Unsolved
This post is more than 5 years old
26 Posts
0
9538
Unable to run Windows updates; Error code 80072EFE...........
I am having a problem with Windows Updates. I have searched the forums and tried several of the suggestions and am having problems correcting the situation. I run Windows Vista with SP2 on a Dell Inspiron laptop. Can you give me some directions and instructions as to how to begin this process? Thanks!!! Mike Fussell
Here is my Hijack This log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:11:32 PM, on 8/17/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Panda Security\Panda ID Protect\Panda ID Protect.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Companion\att\ToolbarSvr.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Mike's Laptop\AppData\Local\Yahoo!\BrowserPlus\2.9.8\BrowserPlusCore.exe
C:\Users\Mike's Laptop\AppData\Local\Yahoo!\BrowserPlus\2.9.8\BrowserPlusService.exe
C:\Users\Mike's Laptop\AppData\Local\Yahoo!\BrowserPlus\2.9.8\BrowserPlusService.exe
C:\Users\Mike's Laptop\AppData\Local\Yahoo!\BrowserPlus\2.9.8\BrowserPlusService.exe
C:\Users\Mike's Laptop\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/mail?.partner=sbc&.intl=us&.done=http%3A%2F%2Fus.mg203.mail.yahoo.com%2Fdc%2Flaunch%3F.partner%3Dsbc%26.gx%3D0%26.rand%3D274h1nr76k4ah
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Norton 360\Engine\3.0.0.135\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O3 - Toolbar: att.net Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\AllMusicConverter\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\AllMusicConverter\YouTubeRipper.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/SmileyCentralInitialSetup1.0.1.1.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} (GameTap Player) - http://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O20 - Winlogon Notify: GoToAssist - Invalid registry found
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Remote Access Media Server (Apache2.2) - Apache Software Foundation - C:\Program Files\Common Files\Dell\apache\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Remote Access DB (dsl-db) - Unknown owner - C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe
O23 - Service: Remote Access File Sync Service (dsl-fs-sync) - SingleClick Systems - C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SMServer - SMServer - C:\Windows\system32\snmvtsvc.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: UltraVNC Server (uvnc_service) - UltraVNC - C:\ProgramData\UltraVNC\winvnc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 12961 bytes
MikeTheGreaseMa
26 Posts
0
September 6th, 2010 13:00
Ran it again after I selected 'cure' and here's what I got:
2010/09/06 14:11:15.0403 TDSS rootkit removing tool 2.4.2.0 Sep 3 2010 10:26:06
2010/09/06 14:11:15.0403 ================================================================================
2010/09/06 14:11:15.0403 SystemInfo:
2010/09/06 14:11:15.0403
2010/09/06 14:11:15.0403 OS Version: 6.0.6002 ServicePack: 2.0
2010/09/06 14:11:15.0403 Product type: Workstation
2010/09/06 14:11:15.0403 ComputerName: MIKESLAPTOP
2010/09/06 14:11:15.0404 UserName: Mike's Laptop
2010/09/06 14:11:15.0404 Windows directory: C:\Windows
2010/09/06 14:11:15.0404 System windows directory: C:\Windows
2010/09/06 14:11:15.0404 Processor architecture: Intel x86
2010/09/06 14:11:15.0404 Number of processors: 2
2010/09/06 14:11:15.0404 Page size: 0x1000
2010/09/06 14:11:15.0404 Boot type: Normal boot
2010/09/06 14:11:15.0404 ================================================================================
2010/09/06 14:11:16.0193 Initialize success
2010/09/06 14:11:22.0264 ================================================================================
2010/09/06 14:11:22.0264 Scan started
2010/09/06 14:11:22.0264 Mode: Manual;
2010/09/06 14:11:22.0264 ================================================================================
2010/09/06 14:11:23.0294 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/09/06 14:11:23.0357 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/09/06 14:11:23.0500 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/09/06 14:11:23.0615 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/09/06 14:11:23.0666 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/09/06 14:11:23.0839 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys
2010/09/06 14:11:23.0989 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/09/06 14:11:24.0167 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/09/06 14:11:24.0305 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/09/06 14:11:24.0536 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/09/06 14:11:24.0684 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/09/06 14:11:24.0721 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/09/06 14:11:24.0866 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/09/06 14:11:24.0989 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2010/09/06 14:11:25.0175 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\Windows\system32\DRIVERS\Apfiltr.sys
2010/09/06 14:11:25.0317 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/09/06 14:11:25.0456 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/09/06 14:11:25.0623 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/09/06 14:11:25.0677 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/09/06 14:11:26.0039 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/09/06 14:11:26.0262 BHDrvx86 (8a0b7bd7947f769c2d87f795bc97e766) C:\Windows\system32\drivers\N360\0300000.087\BHDrvx86.sys
2010/09/06 14:11:26.0398 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/09/06 14:11:26.0556 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/09/06 14:11:26.0794 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/09/06 14:11:27.0004 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/09/06 14:11:27.0164 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/09/06 14:11:27.0264 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/09/06 14:11:27.0373 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/09/06 14:11:27.0402 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/09/06 14:11:27.0536 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/09/06 14:11:27.0641 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/09/06 14:11:27.0760 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2010/09/06 14:11:27.0822 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2010/09/06 14:11:27.0956 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2010/09/06 14:11:28.0058 ccHP (7652f4e64c389b80ac6282339e5fa386) C:\Windows\system32\drivers\N360\0300000.087\ccHPx86.sys
2010/09/06 14:11:28.0186 cdburner (c2eee2fd8b0e0c82d2be25281e017e57) C:\Windows\system32\DRIVERS\cdburner.sys
2010/09/06 14:11:28.0328 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/09/06 14:11:28.0467 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/09/06 14:11:28.0616 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/09/06 14:11:28.0744 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/09/06 14:11:28.0877 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/09/06 14:11:28.0937 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/09/06 14:11:29.0036 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/09/06 14:11:29.0080 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/09/06 14:11:29.0222 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/09/06 14:11:29.0372 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/09/06 14:11:29.0708 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/09/06 14:11:29.0880 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/09/06 14:11:30.0059 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/09/06 14:11:30.0337 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
2010/09/06 14:11:30.0475 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/09/06 14:11:30.0601 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/09/06 14:11:30.0725 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/09/06 14:11:30.0861 ElRawDisk (9c64c2a950195f9bc3a09a499648b01c) C:\Windows\system32\drivers\elrawdsk.sys
2010/09/06 14:11:30.0988 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/09/06 14:11:31.0232 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/09/06 14:11:31.0340 ErrDev (f2a80de2d1b7116052c09cb4d4ca1416) C:\Windows\system32\drivers\errdev.sys
2010/09/06 14:11:31.0600 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/09/06 14:11:31.0847 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/09/06 14:11:31.0975 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/09/06 14:11:32.0103 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/09/06 14:11:32.0217 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/09/06 14:11:32.0343 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/09/06 14:11:32.0463 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/09/06 14:11:32.0609 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/09/06 14:11:32.0835 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/09/06 14:11:32.0979 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/09/06 14:11:33.0179 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/09/06 14:11:33.0329 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/09/06 14:11:33.0432 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/09/06 14:11:33.0598 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/09/06 14:11:33.0753 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/09/06 14:11:34.0024 HSF_DPV (99f85640054ba65190b860d878a7c9ae) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/09/06 14:11:34.0187 HSXHWAZL (cfbc2b81972e298f0e19ee68fa9e73da) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2010/09/06 14:11:34.0321 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
2010/09/06 14:11:34.0458 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/09/06 14:11:34.0606 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/09/06 14:11:34.0763 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
2010/09/06 14:11:34.0877 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/09/06 14:11:35.0073 IDSVix86 (2edd3504457691a10328079da011d0b8) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100903.003\IDSvix86.sys
2010/09/06 14:11:35.0262 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/09/06 14:11:35.0402 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/09/06 14:11:35.0542 IntcHdmiAddService (98d303ccb3415e9202e82043b37d66dc) C:\Windows\system32\drivers\IntcHdmi.sys
2010/09/06 14:11:35.0662 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
2010/09/06 14:11:35.0767 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/09/06 14:11:35.0909 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/09/06 14:11:36.0123 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/09/06 14:11:36.0246 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/09/06 14:11:36.0390 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/09/06 14:11:36.0518 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/09/06 14:11:36.0648 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/09/06 14:11:36.0750 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/09/06 14:11:36.0789 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/09/06 14:11:36.0917 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/09/06 14:11:37.0035 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/09/06 14:11:37.0166 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/09/06 14:11:37.0311 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/09/06 14:11:37.0447 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/09/06 14:11:37.0554 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/09/06 14:11:37.0684 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/09/06 14:11:37.0805 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/09/06 14:11:37.0938 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/09/06 14:11:38.0046 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/09/06 14:11:38.0154 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/09/06 14:11:38.0261 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/09/06 14:11:38.0374 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/09/06 14:11:38.0481 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/09/06 14:11:38.0567 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/09/06 14:11:38.0687 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/09/06 14:11:38.0807 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/09/06 14:11:38.0913 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/09/06 14:11:39.0026 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/09/06 14:11:39.0133 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/09/06 14:11:39.0179 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/09/06 14:11:39.0300 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/09/06 14:11:39.0414 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/09/06 14:11:39.0529 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
2010/09/06 14:11:39.0655 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/09/06 14:11:39.0791 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/09/06 14:11:39.0918 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/09/06 14:11:40.0057 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/09/06 14:11:40.0106 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/09/06 14:11:40.0312 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/09/06 14:11:40.0380 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/09/06 14:11:40.0530 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/09/06 14:11:40.0679 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/09/06 14:11:40.0740 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/09/06 14:11:40.0876 MusCAudio (2893b158fc5d98a42d0b2f4d7c22c788) C:\Windows\system32\drivers\MusCAudio.sys
2010/09/06 14:11:41.0051 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/09/06 14:11:41.0247 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100906.003\NAVENG.SYS
2010/09/06 14:11:41.0566 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100906.003\NAVEX15.SYS
2010/09/06 14:11:41.0740 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/09/06 14:11:41.0879 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/09/06 14:11:41.0934 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/09/06 14:11:42.0056 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/09/06 14:11:42.0193 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/09/06 14:11:42.0342 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/09/06 14:11:42.0413 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/09/06 14:11:42.0652 NETw4v32 (dd194a025d1c0472f45f57de8d8388eb) C:\Windows\system32\DRIVERS\NETw4v32.sys
2010/09/06 14:11:42.0811 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/09/06 14:11:42.0981 NPF (6623e51595c0076755c29c00846c4eb2) C:\Windows\system32\drivers\NPF.sys
2010/09/06 14:11:43.0109 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/09/06 14:11:43.0244 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/09/06 14:11:43.0397 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/09/06 14:11:43.0529 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/09/06 14:11:43.0635 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/09/06 14:11:43.0678 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/09/06 14:11:43.0796 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/09/06 14:11:43.0836 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/09/06 14:11:44.0217 OEM02Dev (9d20fa5d8875f6063aa5e1c44446f698) C:\Windows\system32\DRIVERS\OEM02Dev.sys
2010/09/06 14:11:44.0335 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
2010/09/06 14:11:44.0480 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/09/06 14:11:44.0658 Packet (9d80e0be979c3edaf2863f23b88f4de6) C:\Windows\system32\DRIVERS\packet.sys
2010/09/06 14:11:44.0812 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/09/06 14:11:44.0984 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/09/06 14:11:45.0108 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/09/06 14:11:45.0246 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\Windows\system32\drivers\pavboot.sys
2010/09/06 14:11:45.0366 PCD5SRVC{3F6A8B78-EC003E00-05040104} (42ede7d217325ff56cb8a9983cd7f73b) C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms
2010/09/06 14:11:45.0577 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/09/06 14:11:45.0697 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2010/09/06 14:11:45.0833 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/09/06 14:11:46.0002 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/09/06 14:11:46.0238 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/09/06 14:11:46.0348 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/09/06 14:11:46.0487 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/09/06 14:11:46.0607 PSINAflt (235af4d494143f80a5584447ad7fc402) C:\Windows\system32\DRIVERS\PSINAflt.sys
2010/09/06 14:11:46.0698 PSINFile (5571350a5670379de59d6d558d6a7007) C:\Windows\system32\DRIVERS\PSINFile.sys
2010/09/06 14:11:46.0814 PSINKNC (ef57398f3baae958c43fd37353850cda) C:\Windows\system32\DRIVERS\psinknc.sys
2010/09/06 14:11:46.0943 PSINProc (af6714cd8fb9e47d034a235629d0ab1d) C:\Windows\system32\DRIVERS\PSINProc.sys
2010/09/06 14:11:47.0062 PSINProt (76c4efe8843909162b614ab3e5648611) C:\Windows\system32\DRIVERS\PSINProt.sys
2010/09/06 14:11:47.0184 PTDMBus (785e1032c8f3c8c60aa8e2b7fe377869) C:\Windows\system32\DRIVERS\PTDMBus.sys
2010/09/06 14:11:47.0288 PTDMMdm (924c2b2dca76d2bd7d44b3bb968b344f) C:\Windows\system32\DRIVERS\PTDMMdm.sys
2010/09/06 14:11:47.0311 PTDMVsp (58ad3ccdd567fa45fd94af15229ace7c) C:\Windows\system32\DRIVERS\PTDMVsp.sys
2010/09/06 14:11:47.0416 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
2010/09/06 14:11:47.0559 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/09/06 14:11:47.0691 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/09/06 14:11:47.0794 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/09/06 14:11:47.0974 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/09/06 14:11:48.0142 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/09/06 14:11:48.0276 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/09/06 14:11:48.0421 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/09/06 14:11:48.0558 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/09/06 14:11:48.0683 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/09/06 14:11:48.0738 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/09/06 14:11:48.0853 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/09/06 14:11:48.0983 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/09/06 14:11:49.0149 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/09/06 14:11:49.0330 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/09/06 14:11:49.0472 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2010/09/06 14:11:49.0637 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2010/09/06 14:11:49.0772 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
2010/09/06 14:11:49.0891 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
2010/09/06 14:11:50.0007 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
2010/09/06 14:11:50.0132 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
2010/09/06 14:11:50.0298 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/09/06 14:11:50.0427 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/09/06 14:11:50.0568 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2010/09/06 14:11:50.0694 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/09/06 14:11:50.0745 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/09/06 14:11:50.0858 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/09/06 14:11:50.0979 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/09/06 14:11:51.0133 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/09/06 14:11:51.0236 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/09/06 14:11:51.0352 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/09/06 14:11:51.0481 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/09/06 14:11:51.0618 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/09/06 14:11:51.0753 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/09/06 14:11:51.0793 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/09/06 14:11:51.0915 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/09/06 14:11:52.0068 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/09/06 14:11:52.0230 SQTECH905C (b9ac9023207149a206a9ea037d76cfce) C:\Windows\system32\Drivers\Capt905c.sys
2010/09/06 14:11:52.0418 SRTSP (d572d48ca47b33b49bba9a7bc5cb45c6) C:\Windows\system32\drivers\N360\0300000.087\SRTSP.SYS
2010/09/06 14:11:52.0583 SRTSPX (262072d44a269e6d590291f8321f00b1) C:\Windows\system32\drivers\N360\0300000.087\SRTSPX.SYS
2010/09/06 14:11:52.0704 srv (0debafcc0e3591fca34f077cab62f7f7) C:\Windows\system32\DRIVERS\srv.sys
2010/09/06 14:11:53.0154 srv2 (6b6f3658e0a58c6c50c5f7fbdf3df633) C:\Windows\system32\DRIVERS\srv2.sys
2010/09/06 14:11:53.0263 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
2010/09/06 14:11:53.0386 ssfs0bbc (a3cc244f1e043c2b7ae32899ff99a0a0) C:\Windows\system32\DRIVERS\ssfs0bbc.sys
2010/09/06 14:11:53.0505 SSHRMD (d6688e854dbe0f3024966e0d018274a7) C:\Windows\system32\Drivers\SSHRMD.SYS
2010/09/06 14:11:53.0506 Suspicious file (Forged): C:\Windows\system32\Drivers\SSHRMD.SYS. Real md5: d6688e854dbe0f3024966e0d018274a7, Fake md5: e041026dafa17af2610afc4da8f4ea14
2010/09/06 14:11:53.0515 SSHRMD - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/09/06 14:11:53.0618 SSIDRV (5a40b485825cc31b3a49bb4701b30d35) C:\Windows\system32\Drivers\SSIDRV.SYS
2010/09/06 14:11:53.0732 SSKBFD (2907633cd784808e2b24004b54040faa) C:\Windows\system32\Drivers\sskbfd.sys
2010/09/06 14:11:53.0906 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
2010/09/06 14:11:54.0030 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
2010/09/06 14:11:54.0228 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/09/06 14:11:54.0378 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/09/06 14:11:54.0565 SymEFA (d0403502b507878aa57a79e45b7dfe40) C:\Windows\system32\drivers\N360\0300000.087\SYMEFA.SYS
2010/09/06 14:11:54.0673 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows\system32\Drivers\SYMEVENT.SYS
2010/09/06 14:11:54.0835 SYMFW (3d4c6195812acd7cd8ef59cb61dd8101) C:\Windows\system32\drivers\N360\0300000.087\SYMFW.SYS
2010/09/06 14:11:54.0977 SymIM (0b7e7cbe1f9dd57bc5dcdcad3f6b1b3b) C:\Windows\system32\DRIVERS\SymIMv.sys
2010/09/06 14:11:55.0083 SYMNDISV (8629557cbaa0215463f084562030c016) C:\Windows\system32\drivers\N360\0300000.087\SYMNDISV.SYS
2010/09/06 14:11:55.0247 SYMTDI (3b4a6cf6b737a998d753c17e8eb4c11e) C:\Windows\system32\drivers\N360\0300000.087\SYMTDI.SYS
2010/09/06 14:11:55.0402 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/09/06 14:11:55.0534 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/09/06 14:11:55.0727 Tcpip (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\drivers\tcpip.sys
2010/09/06 14:11:55.0860 Tcpip6 (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\DRIVERS\tcpip.sys
2010/09/06 14:11:55.0969 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/09/06 14:11:56.0009 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/09/06 14:11:56.0117 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/09/06 14:11:56.0232 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/09/06 14:11:56.0346 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/09/06 14:11:56.0483 TotRec7 (53d06e5a0fdd4d9447840fd23c3ff4a6) C:\Windows\system32\drivers\TotRec7.sys
2010/09/06 14:11:56.0610 TotRec8 (9647e89bb2909560753ac371c95d3f0e) C:\Windows\system32\drivers\TotRec8.sys
2010/09/06 14:11:56.0778 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/09/06 14:11:56.0918 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/09/06 14:11:57.0001 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/09/06 14:11:57.0133 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/09/06 14:11:57.0269 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/09/06 14:11:57.0438 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/09/06 14:11:57.0578 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/09/06 14:11:57.0708 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/09/06 14:11:57.0759 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/09/06 14:11:57.0890 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/09/06 14:11:58.0055 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2010/09/06 14:11:58.0199 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/09/06 14:11:58.0331 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/09/06 14:11:58.0467 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/09/06 14:11:58.0584 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/09/06 14:11:58.0700 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/09/06 14:11:58.0820 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2010/09/06 14:11:58.0927 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/09/06 14:11:58.0951 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/09/06 14:11:59.0084 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/09/06 14:11:59.0198 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/09/06 14:11:59.0322 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/09/06 14:11:59.0456 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/09/06 14:11:59.0580 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/09/06 14:11:59.0740 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/09/06 14:11:59.0869 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/09/06 14:12:00.0005 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/09/06 14:12:00.0144 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/09/06 14:12:00.0332 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/09/06 14:12:00.0483 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/06 14:12:00.0507 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/06 14:12:00.0704 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/09/06 14:12:00.0887 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/09/06 14:12:01.0091 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/09/06 14:12:01.0330 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/09/06 14:12:01.0474 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/09/06 14:12:01.0517 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/09/06 14:12:01.0664 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/09/06 14:12:01.0784 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2010/09/06 14:12:01.0933 yukonwlh (a4822191c7cea271903c2a4fb6d9809d) C:\Windows\system32\DRIVERS\yk60x86.sys
2010/09/06 14:12:02.0004 ================================================================================
2010/09/06 14:12:02.0004 Scan finished
2010/09/06 14:12:02.0004 ================================================================================
2010/09/06 14:12:02.0020 Detected object count: 1
2010/09/06 14:12:09.0925 SSHRMD (d6688e854dbe0f3024966e0d018274a7) C:\Windows\system32\Drivers\SSHRMD.SYS
2010/09/06 14:12:09.0926 Suspicious file (Forged): C:\Windows\system32\Drivers\SSHRMD.SYS. Real md5: d6688e854dbe0f3024966e0d018274a7, Fake md5: e041026dafa17af2610afc4da8f4ea14
2010/09/06 14:12:10.0143 Backup copy found, using it..
