settings\Temp\win4.tmp
c:\windows\OLD103.tmp
c:\windows\OLD107.tmp
c:\windows\OLD10B.tmp
c:\windows\OLD10F.tmp
c:\windows\OLD113.tmp
c:\windows\OLD117.tmp
c:\windows\OLD11B.tmp
c:\windows\OLD11F.tmp
c:\windows\OLD123.tmp
c:\windows\OLD127.tmp
c:\windows\OLD12B.tmp
c:\windows\OLD12F.tmp
c:\windows\OLD133.tmp
c:\windows\OLD137.tmp
c:\windows\OLD13B.tmp
c:\windows\OLD13F.tmp
c:\windows\OLD143.tmp
c:\windows\OLD147.tmp
c:\windows\OLD14B.tmp
c:\windows\OLD14F.tmp
c:\windows\OLD153.tmp
c:\windows\OLD157.tmp
c:\windows\OLD15B.tmp
c:\windows\OLD15F.tmp
c:\windows\OLD163.tmp
c:\windows\OLD167.tmp
c:\windows\OLD16B.tmp
c:\windows\OLD16F.tmp
c:\windows\OLD173.tmp
c:\windows\OLD177.tmp
c:\windows\OLD17B.tmp
c:\windows\OLD17F.tmp
c:\windows\OLD183.tmp
c:\windows\OLD187.tmp
c:\windows\OLD18B.tmp
c:\windows\OLD18F.tmp
c:\windows\OLD193.tmp
c:\windows\OLD197.tmp
c:\windows\OLD19B.tmp
c:\windows\OLD19F.tmp
c:\windows\OLD1A3.tmp
c:\windows\OLD37.tmp
c:\windows\OLD3B.tmp
c:\windows\OLD3F.tmp
c:\windows\OLD43.tmp
c:\windows\OLD47.tmp
c:\windows\OLD4B.tmp
c:\windows\OLD4F.tmp
c:\windows\OLD53.tmp
c:\windows\OLD57.tmp
c:\windows\OLD5B.tmp
c:\windows\OLD5F.tmp
c:\windows\OLD63.tmp
c:\windows\OLD67.tmp
c:\windows\OLD6B.tmp
c:\windows\OLD6F.tmp
c:\windows\OLD73.tmp
c:\windows\OLD77.tmp
c:\windows\OLD7B.tmp
c:\windows\OLD7F.tmp
c:\windows\OLD83.tmp
c:\windows\OLD87.tmp
c:\windows\OLD8B.tmp
c:\windows\OLD8F.tmp
c:\windows\OLD93.tmp
c:\windows\OLD97.tmp
c:\windows\OLD9B.tmp
c:\windows\OLD9F.tmp
c:\windows\OLDA3.tmp
c:\windows\OLDA7.tmp
c:\windows\OLDAB.tmp
c:\windows\OLDAF.tmp
c:\windows\OLDB3.tmp
c:\windows\OLDB7.tmp
c:\windows\OLDBB.tmp
c:\windows\OLDBF.tmp
c:\windows\OLDC3.tmp
c:\windows\OLDC7.tmp
c:\windows\OLDCB.tmp
c:\windows\OLDCF.tmp
c:\windows\OLDD3.tmp
c:\windows\OLDD7.tmp
c:\windows\OLDDB.tmp
c:\windows\OLDDF.tmp
c:\windows\OLDE3.tmp
c:\windows\OLDE7.tmp
c:\windows\OLDEB.tmp
c:\windows\OLDEF.tmp
c:\windows\OLDF3.tmp
c:\windows\OLDF7.tmp
c:\windows\OLDFB.tmp
c:\windows\OLDFF.tmp
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe
.
Infected copy of c:\windows\system32\svchost.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\svchost.exe
.
c:\windows\explorer.exe . . . is infected!!
.
.
--------------- FCopy ---------------
.
c:\windows\ServicePackFiles\i386\explorer.exe --> c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_PMKKNEIM
-------\Service_PMKKNEIM
.
.
((((((((((((((((((((((((( Files Created from 2012-05-08 to 2012-06-08 )))))))))))))))))))))))))))))))
.
.
2012-06-07 17:28 . 2012-06-07 17:28 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0BF567D5-75C2-4E44-BE95-687E0B913661}\offreg.dll
2012-06-07 16:29 . 2012-06-07 17:17 -------- d-----w- c:\documents and settings\Ron\Local Settings\Application Data\NPE
2012-06-07 16:29 . 2012-06-07 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2012-06-06 20:42 . 2012-05-15 08:43 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0BF567D5-75C2-4E44-BE95-687E0B913661}\mpengine.dll
2012-06-06 20:05 . 2012-06-06 20:06 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-06 20:05 . 2012-06-06 20:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-06-05 00:32 . 2012-05-15 08:43 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-04 22:35 . 2012-06-04 22:43 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-01 17:05 . 2012-06-01 17:05 -------- d-----w- c:\program files\ESET
2012-05-31 18:04 . 2012-05-31 18:05 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-29 22:39 . 2012-05-29 22:39 -------- d-----w- c:\program files\iPod
2012-05-29 22:39 . 2012-05-29 22:40 -------- d-----w- c:\program files\iTunes
2012-05-09 22:08 . 2012-05-09 22:13 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-09 19:26 . 2012-05-09 19:26 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-09 19:25 . 2012-05-09 19:25 588728 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-05-09 19:25 . 2012-05-09 19:25 43960 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-05-09 19:25 . 2012-05-09 19:25 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-09 19:25 . 2012-05-09 19:25 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-09 19:25 . 2012-05-09 19:25 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-05-09 19:25 . 2012-05-09 19:25 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-05-09 19:25 . 2012-05-09 19:25 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-08 01:57 . 2004-08-04 11:00 1058816 ----a-w- c:\windows\explorer.exe
2012-05-31 13:22 . 2004-08-04 11:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-09 22:13 . 2012-01-21 20:08 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:14 . 1980-01-01 06:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2004-08-04 11:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 1980-01-01 06:00 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 22:56 . 2011-06-05 19:25 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 03:44 . 2012-03-21 03:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-05-09 19:25 . 2011-12-22 16:46 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . B4164BFF999FC08D93682E7C65096860 . 545280 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\winlogon.exe
[7] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 9046A0B24DCD42E7611E62369E68411A . 39936 . . [5.1.2600.5512] . . c:\windows\SYSTEM32\svchost.exe
[7] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[-] 2012-06-08 . 00663B23577D319678EB5C8A90DBA6EC . 1058816 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-24 68856]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-19 67128]
