Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD/Group Policy Client failed/Windows Search Stop/Power Manager


  • This topic is locked This topic is locked
67 replies to this topic

#1 tiger168

tiger168

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:24 AM

Posted 12 February 2013 - 02:41 AM

I have a Lenovo T60p Windows 7; 2GB RAM, 500GB HGST, 7200 RPM model brand new.(because I thought it was a HD problem, NOT).

 

The problem started about November 2012. When my notebook will hang for no reason and it was not quite frequent and then it got worst and anout a month ago, it had becoming a regular event where the computer will hang a few times a day.

 

I test the computer in the safe mode, and it will not hang, no crash, runs perfect.  But, when I boot to normal it will fail and it is very inconsistent, not applicaiton specific.  No I did not install new apps, not that I remember anyways. I don't want to mislead anyone, therefore, less is more.

 

I use AVG security, Malwarebytes, scanned with no issues.I ran DDS and everything are attached here.

 

I really apprecaite some help to stablize this notebook since it has been a rock for me. and all the diagnostic I ran tells me the HW is ok.

 

I tried to to s update install using the original Windows 7 CD, but, I was told of compatibility issues that I could not find on my computer, such as Adobe resader version 7, Microsoft interactive training, and Itune (deauthorize), etc., which I cannot find ways to uninstall or remove under Control Panel.

 

That is when I started to seariously thinking seeking help from this site from the fine people who are willing to help.  I thank you....  Let the journey begin....

 

 

======== dds.txt ========

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 10.9.2
Run by Tony Yeh at 22:41:06 on 2013-02-11
Microsoft Windows 7 Ultimate   6.1.7601.1.936.86.1033.18.2046.944 [GMT -8:00]
.
AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2013\avgfws.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Windows\system32\CISVC.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\locator.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\AVG SafeGuard toolbar\vprot.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k AxInstSVGroup
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
BHO: WebThunder Browser Helper: {00000AAA-A363-466E-BEF5-9BB68697AA7F} - LocalServer32 - <no file>
BHO: SiteBlock Class: {013CEB5C-E5B2-40D7-9640-F74F357FF857} - LocalServer32 - <no file>
BHO: ??à×FLVêó?μDáì??°?????§3?: {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - c:\program files\thunder network\thunder\bho\XlBrowserAddin1.0.5.64.dll
BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: ??à×?????§3?: {889D2FEB-5411-4565-8998-1DD2C5261283} - c:\program files\thunder network\thunder\bho\XunleiBHO7.2.4.3312.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - LocalServer32 - <no file>
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: ZoneAlarm Toolbar: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - LocalServer32 - <no file>
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
EB: {1FD6AB1A-DE74-417C-B1C4-B06F967562EC} - <orphaned>
EB: {AB1BD9BE-EB85-4CC6-8FCC-D62BCDC45098} - <orphaned>
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [IntelPROSet] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [vProt] "c:\program files\avg safeguard toolbar\vprot.exe"
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\setup.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
IE: 添加到飞信表情 - c:\program files\china mobile\fetion\FetionExt.dll/202
IE: 通过飞信短信发送 - c:\program files\china mobile\fetion\FetionExt.dll/201
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {814953B0-3DE7-4171-A0DD-A7A38322B6C7} - c:\program files\china mobile\fetion\Fetion.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/0/f/b/0fb0fab9-7f09-4bb6-86d8-8e791ba99ac5/VirtualEarth3D.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160492392593
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.16.0.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2947DA1D-7DB3-4ADC-AEB8-445D7F2DBB0F} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2947DA1D-7DB3-4ADC-AEB8-445D7F2DBB0F}\2456C6C6167696F6D225F6F6D637D234F687 : DHCPNameServer = 68.105.28.12 68.105.29.11
TCP: Interfaces\{2947DA1D-7DB3-4ADC-AEB8-445D7F2DBB0F}\A4A5D2930303 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{2947DA1D-7DB3-4ADC-AEB8-445D7F2DBB0F}\C445D22313D223 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{362ED33A-2C25-4EB4-9577-8C53D6D2EB8B} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\14.0.1\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
SSODL: WebCheck - <orphaned>
SEH: DesktopTipsStub Class - {4562B511-62E9-4533-B7B2-56A8BB10B482} - c:\program files\common files\thunder network\kankan\xappex.1.1.1.29.(528).dll
LSA: Authentication Packages =  msv1_0 relog_ap
LSA: Notification Packages =  scecli csspwntfy psqlpwd c:\program files\thinkvantage fingerprint software\psqlpwd.dll
Hosts: 74.208.105.171 gs.apple.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tony yeh\appdata\roaming\mozilla\firefox\profiles\68fljwh4.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com
FF - component: c:\program files\adobe\acrobat 10.0\acrobat\browser\wcfirefoxextn\components\WCFirefox3Extn.dll
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\coffplgn_2011_7_3_6\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\14.0.1\npsitesafety.dll
FF - plugin: c:\program files\common files\thunder network\kankan\npDapCtrl.3.1.0.1.(527).dll
FF - plugin: c:\program files\common files\thunder network\kankan\npDapCtrlFirefox.2.0.587.11.(412).dll
FF - plugin: c:\program files\common files\thunder network\kankan\npDapCtrlFirefox.2.0.5901.12.(78).dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npfetion.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\program files\windows media player\np-mswmp.dll
FF - plugin: c:\users\tony yeh\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\users\tony yeh\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\tony yeh\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: capability.policy.policynames - allowclipboard
FF - user.js: capability.policy.allowclipboard.sites - bconline.broward.edu
FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess
FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-15 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2012-4-12 25968]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2012-9-4 50296]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-2-11 31576]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2010-2-7 13680]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2013\avgfws.exe [2012-12-10 1342024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
R2 CMB8100;CMB8100;c:\windows\system32\drivers\CertClient.dat [2007-4-1 11808]
R2 CMBProtector;CMBProtector;c:\windows\system32\drivers\CMBProtector.dat [2007-4-1 10272]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2013-2-7 13336]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-17 398184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-17 682344]
R2 PrivateDisk;PrivateDisk;c:\program files\ibm thinkvantage\safeguard privatedisk\privatediskm.sys [2005-11-15 46142]
R2 smi2;smi2;c:\program files\smi2\smi2.sys [2005-12-21 3968]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\thinkvantage fingerprint software\smihlp.sys [2011-5-30 11976]
R2 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1;c:\program files\common files\avg secure search\vtoolbarupdater\14.0.1\ToolbarUpdater.exe [2013-2-11 945328]
R2 XLServicePlatform;XLServicePlatform;c:\windows\system32\svchost -k xlserviceplatform --> c:\windows\system32\svchost -k XLServicePlatform [?]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2012-4-20 45736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-4-20 29472]
R3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [2012-1-19 23608]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-11-13 21104]
R3 NETwLv32;    Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwLv32.sys [2010-10-7 6639616]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2009-7-2 38336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32\drivers\athru6.sys [2007-7-5 873472]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 DCamUSBSony4;Sony Visual Communication Camera;c:\windows\system32\drivers\snyucam4.sys [2009-11-10 424127]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-2-2 14216]
S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2010-1-27 5248]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-2-2 8456]
S3 FTLUND;Lundinova Filter Driver;c:\windows\system32\drivers\ftlund.sys [2007-2-8 6828]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-5-8 42752]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2010-3-17 6630912]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-14 14848]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-8-18 27192]
S3 swmx01;Sierra Wireless USB MUX Driver (#01);c:\windows\system32\drivers\swmx01.sys [2009-11-10 58624]
S3 SWNC5E01;Sierra Wireless MUX NDIS Driver (#01);c:\windows\system32\drivers\SWNC5E01.sys [2009-11-10 73600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-11-14 49664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-6 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S4 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\intel\bluetoothhs\BTHSSecurityMgr.exe [2012-8-23 104240]
S4 GSService;GSService;c:\windows\system32\GSService.exe [2012-1-19 745472]
S4 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2012-9-6 112968]
S4 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-11-13 1153368]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S4 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [2012-1-19 243712]
S4 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\intel\wifi\bin\ZeroConfigService.exe [2012-8-23 2778416]
.
=============== Created Last 30 ================
.
2013-02-12 06:38:56    --------    d--h--w-    c:\windows\AxInstSV
2013-02-11 19:45:23    --------    d-----w-    c:\users\tony yeh\appdata\local\AVG SafeGuard toolbar
2013-02-11 19:45:18    --------    d-----w-    c:\programdata\AVG SafeGuard toolbar
2013-02-11 19:45:10    31576    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2013-02-11 19:45:06    --------    d-----w-    c:\program files\common files\AVG Secure Search
2013-02-11 19:45:05    --------    d-----w-    c:\program files\AVG SafeGuard toolbar
2013-02-11 19:37:15    --------    d-----w-    c:\users\tony yeh\appdata\roaming\AVG2013
2013-02-11 19:33:17    --------    d--h--w-    C:\$AVG
2013-02-10 05:24:44    6918632    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2013-02-10 05:24:40    6991832    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{c37c8004-41c7-4efa-83b7-61224f32d59b}\mpengine.dll
2013-02-08 06:44:07    --------    d-----w-    c:\users\tony yeh\appdata\roaming\Intel Corporation
2013-02-08 06:18:27    433176    ----a-w-    c:\windows\system32\drivers\iaStor.sys
2013-02-08 06:18:17    --------    d-----w-    C:\swsetup
2013-02-08 06:00:08    --------    d-----w-    C:\6bec5fae0923da237212b90a
2013-02-07 11:08:19    --------    d-----w-    c:\program files\Microsoft SkyDrive
2013-02-07 11:08:19    --------    d-----r-    c:\users\tony yeh\SkyDrive
2013-02-07 11:07:31    --------    d-----w-    c:\programdata\Microsoft SkyDrive
2013-02-06 07:11:59    1431272    ----a-w-    c:\windows\system32\AutoPartNt.exe
.
==================== Find3M  ====================
.
2013-02-07 09:57:01    74248    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-07 09:57:01    697864    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-01-17 09:28:58    232336    ------w-    c:\windows\system32\MpSigStub.exe
2012-12-16 14:13:28    295424    ----a-w-    c:\windows\system32\atmfd.dll
2012-12-16 14:13:20    34304    ----a-w-    c:\windows\system32\atmlib.dll
2012-12-15 00:49:28    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys
2012-12-11 14:22:08    72048    ----a-w-    c:\windows\system32\ibmpmctl.exe
2012-12-11 14:22:08    51056    ----a-w-    c:\windows\system32\ibmpmsvc.exe
2012-12-11 14:22:08    36208    ----a-w-    c:\windows\system32\tpinspm.dll
2012-12-11 14:22:08    36040    ----a-w-    c:\windows\system32\drivers\ibmpmdrv.sys
2012-12-07 12:26:17    308736    ----a-w-    c:\windows\system32\Wpc.dll
2012-12-07 12:20:43    2576384    ----a-w-    c:\windows\system32\gameux.dll
2012-11-30 04:53:34    169984    ----a-w-    c:\windows\system32\winsrv.dll
2012-11-30 04:47:45    293376    ----a-w-    c:\windows\system32\KernelBase.dll
2012-11-30 02:55:25    271360    ----a-w-    c:\windows\system32\conhost.exe
2012-11-30 02:38:59    6144    ---ha-w-    c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-23 02:56:23    2345984    ----a-w-    c:\windows\system32\win32k.sys
2012-11-23 02:48:41    49152    ----a-w-    c:\windows\system32\taskhost.exe
2012-11-22 04:45:03    626688    ----a-w-    c:\windows\system32\usp10.dll
2012-11-20 04:51:09    220160    ----a-w-    c:\windows\system32\ncrypt.dll
2012-11-15 06:54:15    16400    ----a-w-    c:\windows\system32\drivers\LNonPnP.sys
2006-10-23 15:35:38    7396864    -c--a-w-    c:\program files\HTML Guardian 7.msi
2004-07-30 08:04:42    1216    -csha-w-    c:\windows\Twunk_16.dll
2004-07-30 08:04:42    1216    -csha-w-    c:\windows\Twunk_32.dll
.
============= FINISH: 22:47:16.23 ===============
 

 


*Moderator Edit: Moved topic from Windows 7 to the more appropriate forum. DDS logs are not allowed in other forums. ~ Queen-Evie*

Attached Files


Edited by Queen-Evie, 12 February 2013 - 09:02 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,006 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:24 AM

Posted 15 February 2013 - 09:55 PM

Greetings tiger168 and welcome.gif to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. thumbup2.gif

===================================================

Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. smile.png
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the StartNewTopic.gif button but use the AddReply.gif button instead.
  • In the upper right hand corner of the topic you will see the WatchTopic.gif button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started thumbup2.gif

===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please do the following for me.

===================================================


Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

sUBs, the author of Combofix, recommends you to uninstall AVG or CA Internet Security before running the program. If you have either of these programs on your computer please uninstall them using AppRemover which can be downloaded here. We will be sure to reinstall the Antivirus program once we are finished using Combofix.

  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.

Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.

  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running

Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:

  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it

 

===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

aswMBR1.png

  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

aswMBR2.png

  • Please post the contents of the log in your next reply.

NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 

 

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. icon_thumb.gif

  • Combofix log
  • aswMBR log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,006 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:24 AM

Posted 18 February 2013 - 09:53 AM

Greetings tiger168,


===================================================


3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 tiger168

tiger168
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:24 AM

Posted 19 February 2013 - 01:36 PM

WOW, I didn't get any notifications.  I will follow your instructions now..

 

Since my computer is hanging from time to time, it will take me some times to complete this, thank you for your patience.



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,006 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:24 AM

Posted 19 February 2013 - 01:47 PM

No problem. There was a recent upgrade to the system and I think there are still quirks, like not being notified. That has happened to me as well.

If you need to run Combofix in Safe Mode that is fine.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 tiger168

tiger168
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:24 AM

Posted 19 February 2013 - 09:24 PM

Thank you for your undrestanding.

 

I have invested most of today on following the instrucitons as much as possible and has attached the loga below.

 

COMBOFIX was ran in the regular mode without any issues.  aswMBR cause 2 BSOD (after the first BSOD, I re-ran it again just to make sure it was not a random BSOD); and when the second BSOD happen approximately in the same time frame, I had to resort to run in the safe mode and obtain the log that way.  In between the BSOD, I had to run the CHKDSK just to make sure the files are intact.  I did notice my outlook .PST were corrupted, but, I can fix that later once we have the computer healthy.

 

Here are the logs:

 

#1, ComboFIX:

 