2010/09/06 14:12:10.0270 C:\Windows\system32\Drivers\SSHRMD.SYS - processing error
2010/09/06 14:12:10.0270 Rootkit.Win32.TDSS.tdl3(SSHRMD) - User select action: Cure
2010/09/06 14:17:04.0819 ================================================================================
2010/09/06 14:17:04.0819 Scan started
2010/09/06 14:17:04.0819 Mode: Manual;
2010/09/06 14:17:04.0819 ================================================================================
2010/09/06 14:17:05.0588 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/09/06 14:17:05.0640 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/09/06 14:17:05.0771 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/09/06 14:17:05.0898 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/09/06 14:17:06.0027 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/09/06 14:17:06.0168 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys
2010/09/06 14:17:06.0283 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/09/06 14:17:06.0340 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/09/06 14:17:06.0433 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/09/06 14:17:06.0542 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/09/06 14:17:06.0579 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/09/06 14:17:06.0604 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/09/06 14:17:06.0728 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/09/06 14:17:06.0850 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2010/09/06 14:17:06.0982 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\Windows\system32\DRIVERS\Apfiltr.sys
2010/09/06 14:17:07.0056 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/09/06 14:17:07.0185 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/09/06 14:17:07.0341 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/09/06 14:17:07.0483 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/09/06 14:17:07.0623 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/09/06 14:17:07.0788 BHDrvx86 (8a0b7bd7947f769c2d87f795bc97e766) C:\Windows\system32\drivers\N360\0300000.087\BHDrvx86.sys
2010/09/06 14:17:07.0903 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/09/06 14:17:08.0028 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/09/06 14:17:08.0133 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/09/06 14:17:08.0244 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/09/06 14:17:08.0358 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/09/06 14:17:08.0459 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/09/06 14:17:08.0579 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/09/06 14:17:08.0697 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/09/06 14:17:08.0819 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/09/06 14:17:08.0935 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/09/06 14:17:09.0066 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2010/09/06 14:17:09.0207 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2010/09/06 14:17:09.0361 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2010/09/06 14:17:09.0520 ccHP (7652f4e64c389b80ac6282339e5fa386) C:\Windows\system32\drivers\N360\0300000.087\ccHPx86.sys
2010/09/06 14:17:09.0647 cdburner (c2eee2fd8b0e0c82d2be25281e017e57) C:\Windows\system32\DRIVERS\cdburner.sys
2010/09/06 14:17:09.0766 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/09/06 14:17:09.0893 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/09/06 14:17:10.0021 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/09/06 14:17:10.0138 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/09/06 14:17:10.0260 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/09/06 14:17:10.0375 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/09/06 14:17:10.0497 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/09/06 14:17:10.0629 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/09/06 14:17:10.0783 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/09/06 14:17:10.0966 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/09/06 14:17:11.0114 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/09/06 14:17:11.0296 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/09/06 14:17:11.0419 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/09/06 14:17:11.0486 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
2010/09/06 14:17:11.0591 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/09/06 14:17:11.0718 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/09/06 14:17:11.0819 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/09/06 14:17:11.0921 ElRawDisk (9c64c2a950195f9bc3a09a499648b01c) C:\Windows\system32\drivers\elrawdsk.sys
2010/09/06 14:17:12.0038 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/09/06 14:17:12.0160 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/09/06 14:17:12.0267 ErrDev (f2a80de2d1b7116052c09cb4d4ca1416) C:\Windows\system32\drivers\errdev.sys
2010/09/06 14:17:12.0349 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/09/06 14:17:12.0475 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/09/06 14:17:12.0581 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/09/06 14:17:12.0709 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/09/06 14:17:12.0823 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/09/06 14:17:12.0938 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/09/06 14:17:13.0058 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/09/06 14:17:13.0193 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/09/06 14:17:13.0307 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/09/06 14:17:13.0363 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/09/06 14:17:13.0503 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/09/06 14:17:13.0624 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/09/06 14:17:13.0727 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/09/06 14:17:13.0793 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/09/06 14:17:13.0915 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/09/06 14:17:14.0013 HSF_DPV (99f85640054ba65190b860d878a7c9ae) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/09/06 14:17:14.0149 HSXHWAZL (cfbc2b81972e298f0e19ee68fa9e73da) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2010/09/06 14:17:14.0215 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
2010/09/06 14:17:14.0353 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/09/06 14:17:14.0412 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/09/06 14:17:14.0545 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
2010/09/06 14:17:14.0604 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/09/06 14:17:14.0777 IDSVix86 (2edd3504457691a10328079da011d0b8) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100903.003\IDSvix86.sys
2010/09/06 14:17:14.0967 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/09/06 14:17:15.0097 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/09/06 14:17:15.0159 IntcHdmiAddService (98d303ccb3415e9202e82043b37d66dc) C:\Windows\system32\drivers\IntcHdmi.sys
2010/09/06 14:17:15.0279 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
2010/09/06 14:17:15.0373 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/09/06 14:17:15.0415 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/09/06 14:17:15.0540 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/09/06 14:17:15.0663 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/09/06 14:17:15.0785 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/09/06 14:17:15.0891 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/09/06 14:17:15.0943 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/09/06 14:17:16.0056 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/09/06 14:17:16.0173 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/09/06 14:17:16.0201 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/09/06 14:17:16.0330 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/09/06 14:17:16.0396 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/09/06 14:17:16.0561 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/09/06 14:17:16.0686 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/09/06 14:17:16.0815 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/09/06 14:17:16.0945 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/09/06 14:17:17.0055 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/09/06 14:17:17.0166 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/09/06 14:17:17.0274 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/09/06 14:17:17.0395 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/09/06 14:17:17.0545 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/09/06 14:17:17.0658 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/09/06 14:17:17.0765 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/09/06 14:17:17.0862 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/09/06 14:17:17.0882 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/09/06 14:17:18.0001 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/09/06 14:17:18.0108 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/09/06 14:17:18.0155 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/09/06 14:17:18.0261 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/09/06 14:17:18.0307 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/09/06 14:17:18.0417 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/09/06 14:17:18.0542 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/09/06 14:17:18.0668 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
2010/09/06 14:17:18.0794 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/09/06 14:17:18.0908 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/09/06 14:17:18.0924 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/09/06 14:17:19.0041 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/09/06 14:17:19.0156 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/09/06 14:17:19.0262 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/09/06 14:17:19.0307 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/09/06 14:17:19.0403 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/09/06 14:17:19.0507 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/09/06 14:17:19.0635 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/09/06 14:17:19.0749 MusCAudio (2893b158fc5d98a42d0b2f4d7c22c788) C:\Windows\system32\drivers\MusCAudio.sys
2010/09/06 14:17:19.0879 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/09/06 14:17:20.0008 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100906.003\NAVENG.SYS
2010/09/06 14:17:20.0188 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100906.003\NAVEX15.SYS
2010/09/06 14:17:20.0330 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/09/06 14:17:20.0430 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/09/06 14:17:20.0539 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/09/06 14:17:20.0650 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/09/06 14:17:20.0732 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/09/06 14:17:20.0848 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/09/06 14:17:20.0951 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/09/06 14:17:21.0153 NETw4v32 (dd194a025d1c0472f45f57de8d8388eb) C:\Windows\system32\DRIVERS\NETw4v32.sys
2010/09/06 14:17:21.0284 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/09/06 14:17:21.0442 NPF (6623e51595c0076755c29c00846c4eb2) C:\Windows\system32\drivers\NPF.sys
2010/09/06 14:17:21.0571 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/09/06 14:17:21.0694 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/09/06 14:17:21.0857 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/09/06 14:17:21.0980 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/09/06 14:17:22.0086 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/09/06 14:17:22.0139 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/09/06 14:17:22.0279 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/09/06 14:17:22.0408 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/09/06 14:17:22.0846 OEM02Dev (9d20fa5d8875f6063aa5e1c44446f698) C:\Windows\system32\DRIVERS\OEM02Dev.sys
2010/09/06 14:17:22.0964 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
2010/09/06 14:17:23.0097 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/09/06 14:17:23.0198 Packet (9d80e0be979c3edaf2863f23b88f4de6) C:\Windows\system32\DRIVERS\packet.sys
2010/09/06 14:17:23.0317 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/09/06 14:17:23.0423 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/09/06 14:17:23.0470 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/09/06 14:17:23.0585 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\Windows\system32\drivers\pavboot.sys
2010/09/06 14:17:23.0694 PCD5SRVC{3F6A8B78-EC003E00-05040104} (42ede7d217325ff56cb8a9983cd7f73b) C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms
2010/09/06 14:17:23.0805 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/09/06 14:17:23.0937 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2010/09/06 14:17:24.0084 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/09/06 14:17:24.0227 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/09/06 14:17:24.0412 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/09/06 14:17:24.0522 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/09/06 14:17:24.0672 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/09/06 14:17:24.0792 PSINAflt (235af4d494143f80a5584447ad7fc402) C:\Windows\system32\DRIVERS\PSINAflt.sys
2010/09/06 14:17:24.0894 PSINFile (5571350a5670379de59d6d558d6a7007) C:\Windows\system32\DRIVERS\PSINFile.sys
2010/09/06 14:17:25.0021 PSINKNC (ef57398f3baae958c43fd37353850cda) C:\Windows\system32\DRIVERS\psinknc.sys
2010/09/06 14:17:25.0139 PSINProc (af6714cd8fb9e47d034a235629d0ab1d) C:\Windows\system32\DRIVERS\PSINProc.sys
2010/09/06 14:17:25.0269 PSINProt (76c4efe8843909162b614ab3e5648611) C:\Windows\system32\DRIVERS\PSINProt.sys
2010/09/06 14:17:25.0391 PTDMBus (785e1032c8f3c8c60aa8e2b7fe377869) C:\Windows\system32\DRIVERS\PTDMBus.sys
2010/09/06 14:17:25.0507 PTDMMdm (924c2b2dca76d2bd7d44b3bb968b344f) C:\Windows\system32\DRIVERS\PTDMMdm.sys
2010/09/06 14:17:25.0630 PTDMVsp (58ad3ccdd567fa45fd94af15229ace7c) C:\Windows\system32\DRIVERS\PTDMVsp.sys
2010/09/06 14:17:25.0757 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
2010/09/06 14:17:25.0916 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/09/06 14:17:26.0065 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/09/06 14:17:26.0201 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/09/06 14:17:26.0365 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/09/06 14:17:26.0493 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/09/06 14:17:26.0594 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/09/06 14:17:26.0705 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/09/06 14:17:26.0798 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/09/06 14:17:26.0911 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/09/06 14:17:27.0034 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/09/06 14:17:27.0169 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/09/06 14:17:27.0279 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/09/06 14:17:27.0388 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/09/06 14:17:27.0467 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/09/06 14:17:27.0567 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2010/09/06 14:17:27.0588 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2010/09/06 14:17:27.0701 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
2010/09/06 14:17:27.0786 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
2010/09/06 14:17:27.0891 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
2010/09/06 14:17:28.0016 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
2010/09/06 14:17:28.0205 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/09/06 14:17:28.0334 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/09/06 14:17:28.0464 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2010/09/06 14:17:28.0579 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/09/06 14:17:28.0719 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/09/06 14:17:28.0810 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/09/06 14:17:28.0930 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/09/06 14:17:29.0085 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/09/06 14:17:29.0299 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/09/06 14:17:29.0359 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/09/06 14:17:29.0477 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/09/06 14:17:29.0692 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/09/06 14:17:29.0949 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/09/06 14:17:30.0122 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/09/06 14:17:30.0433 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/09/06 14:17:30.0720 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/09/06 14:17:30.0848 SQTECH905C (b9ac9023207149a206a9ea037d76cfce) C:\Windows\system32\Drivers\Capt905c.sys
2010/09/06 14:17:31.0200 SRTSP (d572d48ca47b33b49bba9a7bc5cb45c6) C:\Windows\system32\drivers\N360\0300000.087\SRTSP.SYS
2010/09/06 14:17:31.0479 SRTSPX (262072d44a269e6d590291f8321f00b1) C:\Windows\system32\drivers\N360\0300000.087\SRTSPX.SYS
2010/09/06 14:17:31.0612 srv (0debafcc0e3591fca34f077cab62f7f7) C:\Windows\system32\DRIVERS\srv.sys
2010/09/06 14:17:31.0773 srv2 (6b6f3658e0a58c6c50c5f7fbdf3df633) C:\Windows\system32\DRIVERS\srv2.sys
2010/09/06 14:17:31.0893 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
2010/09/06 14:17:32.0004 ssfs0bbc (a3cc244f1e043c2b7ae32899ff99a0a0) C:\Windows\system32\DRIVERS\ssfs0bbc.sys
2010/09/06 14:17:32.0123 SSHRMD (d6688e854dbe0f3024966e0d018274a7) C:\Windows\system32\Drivers\SSHRMD.SYS
2010/09/06 14:17:32.0124 Suspicious file (Forged): C:\Windows\system32\Drivers\SSHRMD.SYS. Real md5: d6688e854dbe0f3024966e0d018274a7, Fake md5: e041026dafa17af2610afc4da8f4ea14
2010/09/06 14:17:32.0236 SSIDRV (5a40b485825cc31b3a49bb4701b30d35) C:\Windows\system32\Drivers\SSIDRV.SYS
2010/09/06 14:17:32.0372 SSKBFD (2907633cd784808e2b24004b54040faa) C:\Windows\system32\Drivers\sskbfd.sys
2010/09/06 14:17:32.0555 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
2010/09/06 14:17:32.0770 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
2010/09/06 14:17:32.0935 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/09/06 14:17:33.0041 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/09/06 14:17:33.0217 SymEFA (d0403502b507878aa57a79e45b7dfe40) C:\Windows\system32\drivers\N360\0300000.087\SYMEFA.SYS
2010/09/06 14:17:33.0336 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows\system32\Drivers\SYMEVENT.SYS
2010/09/06 14:17:33.0431 SYMFW (3d4c6195812acd7cd8ef59cb61dd8101) C:\Windows\system32\drivers\N360\0300000.087\SYMFW.SYS
2010/09/06 14:17:33.0583 SymIM (0b7e7cbe1f9dd57bc5dcdcad3f6b1b3b) C:\Windows\system32\DRIVERS\SymIMv.sys
2010/09/06 14:17:33.0756 SYMNDISV (8629557cbaa0215463f084562030c016) C:\Windows\system32\drivers\N360\0300000.087\SYMNDISV.SYS
2010/09/06 14:17:33.0964 SYMTDI (3b4a6cf6b737a998d753c17e8eb4c11e) C:\Windows\system32\drivers\N360\0300000.087\SYMTDI.SYS
2010/09/06 14:17:34.0175 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/09/06 14:17:34.0408 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/09/06 14:17:34.0626 Tcpip (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\drivers\tcpip.sys
2010/09/06 14:17:34.0781 Tcpip6 (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\DRIVERS\tcpip.sys
2010/09/06 14:17:34.0921 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/09/06 14:17:35.0016 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/09/06 14:17:35.0146 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/09/06 14:17:35.0262 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/09/06 14:17:35.0398 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/09/06 14:17:35.0512 TotRec7 (53d06e5a0fdd4d9447840fd23c3ff4a6) C:\Windows\system32\drivers\TotRec7.sys
2010/09/06 14:17:35.0628 TotRec8 (9647e89bb2909560753ac371c95d3f0e) C:\Windows\system32\drivers\TotRec8.sys
2010/09/06 14:17:35.0763 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/09/06 14:17:35.0880 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/09/06 14:17:35.0964 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/09/06 14:17:36.0006 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/09/06 14:17:36.0131 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/09/06 14:17:36.0267 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/09/06 14:17:36.0394 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/09/06 14:17:36.0526 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/09/06 14:17:36.0666 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/09/06 14:17:36.0797 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/09/06 14:17:36.0951 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2010/09/06 14:17:37.0062 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/09/06 14:17:37.0205 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/09/06 14:17:37.0330 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/09/06 14:17:37.0470 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/09/06 14:17:37.0608 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/09/06 14:17:37.0749 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2010/09/06 14:17:37.0879 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/09/06 14:17:38.0014 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/09/06 14:17:38.0158 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/09/06 14:17:38.0206 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/09/06 14:17:38.0263 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/09/06 14:17:38.0397 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/09/06 14:17:38.0532 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/09/06 14:17:38.0658 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/09/06 14:17:38.0787 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/09/06 14:17:38.0912 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/09/06 14:17:39.0062 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/09/06 14:17:39.0218 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/09/06 14:17:39.0346 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/06 14:17:39.0375 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/06 14:17:39.0523 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/09/06 14:17:39.0648 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/09/06 14:17:39.0796 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/09/06 14:17:39.0937 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/09/06 14:17:39.0992 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/09/06 14:17:40.0113 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/09/06 14:17:40.0249 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/09/06 14:17:40.0369 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2010/09/06 14:17:40.0506 yukonwlh (a4822191c7cea271903c2a4fb6d9809d) C:\Windows\system32\DRIVERS\yk60x86.sys
2010/09/06 14:17:40.0567 ================================================================================
2010/09/06 14:17:40.0567 Scan finished
2010/09/06 14:17:40.0567 ================================================================================
kevin27_b3d29f
1.5K Posts
0
September 6th, 2010 23:00
Hi Mike,
TDSSKiller looks to still be failing to remove the Rootkit, and both of them logs are the same, we are going to now use Combofix.
