Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware Suspected cause of xcpip.sys BSOD


  • Please log in to reply

#1
HDL

HDL

    Member

  • Member
  • PipPip
  • 24 posts
I created the thread http://www.geekstogo...-xcpipsys-bsod/ and was told the problem may be related to malware and to post in this forum. I'm sorry if the title's not descriptive enough but I don't know the name of the infection.

My computer crashes frequently when it tries to connect to the internet. I sometimes get a blue screen message saying "driver irql not less or equal" message which will sometimes point to xcpip.sys. I assumed it was a hardware error.

Alongside the various issues recounted in the other thread (I'm not sure which are relevant to the issue in hand but I can easily copy/paste everything over here if it's needed) I've also been unable to use Windows Security Center since I last tried to remove some malware (which was over a year ago). I can't remember the name of the malware, it was a nasty one which does the fake security centre, hides files, stops browsers working and keeps trying to redirect them while trying to scam me out of money for its fake programme. I followed some step by step instructions to remove it and thought I had succeeded. However since then, my computer won't do the windows automatic updates, and I keep getting the computer is unprotected bubble when I first boot up my computer, despite having Zone Alarm Firewall and AVG AntiVirus installed.

I ran the quickscan with OTL. The results are below. If that was the wrong scan to do let me know and I'll run another one.

***

OTL logfile created on: 19/07/2012 08:58:34 - Run 3
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

959.36 Mb Total Physical Memory | 222.66 Mb Available Physical Memory | 23.21% Memory free
2.31 Gb Paging File | 1.29 Gb Available in Paging File | 55.79% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 47.31 Gb Free Space | 20.31% Space Free | Partition Type: NTFS

Computer Name: SN641054970330 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\iWin Games\iWinTrusted.exe (iWin Inc.)
PRC - C:\Program Files\AskBarDis\bar\bin\AskService.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mabinogi\npkcmsvc.exe (INCA Internet Co., Ltd.)
PRC - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe ()
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe (THOMSON Telecom Belgium)
PRC - C:\APPS\ABOARD\ABOARD.EXE (NEC Computers International)
PRC - C:\APPS\ABOARD\AOSD.EXE (NEC Computers International)
PRC - C:\Program Files\Common Files\X10\Common\X10nets.exe (X10)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2native.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e78bf355\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_88c05fce\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_64bfb806\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_a7ec5158\system.windows.forms.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_82ed7507\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - C:\Program Files\AskBarDis\bar\bin\AskService.exe ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()


========== Win32 Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (vsmon) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (iWinTrusted) -- C:\Program Files\iWin Games\iWinTrusted.exe (iWin Inc.)
SRV - (npggsvc) -- C:\WINDOWS\system32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (ASKService) -- C:\Program Files\AskBarDis\bar\bin\AskService.exe ()
SRV - (npkcmsvc) -- C:\Program Files\Mabinogi\npkcmsvc.exe (INCA Internet Co., Ltd.)
SRV - (USBDeviceService) -- C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe ()
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (x10nets) -- C:\Program Files\Common Files\X10\Common\X10nets.exe (X10)


========== Driver Services (SafeList) ==========

DRV - (xpsec) -- C:\WINDOWS\system32\drivers\xpsec.sys File not found
DRV - (xgh2n6454.sys) -- C:\WINDOWS\system32\drivers\xgh2n6454.sys File not found
DRV - (xcpip) -- C:\WINDOWS\system32\drivers\xcpip.sys File not found
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (npkcrypt) -- C:\Program Files\Mabinogi\npkcrypt.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (X10Hid) -- C:\WINDOWS\system32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\system32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\system32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\system32\drivers\sfhlp02.sys (Protection Technology)
DRV - (ATWPKT2) -- C:\Program Files\Common Files\AOL\ACS\ATWPkt2.sys (America Online)
DRV - (RTL8023) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys (Realtek Semiconductor Corporation )
DRV - (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\WINDOWS\system32\drivers\alcan5wn.sys (THOMSON)
DRV - (alcaudsl) -- C:\WINDOWS\system32\drivers\alcaudsl.sys (THOMSON)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://format.packar...se=6&key=SEARCH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2645238
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2504091
IE - HKCU\..\SearchScopes\{E08A9998-D98F-476f-8F5C-37C80FE0A4DA}: "URL" = http://start.iplay.c...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@otee.dk/UnityWebPlayer: C:\Program Files\OverTheEdge\Unity\WebPlayer\loader\npUnityWeb32.dll (OverTheEdge I/S)
FF - HKLM\Software\MozillaPlugins\@real.com/npmozax: C:\Program Files\Mozilla Firefox\plugins\ [2012/07/04 14:20:36 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1069: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\Documents and Settings\All Users\Application Data\RealArcade\npraclient.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\PROGRA~1\SONYON~1\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\Program Files\iWin Games\firefox\ [2010/10/17 12:17:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/20 10:02:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/03/10 00:38:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/23 16:46:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/16 13:40:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/04 14:20:36 | 000,000,000 | ---D | M]

[2009/01/10 21:13:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2012/07/19 08:58:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nj9eh881.default\extensions
[2012/07/19 08:58:12 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nj9eh881.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2012/07/16 08:07:19 | 000,000,000 | ---D | M] (ZoneAlarm Security Community Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nj9eh881.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
[2009/08/05 13:39:55 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nj9eh881.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011/08/18 16:24:50 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nj9eh881.default\searchplugins\conduit.xml
[2011/11/11 20:48:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/17 05:12:17 | 000,525,445 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NJ9EH881.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/06/21 07:26:56 | 000,109,964 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NJ9EH881.DEFAULT\EXTENSIONS\[email protected]
[2012/02/23 16:46:56 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/06/16 13:40:09 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2005/12/05 23:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2009/03/30 17:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npraclient.dll
[2005/04/27 21:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npracplug.dll
[2012/04/25 22:02:52 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/02 09:06:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/25 22:02:52 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/04/25 22:02:52 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/04/25 22:02:55 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2009/11/08 08:55:12 | 000,000,609 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober2309578.gif
[2009/11/20 04:23:35 | 000,000,175 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober2309578.src
[2012/04/25 22:02:52 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - homepage: about:blank
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: about:blank
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealArcade NPAPI Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npraclient.dll
CHR - plugin: RealArcade Mozilla Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Free Realms Installer (Enabled) = C:\PROGRA~1\SONYON~1\npsoe.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Unity Web Player (Enabled) = C:\Program Files\OverTheEdge\Unity\WebPlayer\loader\npUnityWeb32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SRDotDX - FPX = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\effedicllnelcnimmpjhgmgfjjegimdh\0.0.9_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/07/03 06:09:38 | 000,000,143 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 209.44.111.62 antispy.microsoft.com
O1 - Hosts: 209.44.111.62 antiaware-pro.com
O1 - Hosts: 209.44.111.62 www.antiaware-pro.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon0.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files\ZoneAlarm_Security\prxtbZon0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [ACTIVBOARD] c:\APPS\ABOARD\ABOARD.EXE (NEC Computers International)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [NetMeter] C:\Program Files\NetMeter\NetMeter.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Tiscali Broadband.lnk = File not found
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Tiscali Broadband.lnk = File not found
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file://C:\Program Files\Wizard's Pen\Images\stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://www.pcpitstop...cpConnCheck.cab (iCC Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.systemreq...sreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...C_2.3.9.113.cab (CDownloadCtrl Object)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.sy...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemreq.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1323113197203 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.co...ploader_v10.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F7BA24A-AC9B-4F10-B2AA-7824C6FBF0B4}: NameServer = 212.139.132.10 212.139.132.11
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b2d5fe4d-3ce9-11dc-afad-00038a000015}\Shell\AutoRun\command - "" = I:\healthcheck.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/19 01:09:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\virus
[2012/07/19 01:03:23 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/07/18 16:53:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WhoCrashed
[2012/07/18 16:53:26 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2012/07/04 15:07:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\eSupport.com
[2012/07/04 14:22:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Sun
[2012/07/04 14:20:58 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/07/04 14:20:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Oracle
[2012/06/20 10:30:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\test
[2009/09/29 20:00:00 | 000,057,369 | ---- | C] (Chris Jones) -- C:\Program Files\winsetup.exe
[2009/09/29 19:59:58 | 008,421,321 | ---- | C] (Chris Jones) -- C:\Program Files\Awakener.exe
[2007/12/05 03:58:36 | 001,071,886 | ---- | C] (Blizzard Entertainment) -- C:\Program Files\WoW-2.0.0-enUS-Installer-downloader.exe
[2007/08/05 21:13:23 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/19 09:07:03 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1936352823-199163826-2050354253-1006UA.job
[2012/07/19 09:00:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Setup my PC.job
[2012/07/19 08:18:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/19 05:07:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1936352823-199163826-2050354253-1006Core.job
[2012/07/19 01:03:24 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/07/18 16:53:29 | 000,000,709 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\WhoCrashed.lnk
[2012/07/18 09:31:55 | 000,001,625 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Trillian.lnk
[2012/07/18 09:29:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/18 09:29:04 | 1006,030,848 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/16 10:09:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/07/11 23:20:32 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/07/03 20:21:14 | 063,816,521 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/06/29 22:28:28 | 000,558,133 | ---- | M] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/06/26 10:47:26 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/20 17:43:13 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/18 16:53:29 | 000,000,709 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\WhoCrashed.lnk
[2012/07/17 02:18:00 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/10 02:42:25 | 1006,030,848 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/29 22:28:39 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2011/05/19 12:00:37 | 000,002,918 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fu0jj71k55a55h17532f15ia7r0ql7u208ra006w34uxh
[2011/05/19 12:00:37 | 000,002,918 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\fu0jj71k55a55h17532f15ia7r0ql7u208ra006w34uxh
[2011/02/23 14:25:53 | 000,063,284 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/14 14:36:28 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/11/17 20:10:40 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\0bwolrd1wdqru4ealfetm4uowocesisxvjnx5jmbhgh
[2009/09/29 20:00:02 | 000,000,265 | ---- | C] () -- C:\Program Files\acsetup.cfg
[2009/09/29 19:40:20 | 004,065,964 | ---- | C] () -- C:\Program Files\music.vox
[2009/02/16 13:14:10 | 000,012,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\slot1.mm1
[2008/05/06 20:43:18 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/23 17:39:47 | 000,000,665 | ---- | C] () -- C:\Documents and Settings\Owner\Rollerdex.cfg
[2008/03/31 04:58:18 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2007/09/16 00:50:43 | 000,000,032 | R--- | C] () -- C:\Documents and Settings\All Users\hash.dat
[2007/09/08 08:48:51 | 000,002,292 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2007/07/28 11:49:56 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2002/07/01 15:13:30 | 000,000,243 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\system16driver.dat
[2002/07/01 15:13:30 | 000,000,228 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\phax.dat
[2002/07/01 15:13:30 | 000,000,224 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\menustart32.dat
[2002/07/01 15:13:30 | 000,000,224 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\login_setup.dat

========== LOP Check ==========

[2009/04/27 23:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2008/03/08 05:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3 Blokes Studios
[2010/03/25 00:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Absolutist
[2010/08/14 14:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Academagia
[2007/11/15 21:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amju Pet Zoo
[2010/06/07 06:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artist Colony
[2009/01/07 18:55:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ashtons. Family Resort
[2008/07/02 02:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astar Games
[2011/04/30 16:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2007/12/01 16:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Awem
[2009/09/15 17:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BarbarianGames
[2011/11/04 17:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2010/06/10 09:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Buried In Time
[2009/08/04 20:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CasualForge
[2010/02/02 10:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cateia Games
[2007/09/23 15:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2011/04/30 16:02:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/18 08:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CrioGames
[2008/06/05 17:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DigitalChocolate
[2009/09/02 17:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dingogames
[2009/01/23 17:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DivoGames
[2009/06/25 08:33:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeFromParadise2
[2008/07/01 18:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Farm Frenzy
[2009/02/20 14:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy-PizzaParty
[2008/08/30 08:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
[2009/09/12 06:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3
[2010/02/09 18:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_America
[2010/04/13 18:35:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Arctica
[2011/03/21 09:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy_Rome
[2011/10/27 18:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy_Vikings
[2008/03/28 00:05:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fashion Solitaire 1.2
[2009/12/30 18:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fenomen Games
[2008/10/07 19:21:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fitn17
[2009/11/20 22:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2008/07/08 15:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames
[2011/05/23 01:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2008/12/16 01:22:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2010/07/03 21:47:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamers Digital
[2009/11/20 04:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GOA
[2009/07/28 17:19:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games
[2008/04/23 06:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2009/01/26 20:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii Games
[2008/07/14 03:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grey Alien Games
[2008/04/09 09:00:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HiddenSecretsNightmare
[2011/02/16 08:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2009/06/30 17:10:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hitpointstudios
[2008/05/21 08:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hot Lava Games
[2009/05/04 06:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HTYDemo
[2009/03/31 22:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2009/08/11 11:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin
[2009/08/11 11:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2011/03/01 20:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2012/02/19 15:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KatGames
[2008/12/09 22:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2009/11/30 11:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kristanix Games
[2009/05/26 19:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mandragora
[2010/05/11 23:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mean Hamster
[2008/02/08 15:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Meridian93
[2010/01/13 13:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2011/04/30 16:05:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/04/01 23:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MonteCristo
[2007/11/23 19:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MostFun
[2009/04/29 18:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/09/23 20:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
[2007/11/18 01:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2010/04/20 17:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nevosoft
[2009/01/20 08:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NevoSoft Games
[2009/11/20 04:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2007/07/27 17:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OD2
[2011/02/01 21:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/11/23 05:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/07/30 17:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2009/04/13 17:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickClick
[2009/12/10 17:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\rionix
[2011/06/21 23:00:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2011/04/26 22:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Shockwave
[2007/11/22 15:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2009/09/04 01:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprouts Adventure
[2010/08/14 13:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2009/08/18 22:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SugarGames
[2009/10/06 18:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SuperRanch
[2012/05/03 20:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/11/26 18:49:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
[2009/05/05 09:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TikGames
[2009/06/27 13:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UClick
[2007/07/27 17:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/10/21 15:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
[2007/09/08 11:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/06/10 17:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualFarm
[2011/09/12 19:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualFarm2
[2010/11/10 19:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/14 13:43:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{6AA53D5D-4235-46F9-BAB3-3C1AF08F4C1A}
[2009/06/28 05:23:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Owner\Application Data\.#
[2010/12/13 08:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.minecraft
[2009/12/16 18:20:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\1morebee
[2010/03/25 00:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Absolutist
[2010/08/31 03:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Academagia
[2012/02/19 15:46:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aidem Media
[2010/02/23 19:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Alawar
[2010/05/19 11:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AlderGames
[2008/07/05 10:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amaranth Games
[2010/01/31 15:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon
[2009/03/28 20:00:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Anabel
[2008/05/21 10:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ancient Quest of Saqqarah_BETA_1
[2008/06/02 19:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ancient Quest of Saqqarah_BETA_2
[2008/07/29 18:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ancient Quest of Saqqarah__shockwave
[2009/01/07 19:13:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ashtons. Family Resort
[2008/10/07 22:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Atomv1005
[2009/06/05 08:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aveyond 3
[2009/06/07 06:48:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aveyond II
[2011/04/30 16:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2012/07/17 12:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2009/09/15 17:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BarbarianGames
[2009/08/15 02:17:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Batovi
[2010/07/03 21:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BBB
[2009/12/01 21:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2012/02/18 23:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Big Fish Games
[2007/09/14 20:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitTorrent
[2009/03/18 02:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Boolat Games
[2009/12/19 15:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Boomzap
[2012/01/22 13:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\calibre
[2011/11/28 19:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CardBoard Castle
[2009/08/04 20:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CasualForge
[2008/12/15 08:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CatmoonGames
[2011/08/18 14:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CheckPoint
[2010/03/09 13:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CKK
[2009/04/21 11:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Coyotes Tale
[2009/07/14 18:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CupcakeCafe
[2012/02/23 16:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DDMSettings
[2012/01/23 00:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DefendersQuest
[2009/09/02 17:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\dingogames
[2010/12/27 23:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DivoGames
[2008/04/19 12:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Downloaded Installations
[2008/10/17 12:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dragon Altar Games
[2009/03/17 20:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EleFun Games
[2009/11/17 20:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ElementalsTheMagicKey
[2009/06/11 21:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Enchanted Katya
[2009/06/30 11:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Enlightenus
[2011/03/20 02:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Enlightenus2SE_BFG
[2009/11/10 19:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Enlightenus_Shockwave
[2009/07/19 06:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ERS G-Studio
[2009/01/20 13:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Fabulous Finds
[2008/09/30 19:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FarmerJane
[2008/11/05 18:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FirstColony
[2009/11/20 22:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Flood Light Games
[2007/12/06 00:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ForgottenRiddles
[2008/09/24 16:13:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ForgottenRiddles2
[2009/02/11 08:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Friday's games
[2010/05/14 23:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Fugazo
[2008/12/09 22:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\funkitron
[2007/11/03 15:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gaijin Ent
[2007/11/18 01:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GameHouse
[2009/09/24 13:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GameInvest
[2008/11/25 14:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gamelab
[2010/07/03 21:47:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gamers Digital
[2008/05/09 16:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Games
[2008/05/30 22:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GamesCafe
[2008/06/04 23:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Genimo
[2009/07/03 09:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2009/11/20 04:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GOA
[2009/01/26 20:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gogii Games
[2009/09/08 20:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GraveyardShift
[2007/11/23 15:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Home Sweet Home
[2009/07/15 19:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICQ
[2009/07/22 01:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IronCode
[2011/02/15 18:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Islands
[2010/12/08 07:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iWin
[2008/02/07 01:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iWinArcade
[2007/09/22 15:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Jane s Hotel
[2008/10/12 09:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\JoyBits
[2012/02/19 15:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\KatGames
[2011/08/18 20:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LegacyInteractive
[2008/02/07 02:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Magic Seeds
[2007/09/06 19:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Magic Stones
[2010/11/04 08:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MagicMatch
[2010/05/11 23:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mean Hamster
[2011/03/09 03:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Meridian93
[2010/01/13 13:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Merscom
[2010/06/15 20:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mif2000's Hamlet
[2007/10/06 02:57:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mind Control Software
[2009/02/19 02:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mousechief
[2008/10/20 09:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mushroom Age
[2008/05/08 00:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\My Games
[2009/12/08 22:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MysteryStudio
[2011/07/12 20:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NevoSoft
[2007/08/03 13:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OD2
[2012/07/04 14:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Oracle
[2011/08/09 19:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PathToSuccess
[2009/07/23 13:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Peace Craft
[2010/11/04 08:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PhantasmatBeta
[2010/11/04 08:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Phantasmat_beta_1
[2011/03/08 20:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Phantasmat_shockwave_ce
[2011/08/25 01:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Pi Eye Games
[2011/05/21 19:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayFirst
[2009/11/11 23:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Playrix Entertainment
[2008/05/10 13:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Pony-World-Deluxe
[2008/01/05 13:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ponys
[2012/07/18 17:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PriceGong
[2009/04/11 06:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Red Thumb Games
[2012/06/18 13:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RenPy
[2008/09/16 18:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Righteous Kill
[2010/04/21 21:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Rokario
[2008/02/11 13:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Runes of Avalon 2
[2011/12/21 02:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sahmon Games
[2008/02/24 01:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sandlot Games
[2008/05/21 10:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Saqqarah
[2008/06/02 18:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Saqqarah_BETA2
[2009/07/22 08:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Scrabble Plus
[2009/08/31 02:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SecondLife
[2010/04/27 22:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Shockwave
[2009/07/17 03:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Shockwave JanesZOO
[2008/08/27 05:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ShockWave_JanesRealty
[2008/01/22 08:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Spandex Force
[2010/12/28 01:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Spark Plug Games
[2008/01/22 08:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SpInstallData
[2007/09/09 02:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SpinTop
[2008/06/20 23:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SPORE Creature Creator
[2010/08/14 13:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Stardock
[2008/05/22 11:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\StoneLoops
[2008/05/22 11:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\StoneLoops!
[2008/07/05 13:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SulusGames
[2012/07/04 15:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
[2007/12/03 00:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Teggo
[2008/10/11 08:15:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2009/05/05 09:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TikGames
[2009/04/21 13:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Total Eclipse
[2011/03/10 19:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Trillian
[2009/06/27 13:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\UClick
[2007/09/11 04:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ulead Systems
[2011/09/12 17:49:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Unity
[2009/10/21 15:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Valusoft
[2007/08/24 15:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VeniceMysteryData
[2007/09/08 11:51:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2009/02/14 06:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ViquaSoft
[2007/07/31 15:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Wildfire
[2008/12/05 17:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Wildhollow
[2009/10/21 15:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WildhollowInstall
[2007/09/30 04:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Workrave
[2008/05/26 15:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\xu4
[2008/03/31 05:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Yatec Games
[2009/08/14 19:19:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\YoudaGames
[2012/07/16 10:09:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012/07/19 09:00:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\Tasks\Setup my PC.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2008/05/04 12:41:22 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\????) -- C:\Documents and Settings\Owner\My Documents\마비노기
[2008/05/04 12:41:22 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\????) -- C:\Documents and Settings\Owner\My Documents\마비노기

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A71E8A6B
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:884593DD
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5AEA68EE
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B5CDE9B
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47417312
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:417EFB56
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:405AC508
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C340A64
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EF4E162
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7B98566
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C235A19
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69FD6BF0
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C82AA2E
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52562F72
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:435657D8
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EAA01E60
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE36080E
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE0CA00B
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D07803DA
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7326AC15
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68FE11A2
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:310A4B08
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1D08F626
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA7FE636
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90865A6D
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C4DF735
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60954489
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EE11243
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7EDD606
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BD27B7FC
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E9B629B
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A37385A
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D994162E
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9508297
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C065E0D
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C13E971
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:175C6F6B
@Alternate Data Stream - 311 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:23ABA437
@Alternate Data Stream - 241 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E9C9E8F
@Alternate Data Stream - 235 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C5E2BAEE
@Alternate Data Stream - 233 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6CDBCAC
@Alternate Data Stream - 232 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:425759C6
@Alternate Data Stream - 231 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D6EAEC3
@Alternate Data Stream - 226 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B940F20
@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2DAD076E
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3606FCC
@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8EB547C3
@Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE69D7DF
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6378B6B8
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47A24D4B
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:241FA548
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC2D8A6F
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3251D01
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F84B8DB5
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE04588B
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D7DA89B1
@Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0FEE2B
@Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71FA8B7F
@Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EF72D85
@Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:375FC7E7
@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:506E1E25
@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FFDD521
@Alternate Data Stream - 192 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29159220
@Alternate Data Stream - 184 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5DCCCA92
@Alternate Data Stream - 183 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94ABBC1D
@Alternate Data Stream - 179 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7337E874
@Alternate Data Stream - 178 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D7B24563
@Alternate Data Stream - 178 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F86F437
@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF2E5A21
@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D857D30
@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:11344DFB
@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04B9B70F
@Alternate Data Stream - 176 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7504B28
@Alternate Data Stream - 176 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2C903BC
@Alternate Data Stream - 176 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32AF55F1
@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EBBD3EB
@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:410921CB
@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2DDB3026
@Alternate Data Stream - 174 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7258B576
@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAE50D46
@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA9B4A9E
@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09D0186E
@Alternate Data Stream - 172 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:084B0270
@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B2FDF39C
@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F84BF39
@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C534D0A
@Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AAC11624
@Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:64DD1889
@Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:401164E5
@Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F3EF991
@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF39FA77
@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35CF1C69
@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16A1FA2F
@Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F7562E0
@Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12CF331A
@Alternate Data Stream - 165 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD93CF96
@Alternate Data Stream - 165 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05E0618E
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E9A61FAD
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53ABB239
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D67F1A7
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25EFDD27
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DB8926F
@Alternate Data Stream - 162 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E79006EF
@Alternate Data Stream - 162 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA104B84
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8FD0E4B
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DD93FF7
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:11926C9B
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:299868C8
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E473FF1
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7E61896
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71236697
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FF510ADC
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CBCF563D
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2702B06F
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C478CC9
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E22637F
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA345B65
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7CFF127A
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E650B916
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A88A6EE9
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FFEB376
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1EEB4B2
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2187A39D
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2164CF08
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18A374B2
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2486279
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C69F9A67
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99793169
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E821E59
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8791731
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C663BCCD
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ABEF7702
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AEEC6F2
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E04181D9
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2FCFED09
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E9900C74
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:887C125E
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1224B4C3
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAF8DAC8
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30759574
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:149327FE
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E22C5DB
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7CAC05C3
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EFB87508
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B709AD7
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04A2BA27
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:945D8507
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A921E6B
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:751D6870
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B52F176
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9720CFE5
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5AC1C931
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32A82570
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9B4A5BE
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41B89F80
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31F2397C
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18BFD8F8
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F57F58E
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68FB0053
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1175E1D
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F0B6A5A
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4DDCE10B
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B4630A5
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48977386
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7B70C4E
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:841A8F45
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:353B2FF9
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:172EB9B5
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A29F7559
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:705CCD22
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3583C322
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10CFA7D4
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2DC4B0B
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E395C78
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8EBA6E50
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7EC01D6D
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F38450C8
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEFD6C95
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA2FBCA1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E161A7DD
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0A9D0E7
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1E7CA3C
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A988B257
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C0FC74B
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:82ED8454
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6262CFB7
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B4A0E23
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EDC284A8
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D38415F0
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1E64E47
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B088B85
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:892AEA67
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:75A89023
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:472FDF93
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:377CCC31
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:086F28DF
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA408F93
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1F0782B
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FEDE7BB
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3906CDD7
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F16D679
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC29ABAC
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2753F1AE
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:237F3ABD
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB2DC8A5
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F986CC21
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F44D3C53
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D23FAE12
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C86B29EB
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4F0E644
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C6A9B00
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68A87DB9
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A046D06
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F666E24
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:86A8CE8D
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85F3AC32
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6D6B9915
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66A105B9
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5718E999
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42C1964D
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F6462DF
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE16379
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9485E512
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C2010E2
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7AF9CAEB
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4AC52CAB
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D74540D
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC7C9796
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7BEFCD2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0A09032
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9ED07655
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E1404CE
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48FEA089
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F01A3FD1
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E9988D7F
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D532A897
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7EBCAF87
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:708561A8
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:182D85B1
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDDD8917
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E412AAF2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DCBD9585
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D251621C
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C10635F6
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF07EA98
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:971DCCE2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:72542FE8
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66AA0486
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:649ABDC5
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25BB767E
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:23B59626
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A63D33A
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E00A1D59
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1713795
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1512DC7
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9745C78B
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94D41096
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8ADA3722
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A24629A
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:462F5905
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:404D80C3
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F76D01BB
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD692D9D
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE64143E
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F515FDE
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3EAFDE57
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AFE59F2
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FF251D87
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2397415
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0D0FFBF
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD7C3EFB
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:857A52F7
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:75FF38A1
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68A56598
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:644C73AD
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BB3023B
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52641FBE
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A684377
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14750D76
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A6D6CB4
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0606326C
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F9C6DE8B
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1F936DF
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E4FBF8BD
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CADE3CFB
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:945FE29C
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81653DC8
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67ED88CE
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3DB0B938
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1F04E8D
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D05053DC
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91911DF0
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3EDEA3E1
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3DAC3B29
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:322D2CD3
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A5207FA
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F164888
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E962FBDB
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0A051AD
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B835A22
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5200349E
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0551F1FA
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB69CC19
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF0BC727
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C580FF00
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:708BB0FA
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:614F17D3
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:521B9AFB
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3AE2B08E
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32A5186C
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F88631E5
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:906B4A4C
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C1CCA07
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02A78DF6
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE9AC1B5
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E9A4C114
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E2AB6C5B
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5802E5F2
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57BF34C6
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A1628E5
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F951183D
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE125DFD
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B95CF7DA
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AFD2D4A7
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:701AFF06
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BF0805F
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45F3AD49
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42D29305
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2792EE7C
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26FE5B17
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26FD8642
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A051701
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F69BB936
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E32966C0
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7617B2BB
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:423A67E6
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2836460B
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2520CFF2
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF62356E
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3F61B65
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB960BFC
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA5938AB
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47ADFAF3
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D19638E
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:39B8AFB6
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30C46519
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27D1368B
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF0F61BB
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DC301B6
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B3A4EC2
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4220A65C
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D37AE80B
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95EBD4E0
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AA8E0FE
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78CC8F21
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2117D4B2
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B39B4C74
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9103B6B8
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15752405
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8135F61
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BB21850
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BAAE818
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:161AA30B
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0FF5872D
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:015DC393

< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:Services
xpsec
xgh2n6454.sys
xcpip

:OTL
DRV - (xpsec) -- C:\WINDOWS\system32\drivers\xpsec.sys File not found
DRV - (xgh2n6454.sys) -- C:\WINDOWS\system32\drivers\xgh2n6454.sys File not found
DRV - (xcpip) -- C:\WINDOWS\system32\drivers\xcpip.sys File not found
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
[2009/11/08 08:55:12 | 000,000,609 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober2309578.gif
[2009/11/20 04:23:35 | 000,000,175 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober2309578.src
O1 - Hosts: 209.44.111.62 antispy.microsoft.com
O1 - Hosts: 209.44.111.62 antiaware-pro.com
O1 - Hosts: 209.44.111.62 www.antiaware-pro.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Tiscali Broadband.lnk = File not found
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Tiscali Broadband.lnk = File not found
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.sy...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemreq.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O33 - MountPoints2\{b2d5fe4d-3ce9-11dc-afad-00038a000015}\Shell\AutoRun\command - "" = I:\healthcheck.exe
[2011/05/19 12:00:37 | 000,002,918 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fu0jj71k55a55h17532f15ia7r0ql7u208ra006w34uxh
[2011/05/19 12:00:37 | 000,002,918 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\fu0jj71k55a55h17532f15ia7r0ql7u208ra006w34uxh
[2011/02/23 14:25:53 | 000,063,284 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/11/17 20:10:40 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\0bwolrd1wdqru4ealfetm4uowocesisxvjnx5jmbhgh
[2012/07/19 09:00:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\Tasks\Setup my PC.job
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A71E8A6B
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:884593DD
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5AEA68EE
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B5CDE9B
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47417312
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:417EFB56
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:405AC508
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C340A64
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EF4E162
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7B98566
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C235A19
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69FD6BF0
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C82AA2E
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52562F72
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:435657D8
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EAA01E60
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE36080E
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE0CA00B
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D07803DA
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7326AC15
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68FE11A2
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:310A4B08
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1D08F626
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA7FE636
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90865A6D
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C4DF735
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60954489
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EE11243
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7EDD606
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BD27B7FC
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E9B629B
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A37385A
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D994162E
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9508297
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C065E0D
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C13E971
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:175C6F6B
@Alternate Data Stream - 311 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:23ABA437
@Alternate Data Stream - 241 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E9C9E8F
@Alternate Data Stream - 235 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C5E2BAEE
@Alternate Data Stream - 233 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6CDBCAC
@Alternate Data Stream - 232 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:425759C6
@Alternate Data Stream - 231 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D6EAEC3
@Alternate Data Stream - 226 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B940F20
@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2DAD076E
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3606FCC
@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8EB547C3
@Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE69D7DF
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6378B6B8
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47A24D4B
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:241FA548
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC2D8A6F
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3251D01
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F84B8DB5
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE04588B
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D7DA89B1
@Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0FEE2B
@Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71FA8B7F
@Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EF72D85
@Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:375FC7E7
@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:506E1E25
@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FFDD521
@Alternate Data Stream - 192 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29159220
@Alternate Data Stream - 184 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5DCCCA92
@Alternate Data Stream - 183 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94ABBC1D
@Alternate Data Stream - 179 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7337E874
@Alternate Data Stream - 178 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D7B24563
@Alternate Data Stream - 178 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F86F437
@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF2E5A21
@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D857D30
@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:11344DFB
@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04B9B70F
@Alternate Data Stream - 176 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7504B28
@Alternate Data Stream - 176 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2C903BC
@Alternate Data Stream - 176 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32AF55F1
@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EBBD3EB
@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:410921CB
@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2DDB3026
@Alternate Data Stream - 174 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7258B576
@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAE50D46
@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA9B4A9E
@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09D0186E
@Alternate Data Stream - 172 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:084B0270
@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B2FDF39C
@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F84BF39
@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C534D0A
@Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AAC11624
@Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:64DD1889
@Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:401164E5
@Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F3EF991
@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF39FA77
@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35CF1C69
@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16A1FA2F
@Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F7562E0
@Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12CF331A
@Alternate Data Stream - 165 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD93CF96
@Alternate Data Stream - 165 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05E0618E
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E9A61FAD
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53ABB239
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D67F1A7
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25EFDD27
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DB8926F
@Alternate Data Stream - 162 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E79006EF
@Alternate Data Stream - 162 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA104B84
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8FD0E4B
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DD93FF7
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:11926C9B
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:299868C8
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E473FF1
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7E61896
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71236697
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FF510ADC
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CBCF563D
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2702B06F
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C478CC9
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E22637F
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA345B65
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7CFF127A
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E650B916
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A88A6EE9
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FFEB376
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1EEB4B2
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2187A39D
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2164CF08
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18A374B2
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2486279
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C69F9A67
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99793169
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E821E59
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8791731
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C663BCCD
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ABEF7702
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AEEC6F2
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E04181D9
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2FCFED09
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E9900C74
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:887C125E
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1224B4C3
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAF8DAC8
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30759574
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:149327FE
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E22C5DB
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7CAC05C3
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EFB87508
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B709AD7
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04A2BA27
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:945D8507
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A921E6B
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:751D6870
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B52F176
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9720CFE5
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5AC1C931
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32A82570
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9B4A5BE
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41B89F80
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31F2397C
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18BFD8F8
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F57F58E
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68FB0053
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1175E1D
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F0B6A5A
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4DDCE10B
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B4630A5
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48977386
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7B70C4E
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:841A8F45
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:353B2FF9
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:172EB9B5
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A29F7559
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:705CCD22
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3583C322
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10CFA7D4
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2DC4B0B
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E395C78
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8EBA6E50
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7EC01D6D
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F38450C8
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEFD6C95
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA2FBCA1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E161A7DD
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0A9D0E7
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1E7CA3C
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A988B257
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C0FC74B
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:82ED8454
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6262CFB7
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B4A0E23
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EDC284A8
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D38415F0
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1E64E47
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B088B85
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:892AEA67
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:75A89023
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:472FDF93
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:377CCC31
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:086F28DF
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA408F93
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1F0782B
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FEDE7BB
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3906CDD7
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F16D679
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC29ABAC
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2753F1AE
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:237F3ABD
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB2DC8A5
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F986CC21
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F44D3C53
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D23FAE12
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C86B29EB
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4F0E644
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C6A9B00
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68A87DB9
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A046D06
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F666E24
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:86A8CE8D
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85F3AC32
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6D6B9915
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66A105B9
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5718E999
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42C1964D
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F6462DF
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE16379
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9485E512
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C2010E2
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7AF9CAEB
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4AC52CAB
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D74540D
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC7C9796
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7BEFCD2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0A09032
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9ED07655
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E1404CE
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48FEA089
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F01A3FD1
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E9988D7F
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D532A897
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7EBCAF87
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:708561A8
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:182D85B1
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDDD8917
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E412AAF2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DCBD9585
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D251621C
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C10635F6
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF07EA98
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:971DCCE2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:72542FE8
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66AA0486
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:649ABDC5
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25BB767E
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:23B59626
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A63D33A
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E00A1D59
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1713795
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1512DC7
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9745C78B
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94D41096
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8ADA3722
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A24629A
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:462F5905
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:404D80C3
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F76D01BB
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD692D9D
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE64143E
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F515FDE
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3EAFDE57
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AFE59F2
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FF251D87
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2397415
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0D0FFBF
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD7C3EFB
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:857A52F7
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:75FF38A1
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68A56598
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:644C73AD
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BB3023B
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52641FBE
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A684377
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14750D76
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A6D6CB4
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0606326C
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F9C6DE8B
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1F936DF
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E4FBF8BD
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CADE3CFB
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:945FE29C
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81653DC8
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67ED88CE
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3DB0B938
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1F04E8D
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D05053DC
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91911DF0
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3EDEA3E1
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3DAC3B29
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:322D2CD3
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A5207FA
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F164888
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E962FBDB
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0A051AD
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B835A22
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5200349E
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0551F1FA
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB69CC19
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF0BC727
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C580FF00
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:708BB0FA
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:614F17D3
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:521B9AFB
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3AE2B08E
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32A5186C
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F88631E5
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:906B4A4C
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C1CCA07
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02A78DF6
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE9AC1B5
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E9A4C114
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E2AB6C5B
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5802E5F2
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57BF34C6
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A1628E5
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F951183D
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE125DFD
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B95CF7DA
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AFD2D4A7
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:701AFF06
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BF0805F
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45F3AD49
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42D29305
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2792EE7C
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26FE5B17
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26FD8642
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A051701
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F69BB936
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E32966C0
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7617B2BB
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:423A67E6
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2836460B
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2520CFF2
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF62356E
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3F61B65
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB960BFC
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA5938AB
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47ADFAF3
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D19638E
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:39B8AFB6
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30C46519
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27D1368B
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF0F61BB
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DC301B6
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B3A4EC2
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4220A65C
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D37AE80B
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95EBD4E0
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AA8E0FE
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78CC8F21
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2117D4B2
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B39B4C74
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9103B6B8
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15752405
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8135F61
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BB21850
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BAAE818
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:161AA30B
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0FF5872D
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:015DC393

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
C:\Documents and Settings\Owner\Application Data\*.exe
C:\Documents and Settings\All Users\Application Data\*.exe
sc config xpsec start= disabled /c
sc config xgh2n6454.sys start= disabled /c
sc config xcpip start= disabled /c
sc delete xpsec /c
sc delete xgh2n6454.sys /c
sc delete xcpip /c
     
:Commands
[EMPTYJAVA]
[EMPTYFLASH]
[RESETHOSTS]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan (Allow the Avast Engine download)
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwareby...lwarebytes_free

SAVE (Free version) Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron

PS Your program nProtect KeyCrypt is missing a driver so if you use it you need to uninstall it and reinstall it. If you don't use it then uninstall it.
  • 0

#3
HDL

HDL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Thank you very much for your help.