ComboFix 13-02-18.02 - Tony Yeh 9/2013 Tue  16:32:19.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.936.86.1033.18.2046.705 [GMT -8:00]
执行位置: c:\users\Tony Yeh\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   被删除的档案   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\Common Files\Tencent\Paycenter
c:\program files\Common Files\Tencent\Paycenter\qqcert.dll
c:\program files\Common Files\Tencent\Paycenter\qqedit.dll
c:\program files\Naver
c:\program files\Naver\LINE\CommLib.dll
c:\program files\Naver\LINE\CommModule.dll
c:\program files\Naver\LINE\DataModule.dll
c:\program files\Naver\LINE\dbghelp.dll
c:\program files\Naver\LINE\Line.exe
c:\program files\Naver\LINE\LineAppMgr.exe
c:\program files\Naver\LINE\LineUnInst.exe
c:\program files\Naver\LINE\LineUpgrader.exe
c:\program files\Naver\LINE\MediaInfo.dll
c:\program files\Naver\LINE\Microsoft.VC90.CRT.manifest
c:\program files\Naver\LINE\msvcp90.dll
c:\program files\Naver\LINE\msvcr90.dll
c:\program files\Naver\LINE\NELO.dll
c:\program files\Naver\LINE\NELO_CrashReporter.exe
c:\program files\Naver\LINE\README.license
c:\program files\Naver\LINE\res\locale\en-US\buddy.xml
c:\program files\Naver\LINE\res\locale\en-US\chatRoom.xml
c:\program files\Naver\LINE\res\locale\en-US\common.xml
c:\program files\Naver\LINE\res\locale\en-US\group.xml
c:\program files\Naver\LINE\res\locale\en-US\invite.xml
c:\program files\Naver\LINE\res\locale\en-US\login.xml
c:\program files\Naver\LINE\res\locale\en-US\menu.xml
c:\program files\Naver\LINE\res\locale\en-US\msgbox.xml
c:\program files\Naver\LINE\res\locale\en-US\setting.xml
c:\program files\Naver\LINE\res\locale\en-US\sticker.xml
c:\program files\Naver\LINE\res\locale\en-US\talk.xml
c:\program files\Naver\LINE\res\locale\en-US\upgrader.xml
c:\program files\Naver\LINE\res\locale\en-US\upic.xml
c:\program files\Naver\LINE\res\locale\en-US\voip.xml
c:\program files\Naver\LINE\res\locale\ja-JP\buddy.xml
c:\program files\Naver\LINE\res\locale\ja-JP\chatRoom.xml
c:\program files\Naver\LINE\res\locale\ja-JP\common.xml
c:\program files\Naver\LINE\res\locale\ja-JP\group.xml
c:\program files\Naver\LINE\res\locale\ja-JP\invite.xml
c:\program files\Naver\LINE\res\locale\ja-JP\login.xml
c:\program files\Naver\LINE\res\locale\ja-JP\menu.xml
c:\program files\Naver\LINE\res\locale\ja-JP\msgbox.xml
c:\program files\Naver\LINE\res\locale\ja-JP\setting.xml
c:\program files\Naver\LINE\res\locale\ja-JP\sticker.xml
c:\program files\Naver\LINE\res\locale\ja-JP\talk.xml
c:\program files\Naver\LINE\res\locale\ja-JP\upgrader.xml
c:\program files\Naver\LINE\res\locale\ja-JP\upic.xml
c:\program files\Naver\LINE\res\locale\ja-JP\voip.xml
c:\program files\Naver\LINE\res\locale\ko-KR\buddy.xml
c:\program files\Naver\LINE\res\locale\ko-KR\chatRoom.xml
c:\program files\Naver\LINE\res\locale\ko-KR\common.xml
c:\program files\Naver\LINE\res\locale\ko-KR\group.xml
c:\program files\Naver\LINE\res\locale\ko-KR\invite.xml
c:\program files\Naver\LINE\res\locale\ko-KR\login.xml
c:\program files\Naver\LINE\res\locale\ko-KR\menu.xml
c:\program files\Naver\LINE\res\locale\ko-KR\msgbox.xml
c:\program files\Naver\LINE\res\locale\ko-KR\setting.xml
c:\program files\Naver\LINE\res\locale\ko-KR\sticker.xml
c:\program files\Naver\LINE\res\locale\ko-KR\talk.xml
c:\program files\Naver\LINE\res\locale\ko-KR\upgrader.xml
c:\program files\Naver\LINE\res\locale\ko-KR\upic.xml
c:\program files\Naver\LINE\res\locale\ko-KR\voip.xml
c:\program files\Naver\LINE\res\skin\basic\about.nxul
c:\program files\Naver\LINE\res\skin\basic\buddyInfo.nxul
c:\program files\Naver\LINE\res\skin\basic\chatMember.nxul
c:\program files\Naver\LINE\res\skin\basic\chatRoom.nxul
c:\program files\Naver\LINE\res\skin\basic\css\buddyInfo.css
c:\program files\Naver\LINE\res\skin\basic\css\chatMember.css
c:\program files\Naver\LINE\res\skin\basic\css\chatRoom.css
c:\program files\Naver\LINE\res\skin\basic\css\chatRoomMessage.css
c:\program files\Naver\LINE\res\skin\basic\css\common.css
c:\program files\Naver\LINE\res\skin\basic\css\emoji.css
c:\program files\Naver\LINE\res\skin\basic\css\emojiIcon.css
c:\program files\Naver\LINE\res\skin\basic\css\emojiLetter.css
c:\program files\Naver\LINE\res\skin\basic\css\groupMake.css
c:\program files\Naver\LINE\res\skin\basic\css\groupModify.css
c:\program files\Naver\LINE\res\skin\basic\css\invite.css
c:\program files\Naver\LINE\res\skin\basic\css\login.css
c:\program files\Naver\LINE\res\skin\basic\css\loginHelp.css
c:\program files\Naver\LINE\res\skin\basic\css\makeGroup.css
c:\program files\Naver\LINE\res\skin\basic\css\myInfo.css
c:\program files\Naver\LINE\res\skin\basic\css\setting.css
c:\program files\Naver\LINE\res\skin\basic\css\settingBasic.css
c:\program files\Naver\LINE\res\skin\basic\css\settingPrivacy.css
c:\program files\Naver\LINE\res\skin\basic\css\sticker.css
c:\program files\Naver\LINE\res\skin\basic\css\talk.css
c:\program files\Naver\LINE\res\skin\basic\css\talkAddBuddy.css
c:\program files\Naver\LINE\res\skin\basic\css\talkBuddyList.css
c:\program files\Naver\LINE\res\skin\basic\css\talkChatList.css
c:\program files\Naver\LINE\res\skin\basic\css\toast.css
c:\program files\Naver\LINE\res\skin\basic\css\voip.css
c:\program files\Naver\LINE\res\skin\basic\emoji.nxul
c:\program files\Naver\LINE\res\skin\basic\emojiIcon.nxul
c:\program files\Naver\LINE\res\skin\basic\emojiLetter.nxul
c:\program files\Naver\LINE\res\skin\basic\groupMake.nxul
c:\program files\Naver\LINE\res\skin\basic\groupModify.nxul
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_audio.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_btn_box.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_buddy_bubble_gray.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_buddy_bubble_gray2.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_buddy_image_frame.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_buddy_video.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_call.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_date_bubble.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_img_err.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_layer.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_menu_line.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_more.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_my_bubble_green.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_my_bubble_green2.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_my_bubble_light_green.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_my_image_frame.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_my_video.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_new_buddy.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_sep.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_splitter.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_top.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\bg_video.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\br_btm_l.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\br_btm_m.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\br_btm_r.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\br_line.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\br_top_l.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\br_top_r.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\btn_addblock.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\btn_arrow_down.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\btn_canel.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\btn_chat_type1.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\btn_close.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\btn_emoji.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\btn_file.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\btn_max.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\btn_menu.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\btn_min.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\btn_room_name.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\check_style1.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\check_style2.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\check_style3.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\check_style3_x.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\check_style3_xx.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\flag.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\ico_alarm_off.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\ico_error_sticker.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\ico_fail.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\ico_person.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\icon_voip.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\loading.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\loading_small.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\nick_bubble_l.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\nick_bubble_m.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\nick_bubble_r.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\slider_bar.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\slider_thumb.png
c:\program files\Naver\LINE\res\skin\basic\images\chat\thumnail_box.png
c:\program files\Naver\LINE\res\skin\basic\images\common\bar_01.png
c:\program files\Naver\LINE\res\skin\basic\images\common\bar_02.png
c:\program files\Naver\LINE\res\skin\basic\images\common\bg_dlg_title.png
c:\program files\Naver\LINE\res\skin\basic\images\common\br_btm_l.png
c:\program files\Naver\LINE\res\skin\basic\images\common\br_btm_r.png
c:\program files\Naver\LINE\res\skin\basic\images\common\br_line.png
c:\program files\Naver\LINE\res\skin\basic\images\common\br_top_l.png
c:\program files\Naver\LINE\res\skin\basic\images\common\br_top_r.png
c:\program files\Naver\LINE\res\skin\basic\images\common\btn_close_01.png
c:\program files\Naver\LINE\res\skin\basic\images\common\btn_close_02.png
c:\program files\Naver\LINE\res\skin\basic\images\common\btn_system.png
c:\program files\Naver\LINE\res\skin\basic\images\common\btn_type1.png
c:\program files\Naver\LINE\res\skin\basic\images\common\btn_type2.png
c:\program files\Naver\LINE\res\skin\basic\images\common\btn_type3.png
c:\program files\Naver\LINE\res\skin\basic\images\common\btn_update.png
c:\program files\Naver\LINE\res\skin\basic\images\common\check_type1.png
c:\program files\Naver\LINE\res\skin\basic\images\common\checkbox_01.png
c:\program files\Naver\LINE\res\skin\basic\images\common\ico_close.png
c:\program files\Naver\LINE\res\skin\basic\images\common\ico_dot01.png
c:\program files\Naver\LINE\res\skin\basic\images\common\ico_return.png
c:\program files\Naver\LINE\res\skin\basic\images\common\icon_clear.png
c:\program files\Naver\LINE\res\skin\basic\images\common\input_box.png
c:\program files\Naver\LINE\res\skin\basic\images\common\layer_btn_close.png
c:\program files\Naver\LINE\res\skin\basic\images\common\layer_btn_close_all.png
c:\program files\Naver\LINE\res\skin\basic\images\common\layer_btn_close_click.png
c:\program files\Naver\LINE\res\skin\basic\images\common\layer_btn_close_over.png
c:\program files\Naver\LINE\res\skin\basic\images\common\layer_btn_search_1.png
c:\program files\Naver\LINE\res\skin\basic\images\common\Line.ico
c:\program files\Naver\LINE\res\skin\basic\images\common\line_about.png
c:\program files\Naver\LINE\res\skin\basic\images\common\line_about_btn.png
c:\program files\Naver\LINE\res\skin\basic\images\common\loading.png
c:\program files\Naver\LINE\res\skin\basic\images\common\profile_frame.png
c:\program files\Naver\LINE\res\skin\basic\images\common\spin_down.png
c:\program files\Naver\LINE\res\skin\basic\images\common\spin_up.png
c:\program files\Naver\LINE\res\skin\basic\images\common\thumnail_01.png
c:\program files\Naver\LINE\res\skin\basic\images\common\thumnail_02.png
c:\program files\Naver\LINE\res\skin\basic\images\common\thumnail_03.png
c:\program files\Naver\LINE\res\skin\basic\images\common\thumnail_04.png
c:\program files\Naver\LINE\res\skin\basic\images\common\thumnail_05.png
c:\program files\Naver\LINE\res\skin\basic\images\emoji\bg_tab.png
c:\program files\Naver\LINE\res\skin\basic\images\emoji\btn_icon_bg.png
c:\program files\Naver\LINE\res\skin\basic\images\emoji\btn_index.png
c:\program files\Naver\LINE\res\skin\basic\images\emoji\btn_latest.png
c:\program files\Naver\LINE\res\skin\basic\images\emoji\btn_left.png
c:\program files\Naver\LINE\res\skin\basic\images\emoji\btn_letter.png
c:\program files\Naver\LINE\res\skin\basic\images\emoji\btn_right.png
c:\program files\Naver\LINE\res\skin\basic\images\emoji\btn_sticker_arrow1.png
c:\program files\Naver\LINE\res\skin\basic\images\emoji\btn_sticker_arrow2.png
c:\program files\Naver\LINE\res\skin\basic\images\emoji\emoji_bottom.png
c:\program files\Naver\LINE\res\skin\basic\images\emoji\emoji_select.png
c:\program files\Naver\LINE\res\skin\basic\images\emoji\emoji_top_bg.png
c:\program files\Naver\LINE\res\skin\basic\images\emoji\select_emoticon.png
c:\program files\Naver\LINE\res\skin\basic\images\emoji\select_kaomoji.png
c:\program files\Naver\LINE\res\skin\basic\images\emoji\select_sticker.png
c:\program files\Naver\LINE\res\skin\basic\images\emoji\stiker_btn_bg.png
c:\program files\Naver\LINE\res\skin\basic\images\group\bg_add_profile_frame.png
c:\program files\Naver\LINE\res\skin\basic\images\group\bg_teamlayer_top_01.png
c:\program files\Naver\LINE\res\skin\basic\images\group\btn_plus_02.png
c:\program files\Naver\LINE\res\skin\basic\images\group\btn_radio_off_01.png
c:\program files\Naver\LINE\res\skin\basic\images\group\btn_radio_on_01.png
c:\program files\Naver\LINE\res\skin\basic\images\group\btn_teampopup_cancel_01.png
c:\program files\Naver\LINE\res\skin\basic\images\group\btn_teampopup_invite_01.png
c:\program files\Naver\LINE\res\skin\basic\images\group\btn_teampopup_make_01.png
c:\program files\Naver\LINE\res\skin\basic\images\group\btn_teampopup_member_01.png
c:\program files\Naver\LINE\res\skin\basic\images\group\btn_teampopup_no_01.png
c:\program files\Naver\LINE\res\skin\basic\images\group\btn_teampopup_save_01.png
c:\program files\Naver\LINE\res\skin\basic\images\group\btn_teampopup_talk_01.png
c:\program files\Naver\LINE\res\skin\basic\images\group\btn_teampopup_write_01.png
c:\program files\Naver\LINE\res\skin\basic\images\group\btn_teampopup_yes_01.png
c:\program files\Naver\LINE\res\skin\basic\images\group\check_style1.png
c:\program files\Naver\LINE\res\skin\basic\images\group\check_style3.png
c:\program files\Naver\LINE\res\skin\basic\images\group\group_edit_select.png
c:\program files\Naver\LINE\res\skin\basic\images\login\btn_close.png
c:\program files\Naver\LINE\res\skin\basic\images\login\btn_login.png
c:\program files\Naver\LINE\res\skin\basic\images\login\btn_max.png
c:\program files\Naver\LINE\res\skin\basic\images\login\btn_min.png
c:\program files\Naver\LINE\res\skin\basic\images\login\btn_qrcode_refresh.png
c:\program files\Naver\LINE\res\skin\basic\images\login\en-US\01_main.png
c:\program files\Naver\LINE\res\skin\basic\images\login\en-US\02_email.png
c:\program files\Naver\LINE\res\skin\basic\images\login\en-US\03_qr01.png
c:\program files\Naver\LINE\res\skin\basic\images\login\en-US\04_qr02.png
c:\program files\Naver\LINE\res\skin\basic\images\login\en-US\btn_login.png
c:\program files\Naver\LINE\res\skin\basic\images\login\en-US\btn_qrcode.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ico_q.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ico_step01.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ico_step02.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ja-JP\01_main.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ja-JP\02_email.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ja-JP\03_jp_main.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ja-JP\04_jp_setting.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ja-JP\05_app_qr01.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ja-JP\06_app_qr02.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ja-JP\07_wap_qr01.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ja-JP\08_wap_qr02.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ja-JP\btn_login.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ja-JP\btn_qrcode.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ko-KR\01_main.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ko-KR\02_email.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ko-KR\03_naver.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ko-KR\04_qr01.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ko-KR\05_qr02.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ko-KR\btn_international.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ko-KR\btn_login.png
c:\program files\Naver\LINE\res\skin\basic\images\login\ko-KR\btn_qrcode.png
c:\program files\Naver\LINE\res\skin\basic\images\login\line_logo.png
c:\program files\Naver\LINE\res\skin\basic\images\login\login_bg1.png
c:\program files\Naver\LINE\res\skin\basic\images\login\login_bg2.png
c:\program files\Naver\LINE\res\skin\basic\images\login\login_btm.png
c:\program files\Naver\LINE\res\skin\basic\images\login\login_bullet.png
c:\program files\Naver\LINE\res\skin\basic\images\login\login_bullet2.png
c:\program files\Naver\LINE\res\skin\basic\images\login\login_line.png
c:\program files\Naver\LINE\res\skin\basic\images\login\login_qrcode.png
c:\program files\Naver\LINE\res\skin\basic\images\menu\menu_bottom_l.png
c:\program files\Naver\LINE\res\skin\basic\images\menu\menu_bottom_m.png
c:\program files\Naver\LINE\res\skin\basic\images\menu\menu_bottom_r.png
c:\program files\Naver\LINE\res\skin\basic\images\menu\menu_check.png
c:\program files\Naver\LINE\res\skin\basic\images\menu\menu_middle_l.png
c:\program files\Naver\LINE\res\skin\basic\images\menu\menu_middle_r.png
c:\program files\Naver\LINE\res\skin\basic\images\menu\menu_top_l.png
c:\program files\Naver\LINE\res\skin\basic\images\menu\menu_top_m.png
c:\program files\Naver\LINE\res\skin\basic\images\menu\menu_top_r.png
c:\program files\Naver\LINE\res\skin\basic\images\menu\menu_uncheck.png
c:\program files\Naver\LINE\res\skin\basic\images\profile\img_default.png
c:\program files\Naver\LINE\res\skin\basic\images\profile\img_default_big.png
c:\program files\Naver\LINE\res\skin\basic\images\profile\img_default_group.png
c:\program files\Naver\LINE\res\skin\basic\images\profile\img_default_group_big.png
c:\program files\Naver\LINE\res\skin\basic\images\profile\img_default_makegroup.png
c:\program files\Naver\LINE\res\skin\basic\images\profile\list_img_default.png
c:\program files\Naver\LINE\res\skin\basic\images\profile\list_img_default_group.png
c:\program files\Naver\LINE\res\skin\basic\images\profile\list_img_default_makegroup.png
c:\program files\Naver\LINE\res\skin\basic\images\setting\bg_setting.png
c:\program files\Naver\LINE\res\skin\basic\images\setting\bg_setting_btm.png
c:\program files\Naver\LINE\res\skin\basic\images\setting\bg_setting_line.png
c:\program files\Naver\LINE\res\skin\basic\images\setting\bg_setting_top.png
c:\program files\Naver\LINE\res\skin\basic\images\setting\bg_setting_topleft.png
c:\program files\Naver\LINE\res\skin\basic\images\setting\bg_setting_topright.png
c:\program files\Naver\LINE\res\skin\basic\images\setting\btn_block_user.png
c:\program files\Naver\LINE\res\skin\basic\images\setting\btn_select.png
c:\program files\Naver\LINE\res\skin\basic\images\setting\ico_arrow.png
c:\program files\Naver\LINE\res\skin\basic\images\setting\layer_btn_close_all.png
c:\program files\Naver\LINE\res\skin\basic\images\setting\tab_bg.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\bg_badge.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\bg_subpanel.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\bg_tab.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\bg_top.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\btn_add_friend.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\btn_chat.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\btn_close.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\btn_list_option.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\btn_max.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\btn_menu.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\btn_min.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\btn_top_friendtalk_01.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\check_addbuddy.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\check_group_show.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\en-US\img_no_data_1.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\en-US\img_no_data_2.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\en-US\img_no_data_3.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\group_member_count_bg.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\ico_tab01.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\ico_tab02.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\ico_tab03.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\icon_search.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\img_no_data_1.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\img_no_data_2.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\img_no_data_3.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\input_cursor.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\ja-JP\img_no_data_1.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\ja-JP\img_no_data_2.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\ja-JP\img_no_data_3.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\ko-KR\img_no_data_1.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\ko-KR\img_no_data_2.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\ko-KR\img_no_data_3.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\list_tab_bar.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\nick_bubble_l.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\nick_bubble_m.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\nick_bubble_r.png
c:\program files\Naver\LINE\res\skin\basic\images\talk\status_bg.png
c:\program files\Naver\LINE\res\skin\basic\images\toast\toast_bg.png
c:\program files\Naver\LINE\res\skin\basic\images\toast\toast_btn_call_accept.png
c:\program files\Naver\LINE\res\skin\basic\images\toast\toast_btn_call_bg.png
c:\program files\Naver\LINE\res\skin\basic\images\toast\toast_btn_call_refuse.png
c:\program files\Naver\LINE\res\skin\basic\images\toast\toast_close.png
c:\program files\Naver\LINE\res\skin\basic\images\toast\toast_icon_call_accept.png
c:\program files\Naver\LINE\res\skin\basic\images\toast\toast_icon_call_refuse.png
c:\program files\Naver\LINE\res\skin\basic\images\tray\line_off.ico
c:\program files\Naver\LINE\res\skin\basic\images\tray\tray_icon_new.ico
c:\program files\Naver\LINE\res\skin\basic\images\tray\tray_icon_offline.ico
c:\program files\Naver\LINE\res\skin\basic\images\tray\tray_icon_online.ico
c:\program files\Naver\LINE\res\skin\basic\images\voip\voip_icon_call_accept.png
c:\program files\Naver\LINE\res\skin\basic\images\voip\voip_icon_call_refuse.png
c:\program files\Naver\LINE\res\skin\basic\images\voip\voip_icon_mic.png
c:\program files\Naver\LINE\res\skin\basic\images\voip\voip_icon_mic_dim.png
c:\program files\Naver\LINE\res\skin\basic\images\voip\voip_icon_vol.png
c:\program files\Naver\LINE\res\skin\basic\images\voip\voip_icon_vol_dim.png
c:\program files\Naver\LINE\res\skin\basic\images\voip\voip_icon_vol_gray.png
c:\program files\Naver\LINE\res\skin\basic\images\voip\voip_icon_vol_green.png
c:\program files\Naver\LINE\res\skin\basic\images\voip\voip_win_btn.png
c:\program files\Naver\LINE\res\skin\basic\images\voip\voip_win_thumnail_110.png
c:\program files\Naver\LINE\res\skin\basic\images\voip\voip_win_thumnail_bg.png
c:\program files\Naver\LINE\res\skin\basic\invite.nxul
c:\program files\Naver\LINE\res\skin\basic\login.nxul
c:\program files\Naver\LINE\res\skin\basic\loginHelp.nxul
c:\program files\Naver\LINE\res\skin\basic\loginKickout.nxul
c:\program files\Naver\LINE\res\skin\basic\macUpgradeNotice.nxul
c:\program files\Naver\LINE\res\skin\basic\myInfo.nxul
c:\program files\Naver\LINE\res\skin\basic\notice.nxul
c:\program files\Naver\LINE\res\skin\basic\picturePopup.nxul
c:\program files\Naver\LINE\res\skin\basic\QRCodeHelp.nxul
c:\program files\Naver\LINE\res\skin\basic\setting.nxul
c:\program files\Naver\LINE\res\skin\basic\settingBasic.nxul
c:\program files\Naver\LINE\res\skin\basic\settingPrivacy.nxul
c:\program files\Naver\LINE\res\skin\basic\skinMsgBox.nxul
c:\program files\Naver\LINE\res\skin\basic\sticker.nxul
c:\program files\Naver\LINE\res\skin\basic\talk.nxul
c:\program files\Naver\LINE\res\skin\basic\talkAddBuddy.nxul
c:\program files\Naver\LINE\res\skin\basic\talkBuddyList.nxul
c:\program files\Naver\LINE\res\skin\basic\talkChatList.nxul
c:\program files\Naver\LINE\res\skin\basic\test.nxul
c:\program files\Naver\LINE\res\skin\basic\toast.nxul
c:\program files\Naver\LINE\res\skin\basic\uploadPicture.nxul
c:\program files\Naver\LINE\res\skin\basic\voip.nxul
c:\program files\Naver\LINE\res\skin\basic\windowPositionHelperTester.nxul
c:\program files\Naver\LINE\res\skin\emoji\emoji_facemark.csv
c:\program files\Naver\LINE\res\skin\emoji\emoji_icon.csv
c:\program files\Naver\LINE\res\skin\emoji\icon\emoji_w_001.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoji_w_002.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoji_w_003.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoji_w_004.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoji_w_005.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoji_w_006.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoji_w_007.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoji_w_008.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoji_w_009.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_01s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_02s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_03s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_04s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_05s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_06s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_07s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_08s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_09s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_10s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_11s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_12s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_13s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_14s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_15s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_16s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_17s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_18s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_19s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_20s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_21s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_03_01s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_03_02s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_03_03s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_03_04s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_03_05s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_03_06s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_03_07s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_03_08s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_03_09s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_03_10s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_03_11s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_03_12s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_04_01s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_04_02s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_04_03s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_04_04s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_04_05s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_04_06s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_04_07s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_04_08s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_04_09s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_04_10s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_04_11s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_04_12s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_04_13s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_01s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_02s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_03s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_04s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_05s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_06s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_07s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_08s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_09s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_10s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_11s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_12s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_13s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_14s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_15s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_01s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_02s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_03s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_04s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_05s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_06s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_07s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_08s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_09s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_10s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_11s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_12s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_13s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_14s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_15s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_16s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_17s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_18s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_19s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_20s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_21s.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_01.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_02.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_03.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_04.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_05.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_06.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_07.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_08.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_09.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_10.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_11.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_12.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_13.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_14.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_15.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_16.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_17.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_18.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_19.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_20.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_21.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_01.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_02.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_03.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_04.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_05.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_06.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_07.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_08.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_09.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_10.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_11.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_12.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_13.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_14.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_15.png
c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_16.png
c:\program files\Naver\LINE\res\skin\sticker\gift\gift_1.png
c:\program files\Naver\LINE\res\skin\sticker\gift\gift_2.png
c:\program files\Naver\LINE\res\skin\sticker\gift\gift_3.png
c:\program files\Naver\LINE\res\skin\sticker\gift\gift_4.png
c:\program files\Naver\LINE\res\skin\sticker\tab\tab00_off.png
c:\program files\Naver\LINE\res\skin\sticker\tab\tab00_on.png
c:\program files\Naver\LINE\res\sounds\Bell.wav
c:\program files\Naver\LINE\res\sounds\VoipEnd.wav
c:\program files\Naver\LINE\res\sounds\VoipRing.wav
c:\program files\Naver\LINE\res\sounds\VoipRingback.wav
c:\program files\Update
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Setup.exe
c:\programdata\Roaming
c:\users\Tony Yeh\AppData\Roaming\HPSU_48BitScanUpdate.log
c:\users\Tony Yeh\Documents\Readiris.DUS
c:\users\Tony Yeh\WINDOWS
c:\windows\iun6002.exe
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\admshare.dat
c:\windows\system32\muzapp.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((  2013-01-20 至 2013-02-20 的新的档案  )))))))))))))))))))))))))))))))
.
.
2013-02-20 01:03 . 2013-02-20 01:03    --------    d--h--w-    c:\windows\AxInstSV
2013-02-20 01:00 . 2013-02-20 01:05    --------    d-----w-    c:\users\Tony Yeh\AppData\Local\temp
2013-02-20 01:00 . 2013-02-20 01:00    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-02-20 01:00 . 2013-02-20 01:00    --------    d-----w-    c:\users\Administrator\AppData\Local\temp
2013-02-20 00:38 . 2013-02-20 00:38    60872    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{C37C8004-41C7-4EFA-83B7-61224F32D59B}\offreg.dll
2013-02-15 18:16 . 2013-02-15 18:16    53248    ----a-r-    c:\users\Tony Yeh\AppData\Roaming\Microsoft\Installer\{AD32F5E9-6BDD-480A-8B7B-95571D04691C}\ARPPRODUCTICON.exe
2013-02-15 18:12 . 2010-09-07 22:09    13680    ----a-w-    c:\windows\system32\drivers\smiif32.sys
2013-02-15 02:47 . 2013-02-15 02:52    --------    d-----w-    c:\program files\Core Temp
2013-02-15 02:25 . 2013-02-19 09:03    --------    d-----w-    c:\users\Tony Yeh\AppData\Local\Coupon Companion Plugin
2013-02-15 02:25 . 2013-02-15 02:51    --------    d-----w-    c:\users\Tony Yeh\AppData\Roaming\Searchya
2013-02-13 09:46 . 2013-01-04 03:00    2347008    ----a-w-    c:\windows\system32\win32k.sys
2013-02-13 09:45 . 2013-01-05 05:00    3967848    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-02-13 09:45 . 2013-01-05 05:00    3913064    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-02-13 09:45 . 2013-01-03 05:05    1293672    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-02-13 09:45 . 2013-01-03 05:04    187752    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 09:45 . 2013-01-04 04:50    169984    ----a-w-    c:\windows\system32\winsrv.dll
2013-02-13 07:57 . 2013-02-19 22:12    --------    d-----w-    c:\program files\Mozilla Maintenance Service
2013-02-11 19:45 . 2013-02-19 23:49    --------    d-----w-    c:\programdata\AVG SafeGuard toolbar
2013-02-10 05:24 . 2013-01-18 20:17    6991832    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{C37C8004-41C7-4EFA-83B7-61224F32D59B}\mpengine.dll
2013-02-09 09:26 . 2013-02-09 09:26    159744    ----a-w-    c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2013-02-09 09:26 . 2013-02-09 09:26    159744    ----a-w-    c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2013-02-09 09:26 . 2013-02-09 09:26    159744    ----a-w-    c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2013-02-09 09:26 . 2013-02-09 09:26    159744    ----a-w-    c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2013-02-09 09:26 . 2013-02-09 09:26    159744    ----a-w-    c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2013-02-09 09:26 . 2013-02-09 09:26    159744    ----a-w-    c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2013-02-09 09:26 . 2013-02-09 09:26    159744    ----a-w-    c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2013-02-09 02:34 . 2013-02-09 02:34    --------    d-----w-    c:\programdata\Intel
2013-02-09 00:12 . 2013-02-09 00:12    --------    d-----w-    c:\users\Default\AppData\Roaming\TuneUp Software
2013-02-08 06:44 . 2013-02-08 06:44    --------    d-----w-    c:\users\Tony Yeh\AppData\Roaming\Intel Corporation
2013-02-08 06:18 . 2009-12-17 18:25    433176    ----a-w-    c:\windows\system32\drivers\iaStor.sys
2013-02-08 06:18 . 2013-02-08 06:18    --------    d-----w-    c:\users\Tony Yeh\AppData\Roaming\InstallShield
2013-02-08 06:18 . 2013-02-08 06:18    --------    d-----w-    C:\swsetup
2013-02-08 06:00 . 2013-02-08 06:00    --------    d-----w-    C:\6bec5fae0923da237212b90a
2013-02-07 11:08 . 2013-02-09 01:18    --------    d-----r-    c:\users\Tony Yeh\SkyDrive
2013-02-07 11:08 . 2013-02-07 11:08    --------    d-----w-    c:\program files\Microsoft SkyDrive
2013-02-07 11:07 . 2013-02-07 11:07    --------    d-----w-    c:\programdata\Microsoft SkyDrive
2013-02-07 07:43 . 2013-02-09 05:32    --------    d-----w-    c:\program files\Intel
2013-02-06 07:11 . 2013-02-06 07:32    1431272    ----a-w-    c:\windows\system32\AutoPartNt.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   在三个月内被修改的档案   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-15 07:04 . 2012-04-16 17:31    691568    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-02-15 07:04 . 2011-05-14 23:49    71024    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-17 09:28 . 2012-11-02 06:47    232336    ------w-    c:\windows\system32\MpSigStub.exe
2012-12-16 14:13 . 2012-12-23 01:39    295424    ----a-w-    c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-23 01:39    34304    ----a-w-    c:\windows\system32\atmlib.dll
2012-12-15 00:49 . 2009-11-13 20:47    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys
2012-12-11 14:22 . 2012-12-11 14:22    72048    ----a-w-    c:\windows\system32\ibmpmctl.exe
2012-12-11 14:22 . 2012-12-11 14:22    51056    ----a-w-    c:\windows\system32\ibmpmsvc.exe
2012-12-11 14:22 . 2012-12-11 14:22    36208    ----a-w-    c:\windows\system32\tpinspm.dll
2012-12-11 14:22 . 2012-12-11 14:22    36040    ----a-w-    c:\windows\system32\drivers\ibmpmdrv.sys
2012-12-07 12:26 . 2013-01-09 08:11    308736    ----a-w-    c:\windows\system32\Wpc.dll
2012-12-07 12:20 . 2013-01-09 08:11    2576384    ----a-w-    c:\windows\system32\gameux.dll
2012-12-07 10:46 . 2013-01-09 08:11    43520    ----a-w-    c:\windows\system32\csrr.rs
2012-12-07 10:46 . 2013-01-09 08:11    30720    ----a-w-    c:\windows\system32\usk.rs
2012-12-07 10:46 . 2013-01-09 08:11    45568    ----a-w-    c:\windows\system32\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 08:11    44544    ----a-w-    c:\windows\system32\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 08:11    20480    ----a-w-    c:\windows\system32\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 08:11    23552    ----a-w-    c:\windows\system32\oflc.rs
2012-12-07 10:46 . 2013-01-09 08:11    20480    ----a-w-    c:\windows\system32\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 08:11    46592    ----a-w-    c:\windows\system32\fpb.rs
2012-12-07 10:46 . 2013-01-09 08:11    20480    ----a-w-    c:\windows\system32\pegi.rs
2012-12-07 10:46 . 2013-01-09 08:11    21504    ----a-w-    c:\windows\system32\grb.rs
2012-12-07 10:46 . 2013-01-09 08:11    40960    ----a-w-    c:\windows\system32\cob-au.rs
2012-12-07 10:46 . 2013-01-09 08:11    15360    ----a-w-    c:\windows\system32\djctq.rs
2012-12-07 10:46 . 2013-01-09 08:11    55296    ----a-w-    c:\windows\system32\cero.rs
2012-12-07 10:46 . 2013-01-09 08:11    51712    ----a-w-    c:\windows\system32\esrb.rs
2012-11-30 04:47 . 2013-01-09 08:12    293376    ----a-w-    c:\windows\system32\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 08:12    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:12    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:12    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:12    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:12    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:12    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:12    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:12    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:12    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:12    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:12    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:12    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:12    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:12    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:12    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:12    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:12    5120    ---ha-w-    c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:12    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:12    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:12    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:12    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:12    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:12    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:12    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 02:55 . 2013-01-09 08:12    271360    ----a-w-    c:\windows\system32\conhost.exe
2012-11-30 02:38 . 2013-01-09 08:12    6144    ---ha-w-    c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 08:12    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 08:12    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 08:12    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-23 02:48 . 2013-01-09 08:11    49152    ----a-w-    c:\windows\system32\taskhost.exe
2012-11-22 04:45 . 2013-01-09 08:13    626688    ----a-w-    c:\windows\system32\usp10.dll
2006-10-23 15:35 . 2006-10-23 15:34    7396864    -c--a-w-    c:\program files\HTML Guardian 7.msi
2013-02-19 18:44 . 2013-02-19 18:44    263064    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
2004-07-30 08:04    1216    -csha-w-    c:\windows\Twunk_16.dll
2004-07-30 08:04    1216    -csha-w-    c:\windows\Twunk_32.dll
.
.
(((((((((((((((((((((((((((((((((((((   重要登入点   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-02-07 11:07    222712    ----a-w-    c:\users\Tony Yeh\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-02-07 11:07    222712    ----a-w-    c:\users\Tony Yeh\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-02-07 11:07    222712    ----a-w-    c:\users\Tony Yeh\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AAADesktopTips]
@="{4562B511-62E9-4533-B7B2-56A8BB10B482}"
[HKEY_CLASSES_ROOT\CLSID\{4562B511-62E9-4533-B7B2-56A8BB10B482}]
2011-09-29 07:38    251504    ----a-w-    c:\program files\Common Files\Thunder Network\KanKan\xappex.1.1.1.29.(528).dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-12-24 284696]
"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2012-08-23 3457840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"TpShocks"="TpShocks.exe" [2012-09-21 186248]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2012-03-09 4280184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4562B511-62E9-4533-B7B2-56A8BB10B482}"= "c:\program files\Common Files\Thunder Network\KanKan\xappex.1.1.1.29.(528).dll" [2011-09-29 251504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2012-10-01 07:22    66360    ----a-w-    c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2012-09-21 20:48    100712    ----a-w-    c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages    REG_MULTI_SZ       scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
   Ime File    REG_SZ             GOOGLEPINYIN2.IME
backup=
path=
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tony Yeh^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup
path=c:\users\Tony Yeh\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^eFax 4.4.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk
backup=c:\windows\pss\eFax 4.4.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Tony Yeh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CCC.lnk]
path=c:\users\Tony Yeh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CCC.lnk
backup=c:\windows\pss\CCC.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Tony Yeh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^KKBOX_Tray.lnk]
path=c:\users\Tony Yeh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KKBOX_Tray.lnk
backup=c:\windows\pss\KKBOX_Tray.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Tony Yeh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\users\Tony Yeh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2012-04-04 05:53    815512    ----a-w-    c:\program files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2007-10-09 20:33    1949480    ----a-w-    c:\program files\Apricorn\EZ Gig II\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2012-04-04 05:53    36760    ----a-w-    c:\program files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37    843712    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2009-03-11 20:54    611712    ----a-w-    c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apricorn Scheduler Service]
2007-10-09 20:24    148712    ----a-w-    c:\program files\Common Files\Apricorn\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-11-28 22:13    59280    ----a-w-    c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]
2009-01-15 08:52    208896    ----a-w-    c:\progra~1\ThinkPad\UTILIT~1\BATLOGEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2012-02-01 17:36    50592    ----a-w-    c:\users\Tony Yeh\AppData\Roaming\mjusbsp\cdloader2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2009-07-14 01:14    8704    ----a-w-    c:\windows\System32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZGigMonitor.exe]
2007-10-09 20:20    1169264    ----a-w-    c:\program files\Apricorn\EZ Gig II\EZGigMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-09 00:55    133104    -----tw-    c:\users\Tony Yeh\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelPROSet]
2012-08-23 23:59    3457840    ----a-w-    c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2012-08-23 23:59    3457840    ----a-w-    c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 23:50    221184    -c--a-w-    c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 23:50    81920    -c--a-w-    c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-12-12 21:57    152544    ----a-w-    c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Backup Service Once]
2009-09-26 00:29    21304    ----a-w-    c:\program files\Lenovo\Rescue and Recovery\rrstrigger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LENOVO.TPFNF6R]
2009-11-09 21:48    58728    ----a-w-    c:\program files\Lenovo\HOTKEY\tpfnf6r.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2012-12-15 00:49    824232    ----a-w-    c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-03-09 01:50    4280184    ----a-w-    c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDService.exe]
2005-11-15 20:13    49152    -c--a-r-    c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
2012-09-21 19:44    55656    ----a-w-    c:\program files\ThinkVantage Fingerprint Software\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRMGRTR]
2009-01-15 08:52    389120    ----a-w-    c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 11:12    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17    1174016    ----a-w-    c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyDrive]
2013-02-07 11:07    255992    ----a-w-    c:\users\Tony Yeh\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-01-08 20:59    18705664    ----a-r-    c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2009-05-19 01:28    1314816    ----a-w-    c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-06 00:07    2260480    --sha-r-    c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 16:04    252848    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2012-09-11 01:09    134456    ----a-w-    c:\program files\Synaptics\SynTP\SynTPLpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Thunder]
2011-12-01 06:25    1249456    ----a-w-    c:\program files\Thunder Network\Thunder\Program\Thunder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX]
2005-10-16 17:11    65536    ----a-w-    c:\windows\System32\TP4EX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
2009-09-26 00:32    487424    ----a-w-    c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2007-05-31 17:21    648072    ----a-w-    c:\windows\WindowsMobile\wmdcBase.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2009-07-14 01:14    65024    ----a-w-    c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Tony Yeh\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
R2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
R3 ALSysIO;ALSysIO;c:\users\TONYYE~1\AppData\Local\Temp\ALSysIO.sys [x]
R3 AMPPALP;Intel? Centrino? Wireless Bluetooth? + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32\DRIVERS\athru6.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 DCamUSBSony4;Sony Visual Communication Camera;c:\windows\system32\DRIVERS\snyucam4.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x]
R3 EraserUtilDrvI13;EraserUtilDrvI13;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI13.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x]
R3 FTLUND;Lundinova Filter Driver;c:\windows\system32\drivers\ftlund.sys [x]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 swmx01;Sierra Wireless USB MUX Driver (#01);c:\windows\system32\DRIVERS\swmx01.sys [x]
R3 SWNC5E01;Sierra Wireless MUX NDIS Driver (#01);c:\windows\system32\DRIVERS\SWNC5E01.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R4 AMPPALR3;Intel? Centrino? Wireless Bluetooth? + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
R4 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
R4 GSService;GSService;c:\windows\system32\GSService.exe [x]
R4 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R4 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [x]
R4 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [x]
S2 CMB8100;CMB8100;c:\windows\system32\Drivers\CertClient.dat [x]
S2 CMBProtector;CMBProtector;c:\windows\system32\Drivers\CMBProtector.dat [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 PrivateDisk;PrivateDisk;c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys [x]
S2 smi2;smi2;c:\program files\SMI2\smi2.sys [x]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [x]
S2 XLServicePlatform;XLServicePlatform;c:\windows\system32\svchost [x]
S3 AMPPAL;Intel? Centrino? Wireless Bluetooth? + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETwLv32;    Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - ccHP
*Deregistered* - eeCtrl
*Deregistered* - EraserUtilRebootDrv
*Deregistered* - IDSVix86
*Deregistered* - SRTSPX
*Deregistered* - SymDS
*Deregistered* - SymEFA
*Deregistered* - SymEvent
*Deregistered* - SymIRON
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile    REG_MULTI_SZ       wcescomm rapimgr
LocalServiceRestricted    REG_MULTI_SZ       WcesComm RapiMgr
XLServicePlatform    REG_MULTI_SZ       XLServicePlatform
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-13 07:12    1607120    ----a-w-    c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
 ‘计划任务’ 文件夹 里的内容
.
2013-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-19 05:32]
.
2013-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-19 05:32]
.
2013-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1369483405-311402246-727616386-1005Core.job
- c:\users\Tony Yeh\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-09 00:55]
.
2013-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1369483405-311402246-727616386-1005UA.job
- c:\users\Tony Yeh\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-09 00:55]
.
.
------- 而外的扫描 -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: 添加到飞信表情 - c:\program files\China Mobile\Fetion\FetionExt.dll/202
IE: 通过飞信短信发送 - c:\program files\China Mobile\Fetion\FetionExt.dll/201
Trusted Zone: magicjack.com\data
Trusted Zone: magicjack.com\my
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: talk4free.com\reg
Trusted Zone: webscache.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Tony Yeh\AppData\Roaming\Mozilla\Firefox\Profiles\jkh5s855.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - ExtSQL: 2013-02-16 00:56; keyconfig@dorando; c:\users\Tony Yeh\AppData\Roaming\Mozilla\Firefox\Profiles\jkh5s855.default\extensions\keyconfig@dorando.xpi
FF - user.js: extensions.searchya.hmpg - true
FF - user.js: extensions.searchya.hmpgUrl - hxxp://www.searchya.com/?f=1&a=dnldyho&cd=2XzuyEtN2Y1L1QzutDtDtCyC0C0E0E0CtD0AtAtB0FtD0DzytN0D0Tzu0CyEtCtCtN1L2XzutBtFtBtFtCtFyEyBzztN1L1Czu1Q1G1I1Q2U1M1F&cr=1761225722&ir=
FF - user.js: extensions.searchya.dfltSrch - true
FF - user.js: extensions.searchya.srchPrvdr - SearchYa!
FF - user.js: extensions.searchya.dnsErr - true
FF - user.js: extensions.searchya_i.newTab - false
FF - user.js: extensions.searchya.newTabUrl - hxxp://www.searchya.com/?f=2&a=dnldyho&cd=2XzuyEtN2Y1L1QzutDtDtCyC0C0E0E0CtD0AtAtB0FtD0DzytN0D0Tzu0CyEtCtCtN1L2XzutBtFtBtFtCtFyEyBzztN1L1Czu1Q1G1I1Q2U1M1F&cr=1761225722&ir=
FF - user.js: extensions.searchya.tlbrSrchUrl - hxxp://www.searchya.com/?f=3&a=dnldyho&cd=2XzuyEtN2Y1L1QzutDtDtCyC0C0E0E0CtD0AtAtB0FtD0DzytN0D0Tzu0CyEtCtCtN1L2XzutBtFtBtFtCtFyEyBzztN1L1Czu1Q1G1I1Q2U1M1F&cr=1761225722&ir=&q=
FF - user.js: extensions.searchya.id - 0016CEEC0A32F0D9
FF - user.js: extensions.searchya.instlDay - 15750
FF - user.js: extensions.searchya.vrsn - 1.8.8.0
FF - user.js: extensions.searchya.vrsni - 1.8.8.0
FF - user.js: extensions.searchya_i.vrsnTs - 1.8.8.018:25
FF - user.js: extensions.searchya.prtnrId - searchya
FF - user.js: extensions.searchya.prdct - searchya
FF - user.js: extensions.searchya.aflt - dnldyho
FF - user.js: extensions.searchya_i.smplGrp - none
FF - user.js: extensions.searchya.tlbrId - base
FF - user.js: extensions.searchya.instlRef -
FF - user.js: extensions.searchya.dfltLng -
FF - user.js: extensions.searchya.appId - {1973277F-87B0-4EA3-9ED2-470A91D284CF}
FF - user.js: extensions.searchya.excTlbr - false
FF - user.js: extensions.searchya_i.hmpg - true
FF - user.js: extensions.irspeeddial.aflt - dnldyho
FF - user.js: extensions.irspeeddial.instlRef -
FF - user.js: extensions.irspeeddial.cr - 1761225722
FF - user.js: extensions.irspeeddial.cd - 2XzuyEtN2Y1L1QzutDtDtCyC0C0E0E0CtD0AtAtB0FtD0DzytN0D0Tzu0CyEtCtCtN1L2XzutBtFtBtFtCtFyEyBzztN1L1Czu1Q1G1I1Q2U1M1F
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
Notify-tpfnf2 - c:\program files\Lenovo\HOTKEY\notifyf2.dll
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG2012\avgtray.exe
MSConfigStartUp-AVG_UI - c:\program files\AVG\AVG2013\avgui.exe
MSConfigStartUp-Driver Detective - c:\program files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe
MSConfigStartUp-eFax 4 - c:\program files\eFax Messenger 4.4\J2GDllCmd.exe
MSConfigStartUp-EvtMgr6 - c:\program files\Logitech\SetPointP\SetPoint.exe
MSConfigStartUp-GoogleDriveSync - c:\program files\Google\Drive\googledrivesync.exe
MSConfigStartUp-googletalk - c:\program files\Google\Google Talk\googletalk.exe
MSConfigStartUp-IMEKRMIG6 - c:\windows\ime\imkr6_1\IMEKRMIG.EXE
MSConfigStartUp-IMJPMIG8 - c:\windows\IME\imjp8_1\IMJPMIG.EXE
MSConfigStartUp-IntelliPoint - c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe
MSConfigStartUp-IntelliType Pro - c:\program files\Microsoft Mouse and Keyboard Center\itype.exe
MSConfigStartUp-IntelZeroConfig - c:\program files\Intel\WiFi\bin\ZCfgSvc.exe
MSConfigStartUp-ISW - c:\program files\CheckPoint\ZAForceField\ForceField.exe
MSConfigStartUp-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe
MSConfigStartUp-KiesPreload - c:\program files\Samsung\Kies\Kies.exe
MSConfigStartUp-KiesTrayAgent - c:\program files\Samsung\Kies\KiesTrayAgent.exe
MSConfigStartUp-LPManager - c:\progra~1\THINKV~1\PrdCtr\LPMGR.EXE
MSConfigStartUp-Message Center Plus - c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe
MSConfigStartUp-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe
MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe
MSConfigStartUp-MSPY2002 - c:\windows\system32\IME\PINTLGNT\ImScInst.exe
MSConfigStartUp-mumservice - c:\program files\Motorola\Software Update\mumservice.exe
MSConfigStartUp-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
MSConfigStartUp-NokiaSuite - c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
MSConfigStartUp-NSLauncher - c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe
MSConfigStartUp-NSU_agent - c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe
MSConfigStartUp-PC Suite Tray - c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
MSConfigStartUp-PHIME2002A - c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
MSConfigStartUp-PHIME2002ASync - c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
MSConfigStartUp-PWMTRV - c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL
MSConfigStartUp-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe
MSConfigStartUp-Singlesnet - c:\program files\Singlesnet\Singlesnet\Singlesnet.exe
MSConfigStartUp-StartCCC - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
MSConfigStartUp-TPFNF7 - c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe
MSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exe
MSConfigStartUp-WebThunder - c:\program files\Thunder Network\WebThunder\WebThunder.exe
MSConfigStartUp-Windows Mobile Device Center - c:\windows\WindowsMobile\wmdc.exe
AddRemove-LINE - c:\program files\Naver\LINE\LineUnInst.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CMB8100]
"ImagePath"="\??\c:\windows\system32\Drivers\CertClient.dat"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CMBProtector]
"ImagePath"="\??\c:\windows\system32\Drivers\CMBProtector.dat"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- 运行进程下的动态链接库 ---------------------
.
- - - - - - - > 'lsass.exe'(716)
c:\windows\system32\relog_ap.DLL
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
- - - - - - - > 'Explorer.exe'(5000)
c:\program files\Common Files\Thunder Network\KanKan\xappex.1.1.1.29.(528).dll
c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
c:\program files\WinSCP3\DragExt.dll
.
------------------------ 其他运行进程 ------------------------
.
c:\windows\System32\WUDFHost.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\CISVC.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\locator.exe
c:\windows\system32\UI0Detect.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\ThinkVantage Fingerprint Software\upeksvr.exe
c:\windows\system32\taskhost.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Google\Google Pinyin 2\GooglePinyinDaemon.exe
c:\windows\system32\DllHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\cidaemon.exe
c:\program files\windows defender\MpCmdRun.exe
.
**************************************************************************
.
完成时间: 2013-02-19  17:15:31 - 电脑已重新启动
ComboFix-quarantined-files.txt  2013-02-20 01:15
.
Pre-Run: 114,363,883,520 bytes free
Post-Run: 114,917,793,792 bytes free
.
- - End Of File - - F924CB498CDDE105BE36FD7C0EC9CD66