Please Disable all Anti-virus/Anti-Spyware/FireWall on your machine(instructions via links below)
Please download ComboFix.exe. Please visit THIS webpage for download links, and instructions for running the tool:
ComboFix MUST be saved to your desktop before running the tool
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
When prompted to install the recovery console please make sure to do so as this is a VERY IMPORTANT backup of ComboFix (XP only, Vista/Windows 7 systems will not be prompted to installed the recovery Console)
You will need to be conected to the net to install the recovery console, if you can not install it DO NOT run ComboFix,
Post back and we will install it manually.
DO NOT mouse click when ComboFix is running as this will cause ComboFix to Stall and it will not work as it should
EXTRA NOTES:
Please include the C:\ComboFix.txt in your next reply for further review.
Thanks,
K27.
MikeTheGreaseMa
26 Posts
0
September 7th, 2010 02:00
Tried to run the updates. Still failed with same error code.
MikeTheGreaseMa
26 Posts
0
September 7th, 2010 02:00
ComboFix 10-09-06.03 - Mike's Laptop 09/07/2010 2:54.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3573.2526 [GMT -5:00]
Running from: c:\users\Mike's Laptop\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\1.bat
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\basis_br.xml
c:\program files\Fast Browser Search\IE\basis_de.xml
c:\program files\Fast Browser Search\IE\basis_en.xml
c:\program files\Fast Browser Search\IE\basis_es.xml
c:\program files\Fast Browser Search\IE\basis_fr.xml
c:\program files\Fast Browser Search\IE\basis_it.xml
c:\program files\Fast Browser Search\IE\basis_nr.xml
c:\program files\Fast Browser Search\IE\basis_pt.xml
c:\program files\Fast Browser Search\IE\basis_ru.xml
c:\program files\Fast Browser Search\IE\basis_tr.xml
c:\program files\Fast Browser Search\IE\BHO.dll
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\fbsProtection.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\fbstoolbar.jar
c:\program files\Fast Browser Search\IE\fbstoolbar.manifest
c:\program files\Fast Browser Search\IE\icons.bmp
c:\program files\Fast Browser Search\IE\info.txt
c:\program files\Fast Browser Search\IE\local.xml
c:\program files\Fast Browser Search\IE\logobg.bmp
c:\program files\Fast Browser Search\IE\MTWB3SH.dll
c:\program files\Fast Browser Search\IE\MTWBtoolbar.html
c:\program files\Fast Browser Search\IE\search.bmp
c:\program files\Fast Browser Search\IE\search_br.bmp
c:\program files\Fast Browser Search\IE\search_de.bmp
c:\program files\Fast Browser Search\IE\search_es.bmp
c:\program files\Fast Browser Search\IE\search_fr.bmp
c:\program files\Fast Browser Search\IE\search_it.bmp
c:\program files\Fast Browser Search\IE\search_pt.bmp
c:\program files\Fast Browser Search\IE\search_ru.bmp
c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe
c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico
c:\program files\Fast Browser Search\IE\SGPU.ico
c:\program files\Fast Browser Search\IE\sgpUpdater.xml
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\version.txt
c:\program files\RetrogamerEI
c:\program files\RetrogamerEI\Installr\1.bin\k7EIPlug.dll
c:\program files\RetrogamerEI\Installr\1.bin\k7EZSETP.dll
c:\program files\RetrogamerEI\Installr\1.bin\NPk7EISb.dll
c:\program files\Search Guard PlusU
c:\program files\Search Guard PlusU\SGPU.ico
c:\program files\Search Guard PlusU\sgpUpdater.xml
c:\users\Mike's Laptop\AppData\Roaming\Microsoft\Windows\Recent\E.M. Free Youtube Download Tool.url
c:\users\Mike's Laptop\BlackBerry MediaSync.exe
c:\users\Mike's Laptop\GoToAssistDownloadHelper.exe
c:\users\Mike's Laptop\PandaCloudAntivirus.exe
c:\users\Mike's Laptop\videos\E.M.Youtube Download tool.exe
c:\users\Mike's Laptop\videos\Video Download Tool.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2010-08-07 to 2010-09-07 )))))))))))))))))))))))))))))))
.
2010-09-07 08:09 . 2010-09-07 08:17 -------- d-----w- c:\users\Mike's Laptop\AppData\Local\temp
2010-09-07 08:09 . 2010-09-07 08:12 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp
2010-09-07 08:09 . 2010-09-07 08:09 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-09-07 08:09 . 2010-09-07 08:09 -------- d-----w- c:\users\Mike's Laptop 2\AppData\Local\temp
2010-09-07 07:34 . 2010-09-07 07:34 -------- d-----w- c:\users\Mike's Laptop\AppData\Roaming\HPAppData
2010-09-05 21:29 . 2010-09-05 21:29 6656 ----a-w- c:\windows\system32\F09A7726.exe
2010-09-04 22:21 . 2010-09-04 22:21 -------- d-----w- C:\TDSSKiller_Quarantine
2010-09-02 11:12 . 2010-09-02 11:12 -------- d-----w- c:\program files\Trend Micro
2010-09-01 08:27 . 2007-11-20 19:29 38656 ----a-w- c:\windows\system32\drivers\Capt905c.sys
2010-09-01 08:27 . 2007-08-21 22:10 26496 ----a-w- c:\windows\system32\drivers\Camd905c.sys
2010-09-01 08:27 . 2010-09-01 10:19 -------- d-----w- c:\program files\MyDSC2
2010-09-01 08:18 . 2006-11-10 20:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys
2010-09-01 08:16 . 1995-08-01 09:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2010-09-01 08:15 . 2010-09-01 08:15 -------- d-----w- c:\program files\ArcSoft
2010-08-22 21:36 . 2010-08-22 21:36 -------- d-----w- c:\users\Mike's Laptop\AppData\Roaming\Malwarebytes
2010-08-22 21:36 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-22 21:36 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-18 18:00 . 2010-08-18 18:01 -------- d-----w- c:\program files\QuickTime
2010-08-18 01:39 . 2010-08-20 07:04 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\xbjivfnam
2010-08-17 10:16 . 2010-08-17 10:16 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2010-08-17 09:24 . 2010-09-07 07:51 -------- d-----w- c:\windows\system32\catroot2
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-07 08:11 . 2009-08-17 06:03 12 ----a-w- c:\windows\bthservsdp.dat
2010-09-06 20:33 . 2010-08-02 01:41 -------- d-----w- c:\program files\Windows Live Safety Center
2010-09-06 19:12 . 2010-09-06 19:12 23152 ----a-w- c:\windows\system32\drivers\tsk65BE.tmp
2010-09-05 03:27 . 2009-06-03 19:14 6648 ----a-w- c:\users\Mike's Laptop\AppData\Local\d3d9caps.dat
2010-09-04 22:28 . 2010-09-04 22:28 23152 ----a-w- c:\windows\system32\drivers\tskB04D.tmp
2010-09-02 11:13 . 2010-09-02 11:13 388096 ----a-r- c:\users\Mike's Laptop\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-01 08:27 . 2009-05-27 23:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-01 08:26 . 2009-07-20 02:31 -------- d-----w- c:\users\Mike's Laptop\AppData\Roaming\InstallShield
2010-09-01 08:15 . 2009-05-27 23:34 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-31 19:04 . 2009-12-18 18:33 -------- d-----w- c:\program files\Symantec
2010-08-12 06:52 . 2010-08-17 08:55 85464 ----a-w- c:\users\Mike's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0q7qe93b.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
2010-08-12 06:52 . 2010-08-17 08:55 38872 ----a-w- c:\users\Mike's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0q7qe93b.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINCE\components\WeaveCrypto.dll
2010-08-11 06:33 . 2010-08-20 10:56 11776 ----a-w- c:\users\Mike's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0q7qe93b.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}\lib\WINNT_x86-msvc\1.9.1\yoono.dll
2010-08-02 01:25 . 2009-07-27 06:38 -------- d-----w- c:\program files\AVS4YOU
2010-08-02 01:07 . 2009-07-27 06:38 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-08-02 00:48 . 2009-07-27 06:39 -------- d-----w- c:\users\Mike's Laptop\AppData\Roaming\AVS4YOU
2010-08-02 00:28 . 2009-05-27 23:34 -------- d-----w- c:\program files\Creative
2010-08-02 00:23 . 2009-06-07 03:19 -------- d-----w- c:\program files\Yahoo!
2010-08-02 00:21 . 2009-11-21 10:10 -------- d-----w- c:\users\Mike's Laptop\AppData\Roaming\Amazon
2010-08-01 01:58 . 2010-08-01 01:51 -------- d-----w- c:\program files\Panda Security
2010-08-01 01:54 . 2010-08-01 01:54 -------- d-----w- c:\users\Mike's Laptop\AppData\Roaming\SurfSecret Privacy Suite
2010-08-01 01:52 . 2010-08-01 01:52 264 ----a-w- c:\windows\system32\PSUNCpl.dat
2010-07-21 18:05 . 2009-07-17 21:13 -------- d-----w- c:\program files\iTunes
2010-07-21 18:03 . 2010-07-21 18:03 -------- d-----w- c:\program files\iPod
2010-07-21 18:03 . 2009-05-29 03:52 -------- d-----w- c:\program files\Common Files\Apple
2010-07-05 04:33 . 2009-05-28 00:35 100056 ----a-w- c:\users\Mike's Laptop\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-04 22:57 . 2010-07-04 22:57 680 ----a-w- c:\users\Mike's Laptop 2\AppData\Local\d3d9caps.dat
2010-07-04 06:12 . 2010-07-04 06:12 100056 ----a-w- c:\users\Mike's Laptop 2\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-29 06:05 . 2009-05-28 00:34 100056 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-09 18:33 . 2009-08-28 22:46 256 ----a-w- c:\windows\system32\pool.bin
2009-07-30 14:56 . 2009-07-21 21:50 4637952 ----a-w- c:\program files\Common Files\lpuninstall.exe
2009-05-26 21:24 . 2009-05-26 21:21 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2010-06-15 13:46 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-06-15 86696]
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-11-06 21:14 238968 ----a-w- c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-05-14 20:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-05-14 20:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
" "="OSK.exe" [2009-04-11 182272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 406848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"Malwarebytes Anti-Malware (reboot)"="c:\aa documents\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-11-06 6515784]
c:\users\Mike's Laptop 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2008-05-04 09:25 167936 ----a-w- c:\program files\DellTPad\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]
2009-11-13 22:15 1807600 ----a-w- c:\program files\Dell DataSafe Online\DataSafeOnline.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell PC TuneUp Startup]
2009-06-23 22:21 314224 ----a-w- c:\program files\iolo\Common\Lib\ioloLManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2009-06-03 19:46 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-03-06 07:58 166424 ----a-w- c:\windows\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-03-21 18:00 174872 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-03-06 07:58 141848 ----a-w- c:\windows\System32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-16 12:41 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
2009-03-10 21:07 323216 ----a-w- c:\program files\Napster\napster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-08-28 05:51 36864 ----a-w- c:\windows\OEM02Mon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-12-21 15:58 184320 ----a-w- c:\program files\Dell\MediaDirect\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-03-06 07:58 133656 ----a-w- c:\windows\System32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 10:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-06-08 17:24 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):63,9e,4b,93,21,22,ca,01
R0 OCDE;ZTekWare Original CD Emulator Service;c:\windows\System32\Drivers\OCDE.sys
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 136176]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2008-05-14 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2008-05-14 166384]
R3 F09A7726;F09A7726;c:\windows\system32\F09A7726.exe [2010-09-05 6656]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [2008-11-04 22904]
R3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\DRIVERS\PTDMBus.sys [2007-08-18 29952]
R3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\DRIVERS\PTDMMdm.sys [2007-08-18 41856]
R3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\DRIVERS\PTDMVsp.sys [2007-08-18 39936]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-05-14 1120752]
R3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [2009-07-22 245760]
S0 cdburner;cdburner;c:\windows\system32\DRIVERS\cdburner.sys [2008-07-24 15872]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2009-11-06 29808]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0300000.087\SYMEFA.SYS [2010-02-02 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0300000.087\BHDrvx86.sys [2010-02-02 258608]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0300000.087\ccHPx86.sys [2010-02-02 482352]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-12-09 20392]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100906.001\IDSvix86.sys [2010-05-28 344112]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2010-05-04 125960]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
S2 Apache2.2;Remote Access Media Server;c:\program files\Common Files\Dell\apache\bin\httpd.exe [2007-09-21 15872]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 dsl-db;Remote Access DB;c:\program files\Common Files\Dell\MySQL\bin\mysqld.exe [2007-09-14 5730304]
S2 dsl-fs-sync;Remote Access File Sync Service;c:\program files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [2009-01-05 173296]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-06-23 600944]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-06-23 600944]
S2 N360;Norton 360;c:\program files\Norton 360\Norton 360\Engine\3.0.0.135\ccSvcHst.exe [2010-02-02 115560]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-04-30 136448]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2010-05-27 141384]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2010-04-30 99336]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2010-04-30 111112]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2010-05-12 111176]
S2 uvnc_service;UltraVNC Server;c:\programdata\UltraVNC\winvnc.exe [2008-08-31 1519168]
S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [2010-02-04 1201640]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
S3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [2009-07-24 23096]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\N360\0300000.087\SYMNDISV.SYS [2010-02-02 39984]
S3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2010-04-12 131664]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2010-04-12 91728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
2010-09-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-01 17:51]
2010-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 19:21]
2010-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 19:21]
2010-09-07 c:\windows\Tasks\User_Feed_Synchronization-{F9B73EFE-AB41-450E-AEBD-9732D4DB41BC}.job
- c:\windows\system32\msfeedssync.exe [2010-06-11 04:30]
2010-09-07 c:\windows\Tasks\Webroot Backup Online Backup - MikeTheGreaseman.job
- c:\program files\Webroot\Spy Sweeper\Backup\sosuploadagent.exe [2010-02-04 21:14]
2010-09-06 c:\windows\Tasks\wrSpySweeper_L68B22D4A37B8448E8B472ADE90572A17.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2010-02-04 21:19]
2010-09-06 c:\windows\Tasks\wrSpySweeper_L68B22D4A37B8448E8B472ADE90572A17.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2010-02-04 21:19]
2010-09-05 c:\windows\Tasks\wrSpySweeper_L8A2A8124531E4E2EA27A3FECD80B3B60.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2010-02-04 21:19]
2010-09-05 c:\windows\Tasks\wrSpySweeper_L8A2A8124531E4E2EA27A3FECD80B3B60.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2010-02-04 21:19]
.
.
------- Supplementary Scan -------
.
uStart Page = https://login.yahoo.com/config/mail?.partner=sbc&.intl=us&.done=http%3A%2F%2Fus.mg203.mail.yahoo.com%2Fdc%2Flaunch%3F.partner%3Dsbc%26.gx%3D0%26.rand%3D274h1nr76k4ah
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\MIKE'S~1\AppData\Roaming\Mozilla\Firefox\Profiles\0q7qe93b.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.mg203.mail.yahoo.com/dc/launch?.partner=sbc&.gx=1&.rand=demh6s69mau5m|http://www.rushlimbaugh.com/home/today.guest.html|http://www.facebook.com/Give100ofSomething|http://www.manofest.com/|http://linkiest.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=panda1_0yatb&p=
FF - component: c:\program files\Panda Security\Panda ID Protect\Firefox\components\FFKeypad.dll
FF - component: c:\users\Mike's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0q7qe93b.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\users\Mike's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0q7qe93b.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
FF - component: c:\users\Mike's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0q7qe93b.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency.dll
FF - component: c:\users\Mike's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0q7qe93b.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency3.5.dll
FF - component: c:\users\Mike's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0q7qe93b.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency3.6.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\Mike's Laptop\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-hpqSRMon - (no file)
Notify-GoToAssist - (no file)
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSConfigStartUp-Microsoft Default Manager - c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-07 03:16
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85CFFEC5]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8bbabd24
\Driver\ACPI -> acpi.sys @ 0x806a0d68
\Driver\atapi -> ataport.SYS @ 0x82cd5a2c
\Driver\iaStor -> iastor.sys @ 0x82c3c918
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Norton 360\Engine\3.0.0.135\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Norton 360\Engine\3.0.0.135\diMaster.dll\" /prefetch:1"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(5112)
c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\STacSV.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\System32\osk.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2010-09-07 03:25:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-07 08:25
Pre-Run: 62,083,989,504 bytes free
Post-Run: 61,916,213,248 bytes free
- - End Of File - - 986F4A97443C46EA2E2CE6B70123D43C
kevin27_b3d29f
1.5K Posts
0
September 7th, 2010 12:00
Hi Mike,
The tools we are using are struggling to remove this infection because A) it is a security app that is infected (WebRoot SpySweeper) and B) there are too many security app installed on the system.
Here is what we need to do. We need to remove Webroot and we also need to remove one of either Norton or Panda, its totally up to you which you keep out of Norton or Panad, but Webroot needs to go, as does McAfee Security Scan.
Having more than one AV installed with cause system instability and cause it to crash as well as leaving holes for infections to slip through.
First i need you to go to:
McAfee Security Scan Plus <-- Needs to be uninstalled
Norton 360 <--- Remove this if you decide to keep Panda
Panda ActiveScan 2.0
Panda Cloud Antivirus
Panda Identity Protect 3.0.44 <-- Remove all of these if you decide to keep Norton
Panda Security Toolbar
Spy Sweeper Core
Webroot AntiVirus with Spy Sweeper <-- Both of these must be uninstalled
Once Webroot/SpySweeper and McAfee Scan have been remove and you have removed either Norton or Panda, please then follow these instructions for re-running Combofix:
Please delete your version of Combofix by right clicking its desktop icon and then clicking delete, then please download a fresh copy from HERE
Please Disable all Anti-virus/Anti-Spyware/FireWall on your machine (This is Norton/Panda depending on what you decided to keep, Windows Defender & your Firewall) (instructions via links below)
ComboFix MUST be saved to your desktop before running the tool
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
When prompted to install the recovery console please make sure to do so as this is a VERY IMPORTANT backup of ComboFix XP only
You will need to be conected to the net to install the recovery console, if you can not install it DO NOT run ComboFix,
Post back and we will install it manually.
DO NOT mouse click when ComboFix is running as this will cause ComboFix to Stall and it will not work as it should
EXTRA NOTES:
Please include the C:\ComboFix.txt in your next reply for further review.
Thanks,
K27.
MikeTheGreaseMa
26 Posts
0
September 7th, 2010 13:00
HOE LEE COW!!! Windows updates are installing now. Got rid of the items you mentioned and updates are going thru. I am still wondering about that nasty rootkit item you mentioned earlier. Think we would still be able to get rid of it? THANKS!!!!!!!
kevin27_b3d29f
1.5K Posts
0
September 7th, 2010 14:00
Hi Mike,
I was hoping that was going to happen.
A Webroot file was infected with the rootkit, uninstalling Webroot removed the infected file, hence removing the Rootkit, but I would rather be double sure.
Please continue with my previous instructions for running a fresh version of Combofix and post the log.
Thanks,
K27
MikeTheGreaseMa
26 Posts
0
September 8th, 2010 01:00
Here is the latest ComboFix report, sans Webroot software. Your thoughts???
ComboFix 10-09-07.01 - Mike's Laptop 09/08/2010 2:15.3.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3573.2211 [GMT -5:00]
Running from: c:\users\Mike's Laptop\Desktop\ComboFix.exe
Command switches used :: log
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2010-08-08 to 2010-09-08 )))))))))))))))))))))))))))))))
.