I did exactly as I was told to until I hit the following quote.

Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.


I'm sorry, I think I've messed up. I didn't see a log pop up before it was asking to reboot. I thought something would show up after the reboot but a log hasn't. What should I do? Do I have to redo something in that step again, is there a way to retrieve that log? Or should I just proceed to the next step?

Edited by HDL, 19 July 2012 - 01:50 PM.

  • 0

#4
HDL

HDL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Oh! Searched the site and managed to find out where to find the log.

========== SERVICES/DRIVERS ==========
Error: Unable to stop service xpsec!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xpsec deleted successfully.
Service xgh2n6454.sys stopped successfully!
Service xgh2n6454.sys deleted successfully!
Error: Unable to stop service xcpip!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xcpip deleted successfully.
========== OTL ==========
Error: Unable to stop service xpsec!
Service\Driver key xpsec not found.
File C:\WINDOWS\system32\drivers\xpsec.sys File not found not found.
Error: No service named xgh2n6454.sys was found to stop!
Service\Driver key xgh2n6454.sys not found.
File C:\WINDOWS\system32\drivers\xgh2n6454.sys File not found not found.
Error: Unable to stop service xcpip!
Service\Driver key xcpip not found.
File C:\WINDOWS\system32\drivers\xcpip.sys File not found not found.
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
C:\Program Files\Mozilla Firefox\searchplugins\WebSearchober2309578.gif moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\WebSearchober2309578.src moved successfully.
209.44.111.62 antispy.microsoft.com removed from HOSTS file successfully
209.44.111.62 antiaware-pro.com removed from HOSTS file successfully
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\ deleted successfully.
C:\Program Files\iWin Games\iWinGamesHookIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
File C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Tiscali Broadband.lnk moved successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Tiscali Broadband.lnk moved successfully.
Starting removal of ActiveX control {40F576AD-8680-4F9E-9490-99D069CD665F}
C:\WINDOWS\Downloaded Program Files\sysreqlabdetect.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{40F576AD-8680-4F9E-9490-99D069CD665F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E-9490-99D069CD665F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found.
Starting removal of ActiveX control {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2d5fe4d-3ce9-11dc-afad-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2d5fe4d-3ce9-11dc-afad-00038a000015}\ not found.
File I:\healthcheck.exe not found.
C:\Documents and Settings\Owner\Local Settings\Application Data\fu0jj71k55a55h17532f15ia7r0ql7u208ra006w34uxh moved successfully.
C:\Documents and Settings\All Users\Application Data\fu0jj71k55a55h17532f15ia7r0ql7u208ra006w34uxh moved successfully.
C:\WINDOWS\system32\mlfcache.dat moved successfully.
C:\Documents and Settings\Owner\Application Data\0bwolrd1wdqru4ealfetm4uowocesisxvjnx5jmbhgh moved successfully.
C:\WINDOWS\Tasks\Setup my PC.job moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A71E8A6B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:884593DD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5AEA68EE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4B5CDE9B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:47417312 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:417EFB56 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:405AC508 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3C340A64 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2EF4E162 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C7B98566 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6C235A19 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:69FD6BF0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C82AA2E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:52562F72 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:435657D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EAA01E60 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DE36080E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DE0CA00B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D07803DA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7326AC15 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:68FE11A2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:310A4B08 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1D08F626 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FA7FE636 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:90865A6D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7C4DF735 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:60954489 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4EE11243 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F7EDD606 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BD27B7FC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5E9B629B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4A37385A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D994162E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A9508297 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8C065E0D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6C13E971 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:175C6F6B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:23ABA437 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8E9C9E8F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C5E2BAEE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A6CDBCAC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:425759C6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9D6EAEC3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6B940F20 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2DAD076E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B3606FCC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8EB547C3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:260575F1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EE69D7DF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6378B6B8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:47A24D4B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:241FA548 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FC2D8A6F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A3251D01 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F84B8DB5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AE04588B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D7DA89B1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CB0FEE2B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:71FA8B7F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5EF72D85 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:375FC7E7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:506E1E25 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4FFDD521 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:29159220 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5DCCCA92 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:94ABBC1D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7337E874 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D7B24563 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1F86F437 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AF2E5A21 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3D857D30 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:11344DFB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:04B9B70F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C7504B28 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A2C903BC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:32AF55F1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5EBBD3EB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:410921CB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2DDB3026 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7258B576 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CAE50D46 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AA9B4A9E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:09D0186E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:084B0270 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B2FDF39C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8F84BF39 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7C534D0A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AAC11624 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:64DD1889 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:401164E5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5F3EF991 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CF39FA77 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:35CF1C69 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:16A1FA2F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7F7562E0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:12CF331A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FD93CF96 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:05E0618E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E9A61FAD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:53ABB239 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2D67F1A7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:25EFDD27 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8DB8926F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E79006EF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CA104B84 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D8FD0E4B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6DD93FF7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:11926C9B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:299868C8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0E473FF1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F7E61896 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:71236697 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FF510ADC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CBCF563D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2702B06F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3C478CC9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5E22637F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FA345B65 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7CFF127A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E650B916 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A88A6EE9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7FFEB376 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E1EEB4B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2187A39D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2164CF08 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:18A374B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D2486279 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C69F9A67 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:99793169 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3E821E59 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B8791731 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C663BCCD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:ABEF7702 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2AEEC6F2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E04181D9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2FCFED09 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E9900C74 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:887C125E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1224B4C3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CAF8DAC8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:30759574 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:149327FE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0E22C5DB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7CAC05C3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EFB87508 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6B709AD7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:04A2BA27 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:945D8507 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0A921E6B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:751D6870 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9B52F176 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9720CFE5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5AC1C931 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:32A82570 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B9B4A5BE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:41B89F80 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:31F2397C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:18BFD8F8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7F57F58E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:68FB0053 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F1175E1D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6F0B6A5A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4DDCE10B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4B4630A5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:48977386 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A7B70C4E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:841A8F45 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:353B2FF9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:172EB9B5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A29F7559 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:705CCD22 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3583C322 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:10CFA7D4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F2DC4B0B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9E395C78 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8EBA6E50 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7EC01D6D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F38450C8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EEFD6C95 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EA2FBCA1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E161A7DD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C0A9D0E7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B1E7CA3C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A988B257 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9C0FC74B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:82ED8454 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6262CFB7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4B4A0E23 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EDC284A8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D38415F0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B1E64E47 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9B088B85 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:892AEA67 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:75A89023 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:472FDF93 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:377CCC31 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:086F28DF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FA408F93 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B1F0782B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6FEDE7BB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3906CDD7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0F16D679 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BC29ABAC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2753F1AE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:237F3ABD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FB2DC8A5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F986CC21 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F44D3C53 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D23FAE12 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C86B29EB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A4F0E644 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9C6A9B00 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:68A87DB9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4A046D06 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1F666E24 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:86A8CE8D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:85F3AC32 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6D6B9915 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:66A105B9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5718E999 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:42C1964D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2F6462DF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:ADE16379 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9485E512 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8C2010E2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7AF9CAEB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4AC52CAB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0D74540D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EC7C9796 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E7BEFCD2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E0A09032 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9ED07655 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5E1404CE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:48FEA089 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F01A3FD1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E9988D7F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D532A897 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7EBCAF87 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:708561A8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:182D85B1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FDDD8917 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E412AAF2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DCBD9585 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D251621C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C10635F6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BF07EA98 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:971DCCE2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:72542FE8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:66AA0486 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:649ABDC5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:25BB767E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:23B59626 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0A63D33A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E00A1D59 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1713795 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B1512DC7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9745C78B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:94D41096 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8ADA3722 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5A24629A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:462F5905 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:404D80C3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F76D01BB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DD692D9D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BE64143E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3F515FDE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3EAFDE57 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2AFE59F2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FF251D87 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D2397415 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D0D0FFBF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AD7C3EFB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:857A52F7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:75FF38A1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:68A56598 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:644C73AD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5BB3023B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:52641FBE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1A684377 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:14750D76 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0A6D6CB4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0606326C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F9C6DE8B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F1F936DF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E4FBF8BD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CADE3CFB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:945FE29C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:81653DC8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:67ED88CE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3DB0B938 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E1F04E8D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D05053DC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:91911DF0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3EDEA3E1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3DAC3B29 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:322D2CD3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1A5207FA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0F164888 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E962FBDB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E0A051AD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5B835A22 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5200349E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0551F1FA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EB69CC19 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DF0BC727 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C580FF00 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:708BB0FA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:614F17D3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:521B9AFB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3AE2B08E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:32A5186C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F88631E5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:906B4A4C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4C1CCA07 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:02A78DF6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EE9AC1B5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E9A4C114 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E2AB6C5B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5802E5F2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:57BF34C6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4A1628E5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F951183D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CE125DFD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B95CF7DA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AFD2D4A7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:701AFF06 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6BF0805F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:45F3AD49 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:42D29305 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2792EE7C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:26FE5B17 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:26FD8642 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0A051701 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F69BB936 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E32966C0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7617B2BB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:423A67E6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2836460B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2520CFF2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EF62356E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C3F61B65 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BB960BFC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BA5938AB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:47ADFAF3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3D19638E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:39B8AFB6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:30C46519 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:27D1368B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DF0F61BB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6DC301B6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5B3A4EC2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4220A65C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D37AE80B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:95EBD4E0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8AA8E0FE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:78CC8F21 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2117D4B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B39B4C74 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9103B6B8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:15752405 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F8135F61 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3BB21850 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2BAAE818 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:161AA30B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0FF5872D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:015DC393 deleted successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
File\Folder C:\Documents and Settings\Owner\Application Data\*.exe not found.
File\Folder C:\Documents and Settings\All Users\Application Data\*.exe not found.
< sc config xpsec start= disabled /c >
[SC] ChangeServiceConfig FAILED 2:
The system cannot find the file specified.
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
< sc config xgh2n6454.sys start= disabled /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
< sc config xcpip start= disabled /c >
[SC] ChangeServiceConfig FAILED 2:
The system cannot find the file specified.
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
< sc delete xpsec /c >
[SC] DeleteService SUCCESS
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
< sc delete xgh2n6454.sys /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
< sc delete xcpip /c >
[SC] DeleteService SUCCESS
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Owner
->Java cache emptied: 46763955 bytes

Total Java Files Cleaned = 45.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 56475 bytes

User: LocalService

User: NetworkService

User: Owner
->Flash cache emptied: 10762271 bytes

Total Flash Files Cleaned = 10.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.54.0 log created on 07192012_184511
  • 0

#5
HDL

HDL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I forgot to disable my firewall when running the scan. It did come up with a few messages about the application wanting to access the internet which I let through. My Antivirus turned itself back on near the end of the scan and tried to block a few things too. I'm hoping that hasn't interfered with the scan.

ComboFix 12-07-19.02 - Owner 20/07/2012 6:40.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.959.621 [GMT 1:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\4DDCE10B.TMP
c:\documents and settings\All Users\Application Data\TEMP\68FB0053.TMP
c:\documents and settings\All Users\Application Data\TEMP\EE69D7DF.TMP
c:\documents and settings\Owner\Application Data\.#
c:\documents and settings\Owner\Application Data\.#\[email protected]@394190.###
c:\documents and settings\Owner\Application Data\.#\[email protected]@3941C0.###
c:\documents and settings\Owner\Application Data\.#\[email protected]@3941F0.###
c:\documents and settings\Owner\Application Data\.#\[email protected]@394190.###
c:\documents and settings\Owner\Application Data\.#\[email protected]@3941C0.###
c:\documents and settings\Owner\Application Data\.#\[email protected]@3941F0.###
c:\documents and settings\Owner\Application Data\PriceGong
c:\documents and settings\Owner\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\11.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\2229.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\4489.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\9491.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Owner\Application Data\PriceGong\Data\z.txt
c:\documents and settings\Owner\Local Settings\Application Data\assembly\tmp
c:\documents and settings\Owner\WINDOWS
c:\windows\system32\sqlite3.dll
.
c:\windows\system32\proquota.exe . . . is missing!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
-------\Service_xpsec
.
.
((((((((((((((((((((((((( Files Created from 2012-06-20 to 2012-07-20 )))))))))))))))))))))))))))))))
.
.
2012-07-19 17:45 . 2012-07-19 17:45 -------- d-----w- C:\_OTL
2012-07-18 15:53 . 2012-07-18 16:16 -------- d-----w- c:\program files\WhoCrashed
2012-07-04 14:07 . 2012-07-04 15:20 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\eSupport.com
2012-07-04 13:22 . 2012-07-04 13:22 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Sun
2012-07-04 13:20 . 2012-07-04 13:20 -------- d-----w- c:\program files\Oracle
2012-07-04 13:20 . 2012-07-04 13:20 -------- d-----w- c:\documents and settings\Owner\Application Data\Oracle
2012-07-04 13:20 . 2012-05-04 18:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-17 02:18 . 2012-04-01 14:29 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-17 02:18 . 2011-05-18 07:02 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-04 18:29 . 2007-08-06 21:50 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-04 18:29 . 2010-07-10 21:31 687504 ----a-w- c:\windows\system32\deployJava1.dll
2009-09-29 19:00 . 2009-09-29 19:00 57369 ----a-w- c:\program files\winsetup.exe
2009-09-29 18:59 . 2009-09-29 18:59 8421321 ----a-w- c:\program files\Awakener.exe
2007-12-05 17:27 . 2007-12-05 02:58 1071886 ----a-w- c:\program files\WoW-2.0.0-enUS-Installer-downloader.exe
2007-08-05 20:13 . 2007-08-05 20:13 774144 ----a-w- c:\program files\RngInterstitial.dll
2012-07-19 18:07 . 2011-05-06 17:28 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-10 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
.
[-] 2004-08-10 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2004-08-10 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-03 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-10 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-10 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys
[-] 2004-08-10 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\I386\NTFS.SYS
.
[-] 2004-08-10 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2004-08-10 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
.
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\browser.dll
[-] 2004-08-10 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
.
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-10 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
.
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-10 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll
.
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2004-08-10 13:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-10 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
.
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2004-08-10 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\rpcss.dll
.
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-10 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-10 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe
.
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe
[-] 2004-08-10 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2004-08-10 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2004-08-10 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2004-08-10 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL
[-] 2004-08-10 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-10 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll
[-] 2004-08-10 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
.
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-10 13:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll
.
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-10 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
.
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2004-08-10 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB935839$\kernel32.dll
.
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2004-08-10 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll
.
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-10 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
.
[-] 2011-02-22 . 3422847AA07E37076A87D0B7D5044DC6 . 5964800 . . [8.00.6001.23141] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\mshtml.dll
[-] 2011-02-22 . C2EF2335F1B6C2BE20A67D9098F6C9A1 . 5962240 . . [8.00.6001.19046] . . c:\windows\system32\mshtml.dll
[-] 2011-02-22 . C2EF2335F1B6C2BE20A67D9098F6C9A1 . 5962240 . . [8.00.6001.19046] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2010-12-20 . 1EDCEC5D649DBAC37ED9FFB5A14CEB0C . 5961216 . . [8.00.6001.19019] . . c:\windows\ie8updates\KB2497640-IE8\mshtml.dll
[-] 2010-12-20 . 2A2C070EC691CE410533A1DA7AA3CD86 . 5962240 . . [8.00.6001.23111] . . c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtml.dll
[-] 2010-11-06 . 864E69F32656A7121444BA0193D7B64B . 5960704 . . [8.00.6001.23091] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mshtml.dll
[-] 2010-11-06 . D7CCA87057901C87ED8CC40DDCC7FA1B . 5959168 . . [8.00.6001.18999] . . c:\windows\ie8updates\KB2482017-IE8\mshtml.dll
[-] 2010-09-10 . DE41132DA8E5A3CD57201C6F2175EC05 . 5957120 . . [8.00.6001.18975] . . c:\windows\ie8updates\KB2416400-IE8\mshtml.dll
[-] 2010-09-10 . 8A03CC037E6B7D1796192815231B0C3F . 5958656 . . [8.00.6001.23067] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\mshtml.dll
[-] 2010-06-24 . 94DC7E938C57F3C3D1BC4A0F68FC5830 . 5954560 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\mshtml.dll
[-] 2010-06-24 . 4D7EF94795384CD2BBAAB078B7929FEA . 5951488 . . [8.00.6001.18939] . . c:\windows\ie8updates\KB2360131-IE8\mshtml.dll
[-] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . c:\windows\ie8updates\KB2183461-IE8\mshtml.dll
[-] 2010-05-06 . 9BE28F749A7FE7F8F177C6AA2E9DA609 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[-] 2010-02-25 . 7054F6ADC9B670887659F1561603B0D0 . 5944832 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll
[-] 2010-02-25 . 974772C74DA7C7A8E7C813A9908A845F . 5946880 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
[-] 2009-12-21 . BE6EEBEF636773A8E7A82214E81C563A . 5942784 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\mshtml.dll
[-] 2009-12-21 . E6B64C6C729BBC38AB7CC92CE33F97A5 . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . C0F9AC6FAB2C788FFEE3E69585A0E93F . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . CBB1EF54B86EDB78649909DD1699E5CA . 5940736 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\mshtml.dll
[-] 2009-10-22 . CDA69BC1C23B0EA033B989F67CB722FF . 5939712 . . [8.00.6001.18852] . . c:\windows\ie8updates\KB976325-IE8\mshtml.dll
[-] 2009-10-22 . A6CF28C6E0B6D10098AB601D85EE55E8 . 5943296 . . [8.00.6001.22942] . . c:\windows\$hf_mig$\KB976749-IE8\SP3QFE\mshtml.dll
[-] 2009-08-29 . 0E49677EE57A928765FC47FFBACD5326 . 5940224 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976749-IE8\mshtml.dll
[-] 2009-08-29 . B68F6E6C66D17D9EDABF3D5DA71046DA . 5942272 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll
[-] 2009-07-19 . 5A32B43A48D6DCA339BF24105D9A028F . 5937152 . . [8.00.6001.18812] . . c:\windows\ie8updates\KB974455-IE8\mshtml.dll
[-] 2009-07-19 . F25D866DD486AD30E05E5596CB363C3E . 5938176 . . [8.00.6001.22902] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
.
[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\dllcache\msvcrt.dll
[-] 2004-08-10 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-10 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL
[-] 2004-08-10 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2004-08-10 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
.
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-10 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll
.
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-10 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
.
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-10 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
.
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-10 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
.
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll
[-] 2004-08-10 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
.
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-10 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-08-10 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll
.
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2004-08-10 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll
.
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-10 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[-] 2011-02-22 . A9FA95F0D7F511959AC721E4843E5967 . 919552 . . [8.00.6001.23139] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\wininet.dll
[-] 2011-02-22 . F192D49EEFE297FA858B2C774BA2291D . 916480 . . [8.00.6001.19044] . . c:\windows\system32\wininet.dll
[-] 2011-02-22 . F192D49EEFE297FA858B2C774BA2291D . 916480 . . [8.00.6001.19044] . . c:\windows\system32\dllcache\wininet.dll
[-] 2010-12-20 . 88014D62B5E3CDB0AC67948D86C926C8 . 916480 . . [8.00.6001.19019] . . c:\windows\ie8updates\KB2497640-IE8\wininet.dll
[-] 2010-12-20 . 5504B4ECCE892EB82CD2C5FA71940AC1 . 919552 . . [8.00.6001.23111] . . c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\wininet.dll
[-] 2010-11-06 . 9357C4249F4810FB0E49C13387A8A77C . 919552 . . [8.00.6001.23084] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\wininet.dll
[-] 2010-11-06 . 306A2B05EA9846278113964DC6E2C940 . 916480 . . [8.00.6001.18992] . . c:\windows\ie8updates\KB2482017-IE8\wininet.dll
[-] 2010-09-10 . 36FE8ABC59AAFBE20CBE54BC372F9429 . 916480 . . [8.00.6001.18968] . . c:\windows\ie8updates\KB2416400-IE8\wininet.dll
[-] 2010-09-10 . 0555E190DCD06B8998E6DDCA42DAEB82 . 919552 . . [8.00.6001.23060] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\wininet.dll
[-] 2010-06-24 . 60237E50D575FBA9BEC9BC043F157149 . 919040 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll
[-] 2010-06-24 . D3DEB6B2B424AC93DE3801EAEB21A9A5 . 916480 . . [8.00.6001.18939] . . c:\windows\ie8updates\KB2360131-IE8\wininet.dll
[-] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2183461-IE8\wininet.dll
[-] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[-] 2010-02-25 . 7A42CFED96CDA7F2FB1A26D1F9F65775 . 916480 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll
[-] 2010-02-25 . 4458D59F2B0369F4D3B137541D284041 . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[-] 2009-12-21 . FF4241C74E0C0A5AFFFE05F584213ECB . 916480 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\wininet.dll
[-] 2009-12-21 . 5E1F666B8955FD77E65D65C4C4D882A3 . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . 6AF52998B90F72FF2325D84D90EDA1CC . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . 75240F6EDBCE7B85DF66874407D38A4F . 916480 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\wininet.dll
[-] 2009-08-29 . CF0A5FE05BF614C24950D8FAEC1BC309 . 916480 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll
[-] 2009-08-29 . 972B226BDAD71C55F3CC9A72BBF8F1C1 . 916480 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
[-] 2009-07-03 . 7E8A47A2E6561274B83E257CE74803FD . 915456 . . [8.00.6001.18806] . . c:\windows\ie8updates\KB974455-IE8\wininet.dll
[-] 2009-07-03 . 38114DAB42FB2EB84D1726C42B8D80C5 . 915456 . . [8.00.6001.22896] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[-] 2009-05-13 . 366C72AF6970DB7BB39AB0142BF09DB5 . 915456 . . [8.00.6001.18783] . . c:\windows\ie8updates\KB972260-IE8\wininet.dll
[-] 2009-05-13 . C0EB6850C8A02A154281749DC61FAF22 . 915456 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\wininet.dll
[-] 2009-03-03 . 28775945CCD53DEE280EF58DEA1A94C4 . 826368 . . [7.00.6000.16827] . . c:\windows\SoftwareDistribution\Download\baf4833efdfcb1ed85e5c9347d37106a\SP3GDR\wininet.dll
[-] 2009-03-03 . C8667854873938CA13C986F16B0CD183 . 828416 . . [7.00.6000.21020] . . c:\windows\SoftwareDistribution\Download\baf4833efdfcb1ed85e5c9347d37106a\SP3QFE\wininet.dll
[-] 2009-02-20 . 5B6A3EB7BB2F338BC2CB9F2FA4AAEA9E . 666112 . . [6.00.2900.5764] . . c:\windows\ie8\wininet.dll
[-] 2009-02-20 . 711FEABED387B29FF7ED61BC6806A06C . 667648 . . [6.00.2900.5764] . . c:\windows\$hf_mig$\KB963027\SP3QFE\wininet.dll
[-] 2008-10-16 . 6F1E4BFD78C4E0D05FF3725D59B72925 . 659456 . . [6.00.2900.3462] . . c:\windows\$NtServicePackUninstall$\wininet.dll
[-] 2008-10-16 . 93C9D0A216498EE14EB9B26119BB95EE . 667648 . . [6.00.2900.3462] . . c:\windows\$hf_mig$\KB958215\SP2QFE\wininet.dll
[-] 2008-10-16 . E8FCE58A470999350F64C591557F9E42 . 667136 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
[-] 2008-10-16 . 1576318BF08D28CC61D1278114AD8D5B . 666112 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll
[-] 2008-10-16 . 1576318BF08D28CC61D1278114AD8D5B . 666112 . . [6.00.2900.5694] . . c:\windows\$NtUninstallKB963027$\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB958215$\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2007-04-18 . 4261BA03AFD659DE04F0A17DFBDD454D . 665600 . . [6.00.2900.3121] . . c:\windows\$hf_mig$\KB933566\SP2QFE\wininet.dll
[-] 2007-04-18 . B7156CD97E739F3014BC4D61758F868A . 658944 . . [6.00.2900.3121] . . c:\windows\$NtUninstallKB958215_0$\wininet.dll
[-] 2004-08-10 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB933566$\wininet.dll
.
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-10 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
.
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2004-08-10 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2004-08-10 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2004-08-10 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
[-] 2004-08-10 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\I386\REGEDIT.EXE
.
[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\system32\ole32.dll
[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\system32\dllcache\ole32.dll
[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\ole32.dll
[-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
[-] 2005-04-28 . 7440D29F257B7E44329343F944F2142C . 1286144 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll
[-] 2005-04-28 . 5950E4F28FDA9D147576BF6798937397 . 1285120 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\ole32.dll
[-] 2004-08-10 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\ole32.dll
.
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[-] 2004-08-10 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
.
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2004-08-03 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
.
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-10 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 2004-08-10 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-10 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-10 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
.
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-10 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
.
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll
[-] 2004-08-10 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2004-08-10 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-10 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
.
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-10 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
.
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-10 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
.
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-10 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
.
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2004-08-10 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\appmgmts.dll
[-] 2004-08-10 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
.
[-] 2004-08-10 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\dllcache\acpiec.sys
[-] 2004-08-10 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2004-08-03 21:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtServicePackUninstall$\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
[-] 2004-08-03 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-10 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
.
[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2004-08-10 13:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-10 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
.
[-] 2004-08-10 13:00 . 6EAA72FD9EF993EC1FA9A06DE65105DA . 25088 . . [10.0.3790.3646] . . c:\windows\system32\mspmsnsv.dll
.
[-] 2010-12-09 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[-] 2010-12-09 . 9ED77E2307F6EC6F174C063C15AA3B8C . 2027008 . . [5.1.2600.6055] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2010-04-28 . 756362706DE8BC92F11E197C98A73844 . 2066944 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
[-] 2010-04-27 . 49E936E1398D1A536E84CD5D068F0F09 . 2024448 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe
[-] 2010-02-16 . E8B8801DE921912EBDEEFC76662F7EAD . 2024448 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . 089F1E207B067A4DDEB2EEC37BBB1AA7 . 2023936 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 32B1A971183EC22DD91EEDA61C499E7C . 2023936 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[-] 2009-02-06 . 65D4220799E6FC2CB079070A6393CC0E . 2023936 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . 8206B5F94A6A9450E934029420C1693F . 2023936 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-08-14 . DC097A896A03B8277457D228FD12D4E6 . 2015744 . . [5.1.2600.3427] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[-] 2008-04-13 . 7F653A89F6E89E3AE0D49830EECE35D4 . 2023936 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 . A58AC1C6199EF34228ABEE7FC057AE09 . 2015744 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
[-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . 3CD941E472DDF3534E53038535719771 . 2015232 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2004-08-03 . FB142B7007CA2EEA76966C6C5CC12150 . 2015232 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
.
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-10 13:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
.
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
[-] 2004-08-10 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll
.
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2004-08-10 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
.
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2004-08-10 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
.
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2004-08-10 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
.
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\olepro32.dll
[-] 2004-08-10 13:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
.
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-10 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2004-08-10 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
[-] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[-] 2010-12-09 . 60E16152D847D7A7B7D3DA4C4B8E2120 . 2148864 . . [5.1.2600.6055] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2010-04-27 . 466A3E1239F4A9428797730E81A7A865 . 2146304 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe
[-] 2010-04-27 . A2ABBEC40CDB57454645D06B7EBD22F5 . 2190080 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[-] 2010-02-16 . 048DB3459FAB4CA741DCC84E1F374D65 . 2146304 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 9696C553F994340CD6AA5C5A724C3A19 . 2145280 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-08-04 . 78FCC97CD878D4CF5B5D2158A5A7CF92 . 2145280 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 . 0CBA44D0938D57F334C0862424148B70 . 2145280 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . F6F8245B3A2E9CA834DD318E7AE0C6D0 . 2145280 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-08-14 . DD31AB4B91C2605601A3C108AF57A0C9 . 2136064 . . [5.1.2600.3427] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-13 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 . 1220FAF071DEA8653EE21DE7DCDA8BFD . 2136064 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 48B3E89AF7074CEE0314A3E0C7FAFFDB . 2135552 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2004-08-03 . 626309040459C3915997EF98EC1C8D40 . 2148352 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2004-08-10 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
.
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2006-12-19 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
[-] 2006-12-19 . B6763F8534AC547CF1AF98AFDFF2EDC8 . 333824 . . [5.1.2600.3051] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
[-] 2004-08-10 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB927802$\wiaservc.dll
.
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2004-08-10 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
.
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2006-06-26 . B5D08C96B2DADAF5171FB69E341B272B . 7680 . . [5.1.2600.2938] . . c:\windows\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
[-] 2006-06-26 . 5F098BD2AE6B03044B085DECFFDF91EC . 8192 . . [5.1.2600.2938] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
[-] 2004-08-10 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB920683$\rasadhlp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-16 17:22 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2011-05-09 09:49 176936 ----a-w- c:\program files\ZoneAlarm_Security\prxtbZon0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]
"{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}"= "c:\program files\ZoneAlarm_Security\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetMeter"="c:\program files\NetMeter\NetMeter.exe" [2009-08-09 293888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 57344]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-18 2334560]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-02-15 738808]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Trillian.lnk - c:\program files\Trillian\trillian.exe [2010-8-10 1867776]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Workrave.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Workrave.lnk
backup=c:\windows\pss\Workrave.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
2007-07-28 15:55 4376328 ----a-w- c:\program files\DAP\DAP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 17:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
2005-01-24 18:58 81920 ----a-w- c:\progra~1\Sony\SONICS~1\SSAAD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Documents and Settings\\Owner\\My Documents\\Downloads\\WoW-BurningCrusade-enUS-Installer-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\AOL 9.0\\aol.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\recettear\\recettear.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\recettear\\custom.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\blackwell deception\\Deception.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22/02/2011 08:13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [19/01/2011 04:32 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/01/2011 06:41 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [10/02/2011 07:54 297168]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [05/08/2009 13:39 464264]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18/04/2011 17:39 7398752]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [08/02/2011 05:33 269520]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [15/02/2011 16:25 26872]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [15/02/2011 16:25 488952]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [02/09/2010 16:38 176408]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [30/03/2011 17:17 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10/02/2011 07:53 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/02/2011 07:53 27216]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [27/07/2007 17:23 7040]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [01/04/2012 15:29 250056]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [02/06/2011 11:08 11336]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [25/04/2012 22:02 113120]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*NewlyCreated* - WUAUSERV
*Deregistered* - xcpip
*Deregistered* - xpsec
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 02:18]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1936352823-199163826-2050354253-1006Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-08 18:29]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1936352823-199163826-2050354253-1006UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-08 18:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2645238
uInternet Connection Wizard,ShellNext = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\nj9eh881.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ZoneAlarm Security Customized Web Search
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
MSConfigStartUp-BitTorrent DNA - c:\program files\BitTorrent_DNA\dna.exe
MSConfigStartUp-CTFMON - (no file)
MSConfigStartUp-kdx - c:\program files\Kontiki\KHost.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-20 09:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1936352823-199163826-2050354253-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:5b,64,76,c0,80,06,5e,89,0a,b2,c7,17,da,4b,20,9a,b6,80,2a,67,57,dd,2a,
01,e3,b3,e3,2c,c9,27,84,d0,ab,d9,65,10,56,c0,7b,fc,c4,97,0c,63,ca,b0,ba,d2,\
"??"=hex:61,d7,46,f3,ae,25,fa,3c,e7,80,16,a5,b5,3e,a3,e4
.
[HKEY_USERS\S-1-5-21-1936352823-199163826-2050354253-1006\Software\SecuROM\License information*]
"datasecu"=hex:86,9f,f3,91,a1,78,6f,61,b2,f5,28,7c,73,52,47,ff,fb,48,5a,ba,04,
19,3f,1a,69,09,7b,f5,6f,98,02,db,82,1c,c7,4c,b5,c9,fd,cf,23,4d,b0,1c,52,7c,\
"rkeysecu"=hex:df,23,b2,e5,db,bd,77,15,08,3d,20,dc,ad,9e,4d,a7
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\02\01\14\121\14o"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\]*‘|`Yé]
"DisplayName"="?\11???"
"DeviceDesc"="?\11???"
"ProviderName"=""
"MFG"="????ª"
"ReinstallString"="c:\\WINDOWS\\System32\\ReinstallBackups\\]???\\DriverFiles\\.INF"
"DeviceInstanceIds"=multi:"\0c\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(780)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(1092)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\program files\Microsoft Office\office10\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Mabinogi\npkcmsvc.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\windows\eHome\ehmsas.exe
c:\apps\ABoard\AOSD.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\windows\system32\dllhost.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2012-07-20 09:14:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-20 08:13
.
Pre-Run: 54,596,988,928 bytes free
Post-Run: 57,451,704,320 bytes free
.
- - End Of File - - 9816C2D88E62E3F033019F43949D1519
  • 0

#6
HDL

HDL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I couldn't find TDSSKiller.txt either. It wasn't saved on the desktop. With some help of the search engines I think I have found it though. Fingers crossed this is the right thing this time.