 

 

 

/////////////////

/////////////////

 

Here is the aswMBR:

 

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-19 17:41:19
-----------------------------
17:41:19.980    OS Version: Windows 6.1.7601 Service Pack 1
17:41:19.980    Number of processors: 2 586 0xE08
17:41:19.980    ComputerName: LENOVO-B0C56120  UserName: Tony Yeh
17:41:31.681    Initialize success
17:41:47.671    AVAST engine defs: 13021902
17:41:51.243    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
17:41:51.243    Disk 0 Vendor: HGST_HTS GH2O Size: 476940MB BusType: 3
17:41:51.259    Disk 0 MBR read successfully
17:41:51.259    Disk 0 MBR scan
17:41:51.274    Disk 0 unknown MBR code
17:41:51.274    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       471823 MB offset 63
17:41:51.305    Disk 0 Partition 2 00     12  Compaq diag MSWIN4.1     5114 MB offset 966293685
17:41:51.321    Disk 0 scanning sectors +976768065
17:41:51.368    Disk 0 scanning C:\Windows\system32\drivers
17:42:07.108    Service scanning
17:42:31.023    Modules scanning
17:42:38.917    Disk 0 trace - called modules:
17:42:38.932    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
17:42:38.932    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8604a030]
17:42:38.948    3 CLASSPNP.SYS[8938a59e] -> nt!IofCallDriver -> [0x848ff020]
17:42:38.948    5 ACPI.sys[888d33d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85572028]
17:42:40.445    AVAST engine scan C:\Windows
17:42:46.982    AVAST engine scan C:\Windows\system32
17:47:34.225    AVAST engine scan C:\Windows\system32\drivers
17:47:56.174    AVAST engine scan C:\Users\Tony Yeh
18:03:01.023    Disk 0 MBR has been saved successfully to "C:\Users\Tony Yeh\Desktop\MBR.dat"
18:03:01.101    The log file has been saved successfully to "C:\Users\Tony Yeh\Desktop\aswMBR.txt"

 

///////////

//////////

 

Thank you for your time, patience and expertice !!

 

Regards,

Tony



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,006 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:24 AM

Posted 19 February 2013 - 10:40 PM

Hi Tony,

Thanks for getting that information posted.

I would like to run 3 programs now. Two of them will get rid of some unwanted adware type entries and the last program will give us some insight about your Blue Screen events.

Please run these for me.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------

  • Close all open programs and internet browser
  • Double click on adwcleaner.exe
  • Click on Delete
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[S1].txt

===================================================

Junkware Removal Tool by thisisu

-------------------

  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply

===================================================


BlueScreenView

----------

  • Download BlueScreenView and save it to your desktop
  • Double click the BlueScreenView.exe file then click OK
  • Select Run, Next, then Next again
  • Click Install
  • When the scanning is complete, select Edit and Select All
  • Then click File and Save Selected Items
  • Save the report as BSOD.txt
  • Open BSOD.txt
  • in Notepad, copy the entire content and paste it into your next reply

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. icon_thumb.gif

  • AdwCleaner log
  • Junkware log
  • Blue Screen information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 tiger168

tiger168
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:24 AM

Posted 19 February 2013 - 11:31 PM

Thank you again.

 

Here are the results:

 

#1, AdwCleaner[S1].txt

 

# AdwCleaner v2.112 - Logfile created 02/19/2013 at 20:13:37
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Tony Yeh - LENOVO-B0C56120
# Boot Mode : Normal
# Running from : C:\Users\Tony Yeh\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Users\Tony Yeh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Users\Tony Yeh\AppData\Local\Conduit
Folder Deleted : C:\Users\Tony Yeh\AppData\Local\Coupon Companion Plugin
Folder Deleted : C:\Users\Tony Yeh\AppData\Local\DownTango
Folder Deleted : C:\Users\Tony Yeh\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Tony Yeh\AppData\LocalLow\Bandoo
Folder Deleted : C:\Users\Tony Yeh\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Tony Yeh\AppData\Roaming\Bandoo

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\searchya
Key Deleted : HKCU\Software\TENCENT
Key Deleted : HKLM\Software\Bandoo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\ilivid
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\ilivid
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{819DC4CA-4FFF-4C2E-800D-F346471D99BC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Deleted : HKLM\SOFTWARE\Software
Key Deleted : HKLM\Software\TENCENT
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0 (en-US)

File : C:\Users\Tony Yeh\AppData\Roaming\Mozilla\Firefox\Profiles\jkh5s855.default\prefs.js

C:\Users\Tony Yeh\AppData\Roaming\Mozilla\Firefox\Profiles\jkh5s855.default\user.js ... Deleted !

Deleted : user_pref("browser.search.order.1", "SearchYa!");
Deleted : user_pref("extensions.searchya.aflt", "dnldyho");
Deleted : user_pref("extensions.searchya.appId", "{1973277F-87B0-4EA3-9ED2-470A91D284CF}");
Deleted : user_pref("extensions.searchya.cntry", "US");
Deleted : user_pref("extensions.searchya.dfltLng", "");
Deleted : user_pref("extensions.searchya.dfltSrch", true);
Deleted : user_pref("extensions.searchya.dnsErr", true);
Deleted : user_pref("extensions.searchya.excTlbr", false);
Deleted : user_pref("extensions.searchya.hdrMd5", "3F6789FE29C9928218F68504FCDF3F12");
Deleted : user_pref("extensions.searchya.hmpg", true);
Deleted : user_pref("extensions.searchya.hmpgUrl", "hxxp://www.searchya.com/?f=1&a=dnldyho&cd=2XzuyEtN2Y1L1Qzu[...]
Deleted : user_pref("extensions.searchya.id", "0016CEEC0A32F0D9");
Deleted : user_pref("extensions.searchya.instlDay", "15750");
Deleted : user_pref("extensions.searchya.instlRef", "");
Deleted : user_pref("extensions.searchya.lastVrsnTs", "1.8.8.018:25:22");
Deleted : user_pref("extensions.searchya.newTabUrl", "hxxp://www.searchya.com/?f=2&a=dnldyho&cd=2XzuyEtN2Y1L1Q[...]
Deleted : user_pref("extensions.searchya.pnu_base", "{\"newVrsn\":\"35\",\"lastVrsn\":\"35\",\"vrsnLoad\":\"\"[...]
Deleted : user_pref("extensions.searchya.prdct", "searchya");
Deleted : user_pref("extensions.searchya.prtnrId", "searchya");
Deleted : user_pref("extensions.searchya.sg", "none");
Deleted : user_pref("extensions.searchya.srchPrvdr", "SearchYa!");
Deleted : user_pref("extensions.searchya.tlbrId", "base");
Deleted : user_pref("extensions.searchya.tlbrSrchUrl", "hxxp://www.searchya.com/?f=3&a=dnldyho&cd=2XzuyEtN2Y1L[...]
Deleted : user_pref("extensions.searchya.vrsn", "1.8.8.0");
Deleted : user_pref("extensions.searchya.vrsni", "1.8.8.0");
Deleted : user_pref("extensions.searchya_i.hmpg", true);
Deleted : user_pref("extensions.searchya_i.newTab", false);
Deleted : user_pref("extensions.searchya_i.smplGrp", "none");
Deleted : user_pref("extensions.searchya_i.vrsnTs", "1.8.8.018:25:22");

-\\ Google Chrome v24.0.1312.57

File : C:\Users\Tony Yeh\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : icon_url ={"backup":{"_signature":"Cb9mwh+wcnM4lx2Tcd5LeKv79yVQDJuwnbgSvyZFgRU=","_version":4,"browser":{"show[...]