2010-09-08 07:25 . 2010-09-08 07:25 -------- d-----w- c:\users\Mike's Laptop\AppData\Local\temp
2010-09-08 07:25 . 2010-09-08 07:25 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-09-08 07:25 . 2010-09-08 07:25 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp
2010-09-08 07:25 . 2010-09-08 07:25 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-08 07:25 . 2010-09-08 07:25 -------- d-----w- c:\users\Mike's Laptop 2\AppData\Local\temp
2010-09-08 07:25 . 2010-09-08 07:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-08 06:23 . 2010-09-08 07:12 -------- d-----w- c:\users\Mike's Laptop\Tracing
2010-09-07 19:40 . 2010-09-07 19:40 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2010-09-07 19:39 . 2010-04-28 12:44 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-09-07 19:39 . 2010-09-07 19:39 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-09-07 19:38 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-09-07 19:38 . 2010-09-07 19:38 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-09-07 19:36 . 2010-09-07 19:36 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-09-07 19:36 . 2010-09-07 19:39 -------- d-----w- c:\program files\Windows Live
2010-09-07 19:16 . 2010-09-07 19:16 -------- d-----w- c:\program files\Common Files\Windows Live
2010-09-07 19:10 . 2010-09-07 19:10 -------- d-----w- c:\users\Mike's Laptop\AppData\Roaming\HPAppData
2010-09-05 21:29 . 2010-09-05 21:29 6656 ----a-w- c:\windows\system32\F09A7726.exe
2010-09-04 22:21 . 2010-09-04 22:21 -------- d-----w- C:\TDSSKiller_Quarantine
2010-09-02 11:13 . 2010-09-02 11:13 388096 ----a-r- c:\users\Mike's Laptop\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-02 11:12 . 2010-09-02 11:12 -------- d-----w- c:\program files\Trend Micro
2010-09-01 08:27 . 2007-11-20 19:29 38656 ----a-w- c:\windows\system32\drivers\Capt905c.sys
2010-09-01 08:27 . 2007-08-21 22:10 26496 ----a-w- c:\windows\system32\drivers\Camd905c.sys
2010-09-01 08:27 . 2010-09-01 10:19 -------- d-----w- c:\program files\MyDSC2
2010-09-01 08:18 . 2006-11-10 20:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys
2010-09-01 08:16 . 1995-08-01 09:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2010-09-01 08:15 . 2010-09-01 08:15 -------- d-----w- c:\program files\ArcSoft
2010-08-22 21:36 . 2010-08-22 21:36 -------- d-----w- c:\users\Mike's Laptop\AppData\Roaming\Malwarebytes
2010-08-22 21:36 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-22 21:36 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-20 10:56 . 2010-08-11 06:33 11776 ----a-w- c:\users\Mike's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0q7qe93b.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}\lib\WINNT_x86-msvc\1.9.1\yoono.dll
2010-08-18 18:00 . 2010-08-18 18:01 -------- d-----w- c:\program files\QuickTime
2010-08-18 01:39 . 2010-08-20 07:04 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\xbjivfnam
2010-08-17 10:16 . 2010-08-17 10:16 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2010-08-17 09:24 . 2010-09-07 22:20 -------- d-----w- c:\windows\system32\catroot2
2010-08-17 08:55 . 2010-08-12 06:52 85464 ----a-w- c:\users\Mike's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0q7qe93b.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
2010-08-17 08:55 . 2010-08-12 06:52 38872 ----a-w- c:\users\Mike's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0q7qe93b.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINCE\components\WeaveCrypto.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-08 07:09 . 2009-08-17 06:03 12 ----a-w- c:\windows\bthservsdp.dat
2010-09-07 19:40 . 2009-08-23 06:03 -------- d-----w- c:\program files\Microsoft
2010-09-07 19:04 . 2009-06-14 02:27 -------- d-----w- c:\program files\Microsoft.NET
2010-09-07 18:53 . 2009-11-06 18:00 0 ----a-w- c:\windows\system32\drivers\SSHRMD.sys
2010-09-07 18:50 . 2010-08-01 01:51 -------- d-----w- c:\program files\Panda Security
2010-09-06 20:33 . 2010-08-02 01:41 -------- d-----w- c:\program files\Windows Live Safety Center
2010-09-06 19:12 . 2010-09-06 19:12 23152 ----a-w- c:\windows\system32\drivers\tsk65BE.tmp
2010-09-05 03:27 . 2009-06-03 19:14 6648 ----a-w- c:\users\Mike's Laptop\AppData\Local\d3d9caps.dat
2010-09-04 22:28 . 2010-09-04 22:28 23152 ----a-w- c:\windows\system32\drivers\tskB04D.tmp
2010-09-01 08:27 . 2009-05-27 23:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-01 08:26 . 2009-07-20 02:31 -------- d-----w- c:\users\Mike's Laptop\AppData\Roaming\InstallShield
2010-09-01 08:15 . 2009-05-27 23:34 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-31 19:04 . 2009-12-18 18:33 -------- d-----w- c:\program files\Symantec
2010-08-02 01:25 . 2009-07-27 06:38 -------- d-----w- c:\program files\AVS4YOU
2010-08-02 01:07 . 2009-07-27 06:38 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-08-02 00:48 . 2009-07-27 06:39 -------- d-----w- c:\users\Mike's Laptop\AppData\Roaming\AVS4YOU
2010-08-02 00:28 . 2009-05-27 23:34 -------- d-----w- c:\program files\Creative
2010-08-02 00:23 . 2009-06-07 03:19 -------- d-----w- c:\program files\Yahoo!
2010-08-02 00:21 . 2009-11-21 10:10 -------- d-----w- c:\users\Mike's Laptop\AppData\Roaming\Amazon
2010-08-01 01:54 . 2010-08-01 01:54 -------- d-----w- c:\users\Mike's Laptop\AppData\Roaming\SurfSecret Privacy Suite
2010-08-01 01:52 . 2010-08-01 01:52 264 ----a-w- c:\windows\system32\PSUNCpl.dat
2010-07-21 18:05 . 2009-07-17 21:13 -------- d-----w- c:\program files\iTunes
2010-07-21 18:03 . 2010-07-21 18:03 -------- d-----w- c:\program files\iPod
2010-07-21 18:03 . 2009-05-29 03:52 -------- d-----w- c:\program files\Common Files\Apple
2010-07-05 04:33 . 2009-05-28 00:35 100056 ----a-w- c:\users\Mike's Laptop\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-04 22:57 . 2010-07-04 22:57 680 ----a-w- c:\users\Mike's Laptop 2\AppData\Local\d3d9caps.dat
2010-07-04 06:12 . 2010-07-04 06:12 100056 ----a-w- c:\users\Mike's Laptop 2\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-29 06:05 . 2009-05-28 00:34 100056 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-30 14:56 . 2009-07-21 21:50 4637952 ----a-w- c:\program files\Common Files\lpuninstall.exe
2009-05-26 21:24 . 2009-05-26 21:21 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((( SnapShot@2010-09-08_07.03.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2010-09-08 07:15 81382 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-05-28 00:37 . 2010-09-08 07:15 13226 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-668703000-809816363-4094811587-1000_UserData.bin
- 2009-05-28 00:38 . 2010-09-08 06:32 65536 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-05-28 00:38 . 2010-09-08 07:16 65536 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-05-28 00:38 . 2010-09-08 07:16 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-05-28 00:38 . 2010-09-08 06:32 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-08 07:22 . 2010-09-08 07:22 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\9bbefd2263d8f2169ab3695798208293\System.Windows.Presentation.ni.dll
+ 2010-09-08 07:21 . 2010-09-08 07:21 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\02068ef9dafba3308b13444b8f4e5940\System.Web.ApplicationServices.ni.dll
+ 2010-09-08 07:21 . 2010-09-08 07:21 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\c3831eb95ccf3904bab81a97a9b08ed3\System.ServiceModel.Channels.ni.dll
+ 2010-09-08 07:10 . 2010-09-08 07:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-09-08 06:26 . 2010-09-08 06:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-09-08 07:10 . 2010-09-08 07:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-09-08 06:26 . 2010-09-08 06:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2006-11-02 13:02 . 2010-09-08 06:31 101182 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2010-09-08 07:15 101182 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 10:33 . 2010-09-08 07:17 607406 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-09-08 06:33 607406 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-09-08 07:17 105014 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2010-09-08 06:33 105014 c:\windows\System32\perfc009.dat
+ 2010-09-08 07:22 . 2010-09-08 07:22 245760 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\cc063533b04f9420d1aa571a36d1fabd\WindowsFormsIntegration.ni.dll
+ 2010-09-08 07:22 . 2010-09-08 07:22 481792 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\ece129234f9ba9ad856d0e77e4849137\UIAutomationClient.ni.dll
+ 2010-09-08 07:21 . 2010-09-08 07:21 220672 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\6e7f1bdc845816dfc797f8002b76b5e8\System.ServiceProcess.ni.dll
+ 2010-09-08 07:21 . 2010-09-08 07:21 365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\76a5d670ce969c0c65a905b7303d4bbf\System.ServiceModel.Routing.ni.dll
- 2009-05-28 00:38 . 2010-09-08 06:32 1949696 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-28 00:38 . 2010-09-08 07:16 1949696 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-08 07:22 . 2010-09-08 07:22 1055744 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\5904383f7c86f1374a14198872dfa7d8\UIAutomationClientsideProviders.ni.dll
+ 2010-09-08 07:22 . 2010-09-08 07:22 4496384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\9cf13572472dc2efe8f3b7c2ab6198d3\System.Windows.Forms.DataVisualization.ni.dll
+ 2010-09-08 07:22 . 2010-09-08 07:22 1828352 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\87e09dfbe3a44d6b00d3a5895f5a21a6\System.Web.Services.ni.dll
+ 2010-09-08 07:21 . 2010-09-08 07:21 1992192 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\61a931da70f8078539a51cef3888d02d\System.Speech.ni.dll
+ 2010-09-08 07:21 . 2010-09-08 07:21 1127424 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\dbf07cb14b4dcc210cdf8b5d90a12a56\System.ServiceModel.Discovery.ni.dll
+ 2010-09-08 07:21 . 2010-09-08 07:21 1388032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\52481fccddb053768631c640d5059d4b\System.ServiceModel.Activities.ni.dll
+ 2010-09-08 07:21 . 2010-09-08 07:21 17919488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\250b525aa8c17327216e102569c0d766\System.ServiceModel.ni.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2010-06-15 13:46 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-06-15 86696]
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-05-14 20:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-05-14 20:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 406848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"Malwarebytes Anti-Malware (reboot)"="c:\aa documents\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
c:\users\Mike's Laptop 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2008-05-04 09:25 167936 ----a-w- c:\program files\DellTPad\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]
2009-11-13 22:15 1807600 ----a-w- c:\program files\Dell DataSafe Online\DataSafeOnline.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell PC TuneUp Startup]
2009-06-23 22:21 314224 ----a-w- c:\program files\iolo\Common\Lib\ioloLManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2009-06-03 19:46 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-03-06 07:58 166424 ----a-w- c:\windows\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-03-21 18:00 174872 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-03-06 07:58 141848 ----a-w- c:\windows\System32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-16 12:41 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
2009-03-10 21:07 323216 ----a-w- c:\program files\Napster\napster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-08-28 05:51 36864 ----a-w- c:\windows\OEM02Mon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-12-21 15:58 184320 ----a-w- c:\program files\Dell\MediaDirect\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-03-06 07:58 133656 ----a-w- c:\windows\System32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 10:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-06-08 17:24 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):63,9e,4b,93,21,22,ca,01
R0 OCDE;ZTekWare Original CD Emulator Service;c:\windows\System32\Drivers\OCDE.sys
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 dsl-db;Remote Access DB;c:\program files\Common Files\Dell\MySQL\bin\mysqld.exe [2007-09-14 5730304]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 136176]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2008-05-14 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2008-05-14 166384]
R3 F09A7726;F09A7726;c:\windows\system32\F09A7726.exe [2010-09-05 6656]
R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [2008-11-04 22904]
R3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\DRIVERS\PTDMBus.sys [2007-08-18 29952]
R3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\DRIVERS\PTDMMdm.sys [2007-08-18 41856]
R3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\DRIVERS\PTDMVsp.sys [2007-08-18 39936]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-05-14 1120752]
R3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [2009-07-22 245760]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 cdburner;cdburner;c:\windows\system32\DRIVERS\cdburner.sys [2008-07-24 15872]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0300000.087\SYMEFA.SYS [2010-02-02 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0300000.087\BHDrvx86.sys [2010-02-02 258608]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0300000.087\ccHPx86.sys [2010-02-02 482352]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-12-09 20392]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100906.001\IDSvix86.sys [2010-05-28 344112]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2010-05-04 125960]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
S2 Apache2.2;Remote Access Media Server;c:\program files\Common Files\Dell\apache\bin\httpd.exe [2007-09-21 15872]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 dsl-fs-sync;Remote Access File Sync Service;c:\program files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [2009-01-05 173296]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-06-23 600944]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-06-23 600944]
S2 N360;Norton 360;c:\program files\Norton 360\Norton 360\Engine\3.0.0.135\ccSvcHst.exe [2010-02-02 115560]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-04-30 136448]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2010-05-27 141384]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2010-04-30 99336]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2010-04-30 111112]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2010-05-12 111176]
S2 uvnc_service;UltraVNC Server;c:\programdata\UltraVNC\winvnc.exe [2008-08-31 1519168]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
S3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [2009-07-24 23096]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\N360\0300000.087\SYMNDISV.SYS [2010-02-02 39984]
S3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2010-04-12 131664]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2010-04-12 91728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
2010-09-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-01 17:51]
2010-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 19:21]
2010-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 19:21]
2010-09-08 c:\windows\Tasks\User_Feed_Synchronization-{F9B73EFE-AB41-450E-AEBD-9732D4DB41BC}.job
- c:\windows\system32\msfeedssync.exe [2010-06-11 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = https://login.yahoo.com/config/mail?.partner=sbc&.intl=us&.done=http%3A%2F%2Fus.mg203.mail.yahoo.com%2Fdc%2Flaunch%3F.partner%3Dsbc%26.gx%3D0%26.rand%3D274h1nr76k4ah
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\MIKE'S~1\AppData\Roaming\Mozilla\Firefox\Profiles\0q7qe93b.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.mg203.mail.yahoo.com/dc/launch?.partner=sbc&.gx=1&.rand=demh6s69mau5m|http://www.rushlimbaugh.com/home/today.guest.html|http://www.facebook.com/Give100ofSomething|http://www.manofest.com/|http://linkiest.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=panda1_0yatb&p=
FF - component: c:\program files\Panda Security\Panda ID Protect\Firefox\components\FFKeypad.dll
FF - component: c:\users\Mike's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0q7qe93b.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\users\Mike's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0q7qe93b.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
FF - component: c:\users\Mike's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0q7qe93b.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency.dll
FF - component: c:\users\Mike's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0q7qe93b.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency3.5.dll
FF - component: c:\users\Mike's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0q7qe93b.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency3.6.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Mike's Laptop\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-08 02:25
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Norton 360\Engine\3.0.0.135\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Norton 360\Engine\3.0.0.135\diMaster.dll\" /prefetch:1"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(6832)
c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll
c:\windows\system32\authui.dll
c:\windows\System32\netshell.dll
.
Completion time: 2010-09-08 02:29:31
ComboFix-quarantined-files.txt 2010-09-08 07:29
ComboFix2.txt 2010-09-08 07:06
ComboFix3.txt 2010-09-07 08:25
Pre-Run: 60,496,252,928 bytes free
Post-Run: 60,425,187,328 bytes free
- - End Of File - - 51E62562FCB211FF99017FA40C2FA718
kevin27_b3d29f
1.5K Posts
0
September 8th, 2010 14:00
Hi Mike,
Going by the lastest log it looks as if you removed Norton and decided to keep Panda, please post back confirming this for me.
Thanks,
MikeTheGreaseMa
26 Posts
0
September 9th, 2010 01:00
I got rid of the Webroot and the Panda. I still have the Norton. I don't see Panda showing up when I connect to the internet, but Norton is still in place.
Thanks!!!
Mike Fussell
kevin27_b3d29f
1.5K Posts
0
September 9th, 2010 10:00
Hi Mike,
There are a lot of Panda entries in the logs.
First i need you check that everything "Panda" has been uninstalled, please to go to:
Panda ActiveScan 2.0
Panda Cloud Antivirus
Panda Identity Protect 3.0.44
Panda Security Toolbar
PLEASE BE SURE TO DISABLE ALL PROTECTIVE SOFTWARE THAT IS RUNNING ON YOUR MACHINE BEFORE RUNNING COMBOFIX, SO THAT COMBOFIX IS NOT HINDERED IN ITS REMOVAL PROCESS
Please Disable all Anti-virus/Anti-Spyware/FireWall on your machine(instructions via links below)
Next we are going to run ComboFix in a slightly different way
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quote box below into it:
Quote:
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe (NOTE: You may receive a message that there is a newer version of Combofix available, please allow Combofox to update if you get this message)
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
NOTE: If ComboFix does not reboot the system, please do so manually
Thanks
K27.
MikeTheGreaseMa
26 Posts
0
September 9th, 2010 13:00
Hey! Here's the latest ComboFix log with the script we added, after I FULLY deleted the Panda software. (Guess I should have checked to make sure all of it was gone before I ran that last scan......DUH! Sorry about that.) I am kinda surprised a virus or whatever that rootkit is was embedded in an anti-virus software program. Kinda seems 'ironic' doesn't it. That's the last place I would have thought to look, but then again, I guess that's why it got sent there. Inexperienced folks like me woulda never thunk it!!!!
ComboFix 10-09-08.03 - Mike's Laptop 09/09/2010 13:52:35.4.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3573.2195 [GMT -5:00]
Running from: c:\users\Mike's Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ComboFix.exe
Command switches used :: c:\users\Mike's Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
file zipped: c:\users\Mike's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0q7qe93b.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
file zipped: c:\windows\System32\drivers\tsk65BE.tmp
file zipped: c:\windows\System32\drivers\tskB04D.tmp
file zipped: c:\windows\System32\F09A7726.exe
.
((((((((((((((((((((((((( Files Created from 2010-08-09 to 2010-09-09 )))))))))))))))))))))))))))))))
.