09:25:40.0328 4880 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
09:25:42.0343 4880 ============================================================
09:25:42.0343 4880 Current date / time: 2012/07/20 09:25:42.0343
09:25:42.0343 4880 SystemInfo:
09:25:42.0343 4880
09:25:42.0343 4880 OS Version: 5.1.2600 ServicePack: 3.0
09:25:42.0343 4880 Product type: Workstation
09:25:42.0343 4880 ComputerName: SN641054970330
09:25:42.0343 4880 UserName: Owner
09:25:42.0343 4880 Windows directory: C:\WINDOWS
09:25:42.0343 4880 System windows directory: C:\WINDOWS
09:25:42.0343 4880 Processor architecture: Intel x86
09:25:42.0343 4880 Number of processors: 2
09:25:42.0343 4880 Page size: 0x1000
09:25:42.0343 4880 Boot type: Normal boot
09:25:42.0343 4880 ============================================================
09:25:44.0765 4880 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:25:44.0828 4880 ============================================================
09:25:44.0828 4880 \Device\Harddisk0\DR0:
09:25:44.0828 4880 MBR partitions:
09:25:44.0828 4880 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
09:25:44.0828 4880 ============================================================
09:25:44.0921 4880 C: <-> \Device\Harddisk0\DR0\Partition0
09:25:44.0921 4880 ============================================================
09:25:44.0921 4880 Initialize success
09:25:44.0921 4880 ============================================================
09:25:54.0578 3272 ============================================================
09:25:54.0578 3272 Scan started
09:25:54.0578 3272 Mode: Manual;
09:25:54.0578 3272 ============================================================
09:25:55.0328 3272 Abiosdsk - ok
09:25:55.0343 3272 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
09:25:55.0343 3272 abp480n5 - ok
09:25:55.0390 3272 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:25:55.0406 3272 ACPI - ok
09:25:55.0421 3272 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:25:55.0421 3272 ACPIEC - ok
09:25:55.0484 3272 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:25:55.0484 3272 AdobeFlashPlayerUpdateSvc - ok
09:25:55.0515 3272 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:25:55.0515 3272 adpu160m - ok
09:25:55.0546 3272 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:25:55.0546 3272 aec - ok
09:25:55.0609 3272 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
09:25:55.0640 3272 AFD - ok
09:25:55.0656 3272 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
09:25:55.0656 3272 agp440 - ok
09:25:55.0671 3272 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
09:25:55.0671 3272 agpCPQ - ok
09:25:55.0703 3272 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
09:25:55.0703 3272 Aha154x - ok
09:25:55.0750 3272 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
09:25:55.0750 3272 aic78u2 - ok
09:25:55.0765 3272 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
09:25:55.0765 3272 aic78xx - ok
09:25:55.0812 3272 alcan5wn (0940030d5a5869067ccc03e3b0b8dec7) C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
09:25:55.0828 3272 alcan5wn - ok
09:25:55.0843 3272 alcaudsl (4c9577888c53243e2991456f510488a1) C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
09:25:55.0859 3272 alcaudsl - ok
09:25:56.0093 3272 ALCXWDM (8eaa98894a004a47964dcd84f57493c1) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
09:25:56.0125 3272 ALCXWDM - ok
09:25:56.0203 3272 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
09:25:56.0203 3272 Alerter - ok
09:25:56.0234 3272 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
09:25:56.0234 3272 ALG - ok
09:25:56.0265 3272 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
09:25:56.0281 3272 AliIde - ok
09:25:56.0296 3272 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
09:25:56.0296 3272 alim1541 - ok
09:25:56.0312 3272 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
09:25:56.0312 3272 amdagp - ok
09:25:56.0328 3272 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
09:25:56.0328 3272 amsint - ok
09:25:56.0437 3272 AOL ACS (dc785a964e97bb6ec193e220386a63ed) C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
09:25:56.0437 3272 AOL ACS - ok
09:25:56.0500 3272 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:25:56.0500 3272 Apple Mobile Device - ok
09:25:56.0593 3272 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
09:25:56.0593 3272 AppMgmt - ok
09:25:56.0640 3272 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
09:25:56.0640 3272 asc - ok
09:25:56.0656 3272 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
09:25:56.0656 3272 asc3350p - ok
09:25:56.0671 3272 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
09:25:56.0671 3272 asc3550 - ok
09:25:56.0875 3272 ASKService (1499db3152c636b7fb3d6bb9d47a9485) C:\Program Files\AskBarDis\bar\bin\AskService.exe
09:25:56.0875 3272 ASKService - ok
09:25:56.0984 3272 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:25:57.0015 3272 aspnet_state - ok
09:25:57.0046 3272 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:25:57.0046 3272 AsyncMac - ok
09:25:57.0093 3272 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:25:57.0093 3272 atapi - ok
09:25:57.0093 3272 Atdisk - ok
09:25:57.0156 3272 Ati HotKey Poller (8bb6a2488a93259fddc18d040008c1a4) C:\WINDOWS\system32\Ati2evxx.exe
09:25:57.0156 3272 Ati HotKey Poller - ok
09:25:57.0203 3272 ATI Smart (2a8d3e71a2e5be184da02857a564d71e) C:\WINDOWS\system32\ati2sgag.exe
09:25:57.0203 3272 ATI Smart - ok
09:25:57.0328 3272 ati2mtag (e78b73eb84c257d0d940e041742d2699) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
09:25:57.0343 3272 ati2mtag - ok
09:25:57.0453 3272 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:25:57.0453 3272 Atmarpc - ok
09:25:57.0500 3272 ATWPKT2 (586be5f005fe3886e0b857c5a2aa3ac6) C:\Program Files\Common Files\AOL\ACS\ATWPKT2.SYS
09:25:57.0531 3272 ATWPKT2 - ok
09:25:57.0562 3272 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
09:25:57.0562 3272 AudioSrv - ok
09:25:57.0593 3272 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:25:57.0593 3272 audstub - ok
09:25:58.0156 3272 AVGIDSAgent (37dff4cee590b6d081efe18fb2c377db) C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
09:25:58.0328 3272 AVGIDSAgent - ok
09:25:58.0484 3272 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
09:25:58.0500 3272 AVGIDSDriver - ok
09:25:58.0562 3272 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
09:25:58.0562 3272 AVGIDSEH - ok
09:25:58.0562 3272 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
09:25:58.0578 3272 AVGIDSFilter - ok
09:25:58.0593 3272 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
09:25:58.0593 3272 AVGIDSShim - ok
09:25:58.0640 3272 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
09:25:58.0656 3272 Avgldx86 - ok
09:25:58.0656 3272 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
09:25:58.0671 3272 Avgmfx86 - ok
09:25:58.0671 3272 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
09:25:58.0687 3272 Avgrkx86 - ok
09:25:58.0718 3272 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
09:25:58.0734 3272 Avgtdix - ok
09:25:58.0859 3272 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files\AVG\AVG10\avgwdsvc.exe
09:25:58.0875 3272 avgwd - ok
09:25:58.0953 3272 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:25:58.0953 3272 Beep - ok
09:25:59.0062 3272 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
09:25:59.0218 3272 BITS - ok
09:25:59.0343 3272 Bonjour Service (673cf4f6bb1fbe09331b526802fbb892) C:\Program Files\Bonjour\mDNSResponder.exe
09:25:59.0359 3272 Bonjour Service - ok
09:25:59.0406 3272 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
09:25:59.0406 3272 Browser - ok
09:25:59.0406 3272 catchme - ok
09:25:59.0453 3272 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
09:25:59.0453 3272 cbidf - ok
09:25:59.0453 3272 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:25:59.0468 3272 cbidf2k - ok
09:25:59.0484 3272 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
09:25:59.0500 3272 cd20xrnt - ok
09:25:59.0531 3272 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:25:59.0531 3272 Cdaudio - ok
09:25:59.0562 3272 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:25:59.0562 3272 Cdfs - ok
09:25:59.0578 3272 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:25:59.0593 3272 Cdrom - ok
09:25:59.0609 3272 Changer - ok
09:25:59.0640 3272 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
09:25:59.0640 3272 CiSvc - ok
09:25:59.0671 3272 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
09:25:59.0671 3272 ClipSrv - ok
09:25:59.0765 3272 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:25:59.0812 3272 clr_optimization_v2.0.50727_32 - ok
09:25:59.0859 3272 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:25:59.0859 3272 CmdIde - ok
09:25:59.0875 3272 COMSysApp - ok
09:25:59.0890 3272 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
09:25:59.0906 3272 Cpqarray - ok
09:26:00.0000 3272 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
09:26:00.0015 3272 cpudrv - ok
09:26:00.0046 3272 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
09:26:00.0062 3272 CryptSvc - ok
09:26:00.0093 3272 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
09:26:00.0093 3272 dac2w2k - ok
09:26:00.0125 3272 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
09:26:00.0125 3272 dac960nt - ok
09:26:00.0187 3272 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:26:00.0218 3272 DcomLaunch - ok
09:26:00.0250 3272 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
09:26:00.0265 3272 Dhcp - ok
09:26:00.0281 3272 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:26:00.0281 3272 Disk - ok
09:26:00.0281 3272 dmadmin - ok
09:26:00.0359 3272 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:26:00.0375 3272 dmboot - ok
09:26:00.0406 3272 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:26:00.0406 3272 dmio - ok
09:26:00.0421 3272 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:26:00.0421 3272 dmload - ok
09:26:00.0468 3272 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
09:26:00.0468 3272 dmserver - ok
09:26:00.0484 3272 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:26:00.0484 3272 DMusic - ok
09:26:00.0531 3272 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
09:26:00.0531 3272 Dnscache - ok
09:26:00.0562 3272 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
09:26:00.0578 3272 Dot3svc - ok
09:26:00.0609 3272 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
09:26:00.0609 3272 dpti2o - ok
09:26:00.0640 3272 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:26:00.0640 3272 drmkaud - ok
09:26:00.0671 3272 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
09:26:00.0671 3272 EapHost - ok
09:26:00.0750 3272 ehRecvr (63f371f0248e3732a4821f86e6d0e370) C:\WINDOWS\eHome\ehRecvr.exe
09:26:00.0765 3272 ehRecvr - ok
09:26:00.0781 3272 ehSched (16910f8b482919bb6035ed053b691692) C:\WINDOWS\eHome\ehSched.exe
09:26:00.0781 3272 ehSched - ok
09:26:00.0828 3272 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
09:26:00.0828 3272 ERSvc - ok
09:26:00.0875 3272 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:26:00.0890 3272 Eventlog - ok
09:26:00.0937 3272 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
09:26:00.0953 3272 EventSystem - ok
09:26:00.0968 3272 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:26:00.0984 3272 Fastfat - ok
09:26:01.0140 3272 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:26:01.0156 3272 FastUserSwitchingCompatibility - ok
09:26:01.0203 3272 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:26:01.0203 3272 Fdc - ok
09:26:01.0234 3272 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:26:01.0234 3272 Fips - ok
09:26:01.0265 3272 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
09:26:01.0265 3272 Flpydisk - ok
09:26:01.0312 3272 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:26:01.0328 3272 FltMgr - ok
09:26:01.0421 3272 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:26:01.0437 3272 FontCache3.0.0.0 - ok
09:26:01.0468 3272 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:26:01.0468 3272 Fs_Rec - ok
09:26:01.0500 3272 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:26:01.0515 3272 Ftdisk - ok
09:26:01.0562 3272 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:26:01.0562 3272 GEARAspiWDM - ok
09:26:01.0593 3272 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:26:01.0609 3272 Gpc - ok
09:26:01.0671 3272 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:26:01.0671 3272 helpsvc - ok
09:26:01.0687 3272 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
09:26:01.0687 3272 HidServ - ok
09:26:01.0718 3272 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:26:01.0718 3272 HidUsb - ok
09:26:01.0750 3272 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
09:26:01.0750 3272 hkmsvc - ok
09:26:01.0796 3272 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
09:26:01.0812 3272 hpn - ok
09:26:01.0859 3272 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:26:01.0890 3272 HTTP - ok
09:26:01.0921 3272 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
09:26:01.0921 3272 HTTPFilter - ok
09:26:01.0984 3272 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
09:26:01.0984 3272 i2omgmt - ok
09:26:02.0015 3272 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
09:26:02.0015 3272 i2omp - ok
09:26:02.0031 3272 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:26:02.0031 3272 i8042prt - ok
09:26:02.0265 3272 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:26:02.0328 3272 idsvc - ok
09:26:02.0375 3272 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:26:02.0375 3272 Imapi - ok
09:26:02.0437 3272 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
09:26:02.0453 3272 ImapiService - ok
09:26:02.0500 3272 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
09:26:02.0500 3272 ini910u - ok
09:26:02.0515 3272 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:26:02.0515 3272 IntelIde - ok
09:26:02.0562 3272 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:26:02.0562 3272 intelppm - ok
09:26:02.0593 3272 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:26:02.0593 3272 Ip6Fw - ok
09:26:02.0609 3272 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:26:02.0625 3272 IpFilterDriver - ok
09:26:02.0640 3272 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:26:02.0640 3272 IpInIp - ok
09:26:02.0656 3272 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:26:02.0671 3272 IpNat - ok
09:26:02.0781 3272 iPod Service (6e27978a4755f4789f912f5f49392f7c) C:\Program Files\iPod\bin\iPodService.exe
09:26:02.0859 3272 iPod Service - ok
09:26:02.0890 3272 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:26:02.0906 3272 IPSec - ok
09:26:02.0921 3272 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:26:02.0937 3272 IRENUM - ok
09:26:02.0953 3272 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:26:02.0953 3272 isapnp - ok
09:26:03.0015 3272 ISWKL (eb8594268cf50baaecbe82d70c833533) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
09:26:03.0015 3272 ISWKL - ok
09:26:03.0062 3272 IswSvc (2202ba7450e6be65d92a40377206c626) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
09:26:03.0078 3272 IswSvc - ok
09:26:03.0156 3272 iWinTrusted (0e99e8a722fd6c5552fb60eea0008565) C:\Program Files\iWin Games\iWinTrusted.exe
09:26:03.0156 3272 iWinTrusted - ok
09:26:03.0390 3272 JavaQuickStarterService (c2c1660ddcc9bd67eb98d6d5f91c107f) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
09:26:03.0390 3272 JavaQuickStarterService - ok
09:26:03.0421 3272 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:26:03.0437 3272 Kbdclass - ok
09:26:03.0453 3272 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:26:03.0453 3272 kbdhid - ok
09:26:03.0468 3272 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:26:03.0468 3272 kmixer - ok
09:26:03.0531 3272 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:26:03.0546 3272 KSecDD - ok
09:26:03.0593 3272 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
09:26:03.0609 3272 lanmanserver - ok
09:26:03.0656 3272 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
09:26:03.0671 3272 lanmanworkstation - ok
09:26:03.0671 3272 lbrtfdc - ok
09:26:03.0718 3272 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
09:26:03.0734 3272 LmHosts - ok
09:26:03.0796 3272 MDM (0efee4f2d23ba2d8b27fba942106e0e1) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
09:26:03.0796 3272 MDM - ok
09:26:03.0828 3272 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
09:26:03.0828 3272 Messenger - ok
09:26:03.0859 3272 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
09:26:03.0875 3272 MHN - ok
09:26:03.0906 3272 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
09:26:03.0921 3272 MHNDRV - ok
09:26:03.0937 3272 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:26:03.0937 3272 mnmdd - ok
09:26:03.0984 3272 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
09:26:03.0984 3272 mnmsrvc - ok
09:26:04.0031 3272 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:26:04.0031 3272 Modem - ok
09:26:04.0062 3272 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:26:04.0062 3272 Mouclass - ok
09:26:04.0078 3272 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:26:04.0078 3272 mouhid - ok
09:26:04.0093 3272 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:26:04.0093 3272 MountMgr - ok
09:26:04.0171 3272 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:26:04.0187 3272 MozillaMaintenance - ok
09:26:04.0203 3272 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:26:04.0203 3272 mraid35x - ok
09:26:04.0218 3272 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:26:04.0234 3272 MRxDAV - ok
09:26:04.0359 3272 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:26:04.0390 3272 MRxSmb - ok
09:26:04.0484 3272 MSCSPTISRV (7419d631c390c558a5a87484567babd5) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
09:26:04.0562 3272 MSCSPTISRV - ok
09:26:04.0593 3272 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
09:26:04.0609 3272 MSDTC - ok
09:26:04.0656 3272 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:26:04.0671 3272 Msfs - ok
09:26:04.0687 3272 MSIServer - ok
09:26:04.0703 3272 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:26:04.0718 3272 MSKSSRV - ok
09:26:04.0734 3272 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:26:04.0750 3272 MSPCLOCK - ok
09:26:04.0765 3272 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:26:04.0781 3272 MSPQM - ok
09:26:04.0812 3272 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:26:04.0812 3272 mssmbios - ok
09:26:04.0828 3272 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
09:26:04.0843 3272 Mup - ok
09:26:04.0890 3272 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
09:26:04.0906 3272 napagent - ok
09:26:04.0953 3272 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:26:04.0968 3272 NDIS - ok
09:26:04.0984 3272 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:26:04.0984 3272 NdisTapi - ok
09:26:05.0000 3272 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:26:05.0000 3272 Ndisuio - ok
09:26:05.0031 3272 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:26:05.0031 3272 NdisWan - ok
09:26:05.0062 3272 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:26:05.0078 3272 NDProxy - ok
09:26:05.0093 3272 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:26:05.0093 3272 NetBIOS - ok
09:26:05.0125 3272 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:26:05.0140 3272 NetBT - ok
09:26:05.0187 3272 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:26:05.0203 3272 NetDDE - ok
09:26:05.0203 3272 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:26:05.0218 3272 NetDDEdsdm - ok
09:26:05.0250 3272 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:26:05.0250 3272 Netlogon - ok
09:26:05.0281 3272 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
09:26:05.0296 3272 Netman - ok
09:26:05.0453 3272 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:26:05.0468 3272 NetTcpPortSharing - ok
09:26:05.0515 3272 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
09:26:05.0515 3272 Nla - ok
09:26:05.0562 3272 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:26:05.0562 3272 Npfs - ok
09:26:05.0578 3272 npggsvc - ok
09:26:05.0640 3272 npkcmsvc (b28873f1a04dffd29d03d6eb201f9e49) C:\Program Files\Mabinogi\npkcmsvc.exe
09:26:05.0640 3272 npkcmsvc - ok
09:26:05.0656 3272 npkcrypt - ok
09:26:05.0703 3272 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:26:05.0734 3272 Ntfs - ok
09:26:05.0765 3272 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:26:05.0765 3272 NtLmSsp - ok
09:26:05.0828 3272 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
09:26:05.0843 3272 NtmsSvc - ok
09:26:05.0890 3272 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:26:05.0890 3272 Null - ok
09:26:05.0921 3272 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:26:05.0921 3272 NwlnkFlt - ok
09:26:05.0937 3272 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:26:05.0953 3272 NwlnkFwd - ok
09:26:06.0046 3272 PACSPTISVR (778c309121067d83b8a48cdb658b4c17) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
09:26:06.0109 3272 PACSPTISVR - ok
09:26:06.0156 3272 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
09:26:06.0156 3272 Parport - ok
09:26:06.0187 3272 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:26:06.0187 3272 PartMgr - ok
09:26:06.0218 3272 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:26:06.0218 3272 ParVdm - ok
09:26:06.0250 3272 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:26:06.0265 3272 PCI - ok
09:26:06.0281 3272 PCIDump - ok
09:26:06.0296 3272 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:26:06.0296 3272 PCIIde - ok
09:26:06.0328 3272 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:26:06.0343 3272 Pcmcia - ok
09:26:06.0359 3272 PDCOMP - ok
09:26:06.0359 3272 PDFRAME - ok
09:26:06.0375 3272 PDRELI - ok
09:26:06.0390 3272 PDRFRAME - ok
09:26:06.0421 3272 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
09:26:06.0421 3272 perc2 - ok
09:26:06.0437 3272 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
09:26:06.0437 3272 perc2hib - ok
09:26:06.0546 3272 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:26:06.0546 3272 PlugPlay - ok
09:26:06.0562 3272 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:26:06.0562 3272 PolicyAgent - ok
09:26:06.0609 3272 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:26:06.0609 3272 PptpMiniport - ok
09:26:06.0625 3272 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
09:26:06.0625 3272 Processor - ok
09:26:06.0640 3272 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:26:06.0640 3272 ProtectedStorage - ok
09:26:06.0656 3272 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:26:06.0671 3272 PSched - ok
09:26:06.0687 3272 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:26:06.0687 3272 Ptilink - ok
09:26:06.0734 3272 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:26:06.0796 3272 PxHelp20 - ok
09:26:06.0812 3272 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
09:26:06.0812 3272 ql1080 - ok
09:26:06.0828 3272 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
09:26:06.0828 3272 Ql10wnt - ok
09:26:06.0843 3272 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
09:26:06.0843 3272 ql12160 - ok
09:26:06.0875 3272 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
09:26:06.0875 3272 ql1240 - ok
09:26:06.0890 3272 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
09:26:06.0890 3272 ql1280 - ok
09:26:06.0921 3272 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:26:06.0921 3272 RasAcd - ok
09:26:06.0953 3272 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
09:26:06.0968 3272 RasAuto - ok
09:26:07.0031 3272 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:26:07.0031 3272 Rasl2tp - ok
09:26:07.0078 3272 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
09:26:07.0093 3272 RasMan - ok
09:26:07.0109 3272 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:26:07.0109 3272 RasPppoe - ok
09:26:07.0125 3272 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:26:07.0125 3272 Raspti - ok
09:26:07.0156 3272 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:26:07.0171 3272 Rdbss - ok
09:26:07.0187 3272 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:26:07.0187 3272 RDPCDD - ok
09:26:07.0218 3272 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:26:07.0234 3272 rdpdr - ok
09:26:07.0265 3272 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
09:26:07.0265 3272 RDPWD - ok
09:26:07.0312 3272 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
09:26:07.0328 3272 RDSessMgr - ok
09:26:07.0375 3272 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:26:07.0375 3272 redbook - ok
09:26:07.0406 3272 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
09:26:07.0421 3272 RemoteAccess - ok
09:26:07.0453 3272 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
09:26:07.0453 3272 RemoteRegistry - ok
09:26:07.0484 3272 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
09:26:07.0484 3272 RpcLocator - ok
09:26:07.0656 3272 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
09:26:07.0656 3272 RpcSs - ok
09:26:07.0703 3272 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
09:26:07.0718 3272 RSVP - ok
09:26:07.0765 3272 RTL8023 (31c3ebb3a71fe56b8109bfb4ed20ae69) C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys
09:26:07.0765 3272 RTL8023 - ok
09:26:07.0812 3272 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:26:07.0812 3272 SamSs - ok
09:26:07.0859 3272 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
09:26:07.0875 3272 SCardSvr - ok
09:26:07.0921 3272 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
09:26:07.0937 3272 Schedule - ok
09:26:07.0968 3272 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:26:07.0968 3272 Secdrv - ok
09:26:08.0015 3272 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
09:26:08.0015 3272 seclogon - ok
09:26:08.0031 3272 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
09:26:08.0046 3272 SENS - ok
09:26:08.0062 3272 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
09:26:08.0062 3272 Serial - ok
09:26:08.0125 3272 sfdrv01 (56250672235bbe54ba8a4963b1ac997c) C:\WINDOWS\system32\drivers\sfdrv01.sys
09:26:08.0187 3272 sfdrv01 - ok
09:26:08.0203 3272 sfhlp02 (3ad2b15ccc03febfbaf5ff057822aa75) C:\WINDOWS\system32\drivers\sfhlp02.sys
09:26:08.0234 3272 sfhlp02 - ok
09:26:08.0281 3272 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:26:08.0296 3272 Sfloppy - ok
09:26:08.0312 3272 sfsync02 (798d918d8f20380008277ce3ce5319d1) C:\WINDOWS\system32\drivers\sfsync02.sys
09:26:08.0359 3272 sfsync02 - ok
09:26:08.0406 3272 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
09:26:08.0421 3272 SharedAccess - ok
09:26:08.0453 3272 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:26:08.0468 3272 ShellHWDetection - ok
09:26:08.0468 3272 Simbad - ok
09:26:08.0515 3272 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
09:26:08.0515 3272 sisagp - ok
09:26:08.0531 3272 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
09:26:08.0546 3272 Sparrow - ok
09:26:08.0578 3272 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:26:08.0578 3272 splitter - ok
09:26:08.0703 3272 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
09:26:08.0703 3272 Spooler - ok
09:26:08.0796 3272 SPTISRV (9cab0a38deebd30f3c8fe9d9826f43b1) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
09:26:08.0843 3272 SPTISRV - ok
09:26:08.0890 3272 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:26:08.0906 3272 sr - ok
09:26:08.0937 3272 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
09:26:08.0953 3272 srservice - ok
09:26:09.0000 3272 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:26:09.0046 3272 Srv - ok
09:26:09.0078 3272 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
09:26:09.0078 3272 SSDPSRV - ok
09:26:09.0125 3272 SSScsiSV (45b83808bf5c9968c3259a48898c7dd5) C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
09:26:09.0187 3272 SSScsiSV - ok
09:26:09.0218 3272 Steam Client Service - ok
09:26:09.0296 3272 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
09:26:09.0359 3272 stisvc - ok
09:26:09.0406 3272 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:26:09.0421 3272 swenum - ok
09:26:09.0468 3272 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:26:09.0484 3272 swmidi - ok
09:26:09.0500 3272 SwPrv - ok
09:26:09.0546 3272 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
09:26:09.0546 3272 symc810 - ok
09:26:09.0562 3272 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
09:26:09.0578 3272 symc8xx - ok
09:26:09.0593 3272 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
09:26:09.0593 3272 sym_hi - ok
09:26:09.0625 3272 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
09:26:09.0625 3272 sym_u3 - ok
09:26:09.0671 3272 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:26:09.0671 3272 sysaudio - ok
09:26:09.0781 3272 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
09:26:09.0796 3272 SysmonLog - ok
09:26:09.0843 3272 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
09:26:09.0859 3272 TapiSrv - ok
09:26:09.0906 3272 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:26:09.0921 3272 Tcpip - ok
09:26:09.0968 3272 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:26:09.0968 3272 TDPIPE - ok
09:26:10.0000 3272 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:26:10.0000 3272 TDTCP - ok
09:26:10.0031 3272 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:26:10.0031 3272 TermDD - ok
09:26:10.0093 3272 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
09:26:10.0125 3272 TermService - ok
09:26:10.0171 3272 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:26:10.0171 3272 Themes - ok
09:26:10.0234 3272 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
09:26:10.0265 3272 TlntSvr - ok
09:26:10.0281 3272 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
09:26:10.0296 3272 TosIde - ok
09:26:10.0328 3272 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
09:26:10.0343 3272 TrkWks - ok
09:26:10.0390 3272 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:26:10.0406 3272 Udfs - ok
09:26:10.0468 3272 UleadBurningHelper (ca90d2c55eb3bb90687677bea3db0b59) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
09:26:10.0468 3272 UleadBurningHelper - ok
09:26:10.0484 3272 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
09:26:10.0500 3272 ultra - ok
09:26:10.0531 3272 UMWdf (1977313e362c8732c1af4d1bcb9c06b7) C:\WINDOWS\system32\wdfmgr.exe
09:26:10.0546 3272 UMWdf - ok
09:26:10.0593 3272 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:26:10.0609 3272 Update - ok
09:26:10.0656 3272 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
09:26:10.0687 3272 upnphost - ok
09:26:10.0718 3272 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
09:26:10.0718 3272 UPS - ok
09:26:10.0765 3272 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
09:26:10.0796 3272 USBAAPL - ok
09:26:10.0890 3272 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:26:10.0906 3272 usbccgp - ok
09:26:10.0968 3272 USBDeviceService (b9fe1f943508953c0683ab7f1602e643) C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
09:26:10.0984 3272 USBDeviceService - ok
09:26:11.0000 3272 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:26:11.0000 3272 usbehci - ok
09:26:11.0015 3272 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:26:11.0015 3272 usbhub - ok
09:26:11.0031 3272 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
09:26:11.0031 3272 usbohci - ok
09:26:11.0046 3272 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:26:11.0062 3272 USBSTOR - ok
09:26:11.0078 3272 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:26:11.0078 3272 VgaSave - ok
09:26:11.0125 3272 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
09:26:11.0125 3272 viaagp - ok
09:26:11.0140 3272 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
09:26:11.0140 3272 ViaIde - ok
09:26:11.0171 3272 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:26:11.0171 3272 VolSnap - ok
09:26:11.0234 3272 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
09:26:11.0250 3272 vsdatant - ok
09:26:11.0281 3272 vsmon - ok
09:26:11.0359 3272 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
09:26:11.0375 3272 VSS - ok
09:26:11.0406 3272 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
09:26:11.0421 3272 W32Time - ok
09:26:11.0437 3272 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:26:11.0453 3272 Wanarp - ok
09:26:11.0484 3272 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
09:26:11.0484 3272 wanatw - ok
09:26:11.0500 3272 WDICA - ok
09:26:11.0546 3272 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:26:11.0562 3272 wdmaud - ok
09:26:11.0609 3272 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
09:26:11.0609 3272 WebClient - ok
09:26:11.0687 3272 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
09:26:11.0703 3272 winmgmt - ok
09:26:11.0750 3272 WmdmPmSN (6eaa72fd9ef993ec1fa9a06de65105da) C:\WINDOWS\system32\mspmsnsv.dll
09:26:11.0750 3272 WmdmPmSN - ok
09:26:11.0812 3272 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
09:26:11.0843 3272 Wmi - ok
09:26:12.0000 3272 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:26:12.0015 3272 WmiApSrv - ok
09:26:12.0046 3272 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:26:12.0062 3272 WS2IFSL - ok
09:26:12.0109 3272 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
09:26:12.0125 3272 wscsvc - ok
09:26:12.0156 3272 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
09:26:12.0156 3272 wuauserv - ok
09:26:12.0234 3272 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
09:26:12.0265 3272 WZCSVC - ok
09:26:12.0281 3272 X10Hid (81e8da36ce70858898d5eb81e28a47d2) C:\WINDOWS\system32\Drivers\x10hid.sys
09:26:12.0296 3272 X10Hid - ok
09:26:12.0343 3272 x10nets (5a0c788c5bc5f2c993cb60940adcf95e) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
09:26:12.0343 3272 x10nets - ok
09:26:12.0375 3272 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
09:26:12.0453 3272 xmlprov - ok
09:26:12.0500 3272 MBR (0x1B8) (33acd7f96c8c543021d4b4a4c6afbe8a) \Device\Harddisk0\DR0
09:26:12.0500 3272 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
09:26:12.0500 3272 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
09:26:12.0515 3272 Boot (0x1200) (23628e4d62bc3912ecbf33ea97200c39) \Device\Harddisk0\DR0\Partition0
09:26:12.0515 3272 \Device\Harddisk0\DR0\Partition0 - ok
09:26:12.0515 3272 ============================================================
09:26:12.0515 3272 Scan finished
09:26:12.0515 3272 ============================================================
09:26:12.0562 3652 Detected object count: 1
09:26:12.0562 3652 Actual detected object count: 1
09:26:49.0218 3652 \Device\Harddisk0\DR0\# - copied to quarantine
09:26:49.0218 3652 \Device\Harddisk0\DR0 - copied to quarantine
09:26:49.0218 3652 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot
09:26:49.0234 3652 \Device\Harddisk0\DR0 - ok
09:26:49.0234 3652 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure
09:26:56.0531 5424 Deinitialize success