*************************

AdwCleaner[R1].txt - [75666 octets] - [19/02/2013 20:12:39]
AdwCleaner[S1].txt - [9671 octets] - [19/02/2013 20:13:37]

########## EOF - C:\AdwCleaner[S1].txt - [9731 octets] ##########
 

 

 

 

 

 

#2, Junkware.log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.5 (02.18.2013:1)
OS: Windows 7 Ultimate x86
Ran by Tony Yeh on 02/19/2013 Tue at 20:18:23.52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
Successfully deleted: [Registry Key] hkey_current_user\software\systweak
Successfully deleted: [Registry Key] hkey_local_machine\software\systweak
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\tencent"
Successfully deleted: [Folder] "C:\Users\Tony Yeh\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\Tony Yeh\AppData\Roaming\tencent"
Successfully deleted: [Folder] "C:\Users\Tony Yeh\appdata\local\tencent"
Successfully deleted: [Folder] "C:\Program Files\regclean pro"
Successfully deleted: [Folder] "C:\Program Files\tencent"
Successfully deleted: [Folder] "C:\Windows\freecorder"



~~~ FireFox

Successfully deleted the following from C:\Users\Tony Yeh\AppData\Roaming\mozilla\firefox\profiles\jkh5s855.default\prefs.js

user_pref("extensions.crossrider.bic", "13cdbac9ccd4c5e5c082eaac3f6c485b");
Emptied folder: C:\Users\Tony Yeh\AppData\Roaming\mozilla\firefox\profiles\jkh5s855.default\minidumps [6 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02/19/2013 Tue at 20:24:54.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

#3, BSOD.txt

 

==================================================
Dump File         : 021913-26410-01.dmp
Crash Time        : 2/19/2013 5:40:00 PM
Bug Check String  : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x000000d1
Parameter 1       : 0x00000000
Parameter 2       : 0x000000ff
Parameter 3       : 0x00000008
Parameter 4       : 0x00000000
Caused By Driver  : iaStor.sys
Caused By Address : iaStor.sys+64d48
File Description  : Intel Matrix Storage Manager driver - x86
Product Name      : Intel Matrix Storage Manager driver
Company           : Intel Corporation
File Version      : 9.5.6.1001
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+40c7b
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\021913-26410-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 145,328
==================================================

==================================================
Dump File         : 021913-30498-01.dmp
Crash Time        : 2/19/2013 5:33:26 PM
Bug Check String  : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x000000d1
Parameter 1       : 0x00000000
Parameter 2       : 0x000000ff
Parameter 3       : 0x00000008
Parameter 4       : 0x00000000
Caused By Driver  : dxgmms1.sys
Caused By Address : dxgmms1.sys+8796
File Description  : DirectX Graphics MMS
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17554 (win7sp1_gdr.110202-1504)
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+40c7b
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\021913-30498-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 145,328
==================================================

==================================================
Dump File         : 021113-50076-01.dmp
Crash Time        : 2/11/2013 10:22:36 PM
Bug Check String  : DRIVER_VERIFIER_DETECTED_VIOLATION
Bug Check Code    : 0x000000c4
Parameter 1       : 0x000000c1
Parameter 2       : 0x8ae92cde
Parameter 3       : 0x00000000
Parameter 4       : 0x00000000
Caused By Driver  : mbr.sys
Caused By Address : mbr.sys+2cde
File Description  :
Product Name      :
Company           :
File Version      :
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+dee98
Stack Address 1   : ntkrnlpa.exe+110758
Stack Address 2   : ntkrnlpa.exe+3326d4
Stack Address 3   : ntkrnlpa.exe+36be0
Computer Name     :
Full Path         : C:\Windows\Minidump\021113-50076-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 145,592
==================================================

==================================================
Dump File         : 020713-45318-01.dmp
Crash Time        : 2/7/2013 3:25:59 AM
Bug Check String  : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x000000d1
Parameter 1       : 0xbb0ea3a5
Parameter 2       : 0x00000006
Parameter 3       : 0x00000001
Parameter 4       : 0x91d122f1
Caused By Driver  : SynTP.sys
Caused By Address : SynTP.sys+152f1
File Description  : Synaptics Touchpad Driver
Product Name      : Synaptics Pointing Device Driver
Company           : Synaptics Incorporated
File Version      : 16.2.14 07Sep12
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+40cdb
Stack Address 1   : SynTP.sys+152f1
Stack Address 2   : SynTP.sys+4651
Stack Address 3   : SynTP.sys+3715
Computer Name     :
Full Path         : C:\Windows\Minidump\020713-45318-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 145,304
==================================================

==================================================
Dump File         : 020713-78187-01.dmp
Crash Time        : 2/7/2013 1:54:31 AM
Bug Check String  : DRIVER_VERIFIER_DETECTED_VIOLATION
Bug Check Code    : 0x000000c4
Parameter 1       : 0x000000f6
Parameter 2       : 0x000014cc
Parameter 3       : 0x8a852d40
Parameter 4       : 0x85d59f15
Caused By Driver  : timntr.sys
Caused By Address : timntr.sys+1cf15
File Description  : Apricorn EZ Gig II Backup Archive Explorer
Product Name      : Apricorn EZ Gig II
Company           : Apricorn
File Version      : 3.3 build 444
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+dee98
Stack Address 1   : ntkrnlpa.exe+337f1f
Stack Address 2   : ntkrnlpa.exe+33c782
Stack Address 3   : ntkrnlpa.exe+2230e3
Computer Name     :
Full Path         : C:\Windows\Minidump\020713-78187-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 145,408
==================================================

==================================================
Dump File         : 012313-72634-01.dmp
Crash Time        : 1/23/2013 2:57:05 PM
Bug Check String  : PFN_LIST_CORRUPT
Bug Check Code    : 0x0000004e
Parameter 1       : 0x00000099
Parameter 2       : 0x0000c94c
Parameter 3       : 0x00000003
Parameter 4       : 0x0005f157
Caused By Driver  : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+dee98
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18044 (win7sp1_gdr.130104-1431)
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+dee98
Stack Address 1   : ntkrnlpa.exe+ea567
Stack Address 2   : ntkrnlpa.exe+671ac
Stack Address 3   : ntkrnlpa.exe+e62e2
Computer Name     :
Full Path         : C:\Windows\Minidump\012313-72634-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 145,376
==================================================

==================================================
Dump File         : 012313-69124-01.dmp
Crash Time        : 1/23/2013 1:16:53 PM
Bug Check String  : MEMORY_MANAGEMENT
Bug Check Code    : 0x0000001a
Parameter 1       : 0x00000411
Parameter 2       : 0xc062a3d8
Parameter 3       : 0x557998c2
Parameter 4       : 0xc06213d9
Caused By Driver  : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+dee98
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18044 (win7sp1_gdr.130104-1431)
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+dee98
Stack Address 1   : ntkrnlpa.exe+a9cca
Stack Address 2   : ntkrnlpa.exe+a3bec
Stack Address 3   : ntkrnlpa.exe+91480
Computer Name     :
Full Path         : C:\Windows\Minidump\012313-69124-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 145,376
==================================================

==================================================
Dump File         : 012213-76892-01.dmp
Crash Time        : 1/22/2013 5:39:40 PM
Bug Check String  : DRIVER_VERIFIER_DETECTED_VIOLATION
Bug Check Code    : 0x000000c4
Parameter 1       : 0x000000f6
Parameter 2       : 0x00001210
Parameter 3       : 0x9ba26cb0
Parameter 4       : 0x85144f15
Caused By Driver  : timntr.sys
Caused By Address : timntr.sys+1cf15
File Description  : Apricorn EZ Gig II Backup Archive Explorer
Product Name      : Apricorn EZ Gig II
Company           : Apricorn
File Version      : 3.3 build 444
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+dee98
Stack Address 1   : ntkrnlpa.exe+337f1f
Stack Address 2   : ntkrnlpa.exe+33c782
Stack Address 3   : ntkrnlpa.exe+2230e3
Computer Name     :
Full Path         : C:\Windows\Minidump\012213-76892-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 145,328
==================================================

==================================================
Dump File         : 012213-132834-01.dmp
Crash Time        : 1/22/2013 5:07:23 PM
Bug Check String  : PFN_LIST_CORRUPT
Bug Check Code    : 0x0000004e
Parameter 1       : 0x00000099
Parameter 2       : 0x0001288f
Parameter 3       : 0x00000002
Parameter 4       : 0x00013b0d
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+d2490
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18044 (win7sp1_gdr.130104-1431)
Processor         : 32-bit
Crash Address     : ntoskrnl.exe+d2490
Stack Address 1   : ntoskrnl.exe+e3bc5
Stack Address 2   : ntoskrnl.exe+1f92a
Stack Address 3   : ntoskrnl.exe+dfb56
Computer Name     :
Full Path         : C:\Windows\Minidump\012213-132834-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 145,288
==================================================

==================================================
Dump File         : 012213-54288-01.dmp
Crash Time        : 1/22/2013 4:40:03 PM
Bug Check String  : DRIVER_VERIFIER_DETECTED_VIOLATION
Bug Check Code    : 0x000000c4
Parameter 1       : 0x000000f6
Parameter 2       : 0x0000119c
Parameter 3       : 0xade20778
Parameter 4       : 0x853abf15
Caused By Driver  : timntr.sys
Caused By Address : timntr.sys+1cf15
File Description  : Apricorn EZ Gig II Backup Archive Explorer
Product Name      : Apricorn EZ Gig II
Company           : Apricorn
File Version      : 3.3 build 444
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+dee98
Stack Address 1   : ntkrnlpa.exe+337f1f
Stack Address 2   : ntkrnlpa.exe+33c782
Stack Address 3   : ntkrnlpa.exe+2230e3
Computer Name     :
Full Path         : C:\Windows\Minidump\012213-54288-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 145,328
==================================================

==================================================
Dump File         : 010413-56269-01.dmp
Crash Time        : 1/4/2013 1:23:12 AM
Bug Check String  : MEMORY_MANAGEMENT
Bug Check Code    : 0x0000001a
Parameter 1       : 0x00000411
Parameter 2       : 0xc04c0e18
Parameter 3       : 0x2caba8c2
Parameter 4       : 0x896e9459
Caused By Driver  : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+dee98
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18044 (win7sp1_gdr.130104-1431)
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+dee98
Stack Address 1   : ntkrnlpa.exe+a9cca
Stack Address 2   : ntkrnlpa.exe+a3bec
Stack Address 3   : ntkrnlpa.exe+91480
Computer Name     :
Full Path         : C:\Windows\Minidump\010413-56269-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 145,328
==================================================

==================================================
Dump File         : 110812-24819-01.dmp
Crash Time        : 11/8/2012 8:54:17 PM
Bug Check String  : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x000000d1
Parameter 1       : 0xf92f61c0
Parameter 2       : 0x00000005
Parameter 3       : 0x00000000
Parameter 4       : 0x9c372c22
Caused By Driver  : atikmdag.sys
Caused By Address : atikmdag.sys+165c22
File Description  : ATI Radeon Kernel Mode Driver
Product Name      : ATI Radeon Family
Company           : ATI Technologies Inc.
File Version      : 8.01.01.882
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+40cdb
Stack Address 1   : atikmdag.sys+165c22
Stack Address 2   : atikmdag.sys+158f7e
Stack Address 3   : atikmdag.sys+183dc
Computer Name     :
Full Path         : C:\Windows\Minidump\110812-24819-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 145,184
==================================================

==================================================
Dump File         : 101812-33821-01.dmp
Crash Time        : 10/18/2012 7:17:18 AM
Bug Check String  : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x000000d1
Parameter 1       : 0x636f5ae8
Parameter 2       : 0x00000005
Parameter 3       : 0x00000000
Parameter 4       : 0x9f121650
Caused By Driver  : atikmdag.sys
Caused By Address : atikmdag.sys+f4650
File Description  : ATI Radeon Kernel Mode Driver
Product Name      : ATI Radeon Family
Company           : ATI Technologies Inc.
File Version      : 8.01.01.882
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+40cdb
Stack Address 1   : atikmdag.sys+f4650
Stack Address 2   : atikmdag.sys+eb1c0
Stack Address 3   : dxgkrnl.sys+1b14
Computer Name     :
Full Path         : C:\Windows\Minidump\101812-33821-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 145,328
==================================================

==================================================
Dump File         : 052912-36800-01.dmp
Crash Time        : 5/29/2012 8:20:16 AM
Bug Check String  : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x000000d1
Parameter 1       : 0xffffffff
Parameter 2       : 0x00000002
Parameter 3       : 0x00000000
Parameter 4       : 0x98ea794c
Caused By Driver  : USBPORT.SYS
Caused By Address : USBPORT.SYS+594c
File Description  : USB 1.1 & 2.0 Port Driver
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+4165b
Stack Address 1   : USBPORT.SYS+594c
Stack Address 2   : USBPORT.SYS+652c
Stack Address 3   : USBPORT.SYS+3a34
Computer Name     :
Full Path         : C:\Windows\Minidump\052912-36800-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 183,192
==================================================

==================================================
Dump File         : 042612-51183-01.dmp
Crash Time        : 4/26/2012 12:58:33 PM
Bug Check String  : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x000000d1
Parameter 1       : 0x937feedc
Parameter 2       : 0x00000005
Parameter 3       : 0x00000000
Parameter 4       : 0x95122243
Caused By Driver  : atikmdag.sys
Caused By Address : atikmdag.sys+f0243
File Description  : ATI Radeon Kernel Mode Driver
Product Name      : ATI Radeon Family
Company           : ATI Technologies Inc.
File Version      : 8.01.01.882
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+415eb
Stack Address 1   : atikmdag.sys+f0243
Stack Address 2   : atikmdag.sys+e7459
Stack Address 3   : dxgkrnl.sys+1b14
Computer Name     :
Full Path         : C:\Windows\Minidump\042612-51183-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 145,232
==================================================

==================================================
Dump File         : 121511-35490-01.dmp
Crash Time        : 12/15/2011 7:07:08 PM
Bug Check String  : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x000000d1
Parameter 1       : 0xb2655c50
Parameter 2       : 0x00000005
Parameter 3       : 0x00000000
Parameter 4       : 0x96b09237
Caused By Driver  : atikmdag.sys
Caused By Address : atikmdag.sys+f0237
File Description  : ATI Radeon Kernel Mode Driver
Product Name      : ATI Radeon Family
Company           : ATI Technologies Inc.
File Version      : 8.01.01.882
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+415fb
Stack Address 1   : atikmdag.sys+f0237
Stack Address 2   : atikmdag.sys+e7459
Stack Address 3   : dxgkrnl.sys+1b14
Computer Name     :
Full Path         : C:\Windows\Minidump\121511-35490-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 145,232
==================================================
 

 

Thanks !!!



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,006 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:24 AM

Posted 20 February 2013 - 10:13 AM

Greetings Tony,

Thank you for the information.

Please see if you can successfully run this program for me.


===================================================


Running TDSSKiller with Changed Parameters

--------------------

  • Please download TDSSKiller from here and save it to your Desktop
     
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters

tds2.jpg

  • Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system
     
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now

2012081514h0118.png

  • Click Start Scan and allow the scan process to run

tds4-1.jpg

  • If threats are detected select Skip for all of them unless I instruct you otherwise
     
  • Click Continue

tds6.jpg

  • Click Reboot computer
     
  • Please zip and attach in your reply the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)

===================================================

Things I would like to see in your next reply. icon_thumb.gif

  • TDSSKiller zip file

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 tiger168

tiger168
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:24 AM

Posted 20 February 2013 - 11:11 AM

Thank you for your reply.

 

I ran the TDSSKILLER, it reported no threats and no log file were created?  I selected all the changed parameters, FYI.

 

Pls kindly advice.

 

Thank you.



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,006 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:24 AM

Posted 20 February 2013 - 11:37 AM

Look in the C:\ directory and see if it is there.  If not, please run it again.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 tiger168

tiger168
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:24 AM

Posted 21 February 2013 - 12:21 AM

I finally found it as for some reason the c: drive was not accessible.  But, after a reboot, I was able to get it. (That was weir!)

 

here you are.

 

Thank you very much!

Attached Files


Edited by tiger168, 21 February 2013 - 12:31 AM.


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,006 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:24 AM

Posted 21 February 2013 - 09:37 AM

Hi Tony,

Thanks for hunting that down for me. Even though the report indicated no issues I still wanted to review it. Sometimes there may be entries that are not reported as errors but can act as a clue, but not in this case.

I think we are dealing with either a corrupted driver(s) or a memory issue. We need to do some more troubleshooting to try to narrow down the cause. Your providing detailed information about the difference between Normal and Safe mode is valuable. thumbup.gif

The first step is designed to prevent the launching of 3rd party drivers (non-Microsoft). This is intended to see if one of those drivers is causing your problem. If you find Normal Mode is just fine after disabling the 3rd party drivers then we know we need to identify which one is throwing a tantrum.

The second step will provide a more detailed look into the computer crash events.

There are several tests I have in mind but let's start with this and see where it leads us.


===================================================


Clean Boot

--------------------

  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msconfig and press Enter
  • Note: If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
  • Click to clear the Load Startup Items check box
  • Note: The Use Original Boot.ini check box is unavailable
  • Click to select the Hide All Microsoft Services check box
  • Click Disable All, and then click OK
  • When you are prompted, click Restart
  • Check your computer performance

 

===================================================


WinCrashReport

--------------------

  • Download WinCrashReport and save it to your desktop
  • Unzip the file to your desktop
  • Double click the icon to launch the program
  • Click File, then Save this Crash Report
  • Attach it to your reply

 

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. icon_thumb.gif

  • Clean Boot results?
  • WinCrashReport

Edited by Oh My, 21 February 2013 - 09:37 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 tiger168

tiger168
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:24 AM

Posted 21 February 2013 - 12:29 PM

Thanks for not giving up on this issues. I, also, suspect corrupted drivers, but,  don't want to influence your diagnostic process and logical approach as a total strategy. Thus, where we are.

 