2010-09-09 19:01 . 2010-09-09 19:01 -------- d-----w- c:\users\Mike's Laptop\AppData\Local\temp
2010-09-09 19:01 . 2010-09-09 19:01 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-09-09 19:01 . 2010-09-09 19:01 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp
2010-09-09 19:01 . 2010-09-09 19:01 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-09 19:01 . 2010-09-09 19:01 -------- d-----w- c:\users\Mike's Laptop 2\AppData\Local\temp
2010-09-09 19:01 . 2010-09-09 19:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-08 18:09 . 2010-09-08 18:09 -------- d-----w- c:\program files\iPod
2010-09-08 18:05 . 2010-09-08 18:05 -------- d-----w- c:\windows\LastGood.Tmp
2010-09-08 08:21 . 2010-09-09 18:22 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-08 07:52 . 2010-09-08 07:52 -------- d-----w- c:\windows\CheckSur
2010-09-08 06:23 . 2010-09-09 18:26 -------- d-----w- c:\users\Mike's Laptop\Tracing
2010-09-07 22:20 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-07 22:20 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-07 19:40 . 2010-09-07 19:40 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2010-09-07 19:39 . 2010-04-28 12:44 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-09-07 19:39 . 2010-09-07 19:39 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-09-07 19:38 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-09-07 19:38 . 2010-09-07 19:38 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-09-07 19:36 . 2010-09-07 19:36 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-09-07 19:36 . 2010-09-07 19:39 -------- d-----w- c:\program files\Windows Live
2010-09-07 19:16 . 2010-09-07 19:16 -------- d-----w- c:\program files\Common Files\Windows Live
2010-09-07 07:42 . 2010-09-09 18:49 3841108 ----a-r- c:\users\Mike's Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ComboFix.exe
2010-09-05 21:29 . 2010-09-05 21:29 6656 ----a-w- c:\windows\system32\F09A7726.exe
2010-09-04 22:21 . 2010-09-04 22:21 -------- d-----w- C:\TDSSKiller_Quarantine
2010-09-02 11:13 . 2010-09-02 11:13 388096 ----a-r- c:\users\Mike's Laptop\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-02 11:12 . 2010-09-02 11:12 -------- d-----w- c:\program files\Trend Micro
2010-09-01 08:27 . 2007-11-20 19:29 38656 ----a-w- c:\windows\system32\drivers\Capt905c.sys
2010-09-01 08:27 . 2007-08-21 22:10 26496 ----a-w- c:\windows\system32\drivers\Camd905c.sys
2010-09-01 08:27 . 2010-09-01 10:19 -------- d-----w- c:\program files\MyDSC2
2010-09-01 08:18 . 2006-11-10 20:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys
2010-09-01 08:16 . 1995-08-01 09:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2010-09-01 08:15 . 2010-09-01 08:15 -------- d-----w- c:\program files\ArcSoft
2010-08-22 21:36 . 2010-08-22 21:36 -------- d-----w- c:\users\MIKE'S~1\AppData\Roaming\Malwarebytes
2010-08-22 21:36 . 2010-08-22 21:36 -------- d-----w- c:\users\Mike's Laptop\AppData\Roaming\Malwarebytes
2010-08-22 21:36 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-22 21:36 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-20 10:56 . 2010-08-11 06:33 11776 ----a-w- c:\users\Mike's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0q7qe93b.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}\lib\WINNT_x86-msvc\1.9.1\yoono.dll
2010-08-18 18:00 . 2010-08-18 18:01 -------- d-----w- c:\program files\QuickTime
2010-08-18 01:39 . 2010-08-20 07:04 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\xbjivfnam
2010-08-17 10:16 . 2010-08-17 10:16 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2010-08-17 09:24 . 2010-09-07 22:20 -------- d-----w- c:\windows\system32\catroot2
2010-08-17 08:55 . 2010-08-12 06:52 85464 ----a-w- c:\users\Mike's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0q7qe93b.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
2010-08-17 08:55 . 2010-08-12 06:52 38872 ----a-w- c:\users\Mike's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0q7qe93b.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINCE\components\WeaveCrypto.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-09 18:22 . 2010-08-01 01:51 -------- d-----w- c:\program files\Panda Security
2010-09-09 18:20 . 2009-08-17 06:03 12 ----a-w- c:\windows\bthservsdp.dat
2010-09-08 18:10 . 2009-07-17 21:13 -------- d-----w- c:\program files\iTunes
2010-09-08 18:09 . 2009-05-29 03:52 -------- d-----w- c:\program files\Common Files\Apple
2010-09-08 08:26 . 2009-05-27 23:44 -------- d-----w- c:\program files\Microsoft Works
2010-09-08 08:21 . 2009-08-23 06:03 -------- d-----w- c:\program files\Microsoft
2010-09-08 08:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-07 19:04 . 2009-06-14 02:27 -------- d-----w- c:\program files\Microsoft.NET
2010-09-07 18:53 . 2009-11-06 18:00 0 ----a-w- c:\windows\system32\drivers\SSHRMD.sys
2010-09-06 20:33 . 2010-08-02 01:41 -------- d-----w- c:\program files\Windows Live Safety Center
2010-09-06 19:12 . 2010-09-06 19:12 23152 ----a-w- c:\windows\system32\drivers\tsk65BE.tmp
2010-09-05 03:27 . 2009-06-03 19:14 6648 ----a-w- c:\users\Mike's Laptop\AppData\Local\d3d9caps.dat
2010-09-04 22:28 . 2010-09-04 22:28 23152 ----a-w- c:\windows\system32\drivers\tskB04D.tmp
2010-09-01 08:27 . 2009-05-27 23:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-01 08:26 . 2009-07-20 02:31 -------- d-----w- c:\users\MIKE'S~1\AppData\Roaming\InstallShield
2010-09-01 08:26 . 2009-07-20 02:31 -------- d-----w- c:\users\Mike's Laptop\AppData\Roaming\InstallShield
2010-09-01 08:15 . 2009-05-27 23:34 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-31 19:04 . 2009-12-18 18:33 -------- d-----w- c:\program files\Symantec
2010-08-02 01:25 . 2009-07-27 06:38 -------- d-----w- c:\program files\AVS4YOU
2010-08-02 01:07 . 2009-07-27 06:38 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-08-02 00:48 . 2009-07-27 06:39 -------- d-----w- c:\users\MIKE'S~1\AppData\Roaming\AVS4YOU
2010-08-02 00:48 . 2009-07-27 06:39 -------- d-----w- c:\users\Mike's Laptop\AppData\Roaming\AVS4YOU
2010-08-02 00:28 . 2009-05-27 23:34 -------- d-----w- c:\program files\Creative
2010-08-02 00:23 . 2009-06-07 03:19 -------- d-----w- c:\program files\Yahoo!
2010-08-02 00:21 . 2009-11-21 10:10 -------- d-----w- c:\users\MIKE'S~1\AppData\Roaming\Amazon
2010-08-02 00:21 . 2009-11-21 10:10 -------- d-----w- c:\users\Mike's Laptop\AppData\Roaming\Amazon
2010-08-01 01:54 . 2010-08-01 01:54 -------- d-----w- c:\users\MIKE'S~1\AppData\Roaming\SurfSecret Privacy Suite
2010-08-01 01:54 . 2010-08-01 01:54 -------- d-----w- c:\users\Mike's Laptop\AppData\Roaming\SurfSecret Privacy Suite
2010-07-05 04:33 . 2009-05-28 00:35 100056 ----a-w- c:\users\Mike's Laptop\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-04 22:57 . 2010-07-04 22:57 680 ----a-w- c:\users\Mike's Laptop 2\AppData\Local\d3d9caps.dat
2010-07-04 06:12 . 2010-07-04 06:12 100056 ----a-w- c:\users\Mike's Laptop 2\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-29 06:05 . 2009-05-28 00:34 100056 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-26 06:05 . 2010-09-07 22:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-09-07 22:21 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-09-07 22:21 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-09-07 22:21 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-09-07 22:21 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-09-07 22:21 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-16 16:04 . 2010-09-07 22:21 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-07-30 14:56 . 2009-07-21 21:50 4637952 ----a-w- c:\program files\Common Files\lpuninstall.exe
2009-05-26 21:24 . 2009-05-26 21:21 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\system32\config\systemprofile\AppData\Local\xbjivfnam ----
((((((((((((((((((((((((((((( SnapShot@2010-09-08_07.03.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-07 22:21 . 2010-05-28 16:14 81920 c:\windows\winsxs\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.0.6002.22414_none_6f0c0c64eeb82f1d\iccvid.dll
+ 2010-09-07 22:21 . 2010-05-27 20:08 81920 c:\windows\winsxs\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.0.6002.18263_none_6e4b5dcdd5c4048a\iccvid.dll
+ 2010-09-07 22:21 . 2010-05-27 19:11 81920 c:\windows\winsxs\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.0.6001.22702_none_6d2e69d4f18b8b5a\iccvid.dll
+ 2010-09-07 22:21 . 2010-05-27 19:16 81920 c:\windows\winsxs\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.0.6001.18483_none_6c4f4a27d8adea21\iccvid.dll
+ 2010-09-07 22:20 . 2010-06-18 14:50 99328 c:\windows\winsxs\x86_microsoft-windows-smbserver-common_31bf3856ad364e35_6.0.6001.22715_none_045a07e92948400f\srvnet.sys
+ 2010-09-07 22:21 . 2010-06-18 18:00 36864 c:\windows\winsxs\x86_microsoft-windows-rasrtutils_31bf3856ad364e35_6.0.6002.22427_none_0f77105600c85cb8\rtutils.dll
+ 2010-09-07 22:21 . 2010-06-18 17:31 36864 c:\windows\winsxs\x86_microsoft-windows-rasrtutils_31bf3856ad364e35_6.0.6002.18274_none_0eb4612ae7d5ff77\rtutils.dll
+ 2010-09-07 22:21 . 2010-06-18 16:38 36352 c:\windows\winsxs\x86_microsoft-windows-rasrtutils_31bf3856ad364e35_6.0.6001.22715_none_0d996dc6039bb8f5\rtutils.dll
+ 2010-09-07 22:21 . 2010-06-18 16:43 36352 c:\windows\winsxs\x86_microsoft-windows-rasrtutils_31bf3856ad364e35_6.0.6001.18495_none_0cb94dceeabefe65\rtutils.dll
+ 2010-09-07 22:21 . 2010-06-16 15:56 98192 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22713_none_cda6490a43adceb3\FWPKCLNT.SYS
+ 2010-09-07 22:21 . 2010-06-17 18:30 23552 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.22426_none_f4c2683b236c5a9c\WMM2EXT.dll
+ 2010-09-07 22:21 . 2010-06-17 17:24 23552 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.22714_none_f2e4c5ab263fb6d9\WMM2EXT.dll
+ 2010-09-07 22:21 . 2010-06-16 14:01 31232 c:\windows\winsxs\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.22425_none_887cb1b81bbc94f9\tcpipreg.sys
+ 2010-09-07 22:21 . 2010-06-26 06:48 71680 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.23040_none_a9180e0d8d84c714\iesetup.dll
+ 2010-09-07 22:21 . 2010-06-26 06:48 55808 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.23040_none_a9180e0d8d84c714\iernonce.dll
+ 2010-09-07 22:21 . 2010-06-26 06:02 71680 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18943_none_a8919be474643d34\iesetup.dll
+ 2010-09-07 22:21 . 2010-06-26 06:02 55808 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18943_none_a8919be474643d34\iernonce.dll
+ 2010-09-07 22:21 . 2010-06-24 05:17 16896 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.23039_none_844ab3e55fe5699d\iecompat.dll
+ 2010-09-07 22:21 . 2010-06-24 04:49 16896 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18942_none_83af6eec46d5fe48\iecompat.dll
+ 2010-09-07 22:21 . 2010-06-26 05:12 13312 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.23040_none_df9547f309cd816b\msfeedssync.exe
+ 2010-09-07 22:21 . 2010-06-26 06:49 55296 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.23040_none_df9547f309cd816b\msfeedsbs.dll
+ 2010-09-07 22:21 . 2010-06-26 04:24 13312 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18943_none_df0ed5c9f0acf78b\msfeedssync.exe
+ 2010-09-07 22:21 . 2010-06-26 06:03 55296 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18943_none_df0ed5c9f0acf78b\msfeedsbs.dll
+ 2010-09-07 22:21 . 2010-06-26 06:51 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23040_none_e5304c66d0de8f8c\WininetPlugin.dll
+ 2010-09-07 22:21 . 2010-06-26 06:48 25600 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23040_none_e5304c66d0de8f8c\jsproxy.dll
+ 2010-09-07 22:21 . 2010-06-26 06:05 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18943_none_e4a9da3db7be05ac\WininetPlugin.dll
+ 2010-09-07 22:21 . 2010-06-26 06:02 25600 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18943_none_e4a9da3db7be05ac\jsproxy.dll
+ 2008-01-21 01:58 . 2010-09-09 18:27 81960 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-05-28 00:37 . 2010-09-09 18:27 13234 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-668703000-809816363-4094811587-1000_UserData.bin
- 2010-06-11 02:59 . 2010-05-04 04:30 13312 c:\windows\System32\msfeedssync.exe
+ 2010-09-07 22:21 . 2010-06-26 04:24 13312 c:\windows\System32\msfeedssync.exe
- 2010-06-11 02:59 . 2010-05-04 05:56 55296 c:\windows\System32\msfeedsbs.dll
+ 2010-09-07 22:21 . 2010-06-26 06:03 55296 c:\windows\System32\msfeedsbs.dll
- 2010-06-11 02:59 . 2010-05-04 05:59 64512 c:\windows\System32\migration\WininetPlugin.dll
+ 2010-09-07 22:21 . 2010-06-26 06:05 64512 c:\windows\System32\migration\WininetPlugin.dll
- 2010-06-11 02:59 . 2010-05-04 05:55 25600 c:\windows\System32\jsproxy.dll
+ 2010-09-07 22:21 . 2010-06-26 06:02 25600 c:\windows\System32\jsproxy.dll
- 2010-06-11 02:59 . 2010-05-04 05:55 55808 c:\windows\System32\iernonce.dll
+ 2010-09-07 22:21 . 2010-06-26 06:02 55808 c:\windows\System32\iernonce.dll
- 2006-11-02 12:33 . 2006-11-02 12:33 81920 c:\windows\System32\iccvid.dll
+ 2010-09-07 22:21 . 2010-05-27 20:08 81920 c:\windows\System32\iccvid.dll
+ 2010-04-20 01:47 . 2010-04-20 01:47 41984 c:\windows\System32\DriverStore\FileRepository\usbaapl.inf_bd0865d8\usbaapl.sys
- 2009-05-28 00:38 . 2010-09-08 06:32 65536 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-05-28 00:38 . 2010-09-09 18:27 65536 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-05-28 00:38 . 2010-09-08 06:32 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-05-28 00:38 . 2010-09-09 18:27 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-29 00:11 . 2010-09-08 09:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-06-29 00:11 . 2010-09-06 19:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-06-29 00:11 . 2010-09-06 19:26 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-29 00:11 . 2010-09-08 09:16 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-29 00:11 . 2010-09-06 19:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-29 00:11 . 2010-09-08 09:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-08 08:21 . 2010-09-08 08:21 51712 c:\windows\Installer\2c3ccf.msi
- 2009-06-14 02:31 . 2010-09-07 19:08 23040 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-06-14 02:31 . 2010-09-08 08:28 23040 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-06-14 02:31 . 2010-09-07 19:08 61440 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-06-14 02:31 . 2010-09-08 08:28 61440 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-06-14 02:31 . 2010-09-07 19:08 27136 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-06-14 02:31 . 2010-09-08 08:28 27136 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-06-14 02:31 . 2010-09-07 19:08 11264 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-06-14 02:31 . 2010-09-08 08:28 11264 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-06-14 02:31 . 2010-09-08 08:28 12288 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2009-06-14 02:31 . 2010-09-07 19:08 12288 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2010-06-11 08:10 . 2010-06-11 08:10 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-09-08 08:19 . 2010-09-08 08:19 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2009-05-27 23:44 . 2009-06-13 08:00 25214 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\MSWorks.exe
+ 2009-05-27 23:44 . 2010-09-08 08:26 25214 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\MSWorks.exe
+ 2006-11-02 10:25 . 2010-09-08 18:05 51200 c:\windows\inf\infpub.dat
- 2006-11-02 10:25 . 2010-09-07 19:15 51200 c:\windows\inf\infpub.dat
+ 2010-09-08 07:22 . 2010-09-08 07:22 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\9bbefd2263d8f2169ab3695798208293\System.Windows.Presentation.ni.dll
+ 2010-09-08 07:21 . 2010-09-08 07:21 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\02068ef9dafba3308b13444b8f4e5940\System.Web.ApplicationServices.ni.dll
+ 2010-09-08 07:21 . 2010-09-08 07:21 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\c3831eb95ccf3904bab81a97a9b08ed3\System.ServiceModel.Channels.ni.dll
+ 2010-09-08 09:25 . 2010-09-08 09:25 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\0ca391257384dfbd5d66616468a20bda\WindowsLiveWriter.ni.exe
+ 2010-09-08 09:25 . 2010-09-08 09:25 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\92ae1905581c00f474e67b8247c58221\WindowsLive.Writer.Api.ni.dll
+ 2010-09-08 09:25 . 2010-09-08 09:25 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\cf552934b75cb6b61f08e3354af8ab38\UIAutomationProvider.ni.dll
+ 2010-09-08 09:28 . 2010-09-08 09:28 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\f393e672479ce6ba2f7dfb5e4f3116b7\System.Windows.Presentation.ni.dll
+ 2010-09-08 09:28 . 2010-09-08 09:28 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\c5cd985c876a7bffc61898614694059c\System.Web.DynamicData.Design.ni.dll
+ 2010-09-08 09:27 . 2010-09-08 09:27 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\04bea9cca189a163d0c16e891ad2fdc8\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-09-08 09:27 . 2010-09-08 09:27 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\a899daa177f7bf5c6958dc5969e3a3de\System.AddIn.Contract.ni.dll
+ 2010-09-08 09:27 . 2010-09-08 09:27 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\156b0418acf284f30f7602a8378b52fd\PresentationFontCache.ni.exe
+ 2010-09-08 09:25 . 2010-09-08 09:25 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\5d23c64bac1fd4b0b2bcb1b9d83e6cf6\PresentationCFFRasterizer.ni.dll
+ 2010-09-08 09:27 . 2010-09-08 09:27 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\b8c20b6ea36a8097e743cd22a16de151\napcrypt.ni.dll
+ 2010-09-08 09:27 . 2010-09-08 09:27 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\008cd7119d80616a98d0db1c5a516415\Microsoft.WSMan.Runtime.ni.dll
+ 2010-09-08 09:25 . 2010-09-08 09:25 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\c648ec7ca268d909186339d7002c0810\Microsoft.Vsa.ni.dll
+ 2010-09-08 09:24 . 2010-09-08 09:24 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\8133699911f51e80280dfeab3e5d7ab4\Microsoft.VisualC.ni.dll
+ 2010-09-08 09:26 . 2010-09-08 09:26 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\a356e8fb2f59ff46079840306184cbcb\Microsoft.Build.Framework.ni.dll
+ 2010-09-08 09:26 . 2010-09-08 09:26 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\3c2132d7b78b099112e669342aff5524\Microsoft.Build.Framework.ni.dll
+ 2010-09-08 09:26 . 2010-09-08 09:26 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\1885a95e9314f393e86670da9930e08f\dfsvc.ni.exe
+ 2010-09-08 09:24 . 2010-09-08 09:24 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2565dad071661e3881888abd594e9e9d\Accessibility.ni.dll
+ 2010-09-07 22:21 . 2010-06-11 16:31 2048 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6002.22422_none_8acabb6dad2870a4\msxml3r.dll
+ 2010-09-07 22:21 . 2010-06-11 15:25 2048 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.22709_none_8900eb63afeb94ff\msxml3r.dll