10:25:25.0859 3752 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
10:25:27.0875 3752 ============================================================
10:25:27.0875 3752 Current date / time: 2012/07/20 10:25:27.0875
10:25:27.0875 3752 SystemInfo:
10:25:27.0875 3752
10:25:27.0875 3752 OS Version: 5.1.2600 ServicePack: 3.0
10:25:27.0875 3752 Product type: Workstation
10:25:27.0875 3752 ComputerName: SN641054970330
10:25:27.0875 3752 UserName: Owner
10:25:27.0875 3752 Windows directory: C:\WINDOWS
10:25:27.0875 3752 System windows directory: C:\WINDOWS
10:25:27.0875 3752 Processor architecture: Intel x86
10:25:27.0875 3752 Number of processors: 2
10:25:27.0875 3752 Page size: 0x1000
10:25:27.0875 3752 Boot type: Normal boot
10:25:27.0875 3752 ============================================================
10:25:30.0546 3752 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:25:30.0625 3752 ============================================================
10:25:30.0625 3752 \Device\Harddisk0\DR0:
10:25:30.0625 3752 MBR partitions:
10:25:30.0625 3752 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
10:25:30.0625 3752 ============================================================
10:25:30.0656 3752 C: <-> \Device\Harddisk0\DR0\Partition0
10:25:30.0671 3752 ============================================================
10:25:30.0671 3752 Initialize success
10:25:30.0671 3752 ============================================================
10:25:48.0328 4144 ============================================================
10:25:48.0328 4144 Scan started
10:25:48.0328 4144 Mode: Manual; SigCheck; TDLFS;
10:25:48.0328 4144 ============================================================
10:25:48.0765 4144 Abiosdsk - ok
10:25:48.0796 4144 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
10:25:48.0968 4144 abp480n5 ( UnsignedFile.Multi.Generic ) - warning
10:25:48.0968 4144 abp480n5 - detected UnsignedFile.Multi.Generic (1)
10:25:49.0031 4144 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:25:49.0078 4144 ACPI ( UnsignedFile.Multi.Generic ) - warning
10:25:49.0078 4144 ACPI - detected UnsignedFile.Multi.Generic (1)
10:25:49.0109 4144 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:25:49.0140 4144 ACPIEC ( UnsignedFile.Multi.Generic ) - warning
10:25:49.0140 4144 ACPIEC - detected UnsignedFile.Multi.Generic (1)
10:25:49.0203 4144 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:25:49.0296 4144 AdobeFlashPlayerUpdateSvc - ok
10:25:49.0328 4144 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
10:25:49.0390 4144 adpu160m ( UnsignedFile.Multi.Generic ) - warning
10:25:49.0390 4144 adpu160m - detected UnsignedFile.Multi.Generic (1)
10:25:49.0421 4144 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:25:49.0453 4144 aec ( UnsignedFile.Multi.Generic ) - warning
10:25:49.0453 4144 aec - detected UnsignedFile.Multi.Generic (1)
10:25:49.0515 4144 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
10:25:49.0578 4144 AFD ( UnsignedFile.Multi.Generic ) - warning
10:25:49.0578 4144 AFD - detected UnsignedFile.Multi.Generic (1)
10:25:49.0609 4144 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
10:25:49.0656 4144 agp440 ( UnsignedFile.Multi.Generic ) - warning
10:25:49.0656 4144 agp440 - detected UnsignedFile.Multi.Generic (1)
10:25:49.0656 4144 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
10:25:49.0687 4144 agpCPQ ( UnsignedFile.Multi.Generic ) - warning
10:25:49.0687 4144 agpCPQ - detected UnsignedFile.Multi.Generic (1)
10:25:49.0703 4144 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
10:25:49.0750 4144 Aha154x ( UnsignedFile.Multi.Generic ) - warning
10:25:49.0750 4144 Aha154x - detected UnsignedFile.Multi.Generic (1)
10:25:49.0750 4144 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
10:25:49.0796 4144 aic78u2 ( UnsignedFile.Multi.Generic ) - warning
10:25:49.0796 4144 aic78u2 - detected UnsignedFile.Multi.Generic (1)
10:25:49.0812 4144 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
10:25:49.0843 4144 aic78xx ( UnsignedFile.Multi.Generic ) - warning
10:25:49.0843 4144 aic78xx - detected UnsignedFile.Multi.Generic (1)
10:25:49.0875 4144 alcan5wn (0940030d5a5869067ccc03e3b0b8dec7) C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
10:25:49.0906 4144 alcan5wn ( UnsignedFile.Multi.Generic ) - warning
10:25:49.0906 4144 alcan5wn - detected UnsignedFile.Multi.Generic (1)
10:25:49.0937 4144 alcaudsl (4c9577888c53243e2991456f510488a1) C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
10:25:49.0953 4144 alcaudsl ( UnsignedFile.Multi.Generic ) - warning
10:25:49.0953 4144 alcaudsl - detected UnsignedFile.Multi.Generic (1)
10:25:50.0171 4144 ALCXWDM (8eaa98894a004a47964dcd84f57493c1) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
10:25:50.0453 4144 ALCXWDM ( UnsignedFile.Multi.Generic ) - warning
10:25:50.0453 4144 ALCXWDM - detected UnsignedFile.Multi.Generic (1)
10:25:50.0546 4144 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
10:25:50.0625 4144 Alerter ( UnsignedFile.Multi.Generic ) - warning
10:25:50.0625 4144 Alerter - detected UnsignedFile.Multi.Generic (1)
10:25:50.0640 4144 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
10:25:50.0671 4144 ALG ( UnsignedFile.Multi.Generic ) - warning
10:25:50.0671 4144 ALG - detected UnsignedFile.Multi.Generic (1)
10:25:50.0718 4144 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
10:25:50.0765 4144 AliIde ( UnsignedFile.Multi.Generic ) - warning
10:25:50.0765 4144 AliIde - detected UnsignedFile.Multi.Generic (1)
10:25:50.0781 4144 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
10:25:50.0843 4144 alim1541 ( UnsignedFile.Multi.Generic ) - warning
10:25:50.0843 4144 alim1541 - detected UnsignedFile.Multi.Generic (1)
10:25:50.0859 4144 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
10:25:50.0906 4144 amdagp ( UnsignedFile.Multi.Generic ) - warning
10:25:50.0906 4144 amdagp - detected UnsignedFile.Multi.Generic (1)
10:25:50.0906 4144 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
10:25:50.0937 4144 amsint ( UnsignedFile.Multi.Generic ) - warning
10:25:50.0937 4144 amsint - detected UnsignedFile.Multi.Generic (1)
10:25:51.0046 4144 AOL ACS (dc785a964e97bb6ec193e220386a63ed) C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
10:25:51.0140 4144 AOL ACS - ok
10:25:51.0218 4144 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:25:51.0234 4144 Apple Mobile Device - ok
10:25:51.0343 4144 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
10:25:51.0406 4144 AppMgmt ( UnsignedFile.Multi.Generic ) - warning
10:25:51.0406 4144 AppMgmt - detected UnsignedFile.Multi.Generic (1)
10:25:51.0468 4144 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
10:25:51.0500 4144 asc ( UnsignedFile.Multi.Generic ) - warning
10:25:51.0500 4144 asc - detected UnsignedFile.Multi.Generic (1)
10:25:51.0515 4144 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
10:25:51.0531 4144 asc3350p ( UnsignedFile.Multi.Generic ) - warning
10:25:51.0531 4144 asc3350p - detected UnsignedFile.Multi.Generic (1)
10:25:51.0546 4144 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
10:25:51.0578 4144 asc3550 ( UnsignedFile.Multi.Generic ) - warning
10:25:51.0578 4144 asc3550 - detected UnsignedFile.Multi.Generic (1)
10:25:51.0703 4144 ASKService (1499db3152c636b7fb3d6bb9d47a9485) C:\Program Files\AskBarDis\bar\bin\AskService.exe
10:25:51.0750 4144 ASKService - ok
10:25:51.0859 4144 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:25:51.0953 4144 aspnet_state - ok
10:25:51.0984 4144 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:25:52.0031 4144 AsyncMac ( UnsignedFile.Multi.Generic ) - warning
10:25:52.0031 4144 AsyncMac - detected UnsignedFile.Multi.Generic (1)
10:25:52.0062 4144 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:25:52.0093 4144 atapi ( UnsignedFile.Multi.Generic ) - warning
10:25:52.0093 4144 atapi - detected UnsignedFile.Multi.Generic (1)
10:25:52.0093 4144 Atdisk - ok
10:25:52.0156 4144 Ati HotKey Poller (8bb6a2488a93259fddc18d040008c1a4) C:\WINDOWS\system32\Ati2evxx.exe
10:25:52.0203 4144 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - warning
10:25:52.0203 4144 Ati HotKey Poller - detected UnsignedFile.Multi.Generic (1)
10:25:52.0265 4144 ATI Smart (2a8d3e71a2e5be184da02857a564d71e) C:\WINDOWS\system32\ati2sgag.exe
10:25:52.0328 4144 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
10:25:52.0328 4144 ATI Smart - detected UnsignedFile.Multi.Generic (1)
10:25:52.0468 4144 ati2mtag (e78b73eb84c257d0d940e041742d2699) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
10:25:52.0593 4144 ati2mtag ( UnsignedFile.Multi.Generic ) - warning
10:25:52.0593 4144 ati2mtag - detected UnsignedFile.Multi.Generic (1)
10:25:52.0718 4144 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:25:52.0750 4144 Atmarpc ( UnsignedFile.Multi.Generic ) - warning
10:25:52.0750 4144 Atmarpc - detected UnsignedFile.Multi.Generic (1)
10:25:52.0812 4144 ATWPKT2 (586be5f005fe3886e0b857c5a2aa3ac6) C:\Program Files\Common Files\AOL\ACS\ATWPKT2.SYS
10:25:52.0859 4144 ATWPKT2 ( UnsignedFile.Multi.Generic ) - warning
10:25:52.0859 4144 ATWPKT2 - detected UnsignedFile.Multi.Generic (1)
10:25:52.0906 4144 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
10:25:52.0953 4144 AudioSrv ( UnsignedFile.Multi.Generic ) - warning
10:25:52.0953 4144 AudioSrv - detected UnsignedFile.Multi.Generic (1)
10:25:52.0968 4144 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:25:53.0000 4144 audstub ( UnsignedFile.Multi.Generic ) - warning
10:25:53.0000 4144 audstub - detected UnsignedFile.Multi.Generic (1)
10:25:53.0484 4144 AVGIDSAgent (37dff4cee590b6d081efe18fb2c377db) C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
10:25:53.0859 4144 AVGIDSAgent - ok
10:25:54.0000 4144 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
10:25:54.0468 4144 AVGIDSDriver - ok
10:25:54.0515 4144 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
10:25:54.0531 4144 AVGIDSEH - ok
10:25:54.0578 4144 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
10:25:54.0593 4144 AVGIDSFilter - ok
10:25:54.0625 4144 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
10:25:54.0640 4144 AVGIDSShim - ok
10:25:54.0671 4144 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
10:25:54.0687 4144 Avgldx86 - ok
10:25:54.0703 4144 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
10:25:54.0718 4144 Avgmfx86 - ok
10:25:54.0750 4144 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
10:25:54.0765 4144 Avgrkx86 - ok
10:25:54.0796 4144 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
10:25:54.0843 4144 Avgtdix - ok
10:25:54.0921 4144 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files\AVG\AVG10\avgwdsvc.exe
10:25:54.0953 4144 avgwd - ok
10:25:54.0984 4144 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:25:55.0031 4144 Beep ( UnsignedFile.Multi.Generic ) - warning
10:25:55.0031 4144 Beep - detected UnsignedFile.Multi.Generic (1)
10:25:55.0093 4144 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
10:25:55.0187 4144 BITS ( UnsignedFile.Multi.Generic ) - warning
10:25:55.0187 4144 BITS - detected UnsignedFile.Multi.Generic (1)
10:25:55.0281 4144 Bonjour Service (673cf4f6bb1fbe09331b526802fbb892) C:\Program Files\Bonjour\mDNSResponder.exe
10:25:55.0343 4144 Bonjour Service - ok
10:25:55.0390 4144 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
10:25:55.0421 4144 Browser ( UnsignedFile.Multi.Generic ) - warning
10:25:55.0421 4144 Browser - detected UnsignedFile.Multi.Generic (1)
10:25:55.0421 4144 catchme - ok
10:25:55.0468 4144 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
10:25:55.0484 4144 cbidf ( UnsignedFile.Multi.Generic ) - warning
10:25:55.0484 4144 cbidf - detected UnsignedFile.Multi.Generic (1)
10:25:55.0500 4144 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:25:55.0531 4144 cbidf2k ( UnsignedFile.Multi.Generic ) - warning
10:25:55.0531 4144 cbidf2k - detected UnsignedFile.Multi.Generic (1)
10:25:55.0546 4144 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
10:25:55.0593 4144 cd20xrnt ( UnsignedFile.Multi.Generic ) - warning
10:25:55.0593 4144 cd20xrnt - detected UnsignedFile.Multi.Generic (1)
10:25:55.0625 4144 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:25:55.0671 4144 Cdaudio ( UnsignedFile.Multi.Generic ) - warning
10:25:55.0671 4144 Cdaudio - detected UnsignedFile.Multi.Generic (1)
10:25:55.0703 4144 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:25:55.0734 4144 Cdfs ( UnsignedFile.Multi.Generic ) - warning
10:25:55.0734 4144 Cdfs - detected UnsignedFile.Multi.Generic (1)
10:25:55.0765 4144 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:25:55.0812 4144 Cdrom ( UnsignedFile.Multi.Generic ) - warning
10:25:55.0812 4144 Cdrom - detected UnsignedFile.Multi.Generic (1)
10:25:55.0812 4144 Changer - ok
10:25:55.0859 4144 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
10:25:55.0921 4144 CiSvc ( UnsignedFile.Multi.Generic ) - warning
10:25:55.0921 4144 CiSvc - detected UnsignedFile.Multi.Generic (1)
10:25:55.0953 4144 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
10:25:55.0984 4144 ClipSrv ( UnsignedFile.Multi.Generic ) - warning
10:25:55.0984 4144 ClipSrv - detected UnsignedFile.Multi.Generic (1)
10:25:56.0078 4144 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:25:56.0171 4144 clr_optimization_v2.0.50727_32 - ok
10:25:56.0187 4144 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
10:25:56.0234 4144 CmdIde ( UnsignedFile.Multi.Generic ) - warning
10:25:56.0234 4144 CmdIde - detected UnsignedFile.Multi.Generic (1)
10:25:56.0234 4144 COMSysApp - ok
10:25:56.0265 4144 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
10:25:56.0296 4144 Cpqarray ( UnsignedFile.Multi.Generic ) - warning
10:25:56.0296 4144 Cpqarray - detected UnsignedFile.Multi.Generic (1)
10:25:56.0343 4144 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
10:25:56.0375 4144 cpudrv - ok
10:25:56.0406 4144 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
10:25:56.0437 4144 CryptSvc ( UnsignedFile.Multi.Generic ) - warning
10:25:56.0437 4144 CryptSvc - detected UnsignedFile.Multi.Generic (1)
10:25:56.0718 4144 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
10:25:56.0812 4144 dac2w2k ( UnsignedFile.Multi.Generic ) - warning
10:25:56.0812 4144 dac2w2k - detected UnsignedFile.Multi.Generic (1)
10:25:56.0859 4144 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
10:25:56.0968 4144 dac960nt ( UnsignedFile.Multi.Generic ) - warning
10:25:56.0968 4144 dac960nt - detected UnsignedFile.Multi.Generic (1)
10:25:57.0046 4144 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
10:25:57.0125 4144 DcomLaunch ( UnsignedFile.Multi.Generic ) - warning
10:25:57.0125 4144 DcomLaunch - detected UnsignedFile.Multi.Generic (1)
10:25:57.0187 4144 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
10:25:57.0218 4144 Dhcp ( UnsignedFile.Multi.Generic ) - warning
10:25:57.0218 4144 Dhcp - detected UnsignedFile.Multi.Generic (1)
10:25:57.0234 4144 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:25:57.0265 4144 Disk ( UnsignedFile.Multi.Generic ) - warning
10:25:57.0265 4144 Disk - detected UnsignedFile.Multi.Generic (1)
10:25:57.0265 4144 dmadmin - ok
10:25:57.0343 4144 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:25:57.0453 4144 dmboot ( UnsignedFile.Multi.Generic ) - warning
10:25:57.0453 4144 dmboot - detected UnsignedFile.Multi.Generic (1)
10:25:57.0484 4144 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:25:57.0515 4144 dmio ( UnsignedFile.Multi.Generic ) - warning
10:25:57.0515 4144 dmio - detected UnsignedFile.Multi.Generic (1)
10:25:57.0546 4144 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:25:57.0578 4144 dmload ( UnsignedFile.Multi.Generic ) - warning
10:25:57.0578 4144 dmload - detected UnsignedFile.Multi.Generic (1)
10:25:57.0625 4144 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
10:25:57.0656 4144 dmserver ( UnsignedFile.Multi.Generic ) - warning
10:25:57.0656 4144 dmserver - detected UnsignedFile.Multi.Generic (1)
10:25:57.0671 4144 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:25:57.0703 4144 DMusic ( UnsignedFile.Multi.Generic ) - warning
10:25:57.0703 4144 DMusic - detected UnsignedFile.Multi.Generic (1)
10:25:57.0750 4144 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
10:25:57.0781 4144 Dnscache ( UnsignedFile.Multi.Generic ) - warning
10:25:57.0781 4144 Dnscache - detected UnsignedFile.Multi.Generic (1)
10:25:57.0828 4144 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
10:25:57.0875 4144 Dot3svc ( UnsignedFile.Multi.Generic ) - warning
10:25:57.0875 4144 Dot3svc - detected UnsignedFile.Multi.Generic (1)
10:25:57.0906 4144 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
10:25:57.0937 4144 dpti2o ( UnsignedFile.Multi.Generic ) - warning
10:25:57.0937 4144 dpti2o - detected UnsignedFile.Multi.Generic (1)
10:25:57.0968 4144 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:25:58.0000 4144 drmkaud ( UnsignedFile.Multi.Generic ) - warning
10:25:58.0000 4144 drmkaud - detected UnsignedFile.Multi.Generic (1)
10:25:58.0031 4144 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
10:25:58.0062 4144 EapHost ( UnsignedFile.Multi.Generic ) - warning
10:25:58.0062 4144 EapHost - detected UnsignedFile.Multi.Generic (1)
10:25:58.0125 4144 ehRecvr (63f371f0248e3732a4821f86e6d0e370) C:\WINDOWS\eHome\ehRecvr.exe
10:25:58.0171 4144 ehRecvr ( UnsignedFile.Multi.Generic ) - warning
10:25:58.0171 4144 ehRecvr - detected UnsignedFile.Multi.Generic (1)
10:25:58.0187 4144 ehSched (16910f8b482919bb6035ed053b691692) C:\WINDOWS\eHome\ehSched.exe
10:25:58.0218 4144 ehSched ( UnsignedFile.Multi.Generic ) - warning
10:25:58.0218 4144 ehSched - detected UnsignedFile.Multi.Generic (1)
10:25:58.0250 4144 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
10:25:58.0281 4144 ERSvc ( UnsignedFile.Multi.Generic ) - warning
10:25:58.0281 4144 ERSvc - detected UnsignedFile.Multi.Generic (1)
10:25:58.0312 4144 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
10:25:58.0359 4144 Eventlog ( UnsignedFile.Multi.Generic ) - warning
10:25:58.0359 4144 Eventlog - detected UnsignedFile.Multi.Generic (1)
10:25:58.0390 4144 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
10:25:58.0437 4144 EventSystem ( UnsignedFile.Multi.Generic ) - warning
10:25:58.0437 4144 EventSystem - detected UnsignedFile.Multi.Generic (1)
10:25:58.0468 4144 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:25:58.0500 4144 Fastfat ( UnsignedFile.Multi.Generic ) - warning
10:25:58.0500 4144 Fastfat - detected UnsignedFile.Multi.Generic (1)
10:25:58.0546 4144 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:25:58.0593 4144 FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - warning
10:25:58.0593 4144 FastUserSwitchingCompatibility - detected UnsignedFile.Multi.Generic (1)
10:25:58.0640 4144 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
10:25:58.0687 4144 Fdc ( UnsignedFile.Multi.Generic ) - warning
10:25:58.0687 4144 Fdc - detected UnsignedFile.Multi.Generic (1)
10:25:58.0703 4144 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:25:58.0734 4144 Fips ( UnsignedFile.Multi.Generic ) - warning
10:25:58.0734 4144 Fips - detected UnsignedFile.Multi.Generic (1)
10:25:58.0750 4144 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
10:25:58.0796 4144 Flpydisk ( UnsignedFile.Multi.Generic ) - warning
10:25:58.0796 4144 Flpydisk - detected UnsignedFile.Multi.Generic (1)
10:25:58.0828 4144 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:25:58.0875 4144 FltMgr ( UnsignedFile.Multi.Generic ) - warning
10:25:58.0875 4144 FltMgr - detected UnsignedFile.Multi.Generic (1)
10:25:58.0968 4144 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:25:59.0000 4144 FontCache3.0.0.0 - ok
10:25:59.0031 4144 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:25:59.0046 4144 Fs_Rec ( UnsignedFile.Multi.Generic ) - warning
10:25:59.0046 4144 Fs_Rec - detected UnsignedFile.Multi.Generic (1)
10:25:59.0093 4144 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:25:59.0125 4144 Ftdisk ( UnsignedFile.Multi.Generic ) - warning
10:25:59.0125 4144 Ftdisk - detected UnsignedFile.Multi.Generic (1)
10:25:59.0187 4144 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:25:59.0203 4144 GEARAspiWDM - ok
10:25:59.0234 4144 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:25:59.0250 4144 Gpc ( UnsignedFile.Multi.Generic ) - warning
10:25:59.0250 4144 Gpc - detected UnsignedFile.Multi.Generic (1)
10:25:59.0328 4144 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:25:59.0359 4144 helpsvc ( UnsignedFile.Multi.Generic ) - warning
10:25:59.0359 4144 helpsvc - detected UnsignedFile.Multi.Generic (1)
10:25:59.0375 4144 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
10:25:59.0390 4144 HidServ ( UnsignedFile.Multi.Generic ) - warning
10:25:59.0390 4144 HidServ - detected UnsignedFile.Multi.Generic (1)
10:25:59.0406 4144 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:25:59.0437 4144 HidUsb ( UnsignedFile.Multi.Generic ) - warning
10:25:59.0437 4144 HidUsb - detected UnsignedFile.Multi.Generic (1)
10:25:59.0484 4144 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
10:25:59.0546 4144 hkmsvc ( UnsignedFile.Multi.Generic ) - warning
10:25:59.0546 4144 hkmsvc - detected UnsignedFile.Multi.Generic (1)
10:25:59.0578 4144 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
10:25:59.0609 4144 hpn ( UnsignedFile.Multi.Generic ) - warning
10:25:59.0609 4144 hpn - detected UnsignedFile.Multi.Generic (1)
10:25:59.0671 4144 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:25:59.0734 4144 HTTP ( UnsignedFile.Multi.Generic ) - warning
10:25:59.0734 4144 HTTP - detected UnsignedFile.Multi.Generic (1)
10:25:59.0750 4144 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
10:25:59.0781 4144 HTTPFilter ( UnsignedFile.Multi.Generic ) - warning
10:25:59.0781 4144 HTTPFilter - detected UnsignedFile.Multi.Generic (1)
10:25:59.0812 4144 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
10:25:59.0843 4144 i2omgmt ( UnsignedFile.Multi.Generic ) - warning
10:25:59.0843 4144 i2omgmt - detected UnsignedFile.Multi.Generic (1)
10:25:59.0859 4144 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
10:25:59.0890 4144 i2omp ( UnsignedFile.Multi.Generic ) - warning
10:25:59.0890 4144 i2omp - detected UnsignedFile.Multi.Generic (1)
10:25:59.0906 4144 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:25:59.0937 4144 i8042prt ( UnsignedFile.Multi.Generic ) - warning
10:25:59.0937 4144 i8042prt - detected UnsignedFile.Multi.Generic (1)
10:26:00.0046 4144 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:26:00.0187 4144 idsvc - ok
10:26:00.0234 4144 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:26:00.0281 4144 Imapi ( UnsignedFile.Multi.Generic ) - warning
10:26:00.0281 4144 Imapi - detected UnsignedFile.Multi.Generic (1)
10:26:00.0312 4144 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
10:26:00.0359 4144 ImapiService ( UnsignedFile.Multi.Generic ) - warning
10:26:00.0359 4144 ImapiService - detected UnsignedFile.Multi.Generic (1)
10:26:00.0390 4144 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
10:26:00.0421 4144 ini910u ( UnsignedFile.Multi.Generic ) - warning
10:26:00.0421 4144 ini910u - detected UnsignedFile.Multi.Generic (1)
10:26:00.0453 4144 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
10:26:00.0484 4144 IntelIde ( UnsignedFile.Multi.Generic ) - warning
10:26:00.0484 4144 IntelIde - detected UnsignedFile.Multi.Generic (1)
10:26:00.0500 4144 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:26:00.0531 4144 intelppm ( UnsignedFile.Multi.Generic ) - warning
10:26:00.0531 4144 intelppm - detected UnsignedFile.Multi.Generic (1)
10:26:00.0546 4144 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:26:00.0593 4144 Ip6Fw ( UnsignedFile.Multi.Generic ) - warning
10:26:00.0593 4144 Ip6Fw - detected UnsignedFile.Multi.Generic (1)
10:26:00.0625 4144 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:26:00.0656 4144 IpFilterDriver ( UnsignedFile.Multi.Generic ) - warning
10:26:00.0656 4144 IpFilterDriver - detected UnsignedFile.Multi.Generic (1)
10:26:00.0687 4144 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:26:00.0718 4144 IpInIp ( UnsignedFile.Multi.Generic ) - warning
10:26:00.0718 4144 IpInIp - detected UnsignedFile.Multi.Generic (1)
10:26:00.0750 4144 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:26:00.0796 4144 IpNat ( UnsignedFile.Multi.Generic ) - warning
10:26:00.0796 4144 IpNat - detected UnsignedFile.Multi.Generic (1)
10:26:00.0906 4144 iPod Service (6e27978a4755f4789f912f5f49392f7c) C:\Program Files\iPod\bin\iPodService.exe
10:26:01.0015 4144 iPod Service - ok
10:26:01.0062 4144 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:26:01.0093 4144 IPSec ( UnsignedFile.Multi.Generic ) - warning
10:26:01.0093 4144 IPSec - detected UnsignedFile.Multi.Generic (1)
10:26:01.0140 4144 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:26:01.0171 4144 IRENUM ( UnsignedFile.Multi.Generic ) - warning
10:26:01.0171 4144 IRENUM - detected UnsignedFile.Multi.Generic (1)
10:26:01.0203 4144 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:26:01.0218 4144 isapnp ( UnsignedFile.Multi.Generic ) - warning
10:26:01.0218 4144 isapnp - detected UnsignedFile.Multi.Generic (1)
10:26:01.0281 4144 ISWKL (eb8594268cf50baaecbe82d70c833533) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
10:26:01.0312 4144 ISWKL - ok
10:26:01.0375 4144 IswSvc (2202ba7450e6be65d92a40377206c626) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
10:26:01.0406 4144 IswSvc - ok
10:26:01.0500 4144 iWinTrusted (0e99e8a722fd6c5552fb60eea0008565) C:\Program Files\iWin Games\iWinTrusted.exe
10:26:01.0531 4144 iWinTrusted - ok
10:26:01.0656 4144 JavaQuickStarterService (c2c1660ddcc9bd67eb98d6d5f91c107f) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
10:26:01.0703 4144 JavaQuickStarterService - ok
10:26:01.0718 4144 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:26:01.0765 4144 Kbdclass ( UnsignedFile.Multi.Generic ) - warning
10:26:01.0765 4144 Kbdclass - detected UnsignedFile.Multi.Generic (1)
10:26:01.0781 4144 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:26:01.0812 4144 kbdhid ( UnsignedFile.Multi.Generic ) - warning
10:26:01.0812 4144 kbdhid - detected UnsignedFile.Multi.Generic (1)
10:26:01.0828 4144 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:26:01.0875 4144 kmixer ( UnsignedFile.Multi.Generic ) - warning
10:26:01.0875 4144 kmixer - detected UnsignedFile.Multi.Generic (1)
10:26:01.0937 4144 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:26:01.0984 4144 KSecDD ( UnsignedFile.Multi.Generic ) - warning
10:26:01.0984 4144 KSecDD - detected UnsignedFile.Multi.Generic (1)
10:26:02.0031 4144 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
10:26:02.0062 4144 lanmanserver ( UnsignedFile.Multi.Generic ) - warning
10:26:02.0062 4144 lanmanserver - detected UnsignedFile.Multi.Generic (1)
10:26:02.0093 4144 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
10:26:02.0140 4144 lanmanworkstation ( UnsignedFile.Multi.Generic ) - warning
10:26:02.0140 4144 lanmanworkstation - detected UnsignedFile.Multi.Generic (1)
10:26:02.0156 4144 lbrtfdc - ok
10:26:02.0203 4144 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
10:26:02.0250 4144 LmHosts ( UnsignedFile.Multi.Generic ) - warning
10:26:02.0250 4144 LmHosts - detected UnsignedFile.Multi.Generic (1)
10:26:02.0328 4144 MDM (0efee4f2d23ba2d8b27fba942106e0e1) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
10:26:02.0390 4144 MDM ( UnsignedFile.Multi.Generic ) - warning
10:26:02.0390 4144 MDM - detected UnsignedFile.Multi.Generic (1)
10:26:02.0437 4144 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
10:26:02.0468 4144 Messenger ( UnsignedFile.Multi.Generic ) - warning
10:26:02.0468 4144 Messenger - detected UnsignedFile.Multi.Generic (1)
10:26:02.0500 4144 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
10:26:02.0531 4144 MHN ( UnsignedFile.Multi.Generic ) - warning
10:26:02.0531 4144 MHN - detected UnsignedFile.Multi.Generic (1)
10:26:02.0546 4144 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
10:26:02.0578 4144 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
10:26:02.0578 4144 MHNDRV - detected UnsignedFile.Multi.Generic (1)
10:26:02.0609 4144 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:26:02.0640 4144 mnmdd ( UnsignedFile.Multi.Generic ) - warning
10:26:02.0640 4144 mnmdd - detected UnsignedFile.Multi.Generic (1)
10:26:02.0703 4144 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
10:26:02.0718 4144 mnmsrvc ( UnsignedFile.Multi.Generic ) - warning
10:26:02.0718 4144 mnmsrvc - detected UnsignedFile.Multi.Generic (1)
10:26:02.0765 4144 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:26:02.0796 4144 Modem ( UnsignedFile.Multi.Generic ) - warning
10:26:02.0796 4144 Modem - detected UnsignedFile.Multi.Generic (1)
10:26:02.0812 4144 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:26:02.0843 4144 Mouclass ( UnsignedFile.Multi.Generic ) - warning
10:26:02.0843 4144 Mouclass - detected UnsignedFile.Multi.Generic (1)
10:26:02.0859 4144 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:26:02.0906 4144 mouhid ( UnsignedFile.Multi.Generic ) - warning
10:26:02.0906 4144 mouhid - detected UnsignedFile.Multi.Generic (1)
10:26:02.0921 4144 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:26:02.0953 4144 MountMgr ( UnsignedFile.Multi.Generic ) - warning
10:26:02.0953 4144 MountMgr - detected UnsignedFile.Multi.Generic (1)
10:26:03.0031 4144 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:26:03.0078 4144 MozillaMaintenance - ok
10:26:03.0093 4144 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
10:26:03.0125 4144 mraid35x ( UnsignedFile.Multi.Generic ) - warning
10:26:03.0125 4144 mraid35x - detected UnsignedFile.Multi.Generic (1)
10:26:03.0140 4144 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:26:03.0171 4144 MRxDAV ( UnsignedFile.Multi.Generic ) - warning
10:26:03.0187 4144 MRxDAV - detected UnsignedFile.Multi.Generic (1)
10:26:03.0234 4144 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:26:03.0312 4144 MRxSmb ( UnsignedFile.Multi.Generic ) - warning
10:26:03.0312 4144 MRxSmb - detected UnsignedFile.Multi.Generic (1)
10:26:03.0406 4144 MSCSPTISRV (7419d631c390c558a5a87484567babd5) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
10:26:03.0453 4144 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning
10:26:03.0453 4144 MSCSPTISRV - detected UnsignedFile.Multi.Generic (1)
10:26:03.0500 4144 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
10:26:03.0531 4144 MSDTC ( UnsignedFile.Multi.Generic ) - warning
10:26:03.0531 4144 MSDTC - detected UnsignedFile.Multi.Generic (1)
10:26:03.0578 4144 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:26:03.0593 4144 Msfs ( UnsignedFile.Multi.Generic ) - warning
10:26:03.0593 4144 Msfs - detected UnsignedFile.Multi.Generic (1)
10:26:03.0609 4144 MSIServer - ok
10:26:03.0625 4144 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:26:03.0671 4144 MSKSSRV ( UnsignedFile.Multi.Generic ) - warning
10:26:03.0671 4144 MSKSSRV - detected UnsignedFile.Multi.Generic (1)
10:26:03.0703 4144 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:26:03.0734 4144 MSPCLOCK ( UnsignedFile.Multi.Generic ) - warning
10:26:03.0734 4144 MSPCLOCK - detected UnsignedFile.Multi.Generic (1)
10:26:03.0750 4144 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:26:03.0781 4144 MSPQM ( UnsignedFile.Multi.Generic ) - warning
10:26:03.0781 4144 MSPQM - detected UnsignedFile.Multi.Generic (1)
10:26:03.0812 4144 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:26:03.0828 4144 mssmbios ( UnsignedFile.Multi.Generic ) - warning
10:26:03.0828 4144 mssmbios - detected UnsignedFile.Multi.Generic (1)
10:26:03.0859 4144 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
10:26:03.0906 4144 Mup ( UnsignedFile.Multi.Generic ) - warning
10:26:03.0906 4144 Mup - detected UnsignedFile.Multi.Generic (1)
10:26:03.0968 4144 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
10:26:04.0015 4144 napagent ( UnsignedFile.Multi.Generic ) - warning
10:26:04.0015 4144 napagent - detected UnsignedFile.Multi.Generic (1)
10:26:04.0062 4144 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:26:04.0093 4144 NDIS ( UnsignedFile.Multi.Generic ) - warning
10:26:04.0093 4144 NDIS - detected UnsignedFile.Multi.Generic (1)
10:26:04.0125 4144 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:26:04.0156 4144 NdisTapi ( UnsignedFile.Multi.Generic ) - warning
10:26:04.0156 4144 NdisTapi - detected UnsignedFile.Multi.Generic (1)
10:26:04.0187 4144 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:26:04.0218 4144 Ndisuio ( UnsignedFile.Multi.Generic ) - warning
10:26:04.0218 4144 Ndisuio - detected UnsignedFile.Multi.Generic (1)
10:26:04.0234 4144 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:26:04.0265 4144 NdisWan ( UnsignedFile.Multi.Generic ) - warning
10:26:04.0265 4144 NdisWan - detected UnsignedFile.Multi.Generic (1)
10:26:04.0296 4144 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:26:04.0328 4144 NDProxy ( UnsignedFile.Multi.Generic ) - warning
10:26:04.0328 4144 NDProxy - detected UnsignedFile.Multi.Generic (1)
10:26:04.0375 4144 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:26:04.0406 4144 NetBIOS ( UnsignedFile.Multi.Generic ) - warning
10:26:04.0406 4144 NetBIOS - detected UnsignedFile.Multi.Generic (1)
10:26:04.0421 4144 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:26:04.0500 4144 NetBT ( UnsignedFile.Multi.Generic ) - warning
10:26:04.0500 4144 NetBT - detected UnsignedFile.Multi.Generic (1)
10:26:04.0546 4144 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:26:04.0625 4144 NetDDE ( UnsignedFile.Multi.Generic ) - warning
10:26:04.0625 4144 NetDDE - detected UnsignedFile.Multi.Generic (1)
10:26:04.0625 4144 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:26:04.0703 4144 NetDDEdsdm ( UnsignedFile.Multi.Generic ) - warning
10:26:04.0703 4144 NetDDEdsdm - detected UnsignedFile.Multi.Generic (1)
10:26:04.0750 4144 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:26:04.0796 4144 Netlogon ( UnsignedFile.Multi.Generic ) - warning
10:26:04.0796 4144 Netlogon - detected UnsignedFile.Multi.Generic (1)
10:26:04.0843 4144 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
10:26:04.0906 4144 Netman ( UnsignedFile.Multi.Generic ) - warning
10:26:04.0906 4144 Netman - detected UnsignedFile.Multi.Generic (1)
10:26:05.0031 4144 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:26:05.0062 4144 NetTcpPortSharing - ok
10:26:05.0140 4144 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
10:26:05.0187 4144 Nla ( UnsignedFile.Multi.Generic ) - warning
10:26:05.0187 4144 Nla - detected UnsignedFile.Multi.Generic (1)
10:26:05.0218 4144 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:26:05.0250 4144 Npfs ( UnsignedFile.Multi.Generic ) - warning
10:26:05.0250 4144 Npfs - detected UnsignedFile.Multi.Generic (1)
10:26:05.0265 4144 npggsvc - ok
10:26:05.0343 4144 npkcmsvc (b28873f1a04dffd29d03d6eb201f9e49) C:\Program Files\Mabinogi\npkcmsvc.exe
10:26:05.0359 4144 npkcmsvc - ok
10:26:05.0375 4144 npkcrypt - ok
10:26:05.0437 4144 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:26:05.0515 4144 Ntfs ( UnsignedFile.Multi.Generic ) - warning
10:26:05.0515 4144 Ntfs - detected UnsignedFile.Multi.Generic (1)
10:26:05.0546 4144 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:26:05.0578 4144 NtLmSsp ( UnsignedFile.Multi.Generic ) - warning
10:26:05.0578 4144 NtLmSsp - detected UnsignedFile.Multi.Generic (1)
10:26:05.0625 4144 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
10:26:05.0703 4144 NtmsSvc ( UnsignedFile.Multi.Generic ) - warning
10:26:05.0703 4144 NtmsSvc - detected UnsignedFile.Multi.Generic (1)
10:26:05.0734 4144 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:26:05.0765 4144 Null ( UnsignedFile.Multi.Generic ) - warning
10:26:05.0765 4144 Null - detected UnsignedFile.Multi.Generic (1)
10:26:05.0781 4144 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:26:05.0812 4144 NwlnkFlt ( UnsignedFile.Multi.Generic ) - warning
10:26:05.0812 4144 NwlnkFlt - detected UnsignedFile.Multi.Generic (1)
10:26:05.0828 4144 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:26:05.0859 4144 NwlnkFwd ( UnsignedFile.Multi.Generic ) - warning
10:26:05.0859 4144 NwlnkFwd - detected UnsignedFile.Multi.Generic (1)
10:26:05.0937 4144 PACSPTISVR (778c309121067d83b8a48cdb658b4c17) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
10:26:05.0984 4144 PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning
10:26:05.0984 4144 PACSPTISVR - detected UnsignedFile.Multi.Generic (1)
10:26:06.0031 4144 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
10:26:06.0062 4144 Parport ( UnsignedFile.Multi.Generic ) - warning
10:26:06.0062 4144 Parport - detected UnsignedFile.Multi.Generic (1)
10:26:06.0093 4144 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:26:06.0125 4144 PartMgr ( UnsignedFile.Multi.Generic ) - warning
10:26:06.0125 4144 PartMgr - detected UnsignedFile.Multi.Generic (1)
10:26:06.0156 4144 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:26:06.0171 4144 ParVdm ( UnsignedFile.Multi.Generic ) - warning
10:26:06.0171 4144 ParVdm - detected UnsignedFile.Multi.Generic (1)
10:26:06.0187 4144 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:26:06.0218 4144 PCI ( UnsignedFile.Multi.Generic ) - warning
10:26:06.0218 4144 PCI - detected UnsignedFile.Multi.Generic (1)
10:26:06.0234 4144 PCIDump - ok
10:26:06.0234 4144 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:26:06.0265 4144 PCIIde ( UnsignedFile.Multi.Generic ) - warning
10:26:06.0265 4144 PCIIde - detected UnsignedFile.Multi.Generic (1)
10:26:06.0296 4144 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:26:06.0343 4144 Pcmcia ( UnsignedFile.Multi.Generic ) - warning
10:26:06.0343 4144 Pcmcia - detected UnsignedFile.Multi.Generic (1)
10:26:06.0343 4144 PDCOMP - ok
10:26:06.0359 4144 PDFRAME - ok
10:26:06.0359 4144 PDRELI - ok
10:26:06.0375 4144 PDRFRAME - ok
10:26:06.0406 4144 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
10:26:06.0437 4144 perc2 ( UnsignedFile.Multi.Generic ) - warning
10:26:06.0437 4144 perc2 - detected UnsignedFile.Multi.Generic (1)
10:26:06.0453 4144 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
10:26:06.0484 4144 perc2hib ( UnsignedFile.Multi.Generic ) - warning
10:26:06.0484 4144 perc2hib - detected UnsignedFile.Multi.Generic (1)
10:26:06.0531 4144 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
10:26:06.0578 4144 PlugPlay ( UnsignedFile.Multi.Generic ) - warning
10:26:06.0578 4144 PlugPlay - detected UnsignedFile.Multi.Generic (1)
10:26:06.0578 4144 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:26:06.0609 4144 PolicyAgent ( UnsignedFile.Multi.Generic ) - warning
10:26:06.0609 4144 PolicyAgent - detected UnsignedFile.Multi.Generic (1)
10:26:06.0640 4144 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:26:06.0687 4144 PptpMiniport ( UnsignedFile.Multi.Generic ) - warning
10:26:06.0687 4144 PptpMiniport - detected UnsignedFile.Multi.Generic (1)
10:26:06.0703 4144 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
10:26:06.0734 4144 Processor ( UnsignedFile.Multi.Generic ) - warning
10:26:06.0734 4144 Processor - detected UnsignedFile.Multi.Generic (1)
10:26:06.0750 4144 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:26:06.0781 4144 ProtectedStorage ( UnsignedFile.Multi.Generic ) - warning
10:26:06.0781 4144 ProtectedStorage - detected UnsignedFile.Multi.Generic (1)
10:26:06.0796 4144 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:26:06.0828 4144 PSched ( UnsignedFile.Multi.Generic ) - warning
10:26:06.0828 4144 PSched - detected UnsignedFile.Multi.Generic (1)
10:26:06.0843 4144 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:26:06.0875 4144 Ptilink ( UnsignedFile.Multi.Generic ) - warning
10:26:06.0875 4144 Ptilink - detected UnsignedFile.Multi.Generic (1)
10:26:06.0906 4144 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:26:06.0968 4144 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
10:26:06.0968 4144 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
10:26:06.0984 4144 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
10:26:07.0046 4144 ql1080 ( UnsignedFile.Multi.Generic ) - warning
10:26:07.0046 4144 ql1080 - detected UnsignedFile.Multi.Generic (1)
10:26:07.0062 4144 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
10:26:07.0140 4144 Ql10wnt ( UnsignedFile.Multi.Generic ) - warning
10:26:07.0140 4144 Ql10wnt - detected UnsignedFile.Multi.Generic (1)
10:26:07.0171 4144 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
10:26:07.0234 4144 ql12160 ( UnsignedFile.Multi.Generic ) - warning
10:26:07.0234 4144 ql12160 - detected UnsignedFile.Multi.Generic (1)
10:26:07.0250 4144 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
10:26:07.0281 4144 ql1240 ( UnsignedFile.Multi.Generic ) - warning
10:26:07.0281 4144 ql1240 - detected UnsignedFile.Multi.Generic (1)
10:26:07.0296 4144 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
10:26:07.0343 4144 ql1280 ( UnsignedFile.Multi.Generic ) - warning
10:26:07.0343 4144 ql1280 - detected UnsignedFile.Multi.Generic (1)
10:26:07.0359 4144 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:26:07.0390 4144 RasAcd ( UnsignedFile.Multi.Generic ) - warning
10:26:07.0390 4144 RasAcd - detected UnsignedFile.Multi.Generic (1)
10:26:07.0437 4144 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
10:26:07.0468 4144 RasAuto ( UnsignedFile.Multi.Generic ) - warning
10:26:07.0468 4144 RasAuto - detected UnsignedFile.Multi.Generic (1)
10:26:07.0515 4144 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:26:07.0546 4144 Rasl2tp ( UnsignedFile.Multi.Generic ) - warning
10:26:07.0546 4144 Rasl2tp - detected UnsignedFile.Multi.Generic (1)
10:26:07.0593 4144 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
10:26:07.0625 4144 RasMan ( UnsignedFile.Multi.Generic ) - warning
10:26:07.0625 4144 RasMan - detected UnsignedFile.Multi.Generic (1)
10:26:07.0640 4144 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:26:07.0687 4144 RasPppoe ( UnsignedFile.Multi.Generic ) - warning
10:26:07.0687 4144 RasPppoe - detected UnsignedFile.Multi.Generic (1)
10:26:07.0687 4144 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:26:07.0734 4144 Raspti ( UnsignedFile.Multi.Generic ) - warning
10:26:07.0734 4144 Raspti - detected UnsignedFile.Multi.Generic (1)
10:26:07.0781 4144 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:26:07.0875 4144 Rdbss ( UnsignedFile.Multi.Generic ) - warning
10:26:07.0875 4144 Rdbss - detected UnsignedFile.Multi.Generic (1)
10:26:07.0906 4144 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:26:07.0953 4144 RDPCDD ( UnsignedFile.Multi.Generic ) - warning
10:26:07.0953 4144 RDPCDD - detected UnsignedFile.Multi.Generic (1)
10:26:07.0984 4144 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:26:08.0031 4144 rdpdr ( UnsignedFile.Multi.Generic ) - warning
10:26:08.0031 4144 rdpdr - detected UnsignedFile.Multi.Generic (1)
10:26:08.0062 4144 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
10:26:08.0093 4144 RDPWD ( UnsignedFile.Multi.Generic ) - warning
10:26:08.0093 4144 RDPWD - detected UnsignedFile.Multi.Generic (1)
10:26:08.0140 4144 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
10:26:08.0187 4144 RDSessMgr ( UnsignedFile.Multi.Generic ) - warning
10:26:08.0187 4144 RDSessMgr - detected UnsignedFile.Multi.Generic (1)
10:26:08.0218 4144 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:26:08.0265 4144 redbook ( UnsignedFile.Multi.Generic ) - warning
10:26:08.0265 4144 redbook - detected UnsignedFile.Multi.Generic (1)
10:26:08.0296 4144 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
10:26:08.0328 4144 RemoteAccess ( UnsignedFile.Multi.Generic ) - warning
10:26:08.0328 4144 RemoteAccess - detected UnsignedFile.Multi.Generic (1)
10:26:08.0375 4144 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
10:26:08.0406 4144 RemoteRegistry ( UnsignedFile.Multi.Generic ) - warning
10:26:08.0406 4144 RemoteRegistry - detected UnsignedFile.Multi.Generic (1)
10:26:08.0437 4144 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
10:26:08.0484 4144 RpcLocator ( UnsignedFile.Multi.Generic ) - warning
10:26:08.0484 4144 RpcLocator - detected UnsignedFile.Multi.Generic (1)
10:26:08.0546 4144 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
10:26:08.0593 4144 RpcSs ( UnsignedFile.Multi.Generic ) - warning
10:26:08.0593 4144 RpcSs - detected UnsignedFile.Multi.Generic (1)
10:26:08.0656 4144 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
10:26:08.0718 4144 RSVP ( UnsignedFile.Multi.Generic ) - warning
10:26:08.0718 4144 RSVP - detected UnsignedFile.Multi.Generic (1)
10:26:08.0750 4144 RTL8023 (31c3ebb3a71fe56b8109bfb4ed20ae69) C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys
10:26:08.0781 4144 RTL8023 ( UnsignedFile.Multi.Generic ) - warning
10:26:08.0781 4144 RTL8023 - detected UnsignedFile.Multi.Generic (1)
10:26:08.0812 4144 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:26:08.0843 4144 SamSs ( UnsignedFile.Multi.Generic ) - warning
10:26:08.0843 4144 SamSs - detected UnsignedFile.Multi.Generic (1)
10:26:08.0890 4144 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
10:26:08.0953 4144 SCardSvr ( UnsignedFile.Multi.Generic ) - warning
10:26:08.0953 4144 SCardSvr - detected UnsignedFile.Multi.Generic (1)
10:26:09.0000 4144 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
10:26:09.0046 4144 Schedule ( UnsignedFile.Multi.Generic ) - warning
10:26:09.0046 4144 Schedule - detected UnsignedFile.Multi.Generic (1)
10:26:09.0093 4144 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:26:09.0109 4144 Secdrv ( UnsignedFile.Multi.Generic ) - warning
10:26:09.0109 4144 Secdrv - detected UnsignedFile.Multi.Generic (1)
10:26:09.0156 4144 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
10:26:09.0187 4144 seclogon ( UnsignedFile.Multi.Generic ) - warning
10:26:09.0187 4144 seclogon - detected UnsignedFile.Multi.Generic (1)
10:26:09.0203 4144 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
10:26:09.0234 4144 SENS ( UnsignedFile.Multi.Generic ) - warning
10:26:09.0234 4144 SENS - detected UnsignedFile.Multi.Generic (1)
10:26:09.0250 4144 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
10:26:09.0296 4144 Serial ( UnsignedFile.Multi.Generic ) - warning
10:26:09.0296 4144 Serial - detected UnsignedFile.Multi.Generic (1)
10:26:09.0343 4144 sfdrv01 (56250672235bbe54ba8a4963b1ac997c) C:\WINDOWS\system32\drivers\sfdrv01.sys
10:26:09.0375 4144 sfdrv01 ( UnsignedFile.Multi.Generic ) - warning
10:26:09.0375 4144 sfdrv01 - detected UnsignedFile.Multi.Generic (1)
10:26:09.0390 4144 sfhlp02 (3ad2b15ccc03febfbaf5ff057822aa75) C:\WINDOWS\system32\drivers\sfhlp02.sys
10:26:09.0421 4144 sfhlp02 ( UnsignedFile.Multi.Generic ) - warning
10:26:09.0421 4144 sfhlp02 - detected UnsignedFile.Multi.Generic (1)
10:26:09.0453 4144 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:26:09.0484 4144 Sfloppy ( UnsignedFile.Multi.Generic ) - warning
10:26:09.0484 4144 Sfloppy - detected UnsignedFile.Multi.Generic (1)
10:26:09.0640 4144 sfsync02 (798d918d8f20380008277ce3ce5319d1) C:\WINDOWS\system32\drivers\sfsync02.sys
10:26:09.0765 4144 sfsync02 ( UnsignedFile.Multi.Generic ) - warning
10:26:09.0765 4144 sfsync02 - detected UnsignedFile.Multi.Generic (1)
10:26:09.0843 4144 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
10:26:09.0890 4144 SharedAccess ( UnsignedFile.Multi.Generic ) - warning
10:26:09.0890 4144 SharedAccess - detected UnsignedFile.Multi.Generic (1)
10:26:09.0937 4144 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:26:09.0968 4144 ShellHWDetection ( UnsignedFile.Multi.Generic ) - warning
10:26:09.0968 4144 ShellHWDetection - detected UnsignedFile.Multi.Generic (1)
10:26:09.0984 4144 Simbad - ok
10:26:10.0031 4144 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
10:26:10.0046 4144 sisagp ( UnsignedFile.Multi.Generic ) - warning
10:26:10.0046 4144 sisagp - detected UnsignedFile.Multi.Generic (1)
10:26:10.0093 4144 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
10:26:10.0125 4144 Sparrow ( UnsignedFile.Multi.Generic ) - warning
10:26:10.0125 4144 Sparrow - detected UnsignedFile.Multi.Generic (1)
10:26:10.0156 4144 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:26:10.0187 4144 splitter ( UnsignedFile.Multi.Generic ) - warning
10:26:10.0187 4144 splitter - detected UnsignedFile.Multi.Generic (1)
10:26:10.0250 4144 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
10:26:10.0281 4144 Spooler ( UnsignedFile.Multi.Generic ) - warning
10:26:10.0281 4144 Spooler - detected UnsignedFile.Multi.Generic (1)
10:26:10.0390 4144 SPTISRV (9cab0a38deebd30f3c8fe9d9826f43b1) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
10:26:10.0406 4144 SPTISRV ( UnsignedFile.Multi.Generic ) - warning
10:26:10.0406 4144 SPTISRV - detected UnsignedFile.Multi.Generic (1)
10:26:10.0437 4144 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:26:10.0484 4144 sr ( UnsignedFile.Multi.Generic ) - warning
10:26:10.0484 4144 sr - detected UnsignedFile.Multi.Generic (1)
10:26:10.0531 4144 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
10:26:10.0578 4144 srservice ( UnsignedFile.Multi.Generic ) - warning
10:26:10.0578 4144 srservice - detected UnsignedFile.Multi.Generic (1)
10:26:10.0625 4144 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:26:10.0703 4144 Srv ( UnsignedFile.Multi.Generic ) - warning
10:26:10.0703 4144 Srv - detected UnsignedFile.Multi.Generic (1)
10:26:10.0734 4144 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