I love this brick as it never breaks on me, but, limping alone isn't the long term excuse that eventually arrived at the inevitable BSOD situation that I am in.

 

CLEANBOOT

 

I have done the CLEAN BOOT many times in the past for diagnostic purposes.  And I can assure you eventually in the normal Window mode, the system will hang or result in BSOD.  However, I have ran the system in the SAFE MODE and the system will run for days (well, I couldn't do much in that mode for my normal work).

 

I do have error balloons like Windows cannot connect to group Service Clients for the longest time, but, I resolve that in this forum as well (caused by Windows Update crashing). But, the BSOD and hang causes long term damage as we all know.

 

I ran the CLEAN BOOT already, but, since the hang and the BSOD is a random event at this point, I an only report to you that It ran fine as of now.  But, I know it will hang eventually.

 

WinCrashReport

 

I ran this app and it doesn't do anything, was I suppose to wait until the Window crash in able to generate the report?

 

I follow the readme.txt and turn on the "Show Internal Exceptions". Got some text, I will paste it here. I'll add more as I progress through some regular apps that I run regularly, if more report are generated.

 

Crash Report For Explorer.EXE
Created by using WinCrashReport
http://www.nirsoft.net/utils/application_crash_report.html



General Exception Information:
Operating System: Windows 7 Ultimate  Service Pack 1  (6.1.7601)
Report Time: 2/21/2013 9:35:19 AM
Process Filename: C:\Windows\Explorer.EXE
Process ID: 1044
Thread ID: 764
Process Description: Windows Explorer
Process Version: 6.1.7600.16385 (win7_rtm.090713-1255)
Process Company: Microsoft Corporation
Product Name: Microsoft® Windows® Operating System
Product Version: 6.1.7600.16385
Crash Address: 7578812F
Crash Address (Relative): KERNELBASE.dll!RaiseException+0x54
Exception Code: 80040155
Exception Description: Interface not registered

Crash Code Bytes:
C9 C2 10 00 89 45 C0 EB ED 3D 01 01 00 00 0F 85
6D 96 FF FF E9 49 96 FF FF 8D 4D B8 FF 15 4C 10
78 75 E9 43 95 FF FF 33 D2 8D 4D B8 FF 15 54 10
78 75 E9 F9 95 FF FF 90 90 90 90 90 8B FF 55 8B


Strings in the stack:
03B3649C 03B3652C -> e044272b9a\MSVCR80.dll
03B365C0 03B36670 -> `+K
03B36A1C 03B3ADC0 -> C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\
03B36A28 03B36F40 -> C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
03B36A30 03B36A68 -> msvcr80.dll
03B36B10 75A77C88 ->     

!"#$%&'()*+,
03B36B1C 03B36C0E -> GetSystemWindowsDirectoryW
03B36C20 74636572 -> t.log
03B3DF08 03B3E2E0 -> C:\Windows湠畸湫畸SxS\x86_micros:1뼨LĀ
03B3DF34 03B3DFDC -> C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
03B3E368 03B3E408 ->      

γ춤眹γγ탚眹Ҵ
03B3E664 03B3E6F4 -> 84K
03B3E6FC 7741A678 -> t4K
03B3E788 03B3E838 -> `+K
03B3E854 03B3ECC8 -> 04BA90B}
03B3E8F0 03B3E9D4 -> \Inter霸ȓŐK\{
03B3E960 77390044 -> %p has corrupted PreviousSize (%lx)

03B3EAAC 75CFFA7E -> /\(
03B3EB6C 75D01748 -> p氳
03B3ED98 03B3EEE8 -> Interface\{79EAC9E4-BAF9-11CE-8C82-00AA004BA90B}
03B3F30C 76ED2240 -> NdrOleExtDLL
03B3F314 76ED21D8 -> \REGISTRY\MACHINE\Software\Microsoft\Rpc\Extensions
03B3F464 75CFEB4D -> 郃邐邐邐邐邐邐邐邐讐嗿譖胱Ѿ圀㶋ᓸ痋萏⸈䚍倘퟿䛿茈ࡾ甁謌ࡅ䚉謐౅䚉弌嵞ೂ退쵵쿭祵큯遵邐邐譕凬ꅤ
03B3FEF8 74F6B109 -> 7@8H8Z8:"tongue.png:}:?;;<;???a<???%>??%?W?m?€?????

Call Stack (Method 1):
03B3F4AC 04F120F0

Call Stack (Method 2):
03B3F170 7578812F  KERNELBASE.dll!RaiseException+0x54
03B3F2E8 76ED21CF  RPCRT4.dll!I_RpcBindingInqTransportType+0xe7
03B3F308 001A0018  Explorer.EXE+0x160018
03B3F3C8 77392F77  ntdll.dll!RtlAllocateHeap+0x211
03B3F3CC 74F6BA75  mswsock.dll+0x3ba75
03B3F3F8 7736E13D  ntdll.dll!RtlIsTextUnicode+0x35a
03B3F418 75CFEB7F  ole32.dll!CoTaskMemAlloc+0x133
03B3F424 74F6BA8D  mswsock.dll+0x3ba8d
03B3F434 77387720  ntdll.dll!RtlEnterCriticalSection
03B3F438 75DF7758  ole32.dll!WdtpInterfacePointer_UserFree+0x2c27
03B3F43C 002C0003  Explorer.EXE+0x280003
03B3F444 7735E115  ntdll.dll!RtlAddMandatoryAce+0x32c
03B3F450 75DF7770  ole32.dll!WdtpInterfacePointer_UserFree+0x2c3f
03B3F458 75DF78F8  ole32.dll!WdtpInterfacePointer_UserFree+0x2dc7
03B3F470 75DF7910  ole32.dll!WdtpInterfacePointer_UserFree+0x2ddf
03B3F474 75D06F8D  ole32.dll!CoTaskMemFree+0x4c
03B3F488 75D40E8E  ole32.dll!CoFreeUnusedLibraries+0x1cc
03B3F4A4 76EDDF50  RPCRT4.dll!I_RpcGetBufferWithObject+0x73
03B3F4CC 76EDDFB5  RPCRT4.dll!I_RpcGetBuffer+0xf
03B3F4E4 00040000  Explorer.EXE+0x0
03B3F4F0 77396524  ntdll.dll!_wcsnicmp+0xc98
03B3F4F8 77396500  ntdll.dll!_wcsnicmp+0xc74
03B3F4FC 74F6BBF9  mswsock.dll+0x3bbf9
03B3F514 74F6BBD1  mswsock.dll+0x3bbd1
03B3F52C 72782037  msxml6.dll+0x2037
03B3F5E0 77396536  ntdll.dll!_wcsnicmp+0xcaa
03B3F5F8 72781E61  msxml6.dll+0x1e61
03B3F608 72781E17  msxml6.dll+0x1e17
03B3F630 72809261  msxml6.dll+0x89261
03B3F640 72781DB5  msxml6.dll+0x1db5
03B3F648 72781F00  msxml6.dll+0x1f00
03B3F650 72782262  msxml6.dll+0x2262
03B3F654 72782976  msxml6.dll+0x2976
03B3F834 75DF67BC  ole32.dll!WdtpInterfacePointer_UserFree+0x1c8b
03B3F998 7739D9CD  ntdll.dll!EtwEventUnregister+0x60
03B3F9AC 77392C78  ntdll.dll!RtlFreeHeap+0x7e
03B3F9D8 76BC98CD  msvcrt.dll!free+0x39
03B3F9E4 76BC98DA  msvcrt.dll!free+0x46
03B3FAA8 7736288C  ntdll.dll!RtlGetDaclSecurityDescriptor+0x30f
03B3FAC8 77362825  ntdll.dll!RtlGetDaclSecurityDescriptor+0x2a8
03B3FACC 7739C85A  ntdll.dll!CsrClientCallServer+0x155
03B3FAD0 74F6B565  mswsock.dll+0x3b565
03B3FAFC 773626E7  ntdll.dll!RtlGetDaclSecurityDescriptor+0x16a
03B3FB00 773631CD  ntdll.dll!RtlVerifyVersionInfo+0x13c
03B3FB2C 74F6B575  mswsock.dll+0x3b575
03B3FB44 7739C907  ntdll.dll!LdrUnloadDll+0x99
03B3FB48 77417340  ntdll.dll!NlsAnsiCodePage+0x1f0
03B3FB4C 7739C8E6  ntdll.dll!LdrUnloadDll+0x78
03B3FB50 74F6B5A1  mswsock.dll+0x3b5a1
03B3FB88 75788BE4  KERNELBASE.dll!FreeLibrary+0x82
03B3FB98 75CEC10B  ole32.dll!PropVariantCopy+0x746
03B3FBA4 75CEC1E1  ole32.dll!PropVariantCopy+0x81c
03B3FBB8 75CEC203  ole32.dll!PropVariantCopy+0x83e
03B3FBC8 75DF82D8  ole32.dll!WdtpInterfacePointer_UserFree+0x37a7
03B3FBCC 75CFB751  ole32.dll!CoFreeUnusedLibrariesEx+0xf0
03B3FBD0 75CFB5A8  ole32.dll!CoCreateInstanceEx+0x185a
03B3FBF4 75CEC1A4  ole32.dll!PropVariantCopy+0x7df
03B3FD04 75CFB763  ole32.dll!CoFreeUnusedLibrariesEx+0x102
03B3FD0C 75DF82D0  ole32.dll!WdtpInterfacePointer_UserFree+0x379f
03B3FD34 75CFB68F  ole32.dll!CoFreeUnusedLibrariesEx+0x2e
03B3FD44 75D40CCB  ole32.dll!CoFreeUnusedLibraries+0x9
03B3FD50 75D219AA  ole32.dll!CreateILockBytesOnHGlobal+0x58f8
03B3FD54 7728C4E7  USER32.dll!gapfnScSendMessage+0x1cf
03B3FD64 00188584  Explorer.EXE+0x148584
03B3FD90 77286671  USER32.dll!KillTimer+0x17a
03B3FD94 77286630  USER32.dll!KillTimer+0x139
03B3FDA8 74F6B06D  mswsock.dll+0x3b06d
03B3FDB0 7728CDE8  USER32.dll!GetMessageW
03B3FDE0 772D629B  USER32.dll!IsWow64Message+0x49
03B3FE10 7728CC37  USER32.dll!gapfnScSendMessage+0x91f
03B3FE34 7728CDE0  USER32.dll!OffsetRect+0x35
03B3FE38 7728CE13  USER32.dll!GetMessageW+0x2b
03B3FE54 75CCA44E  ole32.dll!CoWaitForMultipleHandles+0x42d4
03B3FE6C 75DF7B68  ole32.dll!WdtpInterfacePointer_UserFree+0x3037
03B3FE80 75D219A5  ole32.dll!CreateILockBytesOnHGlobal+0x58f3
03B3FE94 75CC853B  ole32.dll!CoWaitForMultipleHandles+0x23c1
03B3FE9C 75A0C2D0  kernel32.dll!WaitForSingleObjectEx
03B3FEB0 75CCA4AC  ole32.dll!CoWaitForMultipleHandles+0x4332
03B3FEB8 75CDCD48  ole32.dll!CoGetTreatAsClass+0x2619
03B3FED4 75CDD87A  ole32.dll!CoGetTreatAsClass+0x314b
03B3FEE4 75A0ED6C  kernel32.dll!BaseThreadInitThunk+0x12
03B3FEF0 773A377B  ntdll.dll!RtlInitializeExceptionChain+0xef
03B3FF30 773A374E  ntdll.dll!RtlInitializeExceptionChain+0xc2
03B3FF34 75CDD864  ole32.dll!CoGetTreatAsClass+0x3135

Processor Registers:
EAX      03B3F45C
EBX      03B3F5D0
ECX      0218AC88
EDX      04E2D518 -> 00 00 00 00 FF FF FF FF 0C 04 00 00 FC 02 00 00
ESI      80040155
EDI      004DAEA4
EBP      03B3F4AC
ESP      03B3F45C
EIP      7578812F  KERNELBASE.dll!RaiseException+0x54
GS       00000000
FS       0000003B
ES       00000023
DS       00000023
CS       0000001B
SS       00000023
EFlags   00000246

Modules List:
Explorer.EXE ; 00040000 - 002C1000 ; 00281000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Windows Explorer ; Microsoft Corporation ; 2,616,320 ; 2/24/2011 9:30:54 PM ; C:\Windows\Explorer.EXE ;
ntdll.dll ; 77340000 - 7747C000 ; 0013C000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; NT Layer DLL ; Microsoft Corporation ; 1,288,472 ; 11/16/2011 9:38:39 PM ; C:\Windows\SYSTEM32\ntdll.dll ;
kernel32.dll ; 759C0000 - 75A94000 ; 000D4000 ; Microsoft® Windows® Operating System ; 6.1.7601.18015 ; 6.1.7601.18015 (win7sp1_gdr.121129-1432) ; Windows NT BASE API Client DLL ; Microsoft Corporation ; 868,352 ; 11/29/2012 8:47:44 PM ; C:\Windows\system32\kernel32.dll ;
KERNELBASE.dll ; 75780000 - 757CB000 ; 0004B000 ; Microsoft® Windows® Operating System ; 6.1.7601.18015 ; 6.1.7601.18015 (win7sp1_gdr.121129-1432) ; Windows NT BASE API Client DLL ; Microsoft Corporation ; 293,376 ; 11/29/2012 8:47:45 PM ; C:\Windows\system32\KERNELBASE.dll ;
ADVAPI32.dll ; 774D0000 - 77570000 ; 000A0000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Advanced Windows 32 Base API ; Microsoft Corporation ; 640,512 ; 11/20/2010 4:18:02 AM ; C:\Windows\system32\ADVAPI32.dll ;
msvcrt.dll ; 76BC0000 - 76C6C000 ; 000AC000 ; Microsoft® Windows® Operating System ; 7.0.7601.17744 ; 7.0.7601.17744 (win7sp1_gdr.111215-1535) ; Windows NT CRT DLL ; Microsoft Corporation ; 690,688 ; 12/15/2011 11:52:58 PM ; C:\Windows\system32\msvcrt.dll ;
sechost.dll ; 76A60000 - 76A79000 ; 00019000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Host for SCM/SDDL/LSA Lookup APIs ; Microsoft Corporation ; 92,160 ; 7/13/2009 5:16:13 PM ; C:\Windows\SYSTEM32\sechost.dll ;
RPCRT4.dll ; 76EA0000 - 76F41000 ; 000A1000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Remote Procedure Call Runtime ; Microsoft Corporation ; 653,312 ; 11/20/2010 4:21:03 AM ; C:\Windows\system32\RPCRT4.dll ;
GDI32.dll ; 758F0000 - 7593E000 ; 0004E000 ; Microsoft® Windows® Operating System ; 6.1.7601.17514 ; 6.1.7601.17514 (win7sp1_rtm.101119-1850) ; GDI Client DLL ; Microsoft Corporation ; 304,640 ; 11/20/2010 4:19:05 AM ; C:\Windows\system32\GDI32.dll ;
USER32.dll ; 77270000 - 77339000 ; 000C9000 ; Microsoft® Windows® Operating System ; 6.1.7601.17514 ; 6.1.7601.17514 (win7sp1_rtm.101119-1850) ; Multi-User Windows USER API Client DLL ; Microsoft Corporation ; 811,520 ; 11/20/2010 4:21:33 AM ; C:\Windows\system32\USER32.dll ;
LPK.dll ; 76E80000 - 76E8A000 ; 0000A000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Language Pack ; Microsoft Corporation ; 26,624 ; 7/13/2009 5:15:36 PM ; C:\Windows\system32\LPK.dll ;
USP10.dll ; 75B40000 - 75BDD000 ; 0009D000 ; Microsoft® Uniscribe Unicode script processor ; 1.0626.7601.18009 ; 1.0626.7601.18009 (win7sp1_gdr.121121-1431) ; Uniscribe Unicode script processor ; Microsoft Corporation ; 626,688 ; 11/21/2012 8:45:03 PM ; C:\Windows\system32\USP10.dll ;
SHLWAPI.dll ; 75AA0000 - 75AF7000 ; 00057000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Shell Light-weight Utility Library ; Microsoft Corporation ; 350,208 ; 11/20/2010 4:21:19 AM ; C:\Windows\system32\SHLWAPI.dll ;
SHELL32.dll ; 75E10000 - 76A5A000 ; 00C4A000 ; Microsoft® Windows® Operating System ; 6.1.7601.17514 ; 6.1.7601.17514 (win7sp1_rtm.101119-1850) ; Windows Shell Common Dll ; Microsoft Corporation ; 12,873,728 ; 6/8/2012 8:41:00 PM ; C:\Windows\system32\SHELL32.dll ;
ole32.dll ; 75CB0000 - 75E0C000 ; 0015C000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Microsoft OLE for Windows ; Microsoft Corporation ; 1,414,144 ; 11/20/2010 4:20:49 AM ; C:\Windows\system32\ole32.dll ;
OLEAUT32.dll ; 76AA0000 - 76B2F000 ; 0008F000 ;  ; 6.1.7601.17676 ; 6.1.7601.17676 ;  ; Microsoft Corporation ; 571,904 ; 8/26/2011 8:26:27 PM ; C:\Windows\system32\OLEAUT32.dll ;
EXPLORERFRAME.dll ; 6BAA0000 - 6BC0F000 ; 0016F000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; ExplorerFrame ; Microsoft Corporation ; 1,493,504 ; 11/20/2010 4:19:01 AM ; C:\Windows\system32\EXPLORERFRAME.dll ;
DUser.dll ; 73CB0000 - 73CDF000 ; 0002F000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Windows DirectUser Engine ; Microsoft Corporation ; 181,248 ; 7/13/2009 5:15:13 PM ; C:\Windows\system32\DUser.dll ;
DUI70.dll ; 73CE0000 - 73D92000 ; 000B2000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Windows DirectUI Engine ; Microsoft Corporation ; 717,824 ; 7/13/2009 5:15:13 PM ; C:\Windows\system32\DUI70.dll ;
IMM32.dll ; 76A80000 - 76A9F000 ; 0001F000 ; Microsoft® Windows® Operating System ; 6.1.7601.17514 ; 6.1.7601.17514 (win7sp1_rtm.101119-1850) ; Multi-User Windows IMM32 API Client DLL ; Microsoft Corporation ; 118,272 ; 11/20/2010 4:19:22 AM ; C:\Windows\system32\IMM32.dll ;
MSCTF.dll ; 75BE0000 - 75CAC000 ; 000CC000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; MSCTF Server DLL ; Microsoft Corporation ; 828,928 ; 7/13/2009 5:15:43 PM ; C:\Windows\system32\MSCTF.dll ;
UxTheme.dll ; 73DA0000 - 73DE0000 ; 00040000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Microsoft UxTheme Library ; Microsoft Corporation ; 249,856 ; 7/13/2009 5:16:17 PM ; C:\Windows\system32\UxTheme.dll ;
POWRPROF.dll ; 74320000 - 74345000 ; 00025000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Power Profile Helper DLL ; Microsoft Corporation ; 145,408 ; 7/13/2009 5:16:12 PM ; C:\Windows\system32\POWRPROF.dll ;
SETUPAPI.dll ; 770D0000 - 7726D000 ; 0019D000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Windows Setup API ; Microsoft Corporation ; 1,667,584 ; 11/20/2010 4:21:14 AM ; C:\Windows\system32\SETUPAPI.dll ;
CFGMGR32.dll ; 75550000 - 75577000 ; 00027000 ; Microsoft® Windows® Operating System ; 6.1.7601.17514 ; 6.1.7601.17514 (win7sp1_rtm.101119-1850) ; Configuration Manager DLL ; Microsoft Corporation ; 145,920 ; 11/20/2010 4:18:12 AM ; C:\Windows\system32\CFGMGR32.dll ;
DEVOBJ.dll ; 755B0000 - 755C2000 ; 00012000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Device Information Set DLL ; Microsoft Corporation ; 64,512 ; 7/13/2009 5:15:11 PM ; C:\Windows\system32\DEVOBJ.dll ;
dwmapi.dll ; 73C40000 - 73C53000 ; 00013000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Microsoft Desktop Window Manager API ; Microsoft Corporation ; 67,072 ; 7/13/2009 5:15:13 PM ; C:\Windows\system32\dwmapi.dll ;
slc.dll ; 73120000 - 7312A000 ; 0000A000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Software Licensing Client Dll ; Microsoft Corporation ; 27,136 ; 7/13/2009 5:16:15 PM ; C:\Windows\system32\slc.dll ;
gdiplus.dll ; 748B0000 - 74A40000 ; 00190000 ; Microsoft® Windows® Operating System ; 6.1.7601.17825 ; 6.1.7601.17825 (win7sp1_gdr.120420-1503) ; Microsoft GDI+ ; Microsoft Corporation ; 1,625,088 ; 4/20/2012 8:21:01 PM ; C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll ;
Secur32.dll ; 753C0000 - 753C8000 ; 00008000 ; Microsoft® Windows® Operating System ; 6.1.7601.17725 ; 6.1.7601.17725 (win7sp1_gdr.111116-1503) ; Security Support Provider Interface ; Microsoft Corporation ; 22,016 ; 11/16/2011 9:34:52 PM ; C:\Windows\system32\Secur32.dll ;
SSPICLI.DLL ; 753E0000 - 753FB000 ; 0001B000 ; Microsoft® Windows® Operating System ; 6.1.7601.17725 ; 6.1.7601.17725 (win7sp1_gdr.111116-1503) ; Security Support Provider Interface ; Microsoft Corporation ; 100,352 ; 11/16/2011 9:34:55 PM ; C:\Windows\system32\SSPICLI.DLL ;
PROPSYS.dll ; 741E0000 - 742D5000 ; 000F5000 ; Windows® Search ; 7.00.7600.16385 ; 7.00.7600.16385 (win7_rtm.090713-1255) ; Microsoft Property System ; Microsoft Corporation ; 988,160 ; 11/20/2010 4:20:57 AM ; C:\Windows\system32\PROPSYS.dll ;
WINSTA.dll ; 746D0000 - 746F9000 ; 00029000 ; Microsoft® Windows® Operating System ; 6.1.7601.17514 ; 6.1.7601.17514 (win7sp1_rtm.101119-1850) ; Winstation Library ; Microsoft Corporation ; 156,672 ; 11/20/2010 4:21:36 AM ; C:\Windows\system32\WINSTA.dll ;
CRYPTBASE.dll ; 75450000 - 7545C000 ; 0000C000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Base cryptographic API DLL ; Microsoft Corporation ; 36,864 ; 7/13/2009 5:15:07 PM ; C:\Windows\system32\CRYPTBASE.dll ;
comctl32.dll ; 74A40000 - 74BDE000 ; 0019E000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.10 (win7_rtm.090713-1255) ; User Experience Controls Library ; Microsoft Corporation ; 1,680,896 ; 11/20/2010 3:55:09 AM ; C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll ;
WindowsCodecs.dll ; 73B10000 - 73C0B000 ; 000FB000 ; Microsoft® Windows® Operating System ; 6.1.7601.17514 ; 6.1.7601.17514 (win7sp1_rtm.101119-1850) ; Microsoft Windows Codecs Library ; Microsoft Corporation ; 1,010,688 ; 11/20/2010 4:21:36 AM ; C:\Windows\system32\WindowsCodecs.dll ;
profapi.dll ; 754D0000 - 754DB000 ; 0000B000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; User Profile Basic API ; Microsoft Corporation ; 31,744 ; 7/13/2009 5:16:12 PM ; C:\Windows\system32\profapi.dll ;
apphelp.dll ; 75400000 - 7544C000 ; 0004C000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Application Compatibility Client Library ; Microsoft Corporation ; 295,936 ; 11/20/2010 4:18:03 AM ; C:\Windows\system32\apphelp.dll ;
CLBCatQ.DLL ; 76B30000 - 76BB3000 ; 00083000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 2001.12.8530.16385 (win7_rtm.090713-1255) ; COM+ Configuration Catalog ; Microsoft Corporation ; 522,240 ; 7/13/2009 5:15:03 PM ; C:\Windows\system32\CLBCatQ.DLL ;
SkyDriveShell.dll ; 6BA60000 - 6BA96000 ; 00036000 ; Microsoft SkyDrive ; 17.0.2003.1112 ; 17.0.2003.1112 ; Microsoft SkyDrive Shell Extension ; Microsoft Corporation ; 222,712 ; 2/7/2013 3:07:57 AM ; C:\Users\Tony Yeh\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll ;
MSVCP110.dll ; 6B900000 - 6B985000 ; 00085000 ; Microsoft® Visual Studio® 2012 ; 11.00.50727.1 ; 11.00.50727.1 built by: RTMREL ; Microsoft® C Runtime Library ; Microsoft Corporation ; 534,480 ; 2/7/2013 3:07:50 AM ; C:\Users\Tony Yeh\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\MSVCP110.dll ;
MSVCR110.dll ; 6B820000 - 6B8F2000 ; 000D2000 ; Microsoft® Visual Studio® 2012 ; 11.00.50727.1 ; 11.00.50727.1 built by: RTMREL ; Microsoft® C Runtime Library ; Microsoft Corporation ; 862,664 ; 2/7/2013 3:07:51 AM ; C:\Users\Tony Yeh\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\MSVCR110.dll ;
Telemetry.dll ; 6B710000 - 6B797000 ; 00087000 ; Microsoft SkyDrive ; 17.0.2003.1112 ; 17.0.2003.1112 ; Telemetry Library ; Microsoft Corporation ; 542,712 ; 2/7/2013 3:08:00 AM ; C:\Users\Tony Yeh\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\Telemetry.dll ;
logging.dll ; 6E300000 - 6E30A000 ; 0000A000 ; Microsoft SkyDrive ; 17.0.2003.1112 ; 17.0.2003.1112 ; Logging Library ; Microsoft Corporation ; 39,432 ; 2/7/2013 3:07:49 AM ; C:\Users\Tony Yeh\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\logging.dll ;
faultrep.dll ; 6B670000 - 6B6C2000 ; 00052000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Windows User Mode Crash Reporting DLL ; Microsoft Corporation ; 320,512 ; 11/20/2010 4:19:02 AM ; C:\Windows\system32\faultrep.dll ;
VERSION.dll ; 747C0000 - 747C9000 ; 00009000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Version Checking and File Installation Libraries ; Microsoft Corporation ; 21,504 ; 7/13/2009 5:16:17 PM ; C:\Windows\system32\VERSION.dll ;
WSOCK32.dll ; 71070000 - 71077000 ; 00007000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Windows Socket 32-Bit DLL ; Microsoft Corporation ; 15,360 ; 7/13/2009 5:16:20 PM ; C:\Windows\system32\WSOCK32.dll ;
WS2_32.dll ; 75B00000 - 75B35000 ; 00035000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Windows Socket 2.0 32-Bit DLL ; Microsoft Corporation ; 206,848 ; 11/20/2010 4:21:38 AM ; C:\Windows\system32\WS2_32.dll ;
NSI.dll ; 76E70000 - 76E76000 ; 00006000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; NSI User-mode interface DLL ; Microsoft Corporation ; 8,704 ; 7/13/2009 5:16:11 PM ; C:\Windows\system32\NSI.dll ;
Cabinet.dll ; 6E950000 - 6E965000 ; 00015000 ; Microsoft® Windows® Operating System ; 6.1.7601.17514 ; 6.1.7601.17514 (win7sp1_rtm.101119-1850) ; Microsoft® Cabinet File API ; Microsoft Corporation ; 73,216 ; 11/20/2010 4:18:09 AM ; C:\Windows\system32\Cabinet.dll ;
WINHTTP.dll ; 71170000 - 711C8000 ; 00058000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Windows HTTP Services ; Microsoft Corporation ; 351,232 ; 11/20/2010 4:21:36 AM ; C:\Windows\system32\WINHTTP.dll ;