+ 2010-09-09 18:22 . 2010-09-09 18:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-09-08 06:26 . 2010-09-08 06:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-09-09 18:22 . 2010-09-09 18:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-09-08 06:26 . 2010-09-08 06:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-06-14 02:31 . 2010-09-07 19:08 4096 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-06-14 02:31 . 2010-09-08 08:28 4096 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2010-09-07 22:21 . 2010-05-19 11:41 388936 c:\windows\winsxs\x86_netfx-sos_dll_b03f5f7f11d50a3a_6.0.6002.22409_none_fcfd41ec14d22069\SOS.dll
+ 2010-09-07 22:21 . 2010-05-21 10:56 388936 c:\windows\winsxs\x86_netfx-sos_dll_b03f5f7f11d50a3a_6.0.6002.18260_none_13d1b793fb247173\SOS.dll
+ 2010-09-07 22:21 . 2010-05-19 11:39 989016 c:\windows\winsxs\x86_netfx-mscordacwks_b03f5f7f11d50a3a_6.0.6002.22409_none_142efa2b20dd4454\mscordacwks.dll
+ 2010-09-07 22:21 . 2010-05-21 10:56 989016 c:\windows\winsxs\x86_netfx-mscordacwks_b03f5f7f11d50a3a_6.0.6002.18260_none_2b036fd3072f955e\mscordacwks.dll
+ 2010-09-07 22:21 . 2010-05-28 16:14 197632 c:\windows\winsxs\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.0.6002.22414_none_6f0c0c64eeb82f1d\ir32_32.dll
+ 2010-09-07 22:21 . 2010-05-27 19:11 197632 c:\windows\winsxs\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.0.6001.22702_none_6d2e69d4f18b8b5a\ir32_32.dll
+ 2010-09-07 22:21 . 2010-06-16 16:39 912776 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
+ 2010-09-07 22:21 . 2010-06-16 16:04 905088 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
+ 2010-09-07 22:21 . 2010-06-16 15:55 902032 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
+ 2010-09-07 22:21 . 2010-06-16 15:59 898952 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
+ 2010-09-07 22:20 . 2010-06-18 15:14 145408 c:\windows\winsxs\x86_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.0.6002.22427_none_dc4e15b40cc980e1\srv2.sys
+ 2010-09-07 22:20 . 2010-06-18 15:04 144896 c:\windows\winsxs\x86_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.0.6002.18274_none_db8b6688f3d723a0\srv2.sys
+ 2010-09-07 22:20 . 2010-06-18 14:51 145408 c:\windows\winsxs\x86_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.0.6001.22715_none_da7073240f9cdd1e\srv2.sys
+ 2010-09-07 22:20 . 2010-06-18 14:43 144896 c:\windows\winsxs\x86_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.0.6001.18495_none_d990532cf6c0228e\srv2.sys
+ 2010-09-07 22:20 . 2010-06-18 15:14 303104 c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6002.22427_none_dc58e5a00cc164f0\srv.sys
+ 2010-09-07 22:20 . 2010-06-18 15:04 302080 c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6002.18274_none_db963674f3cf07af\srv.sys
+ 2010-09-07 22:20 . 2010-06-18 14:51 303104 c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.22715_none_da7b43100f94c12d\srv.sys
+ 2010-09-07 22:20 . 2010-06-18 14:43 302080 c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.18495_none_d99b2318f6b8069d\srv.sys
+ 2010-09-07 22:21 . 2010-06-11 16:33 275456 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6002.22422_none_2472c5e16b952529\schannel.dll
+ 2010-09-07 22:21 . 2010-06-11 16:16 274944 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6002.18269_none_23c4e9865291a95d\schannel.dll
+ 2010-09-07 22:21 . 2010-06-11 15:26 274944 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6001.22709_none_22a8f5d76e584984\schannel.dll
+ 2010-09-07 22:21 . 2010-06-11 15:31 274432 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6001.18490_none_21b5035a558bc6d6\schannel.dll
+ 2010-09-07 22:21 . 2010-06-16 15:11 438272 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22713_none_cda6490a43adceb3\IKEEXT.DLL
+ 2010-09-07 22:21 . 2010-06-16 15:10 595456 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22713_none_cda6490a43adceb3\FWPUCLNT.DLL
+ 2010-09-07 22:21 . 2010-06-16 15:09 328704 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22713_none_cda6490a43adceb3\BFE.DLL
+ 2010-09-07 22:21 . 2010-06-16 15:55 220040 c:\windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22713_none_571d45f6ce707e09\netio.sys
+ 2010-09-07 22:21 . 2010-06-17 18:30 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.22426_none_f4c2683b236c5a9c\WMM2AE.dll
+ 2010-09-07 22:21 . 2010-06-17 16:27 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.22426_none_f4c2683b236c5a9c\MOVIEMK.exe
+ 2010-09-07 22:21 . 2010-06-17 16:16 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.18273_none_f3ffb9100a79fd5b\MOVIEMK.exe
+ 2010-09-07 22:21 . 2010-06-17 17:24 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.22714_none_f2e4c5ab263fb6d9\WMM2AE.dll
+ 2010-09-07 22:21 . 2010-06-17 16:03 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.22714_none_f2e4c5ab263fb6d9\MOVIEMK.exe
+ 2010-09-07 22:21 . 2010-06-17 15:49 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18494_none_f204a5b40d62fc49\MOVIEMK.exe
+ 2010-09-07 22:21 . 2010-06-26 06:48 164352 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.23040_none_47e9c588dd2a86ef\ieui.dll
+ 2010-09-07 22:21 . 2010-06-26 06:02 164352 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18943_none_4763535fc409fd0f\ieui.dll
+ 2010-09-07 22:21 . 2010-06-26 06:48 109056 c:\windows\winsxs\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.23040_none_fed972b9e90803d9\iesysprep.dll
+ 2010-09-07 22:21 . 2010-06-26 06:02 109056 c:\windows\winsxs\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.18943_none_fe530090cfe779f9\iesysprep.dll
+ 2010-09-07 22:21 . 2010-06-26 05:13 173056 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.23040_none_a9180e0d8d84c714\ie4uinit.exe
+ 2010-09-07 22:21 . 2010-06-26 04:24 173056 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18943_none_a8919be474643d34\ie4uinit.exe
+ 2010-09-07 22:21 . 2010-06-26 06:51 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.23040_none_2aeb0342bb8fade9\sqmapi.dll
+ 2010-09-07 22:21 . 2010-06-26 06:05 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18943_none_2a649119a26f2409\sqmapi.dll
+ 2010-09-07 22:21 . 2010-06-26 06:50 206848 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.23040_none_1a6dc115432e9357\occache.dll
+ 2010-09-07 22:21 . 2010-06-26 06:04 206848 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18943_none_19e74eec2a0e0977\occache.dll
+ 2010-09-07 22:21 . 2010-06-26 06:52 638232 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23040_none_12a958f24909fe6f\iexplore.exe
+ 2010-09-07 22:21 . 2010-06-26 05:13 133632 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23040_none_12a958f24909fe6f\ieUnatt.exe
+ 2010-09-07 22:21 . 2010-06-26 06:06 638232 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18943_none_1222e6c92fe9748f\iexplore.exe
+ 2010-09-07 22:21 . 2010-06-26 04:25 133632 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18943_none_1222e6c92fe9748f\ieUnatt.exe
+ 2010-09-07 22:21 . 2010-06-26 06:48 197632 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.23040_none_2ad488dec9448079\IEShims.dll
+ 2010-09-07 22:21 . 2010-06-26 06:02 197632 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.18943_none_2a4e16b5b023f699\IEShims.dll
+ 2010-09-07 22:21 . 2010-06-26 06:48 247808 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.23040_none_73763d48799c1a0b\ieproxy.dll
+ 2010-09-07 22:21 . 2010-06-26 06:02 247808 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.18943_none_72efcb1f607b902b\ieproxy.dll
+ 2010-09-07 22:21 . 2010-06-26 06:49 599040 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.23040_none_432de3356981e244\msfeeds.dll
+ 2010-09-07 22:21 . 2010-06-26 06:03 599040 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.18943_none_42a7710c50615864\msfeeds.dll
+ 2010-09-07 22:21 . 2010-06-26 06:48 743424 c:\windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_8.0.6001.23040_none_1eec65b96ee1dbcd\iedvtool.dll
+ 2010-09-07 22:21 . 2010-06-26 06:02 743424 c:\windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_8.0.6001.18943_none_1e65f39055c151ed\iedvtool.dll
+ 2010-09-07 22:21 . 2010-06-26 06:48 184320 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.23040_none_200add98211957ee\iepeers.dll
+ 2010-09-07 22:21 . 2010-06-26 06:02 184320 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.18943_none_1f846b6f07f8ce0e\iepeers.dll
+ 2010-09-07 22:21 . 2010-06-26 06:48 387584 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.23040_none_5797c5628688b053\iedkcs32.dll
+ 2010-09-07 22:21 . 2010-06-26 06:02 387584 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.18943_none_571153396d682673\iedkcs32.dll
+ 2010-09-07 22:21 . 2010-06-26 06:51 919040 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23040_none_e5304c66d0de8f8c\wininet.dll
+ 2010-09-07 22:21 . 2010-06-26 06:05 916480 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18943_none_e4a9da3db7be05ac\wininet.dll
+ 2010-09-07 22:21 . 2010-06-26 06:49 611840 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_8.0.6001.23040_none_c40cff8dab7e2868\mstime.dll
+ 2010-09-07 22:21 . 2010-06-26 06:03 611840 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_8.0.6001.18943_none_c3868d64925d9e88\mstime.dll
+ 2006-11-02 13:02 . 2010-09-09 18:27 101198 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-07 22:21 . 2010-06-11 16:16 274944 c:\windows\System32\schannel.dll
+ 2006-11-02 10:33 . 2010-09-09 18:30 607406 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-09-08 06:33 607406 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-09-08 06:33 105014 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2010-09-09 18:30 105014 c:\windows\System32\perfc009.dat
- 2010-06-11 02:59 . 2010-05-04 05:58 206848 c:\windows\System32\occache.dll
+ 2010-09-07 22:21 . 2010-06-26 06:04 206848 c:\windows\System32\occache.dll
+ 2010-09-07 22:21 . 2010-06-26 06:03 611840 c:\windows\System32\mstime.dll
- 2010-06-11 02:59 . 2010-05-04 05:56 611840 c:\windows\System32\mstime.dll
- 2010-06-11 02:59 . 2010-05-04 05:56 599040 c:\windows\System32\msfeeds.dll
+ 2010-09-07 22:21 . 2010-06-26 06:03 599040 c:\windows\System32\msfeeds.dll
+ 2010-09-08 10:31 . 2010-09-08 10:31 232912 c:\windows\System32\Macromed\Flash\FlashUtil10i_Plugin.exe
+ 2010-09-07 22:21 . 2010-06-26 06:02 164352 c:\windows\System32\ieui.dll
- 2010-06-11 02:59 . 2010-05-04 05:55 164352 c:\windows\System32\ieui.dll
+ 2010-09-07 22:21 . 2010-06-26 06:02 184320 c:\windows\System32\iepeers.dll
- 2010-06-11 02:59 . 2010-05-04 05:55 184320 c:\windows\System32\iepeers.dll
- 2010-06-11 02:59 . 2010-05-04 05:55 387584 c:\windows\System32\iedkcs32.dll
+ 2010-09-07 22:21 . 2010-06-26 06:02 387584 c:\windows\System32\iedkcs32.dll
+ 2010-09-07 22:21 . 2010-06-26 04:24 173056 c:\windows\System32\ie4uinit.exe
- 2010-06-11 02:59 . 2010-05-04 04:30 173056 c:\windows\System32\ie4uinit.exe
- 2006-11-02 12:44 . 2010-06-11 08:32 373752 c:\windows\System32\FNTCACHE.DAT
+ 2006-11-02 12:44 . 2010-09-08 09:16 373752 c:\windows\System32\FNTCACHE.DAT
+ 2009-06-07 08:03 . 2010-09-08 09:16 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-09-07 22:21 . 2010-05-21 10:56 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2009-10-15 08:02 . 2009-09-04 06:59 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2010-09-07 22:21 . 2010-05-21 10:56 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2010-09-08 08:21 . 2010-09-08 08:21 552448 c:\windows\Installer\2c3cb6.msi
+ 2010-09-08 18:03 . 2010-09-08 18:03 807936 c:\windows\Installer\1e46a5d.msi
- 2009-06-14 02:31 . 2010-09-07 19:08 409600 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-06-14 02:31 . 2010-09-08 08:28 409600 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-06-14 02:31 . 2010-09-07 19:08 286720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-06-14 02:31 . 2010-09-08 08:28 286720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2009-06-14 02:31 . 2010-09-07 19:08 249856 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-06-14 02:31 . 2010-09-08 08:28 249856 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-06-14 02:31 . 2010-09-08 08:28 794624 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-06-14 02:31 . 2010-09-07 19:08 794624 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-06-14 02:31 . 2010-09-08 08:28 135168 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-06-14 02:31 . 2010-09-07 19:08 135168 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-06-14 02:31 . 2010-09-07 19:08 593920 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-06-14 02:31 . 2010-09-08 08:28 593920 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2010-09-08 18:11 . 2010-09-08 18:11 380928 c:\windows\Installer\{350FB27C-CF62-4EF3-AF9D-70FF313FE221}\iTunesIco.exe
+ 2009-05-27 23:44 . 2010-09-08 08:26 693600 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksWP.exe
- 2009-05-27 23:44 . 2009-06-13 08:00 693600 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksWP.exe
+ 2009-05-27 23:44 . 2010-09-08 08:26 947552 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksss.exe
- 2009-05-27 23:44 . 2009-06-13 08:00 947552 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksss.exe
- 2009-05-27 23:44 . 2009-06-13 08:00 709984 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksCal.exe
+ 2009-05-27 23:44 . 2010-09-08 08:26 709984 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksCal.exe
+ 2007-04-19 19:01 . 2007-04-19 19:01 238424 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSCDM.DLL
+ 2007-01-17 01:32 . 2007-01-17 01:32 136032 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSAEXP30.DLL
+ 2007-04-19 18:54 . 2007-04-19 18:54 169312 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\ACCWIZ.DLL
+ 2007-11-28 10:33 . 2007-11-28 10:33 173408 c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F378_WkProof.dll
+ 2007-11-28 10:34 . 2007-11-28 10:34 972128 c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F20987_wkwpqd.dll
+ 2007-11-28 10:34 . 2007-11-28 10:34 161120 c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F20985_wkwpqrtf.dll
+ 2006-11-02 10:25 . 2010-09-08 18:05 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 10:25 . 2010-09-07 19:15 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 10:25 . 2010-09-07 19:15 143360 c:\windows\inf\infstor.dat
+ 2006-11-02 10:25 . 2010-09-08 18:05 143360 c:\windows\inf\infstor.dat
+ 2010-09-08 07:22 . 2010-09-08 07:22 245760 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\cc063533b04f9420d1aa571a36d1fabd\WindowsFormsIntegration.ni.dll
+ 2010-09-08 07:22 . 2010-09-08 07:22 481792 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\ece129234f9ba9ad856d0e77e4849137\UIAutomationClient.ni.dll
+ 2010-09-08 07:21 . 2010-09-08 07:21 220672 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\6e7f1bdc845816dfc797f8002b76b5e8\System.ServiceProcess.ni.dll
+ 2010-09-08 07:21 . 2010-09-08 07:21 365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\76a5d670ce969c0c65a905b7303d4bbf\System.ServiceModel.Routing.ni.dll
+ 2010-09-08 09:28 . 2010-09-08 09:28 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\96e88a5f9dbbcfdb736568e69d43cff9\WsatConfig.ni.exe
+ 2010-09-08 09:25 . 2010-09-08 09:25 626688 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\986960e7c6f116ba052d89248196a43c\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2010-09-08 09:25 . 2010-09-08 09:25 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f262088fa89e5c95a651a6fe101b92a3\WindowsLive.Writer.Passport.ni.dll
+ 2010-09-08 09:25 . 2010-09-08 09:25 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e84fdece75fa1198bc447f4bc2c18875\WindowsLive.Writer.Mshtml.ni.dll
+ 2010-09-08 09:25 . 2010-09-08 09:25 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\dca9235db973615798945beb3cb11c70\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2010-09-08 09:25 . 2010-09-08 09:25 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d5d7345f500401f299970b637ab3b884\WindowsLive.Writer.BlogClient.ni.dll
+ 2010-09-08 09:25 . 2010-09-08 09:25 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\cfbbcab5be0c9b3de6baaf0eb6824a5e\WindowsLive.Writer.HtmlParser.ni.dll
+ 2010-09-08 09:25 . 2010-09-08 09:25 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c9d53c7601095d22f96d9c6004b56bd3\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2010-09-08 09:25 . 2010-09-08 09:25 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b60df760eec32015f09b89686072d679\WindowsLive.Writer.Instrumentation.ni.dll
+ 2010-09-08 09:25 . 2010-09-08 09:25 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8c75567f46242d0cf7b89ce4f849f94d\WindowsLive.Writer.Interop.ni.dll
+ 2010-09-08 09:25 . 2010-09-08 09:25 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8c2c31cc947608ac7ee35cc2e226e252\WindowsLive.Writer.Localization.ni.dll
+ 2010-09-08 09:25 . 2010-09-08 09:25 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\861782dd02089db5f764ef3c95f9122b\WindowsLive.Writer.Extensibility.ni.dll
+ 2010-09-08 09:25 . 2010-09-08 09:25 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\74e344aeecc5ff44965ec4caf25ea21c\WindowsLive.Writer.BrowserControl.ni.dll
+ 2010-09-08 09:25 . 2010-09-08 09:25 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\738a4d4f0fdb0dd45e2f20f711144b43\WindowsLive.Writer.SpellChecker.ni.dll
+ 2010-09-08 09:25 . 2010-09-08 09:25 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5c8feb0a7dd935ce2540f7f6ae2d2bfd\WindowsLive.Writer.Controls.ni.dll
+ 2010-09-08 09:25 . 2010-09-08 09:25 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0b50a9a2b8b09da8b5c4a858d95a6872\WindowsLive.Writer.FileDestinations.ni.dll
+ 2010-09-08 09:25 . 2010-09-08 09:25 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\04e7ef2d8545a00c02785510b5241954\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2010-09-08 09:25 . 2010-09-08 09:25 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\444d1898f2314d2fecca13a1d381ecbb\WindowsLive.Client.ni.dll
+ 2010-09-08 09:28 . 2010-09-08 09:28 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\60ecc5c53d5ba77c9c40d01e5af58246\WindowsFormsIntegration.ni.dll
+ 2010-09-08 09:25 . 2010-09-08 09:25 284160 c:\windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\5fca4cf79edbead3c27e728d61338440\VistaBridgeLibrary.ni.dll
+ 2010-09-08 09:25 . 2010-09-08 09:25 477184 c:\windows\assembly\NativeImages_v2.0.50727_32\VDialog\87355cf252e21a762893a17297c22081\VDialog.ni.dll
+ 2010-09-08 09:25 . 2010-09-08 09:25 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\9df5076cb69aeb3101fd624ad4f499b0\UIAutomationTypes.ni.dll
+ 2010-09-08 09:27 . 2010-09-08 09:27 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\a45d53185f7690a65a8c1bb758f14d40\UIAutomationClient.ni.dll
+ 2010-09-08 09:28 . 2010-09-08 09:28 235520 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\282b33969e987f3c2dafaa2e5c5f728b\TaskScheduler.ni.dll
+ 2010-09-08 09:28 . 2010-09-08 09:28 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\5fc514748fdde7be8871044e0102f208\System.Xml.Linq.ni.dll
+ 2010-09-08 09:28 . 2010-09-08 09:28 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\07efa566dfb7e3367085d310e55f677f\System.Web.Routing.ni.dll