10:26:10.0781 4144 SSDPSRV ( UnsignedFile.Multi.Generic ) - warning
10:26:10.0781 4144 SSDPSRV - detected UnsignedFile.Multi.Generic (1)
10:26:10.0828 4144 SSScsiSV (45b83808bf5c9968c3259a48898c7dd5) C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
10:26:10.0890 4144 SSScsiSV ( UnsignedFile.Multi.Generic ) - warning
10:26:10.0890 4144 SSScsiSV - detected UnsignedFile.Multi.Generic (1)
10:26:10.0921 4144 Steam Client Service - ok
10:26:10.0984 4144 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
10:26:11.0046 4144 stisvc ( UnsignedFile.Multi.Generic ) - warning
10:26:11.0046 4144 stisvc - detected UnsignedFile.Multi.Generic (1)
10:26:11.0078 4144 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:26:11.0109 4144 swenum ( UnsignedFile.Multi.Generic ) - warning
10:26:11.0109 4144 swenum - detected UnsignedFile.Multi.Generic (1)
10:26:11.0156 4144 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:26:11.0187 4144 swmidi ( UnsignedFile.Multi.Generic ) - warning
10:26:11.0187 4144 swmidi - detected UnsignedFile.Multi.Generic (1)
10:26:11.0203 4144 SwPrv - ok
10:26:11.0234 4144 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
10:26:11.0265 4144 symc810 ( UnsignedFile.Multi.Generic ) - warning
10:26:11.0265 4144 symc810 - detected UnsignedFile.Multi.Generic (1)
10:26:11.0281 4144 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
10:26:11.0312 4144 symc8xx ( UnsignedFile.Multi.Generic ) - warning
10:26:11.0312 4144 symc8xx - detected UnsignedFile.Multi.Generic (1)
10:26:11.0312 4144 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
10:26:11.0359 4144 sym_hi ( UnsignedFile.Multi.Generic ) - warning
10:26:11.0359 4144 sym_hi - detected UnsignedFile.Multi.Generic (1)
10:26:11.0359 4144 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
10:26:11.0390 4144 sym_u3 ( UnsignedFile.Multi.Generic ) - warning
10:26:11.0390 4144 sym_u3 - detected UnsignedFile.Multi.Generic (1)
10:26:11.0421 4144 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:26:11.0437 4144 sysaudio ( UnsignedFile.Multi.Generic ) - warning
10:26:11.0437 4144 sysaudio - detected UnsignedFile.Multi.Generic (1)
10:26:11.0500 4144 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
10:26:11.0546 4144 SysmonLog ( UnsignedFile.Multi.Generic ) - warning
10:26:11.0546 4144 SysmonLog - detected UnsignedFile.Multi.Generic (1)
10:26:11.0578 4144 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
10:26:11.0609 4144 TapiSrv ( UnsignedFile.Multi.Generic ) - warning
10:26:11.0609 4144 TapiSrv - detected UnsignedFile.Multi.Generic (1)
10:26:11.0671 4144 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:26:11.0718 4144 Tcpip ( UnsignedFile.Multi.Generic ) - warning
10:26:11.0718 4144 Tcpip - detected UnsignedFile.Multi.Generic (1)
10:26:11.0765 4144 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:26:11.0796 4144 TDPIPE ( UnsignedFile.Multi.Generic ) - warning
10:26:11.0796 4144 TDPIPE - detected UnsignedFile.Multi.Generic (1)
10:26:11.0812 4144 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:26:11.0859 4144 TDTCP ( UnsignedFile.Multi.Generic ) - warning
10:26:11.0859 4144 TDTCP - detected UnsignedFile.Multi.Generic (1)
10:26:11.0875 4144 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:26:11.0906 4144 TermDD ( UnsignedFile.Multi.Generic ) - warning
10:26:11.0906 4144 TermDD - detected UnsignedFile.Multi.Generic (1)
10:26:11.0968 4144 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
10:26:12.0015 4144 TermService ( UnsignedFile.Multi.Generic ) - warning
10:26:12.0015 4144 TermService - detected UnsignedFile.Multi.Generic (1)
10:26:12.0062 4144 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:26:12.0078 4144 Themes ( UnsignedFile.Multi.Generic ) - warning
10:26:12.0078 4144 Themes - detected UnsignedFile.Multi.Generic (1)
10:26:12.0140 4144 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
10:26:12.0156 4144 TlntSvr ( UnsignedFile.Multi.Generic ) - warning
10:26:12.0156 4144 TlntSvr - detected UnsignedFile.Multi.Generic (1)
10:26:12.0203 4144 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
10:26:12.0234 4144 TosIde ( UnsignedFile.Multi.Generic ) - warning
10:26:12.0234 4144 TosIde - detected UnsignedFile.Multi.Generic (1)
10:26:12.0265 4144 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
10:26:12.0296 4144 TrkWks ( UnsignedFile.Multi.Generic ) - warning
10:26:12.0296 4144 TrkWks - detected UnsignedFile.Multi.Generic (1)
10:26:12.0343 4144 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:26:12.0375 4144 Udfs ( UnsignedFile.Multi.Generic ) - warning
10:26:12.0375 4144 Udfs - detected UnsignedFile.Multi.Generic (1)
10:26:12.0437 4144 UleadBurningHelper (ca90d2c55eb3bb90687677bea3db0b59) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
10:26:12.0484 4144 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
10:26:12.0484 4144 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
10:26:12.0515 4144 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
10:26:12.0546 4144 ultra ( UnsignedFile.Multi.Generic ) - warning
10:26:12.0546 4144 ultra - detected UnsignedFile.Multi.Generic (1)
10:26:12.0593 4144 UMWdf (1977313e362c8732c1af4d1bcb9c06b7) C:\WINDOWS\system32\wdfmgr.exe
10:26:12.0640 4144 UMWdf ( UnsignedFile.Multi.Generic ) - warning
10:26:12.0640 4144 UMWdf - detected UnsignedFile.Multi.Generic (1)
10:26:12.0703 4144 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:26:12.0750 4144 Update ( UnsignedFile.Multi.Generic ) - warning
10:26:12.0750 4144 Update - detected UnsignedFile.Multi.Generic (1)
10:26:12.0796 4144 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
10:26:12.0843 4144 upnphost ( UnsignedFile.Multi.Generic ) - warning
10:26:12.0843 4144 upnphost - detected UnsignedFile.Multi.Generic (1)
10:26:12.0875 4144 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
10:26:12.0921 4144 UPS ( UnsignedFile.Multi.Generic ) - warning
10:26:12.0921 4144 UPS - detected UnsignedFile.Multi.Generic (1)
10:26:12.0984 4144 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
10:26:13.0031 4144 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
10:26:13.0031 4144 USBAAPL - detected UnsignedFile.Multi.Generic (1)
10:26:13.0078 4144 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:26:13.0093 4144 usbccgp ( UnsignedFile.Multi.Generic ) - warning
10:26:13.0093 4144 usbccgp - detected UnsignedFile.Multi.Generic (1)
10:26:13.0171 4144 USBDeviceService (b9fe1f943508953c0683ab7f1602e643) C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
10:26:13.0203 4144 USBDeviceService ( UnsignedFile.Multi.Generic ) - warning
10:26:13.0203 4144 USBDeviceService - detected UnsignedFile.Multi.Generic (1)
10:26:13.0234 4144 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:26:13.0250 4144 usbehci ( UnsignedFile.Multi.Generic ) - warning
10:26:13.0250 4144 usbehci - detected UnsignedFile.Multi.Generic (1)
10:26:13.0281 4144 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:26:13.0312 4144 usbhub ( UnsignedFile.Multi.Generic ) - warning
10:26:13.0312 4144 usbhub - detected UnsignedFile.Multi.Generic (1)
10:26:13.0328 4144 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
10:26:13.0359 4144 usbohci ( UnsignedFile.Multi.Generic ) - warning
10:26:13.0359 4144 usbohci - detected UnsignedFile.Multi.Generic (1)
10:26:13.0390 4144 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:26:13.0421 4144 USBSTOR ( UnsignedFile.Multi.Generic ) - warning
10:26:13.0421 4144 USBSTOR - detected UnsignedFile.Multi.Generic (1)
10:26:13.0437 4144 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:26:13.0468 4144 VgaSave ( UnsignedFile.Multi.Generic ) - warning
10:26:13.0468 4144 VgaSave - detected UnsignedFile.Multi.Generic (1)
10:26:13.0515 4144 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
10:26:13.0531 4144 viaagp ( UnsignedFile.Multi.Generic ) - warning
10:26:13.0531 4144 viaagp - detected UnsignedFile.Multi.Generic (1)
10:26:13.0562 4144 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
10:26:13.0593 4144 ViaIde ( UnsignedFile.Multi.Generic ) - warning
10:26:13.0593 4144 ViaIde - detected UnsignedFile.Multi.Generic (1)
10:26:13.0609 4144 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:26:13.0640 4144 VolSnap ( UnsignedFile.Multi.Generic ) - warning
10:26:13.0640 4144 VolSnap - detected UnsignedFile.Multi.Generic (1)
10:26:13.0703 4144 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
10:26:13.0765 4144 vsdatant - ok
10:26:13.0781 4144 vsmon - ok
10:26:13.0843 4144 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
10:26:13.0906 4144 VSS ( UnsignedFile.Multi.Generic ) - warning
10:26:13.0906 4144 VSS - detected UnsignedFile.Multi.Generic (1)
10:26:13.0937 4144 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
10:26:13.0984 4144 W32Time ( UnsignedFile.Multi.Generic ) - warning
10:26:13.0984 4144 W32Time - detected UnsignedFile.Multi.Generic (1)
10:26:14.0031 4144 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:26:14.0062 4144 Wanarp ( UnsignedFile.Multi.Generic ) - warning
10:26:14.0062 4144 Wanarp - detected UnsignedFile.Multi.Generic (1)
10:26:14.0093 4144 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
10:26:14.0125 4144 wanatw ( UnsignedFile.Multi.Generic ) - warning
10:26:14.0125 4144 wanatw - detected UnsignedFile.Multi.Generic (1)
10:26:14.0140 4144 WDICA - ok
10:26:14.0203 4144 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:26:14.0234 4144 wdmaud ( UnsignedFile.Multi.Generic ) - warning
10:26:14.0234 4144 wdmaud - detected UnsignedFile.Multi.Generic (1)
10:26:14.0281 4144 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
10:26:14.0312 4144 WebClient ( UnsignedFile.Multi.Generic ) - warning
10:26:14.0312 4144 WebClient - detected UnsignedFile.Multi.Generic (1)
10:26:14.0390 4144 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
10:26:14.0421 4144 winmgmt ( UnsignedFile.Multi.Generic ) - warning
10:26:14.0421 4144 winmgmt - detected UnsignedFile.Multi.Generic (1)
10:26:14.0468 4144 WmdmPmSN (6eaa72fd9ef993ec1fa9a06de65105da) C:\WINDOWS\system32\mspmsnsv.dll
10:26:14.0515 4144 WmdmPmSN ( UnsignedFile.Multi.Generic ) - warning
10:26:14.0515 4144 WmdmPmSN - detected UnsignedFile.Multi.Generic (1)
10:26:14.0578 4144 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
10:26:14.0640 4144 Wmi ( UnsignedFile.Multi.Generic ) - warning
10:26:14.0640 4144 Wmi - detected UnsignedFile.Multi.Generic (1)
10:26:14.0687 4144 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:26:14.0750 4144 WmiApSrv ( UnsignedFile.Multi.Generic ) - warning
10:26:14.0750 4144 WmiApSrv - detected UnsignedFile.Multi.Generic (1)
10:26:14.0781 4144 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:26:14.0812 4144 WS2IFSL ( UnsignedFile.Multi.Generic ) - warning
10:26:14.0812 4144 WS2IFSL - detected UnsignedFile.Multi.Generic (1)
10:26:14.0843 4144 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
10:26:14.0890 4144 wscsvc ( UnsignedFile.Multi.Generic ) - warning
10:26:14.0890 4144 wscsvc - detected UnsignedFile.Multi.Generic (1)
10:26:14.0937 4144 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
10:26:14.0953 4144 wuauserv ( UnsignedFile.Multi.Generic ) - warning
10:26:14.0953 4144 wuauserv - detected UnsignedFile.Multi.Generic (1)
10:26:15.0015 4144 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
10:26:15.0093 4144 WZCSVC ( UnsignedFile.Multi.Generic ) - warning
10:26:15.0093 4144 WZCSVC - detected UnsignedFile.Multi.Generic (1)
10:26:15.0125 4144 X10Hid (81e8da36ce70858898d5eb81e28a47d2) C:\WINDOWS\system32\Drivers\x10hid.sys
10:26:15.0156 4144 X10Hid ( UnsignedFile.Multi.Generic ) - warning
10:26:15.0156 4144 X10Hid - detected UnsignedFile.Multi.Generic (1)
10:26:15.0218 4144 x10nets (5a0c788c5bc5f2c993cb60940adcf95e) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
10:26:15.0250 4144 x10nets ( UnsignedFile.Multi.Generic ) - warning
10:26:15.0250 4144 x10nets - detected UnsignedFile.Multi.Generic (1)
10:26:15.0281 4144 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
10:26:15.0343 4144 xmlprov ( UnsignedFile.Multi.Generic ) - warning
10:26:15.0343 4144 xmlprov - detected UnsignedFile.Multi.Generic (1)
10:26:15.0375 4144 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0
10:26:16.0015 4144 \Device\Harddisk0\DR0 - ok
10:26:16.0031 4144 Boot (0x1200) (23628e4d62bc3912ecbf33ea97200c39) \Device\Harddisk0\DR0\Partition0
10:26:16.0046 4144 \Device\Harddisk0\DR0\Partition0 - ok
10:26:16.0046 4144 ============================================================
10:26:16.0046 4144 Scan finished
10:26:16.0046 4144 ============================================================
10:26:16.0156 4136 Detected object count: 263
10:26:16.0156 4136 Actual detected object count: 263
10:28:04.0890 4136 abp480n5 ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:04.0890 4136 abp480n5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:04.0890 4136 ACPI ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:04.0890 4136 ACPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:04.0890 4136 ACPIEC ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:04.0890 4136 ACPIEC ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:04.0890 4136 adpu160m ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:04.0890 4136 adpu160m ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:04.0906 4136 aec ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:04.0906 4136 aec ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:04.0906 4136 AFD ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:04.0906 4136 AFD ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:04.0906 4136 agp440 ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:04.0906 4136 agp440 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:04.0906 4136 agpCPQ ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:04.0906 4136 agpCPQ ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:04.0921 4136 Aha154x ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:04.0921 4136 Aha154x ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:04.0921 4136 aic78u2 ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:04.0921 4136 aic78u2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:04.0921 4136 aic78xx ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:04.0921 4136 aic78xx ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:04.0937 4136 alcan5wn ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:04.0937 4136 alcan5wn ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:04.0937 4136 alcaudsl ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:04.0937 4136 alcaudsl ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:04.0937 4136 ALCXWDM ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:04.0937 4136 ALCXWDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:04.0937 4136 Alerter ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:04.0937 4136 Alerter ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:04.0953 4136 ALG ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:04.0953 4136 ALG ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:04.0953 4136 AliIde ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:04.0953 4136 AliIde ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:04.0953 4136 alim1541 ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:04.0953 4136 alim1541 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:04.0953 4136 amdagp ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:04.0953 4136 amdagp ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:04.0968 4136 amsint ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:04.0968 4136 amsint ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:04.0968 4136 AppMgmt ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:04.0968 4136 AppMgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:04.0968 4136 asc ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:04.0968 4136 asc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:04.0968 4136 asc3350p ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:04.0984 4136 asc3350p ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:04.0984 4136 asc3550 ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:04.0984 4136 asc3550 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:04.0984 4136 AsyncMac ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:04.0984 4136 AsyncMac ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:04.0984 4136 atapi ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:04.0984 4136 atapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0000 4136 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0000 4136 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0000 4136 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0000 4136 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0000 4136 ati2mtag ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0000 4136 ati2mtag ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0000 4136 Atmarpc ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0000 4136 Atmarpc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0015 4136 ATWPKT2 ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0015 4136 ATWPKT2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0015 4136 AudioSrv ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0015 4136 AudioSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0015 4136 audstub ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0015 4136 audstub ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0031 4136 Beep ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0031 4136 Beep ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0031 4136 BITS ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0031 4136 BITS ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0031 4136 Browser ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0031 4136 Browser ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0031 4136 cbidf ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0031 4136 cbidf ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0046 4136 cbidf2k ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0046 4136 cbidf2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0046 4136 cd20xrnt ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0046 4136 cd20xrnt ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0046 4136 Cdaudio ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0046 4136 Cdaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0046 4136 Cdfs ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0046 4136 Cdfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0062 4136 Cdrom ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0062 4136 Cdrom ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0062 4136 CiSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0062 4136 CiSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0062 4136 ClipSrv ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0062 4136 ClipSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0078 4136 CmdIde ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0078 4136 CmdIde ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0078 4136 Cpqarray ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0078 4136 Cpqarray ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0078 4136 CryptSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0078 4136 CryptSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0078 4136 dac2w2k ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0078 4136 dac2w2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0093 4136 dac960nt ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0093 4136 dac960nt ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0093 4136 DcomLaunch ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0093 4136 DcomLaunch ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0093 4136 Dhcp ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0093 4136 Dhcp ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0093 4136 Disk ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0093 4136 Disk ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0109 4136 dmboot ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0109 4136 dmboot ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0109 4136 dmio ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0109 4136 dmio ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0109 4136 dmload ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0109 4136 dmload ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0125 4136 dmserver ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0125 4136 dmserver ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0125 4136 DMusic ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0125 4136 DMusic ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0125 4136 Dnscache ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0125 4136 Dnscache ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0125 4136 Dot3svc ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0125 4136 Dot3svc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0140 4136 dpti2o ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0140 4136 dpti2o ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0140 4136 drmkaud ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0140 4136 drmkaud ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0140 4136 EapHost ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0140 4136 EapHost ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0140 4136 ehRecvr ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0140 4136 ehRecvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0140 4136 ehSched ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0140 4136 ehSched ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0156 4136 ERSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0156 4136 ERSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0156 4136 Eventlog ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0156 4136 Eventlog ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0156 4136 EventSystem ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0156 4136 EventSystem ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0171 4136 Fastfat ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0171 4136 Fastfat ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0171 4136 FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0171 4136 FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0171 4136 Fdc ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0171 4136 Fdc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0171 4136 Fips ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0171 4136 Fips ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0187 4136 Flpydisk ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0187 4136 Flpydisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0187 4136 FltMgr ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0187 4136 FltMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0187 4136 Fs_Rec ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0187 4136 Fs_Rec ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0203 4136 Ftdisk ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0203 4136 Ftdisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0203 4136 Gpc ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0203 4136 Gpc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0203 4136 helpsvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0203 4136 helpsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0203 4136 HidServ ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0203 4136 HidServ ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0218 4136 HidUsb ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0218 4136 HidUsb ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0218 4136 hkmsvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0218 4136 hkmsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0218 4136 hpn ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0218 4136 hpn ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0218 4136 HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0218 4136 HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0234 4136 HTTPFilter ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0234 4136 HTTPFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0234 4136 i2omgmt ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0234 4136 i2omgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0234 4136 i2omp ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0234 4136 i2omp ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0250 4136 i8042prt ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0250 4136 i8042prt ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0250 4136 Imapi ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0250 4136 Imapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0250 4136 ImapiService ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0250 4136 ImapiService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0250 4136 ini910u ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0250 4136 ini910u ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0265 4136 IntelIde ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0265 4136 IntelIde ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0265 4136 intelppm ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0265 4136 intelppm ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0265 4136 Ip6Fw ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0265 4136 Ip6Fw ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0265 4136 IpFilterDriver ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0265 4136 IpFilterDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0281 4136 IpInIp ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0281 4136 IpInIp ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0281 4136 IpNat ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0281 4136 IpNat ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0281 4136 IPSec ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0281 4136 IPSec ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0296 4136 IRENUM ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0296 4136 IRENUM ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0296 4136 isapnp ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0296 4136 isapnp ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0296 4136 Kbdclass ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0296 4136 Kbdclass ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0296 4136 kbdhid ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0296 4136 kbdhid ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0312 4136 kmixer ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0312 4136 kmixer ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0312 4136 KSecDD ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0312 4136 KSecDD ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0312 4136 lanmanserver ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0312 4136 lanmanserver ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0328 4136 lanmanworkstation ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0328 4136 lanmanworkstation ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0328 4136 LmHosts ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0328 4136 LmHosts ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0328 4136 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0328 4136 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0343 4136 Messenger ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0343 4136 Messenger ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0343 4136 MHN ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0343 4136 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0343 4136 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0343 4136 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0343 4136 mnmdd ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0343 4136 mnmdd ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0359 4136 mnmsrvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0359 4136 mnmsrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0359 4136 Modem ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0359 4136 Modem ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0359 4136 Mouclass ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0359 4136 Mouclass ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0375 4136 mouhid ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0375 4136 mouhid ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0375 4136 MountMgr ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0375 4136 MountMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0375 4136 mraid35x ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0375 4136 mraid35x ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0375 4136 MRxDAV ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0375 4136 MRxDAV ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0390 4136 MRxSmb ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0390 4136 MRxSmb ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0390 4136 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0390 4136 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0390 4136 MSDTC ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0390 4136 MSDTC ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0390 4136 Msfs ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0390 4136 Msfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0390 4136 MSKSSRV ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0406 4136 MSKSSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0406 4136 MSPCLOCK ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0406 4136 MSPCLOCK ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0406 4136 MSPQM ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0406 4136 MSPQM ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0406 4136 mssmbios ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0406 4136 mssmbios ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0421 4136 Mup ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0421 4136 Mup ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0421 4136 napagent ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0421 4136 napagent ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0421 4136 NDIS ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0421 4136 NDIS ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0421 4136 NdisTapi ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0421 4136 NdisTapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0437 4136 Ndisuio ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0437 4136 Ndisuio ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0437 4136 NdisWan ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0437 4136 NdisWan ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0437 4136 NDProxy ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0437 4136 NDProxy ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0453 4136 NetBIOS ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0453 4136 NetBIOS ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0453 4136 NetBT ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0453 4136 NetBT ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0453 4136 NetDDE ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0453 4136 NetDDE ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0453 4136 NetDDEdsdm ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0453 4136 NetDDEdsdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0468 4136 Netlogon ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0468 4136 Netlogon ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0468 4136 Netman ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0468 4136 Netman ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0468 4136 Nla ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0468 4136 Nla ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0468 4136 Npfs ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0468 4136 Npfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0484 4136 Ntfs ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0484 4136 Ntfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0484 4136 NtLmSsp ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0484 4136 NtLmSsp ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0484 4136 NtmsSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0484 4136 NtmsSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0500 4136 Null ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0500 4136 Null ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0500 4136 NwlnkFlt ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0500 4136 NwlnkFlt ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0500 4136 NwlnkFwd ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0500 4136 NwlnkFwd ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0500 4136 PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0500 4136 PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0515 4136 Parport ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0515 4136 Parport ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0515 4136 PartMgr ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0515 4136 PartMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0515 4136 ParVdm ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0515 4136 ParVdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0515 4136 PCI ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0515 4136 PCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0531 4136 PCIIde ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0531 4136 PCIIde ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0531 4136 Pcmcia ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0531 4136 Pcmcia ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0531 4136 perc2 ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0531 4136 perc2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0546 4136 perc2hib ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0546 4136 perc2hib ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0546 4136 PlugPlay ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0546 4136 PlugPlay ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0546 4136 PolicyAgent ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0546 4136 PolicyAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0546 4136 PptpMiniport ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0546 4136 PptpMiniport ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0562 4136 Processor ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0562 4136 Processor ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0562 4136 ProtectedStorage ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0562 4136 ProtectedStorage ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0562 4136 PSched ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0562 4136 PSched ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0562 4136 Ptilink ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0562 4136 Ptilink ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0578 4136 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0578 4136 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0578 4136 ql1080 ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0578 4136 ql1080 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0578 4136 Ql10wnt ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0578 4136 Ql10wnt ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0593 4136 ql12160 ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0593 4136 ql12160 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0593 4136 ql1240 ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0593 4136 ql1240 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0593 4136 ql1280 ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0593 4136 ql1280 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0593 4136 RasAcd ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0593 4136 RasAcd ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0609 4136 RasAuto ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0609 4136 RasAuto ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0609 4136 Rasl2tp ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0609 4136 Rasl2tp ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0609 4136 RasMan ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0609 4136 RasMan ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0609 4136 RasPppoe ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0625 4136 RasPppoe ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0625 4136 Raspti ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0625 4136 Raspti ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0625 4136 Rdbss ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0625 4136 Rdbss ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0625 4136 RDPCDD ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0625 4136 RDPCDD ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0640 4136 rdpdr ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0640 4136 rdpdr ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0640 4136 RDPWD ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0640 4136 RDPWD ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0640 4136 RDSessMgr ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0640 4136 RDSessMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0640 4136 redbook ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0640 4136 redbook ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0640 4136 RemoteAccess ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0640 4136 RemoteAccess ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0656 4136 RemoteRegistry ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0656 4136 RemoteRegistry ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0656 4136 RpcLocator ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0656 4136 RpcLocator ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0656 4136 RpcSs ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0656 4136 RpcSs ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0671 4136 RSVP ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0671 4136 RSVP ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0671 4136 RTL8023 ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0671 4136 RTL8023 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0671 4136 SamSs ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0671 4136 SamSs ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0687 4136 SCardSvr ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0687 4136 SCardSvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0687 4136 Schedule ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0687 4136 Schedule ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0687 4136 Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0687 4136 Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0703 4136 seclogon ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0703 4136 seclogon ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0703 4136 SENS ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0703 4136 SENS ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0703 4136 Serial ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0703 4136 Serial ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0703 4136 sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0703 4136 sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0718 4136 sfhlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0718 4136 sfhlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0718 4136 Sfloppy ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0718 4136 Sfloppy ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0718 4136 sfsync02 ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0718 4136 sfsync02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0718 4136 SharedAccess ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0734 4136 SharedAccess ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0734 4136 ShellHWDetection ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0734 4136 ShellHWDetection ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0734 4136 sisagp ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0734 4136 sisagp ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0734 4136 Sparrow ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0734 4136 Sparrow ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0750 4136 splitter ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0750 4136 splitter ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0750 4136 Spooler ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0750 4136 Spooler ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0750 4136 SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0750 4136 SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0750 4136 sr ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0750 4136 sr ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0765 4136 srservice ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0765 4136 srservice ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0765 4136 Srv ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0765 4136 Srv ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0765 4136 SSDPSRV ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0765 4136 SSDPSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0781 4136 SSScsiSV ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0781 4136 SSScsiSV ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0781 4136 stisvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0781 4136 stisvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0781 4136 swenum ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0781 4136 swenum ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0781 4136 swmidi ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0781 4136 swmidi ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0796 4136 symc810 ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0796 4136 symc810 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0796 4136 symc8xx ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0796 4136 symc8xx ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0796 4136 sym_hi ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0796 4136 sym_hi ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0812 4136 sym_u3 ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0812 4136 sym_u3 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0812 4136 sysaudio ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0812 4136 sysaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0812 4136 SysmonLog ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0812 4136 SysmonLog ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0812 4136 TapiSrv ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0812 4136 TapiSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0828 4136 Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0828 4136 Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0828 4136 TDPIPE ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0828 4136 TDPIPE ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0828 4136 TDTCP ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0828 4136 TDTCP ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0828 4136 TermDD ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0828 4136 TermDD ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0843 4136 TermService ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0843 4136 TermService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0843 4136 Themes ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0843 4136 Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0843 4136 TlntSvr ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0843 4136 TlntSvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0859 4136 TosIde ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0859 4136 TosIde ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0859 4136 TrkWks ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0859 4136 TrkWks ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0859 4136 Udfs ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0859 4136 Udfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0859 4136 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0859 4136 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0875 4136 ultra ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0875 4136 ultra ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0875 4136 UMWdf ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0875 4136 UMWdf ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0875 4136 Update ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0875 4136 Update ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0875 4136 upnphost ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0875 4136 upnphost ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0890 4136 UPS ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0890 4136 UPS ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0890 4136 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0890 4136 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0890 4136 usbccgp ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0890 4136 usbccgp ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0890 4136 USBDeviceService ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0890 4136 USBDeviceService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0906 4136 usbehci ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0906 4136 usbehci ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0906 4136 usbhub ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0906 4136 usbhub ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0906 4136 usbohci ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0906 4136 usbohci ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0906 4136 USBSTOR ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0906 4136 USBSTOR ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0921 4136 VgaSave ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0921 4136 VgaSave ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0921 4136 viaagp ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0921 4136 viaagp ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0921 4136 ViaIde ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0921 4136 ViaIde ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0937 4136 VolSnap ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0937 4136 VolSnap ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0937 4136 VSS ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0937 4136 VSS ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0937 4136 W32Time ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0937 4136 W32Time ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0937 4136 Wanarp ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0937 4136 Wanarp ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0953 4136 wanatw ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0953 4136 wanatw ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0953 4136 wdmaud ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0953 4136 wdmaud ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0953 4136 WebClient ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0953 4136 WebClient ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0953 4136 winmgmt ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0953 4136 winmgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0968 4136 WmdmPmSN ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0968 4136 WmdmPmSN ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0968 4136 Wmi ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0968 4136 Wmi ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0968 4136 WmiApSrv ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0968 4136 WmiApSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0968 4136 WS2IFSL ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0984 4136 WS2IFSL ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0984 4136 wscsvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0984 4136 wscsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0984 4136 wuauserv ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0984 4136 wuauserv ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:05.0984 4136 WZCSVC ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:05.0984 4136 WZCSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:06.0000 4136 X10Hid ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:06.0000 4136 X10Hid ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:06.0000 4136 x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:06.0000 4136 x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:28:06.0000 4136 xmlprov ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:06.0000 4136 xmlprov ( UnsignedFile.Multi.Generic ) - User select action: Skip