webio.dll ; 71120000 - 7116F000 ; 0004F000 ; Microsoft® Windows® Operating System ; 6.1.7601.17514 ; 6.1.7601.17514 (win7sp1_rtm.101119-1850) ; Web Transfer Protocols API ; Microsoft Corporation ; 314,880 ; 11/16/2011 9:35:02 PM ; C:\Windows\system32\webio.dll ;
XmlLite.dll ; 73C10000 - 73C3F000 ; 0002F000 ; Microsoft XML Core Services ; 1.3.1001.0 ; 1.3.1001.0 ; Microsoft XmlLite Library ; Microsoft Corporation ; 180,224 ; 6/15/2011 8:33:18 PM ; C:\Windows\system32\XmlLite.dll ;
WININET.dll ; 757D0000 - 758EB000 ; 0011B000 ; Windows® Internet Explorer ; 9.00.8112.16421 ; 9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) ; Internet Extensions for Win32 ; Microsoft Corporation ; 1,129,472 ; 1/8/2013 2:03:20 PM ; C:\Windows\system32\WININET.dll ;
Normaliz.dll ; 76E60000 - 76E63000 ; 00003000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Unicode Normalization DLL ; Microsoft Corporation ; 2,048 ; 7/13/2009 5:09:00 PM ; C:\Windows\system32\Normaliz.dll ;
iertutil.dll ; 76C70000 - 76E29000 ; 001B9000 ; Windows® Internet Explorer ; 9.00.8112.16464 ; 9.00.8112.16464 (WIN7_IE9_GDR.130108-1230) ; Run time utility for Internet Explorer ; Microsoft Corporation ; 1,796,096 ; 1/8/2013 1:56:51 PM ; C:\Windows\system32\iertutil.dll ;
urlmon.dll ; 76FB0000 - 770C1000 ; 00111000 ; Windows® Internet Explorer ; 9.00.8112.16421 ; 9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) ; OLE32 Extensions for Win32 ; Microsoft Corporation ; 1,103,872 ; 1/8/2013 2:03:57 PM ; C:\Windows\system32\urlmon.dll ;
xappex.1.1.1.29.(528).dll ; 10000000 - 1003E000 ; 0003E000 ; 迅雷看看播放器 ; 1.1.1.29 ; 1.1.1.29 ; 迅雷看看应用扩展 ; 深圳市迅雷网络技术有限公司 ; 251,504 ; 9/28/2011 11:38:48 PM ; C:\Program Files\Common Files\Thunder Network\KanKan\xappex.1.1.1.29.(528).dll ;
WINTRUST.dll ; 75580000 - 755AD000 ; 0002D000 ; Microsoft® Windows® Operating System ; 6.1.7601.17940 ; 6.1.7601.17940 (win7sp1_gdr.120824-0334) ; Microsoft Trust Verification APIs ; Microsoft Corporation ; 172,544 ; 8/24/2012 8:57:48 AM ; C:\Windows\system32\WINTRUST.dll ;
CRYPT32.dll ; 75660000 - 7577E000 ; 0011E000 ; Microsoft® Windows® Operating System ; 6.1.7601.17856 ; 6.1.7601.17856 (win7sp1_gdr.120601-1505) ; Crypto API32 ; Microsoft Corporation ; 1,159,680 ; 6/1/2012 8:36:29 PM ; C:\Windows\system32\CRYPT32.dll ;
MSASN1.dll ; 75540000 - 7554C000 ; 0000C000 ; Microsoft® Windows® Operating System ; 6.1.7601.17514 ; 6.1.7601.17514 (win7sp1_rtm.101119-1850) ; ASN.1 Runtime APIs ; Microsoft Corporation ; 34,304 ; 11/20/2010 4:19:45 AM ; C:\Windows\system32\MSASN1.dll ;
EhStorShell.dll ; 6E0E0000 - 6E111000 ; 00031000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Windows Enhanced Storage Shell Extension DLL ; Microsoft Corporation ; 189,952 ; 7/13/2009 5:15:14 PM ; C:\Windows\system32\EhStorShell.dll ;
cscui.dll ; 6D580000 - 6D5EA000 ; 0006A000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Client Side Caching UI ; Microsoft Corporation ; 418,816 ; 11/20/2010 4:18:25 AM ; C:\Windows\System32\cscui.dll ;
CSCDLL.dll ; 6D570000 - 6D579000 ; 00009000 ; Microsoft® Windows® Operating System ; 6.1.7601.17514 ; 6.1.7601.17514 (win7sp1_rtm.101119-1850) ; Offline Files Temporary Shim ; Microsoft Corporation ; 23,040 ; 11/20/2010 4:18:25 AM ; C:\Windows\System32\CSCDLL.dll ;
CSCAPI.dll ; 6EAD0000 - 6EADB000 ; 0000B000 ; Microsoft® Windows® Operating System ; 6.1.7601.17514 ; 6.1.7601.17514 (win7sp1_rtm.101119-1850) ; Offline Files Win32 API ; Microsoft Corporation ; 34,816 ; 11/20/2010 4:18:25 AM ; C:\Windows\system32\CSCAPI.dll ;
ntshrui.dll ; 6D500000 - 6D570000 ; 00070000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Shell extensions for sharing ; Microsoft Corporation ; 442,880 ; 1/4/2012 12:58:41 AM ; C:\Windows\system32\ntshrui.dll ;
srvcli.dll ; 75210000 - 75229000 ; 00019000 ; Microsoft® Windows® Operating System ; 6.1.7601.17514 ; 6.1.7601.17514 (win7sp1_rtm.101119-1850) ; Server Service Client DLL ; Microsoft Corporation ; 90,112 ; 11/20/2010 4:21:26 AM ; C:\Windows\system32\srvcli.dll ;
IconCodecService.dll ; 6D4F0000 - 6D4F6000 ; 00006000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Converts a PNG part of the icon to a legacy bmp icon ; Microsoft Corporation ; 9,728 ; 7/13/2009 5:15:27 PM ; C:\Windows\system32\IconCodecService.dll ;
CRYPTSP.dll ; 74F70000 - 74F86000 ; 00016000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Cryptographic Service Provider API ; Microsoft Corporation ; 78,848 ; 7/13/2009 5:15:07 PM ; C:\Windows\system32\CRYPTSP.dll ;
rsaenh.dll ; 74D10000 - 74D4B000 ; 0003B000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Microsoft Enhanced Cryptographic Provider ; Microsoft Corporation ; 242,936 ; 7/13/2009 5:17:54 PM ; C:\Windows\system32\rsaenh.dll ;
RpcRtRemote.dll ; 754C0000 - 754CE000 ; 0000E000 ; Microsoft® Windows® Operating System ; 6.1.7601.17514 ; 6.1.7601.17514 (win7sp1_rtm.101119-1850) ; Remote RPC Extension ; Microsoft Corporation ; 46,080 ; 11/20/2010 4:21:03 AM ; C:\Windows\system32\RpcRtRemote.dll ;
SndVolSSO.DLL ; 73C70000 - 73CA8000 ; 00038000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; SCA Volume ; Microsoft Corporation ; 220,160 ; 11/20/2010 4:21:23 AM ; C:\Windows\system32\SndVolSSO.DLL ;
HID.DLL ; 73C60000 - 73C69000 ; 00009000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Hid User Library ; Microsoft Corporation ; 22,016 ; 7/13/2009 5:15:24 PM ; C:\Windows\system32\HID.DLL ;
MMDevApi.dll ; 742E0000 - 74319000 ; 00039000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; MMDevice API ; Microsoft Corporation ; 213,504 ; 11/20/2010 4:19:39 AM ; C:\Windows\System32\MMDevApi.dll ;
timedate.cpl ; 6D3B0000 - 6D428000 ; 00078000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Time Date Control Panel Applet ; Microsoft Corporation ; 478,720 ; 12/29/2011 9:27:56 PM ; C:\Windows\system32\timedate.cpl ;
ATL.DLL ; 731E0000 - 731F4000 ; 00014000 ; Microsoft ® Visual C++ ; 6.05.2284 ; 3.05.2284 ; ATL Module for Windows XP (Unicode) ; Microsoft Corporation ; 70,144 ; 7/13/2009 5:14:57 PM ; C:\Windows\system32\ATL.DLL ;
actxprxy.dll ; 6E4A0000 - 6E4EE000 ; 0004E000 ; Microsoft® Windows® Operating System ; 6.1.7601.17514 ; 6.1.7601.17514 (win7sp1_rtm.101119-1850) ; ActiveX Interface Marshaling Library ; Microsoft Corporation ; 309,760 ; 11/20/2010 4:18:01 AM ; C:\Windows\system32\actxprxy.dll ;
ntmarta.dll ; 73420000 - 73441000 ; 00021000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Windows NT MARTA provider ; Microsoft Corporation ; 121,856 ; 7/13/2009 5:16:11 PM ; C:\Windows\system32\ntmarta.dll ;
WLDAP32.dll ; 77480000 - 774C5000 ; 00045000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Win32 LDAP API DLL ; Microsoft Corporation ; 269,824 ; 11/20/2010 4:21:36 AM ; C:\Windows\system32\WLDAP32.dll ;
shdocvw.dll ; 6D380000 - 6D3AE000 ; 0002E000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Shell Doc Object and Control Library ; Microsoft Corporation ; 179,712 ; 11/20/2010 4:21:15 AM ; C:\Windows\System32\shdocvw.dll ;
LINKINFO.dll ; 6D4E0000 - 6D4E9000 ; 00009000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Windows Volume Tracking ; Microsoft Corporation ; 22,016 ; 7/13/2009 5:15:36 PM ; C:\Windows\system32\LINKINFO.dll ;
msutb.dll ; 6E0B0000 - 6E0DC000 ; 0002C000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; MSUTB Server DLL ; Microsoft Corporation ; 167,936 ; 11/20/2010 4:19:54 AM ; C:\Windows\system32\msutb.dll ;
USERENV.dll ; 74630000 - 74647000 ; 00017000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Userenv ; Microsoft Corporation ; 81,920 ; 11/20/2010 4:21:33 AM ; C:\Windows\system32\USERENV.dll ;
shacct.dll ; 73E00000 - 73E1E000 ; 0001E000 ; Microsoft® Windows® Operating System ; 6.1.7601.17514 ; 6.1.7601.17514 (win7sp1_rtm.101119-1850) ; Shell Accounts Classes ; Microsoft Corporation ; 108,032 ; 11/20/2010 4:21:15 AM ; C:\Windows\System32\shacct.dll ;
SAMLIB.dll ; 73DE0000 - 73DF2000 ; 00012000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; SAM Library DLL ; Microsoft Corporation ; 60,928 ; 7/13/2009 5:16:13 PM ; C:\Windows\system32\SAMLIB.dll ;
samcli.dll ; 74870000 - 7487F000 ; 0000F000 ; Microsoft® Windows® Operating System ; 6.1.7601.17514 ; 6.1.7601.17514 (win7sp1_rtm.101119-1850) ; Security Accounts Manager Client DLL ; Microsoft Corporation ; 51,200 ; 11/20/2010 4:21:04 AM ; C:\Windows\system32\samcli.dll ;
netutils.dll ; 74CF0000 - 74CF9000 ; 00009000 ; Microsoft® Windows® Operating System ; 6.1.7601.17514 ; 6.1.7601.17514 (win7sp1_rtm.101119-1850) ; Net Win32 API Helpers DLL ; Microsoft Corporation ; 22,528 ; 11/20/2010 4:20:29 AM ; C:\Windows\system32\netutils.dll ;
MsftEdit.dll ; 6BC50000 - 6BCE4000 ; 00094000 ; Microsoft RichEdit Control, version 4.1 ; 4.1 ; 5.41.21.2510 ; Rich Text Edit Control, v4.1 ; Microsoft Corporation ; 592,384 ; 11/20/2010 4:19:47 AM ; C:\Windows\system32\MsftEdit.dll ;
msls31.dll ; 6D350000 - 6D37B000 ; 0002B000 ; Microsoft® Line Services ; 3.10 ; 3.10.349.0 ; Microsoft Line Services library file ; Microsoft Corporation ; 161,792 ; 11/5/2012 11:45:09 AM ; C:\Windows\system32\msls31.dll ;
authui.dll ; 73F20000 - 740D7000 ; 001B7000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Windows Authentication UI ; Microsoft Corporation ; 1,792,000 ; 11/20/2010 4:18:05 AM ; C:\Windows\system32\authui.dll ;
CRYPTUI.dll ; 73E20000 - 73F18000 ; 000F8000 ; Microsoft® Windows® Operating System ; 6.1.7601.17514 ; 6.1.7601.17514 (win7sp1_rtm.101119-1850) ; Microsoft Trust UI Provider ; Microsoft Corporation ; 1,003,520 ; 11/20/2010 4:18:25 AM ; C:\Windows\system32\CRYPTUI.dll ;
gameux.dll ; 6AFE0000 - 6B258000 ; 00278000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Games Explorer ; Microsoft Corporation ; 2,576,384 ; 12/7/2012 4:20:43 AM ; C:\Windows\System32\gameux.dll ;
wer.dll ; 70940000 - 709A1000 ; 00061000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Windows Error Reporting DLL ; Microsoft Corporation ; 381,440 ; 11/20/2010 4:21:35 AM ; C:\Windows\System32\wer.dll ;
msiltcfg.dll ; 73690000 - 73697000 ; 00007000 ; Windows Installer - Unicode ; 5.0.7600.16385 ; 5.0.7600.16385 (win7_rtm.090713-1255) ; Windows Installer Configuration API Stub ; Microsoft Corporation ; 15,872 ; 7/13/2009 5:15:44 PM ; C:\Windows\system32\msiltcfg.dll ;
msi.dll ; 73450000 - 73690000 ; 00240000 ; Windows Installer - Unicode ; 5.0.7601.17807 ; 5.0.7601.17807 ; Windows Installer ; Microsoft Corporation ; 2,342,400 ; 4/7/2012 3:26:29 AM ; C:\Windows\system32\msi.dll ;
NetworkExplorer.dll ; 6AE40000 - 6AFD8000 ; 00198000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Network Explorer ; Microsoft Corporation ; 1,661,440 ; 11/20/2010 4:20:29 AM ; C:\Windows\system32\NetworkExplorer.dll ;
MPR.dll ; 6E350000 - 6E362000 ; 00012000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Multiple Provider Router DLL ; Microsoft Corporation ; 64,000 ; 7/13/2009 5:15:41 PM ; C:\Windows\system32\MPR.dll ;
WINMM.dll ; 74150000 - 74182000 ; 00032000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; MCI API DLL ; Microsoft Corporation ; 194,048 ; 11/20/2010 4:21:36 AM ; C:\Windows\system32\WINMM.dll ;
wdmaud.drv ; 741A0000 - 741D0000 ; 00030000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Winmm  audio system driver ; Microsoft Corporation ; 172,032 ; 11/20/2010 4:16:50 AM ; C:\Windows\system32\wdmaud.drv ;
ksuser.dll ; 74140000 - 74144000 ; 00004000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; User CSA Library ; Microsoft Corporation ; 4,608 ; 7/13/2009 5:15:35 PM ; C:\Windows\system32\ksuser.dll ;
AVRT.dll ; 741D0000 - 741D7000 ; 00007000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Multimedia Realtime Runtime ; Microsoft Corporation ; 14,336 ; 7/13/2009 5:14:58 PM ; C:\Windows\system32\AVRT.dll ;
AUDIOSES.DLL ; 73190000 - 731C6000 ; 00036000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Audio Session ; Microsoft Corporation ; 195,584 ; 11/20/2010 4:18:05 AM ; C:\Windows\system32\AUDIOSES.DLL ;
msacm32.drv ; 730A0000 - 730A8000 ; 00008000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Microsoft Sound Mapper ; Microsoft Corporation ; 20,992 ; 7/13/2009 5:14:08 PM ; C:\Windows\system32\msacm32.drv ;
MSACM32.dll ; 73080000 - 73094000 ; 00014000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Microsoft ACM Audio Filter ; Microsoft Corporation ; 72,192 ; 7/13/2009 5:15:42 PM ; C:\Windows\system32\MSACM32.dll ;
midimap.dll ; 73070000 - 73077000 ; 00007000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Microsoft MIDI Mapper ; Microsoft Corporation ; 16,896 ; 7/13/2009 5:15:40 PM ; C:\Windows\system32\midimap.dll ;
stobject.dll ; 73A30000 - 73A6A000 ; 0003A000 ; Microsoft® Windows® Operating System ; 6.1.7601.17514 ; 6.1.7601.17514 (win7sp1_rtm.101119-1850) ; Systray shell service object ; Microsoft Corporation ; 228,352 ; 11/20/2010 4:21:26 AM ; C:\Windows\system32\stobject.dll ;
BatMeter.dll ; 73970000 - 73A27000 ; 000B7000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Battery Meter Helper DLL ; Microsoft Corporation ; 740,864 ; 11/20/2010 4:18:06 AM ; C:\Windows\system32\BatMeter.dll ;
WTSAPI32.dll ; 73AF0000 - 73AFD000 ; 0000D000 ; Microsoft® Windows® Operating System ; 6.1.7601.17514 ; 6.1.7601.17514 (win7sp1_rtm.101119-1850) ; Windows Remote Desktop Session Host Server SDK APIs ; Microsoft Corporation ; 40,448 ; 11/20/2010 4:21:39 AM ; C:\Windows\system32\WTSAPI32.dll ;
es.dll ; 73130000 - 73177000 ; 00047000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 2001.12.8530.16385 (win7_rtm.090713-1255) ; COM+ ; Microsoft Corporation ; 271,360 ; 7/13/2009 5:15:19 PM ; C:\Windows\system32\es.dll ;
prnfldr.dll ; 73890000 - 738F4000 ; 00064000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; prnfldr dll ; Microsoft Corporation ; 395,264 ; 11/20/2010 4:20:56 AM ; C:\Windows\system32\prnfldr.dll ;
WINSPOOL.DRV ; 73A70000 - 73AC1000 ; 00051000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Windows Spooler Driver ; Microsoft Corporation ; 320,000 ; 11/20/2010 4:16:50 AM ; C:\Windows\system32\WINSPOOL.DRV ;
fdproxy.dll ; 73AD0000 - 73ADA000 ; 0000A000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Function Discovery Proxy Dll ; Microsoft Corporation ; 27,136 ; 7/13/2009 5:15:20 PM ; C:\Windows\system32\fdproxy.dll ;
provsvc.dll ; 73860000 - 7388B000 ; 0002B000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Windows HomeGroup ; Microsoft Corporation ; 165,376 ; 11/20/2010 4:20:57 AM ; C:\Windows\System32\provsvc.dll ;
dxp.dll ; 73700000 - 73764000 ; 00064000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Device Stage Shell Extension ; Microsoft Corporation ; 399,872 ; 11/20/2010 4:18:36 AM ; C:\Windows\system32\dxp.dll ;
Syncreg.dll ; 73960000 - 73970000 ; 00010000 ; Microsoft Synchronization Framework ; 6.1.7601.17514 ; 6.1.7601.17514 (win7sp1_rtm.101119-1850) ; Microsoft Synchronization Framework Registration ; Microsoft Corporation ; 55,296 ; 7/13/2009 5:16:15 PM ; C:\Windows\system32\Syncreg.dll ;
ehSSO.dll ; 73850000 - 73858000 ; 00008000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Windows Media Center Shell Service Object ; Microsoft Corporation ; 20,992 ; 7/13/2009 5:15:14 PM ; C:\Windows\ehome\ehSSO.dll ;
netshell.dll ; 6EDC0000 - 6F025000 ; 00265000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Network Connections Shell ; Microsoft Corporation ; 2,494,464 ; 11/20/2010 4:20:29 AM ; C:\Windows\System32\netshell.dll ;
IPHLPAPI.DLL ; 72D90000 - 72DAC000 ; 0001C000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; IP Helper API ; Microsoft Corporation ; 103,936 ; 11/20/2010 4:19:23 AM ; C:\Windows\System32\IPHLPAPI.DLL ;
WINNSI.DLL ; 72D80000 - 72D87000 ; 00007000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Network Store Information RPC interface ; Microsoft Corporation ; 16,896 ; 7/13/2009 5:16:19 PM ; C:\Windows\System32\WINNSI.DLL ;
nlaapi.dll ; 74100000 - 74110000 ; 00010000 ; Microsoft® Windows® Operating System ; 6.1.7601.17964 ; 6.1.7601.17964 (win7sp1_gdr.121003-0333) ; Network Location Awareness 2 ; Microsoft Corporation ; 52,224 ; 10/3/2012 8:42:26 AM ; C:\Windows\System32\nlaapi.dll ;
AltTab.dll ; 73840000 - 7384E000 ; 0000E000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Windows Shell Alt Tab ; Microsoft Corporation ; 46,592 ; 7/13/2009 5:14:53 PM ; C:\Windows\System32\AltTab.dll ;
wpdshserviceobj.dll ; 73820000 - 7383D000 ; 0001D000 ; Microsoft® Windows® Operating System ; 6.1.7601.17514 ; 6.1.7601.17514 (win7sp1_rtm.101119-1850) ; Windows Portable Device Shell Service Object ; Microsoft Corporation ; 105,984 ; 11/20/2010 4:21:38 AM ; C:\Windows\system32\wpdshserviceobj.dll ;
PortableDeviceTypes.dll ; 70D20000 - 70D4B000 ; 0002B000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Windows Portable Device (Parameter) Types Component ; Microsoft Corporation ; 159,744 ; 7/13/2009 5:16:12 PM ; C:\Windows\system32\PortableDeviceTypes.dll ;
PortableDeviceApi.dll ; 6F160000 - 6F1E9000 ; 00089000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Windows Portable Device API Components ; Microsoft Corporation ; 547,840 ; 11/20/2010 4:20:55 AM ; C:\Windows\system32\PortableDeviceApi.dll ;
pnidui.dll ; 6D050000 - 6D1FE000 ; 001AE000 ; Microsoft® Windows® Operating System ; 6.1.7601.17514 ; 6.1.7601.17514 (win7sp1_rtm.101119-1850) ; Network System Icon ; Microsoft Corporation ; 1,750,528 ; 11/20/2010 4:20:55 AM ; C:\Windows\System32\pnidui.dll ;
QUtil.dll ; 73800000 - 73817000 ; 00017000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Quarantine Utilities ; Microsoft Corporation ; 80,896 ; 11/20/2010 4:21:00 AM ; C:\Windows\System32\QUtil.dll ;
wevtapi.dll ; 75110000 - 75152000 ; 00042000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Eventing Consumption and Configuration API ; Microsoft Corporation ; 262,144 ; 7/13/2009 5:16:18 PM ; C:\Windows\System32\wevtapi.dll ;
cscobj.dll ; 736D0000 - 736F5000 ; 00025000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; In-proc COM object used by clients of CSC API ; Microsoft Corporation ; 139,264 ; 11/20/2010 4:18:25 AM ; C:\Windows\System32\cscobj.dll ;
srchadmin.dll ; 6D000000 - 6D04D000 ; 0004D000 ; Windows® Search ; 7.00.7600.16385 ; 7.00.7600.16385 (win7_rtm.090713-1255) ; Indexing Options ; Microsoft Corporation ; 301,568 ; 11/20/2010 4:21:25 AM ; C:\Windows\System32\srchadmin.dll ;
btncopy.dll ; 03510000 - 03564000 ; 00054000 ; Bluetooth Software ; 6.2.1.3100 ; 6.2.1.3100 ; BTNCopy Module ; Broadcom Corporation. ; 341,280 ; 1/24/2011 12:35:50 PM ; C:\Program Files\ThinkPad\Bluetooth Software\btncopy.dll ;
DragExt.dll ; 03220000 - 0323A000 ; 0001A000 ; WinSCP ; 4.2.9.0 ; 1.1.9.115 ; Drag&Drop shell extension for WinSCP (32-bit) ; Martin Prikryl ; 72,192 ; 9/23/2010 11:02:08 PM ; C:\Program Files\WinSCP3\DragExt.dll ;
dhcpcsvc6.DLL ; 72BD0000 - 72BDD000 ; 0000D000 ; Microsoft® Windows® Operating System ; 6.1.7601.17970 ; 6.1.7601.17970 (win7sp1_gdr.121009-0412) ; DHCPv6 Client ; Microsoft Corporation ; 44,032 ; 10/9/2012 9:40:31 AM ; C:\Windows\system32\dhcpcsvc6.DLL ;
dhcpcsvc.DLL ; 72AD0000 - 72AE2000 ; 00012000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; DHCP Client Service ; Microsoft Corporation ; 61,952 ; 7/13/2009 5:15:11 PM ; C:\Windows\system32\dhcpcsvc.DLL ;
mssprxy.dll ; 736C0000 - 736CC000 ; 0000C000 ; Windows® Search ; 7.00.7600.16385 ; 7.00.7600.16385 (win7_rtm.090713-1255) ; Microsoft Search Proxy ; Microsoft Corporation ; 35,328 ; 7/13/2009 5:15:48 PM ; C:\Windows\system32\mssprxy.dll ;
SXS.DLL ; 75460000 - 754BF000 ; 0005F000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Fusion 2.5 ; Microsoft Corporation ; 380,416 ; 11/20/2010 4:21:27 AM ; C:\Windows\system32\SXS.DLL ;
credssp.dll ; 74730000 - 74738000 ; 00008000 ; Microsoft® Windows® Operating System ; 6.1.7601.17514 ; 6.1.7601.17514 (win7sp1_rtm.101119-1850) ; Credential Delegation Security Package ; Microsoft Corporation ; 17,408 ; 11/20/2010 4:18:24 AM ; C:\Windows\system32\credssp.dll ;
npmproxy.dll ; 70BF0000 - 70BF8000 ; 00008000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Network List Manager Proxy ; Microsoft Corporation ; 16,896 ; 7/13/2009 5:16:11 PM ; C:\Windows\System32\npmproxy.dll ;
SyncCenter.dll ; 6CC50000 - 6CE5E000 ; 0020E000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Microsoft Sync Center ; Microsoft Corporation ; 2,146,304 ; 11/20/2010 4:21:27 AM ; C:\Windows\System32\SyncCenter.dll ;