+ 2010-09-08 09:24 . 2010-09-08 09:24 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\7735dbcd7f5280a01ec1e9ebfbfd9564\System.Web.RegularExpressions.ni.dll
+ 2010-09-08 09:28 . 2010-09-08 09:28 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\cb9bb30db142c3f856202fae6efd755d\System.Web.Extensions.Design.ni.dll
+ 2010-09-08 09:28 . 2010-09-08 09:28 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\309dc95f10521331d7813e54946d164d\System.Web.Entity.ni.dll
+ 2010-09-08 09:28 . 2010-09-08 09:28 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\3bbf6be655c227fed53b4d7c1758b741\System.Web.Entity.Design.ni.dll
+ 2010-09-08 09:28 . 2010-09-08 09:28 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\2598e27d1f0d6cf86b1f2ea605379b49\System.Web.DynamicData.ni.dll
+ 2010-09-08 09:28 . 2010-09-08 09:28 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\371304d76734059d69e93c7c7c5f3f87\System.Web.Abstractions.ni.dll
+ 2010-09-08 09:24 . 2010-09-08 09:24 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9f38a2b0adadce82d09209811af4043e\System.Transactions.ni.dll
+ 2010-09-08 09:24 . 2010-09-08 09:24 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\33891c1f2a8120a3b7bb463cc6f97438\System.ServiceProcess.ni.dll
+ 2010-09-08 09:24 . 2010-09-08 09:24 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\b5d2d15c9453a01b8761bf19afd1ccb6\System.Security.ni.dll
+ 2010-09-08 09:24 . 2010-09-08 09:24 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e6beeb0283ef0a1e2c1b65fa05bf2876\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-09-08 09:24 . 2010-09-08 09:24 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6c2e750e360af7a54a6713cf66920869\System.Runtime.Remoting.ni.dll
+ 2010-09-08 09:28 . 2010-09-08 09:28 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\a151e0db5d00543aecc4eaae05d8c7b1\System.Net.ni.dll
+ 2010-09-08 09:26 . 2010-09-08 09:26 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\dab204b4ba2212740f4c0f1563f37696\System.Messaging.ni.dll
+ 2010-09-08 09:24 . 2010-09-08 09:24 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\7187abb11454f0dece04ed04dea43929\System.Management.ni.dll
+ 2010-09-08 09:28 . 2010-09-08 09:28 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\4aead7d6a1a6ab1c9e73c6c5f0dc8c1b\System.Management.Instrumentation.ni.dll
+ 2010-09-08 09:28 . 2010-09-08 09:28 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\937481e0aef42993453207c3a0f8bc55\System.IO.Log.ni.dll
+ 2010-09-08 09:26 . 2010-09-08 09:26 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\96102bf56b1e4d8924eac8818ea68820\System.IdentityModel.Selectors.ni.dll
+ 2010-09-08 09:24 . 2010-09-08 09:24 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\32e6bf88bb0dcdad040abc8ad97cab83\System.EnterpriseServices.Wrapper.dll
+ 2010-09-08 09:24 . 2010-09-08 09:24 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\32e6bf88bb0dcdad040abc8ad97cab83\System.EnterpriseServices.ni.dll
+ 2010-09-08 09:21 . 2010-09-08 09:21 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\373c6551ad640a1de178a5f7becd41fd\System.Drawing.Design.ni.dll
+ 2010-09-08 09:24 . 2010-09-08 09:24 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a96524c7c097d56fcc70dd505debcc1d\System.DirectoryServices.Protocols.ni.dll
+ 2010-09-08 09:28 . 2010-09-08 09:28 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\51747c9fabada4a2f0c4def76613c6cd\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-09-08 09:28 . 2010-09-08 09:28 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\eed47170f4b867402cbb44915f45f298\System.Data.Services.Design.ni.dll
+ 2010-09-08 09:28 . 2010-09-08 09:28 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3097f90ab5e29e5eb0d8c433000acf16\System.Data.Services.Client.ni.dll
+ 2010-09-08 09:28 . 2010-09-08 09:28 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\6c294d7fba114025a3f4f330cf541c7e\System.Data.Entity.Design.ni.dll
+ 2010-09-08 09:27 . 2010-09-08 09:27 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\e404c37e48fe5eafa395333520045a24\System.Data.DataSetExtensions.ni.dll
+ 2010-09-08 09:24 . 2010-09-08 09:24 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ca467e23bbfcffac8809b9e21dcbd9a6\System.Configuration.ni.dll
+ 2010-09-08 09:24 . 2010-09-08 09:24 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\5904e3d51b6d7628ed01c0f5345e5ff6\System.Configuration.Install.ni.dll
+ 2010-09-08 09:27 . 2010-09-08 09:27 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\b56f5ff3e814e0a4e83231153cde0d0e\System.AddIn.ni.dll
+ 2010-09-08 09:28 . 2010-09-08 09:28 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\aa85f92b421a8ca0af79b376f37e51fb\sysglobl.ni.dll
+ 2010-09-08 09:27 . 2010-09-08 09:27 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\3229c727887ebc9f4065e0cd12d05e2d\SMSvcHost.ni.exe
+ 2010-09-08 09:26 . 2010-09-08 09:26 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\93c834845cbbddae777d614b2d0f8f95\SMDiagnostics.ni.dll
+ 2010-09-08 09:27 . 2010-09-08 09:27 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\70e0d7f2c857c3566aa82053c199e696\ServiceModelReg.ni.exe
+ 2010-09-08 09:25 . 2010-09-08 09:25 483840 c:\windows\assembly\NativeImages_v2.0.50727_32\QSUI\fc28c77220c35a519d98193ec3bf7535\QSUI.ni.exe
+ 2010-09-08 09:20 . 2010-09-08 09:20 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bc66d228134a22312c0e1b66dedb6355\PresentationFramework.Royale.ni.dll
+ 2010-09-08 09:20 . 2010-09-08 09:20 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6d23ebf0175664d7a8579e2762cae3d0\PresentationFramework.Luna.ni.dll
+ 2010-09-08 09:20 . 2010-09-08 09:20 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\60e971a87bbff522188ae9c6985f40b9\PresentationFramework.Aero.ni.dll
+ 2010-09-08 09:20 . 2010-09-08 09:20 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2748627bab39e441420b5cdf329c6be1\PresentationFramework.Classic.ni.dll
+ 2010-09-08 09:27 . 2010-09-08 09:27 724992 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\2f105c5bb0901401129bf03e8e71cc94\napsnap.ni.dll
+ 2010-09-08 09:27 . 2010-09-08 09:27 110080 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\974e310546d192d00c5fd8b1f9650e79\napinit.ni.dll
+ 2010-09-08 09:27 . 2010-09-08 09:27 115712 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\61baa41cfd0504ef33ec7e13df3c170d\naphlpr.ni.dll
+ 2010-09-08 09:24 . 2010-09-08 09:24 286208 c:\windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\349115f0f3d74a19757ddf35525b2c6c\MyDock.Util.ni.dll
+ 2010-09-08 09:26 . 2010-09-08 09:26 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\2a571636031f617332a0abbaf5c3f084\MSBuild.ni.exe
+ 2010-09-08 09:26 . 2010-09-08 09:26 285184 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\d986a5602301ae525f12aab511e93c4e\MMCFxCommon.ni.dll
+ 2010-09-08 09:27 . 2010-09-08 09:27 508928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\a7e186f3f4cd626f3bb351d03488dbc2\Microsoft.WSMan.Management.ni.dll
+ 2010-09-08 09:27 . 2010-09-08 09:27 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\28d7f58060857b4cf2c63be26048cb65\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-09-08 09:26 . 2010-09-08 09:26 737792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\eaee53b7d427502889a212b816ef1bd9\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2010-09-08 09:26 . 2010-09-08 09:26 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\e64e0bfc4bb5ba177e140ea118bba1d5\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2010-09-08 09:27 . 2010-09-08 09:27 729600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\a528421be3cedbafeeae95b7e9491320\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2010-09-08 09:27 . 2010-09-08 09:27 156160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\8a9afa1596f09efb40ee219ca55f88e6\Microsoft.PowerShell.Security.ni.dll
+ 2010-09-08 09:26 . 2010-09-08 09:26 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\62c2d83ee6b7c341a7bbfba0ab33b560\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2010-09-08 09:26 . 2010-09-08 09:26 558592 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\6f1906228f69deb64dd61d0e5131e503\Microsoft.ManagementConsole.ni.dll
+ 2010-09-08 09:26 . 2010-09-08 09:26 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\6c824af5aeae3dd7beb68403481e4067\Microsoft.Build.Utilities.ni.dll
+ 2010-09-08 09:26 . 2010-09-08 09:26 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\287c1915da744bdf10ec4feb443d17cb\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-09-08 09:26 . 2010-09-08 09:26 888320 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\b6fc09b42edaabcc0f8f6ed5cd825736\Microsoft.Build.Engine.ni.dll
+ 2010-09-08 09:26 . 2010-09-08 09:26 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\9684b6d4d7467b94b04faf8e477bab0f\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-09-08 09:26 . 2010-09-08 09:26 543744 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\dbb5ef49b7916ce0a2cf60ff3afb5e70\EventViewer.ni.dll
+ 2010-09-08 09:26 . 2010-09-08 09:26 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\df51961ed496f46601dd0bb255a31161\CustomMarshalers.ni.dll
+ 2010-09-08 09:26 . 2010-09-08 09:26 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\7212937280ee06b0ef45b41651516be8\ComSvcConfig.ni.exe
+ 2010-09-08 09:24 . 2010-09-08 09:24 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\c36ac9c6cd9b8d58c34fa0c965770c18\AspNetMMCExt.ni.dll
+ 2010-09-07 22:21 . 2010-05-19 11:41 5819728 c:\windows\winsxs\x86_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.0.6002.22409_none_1b6ad74448dc3881\mscorwks.dll
+ 2010-09-07 22:21 . 2010-05-21 10:56 5813072 c:\windows\winsxs\x86_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.0.6002.18260_none_323f4cec2f2e898b\mscorwks.dll
+ 2010-09-07 22:21 . 2010-05-19 11:39 4550656 c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6002.22409_none_b0c40856db54d3fc\mscorlib.dll
+ 2010-09-07 22:21 . 2010-05-21 10:56 4550656 c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6002.18260_none_c7987dfec1a72506\mscorlib.dll
+ 2010-09-07 22:21 . 2010-06-21 13:47 2045952 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.22428_none_bb55f649b0d3b032\win32k.sys
+ 2010-09-07 22:21 . 2010-06-21 13:37 2037760 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.18275_none_ba93471e97e152f1\win32k.sys
+ 2010-09-07 22:21 . 2010-06-21 13:25 2036736 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22716_none_b97853b9b3a70c6f\win32k.sys
+ 2010-09-07 22:21 . 2010-06-21 13:18 2036736 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18496_none_b89833c29aca51df\win32k.sys
+ 2010-09-07 22:21 . 2010-06-08 18:04 3550600 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22420_none_6e8adbdfca772e22\ntoskrnl.exe
+ 2010-09-07 22:21 . 2010-06-08 18:04 3601792 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22420_none_6e8adbdfca772e22\ntkrnlpa.exe
+ 2010-09-07 22:21 . 2010-06-08 17:35 3548040 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18267_none_6ddcff84b173b256\ntoskrnl.exe
+ 2010-09-07 22:21 . 2010-06-08 17:35 3600768 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18267_none_6ddcff84b173b256\ntkrnlpa.exe
+ 2010-09-07 22:21 . 2010-06-08 16:47 3548552 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22707_none_6cc10bd5cd3a527d\ntoskrnl.exe
+ 2010-09-07 22:21 . 2010-06-08 16:47 3600784 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22707_none_6cc10bd5cd3a527d\ntkrnlpa.exe
+ 2010-09-07 22:21 . 2010-06-08 17:00 3545992 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18488_none_6be1ec28b45cb144\ntoskrnl.exe
+ 2010-09-07 22:21 . 2010-06-08 17:00 3598216 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18488_none_6be1ec28b45cb144\ntkrnlpa.exe
+ 2010-09-07 22:20 . 2010-07-13 10:54 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22447_none_f4d3f69181d85824\OESpamFilter.dat
+ 2010-09-07 22:20 . 2010-07-13 10:53 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18281_none_f419167468e092ed\OESpamFilter.dat
+ 2010-09-07 22:20 . 2010-07-13 10:53 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22729_none_f3052515849ffdcc\OESpamFilter.dat
+ 2010-09-07 22:20 . 2010-07-13 10:52 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18500_none_f28823a26b7a44ea\OESpamFilter.dat
+ 2010-09-07 22:21 . 2010-06-11 16:31 1248768 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6002.22422_none_8acabb6dad2870a4\msxml3.dll
+ 2010-09-07 22:21 . 2010-06-11 16:15 1248768 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6002.18269_none_8a1cdf129424f4d8\msxml3.dll
+ 2010-09-07 22:21 . 2010-06-11 15:25 1257472 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.22709_none_8900eb63afeb94ff\msxml3.dll
+ 2010-09-07 22:21 . 2010-06-11 15:30 1257472 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18490_none_880cf8e6971f1251\msxml3.dll
+ 2010-09-07 22:22 . 2010-06-26 06:48 1987072 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.23040_none_2aeb0342bb8fade9\iertutil.dll
+ 2010-09-07 22:22 . 2010-06-26 06:02 1986560 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18943_none_2a649119a26f2409\iertutil.dll
+ 2010-09-07 22:22 . 2010-06-26 06:49 5954560 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.23040_none_f68a6b855134f8c2\mshtml.dll
+ 2010-09-07 22:22 . 2010-06-26 06:03 5951488 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18943_none_f603f95c38146ee2\mshtml.dll
+ 2010-09-07 22:21 . 2010-06-26 06:51 1211904 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.23040_none_982a70c505d568f9\urlmon.dll
+ 2010-09-07 22:21 . 2010-06-26 06:05 1210368 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.18943_none_97a3fe9becb4df19\urlmon.dll
+ 2010-09-07 22:21 . 2010-06-26 06:05 1210368 c:\windows\System32\urlmon.dll
+ 2006-11-02 10:22 . 2010-09-09 18:21 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2010-09-08 06:24 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2010-04-14 06:44 . 2010-02-18 14:07 3548040 c:\windows\System32\ntoskrnl.exe
+ 2010-09-07 22:21 . 2010-06-08 17:35 3548040 c:\windows\System32\ntoskrnl.exe
+ 2010-09-07 22:21 . 2010-06-08 17:35 3600768 c:\windows\System32\ntkrnlpa.exe
- 2009-11-24 20:58 . 2009-08-11 16:44 1248768 c:\windows\System32\msxml3.dll
+ 2010-09-07 22:21 . 2010-06-11 16:15 1248768 c:\windows\System32\msxml3.dll
+ 2010-09-07 22:22 . 2010-06-26 06:03 5951488 c:\windows\System32\mshtml.dll
+ 2010-01-27 01:07 . 2010-09-08 10:31 5969360 c:\windows\System32\Macromed\Flash\NPSWF32.dll
+ 2010-09-07 22:22 . 2010-06-26 06:02 1986560 c:\windows\System32\iertutil.dll
+ 2010-04-20 01:47 . 2010-04-20 01:47 3062048 c:\windows\System32\DriverStore\FileRepository\usbaapl.inf_bd0865d8\usbaaplrc.dll
- 2009-05-28 00:38 . 2010-09-08 06:32 1949696 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-28 00:38 . 2010-09-09 18:27 1949696 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 12:45 . 2010-03-11 09:08 4204822 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2006-11-02 12:45 . 2010-09-08 09:19 4204822 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2010-09-07 22:21 . 2010-05-21 10:56 5813072 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2009-10-15 08:02 . 2009-09-04 06:58 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2010-09-07 22:21 . 2010-05-21 10:56 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2010-06-28 21:01 . 2010-06-28 21:01 7677952 c:\windows\Installer\2c3d4d.msp
+ 2010-05-25 16:45 . 2010-05-25 16:45 8445440 c:\windows\Installer\2c3d36.msp
+ 2010-06-11 22:55 . 2010-06-11 22:55 1827328 c:\windows\Installer\2c3d1d.msp
+ 2010-07-09 22:28 . 2010-07-09 22:28 2151424 c:\windows\Installer\2c3d03.msp
+ 2010-06-29 03:53 . 2010-06-29 03:53 6819840 c:\windows\Installer\2c3ced.msp
+ 2009-01-15 08:35 . 2009-01-15 08:35 4830720 c:\windows\Installer\2c3cd7.msp
+ 2010-09-08 08:21 . 2010-09-08 08:21 2317312 c:\windows\Installer\2c3cc8.msi
+ 2010-07-26 22:02 . 2010-07-26 22:02 5519360 c:\windows\Installer\2c3ca2.msp
+ 2010-07-11 01:14 . 2010-07-11 01:14 2850816 c:\windows\Installer\2c3c8b.msp
+ 2010-09-08 18:11 . 2010-09-08 18:11 6478336 c:\windows\Installer\1e47308.msi
+ 2010-09-08 18:05 . 2010-09-08 18:05 3084800 c:\windows\Installer\1e46af0.msi
+ 2009-05-27 23:44 . 2010-09-08 08:26 1099104 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksSb.exe
- 2009-05-27 23:44 . 2009-06-13 08:00 1099104 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksSb.exe
- 2009-05-27 23:44 . 2009-06-13 08:00 1242464 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksdb.exe
+ 2009-05-27 23:44 . 2010-09-08 08:26 1242464 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksdb.exe
+ 2007-05-10 18:43 . 2007-05-10 18:43 6688096 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSACCESS.EXE
+ 2007-11-28 10:33 . 2007-11-28 10:33 2901344 c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F22194_wksssdb.dll
+ 2010-08-01 01:54 . 2010-08-01 01:54 8007680 c:\windows\assembly\temp\G8UH3PCYK7\Microsoft.mshtml.dll
+ 2010-09-08 07:22 . 2010-09-08 07:22 1055744 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\5904383f7c86f1374a14198872dfa7d8\UIAutomationClientsideProviders.ni.dll
+ 2010-09-08 07:22 . 2010-09-08 07:22 4496384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\9cf13572472dc2efe8f3b7c2ab6198d3\System.Windows.Forms.DataVisualization.ni.dll
+ 2010-09-08 07:22 . 2010-09-08 07:22 1828352 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\87e09dfbe3a44d6b00d3a5895f5a21a6\System.Web.Services.ni.dll
+ 2010-09-08 07:21 . 2010-09-08 07:21 1992192 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\61a931da70f8078539a51cef3888d02d\System.Speech.ni.dll
+ 2010-09-08 07:21 . 2010-09-08 07:21 1127424 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\dbf07cb14b4dcc210cdf8b5d90a12a56\System.ServiceModel.Discovery.ni.dll
+ 2010-09-08 07:21 . 2010-09-08 07:21 1388032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\52481fccddb053768631c640d5059d4b\System.ServiceModel.Activities.ni.dll
+ 2010-09-08 09:25 . 2010-09-08 09:25 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\fda64862db9dfa315c48715fe4db36dd\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2010-09-08 09:25 . 2010-09-08 09:25 2018816 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d756e75f1c0ac260da982d5cf45ced27\WindowsLive.Writer.CoreServices.ni.dll
+ 2010-09-08 09:25 . 2010-09-08 09:25 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6a92048f0c2ba88211df66fe63d81046\WindowsLive.Writer.PostEditor.ni.dll
+ 2010-09-08 09:20 . 2010-09-08 09:20 3325952 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c7397dc3e95ddda32dd9ad6c3ce38019\WindowsBase.ni.dll
+ 2010-09-08 09:28 . 2010-09-08 09:28 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f599411410c58b574703eb522bc318e\UIAutomationClientsideProviders.ni.dll
+ 2010-09-08 09:20 . 2010-09-08 09:20 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\ed6ae2749d12c4729ee43ff339de4bb8\System.ni.dll