Edited by HDL, 20 July 2012 - 03:29 AM.

  • 0

#7
HDL

HDL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-20 10:31:52
-----------------------------
10:31:52.453 OS Version: Windows 5.1.2600 Service Pack 3
10:31:52.453 Number of processors: 2 586 0x409
10:31:52.453 ComputerName: SN641054970330 UserName: Owner
10:31:53.187 Initialize success
10:36:06.171 AVAST engine defs: 12071902
10:39:38.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-16
10:39:38.500 Disk 0 Vendor: ST3250820A 3.AAD Size: 238475MB BusType: 3
10:39:38.515 Disk 0 MBR read successfully
10:39:38.515 Disk 0 MBR scan
10:39:38.609 Disk 0 unknown MBR code
10:39:38.609 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
10:39:38.640 Disk 0 scanning sectors +488376000
10:39:38.671 Disk 0 malicious Win32:MBRoot code @ sector 488376003 !
10:39:38.765 Disk 0 scanning C:\WINDOWS\system32\drivers
10:39:58.875 Service scanning
10:40:21.406 Service vsdatant C:\WINDOWS\System32\vsdatant.sys **LOCKED** 32
10:40:23.781 Modules scanning
10:40:28.609 Module: C:\WINDOWS\System32\drivers\dxgthk.sys **SUSPICIOUS**
10:40:30.015 Module: C:\WINDOWS\system32\ntdll.dll **SUSPICIOUS**
10:40:31.203 AVAST engine scan C:\WINDOWS
10:40:56.140 AVAST engine scan C:\WINDOWS\system32
10:45:50.687 AVAST engine scan C:\WINDOWS\system32\drivers
10:46:26.937 AVAST engine scan C:\Documents and Settings\Owner
11:39:14.265 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
11:39:14.296 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
  • 0

#8
HDL

HDL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.20.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: SN641054970330 [administrator]

20/07/2012 11:48:41
mbam-log-2012-07-20 (11-48-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209510
Time elapsed: 11 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#9
HDL

HDL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Done. Thank you.

OTL logfile created on: 20/07/2012 12:05:55 - Run 4
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

959.36 Mb Total Physical Memory | 327.98 Mb Available Physical Memory | 34.19% Memory free
2.26 Gb Paging File | 1.47 Gb Available in Paging File | 65.08% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 52.95 Gb Free Space | 22.74% Space Free | Partition Type: NTFS

Computer Name: SN641054970330 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\iWin Games\iWinTrusted.exe (iWin Inc.)
PRC - C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
PRC - C:\Program Files\NetMeter\NetMeter.exe ()
PRC - C:\Program Files\AskBarDis\bar\bin\AskService.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mabinogi\npkcmsvc.exe (INCA Internet Co., Ltd.)
PRC - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe ()
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe (THOMSON Telecom Belgium)
PRC - C:\APPS\ABOARD\ABOARD.EXE (NEC Computers International)
PRC - C:\APPS\ABOARD\AOSD.EXE (NEC Computers International)
PRC - C:\Program Files\Common Files\X10\Common\X10nets.exe (X10)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e78bf355\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_88c05fce\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_64bfb806\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_a7ec5158\system.windows.forms.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_82ed7507\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll ()
MOD - C:\Program Files\Trillian\libpng13.dll ()
MOD - C:\Program Files\Trillian\libungif.dll ()
MOD - C:\Program Files\Trillian\zlib1.dll ()
MOD - c:\Program Files\Trillian\languages\en\aim.dll ()
MOD - c:\Program Files\Trillian\languages\en\yahoo.dll ()
MOD - c:\Program Files\Trillian\languages\en\trillian.dll ()
MOD - c:\Program Files\Trillian\languages\en\msn.dll ()
MOD - c:\Program Files\Trillian\languages\en\events.dll ()
MOD - c:\Program Files\Trillian\languages\en\buddy.dll ()
MOD - c:\Program Files\Trillian\languages\en\talk.dll ()
MOD - c:\Program Files\Trillian\languages\en\proxy.dll ()
MOD - c:\Program Files\Trillian\languages\en\toolkit.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\NetMeter\NetMeter.exe ()
MOD - c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - C:\Program Files\AskBarDis\bar\bin\AskService.exe ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe ()
MOD - C:\WINDOWS\system32\sbe.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (JavaQuickStarterService) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (vsmon) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (iWinTrusted) -- C:\Program Files\iWin Games\iWinTrusted.exe (iWin Inc.)
SRV - (npggsvc) -- C:\WINDOWS\system32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (ASKService) -- C:\Program Files\AskBarDis\bar\bin\AskService.exe ()
SRV - (npkcmsvc) -- C:\Program Files\Mabinogi\npkcmsvc.exe (INCA Internet Co., Ltd.)
SRV - (USBDeviceService) -- C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe ()
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (x10nets) -- C:\Program Files\Common Files\X10\Common\X10nets.exe (X10)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (npkcrypt) -- C:\Program Files\Mabinogi\npkcrypt.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (aswMBR) -- C:\DOCUME~1\Owner\LOCALS~1\Temp\aswMBR.sys File not found
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (X10Hid) -- C:\WINDOWS\system32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\system32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\system32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\system32\drivers\sfhlp02.sys (Protection Technology)
DRV - (ATWPKT2) -- C:\Program Files\Common Files\AOL\ACS\ATWPkt2.sys (America Online)
DRV - (RTL8023) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys (Realtek Semiconductor Corporation )
DRV - (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\WINDOWS\system32\drivers\alcan5wn.sys (THOMSON)
DRV - (alcaudsl) -- C:\WINDOWS\system32\drivers\alcaudsl.sys (THOMSON)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2645238
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2504091
IE - HKCU\..\SearchScopes\{E08A9998-D98F-476f-8F5C-37C80FE0A4DA}: "URL" = http://start.iplay.c...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@otee.dk/UnityWebPlayer: C:\Program Files\OverTheEdge\Unity\WebPlayer\loader\npUnityWeb32.dll (OverTheEdge I/S)
FF - HKLM\Software\MozillaPlugins\@real.com/npmozax: C:\Program Files\Mozilla Firefox\plugins\ [2012/07/04 14:20:36 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1069: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\Documents and Settings\All Users\Application Data\RealArcade\npraclient.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\PROGRA~1\SONYON~1\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\Program Files\iWin Games\firefox\ [2010/10/17 12:17:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/20 10:02:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/03/10 00:38:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/23 16:46:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/19 19:07:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/04 14:20:36 | 000,000,000 | ---D | M]

[2009/01/10 21:13:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2012/07/19 08:58:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nj9eh881.default\extensions
[2012/07/19 08:58:12 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nj9eh881.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2012/07/16 08:07:19 | 000,000,000 | ---D | M] (ZoneAlarm Security Community Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nj9eh881.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
[2009/08/05 13:39:55 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nj9eh881.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011/08/18 16:24:50 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nj9eh881.default\searchplugins\conduit.xml
[2011/11/11 20:48:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/17 05:12:17 | 000,525,445 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NJ9EH881.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/06/21 07:26:56 | 000,109,964 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NJ9EH881.DEFAULT\EXTENSIONS\[email protected]
[2012/02/23 16:46:56 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/07/19 19:07:23 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2005/12/05 23:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2009/03/30 17:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npraclient.dll
[2005/04/27 21:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npracplug.dll
[2012/04/25 22:02:52 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/02 09:06:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/25 22:02:52 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/04/25 22:02:52 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/04/25 22:02:55 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/04/25 22:02:52 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - homepage: about:blank
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: about:blank
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealArcade NPAPI Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npraclient.dll
CHR - plugin: RealArcade Mozilla Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Free Realms Installer (Enabled) = C:\PROGRA~1\SONYON~1\npsoe.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Unity Web Player (Enabled) = C:\Program Files\OverTheEdge\Unity\WebPlayer\loader\npUnityWeb32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SRDotDX - FPX = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\effedicllnelcnimmpjhgmgfjjegimdh\0.0.9_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/20 08:58:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon0.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files\ZoneAlarm_Security\prxtbZon0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [ACTIVBOARD] c:\APPS\ABOARD\ABOARD.EXE (NEC Computers International)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [NetMeter] C:\Program Files\NetMeter\NetMeter.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file://C:\Program Files\Wizard's Pen\Images\stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://www.pcpitstop...cpConnCheck.cab (iCC Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.systemreq...sreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...C_2.3.9.113.cab (CDownloadCtrl Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1323113197203 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.co...ploader_v10.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F7BA24A-AC9B-4F10-B2AA-7824C6FBF0B4}: NameServer = 212.139.132.10 212.139.132.11
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Workrave.lnk - - File not found
MsConfig - StartUpReg: DownloadAccelerator - hkey= - key= - C:\Program Files\DAP\DAP.EXE (Speedbit Ltd.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: SsAAD.exe - hkey= - key= - C:\Program Files\Sony\SonicStage\SSAAD.exe ()
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: AutorunsDisabled -

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mpegacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/20 11:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/20 11:47:06 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/20 11:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/20 10:30:18 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2012/07/20 09:40:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/07/20 09:26:48 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/07/20 09:24:51 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2012/07/20 06:37:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/07/20 06:37:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/07/20 06:37:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/07/20 06:37:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/07/20 06:36:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/20 06:36:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/07/20 06:34:58 | 004,582,475 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2012/07/19 18:45:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/19 01:09:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\virus
[2012/07/19 01:03:23 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/07/18 16:53:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WhoCrashed
[2012/07/18 16:53:26 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2012/07/04 15:07:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\eSupport.com
[2012/07/04 14:22:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Sun
[2012/07/04 14:20:58 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/07/04 14:20:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Oracle
[2012/07/04 14:20:36 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/07/04 14:20:36 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/07/04 14:19:49 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/07/04 14:19:48 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2009/09/29 20:00:00 | 000,057,369 | ---- | C] (Chris Jones) -- C:\Program Files\winsetup.exe
[2009/09/29 19:59:58 | 008,421,321 | ---- | C] (Chris Jones) -- C:\Program Files\Awakener.exe
[2007/12/05 03:58:36 | 001,071,886 | ---- | C] (Blizzard Entertainment) -- C:\Program Files\WoW-2.0.0-enUS-Installer-downloader.exe
[2007/08/05 21:13:23 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/20 12:18:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/20 12:07:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1936352823-199163826-2050354253-1006UA.job
[2012/07/20 11:47:11 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/20 11:39:14 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2012/07/20 10:30:47 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2012/07/20 10:21:56 | 000,001,625 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Trillian.lnk
[2012/07/20 10:20:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/20 10:20:05 | 1006,030,848 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/20 09:25:19 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2012/07/20 08:58:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/07/20 06:35:26 | 004,582,475 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2012/07/20 05:07:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1936352823-199163826-2050354253-1006Core.job
[2012/07/19 01:03:24 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/07/18 16:53:29 | 000,000,709 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\WhoCrashed.lnk
[2012/07/17 03:18:54 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/07/17 03:18:54 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/07/11 23:20:32 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/07/04 14:17:43 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/07/04 14:17:43 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/07/03 20:21:14 | 063,816,521 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/06/20 17:43:13 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/20 11:47:11 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/20 11:39:14 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2012/07/20 06:37:35 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/07/20 06:37:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/07/20 06:37:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/07/20 06:37:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/07/20 06:37:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/07/18 16:53:29 | 000,000,709 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\WhoCrashed.lnk
[2012/07/17 02:18:00 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/10 02:42:25 | 1006,030,848 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/14 14:36:28 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/09/29 20:00:02 | 000,000,265 | ---- | C] () -- C:\Program Files\acsetup.cfg
[2009/09/29 19:40:20 | 004,065,964 | ---- | C] () -- C:\Program Files\music.vox
[2009/02/16 13:14:10 | 000,012,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\slot1.mm1
[2008/05/06 20:43:18 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/23 17:39:47 | 000,000,665 | ---- | C] () -- C:\Documents and Settings\Owner\Rollerdex.cfg
[2008/03/31 04:58:18 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2007/09/16 00:50:43 | 000,000,032 | R--- | C] () -- C:\Documents and Settings\All Users\hash.dat
[2007/09/08 08:48:51 | 000,002,292 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2007/07/28 11:49:56 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2002/07/01 15:13:30 | 000,000,243 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\system16driver.dat
[2002/07/01 15:13:30 | 000,000,228 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\phax.dat
[2002/07/01 15:13:30 | 000,000,224 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\menustart32.dat
[2002/07/01 15:13:30 | 000,000,224 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\login_setup.dat

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: ST3250820A
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Generic USB SD Reader USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: Generic USB CF Reader USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: Generic USB SM Reader USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE4 -
Interface type: USB
Media Type:
Model: Generic USB MS Reader USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 233.00GB
Starting Offset: 32256
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2010/12/13 08:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.minecraft
[2009/12/16 18:20:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\1morebee
[2010/03/25 00:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Absolutist
[2010/08/31 03:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Academagia
[2009/12/01 21:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Adobe
[2007/08/08 08:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AdobeUM
[2012/02/19 15:46:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aidem Media
[2010/02/23 19:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Alawar
[2010/05/19 11:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AlderGames
[2008/07/05 10:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amaranth Games
[2010/01/31 15:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon
[2009/03/28 20:00:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Anabel
[2008/05/21 10:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ancient Quest of Saqqarah_BETA_1
[2008/06/02 19:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ancient Quest of Saqqarah_BETA_2
[2008/07/29 18:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ancient Quest of Saqqarah__shockwave
[2010/11/10 23:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Apple Computer
[2009/01/07 19:13:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ashtons. Family Resort
[2007/07/28 11:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ATI
[2008/10/07 22:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Atomv1005
[2009/06/05 08:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aveyond 3
[2009/06/07 06:48:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aveyond II
[2011/04/30 16:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2009/07/03 06:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG8
[2012/07/17 12:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2009/09/15 17:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BarbarianGames
[2009/08/15 02:17:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Batovi
[2010/07/03 21:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BBB
[2009/12/01 21:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2012/02/18 23:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Big Fish Games
[2010/04/19 16:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BigFishGames
[2007/09/14 20:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitTorrent
[2009/03/18 02:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Boolat Games
[2009/12/19 15:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Boomzap
[2012/01/22 13:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\calibre
[2011/11/28 19:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CardBoard Castle
[2009/08/04 20:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CasualForge
[2008/12/15 08:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CatmoonGames
[2011/08/18 14:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CheckPoint
[2010/03/09 13:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CKK
[2009/04/21 11:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Coyotes Tale
[2009/07/14 18:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CupcakeCafe
[2012/02/23 16:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DDMSettings
[2012/01/23 00:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DefendersQuest
[2009/09/02 17:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\dingogames
[2010/12/27 23:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DivoGames
[2008/04/19 12:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Downloaded Installations
[2008/10/17 12:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dragon Altar Games
[2009/03/17 20:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EleFun Games
[2009/11/17 20:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ElementalsTheMagicKey
[2009/06/11 21:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Enchanted Katya
[2009/06/30 11:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Enlightenus
[2011/03/20 02:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Enlightenus2SE_BFG
[2009/11/10 19:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Enlightenus_Shockwave
[2009/07/19 06:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ERS G-Studio
[2009/01/20 13:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Fabulous Finds
[2008/09/30 19:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FarmerJane
[2008/11/05 18:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FirstColony
[2009/11/20 22:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Flood Light Games
[2007/12/06 00:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ForgottenRiddles
[2008/09/24 16:13:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ForgottenRiddles2
[2009/02/11 08:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Friday's games
[2010/05/14 23:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Fugazo
[2008/12/09 22:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\funkitron
[2007/11/03 15:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gaijin Ent
[2007/11/18 01:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GameHouse
[2009/09/24 13:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GameInvest
[2008/11/25 14:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gamelab
[2010/07/03 21:47:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gamers Digital
[2008/05/09 16:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Games
[2008/05/30 22:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GamesCafe
[2008/06/04 23:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Genimo
[2009/07/03 09:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2009/11/20 04:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GOA
[2009/01/26 20:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gogii Games
[2009/09/08 20:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GraveyardShift
[2007/09/28 22:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Help
[2007/11/23 15:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Home Sweet Home
[2009/07/15 19:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICQ
[2004/09/10 15:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Identities
[2008/06/08 06:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IGN_DLM
[2008/12/09 23:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InstallShield
[2009/07/22 01:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IronCode
[2011/02/15 18:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Islands
[2010/12/08 07:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iWin
[2008/02/07 01:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iWinArcade
[2007/09/22 15:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Jane s Hotel
[2007/07/28 20:45:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Jasc Software Inc
[2008/10/12 09:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\JoyBits
[2012/02/19 15:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\KatGames
[2011/08/18 20:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LegacyInteractive
[2007/09/10 18:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Macromedia
[2008/02/07 02:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Magic Seeds
[2007/09/06 19:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Magic Stones
[2010/11/04 08:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MagicMatch
[2009/07/03 12:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/05/11 23:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mean Hamster
[2011/03/09 03:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Meridian93
[2010/01/13 13:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Merscom
[2012/07/10 15:45:39 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Owner\Application Data\Microsoft
[2010/06/15 20:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mif2000's Hamlet
[2007/10/06 02:57:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mind Control Software
[2009/02/19 02:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mousechief
[2009/01/10 21:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2008/10/20 09:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mushroom Age
[2008/05/08 00:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\My Games
[2009/12/08 22:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MysteryStudio
[2011/07/12 20:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NevoSoft
[2007/08/03 13:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OD2
[2012/07/04 14:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Oracle
[2011/08/09 19:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PathToSuccess
[2009/07/23 13:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Peace Craft
[2010/11/04 08:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PhantasmatBeta
[2010/11/04 08:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Phantasmat_beta_1
[2011/03/08 20:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Phantasmat_shockwave_ce
[2011/08/25 01:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Pi Eye Games
[2011/05/21 19:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayFirst
[2009/11/11 23:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Playrix Entertainment
[2008/05/10 13:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Pony-World-Deluxe
[2008/01/05 13:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ponys
[2007/07/31 23:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Real
[2009/04/11 06:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Red Thumb Games
[2012/06/18 13:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RenPy
[2008/09/16 18:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Righteous Kill
[2010/04/21 21:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Rokario
[2008/02/11 13:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Runes of Avalon 2
[2011/12/21 02:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sahmon Games
[2008/02/24 01:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sandlot Games
[2008/05/21 10:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Saqqarah
[2008/06/02 18:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Saqqarah_BETA2
[2009/07/22 08:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Scrabble Plus
[2009/08/31 02:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SecondLife
[2007/10/28 02:23:47 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Owner\Application Data\SecuROM
[2010/04/27 22:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Shockwave
[2009/07/17 03:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Shockwave JanesZOO
[2008/08/27 05:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ShockWave_JanesRealty
[2008/04/06 13:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony Corporation
[2008/01/22 08:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Spandex Force
[2010/12/28 01:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Spark Plug Games
[2008/01/22 08:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SpInstallData
[2007/09/09 02:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SpinTop
[2008/06/20 23:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SPORE Creature Creator
[2010/08/14 13:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Stardock
[2008/05/22 11:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\StoneLoops
[2008/05/22 11:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\StoneLoops!
[2008/07/05 13:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SulusGames
[2007/08/11 23:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sun
[2009/08/05 13:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2007/07/27 17:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Symantec
[2012/07/04 15:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
[2007/12/03 00:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Teggo
[2008/10/11 08:15:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2009/05/05 09:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TikGames
[2009/04/21 13:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Total Eclipse
[2011/03/10 19:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Trillian
[2009/06/27 13:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\UClick
[2007/09/11 04:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ulead Systems
[2011/09/12 17:49:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Unity
[2009/10/21 15:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Valusoft
[2007/08/24 15:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VeniceMysteryData
[2009/01/17 14:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ventrilo
[2007/09/08 11:51:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2009/02/14 06:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ViquaSoft
[2007/07/31 15:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Wildfire
[2008/12/05 17:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Wildhollow
[2009/10/21 15:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WildhollowInstall
[2007/09/30 04:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Workrave
[2008/05/26 15:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\xu4
[2009/11/20 04:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Yahoo!
[2008/03/31 05:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Yatec Games
[2007/07/27 17:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\You've Got Pictures Screensaver
[2009/08/14 19:19:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\YoudaGames