"Free Internet Eraser"="c:\documents and settings\Ron\Desktop\InternetEraser.exe" [2004-04-18 523776]
"SanDiskSecureAccess_Manager.exe"="c:\documents and settings\Ron\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe" [2011-11-10 27306624]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-05-22 221184]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-06-01 217088]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-06-01 458752]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2005-04-28 788992]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-11-05 980368]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-06 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
.
c:\documents and settings\Ron\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-6-28 385024]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Ron\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Ron\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 4:38 PM 116608]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\SYSTEM32\DRIVERS\npf.sys [6/25/2010 10:07 AM 35088]
R3 Pcouffin;Low level access layer for CD devices;c:\windows\SYSTEM32\DRIVERS\Pcouffin.sys [4/15/2005 10:32 AM 39488]
S1 MpKsl67ee76b8;MpKsl67ee76b8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0BF567D5-75C2-4E44-BE95-687E0B913661}\MpKsl67ee76b8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0BF567D5-75C2-4E44-BE95-687E0B913661}\MpKsl67ee76b8.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/28/2009 4:38 PM 135664]
S2 hpdj00;hpdj00;c:\docume~1\Ron\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=HP remote printers -product=aio --> c:\docume~1\Ron\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=HP remote printers -product=aio [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe [5/9/2012 3:08 PM 257696]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [5/16/2011 10:32 AM 191752]
S3 fd_dbus;FutureDial USB Composite Device driver (WDM);c:\windows\SYSTEM32\DRIVERS\fd_dbus.sys [3/17/2006 2:37 PM 44816]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/28/2009 4:38 PM 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/9/2012 12:26 PM 129976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 22:13]
.
2012-06-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 19:34]
.
2012-06-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-12-27 11:13]
.
2012-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 23:38]
.
2012-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 23:38]
.
2012-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-735002888-2697058314-2201943645-1005Core.job
- c:\documents and settings\Ron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-01 20:53]
.
2012-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-735002888-2697058314-2201943645-1005UA.job
- c:\documents and settings\Ron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-01 20:53]
.
2012-06-08 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-27 00:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: eBay Search
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
TCP: DhcpNameServer = 192.168.2.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Ron\Application Data\Mozilla\Firefox\Profiles\bs3h9njy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-07 19:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(700)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1760)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Logitech\Video\FxSvr2.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2012-06-07 19:26:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-08 02:26
ComboFix2.txt 2012-06-07 18:01
ComboFix3.txt 2012-06-05 00:21
.
Pre-Run: 160,912,904,192 bytes free
Post-Run: 160,548,458,496 bytes free
.
- - End Of File - - 0EBECA7E3B2A84CE259EB6E33D9B2B4D

Thanks for a fast response. :)

#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:43 AM

Posted 08 June 2012 - 03:00 PM

Still redirecting?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 pattilou

pattilou
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 08 June 2012 - 04:08 PM

Yes....Sorry to say. Is there hope for me? :(

#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:43 AM

Posted 09 June 2012 - 11:09 AM

Hello,

1.
Are you connected to the internet through a router? If so we need to reset that router.
How to reset your Router.

2.
Download the yorkyt.exe disinfection tool (1,31 MB).

Save the file to your hard disk; to the Windows Desktop, for example.
Double click the yorkyt.exe file.
A reboot will be requested to install a driver.
Another reboot will be requested to complete the disinfection.
When the disinfection is completed, accept the message that will be displayed.
In order to ensure a full cleanup, run a scan of your PC with the antivirus installed.

3.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


Things to include in your next reply::
Yorkyt log
MBAM log
Still redirecting? If so Is it redirecting in all your Browsers? Internet Expolrer? Firefox? Google Chrome?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 pattilou

pattilou
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 09 June 2012 - 01:03 PM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.09.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Ron :: RONS [administrator]

6/9/2012 10:32:22 AM
mbam-log-2012-06-09 (10-32-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 248636
Time elapsed: 10 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
yorkyt to follow..............






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users