+ 2010-09-08 09:21 . 2010-09-08 09:21 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\88593f5f0fc6de5d5f4a85aa2b1466f3\System.Xml.ni.dll
+ 2010-09-08 09:28 . 2010-09-08 09:28 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\c2f18081b5d836e6231fd79b684a6f86\System.WorkflowServices.ni.dll
+ 2010-09-08 09:21 . 2010-09-08 09:21 1911296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\dd88f37f1c35c4c449dbbdacb8c5dccc\System.Workflow.Runtime.ni.dll
+ 2010-09-08 09:21 . 2010-09-08 09:21 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\04a684bdfb5938f0052650cb253983bf\System.Workflow.ComponentModel.ni.dll
+ 2010-09-08 09:21 . 2010-09-08 09:21 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\77e3806584727e882dd8f0d04beb2abe\System.Workflow.Activities.ni.dll
+ 2010-09-08 09:24 . 2010-09-08 09:24 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2479988f1fa243fe4b9c8b261620191d\System.Web.Services.ni.dll
+ 2010-09-08 09:28 . 2010-09-08 09:28 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\7f1540fb7e3f32852e885e54e032d3cb\System.Web.Mobile.ni.dll
+ 2010-09-08 09:28 . 2010-09-08 09:28 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\1092e6f0382fd93a027cd450466971b1\System.Web.Extensions.ni.dll
+ 2010-09-08 09:28 . 2010-09-08 09:28 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\f030a2f4334cf1d2cd15f6f0c79985ae\System.Speech.ni.dll
+ 2010-09-08 09:28 . 2010-09-08 09:28 1705984 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\cf2b1dc50e5b12378dcc342ecb1f4624\System.ServiceModel.Web.ni.dll
+ 2010-09-08 09:26 . 2010-09-08 09:26 2346496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\ea3e8cee7c10a120515149a633a7a2de\System.Runtime.Serialization.ni.dll
+ 2010-09-08 09:25 . 2010-09-08 09:25 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\8a321bc80e196ea1a25ecc4c0ce12568\System.Printing.ni.dll
+ 2010-09-08 09:26 . 2010-09-08 09:26 8365056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\70e9376b793bc8e1762db1ab8308b895\System.Management.Automation.ni.dll
+ 2010-09-08 09:26 . 2010-09-08 09:26 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\7000f5568c75ad5357d7d443e265456b\System.IdentityModel.ni.dll
+ 2010-09-08 09:21 . 2010-09-08 09:21 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\887fa2d6b76e7302b0c664effad4f91f\System.Drawing.ni.dll
+ 2010-09-08 09:24 . 2010-09-08 09:24 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\9f571d6b546818ce10a382f55137eaa7\System.DirectoryServices.ni.dll
+ 2010-09-08 09:24 . 2010-09-08 09:24 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\7fe837b36e9ba44dcee7b5465d17282e\System.Deployment.ni.dll
+ 2010-09-08 09:21 . 2010-09-08 09:21 6621696 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\cc009a955f4b35c344c2f9aaf453f329\System.Data.ni.dll
+ 2010-09-08 09:24 . 2010-09-08 09:24 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\7916ad24cf12bd19b73abefe981a0e30\System.Data.SqlXml.ni.dll
+ 2010-09-08 09:28 . 2010-09-08 09:28 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\0c5f04a4016dfaa3ac079f34bfaaf28b\System.Data.Services.ni.dll
+ 2010-09-08 09:24 . 2010-09-08 09:24 1119232 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\fb8da45f3873169a502db3cb492b25a0\System.Data.OracleClient.ni.dll
+ 2010-09-08 09:21 . 2010-09-08 09:21 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\94d9826184cb0d2772324c098814d218\System.Data.Linq.ni.dll
+ 2010-09-08 09:28 . 2010-09-08 09:28 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\17e7810a55cc31245af28625d1d8c666\System.Data.Entity.ni.dll
+ 2010-09-08 09:20 . 2010-09-08 09:20 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\f6e32268d4b0127287d722e41bb6b58b\System.Core.ni.dll
+ 2010-09-08 09:25 . 2010-09-08 09:25 2146816 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\c56cdd40df48edbfeb58f11f8ef023b9\ReachFramework.ni.dll
+ 2010-09-08 09:25 . 2010-09-08 09:25 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\c0ae6dcf0d17a79db705a0cf01c8d301\PresentationUI.ni.dll
+ 2010-09-08 09:27 . 2010-09-08 09:27 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\85dfa2585edc672cf9d66573de4ca266\PresentationBuildTasks.ni.dll
+ 2010-09-08 09:27 . 2010-09-08 09:27 2538496 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\de94a577713ca374c08d2512d69e1643\Narrator.ni.exe
+ 2010-09-08 09:27 . 2010-09-08 09:27 1536512 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\a301ed86595ddc85b07e4aab9cf4e251\MMCEx.ni.dll
+ 2010-09-08 09:26 . 2010-09-08 09:26 6340096 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\3b25fb301c8ebd1da13b7769f6c6678e\MIGUIControls.ni.dll
+ 2010-09-08 09:25 . 2010-09-08 09:25 1711616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2a92f46eb0e385a2eafd9b92ad0bedf4\Microsoft.VisualBasic.ni.dll
+ 2010-09-08 09:26 . 2010-09-08 09:26 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\20ec66c02bbe2d66bfecb98b95394e02\Microsoft.Transactions.Bridge.ni.dll
+ 2010-09-08 09:26 . 2010-09-08 09:26 1609728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\cdf8b7a90cc86fb3b4bb866b75d44f52\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2010-09-08 09:27 . 2010-09-08 09:27 3722752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\3ff96258401faa3528524f124ac2f4e6\Microsoft.PowerShell.Editor.ni.dll
+ 2010-09-08 09:27 . 2010-09-08 09:27 1704448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\0889ae9a52278774b2c0595ecc30c064\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2010-09-08 09:25 . 2010-09-08 09:25 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\bca1f9fffa3059a8c36db7c1cd78ba8e\Microsoft.JScript.ni.dll
+ 2010-09-08 09:26 . 2010-09-08 09:26 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\e2191bf9847c0a0af1410ff266678957\Microsoft.Ink.ni.dll
+ 2010-09-08 09:26 . 2010-09-08 09:26 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a6f49ce5533655922d675c3c957106c8\Microsoft.Build.Tasks.ni.dll
+ 2010-09-08 09:26 . 2010-09-08 09:26 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\95d9b86433cabf54e4a7de11daa91030\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-09-08 09:26 . 2010-09-08 09:26 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\00969e3f4559c1a79394b1170e158cbb\Microsoft.Build.Engine.ni.dll
+ 2010-09-08 09:24 . 2010-09-08 09:24 2557952 c:\windows\assembly\NativeImages_v2.0.50727_32\DellDock\7233d446f58940b933f38500937a4154\DellDock.ni.exe
- 2009-10-15 08:02 . 2009-09-04 06:58 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-09-07 22:21 . 2010-05-21 10:56 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-09-07 22:21 . 2010-07-26 18:04 11587072 c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.22454_none_6e6736812864c2a8\shell32.dll
+ 2010-09-07 22:20 . 2010-07-26 15:51 11584512 c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.18287_none_6dc028ea0f5cc58f\shell32.dll
+ 2010-09-07 22:21 . 2010-07-26 16:56 11586560 c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22735_none_6c9764bb2b2d4ef9\shell32.dll
+ 2010-09-07 22:21 . 2010-07-26 16:55 11581440 c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18505_none_6c2e35ce11f75e35\shell32.dll
+ 2010-09-07 22:21 . 2010-06-17 18:27 10926592 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.22426_none_f4c2683b236c5a9c\MOVIEMK.dll
+ 2010-09-07 22:21 . 2010-06-17 18:08 10926592 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.18273_none_f3ffb9100a79fd5b\MOVIEMK.dll
+ 2010-09-07 22:21 . 2010-06-17 17:22 10926592 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.22714_none_f2e4c5ab263fb6d9\MOVIEMK.dll
+ 2010-09-07 22:21 . 2010-06-17 17:15 10926592 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18494_none_f204a5b40d62fc49\MOVIEMK.dll
+ 2010-09-07 22:22 . 2010-06-26 06:48 11078656 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.23040_none_47e9c588dd2a86ef\ieframe.dll
+ 2010-09-07 22:21 . 2010-06-26 06:02 11077120 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18943_none_4763535fc409fd0f\ieframe.dll
+ 2010-09-07 22:20 . 2010-07-26 15:51 11584512 c:\windows\System32\shell32.dll
+ 2006-11-02 10:24 . 2010-08-03 16:09 35962312 c:\windows\System32\mrt.exe
+ 2010-09-07 22:21 . 2010-06-26 06:02 11077120 c:\windows\System32\ieframe.dll
+ 2010-09-09 07:04 . 2010-09-09 07:04 15710720 c:\windows\Installer\4afef8b.msp
+ 2010-06-11 22:52 . 2010-06-11 22:52 45542912 c:\windows\Installer\2c3d1e.msp
+ 2010-09-08 07:21 . 2010-09-08 07:21 17919488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\250b525aa8c17327216e102569c0d766\System.ServiceModel.ni.dll
+ 2010-09-08 09:21 . 2010-09-08 09:21 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d9ab6e29eba6cb0d8459fcbb2c40c1a7\System.Windows.Forms.ni.dll
+ 2010-09-08 09:24 . 2010-09-08 09:24 11801088 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\e1ea6e4d25161658e08fc8d2fa64ec73\System.Web.ni.dll
+ 2010-09-08 09:26 . 2010-09-08 09:26 17404416 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\d1cad83b4223917ed45765ee942dc824\System.ServiceModel.ni.dll
+ 2010-09-08 09:21 . 2010-09-08 09:21 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\7964468060d9f7a9b177eb1c6827936a\System.Design.ni.dll
+ 2010-09-08 09:20 . 2010-09-08 09:20 14328832 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c87cc40b22b2b014f9c0ade54773b6ea\PresentationFramework.ni.dll
+ 2010-09-08 09:20 . 2010-09-08 09:20 12216832 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e53b9c43b17c02a75f2358a24047dd52\PresentationCore.ni.dll
+ 2010-09-08 09:20 . 2010-09-08 09:20 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\98bbdd8c400493ad228b8283665cc9da\mscorlib.ni.dll
+ 2010-09-08 09:25 . 2010-09-08 09:25 15881216 c:\windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\ed09217eca19780cfdafa6009833211a\MenuSkinning.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"Malwarebytes Anti-Malware (reboot)"="c:\aa documents\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
c:\users\Mike's Laptop 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2008-05-04 09:25 167936 ----a-w- c:\program files\DellTPad\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]
2009-11-13 22:15 1807600 ----a-w- c:\program files\Dell DataSafe Online\DataSafeOnline.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell PC TuneUp Startup]
2009-06-23 22:21 314224 ----a-w- c:\program files\iolo\Common\Lib\ioloLManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2009-06-03 19:46 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-03-06 07:58 166424 ----a-w- c:\windows\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-03-21 18:00 174872 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-03-06 07:58 141848 ----a-w- c:\windows\System32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 13:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
2009-03-10 21:07 323216 ----a-w- c:\program files\Napster\napster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-08-28 05:51 36864 ----a-w- c:\windows\OEM02Mon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-12-21 15:58 184320 ----a-w- c:\program files\Dell\MediaDirect\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-03-06 07:58 133656 ----a-w- c:\windows\System32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 10:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-06-08 17:24 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
R0 OCDE;ZTekWare Original CD Emulator Service;c:\windows\System32\Drivers\OCDE.sys
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 dsl-db;Remote Access DB;c:\program files\Common Files\Dell\MySQL\bin\mysqld.exe [2007-09-14 5730304]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 136176]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2008-05-14 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2008-05-14 166384]
R3 F09A7726;F09A7726;c:\windows\system32\F09A7726.exe [2010-09-05 6656]
R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [2008-11-04 22904]
R3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\DRIVERS\PTDMBus.sys [2007-08-18 29952]
R3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\DRIVERS\PTDMMdm.sys [2007-08-18 41856]
R3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\DRIVERS\PTDMVsp.sys [2007-08-18 39936]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-05-14 1120752]
R3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [2009-07-22 245760]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 cdburner;cdburner;c:\windows\system32\DRIVERS\cdburner.sys [2008-07-24 15872]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0300000.087\SYMEFA.SYS [2010-02-02 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0300000.087\BHDrvx86.sys [2010-02-02 258608]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0300000.087\ccHPx86.sys [2010-02-02 482352]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-12-09 20392]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100908.001\IDSvix86.sys [2010-05-28 344112]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
S2 Apache2.2;Remote Access Media Server;c:\program files\Common Files\Dell\apache\bin\httpd.exe [2007-09-21 15872]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 dsl-fs-sync;Remote Access File Sync Service;c:\program files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [2009-01-05 173296]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-06-23 600944]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-06-23 600944]
S2 N360;Norton 360;c:\program files\Norton 360\Norton 360\Engine\3.0.0.135\ccSvcHst.exe [2010-02-02 115560]
S2 uvnc_service;UltraVNC Server;c:\programdata\UltraVNC\winvnc.exe [2008-08-31 1519168]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
S3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [2009-07-24 23096]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\N360\0300000.087\SYMNDISV.SYS [2010-02-02 39984]
S3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2010-04-12 131664]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2010-04-12 91728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
2010-09-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-01 17:51]
2010-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 19:21]
2010-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 19:21]
2010-09-09 c:\windows\Tasks\User_Feed_Synchronization-{F9B73EFE-AB41-450E-AEBD-9732D4DB41BC}.job
- c:\windows\system32\msfeedssync.exe [2010-09-07 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = https://login.yahoo.com/config/mail?.partner=sbc&.intl=us&.done=http%3A%2F%2Fus.mg203.mail.yahoo.com%2Fdc%2Flaunch%3F.partner%3Dsbc%26.gx%3D0%26.rand%3D274h1nr76k4ah
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\MIKE'S~1\AppData\Roaming\Mozilla\Firefox\Profiles\0q7qe93b.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.mg203.mail.yahoo.com/dc/launch?.partner=sbc&.gx=1&.rand=demh6s69mau5m|http://www.rushlimbaugh.com/home/today.guest.html|http://www.facebook.com/Give100ofSomething|http://www.manofest.com/|http://linkiest.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=panda1_0yatb&p=
FF - component: c:\users\Mike's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0q7qe93b.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\users\Mike's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0q7qe93b.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Mike's Laptop\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-09 14:01
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Norton 360\Engine\3.0.0.135\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Norton 360\Engine\3.0.0.135\diMaster.dll\" /prefetch:1"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(5180)
c:\windows\System32\NaturalLanguage6.dll
c:\windows\system32\authui.dll
c:\windows\System32\webcheck.dll
.
Completion time: 2010-09-09 14:05:52
ComboFix-quarantined-files.txt 2010-09-09 19:05
ComboFix2.txt 2010-09-08 07:29
ComboFix3.txt 2010-09-08 07:06
ComboFix4.txt 2010-09-07 08:25
Pre-Run: 60,873,494,528 bytes free
Post-Run: 60,875,059,200 bytes free
- - End Of File - - CDA05EF504CCD391EC602E34C9B0B051
Upload was successful
kevin27_b3d29f
1.5K Posts
0
September 9th, 2010 14:00
Hi Mike,
Things are looking better, and you are quite right about the rootkit infecting a security product, but that is the intention, to infect legitimate files so as to throw us of the track.
Run an online virus scan called Kaspersky from HERE.
2. At the next window Select Update. Allow the Database to update.
Note: If prompted to run or update your Java, then follow the prompts to do so. Kaspersky requires Java to run.
3. Once the Database has finished, under the Scan icon Select My Computer to start the scan. The scan may take a few minutes to complete.
4. Select Scan Report.
5. If any threats were found they will appear in the report
6. Select "Save error report as"
Then in the file name just type in kaspersky
Under "save as type" select text .txt
Save it to your Desktop.
Copy and post the results of the Kaspersky Online scan. If no threats were found then report that as well.
Please post the Kaspersky report back to me for review and please give me a status report on how the system is running.
Thanks.
MikeTheGreaseMa
26 Posts
0
September 10th, 2010 11:00
Hey. Updates are loading now. No problems with the performance about which I have any complaints. Here is the Kapersky report:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, September 10, 2010
Operating system: Microsoft Windows Vista Home Basic Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, September 10, 2010 00:41:36
Records in database: 4209209
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Y:\
Scan statistics:
Objects scanned: 283858
Threats found: 4
Infected objects found: 7
Suspicious objects found: 0
Scan duration: 05:42:42
File name / Threat / Threats count
C:\ProgramData\UltraVNC\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ab 1
C:\Qoobox\Quarantine\C\Program Files\RetrogamerEI\Installr\1.bin\k7EZSETP.dll.vir Infected: not-a-virus:AdWare.Win32.FunWeb.fa 1
C:\Users\All Users\UltraVNC\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ab 1
C:\Users\Mike's Laptop\Documents\Dish Network info.exe Infected: not-a-virus:NetTool.Win32.LocatePC.a 1
C:\Users\Mike's Laptop\SysinternalsSuite\psexec.exe Infected: not-a-virus:RemoteAdmin.Win32.PsExec.b 1
C:\Users\Mike's Laptop\SysinternalsSuite.zip Infected: not-a-virus:RemoteAdmin.Win32.PsExec.b 1
Y:\Drive_C\Users\Mike's Laptop\SysinternalsSuite.zip Infected: not-a-virus:RemoteAdmin.Win32.PsExec.b 1
Selected area has been scanned.
Thought about just deleting all those items above, but figured it was best to wait for your suggestions. That seems to have worked quite well for me lately!!!
Thanks!
kevin27_b3d29f
1.5K Posts
0
September 10th, 2010 14:00
Hi Mike,
Good Work,
There is nothing in the Kaspersky log that we have to worry about, one item is in Combofix's quarantine folder id is totally harmless and the other items are all related to network files or security files.
Please post me a fresh set of DDS log's as I think we can start tiding up.
Thanks.