< MD5 for: ATAPI.SYS >
[2004/08/10 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/04/14 18:42:49 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/10 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2009/04/14 18:42:49 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: CSRSS.EXE >
[2008/04/14 01:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe
[2008/04/14 01:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe
[2004/08/10 14:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\WINDOWS\$NtServicePackUninstall$\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/10 14:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2008/06/20 18:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 18:36:11 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2004/08/10 14:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
[2008/06/20 18:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/20 18:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$NtUninstallKB2509553$\mswsock.dll
[2008/06/20 17:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 17:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/14 01:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/14 01:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 18:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[2008/06/20 18:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NWPROVAU.DLL >
[2008/04/14 01:12:02 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\ServicePackFiles\i386\nwprovau.dll
[2008/04/14 01:12:02 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\system32\nwprovau.dll
[2006/10/13 13:41:38 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=808CB47D7F6BE51B0354CD628CF45978 -- C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwprovau.dll
[2006/10/13 13:35:12 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=AEEB687B865E1BAB04BB9C3604F92CEF -- C:\WINDOWS\$NtServicePackUninstall$\nwprovau.dll
[2004/08/10 14:00:00 | 000,144,384 | ---- | M] (Microsoft Corporation) MD5=F01D97A8E0380BA52F58249A7B3BD7F1 -- C:\WINDOWS\$NtUninstallKB923980$\nwprovau.dll

< MD5 for: PNRPNSP.DLL >
[2004/08/10 14:00:00 | 000,048,640 | ---- | M] (Microsoft Corporation) MD5=74D3620D2E63489975E3956A40DDD35F -- C:\WINDOWS\$NtServicePackUninstall$\pnrpnsp.dll
[2008/04/14 01:12:02 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\ServicePackFiles\i386\pnrpnsp.dll
[2008/04/14 01:12:02 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\system32\pnrpnsp.dll

< MD5 for: SERVICES.EXE >
[2009/02/06 12:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 01:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/14 01:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/10 14:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/10 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/10 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/10 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINRNR.DLL >
[2004/08/10 14:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=2C8FDB176F22629EA5342DB474FAC391 -- C:\WINDOWS\$NtServicePackUninstall$\winrnr.dll
[2008/04/14 01:12:09 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\ServicePackFiles\i386\winrnr.dll
[2008/04/14 01:12:09 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\system32\winrnr.dll

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -rb [2005/03/08 06:02:40 | 000,016,496 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -hb [2005/03/08 06:02:40 | 000,016,496 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -sb [2005/03/08 06:02:40 | 000,016,496 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AOL9~1.0\aol.exe [2005/03/08 06:03:18 | 000,038,000 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/19 19:07:14 | 000,865,768 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/19 19:07:14 | 000,865,768 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/19 19:07:14 | 000,865,768 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/19 19:07:23 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/19 19:07:23 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/19 19:07:23 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -rb [2005/03/08 06:02:40 | 000,016,496 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -hb [2005/03/08 06:02:40 | 000,016,496 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -sb [2005/03/08 06:02:40 | 000,016,496 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AOL9~1.0\aol.exe [2005/03/08 06:03:18 | 000,038,000 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/19 19:07:14 | 000,865,768 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/19 19:07:14 | 000,865,768 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/19 19:07:14 | 000,865,768 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/19 19:07:23 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/19 19:07:23 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/19 19:07:23 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Files - Unicode (All) ==========
[2008/05/04 12:41:22 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\????) -- C:\Documents and Settings\Owner\My Documents\마비노기
[2008/05/04 12:41:22 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\????) -- C:\Documents and Settings\Owner\My Documents\마비노기

< End of report >

OTL Extras logfile created on: 20/07/2012 12:05:55 - Run 4
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

959.36 Mb Total Physical Memory | 327.98 Mb Available Physical Memory | 34.19% Memory free
2.26 Gb Paging File | 1.47 Gb Available in Paging File | 65.08% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 52.95 Gb Free Space | 22.74% Space Free | Partition Type: NTFS

Computer Name: SN641054970330 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"80:TCP" = 80:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\DAP\DAP.exe" = C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP) -- (Speedbit Ltd.)
"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\Documents and Settings\Owner\My Documents\Downloads\WoW-BurningCrusade-enUS-Installer-downloader.exe" = C:\Documents and Settings\Owner\My Documents\Downloads\WoW-BurningCrusade-enUS-Installer-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\AOL 9.0\aol.exe" = C:\Program Files\AOL 9.0\aol.exe:*:Disabled:AOL -- (America Online, Inc.)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe" = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe:*:Disabled:CLI Application (Command Line Interface) -- (ATI Technologies Inc.)
"C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application. -- (iWin Inc.)
"C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater. -- ()
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (America Online, Inc.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Steam\steamapps\common\recettear\recettear.exe" = C:\Program Files\Steam\steamapps\common\recettear\recettear.exe:*:Enabled:Recettear: An Item Shop's Tale -- (Easygamestation, Carpe Fulgur LLC)
"C:\Program Files\Steam\steamapps\common\recettear\custom.exe" = C:\Program Files\Steam\steamapps\common\recettear\custom.exe:*:Enabled:Recettear: An Item Shop's Tale -- ()
"C:\Program Files\Steam\steamapps\common\blackwell deception\Deception.exe" = C:\Program Files\Steam\steamapps\common\blackwell deception\Deception.exe:*:Enabled:Blackwell Deception -- ( )


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0280F0D8-1542-4DAA-913C-8529E2A3835D}" = The Longest Journey
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0B4F3783-AC21-4A7D-9264-74D575EA3998}" = ATI Catalyst Control Center
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11D3D948-2789-2E3D-03D7-282B537D8C01}" = BBC iPlayer Desktop
"{12B839E5-8271-4888-B19F-4811A8D8770F}_is1" = Puzzle Bots v1.0
"{1DED5EFD-410A-48DB-909A-2B2022BB50D2}" = Nethergate
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{230E8DDC-FB78-4F9F-8461-22ED20DBC3BA}" = AVG 2011
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{2BD2069A-A865-432A-86B8-1151BB0526CC}" = MostFun Game Player
"{2DF53009-8D0A-422A-8AE2-AD2BC63AB60A}" = The Whispered World
"{2F151B50-B434-4838-B51D-70442EBA093E}" = OpenMG Secure Module 4.1.00
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{351E09AC-DCB3-451D-9C7D-C1A82AF1CE5D}" = Geneforge 4
"{3CD921DC-FE10-404C-99DB-FA57A6FCB32E}_is1" = Ben There Dan That 1.1.3.8
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4213401F-F796-C80F-652F-7B7CC8D956A2}" = Defender's Quest
"{47273CEF-C70E-40E9-80DE-FA9BE55AD1BB}" = Avernum 5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A065EA0-0EEC-4E94-A2A0-40812576C122}" = Ulead PhotoImpact 10 SE
"{64EEA791-0271-4B53-00AC-2BF05F5FBEF6}" = The Sims™ Castaway Stories
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}" = Macromedia Shockwave Player
"{7E768E2D-1504-4AB7-9B91-89187D48F27B}_is1" = Jolly Rover Demo
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113784233}" = Home Sweet Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113806933}" = Kudos Rock Legend
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117834150}" = Little Folk Of Faery
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8E8E1C64-85FA-4327-8D4B-11FC2BB5BDF6}" = calibre
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.0
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A64FF1D4-9CBC-467C-8D11-C1AFAA0B8AFF}" = AVG 2011
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
"{C8FC7066-4457-4365-9BDF-4E439BF703C8}" = AVG 2011
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = SpeedTouch USB Software
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE™ Creature Creator Trial Edition
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AC4B4E-DE52-4578-B156-074D751B8B2E}" = Kindle Collection Manager
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"7 Sins" = 7 Sins
"A_Tale_of_Two_Kingdoms_1.0" = A Tale of Two Kingdoms 1.2
"Academagia - The Making of Mages" = Academagia - The Making of Mages
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agatha Christie: Dead Man's Folly" = Agatha Christie: Dead Man's Folly
"Alice Greenfingers 2" = Alice Greenfingers 2
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"Amelie's Cafe" = Amelie's Cafe
"Annabel" = Annabel
"Armadillo Run Demo_is1" = Armadillo Run Demo Version 1.0.5
"Ask Toolbar_is1" = ZoneAlarm Spy Blocker Toolbar
"ATI Display Driver" = ATI Display Driver
"Avalon" = Avalon
"Avastar Hollywood Tycoon©" = Avastar Hollywood Tycoon©
"Avenue Flo™" = Avenue Flo™
"Avenue Flo™: Special Delivery" = Avenue Flo™: Special Delivery
"AvernumDemo" = Avernum Demo
"Aveyond 2" = Aveyond 2
"Aveyond: Lord of Twilight" = Aveyond: Lord of Twilight
"AVG" = AVG 2011
"Aztec Tribe" = Aztec Tribe
"Bandwidth Monitor_is1" = Bandwidth Monitor
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"Bejeweled 2 Deluxe®" = Bejeweled 2 Deluxe®
"Bejeweled Twist™" = Bejeweled Twist™
"BFG-Azada - In Libro" = Azada: In Libro
"BFG-Beauty Factory" = Beauty Factory
"BFG-Bistro Boulevard" = Bistro Boulevard
"BFG-Blackwell Unbound" = Blackwell Unbound
"BFG-Buried in Time" = Buried in Time
"BFGC" = Big Fish Games: Game Manager
"BFG-Cardboard Castle" = Cardboard Castle
"BFG-City of Secrets" = City of Secrets
"BFG-Cute Knight Kingdom" = Cute Knight Kingdom
"BFG-Dangerous High School Girls" = Dangerous High School Girls
"BFG-Drawn - The Painted Tower" = Drawn: The Painted Tower ™
"BFG-Drawn - Trail of Shadows" = Drawn™: Trail of Shadows
"BFG-Egypt 2" = Egypt II: The Heliopolis Prophecy
"BFG-Escape From Paradise 2 - A Kingdom's Quest" = Escape From Paradise 2: A Kingdom's Quest
"BFG-Fairway" = Fairway™
"BFG-Fairy Maids" = Fairy Maids
"BFG-Farm Frenzy 3" = Farm Frenzy 3
"BFG-Farm Frenzy Pizza Party" = Farm Frenzy Pizza Party
"BFG-Farm Tribe" = Farm Tribe
"BFG-Great Adventures - Lost in Mountains" = Great Adventures: Lost in Mountains
"BFG-Journey to the Center of the Earth" = Journey to the Center of the Earth (remove only)
"BFG-Life Quest" = Life Quest ™
"BFG-Magic Life" = Magic Life
"BFG-Making Mr. Right" = Making Mr. Right
"BFG-Many Years Ago" = Many Years Ago
"BFG-Miss Management" = Miss Management
"BFG-Musaic Box" = Musaic Box
"BFG-Mystery Case Files - Escape from Ravenhearst" = Mystery Case Files&reg;: Escape from Ravenhearst™
"BFG-Mystery Case Files - Madame Fate" = Mystery Case Files: Madame Fate
"BFG-Mystery Case Files - Ravenhearst" = Mystery Case Files: Ravenhearst
"BFG-Plant Tycoon" = Plant Tycoon (remove only)
"BFG-Puzzle Quest 2" = Puzzle Quest 2
"BFG-Return to Mysterious Island 2 - Mina's Fate" = Return to Mysterious Island 2: Mina's Fate
"BFG-The Blackwell Convergence" = The Blackwell Convergence
"BFG-The Blackwell Legacy" = The Blackwell Legacy
"BFG-The Cross Formula" = The Cross Formula
"BFG-The Fall Trilogy" = The Fall Trilogy
"Big Brain Wolf" = Big Brain Wolf
"Bilbo: The Four Corners of the World" = Bilbo: The Four Corners of the World
"Bistro Boulevard" = Bistro Boulevard
"Book of Legends" = Book of Legends
"Bookworm Adventures Deluxe 1.0.1.100" = Bookworm Adventures Deluxe 1.0.1.100
"Bookworm Adventures Vol. 2" = Bookworm Adventures Vol. 2
"Bookworm Adventures™ Volume 2" = Bookworm Adventures™ Volume 2
"Bridge Building Game" = Bridge Building Game
"Build-a-lot 3: Passport to Europe" = Build-a-lot 3: Passport to Europe
"Build-a-lot 4: Power Source" = Build-a-lot 4: Power Source
"Burger Shop 2™" = Burger Shop 2™
"Cake Mania Main Street™" = Cake Mania Main Street™
"Cate West - The Vanishing Files" = Cate West - The Vanishing Files
"Cate West: The Velvet Keys" = Cate West: The Velvet Keys
"CCleaner" = CCleaner
"Chocolate Shop Frenzy™" = Chocolate Shop Frenzy™
"Chocolatier®: Decadence by Design™" = Chocolatier®: Decadence by Design™
"CLUE® Classic" = CLUE® Classic
"Clueless" = Clueless
"CLUE™ Accusations and Alibis™" = CLUE™ Accusations and Alibis™
"Cooking Dash®: DinerTown Studios™" = Cooking Dash®: DinerTown Studios™
"Cooking Dash™" = Cooking Dash™
"Cradle of Persia" = Cradle of Persia
"Create A Mall" = Create A Mall
"Cute Knight Deluxe_is1" = Cute Knight Deluxe version 1.0
"Cute Knight Kingdom Demo_is1" = Cute Knight Kingdom Demo version 1.0
"Cute Knight_is1" = Cute Knight version 1.21
"DangerousHSGirls_is1" = DangerousHSGirls 1.0.14.0
"Defender of the Crown: Heroes Live Forever" = Defender of the Crown: Heroes Live Forever
"DefendersQuest" = Defender's Quest
"Delicious: Emily's Taste of Fame" = Delicious: Emily's Taste of Fame
"Detective Stories: Hollywood" = Detective Stories: Hollywood
"D-Fend Reloaded" = D-Fend Reloaded 0.3.2 (deinstall)
"Diner Dash® 5: BOOM!" = Diner Dash® 5: BOOM!
"DinerTown Tycoon™" = DinerTown Tycoon™
"DivX Setup" = DivX Setup
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"Dr. Lynch: Grave Secrets" = Dr. Lynch: Grave Secrets
"Dream Chronicles®: The Book of Air™" = Dream Chronicles®: The Book of Air™
"Dream Sleuth" = Dream Sleuth
"Elementals: The Magic Key™" = Elementals: The Magic Key™
"Emerald City Confidential™" = Emerald City Confidential™
"Empire Builder: Ancient Egypt" = Empire Builder: Ancient Egypt
"Enchanted Katya" = Enchanted Katya
"Enlightenus" = Enlightenus
"Enlightenus II: The Timeless Tower" = Enlightenus II: The Timeless Tower
"Escape from Lost Island" = Escape from Lost Island
"Escape the Museum" = Escape the Museum
"ExtractNow_is1" = ExtractNow
"Eye for Design™" = Eye for Design™
"Fabulous Finds" = Fabulous Finds
"Fairway Solitaire" = Fairway Solitaire
"Family Mystery: The Story of Amy" = Family Mystery: The Story of Amy
"Fantastic Farm" = Fantastic Farm
"Farm Craft" = Farm Craft
"Farm Frenzy 2" = Farm Frenzy 2
"Farm Frenzy 3: American Pie" = Farm Frenzy 3: American Pie
"Farm Frenzy 3: Ice Age" = Farm Frenzy 3: Ice Age
"Farm Frenzy: Ancient Rome" = Farm Frenzy: Ancient Rome
"Farm Frenzy: Viking Heroes" = Farm Frenzy: Viking Heroes
"Farmers Market" = Farmers Market
"Fashion Forward" = Fashion Forward
"Fashion Solitaire" = Fashion Solitaire
"Fiction Fixers - Adventures in Wonderland Premium Edition" = Fiction Fixers - Adventures in Wonderland Premium Edition
"'Fiona Finch and the Finest Flowers'_is1" = 'Fiona Finch EN BETA 2009.12.16'
"Flower Paradise" = Flower Paradise
"Forgotten Lands: First Colony™" = Forgotten Lands: First Colony™
"Free Realms Installer" = Free Realms Installer
"Garden Defense™" = Garden Defense™
"Garden Dreams" = Garden Dreams
"Gardenscapes™" = Gardenscapes™
"Gargoyle" = Gargoyle
"Gotcha: Celebrity Secrets™" = Gotcha: Celebrity Secrets™
"GourMania" = GourMania
"Green Moon" = Green Moon
"Hamlet, or the last game without MMORPG features, shaders, and product placement" = Hamlet, or the last game without MMORPG features, shaders, and product placement
"Heart's Medicine - Season One" = Heart's Medicine - Season One
"Heartwild™ Solitaire" = Heartwild™ Solitaire
"Hodgepodge Hollow: A Potions Primer" = Hodgepodge Hollow: A Potions Primer
"Hollywood Tycoon" = Hollywood Tycoon
"Home Sweet Home" = Home Sweet Home
"Home Sweet Home_is1" = Home Sweet Home 1.0
"Hospital" = Theme Hospital
"Hostile Makeover" = Hostile Makeover
"Hotel Dash™: Suite Success™" = Hotel Dash™: Suite Success™
"Hotel Mogul" = Hotel Mogul
"iCarly: iDream in Toons" = iCarly: iDream in Toons
"Ice Cream Craze: Tycoon Takeover" = Ice Cream Craze: Tycoon Takeover
"ie8" = Windows Internet Explorer 8
"Impulse" = Impulse
"Insider Tales: The Stolen Venus" = Insider Tales: The Stolen Venus
"InstallShield_{2F151B50-B434-4838-B51D-70442EBA093E}" = OpenMG Secure Module 4.1.00
"Iron Roses™" = Iron Roses™
"Isla Dorada - Episode 1: The Sands of Ephranis" = Isla Dorada - Episode 1: The Sands of Ephranis
"Island Tribe" = Island Tribe
"iWinArcade" = iWin Games (remove only)
"Jack of all Tribes" = Jack of All Tribes
"Jessica's Cupcake Cafe" = Jessica's Cupcake Cafe
"Jojo's Fashion Show 2: Las Cruces" = Jojo's Fashion Show 2: Las Cruces
"Jojo's Fashion Show World Tour" = Jojo's Fashion Show World Tour
"Jojo's Fashion Show™" = Jojo's Fashion Show™
"KittenSanctuary_is1" = KittenSanctuary 1.01.0
"Kudos 2 Patcher 1.02-1.03_is1" = Kudos 2 Patcher 1.02-1.03
"Kudos 2_is1" = Kudos 2
"Kuros" = Kuros (remove only)
"Kuros™" = Kuros™
"LandGrabbers" = LandGrabbers
"Launch of the Screaming Narwhal" = Tales of Monkey Island - Launch of the Screaming Narwhal
"Laura Jones and the Legacy of Nikola Tesla" = Laura Jones and the Legacy of Nikola Tesla
"Lavender's Botanicals" = Lavender's Botanicals
"Leeloo's Talent Agency" = Leeloo's Talent Agency
"Little Folk of Faery" = Little Folk of Faery
"Long Live The Queen_is1" = Long Live The Queen Full Retail 1.0.3
"Lucy's Expedition" = Lucy's Expedition
"LUNA_US_090414" = LUNA Online v1.0.0
"Machinarium" = Machinarium
"Magic Farm Ultimate Flower Free Trial_is1" = Magic Farm Ultimate Flower Free Trial
"Magical Diary - Horse Hall - Demo_is1" = Magical Diary Demo 1.05
"Mall-A-Palooza™" = Mall-A-Palooza™
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mandragora" = Mandragora
"Masters of Mystery: Crime of Fashion" = Masters of Mystery: Crime of Fashion
"Mean Girls: High School Showdown" = Mean Girls: High School Showdown
"Megaplex Madness: Now Playing™" = Megaplex Madness: Now Playing™
"Megaplex Madness: Summer Blockbuster" = Megaplex Madness: Summer Blockbuster
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 14.0.1 (x86 en-GB)" = Mozilla Firefox 14.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mr. Jones' Graveyard Shift" = Mr. Jones' Graveyard Shift
"MUSHclient" = MUSHclient (remove only)
"My Kingdom for the Princess" = My Kingdom for the Princess
"My Life Story" = My Life Story
"My Tribe" = My Tribe
"Mystery Stories: Berlin Nights" = Mystery Stories: Berlin Nights
"Mystic Emporium" = Mystic Emporium
"Nancy Drew®: Treasure in a Royal Tower" = Nancy Drew®: Treasure in a Royal Tower
"Natalie Brooks: The Treasures of the Lost Kingdom" = Natalie Brooks: The Treasures of the Lost Kingdom
"Oasis™" = Oasis™
"Oceanis" = Oceanis
"OpenAL" = OpenAL
"OpenMG HotFix4.1-05-13-31-01" = OpenMG Limited Patch 4.1-05-13-31-01
"OpenRPG" = OpenRPG (Remove Only)
"Orchard" = Orchard
"Pahelika: Secret Legends" = Pahelika: Secret Legends
"Paradise Beach" = Paradise Beach
"Party Down©" = Party Down©
"Party Planner" = Party Planner
"Passport to Perfume™" = Passport to Perfume™
"Path to Success" = Path to Success
"Peggle™ Nights" = Peggle™ Nights
"Phantasmat" = Phantasmat 0.9
"Phantasmat - Collector's Edition" = Phantasmat - Collector's Edition
"PictoWords" = PictoWords
"Plantasia™" = Plantasia™
"Plants vs. Zombies™" = Plants vs. Zombies™
"Posh Boutique 2" = Posh Boutique 2
"Princess Isabella: A Witch's Curse" = Princess Isabella: A Witch's Curse
"Product_Name" = Geneforge
"Puppy Sanctuary" = Puppy Sanctuary
"Puzzle Hero_is1" = Puzzle Hero 1.1.1
"Puzzle Quest: Challenge of the Warlords" = Puzzle Quest: Challenge of the Warlords
"Real Lives 2007" = Real Lives 2007
"RealArcade" = RealArcade
"Restaurant Empire" = Restaurant Empire
"Rocket Mania Deluxe®" = Rocket Mania Deluxe®
"Room Boom: Suburbia Demo" = Room Boom: Suburbia Demo 1.0
"Samantha Swift and the Golden Touch" = Samantha Swift and the Golden Touch
"Sara's Super Spa Deluxe" = Sara's Super Spa Deluxe
"Satisfashion™" = Satisfashion™
"Science Girls! Demo Version_is1" = Science Girls Demo 1.0
"SCRABBLE™ PLUS" = SCRABBLE™ PLUS
"SecondLife" = SecondLife (remove only)
"Settlement: Colossus" = Settlement: Colossus
"Shaman Odyssey: Tropic Adventure" = Shaman Odyssey: Tropic Adventure
"Shop it Up!" = Shop it Up!
"SimpleMU MUD Client" = SimpleMU MUD Client
"Soap Opera Dash" = Soap Opera Dash
"Sphera Focus Test" = Sphera Focus Test (remove only)
"Sprouts Adventure_is1" = Sprouts Adventure
"ST6UNST #1" = RPG World Online Client
"ST6UNST #2" = A2A
"Steam App 70400" = Recettear: An Item Shop's Tale
"Steam App 80360" = Blackwell Deception
"Super Collapse!™ Puzzle Gallery 5" = Super Collapse!™ Puzzle Gallery 5
"Super Ranch" = Super Ranch
"Supple" = Supple (remove only)
"Supple: Episode 2" = Supple: Episode 2
"Syberia" = Syberia
"SystemRequirementsLab" = System Requirements Lab
"TextTwist® 2" = TextTwist® 2
"The Clockwork Man" = The Clockwork Man
"The Island: Castaway 2" = The Island: Castaway 2
"The Last Airbender" = The Last Airbender
"The Legend of Crystal Valley™" = The Legend of Crystal Valley™
"The Lost Cases of Sherlock Holmes 2" = The Lost Cases of Sherlock Holmes 2
"The Palace Builder™" = The Palace Builder™
"The Three Musketeers Game" = The Three Musketeers Game
"The Village Mage: Spellbinder" = The Village Mage: Spellbinder
"The Wizard's Pen™" = The Wizard's Pen™
"Top Chef" = Top Chef
"Totem Tribe" = Totem Tribe
"Tourist Trap" = Tourist Trap
"Tradewinds 2™" = Tradewinds 2™
"Tradewinds Odyssey" = Tradewinds Odyssey (remove only)
"Tradewinds Odyssey™" = Tradewinds Odyssey™
"Tradewinds™ Caravans" = Tradewinds™ Caravans
"Tradewinds™ Legends" = Tradewinds™ Legends
"Trapped: The Abduction" = Trapped: The Abduction
"Trillian" = Trillian
"UnityWebPlayer" = Unity Web Player
"Virtual Farm 2" = Virtual Farm 2
"Virtual Villagers - New Believers" = Virtual Villagers - New Believers 1.0
"Virtual Villagers - The Secret City" = Virtual Villagers - The Secret City 1.0
"Virtual Villagers 4: The Tree of Life" = Virtual Villagers 4: The Tree of Life
"Wandering Willows" = Wandering Willows
"Wendy's Wellness" = Wendy's Wellness
"Westward II Heroes of the Frontier" = Westward II Heroes of the Frontier (remove only)
"Westward® III: Gold Rush" = Westward® III: Gold Rush
"Westward® Kingdoms" = Westward® Kingdoms
"Whisper of a Rose 1.06" = Whisper of a Rose 1.06
"WhoCrashed_is1" = WhoCrashed 3.06
"Wild Tribe" = Wild Tribe
"WinAce Archiver" = WinAce Archiver
"Windows XP Service Pack" = Windows XP Service Pack 3
"Winemaker Extraordinaire" = Winemaker Extraordinaire
"Women's Murder Club: Little Black Lies" = Women's Murder Club: Little Black Lies
"Women's Murder Club: Twice in a Blue Moon" = Women's Murder Club: Twice in a Blue Moon
"World of Goo" = World of Goo
"World of Warcraft" = World of Warcraft
"wxPython2.8-unicode-py25_is1" = wxPython 2.8.1.1 (unicode) for Python 2.5
"X10Hardware" = X10 Hardware™
"xu4_is1" = xu4 CVS
"Yahoo! Companion" = Yahoo! Toolbar
"Ye Olde Sandwich Shoppe" = Ye Olde Sandwich Shoppe
"Youda Camper" = Youda Camper
"Youda Legend: The Curse of the Amsterdam Diamond" = Youda Legend: The Curse of the Amsterdam Diamond
"Yummy Drink Factory" = Yummy Drink Factory
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
"Zuma’s Revenge!™ - Adventure" = Zuma’s Revenge!™ - Adventure
"Zuma® Deluxe" = Zuma® Deluxe

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Heileen" = Heileen
"Heileen DEMO" = Heileen DEMO
"Puzzle Pirates" = Puzzle Pirates
"Spirited Heart Demo" = Spirited Heart Demo
"Spirited Heart Full" = Spirited Heart Full
"UnityWebPlayer" = Unity Web Player
"Wurm Online 2.4.3" = Wurm Online 2.4.3

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 04/07/2012 08:45:38 | Computer Name = SN641054970330 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 04/07/2012 08:46:08 | Computer Name = SN641054970330 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 04/07/2012 08:46:08 | Computer Name = SN641054970330 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 04/07/2012 08:46:09 | Computer Name = SN641054970330 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 04/07/2012 08:46:09 | Computer Name = SN641054970330 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 04/07/2012 08:46:09 | Computer Name = SN641054970330 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 04/07/2012 08:46:09 | Computer Name = SN641054970330 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 04/07/2012 08:46:09 | Computer Name = SN641054970330 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 04/07/2012 08:46:09 | Computer Name = SN641054970330 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 04/07/2012 10:34:28 | Computer Name = SN641054970330 | Source = Application Error | ID = 1000
Description = Faulting application refdataprovider.exe, version 0.0.0.0, faulting
module refdataprovider.exe, version 0.0.0.0, fault address 0x0000972b.

[ Application Events ]
Error - 04/07/2012 08:45:38 | Computer Name = SN641054970330 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 04/07/2012 08:46:08 | Computer Name = SN641054970330 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 04/07/2012 08:46:08 | Computer Name = SN641054970330 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 04/07/2012 08:46:09 | Computer Name = SN641054970330 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 04/07/2012 08:46:09 | Computer Name = SN641054970330 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 04/07/2012 08:46:09 | Computer Name = SN641054970330 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 04/07/2012 08:46:09 | Computer Name = SN641054970330 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 04/07/2012 08:46:09 | Computer Name = SN641054970330 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 04/07/2012 08:46:09 | Computer Name = SN641054970330 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 04/07/2012 10:34:28 | Computer Name = SN641054970330 | Source = Application Error | ID = 1000
Description = Faulting application refdataprovider.exe, version 0.0.0.0, faulting
module refdataprovider.exe, version 0.0.0.0, fault address 0x0000972b.

[ System Events ]
Error - 18/07/2012 04:31:34 | Computer Name = SN641054970330 | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 00000000, parameter2 00000002, parameter3
00000000, parameter4 00000000.

Error - 18/07/2012 04:31:53 | Computer Name = SN641054970330 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 18/07/2012 04:31:53 | Computer Name = SN641054970330 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 19/07/2012 14:01:30 | Computer Name = SN641054970330 | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%2

Error - 19/07/2012 14:02:55 | Computer Name = SN641054970330 | Source = Service Control Manager | ID = 7022
Description = The AVGIDSAgent service hung on starting.

Error - 20/07/2012 03:58:35 | Computer Name = SN641054970330 | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%2

Error - 20/07/2012 04:00:21 | Computer Name = SN641054970330 | Source = Service Control Manager | ID = 7022
Description = The AVGIDSAgent service hung on starting.

Error - 20/07/2012 04:19:26 | Computer Name = SN641054970330 | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%2147942405

Error - 20/07/2012 04:29:33 | Computer Name = SN641054970330 | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%2

Error - 20/07/2012 05:20:27 | Computer Name = SN641054970330 | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%2


< End of report >
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You have the latest Java Java™ 7 Update 5 but you also have a bunch of old versions that need to be removed:
These are vulnerable to infection and each wastes about 100 MB. Go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 26
J2SE Runtime Environment 5.0 Update 2
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7

Also uninstall:

ZoneAlarm Spy Blocker Toolbar (Foistware from ZA. Not needed)
Yahoo! Toolbar (Foistware)



Combofix says you are missing a proquota.exe - I will upload it from my XP in a separate post. There is also a problem with MD5 calculations. Both Combofix and TDSSKiller had problems with MD5. AswMBR flagged a couple of files as suspicious. One is from ZA so we can ignore it but the other two don't usually come up so may be a problem. See if you can submit the following files to http://www.virustotal.com:

C:\WINDOWS\System32\drivers\dxgthk.sys
C:\WINDOWS\system32\ntdll.dll

These are hidden system files so you may need to:

Double-click on the My Computer icon.
Select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and exit My Computer.
Now your computer is configured to show all hidden files.