Actioncenter.dll ; 6CB90000 - 6CC4A000 ; 000BA000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Action Center ; Microsoft Corporation ; 744,448 ; 11/20/2010 4:18:01 AM ; C:\Windows\System32\Actioncenter.dll ;
Wlanapi.dll ; 71DA0000 - 71DB6000 ; 00016000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Windows WLAN AutoConfig Client Side API DLL ; Microsoft Corporation ; 81,408 ; 7/13/2009 5:16:19 PM ; C:\Windows\system32\Wlanapi.dll ;
wlanutil.dll ; 72910000 - 72916000 ; 00006000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Windows Wireless LAN 802.11 Utility DLL ; Microsoft Corporation ; 8,192 ; 7/13/2009 5:16:19 PM ; C:\Windows\system32\wlanutil.dll ;
wwanapi.dll ; 6CB40000 - 6CB88000 ; 00048000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Mbnapi ; Microsoft Corporation ; 284,672 ; 7/13/2009 5:16:21 PM ; C:\Windows\system32\wwanapi.dll ;
wwapi.dll ; 736A0000 - 736AA000 ; 0000A000 ; Microsoft® Windows® Operating System ; 08.01.02.00 ; 08.01.02.00 (win7_rtm.090713-1255) ; WWAN API ; Microsoft Corporation ; 27,648 ; 7/13/2009 5:16:21 PM ; C:\Windows\system32\wwapi.dll ;
QAgent.dll ; 6CA90000 - 6CABE000 ; 0002E000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Quarantine Agent Proxy ; Microsoft Corporation ; 171,520 ; 11/20/2010 4:20:57 AM ; C:\Windows\System32\QAgent.dll ;
bthprops.cpl ; 6C9E0000 - 6CA90000 ; 000B0000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Bluetooth Control Panel Applet ; Microsoft Corporation ; 692,736 ; 11/20/2010 4:16:50 AM ; C:\Windows\System32\bthprops.cpl ;
imapi2.dll ; 6C970000 - 6C9D4000 ; 00064000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Image Mastering API v2 ; Microsoft Corporation ; 392,192 ; 11/20/2010 4:19:21 AM ; C:\Windows\system32\imapi2.dll ;
hgcpl.dll ; 6C680000 - 6C6CF000 ; 0004F000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; HomeGroup Control Panel ; Microsoft Corporation ; 312,832 ; 11/20/2010 4:19:10 AM ; C:\Windows\System32\hgcpl.dll ;
fxsst.dll ; 6C390000 - 6C462000 ; 000D2000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Fax Service ; Microsoft Corporation ; 848,384 ; 7/13/2009 5:15:22 PM ; C:\Windows\system32\fxsst.dll ;
FXSAPI.dll ; 6CB00000 - 6CB3A000 ; 0003A000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Microsoft  Fax API Support DLL ; Microsoft Corporation ; 227,328 ; 7/13/2009 5:15:21 PM ; C:\Windows\system32\FXSAPI.dll ;
FXSRESM.DLL ; 6C2A0000 - 6C383000 ; 000E3000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Microsoft  Fax Resource DLL ; Microsoft Corporation ; 925,184 ; 7/13/2009 5:05:30 PM ; C:\Windows\system32\FXSRESM.DLL ;
wkscli.dll ; 74880000 - 7488F000 ; 0000F000 ; Microsoft® Windows® Operating System ; 6.1.7601.17514 ; 6.1.7601.17514 (win7sp1_rtm.101119-1850) ; Workstation Service Client DLL ; Microsoft Corporation ; 47,104 ; 11/20/2010 4:21:36 AM ; C:\Windows\system32\wkscli.dll ;
wscinterop.dll ; 718E0000 - 718FA000 ; 0001A000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Windows Health Center WSC Interop ; Microsoft Corporation ; 95,744 ; 7/13/2009 5:16:20 PM ; C:\Windows\System32\wscinterop.dll ;
WSCAPI.dll ; 6F670000 - 6F67F000 ; 0000F000 ; Microsoft® Windows® Operating System ; 6.1.7601.17514 ; 6.1.7601.17514 (win7sp1_rtm.101119-1850) ; Windows Security Center API ; Microsoft Corporation ; 51,712 ; 11/20/2010 4:21:39 AM ; C:\Windows\System32\WSCAPI.dll ;
wscui.cpl ; 6BFC0000 - 6C0DA000 ; 0011A000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Action Center ; Microsoft Corporation ; 1,140,736 ; 7/13/2009 5:14:09 PM ; C:\Windows\System32\wscui.cpl ;
werconcpl.dll ; 6BEB0000 - 6BFB6000 ; 00106000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; PRS CPL ; Microsoft Corporation ; 1,063,936 ; 11/20/2010 4:21:35 AM ; C:\Windows\System32\werconcpl.dll ;
framedynos.dll ; 6C4C0000 - 6C4F5000 ; 00035000 ; Microsoft® Windows® Operating System ; 6.1.7601.17514 ; 6.1.7601.17514 (win7sp1_rtm.101119-1850) ; WMI SDK Provider Framework ; Microsoft Corporation ; 206,336 ; 11/20/2010 4:19:03 AM ; C:\Windows\System32\framedynos.dll ;
wercplsupport.dll ; 6F3D0000 - 6F3E2000 ; 00012000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Problem Reports and Solutions ; Microsoft Corporation ; 61,440 ; 7/13/2009 5:16:18 PM ; C:\Windows\System32\wercplsupport.dll ;
msxml6.dll ; 72780000 - 728D7000 ; 00157000 ; Microsoft® MSXML 6.0 SP3 ; 6.30.7601.17988 ; 6.30.7601.17988 ; MSXML 6.0 SP3 ; Microsoft Corporation ; 1,389,568 ; 10/31/2012 8:47:54 PM ; C:\Windows\System32\msxml6.dll ;
hcproviders.dll ; 736B0000 - 736B9000 ; 00009000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Action Center Providers ; Microsoft Corporation ; 26,112 ; 7/13/2009 5:15:24 PM ; C:\Windows\System32\hcproviders.dll ;
ieproxy.dll ; 6C6F0000 - 6C723000 ; 00033000 ; Windows® Internet Explorer ; 9.00.8112.16464 ; 9.00.8112.16464 (WIN7_IE9_GDR.130108-1230) ; IE ActiveX Interface Marshaling Library ; Microsoft Corporation ; 194,560 ; 1/8/2013 2:00:46 PM ; C:\Program Files\Internet Explorer\ieproxy.dll ;
DEVRTL.dll ; 74650000 - 7465E000 ; 0000E000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Device Management Run Time Library ; Microsoft Corporation ; 44,544 ; 7/13/2009 5:15:11 PM ; C:\Windows\system32\DEVRTL.dll ;
UIAnimation.dll ; 740E0000 - 740FB000 ; 0001B000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Windows Animation Manager ; Microsoft Corporation ; 99,328 ; 7/13/2009 5:16:17 PM ; C:\Windows\System32\UIAnimation.dll ;
PSAPI.DLL ; 76E90000 - 76E95000 ; 00005000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Process Status Helper ; Microsoft Corporation ; 6,144 ; 7/13/2009 5:16:12 PM ; C:\Windows\system32\PSAPI.DLL ;
ieframe.DLL ; 68CB0000 - 695FD000 ; 0094D000 ; Windows® Internet Explorer ; 9.00.8112.16421 ; 9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) ; Internet Browser ; Microsoft Corporation ; 9,738,240 ; 1/8/2013 2:09:18 PM ; C:\Windows\system32\ieframe.DLL ;
OLEACC.dll ; 6CAC0000 - 6CAFC000 ; 0003C000 ; Microsoft® Windows® Operating System ; 6.1.7601.17676 ; 7.0.0.0 (win7sp1_gdr.110826-1504) ; Active Accessibility Core Component ; Microsoft Corporation ; 233,472 ; 8/26/2011 8:26:27 PM ; C:\Windows\system32\OLEACC.dll ;
mswsock.dll ; 74F30000 - 74F6C000 ; 0003C000 ; Microsoft® Windows® Operating System ; 6.1.7600.16385 ; 6.1.7600.16385 (win7_rtm.090713-1255) ; Microsoft Windows Sockets 2.0 Service Provider ; Microsoft Corporation ; 232,448 ; 11/20/2010 4:19:56 AM ; C:\Windows\system32\mswsock.dll ;

All Threads:
2072 ; Explorer.EXE+0x30f02 ; 003A0000 ; 0038F000 ; 00011000 ; 3,076 ; WrUserRequest ; 8 ; 10 ; 2/21/2013 9:11:04 AM ; 00:00:01.388 ; 00:00:00.967 ;
2712 ; ntdll.dll!RtlFreeThreadActivationContextStack+0x517 ; 01A30000 ; 01A22000 ; 0000E000 ; 121 ; UserRequest ; 8 ; 12 ; 2/21/2013 9:11:04 AM ; 00:00:00.000 ; 00:00:00.000 ;
3660 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 02C80000 ; 02C6E000 ; 00012000 ; 2,476 ; UserRequest ; 9 ; 10 ; 2/21/2013 9:11:05 AM ; 00:00:00.171 ; 00:00:00.218 ;
3640 ; msvcrt.dll!_endthreadex+0x29 ; 020C0000 ; 020B2000 ; 0000E000 ; 2 ; UserRequest ; 8 ; 8 ; 2/21/2013 9:11:05 AM ; 00:00:00.000 ; 00:00:00.000 ;
3728 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 04790000 ; 0477F000 ; 00011000 ; 297 ; UserRequest ; 8 ; 11 ; 2/21/2013 9:11:05 AM ; 00:00:00.093 ; 00:00:00.015 ;
2872 ; msiltcfg.dll!RestartMsi+0x2aec ; 04C10000 ; 04C02000 ; 0000E000 ; 2 ; UserRequest ; 8 ; 8 ; 2/21/2013 9:11:05 AM ; 00:00:00.000 ; 00:00:00.000 ;
2508 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 05540000 ; 05532000 ; 0000E000 ; 30 ; WrUserRequest ; 8 ; 12 ; 2/21/2013 9:11:06 AM ; 00:00:00.000 ; 00:00:00.000 ;
1204 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 05030000 ; 05021000 ; 0000F000 ; 75 ; WrUserRequest ; 8 ; 12 ; 2/21/2013 9:11:06 AM ; 00:00:00.015 ; 00:00:00.000 ;
1976 ; ntdll.dll!RtlRegisterThreadWithCsrss+0x197 ; 03040000 ; 03031000 ; 0000F000 ; 280 ; WrQueue ; 8 ; 10 ; 2/21/2013 9:11:07 AM ; 00:00:00.000 ; 00:00:00.000 ;
2628 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 032F0000 ; 032DF000 ; 00011000 ; 1,577 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:10 AM ; 00:00:00.062 ; 00:00:00.015 ;
1472 ; ntdll.dll!RtlRegisterThreadWithCsrss+0x197 ; 031E0000 ; 031D1000 ; 0000F000 ; 13 ; UserRequest ; 8 ; 11 ; 2/21/2013 9:11:10 AM ; 00:00:00.000 ; 00:00:00.000 ;
1480 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 033E0000 ; 033CE000 ; 00012000 ; 838 ; UserRequest ; 8 ; 12 ; 2/21/2013 9:11:10 AM ; 00:00:00.046 ; 00:00:00.171 ;
1476 ; ole32.dll!CoGetTreatAsClass+0x3135 ; 03510000 ; 03502000 ; 0000E000 ; 5 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:10 AM ; 00:00:00.000 ; 00:00:00.000 ;
1940 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 03620000 ; 0360F000 ; 00011000 ; 548 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:11 AM ; 00:00:00.000 ; 00:00:00.031 ;
3112 ; MMDevApi.dll!DllCanUnloadNow+0x1120 ; 03670000 ; 03661000 ; 0000F000 ; 55 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:11 AM ; 00:00:00.000 ; 00:00:00.000 ;
3504 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 03780000 ; 03772000 ; 0000E000 ; 46 ; WrUserRequest ; 15 ; 15 ; 2/21/2013 9:11:11 AM ; 00:00:00.000 ; 00:00:00.000 ;
756 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 03490000 ; 0347F000 ; 00011000 ; 323 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:12 AM ; 00:00:00.000 ; 00:00:00.078 ;
2764 ; Wlanapi.dll!WlanOpenHandle+0x225e ; 03A90000 ; 03A82000 ; 0000E000 ; 57 ; UserRequest ; 8 ; 11 ; 2/21/2013 9:11:12 AM ; 00:00:00.000 ; 00:00:00.000 ;
3120 ; ntdll.dll!RtlRegisterThreadWithCsrss+0x197 ; 03950000 ; 03941000 ; 0000F000 ; 36 ; WrQueue ; 8 ; 11 ; 2/21/2013 9:11:12 AM ; 00:00:00.000 ; 00:00:00.000 ;
1584 ; fxsst.dll!FaxMonitorStartup+0x25f ; 03910000 ; 03902000 ; 0000E000 ; 14 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:15 AM ; 00:00:00.000 ; 00:00:00.000 ;
764 ; ole32.dll!CoGetTreatAsClass+0x3135 ; 03B40000 ; 03B32000 ; 0000E000 ; 12 ; WrUserRequest ; 8 ; 13 ; 2/21/2013 9:13:12 AM ; 00:00:00.000 ; 00:00:00.000 ;
3580 ; ntdll.dll!RtlRegisterThreadWithCsrss+0x197 ; 03990000 ; 03982000 ; 0000E000 ; 75 ; WrQueue ; 8 ; 10 ; 2/21/2013 9:16:11 AM ; 00:00:00.000 ; 00:00:00.000 ;
4044 ; ole32.dll!CoGetTreatAsClass+0x3135 ; 03BD0000 ; 03BC2000 ; 0000E000 ; 6 ; DelayExecution ; 8 ; 9 ; 2/21/2013 9:18:21 AM ; 00:00:00.000 ; 00:00:00.000 ;
3884 ; RunDll32.exe+0x178c ; 00120000 ; 00114000 ; 0000C000 ; 33 ; WrUserRequest ; 8 ; 9 ; 2/21/2013 9:24:04 AM ; 00:00:00.015 ; 00:00:00.046 ;
644 ; WerConCpl.dll+0x353a3 ; 00250000 ; 0023E000 ; 00012000 ; 2,800 ; UserRequest ; 7 ; 7 ; 2/21/2013 9:24:04 AM ; 00:00:00.686 ; 00:00:00.312 ;
2644 ; ntdll.dll!RtlFreeThreadActivationContextStack+0x517 ; 02070000 ; 02064000 ; 0000C000 ; 120 ; UserRequest ; 8 ; 8 ; 2/21/2013 9:24:04 AM ; 00:00:00.000 ; 00:00:00.000 ;
1924 ; ntdll.dll!RtlRegisterThreadWithCsrss+0x197 ; 016D0000 ; 016C2000 ; 0000E000 ; 200 ; WrQueue ; 8 ; 8 ; 2/21/2013 9:24:04 AM ; 00:00:00.000 ; 00:00:00.046 ;
2756 ; ole32.dll!CoGetTreatAsClass+0x3135 ; 022B0000 ; 022A4000 ; 0000C000 ; 25 ; WrUserRequest ; 8 ; 10 ; 2/21/2013 9:24:04 AM ; 00:00:00.000 ; 00:00:00.000 ;
4016 ; ntdll.dll!RtlRegisterThreadWithCsrss+0x197 ; 02150000 ; 02144000 ; 0000C000 ; 3 ; WrQueue ; 8 ; 8 ; 2/21/2013 9:24:09 AM ; 00:00:00.000 ; 00:00:00.000 ;
1348 ; WerConCpl.dll!WerpIsResponseApplicable+0x628e ; 040C0000 ; 040B2000 ; 0000E000 ; 8,062 ; DelayExecution ; 8 ; 9 ; 2/21/2013 9:24:28 AM ; 00:00:00.702 ; 00:00:00.405 ;
2072 ; Explorer.EXE+0x30f02 ; 003A0000 ; 0038F000 ; 00011000 ; 6,185 ; WrUserRequest ; 8 ; 12 ; 2/21/2013 9:11:04 AM ; 00:00:02.246 ; 00:00:01.092 ;
2712 ; ntdll.dll!RtlFreeThreadActivationContextStack+0x517 ; 01A30000 ; 01A22000 ; 0000E000 ; 143 ; UserRequest ; 8 ; 12 ; 2/21/2013 9:11:04 AM ; 00:00:00.000 ; 00:00:00.000 ;
3660 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 02C80000 ; 02C6E000 ; 00012000 ; 7,417 ; UserRequest ; 9 ; 13 ; 2/21/2013 9:11:05 AM ; 00:00:00.265 ; 00:00:00.514 ;
3640 ; msvcrt.dll!_endthreadex+0x29 ; 020C0000 ; 020B2000 ; 0000E000 ; 2 ; UserRequest ; 8 ; 8 ; 2/21/2013 9:11:05 AM ; 00:00:00.000 ; 00:00:00.000 ;
3728 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 04790000 ; 0477F000 ; 00011000 ; 365 ; UserRequest ; 8 ; 12 ; 2/21/2013 9:11:05 AM ; 00:00:00.093 ; 00:00:00.015 ;
2872 ; msiltcfg.dll!RestartMsi+0x2aec ; 04C10000 ; 04C02000 ; 0000E000 ; 2 ; UserRequest ; 8 ; 8 ; 2/21/2013 9:11:05 AM ; 00:00:00.000 ; 00:00:00.000 ;
2508 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 05540000 ; 05532000 ; 0000E000 ; 34 ; WrUserRequest ; 8 ; 12 ; 2/21/2013 9:11:06 AM ; 00:00:00.000 ; 00:00:00.000 ;
1204 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 05030000 ; 05021000 ; 0000F000 ; 83 ; WrUserRequest ; 8 ; 12 ; 2/21/2013 9:11:06 AM ; 00:00:00.015 ; 00:00:00.000 ;
1976 ; ntdll.dll!RtlRegisterThreadWithCsrss+0x197 ; 03040000 ; 03031000 ; 0000F000 ; 287 ; WrQueue ; 8 ; 10 ; 2/21/2013 9:11:07 AM ; 00:00:00.000 ; 00:00:00.000 ;
2628 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 032F0000 ; 032DF000 ; 00011000 ; 1,605 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:10 AM ; 00:00:00.062 ; 00:00:00.015 ;
1472 ; ntdll.dll!RtlRegisterThreadWithCsrss+0x197 ; 031E0000 ; 031D1000 ; 0000F000 ; 13 ; UserRequest ; 8 ; 11 ; 2/21/2013 9:11:10 AM ; 00:00:00.000 ; 00:00:00.000 ;
1480 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 033E0000 ; 033CE000 ; 00012000 ; 849 ; UserRequest ; 8 ; 12 ; 2/21/2013 9:11:10 AM ; 00:00:00.046 ; 00:00:00.171 ;
1476 ; ole32.dll!CoGetTreatAsClass+0x3135 ; 03510000 ; 03502000 ; 0000E000 ; 8 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:10 AM ; 00:00:00.000 ; 00:00:00.000 ;
1940 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 03620000 ; 0360F000 ; 00011000 ; 573 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:11 AM ; 00:00:00.000 ; 00:00:00.031 ;
3112 ; MMDevApi.dll!DllCanUnloadNow+0x1120 ; 03670000 ; 03661000 ; 0000F000 ; 55 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:11 AM ; 00:00:00.000 ; 00:00:00.000 ;
3504 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 03780000 ; 03772000 ; 0000E000 ; 52 ; WrUserRequest ; 15 ; 15 ; 2/21/2013 9:11:11 AM ; 00:00:00.000 ; 00:00:00.000 ;
756 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 03490000 ; 0347F000 ; 00011000 ; 323 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:12 AM ; 00:00:00.000 ; 00:00:00.078 ;
2764 ; Wlanapi.dll!WlanOpenHandle+0x225e ; 03A90000 ; 03A82000 ; 0000E000 ; 124 ; UserRequest ; 8 ; 11 ; 2/21/2013 9:11:12 AM ; 00:00:00.000 ; 00:00:00.000 ;
3120 ; ntdll.dll!RtlRegisterThreadWithCsrss+0x197 ; 03950000 ; 03941000 ; 0000F000 ; 39 ; WrQueue ; 8 ; 11 ; 2/21/2013 9:11:12 AM ; 00:00:00.000 ; 00:00:00.000 ;
1584 ; fxsst.dll!FaxMonitorStartup+0x25f ; 03910000 ; 03902000 ; 0000E000 ; 14 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:15 AM ; 00:00:00.000 ; 00:00:00.000 ;
764 ; ole32.dll!CoGetTreatAsClass+0x3135 ; 03B40000 ; 03B32000 ; 0000E000 ; 14 ; WrUserRequest ; 8 ; 13 ; 2/21/2013 9:13:12 AM ; 00:00:00.000 ; 00:00:00.000 ;
3040 ; ntdll.dll!RtlRegisterThreadWithCsrss+0x197 ; 03740000 ; 03730000 ; 00010000 ; 306 ; WrQueue ; 8 ; 10 ; 2/21/2013 9:21:26 AM ; 00:00:00.015 ; 00:00:00.000 ;
4068 ; ntdll.dll!RtlRegisterThreadWithCsrss+0x197 ; 03C00000 ; 03BF2000 ; 0000E000 ; 3 ; WrQueue ; 8 ; 10 ; 2/21/2013 9:30:21 AM ; 00:00:00.000 ; 00:00:00.000 ;
3884 ; RunDll32.exe+0x178c ; 00120000 ; 00114000 ; 0000C000 ; 33 ; WrUserRequest ; 8 ; 9 ; 2/21/2013 9:24:04 AM ; 00:00:00.015 ; 00:00:00.046 ;
644 ; WerConCpl.dll+0x353a3 ; 00250000 ; 0023E000 ; 00012000 ; 2,800 ; UserRequest ; 7 ; 7 ; 2/21/2013 9:24:04 AM ; 00:00:00.686 ; 00:00:00.312 ;
2644 ; ntdll.dll!RtlFreeThreadActivationContextStack+0x517 ; 02070000 ; 02064000 ; 0000C000 ; 120 ; UserRequest ; 8 ; 8 ; 2/21/2013 9:24:04 AM ; 00:00:00.000 ; 00:00:00.000 ;
1924 ; ntdll.dll!RtlRegisterThreadWithCsrss+0x197 ; 016D0000 ; 016C2000 ; 0000E000 ; 200 ; WrQueue ; 8 ; 8 ; 2/21/2013 9:24:04 AM ; 00:00:00.000 ; 00:00:00.046 ;
2756 ; ole32.dll!CoGetTreatAsClass+0x3135 ; 022B0000 ; 022A4000 ; 0000C000 ; 25 ; WrUserRequest ; 8 ; 10 ; 2/21/2013 9:24:04 AM ; 00:00:00.000 ; 00:00:00.000 ;
4016 ; ntdll.dll!RtlRegisterThreadWithCsrss+0x197 ; 02150000 ; 02144000 ; 0000C000 ; 3 ; WrQueue ; 8 ; 8 ; 2/21/2013 9:24:09 AM ; 00:00:00.000 ; 00:00:00.000 ;
1348 ; WerConCpl.dll!WerpIsResponseApplicable+0x628e ; 040C0000 ; 040B2000 ; 0000E000 ; 8,235 ; DelayExecution ; 8 ; 9 ; 2/21/2013 9:24:28 AM ; 00:00:00.702 ; 00:00:00.405 ;
2072 ; Explorer.EXE+0x30f02 ; 003A0000 ; 0038F000 ; 00011000 ; 6,185 ; WrUserRequest ; 8 ; 12 ; 2/21/2013 9:11:04 AM ; 00:00:02.246 ; 00:00:01.092 ;
2712 ; ntdll.dll!RtlFreeThreadActivationContextStack+0x517 ; 01A30000 ; 01A22000 ; 0000E000 ; 143 ; UserRequest ; 8 ; 12 ; 2/21/2013 9:11:04 AM ; 00:00:00.000 ; 00:00:00.000 ;
3660 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 02C80000 ; 02C6E000 ; 00012000 ; 7,417 ; UserRequest ; 9 ; 13 ; 2/21/2013 9:11:05 AM ; 00:00:00.265 ; 00:00:00.514 ;
3640 ; msvcrt.dll!_endthreadex+0x29 ; 020C0000 ; 020B2000 ; 0000E000 ; 2 ; UserRequest ; 8 ; 8 ; 2/21/2013 9:11:05 AM ; 00:00:00.000 ; 00:00:00.000 ;
3728 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 04790000 ; 0477F000 ; 00011000 ; 365 ; UserRequest ; 8 ; 12 ; 2/21/2013 9:11:05 AM ; 00:00:00.093 ; 00:00:00.015 ;
2872 ; msiltcfg.dll!RestartMsi+0x2aec ; 04C10000 ; 04C02000 ; 0000E000 ; 2 ; UserRequest ; 8 ; 8 ; 2/21/2013 9:11:05 AM ; 00:00:00.000 ; 00:00:00.000 ;
2508 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 05540000 ; 05532000 ; 0000E000 ; 34 ; WrUserRequest ; 8 ; 12 ; 2/21/2013 9:11:06 AM ; 00:00:00.000 ; 00:00:00.000 ;
1204 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 05030000 ; 05021000 ; 0000F000 ; 83 ; WrUserRequest ; 8 ; 12 ; 2/21/2013 9:11:06 AM ; 00:00:00.015 ; 00:00:00.000 ;
1976 ; ntdll.dll!RtlRegisterThreadWithCsrss+0x197 ; 03040000 ; 03031000 ; 0000F000 ; 287 ; WrQueue ; 8 ; 10 ; 2/21/2013 9:11:07 AM ; 00:00:00.000 ; 00:00:00.000 ;
2628 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 032F0000 ; 032DF000 ; 00011000 ; 1,605 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:10 AM ; 00:00:00.062 ; 00:00:00.015 ;
1472 ; ntdll.dll!RtlRegisterThreadWithCsrss+0x197 ; 031E0000 ; 031D1000 ; 0000F000 ; 13 ; UserRequest ; 8 ; 11 ; 2/21/2013 9:11:10 AM ; 00:00:00.000 ; 00:00:00.000 ;
1480 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 033E0000 ; 033CE000 ; 00012000 ; 849 ; UserRequest ; 8 ; 12 ; 2/21/2013 9:11:10 AM ; 00:00:00.046 ; 00:00:00.171 ;
1476 ; ole32.dll!CoGetTreatAsClass+0x3135 ; 03510000 ; 03502000 ; 0000E000 ; 8 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:10 AM ; 00:00:00.000 ; 00:00:00.000 ;
1940 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 03620000 ; 0360F000 ; 00011000 ; 573 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:11 AM ; 00:00:00.000 ; 00:00:00.031 ;
3112 ; MMDevApi.dll!DllCanUnloadNow+0x1120 ; 03670000 ; 03661000 ; 0000F000 ; 55 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:11 AM ; 00:00:00.000 ; 00:00:00.000 ;
3504 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 03780000 ; 03772000 ; 0000E000 ; 52 ; WrUserRequest ; 15 ; 15 ; 2/21/2013 9:11:11 AM ; 00:00:00.000 ; 00:00:00.000 ;
756 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 03490000 ; 0347F000 ; 00011000 ; 323 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:12 AM ; 00:00:00.000 ; 00:00:00.078 ;
2764 ; Wlanapi.dll!WlanOpenHandle+0x225e ; 03A90000 ; 03A82000 ; 0000E000 ; 124 ; UserRequest ; 8 ; 11 ; 2/21/2013 9:11:12 AM ; 00:00:00.000 ; 00:00:00.000 ;
3120 ; ntdll.dll!RtlRegisterThreadWithCsrss+0x197 ; 03950000 ; 03941000 ; 0000F000 ; 39 ; WrQueue ; 8 ; 11 ; 2/21/2013 9:11:12 AM ; 00:00:00.000 ; 00:00:00.000 ;
1584 ; fxsst.dll!FaxMonitorStartup+0x25f ; 03910000 ; 03902000 ; 0000E000 ; 14 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:15 AM ; 00:00:00.000 ; 00:00:00.000 ;
764 ; ole32.dll!CoGetTreatAsClass+0x3135 ; 03B40000 ; 03B32000 ; 0000E000 ; 14 ; WrUserRequest ; 8 ; 13 ; 2/21/2013 9:13:12 AM ; 00:00:00.000 ; 00:00:00.000 ;
3040 ; ntdll.dll!RtlRegisterThreadWithCsrss+0x197 ; 03740000 ; 03730000 ; 00010000 ; 306 ; WrQueue ; 8 ; 10 ; 2/21/2013 9:21:26 AM ; 00:00:00.015 ; 00:00:00.000 ;
3884 ; RunDll32.exe+0x178c ; 00120000 ; 00114000 ; 0000C000 ; 33 ; WrUserRequest ; 8 ; 9 ; 2/21/2013 9:24:04 AM ; 00:00:00.015 ; 00:00:00.046 ;
644 ; WerConCpl.dll+0x353a3 ; 00250000 ; 0023E000 ; 00012000 ; 2,800 ; UserRequest ; 7 ; 7 ; 2/21/2013 9:24:04 AM ; 00:00:00.686 ; 00:00:00.312 ;
2644 ; ntdll.dll!RtlFreeThreadActivationContextStack+0x517 ; 02070000 ; 02064000 ; 0000C000 ; 120 ; UserRequest ; 8 ; 8 ; 2/21/2013 9:24:04 AM ; 00:00:00.000 ; 00:00:00.000 ;
1924 ; ntdll.dll!RtlRegisterThreadWithCsrss+0x197 ; 016D0000 ; 016C2000 ; 0000E000 ; 200 ; WrQueue ; 8 ; 8 ; 2/21/2013 9:24:04 AM ; 00:00:00.000 ; 00:00:00.046 ;
2756 ; ole32.dll!CoGetTreatAsClass+0x3135 ; 022B0000 ; 022A4000 ; 0000C000 ; 25 ; WrUserRequest ; 8 ; 10 ; 2/21/2013 9:24:04 AM ; 00:00:00.000 ; 00:00:00.000 ;
4016 ; ntdll.dll!RtlRegisterThreadWithCsrss+0x197 ; 02150000 ; 02144000 ; 0000C000 ; 3 ; WrQueue ; 8 ; 8 ; 2/21/2013 9:24:09 AM ; 00:00:00.000 ; 00:00:00.000 ;
1348 ; WerConCpl.dll!WerpIsResponseApplicable+0x628e ; 040C0000 ; 040B2000 ; 0000E000 ; 8,350 ; DelayExecution ; 8 ; 9 ; 2/21/2013 9:24:28 AM ; 00:00:00.702 ; 00:00:00.405 ;
2072 ; Explorer.EXE+0x30f02 ; 003A0000 ; 0038F000 ; 00011000 ; 6,185 ; WrUserRequest ; 8 ; 12 ; 2/21/2013 9:11:04 AM ; 00:00:02.246 ; 00:00:01.092 ;
2712 ; ntdll.dll!RtlFreeThreadActivationContextStack+0x517 ; 01A30000 ; 01A22000 ; 0000E000 ; 143 ; UserRequest ; 8 ; 12 ; 2/21/2013 9:11:04 AM ; 00:00:00.000 ; 00:00:00.000 ;
3660 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 02C80000 ; 02C6E000 ; 00012000 ; 7,417 ; UserRequest ; 9 ; 13 ; 2/21/2013 9:11:05 AM ; 00:00:00.265 ; 00:00:00.514 ;
3640 ; msvcrt.dll!_endthreadex+0x29 ; 020C0000 ; 020B2000 ; 0000E000 ; 2 ; UserRequest ; 8 ; 8 ; 2/21/2013 9:11:05 AM ; 00:00:00.000 ; 00:00:00.000 ;
3728 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 04790000 ; 0477F000 ; 00011000 ; 365 ; UserRequest ; 8 ; 12 ; 2/21/2013 9:11:05 AM ; 00:00:00.093 ; 00:00:00.015 ;
2872 ; msiltcfg.dll!RestartMsi+0x2aec ; 04C10000 ; 04C02000 ; 0000E000 ; 2 ; UserRequest ; 8 ; 8 ; 2/21/2013 9:11:05 AM ; 00:00:00.000 ; 00:00:00.000 ;
2508 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 05540000 ; 05532000 ; 0000E000 ; 34 ; WrUserRequest ; 8 ; 12 ; 2/21/2013 9:11:06 AM ; 00:00:00.000 ; 00:00:00.000 ;
1204 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 05030000 ; 05021000 ; 0000F000 ; 83 ; WrUserRequest ; 8 ; 12 ; 2/21/2013 9:11:06 AM ; 00:00:00.015 ; 00:00:00.000 ;
1976 ; ntdll.dll!RtlRegisterThreadWithCsrss+0x197 ; 03040000 ; 03031000 ; 0000F000 ; 287 ; WrQueue ; 8 ; 10 ; 2/21/2013 9:11:07 AM ; 00:00:00.000 ; 00:00:00.000 ;
2628 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 032F0000 ; 032DF000 ; 00011000 ; 1,605 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:10 AM ; 00:00:00.062 ; 00:00:00.015 ;
1472 ; ntdll.dll!RtlRegisterThreadWithCsrss+0x197 ; 031E0000 ; 031D1000 ; 0000F000 ; 13 ; UserRequest ; 8 ; 11 ; 2/21/2013 9:11:10 AM ; 00:00:00.000 ; 00:00:00.000 ;
1480 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 033E0000 ; 033CE000 ; 00012000 ; 849 ; UserRequest ; 8 ; 12 ; 2/21/2013 9:11:10 AM ; 00:00:00.046 ; 00:00:00.171 ;
1476 ; ole32.dll!CoGetTreatAsClass+0x3135 ; 03510000 ; 03502000 ; 0000E000 ; 8 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:10 AM ; 00:00:00.000 ; 00:00:00.000 ;
1940 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 03620000 ; 0360F000 ; 00011000 ; 573 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:11 AM ; 00:00:00.000 ; 00:00:00.031 ;
3112 ; MMDevApi.dll!DllCanUnloadNow+0x1120 ; 03670000 ; 03661000 ; 0000F000 ; 55 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:11 AM ; 00:00:00.000 ; 00:00:00.000 ;
3504 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 03780000 ; 03772000 ; 0000E000 ; 52 ; WrUserRequest ; 15 ; 15 ; 2/21/2013 9:11:11 AM ; 00:00:00.000 ; 00:00:00.000 ;
756 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 03490000 ; 0347F000 ; 00011000 ; 323 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:12 AM ; 00:00:00.000 ; 00:00:00.078 ;
2764 ; Wlanapi.dll!WlanOpenHandle+0x225e ; 03A90000 ; 03A82000 ; 0000E000 ; 125 ; UserRequest ; 8 ; 11 ; 2/21/2013 9:11:12 AM ; 00:00:00.000 ; 00:00:00.000 ;
3120 ; ntdll.dll!RtlRegisterThreadWithCsrss+0x197 ; 03950000 ; 03941000 ; 0000F000 ; 39 ; WrQueue ; 8 ; 11 ; 2/21/2013 9:11:12 AM ; 00:00:00.000 ; 00:00:00.000 ;
1584 ; fxsst.dll!FaxMonitorStartup+0x25f ; 03910000 ; 03902000 ; 0000E000 ; 14 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:15 AM ; 00:00:00.000 ; 00:00:00.000 ;
764 ; ole32.dll!CoGetTreatAsClass+0x3135 ; 03B40000 ; 03B32000 ; 0000E000 ; 14 ; WrUserRequest ; 8 ; 13 ; 2/21/2013 9:13:12 AM ; 00:00:00.000 ; 00:00:00.000 ;
3040 ; ntdll.dll!RtlRegisterThreadWithCsrss+0x197 ; 03740000 ; 03730000 ; 00010000 ; 308 ; WrQueue ; 8 ; 10 ; 2/21/2013 9:21:26 AM ; 00:00:00.015 ; 00:00:00.000 ;
3884 ; RunDll32.exe+0x178c ; 00120000 ; 00114000 ; 0000C000 ; 33 ; WrUserRequest ; 8 ; 9 ; 2/21/2013 9:24:04 AM ; 00:00:00.015 ; 00:00:00.046 ;
644 ; WerConCpl.dll+0x353a3 ; 00250000 ; 0023E000 ; 00012000 ; 2,800 ; UserRequest ; 7 ; 7 ; 2/21/2013 9:24:04 AM ; 00:00:00.686 ; 00:00:00.312 ;
2644 ; ntdll.dll!RtlFreeThreadActivationContextStack+0x517 ; 02070000 ; 02064000 ; 0000C000 ; 120 ; UserRequest ; 8 ; 8 ; 2/21/2013 9:24:04 AM ; 00:00:00.000 ; 00:00:00.000 ;
1924 ; ntdll.dll!RtlRegisterThreadWithCsrss+0x197 ; 016D0000 ; 016C2000 ; 0000E000 ; 200 ; WrQueue ; 8 ; 8 ; 2/21/2013 9:24:04 AM ; 00:00:00.000 ; 00:00:00.046 ;
2756 ; ole32.dll!CoGetTreatAsClass+0x3135 ; 022B0000 ; 022A4000 ; 0000C000 ; 25 ; WrUserRequest ; 8 ; 10 ; 2/21/2013 9:24:04 AM ; 00:00:00.000 ; 00:00:00.000 ;
4016 ; ntdll.dll!RtlRegisterThreadWithCsrss+0x197 ; 02150000 ; 02144000 ; 0000C000 ; 3 ; WrQueue ; 8 ; 8 ; 2/21/2013 9:24:09 AM ; 00:00:00.000 ; 00:00:00.000 ;
1348 ; WerConCpl.dll!WerpIsResponseApplicable+0x628e ; 040C0000 ; 040B2000 ; 0000E000 ; 8,601 ; DelayExecution ; 8 ; 9 ; 2/21/2013 9:24:28 AM ; 00:00:00.702 ; 00:00:00.405 ;
2072 ; Explorer.EXE+0x30f02 ; 003A0000 ; 0038F000 ; 00011000 ; 6,186 ; WrUserRequest ; 8 ; 12 ; 2/21/2013 9:11:04 AM ; 00:00:02.246 ; 00:00:01.092 ;
2712 ; ntdll.dll!RtlFreeThreadActivationContextStack+0x517 ; 01A30000 ; 01A22000 ; 0000E000 ; 143 ; UserRequest ; 8 ; 12 ; 2/21/2013 9:11:04 AM ; 00:00:00.000 ; 00:00:00.000 ;
3660 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 02C80000 ; 02C6E000 ; 00012000 ; 7,463 ; UserRequest ; 9 ; 11 ; 2/21/2013 9:11:05 AM ; 00:00:00.265 ; 00:00:00.514 ;
3640 ; msvcrt.dll!_endthreadex+0x29 ; 020C0000 ; 020B2000 ; 0000E000 ; 2 ; UserRequest ; 8 ; 8 ; 2/21/2013 9:11:05 AM ; 00:00:00.000 ; 00:00:00.000 ;
3728 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 04790000 ; 0477F000 ; 00011000 ; 365 ; UserRequest ; 8 ; 12 ; 2/21/2013 9:11:05 AM ; 00:00:00.093 ; 00:00:00.015 ;
2872 ; msiltcfg.dll!RestartMsi+0x2aec ; 04C10000 ; 04C02000 ; 0000E000 ; 2 ; UserRequest ; 8 ; 8 ; 2/21/2013 9:11:05 AM ; 00:00:00.000 ; 00:00:00.000 ;
2508 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 05540000 ; 05532000 ; 0000E000 ; 34 ; WrUserRequest ; 8 ; 12 ; 2/21/2013 9:11:06 AM ; 00:00:00.000 ; 00:00:00.000 ;
1204 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 05030000 ; 05021000 ; 0000F000 ; 83 ; WrUserRequest ; 8 ; 12 ; 2/21/2013 9:11:06 AM ; 00:00:00.015 ; 00:00:00.000 ;
1976 ; ntdll.dll!RtlRegisterThreadWithCsrss+0x197 ; 03040000 ; 03031000 ; 0000F000 ; 287 ; WrQueue ; 8 ; 10 ; 2/21/2013 9:11:07 AM ; 00:00:00.000 ; 00:00:00.000 ;
2628 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 032F0000 ; 032DF000 ; 00011000 ; 1,605 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:10 AM ; 00:00:00.062 ; 00:00:00.015 ;
1472 ; ntdll.dll!RtlRegisterThreadWithCsrss+0x197 ; 031E0000 ; 031D1000 ; 0000F000 ; 13 ; UserRequest ; 8 ; 11 ; 2/21/2013 9:11:10 AM ; 00:00:00.000 ; 00:00:00.000 ;
1480 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 033E0000 ; 033CE000 ; 00012000 ; 849 ; UserRequest ; 8 ; 12 ; 2/21/2013 9:11:10 AM ; 00:00:00.046 ; 00:00:00.171 ;
1476 ; ole32.dll!CoGetTreatAsClass+0x3135 ; 03510000 ; 03502000 ; 0000E000 ; 8 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:10 AM ; 00:00:00.000 ; 00:00:00.000 ;
1940 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 03620000 ; 0360F000 ; 00011000 ; 573 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:11 AM ; 00:00:00.000 ; 00:00:00.031 ;
3112 ; MMDevApi.dll!DllCanUnloadNow+0x1120 ; 03670000 ; 03661000 ; 0000F000 ; 55 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:11 AM ; 00:00:00.000 ; 00:00:00.000 ;
3504 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 03780000 ; 03772000 ; 0000E000 ; 52 ; WrUserRequest ; 15 ; 15 ; 2/21/2013 9:11:11 AM ; 00:00:00.000 ; 00:00:00.000 ;
756 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 03490000 ; 0347F000 ; 00011000 ; 323 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:12 AM ; 00:00:00.000 ; 00:00:00.078 ;
2764 ; Wlanapi.dll!WlanOpenHandle+0x225e ; 03A90000 ; 03A82000 ; 0000E000 ; 129 ; UserRequest ; 8 ; 11 ; 2/21/2013 9:11:12 AM ; 00:00:00.000 ; 00:00:00.000 ;
3120 ; ntdll.dll!RtlRegisterThreadWithCsrss+0x197 ; 03950000 ; 03941000 ; 0000F000 ; 39 ; WrQueue ; 8 ; 11 ; 2/21/2013 9:11:12 AM ; 00:00:00.000 ; 00:00:00.000 ;
1584 ; fxsst.dll!FaxMonitorStartup+0x25f ; 03910000 ; 03902000 ; 0000E000 ; 14 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:15 AM ; 00:00:00.000 ; 00:00:00.000 ;
764 ; ole32.dll!CoGetTreatAsClass+0x3135 ; 03B40000 ; 03B32000 ; 0000E000 ; 14 ; WrUserRequest ; 8 ; 13 ; 2/21/2013 9:13:12 AM ; 00:00:00.000 ; 00:00:00.000 ;
3040 ; ntdll.dll!RtlRegisterThreadWithCsrss+0x197 ; 03740000 ; 03730000 ; 00010000 ; 314 ; WrQueue ; 8 ; 10 ; 2/21/2013 9:21:26 AM ; 00:00:00.015 ; 00:00:00.000 ;
3884 ; RunDll32.exe+0x178c ; 00120000 ; 00114000 ; 0000C000 ; 33 ; WrUserRequest ; 8 ; 9 ; 2/21/2013 9:24:04 AM ; 00:00:00.015 ; 00:00:00.046 ;
644 ; WerConCpl.dll+0x353a3 ; 00250000 ; 0023E000 ; 00012000 ; 2,800 ; UserRequest ; 7 ; 7 ; 2/21/2013 9:24:04 AM ; 00:00:00.686 ; 00:00:00.312 ;
2644 ; ntdll.dll!RtlFreeThreadActivationContextStack+0x517 ; 02070000 ; 02064000 ; 0000C000 ; 120 ; UserRequest ; 8 ; 8 ; 2/21/2013 9:24:04 AM ; 00:00:00.000 ; 00:00:00.000 ;
1924 ; ntdll.dll!RtlRegisterThreadWithCsrss+0x197 ; 016D0000 ; 016C2000 ; 0000E000 ; 200 ; WrQueue ; 8 ; 8 ; 2/21/2013 9:24:04 AM ; 00:00:00.000 ; 00:00:00.046 ;
2756 ; ole32.dll!CoGetTreatAsClass+0x3135 ; 022B0000 ; 022A4000 ; 0000C000 ; 25 ; WrUserRequest ; 8 ; 10 ; 2/21/2013 9:24:04 AM ; 00:00:00.000 ; 00:00:00.000 ;
4016 ; ntdll.dll!RtlRegisterThreadWithCsrss+0x197 ; 02150000 ; 02144000 ; 0000C000 ; 3 ; WrQueue ; 8 ; 8 ; 2/21/2013 9:24:09 AM ; 00:00:00.000 ; 00:00:00.000 ;
1348 ; WerConCpl.dll!WerpIsResponseApplicable+0x628e ; 040C0000 ; 040B2000 ; 0000E000 ; 9,248 ; DelayExecution ; 8 ; 9 ; 2/21/2013 9:24:28 AM ; 00:00:00.702 ; 00:00:00.405 ;
2072 ; Explorer.EXE+0x30f02 ; 003A0000 ; 0038F000 ; 00011000 ; 6,187 ; WrUserRequest ; 8 ; 12 ; 2/21/2013 9:11:04 AM ; 00:00:02.246 ; 00:00:01.092 ;
2712 ; ntdll.dll!RtlFreeThreadActivationContextStack+0x517 ; 01A30000 ; 01A22000 ; 0000E000 ; 143 ; UserRequest ; 8 ; 12 ; 2/21/2013 9:11:04 AM ; 00:00:00.000 ; 00:00:00.000 ;
3660 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 02C80000 ; 02C6E000 ; 00012000 ; 7,575 ; UserRequest ; 9 ; 13 ; 2/21/2013 9:11:05 AM ; 00:00:00.265 ; 00:00:00.514 ;
3640 ; msvcrt.dll!_endthreadex+0x29 ; 020C0000 ; 020B2000 ; 0000E000 ; 2 ; UserRequest ; 8 ; 8 ; 2/21/2013 9:11:05 AM ; 00:00:00.000 ; 00:00:00.000 ;
3728 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 04790000 ; 0477F000 ; 00011000 ; 365 ; UserRequest ; 8 ; 12 ; 2/21/2013 9:11:05 AM ; 00:00:00.093 ; 00:00:00.015 ;
2872 ; msiltcfg.dll!RestartMsi+0x2aec ; 04C10000 ; 04C02000 ; 0000E000 ; 2 ; UserRequest ; 8 ; 8 ; 2/21/2013 9:11:05 AM ; 00:00:00.000 ; 00:00:00.000 ;
2508 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 05540000 ; 05532000 ; 0000E000 ; 34 ; WrUserRequest ; 8 ; 12 ; 2/21/2013 9:11:06 AM ; 00:00:00.000 ; 00:00:00.000 ;
1204 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 05030000 ; 05021000 ; 0000F000 ; 83 ; WrUserRequest ; 8 ; 12 ; 2/21/2013 9:11:06 AM ; 00:00:00.015 ; 00:00:00.000 ;
1976 ; ntdll.dll!RtlRegisterThreadWithCsrss+0x197 ; 03040000 ; 03031000 ; 0000F000 ; 287 ; WrQueue ; 8 ; 10 ; 2/21/2013 9:11:07 AM ; 00:00:00.000 ; 00:00:00.000 ;
2628 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 032F0000 ; 032DF000 ; 00011000 ; 1,605 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:10 AM ; 00:00:00.062 ; 00:00:00.015 ;
1472 ; ntdll.dll!RtlRegisterThreadWithCsrss+0x197 ; 031E0000 ; 031D1000 ; 0000F000 ; 13 ; UserRequest ; 8 ; 11 ; 2/21/2013 9:11:10 AM ; 00:00:00.000 ; 00:00:00.000 ;
1480 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 033E0000 ; 033CE000 ; 00012000 ; 849 ; UserRequest ; 8 ; 12 ; 2/21/2013 9:11:10 AM ; 00:00:00.046 ; 00:00:00.171 ;
1476 ; ole32.dll!CoGetTreatAsClass+0x3135 ; 03510000 ; 03502000 ; 0000E000 ; 8 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:10 AM ; 00:00:00.000 ; 00:00:00.000 ;
1940 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 03620000 ; 0360F000 ; 00011000 ; 573 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:11 AM ; 00:00:00.000 ; 00:00:00.031 ;
3112 ; MMDevApi.dll!DllCanUnloadNow+0x1120 ; 03670000 ; 03661000 ; 0000F000 ; 55 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:11 AM ; 00:00:00.000 ; 00:00:00.000 ;
3504 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 03780000 ; 03772000 ; 0000E000 ; 52 ; WrUserRequest ; 15 ; 15 ; 2/21/2013 9:11:11 AM ; 00:00:00.000 ; 00:00:00.000 ;
756 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 03490000 ; 0347F000 ; 00011000 ; 323 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:12 AM ; 00:00:00.000 ; 00:00:00.078 ;
2764 ; Wlanapi.dll!WlanOpenHandle+0x225e ; 03A90000 ; 03A82000 ; 0000E000 ; 143 ; UserRequest ; 8 ; 11 ; 2/21/2013 9:11:12 AM ; 00:00:00.000 ; 00:00:00.000 ;
3120 ; ntdll.dll!RtlRegisterThreadWithCsrss+0x197 ; 03950000 ; 03941000 ; 0000F000 ; 39 ; WrQueue ; 8 ; 11 ; 2/21/2013 9:11:12 AM ; 00:00:00.000 ; 00:00:00.000 ;
1584 ; fxsst.dll!FaxMonitorStartup+0x25f ; 03910000 ; 03902000 ; 0000E000 ; 14 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:15 AM ; 00:00:00.000 ; 00:00:00.000 ;
764 ; ole32.dll!CoGetTreatAsClass+0x3135 ; 03B40000 ; 03B32000 ; 0000E000 ; 15 ; WrUserRequest ; 8 ; 13 ; 2/21/2013 9:13:12 AM ; 00:00:00.000 ; 00:00:00.000 ;
3040 ; ntdll.dll!RtlRegisterThreadWithCsrss+0x197 ; 03740000 ; 03730000 ; 00010000 ; 340 ; WrQueue ; 8 ; 10 ; 2/21/2013 9:21:26 AM ; 00:00:00.015 ; 00:00:00.000 ;
3884 ; RunDll32.exe+0x178c ; 00120000 ; 00114000 ; 0000C000 ; 33 ; WrUserRequest ; 8 ; 9 ; 2/21/2013 9:24:04 AM ; 00:00:00.015 ; 00:00:00.046 ;
644 ; WerConCpl.dll+0x353a3 ; 00250000 ; 0023E000 ; 00012000 ; 2,800 ; UserRequest ; 7 ; 7 ; 2/21/2013 9:24:04 AM ; 00:00:00.686 ; 00:00:00.312 ;
2644 ; ntdll.dll!RtlFreeThreadActivationContextStack+0x517 ; 02070000 ; 02064000 ; 0000C000 ; 120 ; UserRequest ; 8 ; 8 ; 2/21/2013 9:24:04 AM ; 00:00:00.000 ; 00:00:00.000 ;
1924 ; ntdll.dll!RtlRegisterThreadWithCsrss+0x197 ; 016D0000 ; 016C2000 ; 0000E000 ; 200 ; WrQueue ; 8 ; 8 ; 2/21/2013 9:24:04 AM ; 00:00:00.000 ; 00:00:00.046 ;
2756 ; ole32.dll!CoGetTreatAsClass+0x3135 ; 022B0000 ; 022A4000 ; 0000C000 ; 26 ; WrUserRequest ; 8 ; 10 ; 2/21/2013 9:24:04 AM ; 00:00:00.000 ; 00:00:00.000 ;
4016 ; ntdll.dll!RtlRegisterThreadWithCsrss+0x197 ; 02150000 ; 02144000 ; 0000C000 ; 3 ; WrQueue ; 8 ; 8 ; 2/21/2013 9:24:09 AM ; 00:00:00.000 ; 00:00:00.000 ;
1348 ; WerConCpl.dll!WerpIsResponseApplicable+0x628e ; 040C0000 ; 040B2000 ; 0000E000 ; 10,870 ; DelayExecution ; 8 ; 9 ; 2/21/2013 9:24:28 AM ; 00:00:00.702 ; 00:00:00.405 ;
2072 ; Explorer.EXE+0x30f02 ; 003A0000 ; 0038F000 ; 00011000 ; 6,263 ; WrUserRequest ; 8 ; 12 ; 2/21/2013 9:11:04 AM ; 00:00:02.277 ; 00:00:01.107 ;
2712 ; ntdll.dll!RtlFreeThreadActivationContextStack+0x517 ; 01A30000 ; 01A22000 ; 0000E000 ; 143 ; UserRequest ; 8 ; 12 ; 2/21/2013 9:11:04 AM ; 00:00:00.000 ; 00:00:00.000 ;
3660 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 02C80000 ; 02C6E000 ; 00012000 ; 7,718 ; UserRequest ; 9 ; 11 ; 2/21/2013 9:11:05 AM ; 00:00:00.265 ; 00:00:00.514 ;
3640 ; msvcrt.dll!_endthreadex+0x29 ; 020C0000 ; 020B2000 ; 0000E000 ; 2 ; UserRequest ; 8 ; 8 ; 2/21/2013 9:11:05 AM ; 00:00:00.000 ; 00:00:00.000 ;
3728 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 04790000 ; 0477F000 ; 00011000 ; 365 ; UserRequest ; 8 ; 12 ; 2/21/2013 9:11:05 AM ; 00:00:00.093 ; 00:00:00.015 ;
2872 ; msiltcfg.dll!RestartMsi+0x2aec ; 04C10000 ; 04C02000 ; 0000E000 ; 2 ; UserRequest ; 8 ; 8 ; 2/21/2013 9:11:05 AM ; 00:00:00.000 ; 00:00:00.000 ;
2508 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 05540000 ; 05532000 ; 0000E000 ; 34 ; WrUserRequest ; 8 ; 12 ; 2/21/2013 9:11:06 AM ; 00:00:00.000 ; 00:00:00.000 ;
1204 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 05030000 ; 05021000 ; 0000F000 ; 83 ; WrUserRequest ; 8 ; 12 ; 2/21/2013 9:11:06 AM ; 00:00:00.015 ; 00:00:00.000 ;
1976 ; ntdll.dll!RtlRegisterThreadWithCsrss+0x197 ; 03040000 ; 03031000 ; 0000F000 ; 287 ; WrQueue ; 8 ; 10 ; 2/21/2013 9:11:07 AM ; 00:00:00.000 ; 00:00:00.000 ;
2628 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 032F0000 ; 032DF000 ; 00011000 ; 1,605 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:10 AM ; 00:00:00.062 ; 00:00:00.015 ;
1472 ; ntdll.dll!RtlRegisterThreadWithCsrss+0x197 ; 031E0000 ; 031D1000 ; 0000F000 ; 13 ; UserRequest ; 8 ; 11 ; 2/21/2013 9:11:10 AM ; 00:00:00.000 ; 00:00:00.000 ;
1480 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 033E0000 ; 033CE000 ; 00012000 ; 849 ; UserRequest ; 8 ; 12 ; 2/21/2013 9:11:10 AM ; 00:00:00.046 ; 00:00:00.171 ;
1476 ; ole32.dll!CoGetTreatAsClass+0x3135 ; 03510000 ; 03502000 ; 0000E000 ; 8 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:10 AM ; 00:00:00.000 ; 00:00:00.000 ;
1940 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 03620000 ; 0360F000 ; 00011000 ; 573 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:11 AM ; 00:00:00.000 ; 00:00:00.031 ;
3112 ; MMDevApi.dll!DllCanUnloadNow+0x1120 ; 03670000 ; 03661000 ; 0000F000 ; 55 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:11 AM ; 00:00:00.000 ; 00:00:00.000 ;
3504 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 03780000 ; 03772000 ; 0000E000 ; 52 ; WrUserRequest ; 15 ; 15 ; 2/21/2013 9:11:11 AM ; 00:00:00.000 ; 00:00:00.000 ;
756 ; SHLWAPI.dll!IUnknown_QueryService+0x87 ; 03490000 ; 0347F000 ; 00011000 ; 323 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:12 AM ; 00:00:00.000 ; 00:00:00.078 ;
2764 ; Wlanapi.dll!WlanOpenHandle+0x225e ; 03A90000 ; 03A82000 ; 0000E000 ; 146 ; UserRequest ; 8 ; 11 ; 2/21/2013 9:11:12 AM ; 00:00:00.000 ; 00:00:00.000 ;
3120 ; ntdll.dll!RtlRegisterThreadWithCsrss+0x197 ; 03950000 ; 03941000 ; 0000F000 ; 39 ; WrQueue ; 8 ; 11 ; 2/21/2013 9:11:12 AM ; 00:00:00.000 ; 00:00:00.000 ;
1584 ; fxsst.dll!FaxMonitorStartup+0x25f ; 03910000 ; 03902000 ; 0000E000 ; 14 ; UserRequest ; 8 ; 10 ; 2/21/2013 9:11:15 AM ; 00:00:00.000 ; 00:00:00.000 ;
764 ; ole32.dll!CoGetTreatAsClass+0x3135 ; 03B40000 ; 03B32000 ; 0000E000 ; 15 ; WrUserRequest ; 8 ; 13 ; 2/21/2013 9:13:12 AM ; 00:00:00.000 ; 00:00:00.000 ;
3040 ; ntdll.dll!RtlRegisterThreadWithCsrss+0x197 ; 03740000 ; 03730000 ; 00010000 ; 346 ; WrQueue ; 8 ; 10 ; 2/21/2013 9:21:26 AM ; 00:00:00.015 ; 00:00:00.000 ;

Full Stack Data:
 

<I couldn't copy everything and paste them here, maybe too big?> Anyways, I have attached the rest of the report as an atachment.

 

Thank you very much!

Attached Files


Edited by tiger168, 21 February 2013 - 12:57 PM.


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,006 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:24 AM

Posted 21 February 2013 - 01:17 PM

Hi Tony,

Thanks for the detailed information. I would like to look a little deeper into the condition of one of the files on your system. Please do this for me.


===================================================


SystemLook by jpshortstuff

--------------------

  • Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:
:filefind
SHLWAPI.dll
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. icon_thumb.gif

  • SystemLook log

Edited by Oh My, 21 February 2013 - 01:18 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users