We can also let OTL look at them:

Copy the text in the code box:

/md5start
dxgthk.sys
ntdll.dll
/md5stop

Run OTL

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

then Run Scan.

You should get 1 log. Please copy and paste to a reply.

Let's also look at what services are running:

Start, run, cmd, OK (or Start, All Programs, Accessories, Command Prompt) then type (with an Enter after each line):

net  start  >  \junk.txt

notepad  \junk.txt

Copy the text from notepad and paste it into a reply.

Close the command window.

It appears nprotect was not an installed program but something used on some game so we can remove its broken driver:



Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************



Driver::
npggsvc



******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.


Your anti-virus is not working and is out of date but we will save that until next post.
  • 0

Advertisements


#11
HDL

HDL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Thank you for all of your help so far. I hadn't realised my computer was such an awful mess. I'm so relieved all the problems are being caused by malware and not the hardware though.

Should I remove JavaFX 2.1.1 as well?

It seems like I'm always having to remove toolbars programmes want to install on my machine. I've got those uninstalled now.

What do you want me to do once I've uploaded those files to http://www.virustotal.com? I did upload them but I wasn't sure what I was meant to do with that after.



----

OTL logfile created on: 20/07/2012 17:31:16 - Run 5
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

959.36 Mb Total Physical Memory | 355.89 Mb Available Physical Memory | 37.10% Memory free
2.26 Gb Paging File | 1.54 Gb Available in Paging File | 67.99% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 52.92 Gb Free Space | 22.73% Space Free | Partition Type: NTFS

Computer Name: SN641054970330 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Documents and Settings\Owner\Local Settings\Temp\Uninstall.exe (Check Point Software Technologies)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
PRC - C:\Program Files\CheckPoint\ZAForceField\Clean_tool.exe (ZoneAlarm)
PRC - C:\Program Files\NetMeter\NetMeter.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mabinogi\npkcmsvc.exe (INCA Internet Co., Ltd.)
PRC - C:\Program Files\MUSHclient\MUSHclient.exe (Gammon Software Solutions)
PRC - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe ()
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe (THOMSON Telecom Belgium)
PRC - C:\APPS\ABOARD\ABOARD.EXE (NEC Computers International)
PRC - C:\APPS\ABOARD\AOSD.EXE (NEC Computers International)
PRC - C:\Program Files\Common Files\X10\Common\X10nets.exe (X10)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e78bf355\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_88c05fce\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_64bfb806\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_a7ec5158\system.windows.forms.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_82ed7507\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll ()
MOD - C:\Program Files\Trillian\libpng13.dll ()
MOD - C:\Program Files\Trillian\libungif.dll ()
MOD - C:\Program Files\Trillian\zlib1.dll ()
MOD - c:\Program Files\Trillian\languages\en\aim.dll ()
MOD - c:\Program Files\Trillian\languages\en\yahoo.dll ()
MOD - c:\Program Files\Trillian\languages\en\trillian.dll ()
MOD - c:\Program Files\Trillian\languages\en\msn.dll ()
MOD - c:\Program Files\Trillian\languages\en\events.dll ()
MOD - c:\Program Files\Trillian\languages\en\buddy.dll ()
MOD - c:\Program Files\Trillian\languages\en\talk.dll ()
MOD - c:\Program Files\Trillian\languages\en\proxy.dll ()
MOD - c:\Program Files\Trillian\languages\en\toolkit.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\NetMeter\NetMeter.exe ()
MOD - c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\MUSHclient\locale\en.dll ()
MOD - C:\Program Files\MUSHclient\lua5.1.dll ()
MOD - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe ()
MOD - C:\WINDOWS\system32\sbe.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (vsmon) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (npggsvc) -- C:\WINDOWS\system32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (npkcmsvc) -- C:\Program Files\Mabinogi\npkcmsvc.exe (INCA Internet Co., Ltd.)
SRV - (USBDeviceService) -- C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe ()
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (x10nets) -- C:\Program Files\Common Files\X10\Common\X10nets.exe (X10)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (npkcrypt) -- C:\Program Files\Mabinogi\npkcrypt.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (aswMBR) -- C:\DOCUME~1\Owner\LOCALS~1\Temp\aswMBR.sys File not found
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (X10Hid) -- C:\WINDOWS\system32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\system32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\system32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\system32\drivers\sfhlp02.sys (Protection Technology)
DRV - (ATWPKT2) -- C:\Program Files\Common Files\AOL\ACS\ATWPkt2.sys (America Online)
DRV - (RTL8023) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys (Realtek Semiconductor Corporation )
DRV - (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\WINDOWS\system32\drivers\alcan5wn.sys (THOMSON)
DRV - (alcaudsl) -- C:\WINDOWS\system32\drivers\alcaudsl.sys (THOMSON)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2645238
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2504091
IE - HKCU\..\SearchScopes\{E08A9998-D98F-476f-8F5C-37C80FE0A4DA}: "URL" = http://start.iplay.c...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@otee.dk/UnityWebPlayer: C:\Program Files\OverTheEdge\Unity\WebPlayer\loader\npUnityWeb32.dll (OverTheEdge I/S)
FF - HKLM\Software\MozillaPlugins\@real.com/npmozax: C:\Program Files\Mozilla Firefox\plugins\ [2012/07/04 14:20:36 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1069: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\Documents and Settings\All Users\Application Data\RealArcade\npraclient.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\PROGRA~1\SONYON~1\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/20 10:02:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/23 16:46:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/19 19:07:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/04 14:20:36 | 000,000,000 | ---D | M]

[2009/01/10 21:13:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2012/07/20 17:17:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nj9eh881.default\extensions
[2011/08/18 16:24:50 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nj9eh881.default\searchplugins\conduit.xml
[2012/07/20 17:20:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/20 17:20:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\䍻䙁䕅䅆ⵃ〰㜱〭〰ⴰ〰㔰䄭䍂䕄䙆䑅䉃絁
[2012/07/17 05:12:17 | 000,525,445 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NJ9EH881.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/06/21 07:26:56 | 000,109,964 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NJ9EH881.DEFAULT\EXTENSIONS\[email protected]
[2012/02/23 16:46:56 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/07/19 19:07:23 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2005/12/05 23:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2009/03/30 17:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npraclient.dll
[2005/04/27 21:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npracplug.dll
[2012/04/25 22:02:52 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/02 09:06:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/25 22:02:52 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/04/25 22:02:52 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/04/25 22:02:55 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/04/25 22:02:52 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - homepage: about:blank
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: about:blank
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealArcade NPAPI Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npraclient.dll
CHR - plugin: RealArcade Mozilla Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Free Realms Installer (Enabled) = C:\PROGRA~1\SONYON~1\npsoe.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Unity Web Player (Enabled) = C:\Program Files\OverTheEdge\Unity\WebPlayer\loader\npUnityWeb32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SRDotDX - FPX = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\effedicllnelcnimmpjhgmgfjjegimdh\0.0.9_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/20 08:58:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files\ZoneAlarm_Security\prxtbZon0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ACTIVBOARD] c:\APPS\ABOARD\ABOARD.EXE (NEC Computers International)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre7\bin\jusched.exe File not found
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [NetMeter] C:\Program Files\NetMeter\NetMeter.exe ()
O4 - HKLM..\RunOnce: [iWinArcadeIECleanup] C:\Documents and Settings\Owner\Local Settings\Temp\iWinArcadeAutocleanup.bat ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file://C:\Program Files\Wizard's Pen\Images\stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://www.pcpitstop...cpConnCheck.cab (iCC Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.systemreq...sreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...C_2.3.9.113.cab (CDownloadCtrl Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1323113197203 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.co...ploader_v10.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F7BA24A-AC9B-4F10-B2AA-7824C6FBF0B4}: NameServer = 212.139.132.10 212.139.132.11
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/20 12:48:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/07/20 11:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/20 11:47:06 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/20 11:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/20 10:30:18 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2012/07/20 09:40:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/07/20 09:26:48 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/07/20 09:24:51 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2012/07/20 06:37:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/07/20 06:37:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/07/20 06:37:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/07/20 06:37:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/07/20 06:36:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/20 06:36:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/07/20 06:34:58 | 004,582,475 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2012/07/19 18:45:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/19 01:09:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\virus
[2012/07/19 01:03:23 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/07/18 16:53:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WhoCrashed
[2012/07/18 16:53:26 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2012/07/04 15:07:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\eSupport.com
[2012/07/04 14:22:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Sun
[2012/07/04 14:20:58 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/07/04 14:20:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Oracle
[2012/07/04 14:20:36 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/07/04 14:20:36 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/07/04 14:19:49 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/07/04 14:19:48 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2009/09/29 20:00:00 | 000,057,369 | ---- | C] (Chris Jones) -- C:\Program Files\winsetup.exe
[2009/09/29 19:59:58 | 008,421,321 | ---- | C] (Chris Jones) -- C:\Program Files\Awakener.exe
[2007/12/05 03:58:36 | 001,071,886 | ---- | C] (Blizzard Entertainment) -- C:\Program Files\WoW-2.0.0-enUS-Installer-downloader.exe
[2007/08/05 21:13:23 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/20 17:18:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/20 17:07:01 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1936352823-199163826-2050354253-1006UA.job
[2012/07/20 11:47:11 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/20 11:39:14 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2012/07/20 10:30:47 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2012/07/20 10:21:56 | 000,001,625 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Trillian.lnk
[2012/07/20 10:20:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/20 10:20:05 | 1006,030,848 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/20 09:25:19 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2012/07/20 08:58:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/07/20 06:35:26 | 004,582,475 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2012/07/20 05:07:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1936352823-199163826-2050354253-1006Core.job
[2012/07/19 01:03:24 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/07/18 16:53:29 | 000,000,709 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\WhoCrashed.lnk
[2012/07/17 03:18:54 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/07/17 03:18:54 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/07/11 23:20:32 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/07/04 14:17:43 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/07/04 14:17:43 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/07/04 14:17:43 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/07/04 14:17:43 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/07/03 20:21:14 | 063,816,521 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/20 11:47:11 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/20 11:39:14 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2012/07/20 06:37:35 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/07/20 06:37:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/07/20 06:37:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/07/20 06:37:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/07/20 06:37:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/07/18 16:53:29 | 000,000,709 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\WhoCrashed.lnk
[2012/07/17 02:18:00 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/10 02:42:25 | 1006,030,848 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/14 14:36:28 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/09/29 20:00:02 | 000,000,265 | ---- | C] () -- C:\Program Files\acsetup.cfg
[2009/09/29 19:40:20 | 004,065,964 | ---- | C] () -- C:\Program Files\music.vox
[2009/02/16 13:14:10 | 000,012,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\slot1.mm1
[2008/05/06 20:43:18 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/23 17:39:47 | 000,000,665 | ---- | C] () -- C:\Documents and Settings\Owner\Rollerdex.cfg
[2008/03/31 04:58:18 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2007/09/16 00:50:43 | 000,000,032 | R--- | C] () -- C:\Documents and Settings\All Users\hash.dat
[2007/09/08 08:48:51 | 000,002,292 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2007/07/28 11:49:56 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2002/07/01 15:13:30 | 000,000,243 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\system16driver.dat
[2002/07/01 15:13:30 | 000,000,228 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\phax.dat
[2002/07/01 15:13:30 | 000,000,224 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\menustart32.dat
[2002/07/01 15:13:30 | 000,000,224 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\login_setup.dat

========== Custom Scans ==========

< MD5 for: DXGTHK.SYS >
[2004/08/10 14:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) MD5=A73F5D6705B1D820C19B18782E176EFD -- C:\WINDOWS\system32\drivers\dxgthk.sys

< MD5 for: NTDLL.DLL >
[2010/12/09 16:15:41 | 000,718,336 | ---- | M] (Microsoft Corporation) MD5=15CE4DBC22FAB90B3CA5352AF1FFF81C -- C:\WINDOWS\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
[2008/04/14 01:11:24 | 000,706,048 | ---- | M] (Microsoft Corporation) MD5=27D9ED8CB8B62D1E0A8E5ACE6CF52E2F -- C:\WINDOWS\$NtUninstallKB956572$\ntdll.dll
[2008/04/14 01:11:24 | 000,706,048 | ---- | M] (Microsoft Corporation) MD5=27D9ED8CB8B62D1E0A8E5ACE6CF52E2F -- C:\WINDOWS\ServicePackFiles\i386\ntdll.dll
[2009/02/09 13:10:48 | 000,714,752 | ---- | M] (Microsoft Corporation) MD5=911DDF2E16761643A47225F654D811E5 -- C:\WINDOWS\$NtUninstallKB2393802$\ntdll.dll
[2009/02/09 11:56:35 | 000,715,264 | ---- | M] (Microsoft Corporation) MD5=B0913005EE3FC15D7F72472D0B8A30EB -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntdll.dll
[2004/08/10 14:00:00 | 000,708,096 | ---- | M] (Microsoft Corporation) MD5=BB5CBFFC096497506167BCE1D9690EF2 -- C:\cmdcons\system32\ntdll.dll
[2004/08/10 14:00:00 | 000,708,096 | ---- | M] (Microsoft Corporation) MD5=BB5CBFFC096497506167BCE1D9690EF2 -- C:\WINDOWS\$NtServicePackUninstall$\ntdll.dll
[2004/08/10 14:00:00 | 000,708,096 | ---- | M] (Microsoft Corporation) MD5=BB5CBFFC096497506167BCE1D9690EF2 -- C:\WINDOWS\I386\NTDLL.DLL
[2004/08/10 14:00:00 | 000,708,096 | ---- | M] (Microsoft Corporation) MD5=BB5CBFFC096497506167BCE1D9690EF2 -- C:\WINDOWS\I386\SYSTEM32\NTDLL.DLL
[2010/12/09 16:15:09 | 000,718,336 | ---- | M] (Microsoft Corporation) MD5=F8F0D25CA553E39DDE485D8FC7FCCE89 -- C:\WINDOWS\system32\dllcache\ntdll.dll
[2010/12/09 16:15:09 | 000,718,336 | ---- | M] (Microsoft Corporation) MD5=F8F0D25CA553E39DDE485D8FC7FCCE89 -- C:\WINDOWS\system32\ntdll.dll

========== Files - Unicode (All) ==========
[2008/05/04 12:41:22 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\????) -- C:\Documents and Settings\Owner\My Documents\마비노기
[2008/05/04 12:41:22 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\????) -- C:\Documents and Settings\Owner\My Documents\마비노기

< End of report >

---

These Windows services are started:

AOL Connectivity Service
Apple Mobile Device
Application Layer Gateway Service
Application Management
Ati HotKey Poller
Automatic Updates
AVG WatchDog
AVGIDSAgent
Background Intelligent Transfer Service
Bonjour Service
COM+ Event System
COM+ System Application
Computer Browser
CryptSvc
DCOM Server Process Launcher
DHCP Client
Distributed Link Tracking Client
DNS Client
Error Reporting Service
Event Log
Fast User Switching Compatibility
Help and Support
HID Input Service
IPSEC Services
Java Quick Starter
Logical Disk Manager
Machine Debug Manager
Media Center Receiver Service
Media Center Scheduler Service
Network Connections
Network Location Awareness (NLA)
npkcmsvc
Plug and Play
Print Spooler
Protected Storage
Remote Access Connection Manager
Remote Procedure Call (RPC)
Remote Registry
Secondary Logon
Security Accounts Manager
Security Center
Server
Shell Hardware Detection
SSDP Discovery Service
System Event Notification
System Restore Service
Task Scheduler
TCP/IP NetBIOS Helper
Telephony
Terminal Services
Themes
TrueVector Internet Monitor
Ulead Burning Helper
USBDeviceService
WebClient
Windows Audio
Windows Firewall/Internet Connection Sharing (ICS)
Windows Management Instrumentation
Windows Time
Wireless Zero Configuration
Workstation
X10 Device Network Service

The command completed successfully.
  • 0

#12
HDL

HDL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
ComboFix 12-07-19.02 - Owner 20/07/2012 18:14:23.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.959.523 [GMT 1:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\cfscript.txt
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\proquota.exe . . . is missing!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_npggsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-06-20 to 2012-07-20 )))))))))))))))))))))))))))))))
.
.
2012-07-20 11:48 . 2012-07-20 11:48 -------- d-----w- c:\windows\LastGood.Tmp
2012-07-20 10:47 . 2012-07-20 10:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-20 10:47 . 2012-07-03 12:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-20 08:26 . 2012-07-20 08:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-19 17:45 . 2012-07-19 17:45 -------- d-----w- C:\_OTL
2012-07-18 15:53 . 2012-07-18 16:16 -------- d-----w- c:\program files\WhoCrashed
2012-07-04 14:07 . 2012-07-04 15:20 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\eSupport.com
2012-07-04 13:22 . 2012-07-04 13:22 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Sun
2012-07-04 13:20 . 2012-07-04 13:20 -------- d-----w- c:\program files\Oracle
2012-07-04 13:20 . 2012-07-04 13:20 -------- d-----w- c:\documents and settings\Owner\Application Data\Oracle
2012-07-04 13:20 . 2012-05-04 18:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-17 02:18 . 2012-04-01 14:29 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-17 02:18 . 2011-05-18 07:02 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-04 13:17 . 2007-08-06 21:50 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-02 14:19 . 2007-04-16 21:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 14:19 . 2007-04-16 21:46 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 14:19 . 2004-09-10 14:34 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 14:19 . 2004-09-10 14:34 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 14:19 . 2004-09-10 14:34 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 14:19 . 2007-04-16 21:46 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 14:19 . 2007-04-16 21:45 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 14:19 . 2004-09-10 14:34 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 14:19 . 2004-09-10 14:34 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 14:19 . 2004-09-10 13:56 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 14:19 . 2007-04-16 21:45 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 14:19 . 2004-09-10 14:34 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 14:19 . 2004-09-10 14:34 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-04 18:29 . 2010-07-10 21:31 687504 ----a-w- c:\windows\system32\deployJava1.dll
2009-09-29 19:00 . 2009-09-29 19:00 57369 ----a-w- c:\program files\winsetup.exe
2009-09-29 18:59 . 2009-09-29 18:59 8421321 ----a-w- c:\program files\Awakener.exe
2007-12-05 17:27 . 2007-12-05 02:58 1071886 ----a-w- c:\program files\WoW-2.0.0-enUS-Installer-downloader.exe
2007-08-05 20:13 . 2007-08-05 20:13 774144 ----a-w- c:\program files\RngInterstitial.dll
2012-07-19 18:07 . 2011-05-06 17:28 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-10 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
.
[-] 2004-08-10 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2004-08-10 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-03 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-10 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-10 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys
[-] 2004-08-10 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\I386\NTFS.SYS
.
[-] 2004-08-10 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2004-08-10 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
.
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\browser.dll
[-] 2004-08-10 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
.
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-10 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
.
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-10 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll
.
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2004-08-10 13:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-10 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
.
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2004-08-10 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\rpcss.dll
.
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-10 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-10 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe
.
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe
[-] 2004-08-10 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2004-08-10 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2004-08-10 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2004-08-10 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL
[-] 2004-08-10 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-10 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll
[-] 2004-08-10 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
.
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-10 13:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll
.
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-10 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
.
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2004-08-10 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB935839$\kernel32.dll
.
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2004-08-10 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll
.
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-10 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
.
[-] 2012-05-11 . 886B62A906B3967CBBF0FD2C833A30BF . 6007808 . . [8.00.6001.19258] . . c:\windows\SoftwareDistribution\Download\0908f26c2838967d66a8d2b24a21ddc6\SP3GDR\mshtml.dll
[-] 2012-05-11 . 55F148B94246A77FB4AC33346671CAC8 . 6009344 . . [8.00.6001.23345] . . c:\windows\SoftwareDistribution\Download\0908f26c2838967d66a8d2b24a21ddc6\SP3QFE\mshtml.dll
[-] 2011-02-22 . 3422847AA07E37076A87D0B7D5044DC6 . 5964800 . . [8.00.6001.23141] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\mshtml.dll
[-] 2011-02-22 . C2EF2335F1B6C2BE20A67D9098F6C9A1 . 5962240 . . [8.00.6001.19046] . . c:\windows\system32\mshtml.dll
[-] 2011-02-22 . C2EF2335F1B6C2BE20A67D9098F6C9A1 . 5962240 . . [8.00.6001.19046] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2010-12-20 . 1EDCEC5D649DBAC37ED9FFB5A14CEB0C . 5961216 . . [8.00.6001.19019] . . c:\windows\ie8updates\KB2497640-IE8\mshtml.dll
[-] 2010-12-20 . 2A2C070EC691CE410533A1DA7AA3CD86 . 5962240 . . [8.00.6001.23111] . . c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtml.dll
[-] 2010-11-06 . 864E69F32656A7121444BA0193D7B64B . 5960704 . . [8.00.6001.23091] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mshtml.dll
[-] 2010-11-06 . D7CCA87057901C87ED8CC40DDCC7FA1B . 5959168 . . [8.00.6001.18999] . . c:\windows\ie8updates\KB2482017-IE8\mshtml.dll
[-] 2010-09-10 . DE41132DA8E5A3CD57201C6F2175EC05 . 5957120 . . [8.00.6001.18975] . . c:\windows\ie8updates\KB2416400-IE8\mshtml.dll
[-] 2010-09-10 . 8A03CC037E6B7D1796192815231B0C3F . 5958656 . . [8.00.6001.23067] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\mshtml.dll
[-] 2010-06-24 . 94DC7E938C57F3C3D1BC4A0F68FC5830 . 5954560 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\mshtml.dll
[-] 2010-06-24 . 4D7EF94795384CD2BBAAB078B7929FEA . 5951488 . . [8.00.6001.18939] . . c:\windows\ie8updates\KB2360131-IE8\mshtml.dll
[-] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . c:\windows\ie8updates\KB2183461-IE8\mshtml.dll
[-] 2010-05-06 . 9BE28F749A7FE7F8F177C6AA2E9DA609 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[-] 2010-02-25 . 7054F6ADC9B670887659F1561603B0D0 . 5944832 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll
[-] 2010-02-25 . 974772C74DA7C7A8E7C813A9908A845F . 5946880 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
[-] 2009-12-21 . BE6EEBEF636773A8E7A82214E81C563A . 5942784 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\mshtml.dll
[-] 2009-12-21 . E6B64C6C729BBC38AB7CC92CE33F97A5 . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . C0F9AC6FAB2C788FFEE3E69585A0E93F . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . CBB1EF54B86EDB78649909DD1699E5CA . 5940736 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\mshtml.dll
[-] 2009-10-22 . CDA69BC1C23B0EA033B989F67CB722FF . 5939712 . . [8.00.6001.18852] . . c:\windows\ie8updates\KB976325-IE8\mshtml.dll
[-] 2009-10-22 . A6CF28C6E0B6D10098AB601D85EE55E8 . 5943296 . . [8.00.6001.22942] . . c:\windows\$hf_mig$\KB976749-IE8\SP3QFE\mshtml.dll
[-] 2009-08-29 . 0E49677EE57A928765FC47FFBACD5326 . 5940224 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976749-IE8\mshtml.dll
[-] 2009-08-29 . B68F6E6C66D17D9EDABF3D5DA71046DA . 5942272 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll
[-] 2009-07-19 . 5A32B43A48D6DCA339BF24105D9A028F . 5937152 . . [8.00.6001.18812] . . c:\windows\ie8updates\KB974455-IE8\mshtml.dll
[-] 2009-07-19 . F25D866DD486AD30E05E5596CB363C3E . 5938176 . . [8.00.6001.22902] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
[-] 2009-05-13 . EEAADAA744B20E68CF5EB4FBB4F8AFA9 . 5936128 . . [8.00.6001.18783] . . c:\windows\ie8updates\KB972260-IE8\mshtml.dll
[-] 2009-05-13 . 1290E417BF806185CC7B2845E78A104E . 5936128 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\mshtml.dll
[-] 2009-02-21 . 1BB754AB47B327DE8DBF2FA18C36357C . 3596800 . . [7.00.6000.21015] . . c:\windows\SoftwareDistribution\Download\baf4833efdfcb1ed85e5c9347d37106a\SP3QFE\mshtml.dll
[-] 2009-02-20 . C7C3E41CC2F6EB4A629FE2184136C098 . 3595264 . . [7.00.6000.16825] . . c:\windows\SoftwareDistribution\Download\baf4833efdfcb1ed85e5c9347d37106a\SP3GDR\mshtml.dll
[-] 2009-02-20 . 2F70F2F74C40397D031016FA162981C2 . 3068416 . . [6.00.2900.5764] . . c:\windows\ie8\mshtml.dll
[-] 2009-02-20 . 1618A4A2C5DD8164B8295190C8EA6544 . 3068416 . . [6.00.2900.5764] . . c:\windows\$hf_mig$\KB963027\SP3QFE\mshtml.dll
[-] 2008-12-12 . C8169B4320AC0CB8D1ED20454322E839 . 3060224 . . [6.00.2900.3492] . . c:\windows\$NtServicePackUninstall$\mshtml.dll
[-] 2008-12-12 . 6D1D493622EA050DBAABD0C4C1DFADB5 . 3067392 . . [6.00.2900.3492] . . c:\windows\$hf_mig$\KB960714\SP2QFE\mshtml.dll
[-] 2008-12-12 . B6DAA74E2ED36C71B502945589A683AE . 3067904 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3QFE\mshtml.dll
[-] 2008-12-12 . C828AA1C5469E72251F3D367005E589F . 3067904 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3GDR\mshtml.dll
[-] 2008-12-12 . C828AA1C5469E72251F3D367005E589F . 3067904 . . [6.00.2900.5726] . . c:\windows\$NtUninstallKB963027$\mshtml.dll
[-] 2008-10-16 . C99D8B48FC245D98E1A2BAB6594458C9 . 3067392 . . [6.00.2900.3462] . . c:\windows\$hf_mig$\KB958215\SP2QFE\mshtml.dll
[-] 2008-10-16 . CC5A2205D37AE67CE23AB7FD3E1FDACA . 3067904 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\mshtml.dll
[-] 2008-10-16 . B846C2DE341CF32B42AD297437233742 . 3067904 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3GDR\mshtml.dll
[-] 2008-10-16 . B846C2DE341CF32B42AD297437233742 . 3067904 . . [6.00.2900.5694] . . c:\windows\$NtUninstallKB960714$\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB958215$\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2007-05-04 . 00ADCB32832A10ED9419493BCEA97526 . 3064320 . . [6.00.2900.3132] . . c:\windows\$hf_mig$\KB933566\SP2QFE\mshtml.dll
[-] 2007-05-04 . 4D92717B5BBCE85F1254BAD23B0D357C . 3058688 . . [6.00.2900.3132] . . c:\windows\$NtUninstallKB960714_0$\mshtml.dll
[-] 2004-08-10 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB933566$\mshtml.dll
.
[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\dllcache\msvcrt.dll
[-] 2004-08-10 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-10 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL
[-] 2004-08-10 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2004-08-10 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
.
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-10 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll
.
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-10 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
.
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-10 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
.
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-10 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
.
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll
[-] 2004-08-10 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
.
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-10 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-08-10 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll
.
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2004-08-10 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll
.
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-10 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[-] 2012-05-16 . 6B1774334E2975AA60596E54F5EA1430 . 916992 . . [8.00.6001.19272] . . c:\windows\SoftwareDistribution\Download\0908f26c2838967d66a8d2b24a21ddc6\SP3GDR\wininet.dll
[-] 2012-05-16 . 553AD35768CD27959391DD5AA82CEF6F . 920064 . . [8.00.6001.23359] . . c:\windows\SoftwareDistribution\Download\0908f26c2838967d66a8d2b24a21ddc6\SP3QFE\wininet.dll
[-] 2011-02-22 . A9FA95F0D7F511959AC721E4843E5967 . 919552 . . [8.00.6001.23139] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\wininet.dll
[-] 2011-02-22 . F192D49EEFE297FA858B2C774BA2291D . 916480 . . [8.00.6001.19044] . . c:\windows\system32\wininet.dll
[-] 2011-02-22 . F192D49EEFE297FA858B2C774BA2291D . 916480 . . [8.00.6001.19044] . . c:\windows\system32\dllcache\wininet.dll
[-] 2010-12-20 . 88014D62B5E3CDB0AC67948D86C926C8 . 916480 . . [8.00.6001.19019] . . c:\windows\ie8updates\KB2497640-IE8\wininet.dll
[-] 2010-12-20 . 5504B4ECCE892EB82CD2C5FA71940AC1 . 919552 . . [8.00.6001.23111] . . c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\wininet.dll
[-] 2010-11-06 . 9357C4249F4810FB0E49C13387A8A77C . 919552 . . [8.00.6001.23084] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\wininet.dll
[-] 2010-11-06 . 306A2B05EA9846278113964DC6E2C940 . 916480 . . [8.00.6001.18992] . . c:\windows\ie8updates\KB2482017-IE8\wininet.dll
[-] 2010-09-10 . 36FE8ABC59AAFBE20CBE54BC372F9429 . 916480 . . [8.00.6001.18968] . . c:\windows\ie8updates\KB2416400-IE8\wininet.dll
[-] 2010-09-10 . 0555E190DCD06B8998E6DDCA42DAEB82 . 919552 . . [8.00.6001.23060] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\wininet.dll
[-] 2010-06-24 . 60237E50D575FBA9BEC9BC043F157149 . 919040 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll
[-] 2010-06-24 . D3DEB6B2B424AC93DE3801EAEB21A9A5 . 916480 . . [8.00.6001.18939] . . c:\windows\ie8updates\KB2360131-IE8\wininet.dll
[-] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2183461-IE8\wininet.dll
[-] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[-] 2010-02-25 . 7A42CFED96CDA7F2FB1A26D1F9F65775 . 916480 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll
[-] 2010-02-25 . 4458D59F2B0369F4D3B137541D284041 . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[-] 2009-12-21 . FF4241C74E0C0A5AFFFE05F584213ECB . 916480 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\wininet.dll
[-] 2009-12-21 . 5E1F666B8955FD77E65D65C4C4D882A3 . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . 6AF52998B90F72FF2325D84D90EDA1CC . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . 75240F6EDBCE7B85DF66874407D38A4F . 916480 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\wininet.dll
[-] 2009-08-29 . CF0A5FE05BF614C24950D8FAEC1BC309 . 916480 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll
[-] 2009-08-29 . 972B226BDAD71C55F3CC9A72BBF8F1C1 . 916480 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
[-] 2009-07-03 . 7E8A47A2E6561274B83E257CE74803FD . 915456 . . [8.00.6001.18806] . . c:\windows\ie8updates\KB974455-IE8\wininet.dll
[-] 2009-07-03 . 38114DAB42FB2EB84D1726C42B8D80C5 . 915456 . . [8.00.6001.22896] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[-] 2009-05-13 . 366C72AF6970DB7BB39AB0142BF09DB5 . 915456 . . [8.00.6001.18783] . . c:\windows\ie8updates\KB972260-IE8\wininet.dll
[-] 2009-05-13 . C0EB6850C8A02A154281749DC61FAF22 . 915456 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\wininet.dll
[-] 2009-03-03 . 28775945CCD53DEE280EF58DEA1A94C4 . 826368 . . [7.00.6000.16827] . . c:\windows\SoftwareDistribution\Download\baf4833efdfcb1ed85e5c9347d37106a\SP3GDR\wininet.dll
[-] 2009-03-03 . C8667854873938CA13C986F16B0CD183 . 828416 . . [7.00.6000.21020] . . c:\windows\SoftwareDistribution\Download\baf4833efdfcb1ed85e5c9347d37106a\SP3QFE\wininet.dll
[-] 2009-02-20 . 5B6A3EB7BB2F338BC2CB9F2FA4AAEA9E . 666112 . . [6.00.2900.5764] . . c:\windows\ie8\wininet.dll
[-] 2009-02-20 . 711FEABED387B29FF7ED61BC6806A06C . 667648 . . [6.00.2900.5764] . . c:\windows\$hf_mig$\KB963027\SP3QFE\wininet.dll
[-] 2008-10-16 . 6F1E4BFD78C4E0D05FF3725D59B72925 . 659456 . . [6.00.2900.3462] . . c:\windows\$NtServicePackUninstall$\wininet.dll
[-] 2008-10-16 . 93C9D0A216498EE14EB9B26119BB95EE . 667648 . . [6.00.2900.3462] . . c:\windows\$hf_mig$\KB958215\SP2QFE\wininet.dll
[-] 2008-10-16 . E8FCE58A470999350F64C591557F9E42 . 667136 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
[-] 2008-10-16 . 1576318BF08D28CC61D1278114AD8D5B . 666112 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll
[-] 2008-10-16 . 1576318BF08D28CC61D1278114AD8D5B . 666112 . . [6.00.2900.5694] . . c:\windows\$NtUninstallKB963027$\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB958215$\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2007-04-18 . 4261BA03AFD659DE04F0A17DFBDD454D . 665600 . . [6.00.2900.3121] . . c:\windows\$hf_mig$\KB933566\SP2QFE\wininet.dll
[-] 2007-04-18 . B7156CD97E739F3014BC4D61758F868A . 658944 . . [6.00.2900.3121] . . c:\windows\$NtUninstallKB958215_0$\wininet.dll
[-] 2004-08-10 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB933566$\wininet.dll
.
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-10 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
.
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2004-08-10 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2004-08-10 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2004-08-10 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
[-] 2004-08-10 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\I386\REGEDIT.EXE
.
[-] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\SoftwareDistribution\Download\1dfa26aa7c55425acf0fd8a07e6aaee7\sp3gdr\ole32.dll
[-] 2011-11-01 . 7D9DDE1AB4B00DDB173F5A16E9206517 . 1289216 . . [5.1.2600.6168] . . c:\windows\SoftwareDistribution\Download\1dfa26aa7c55425acf0fd8a07e6aaee7\sp3qfe\ole32.dll
[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\system32\ole32.dll
[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\system32\dllcache\ole32.dll
[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\ole32.dll
[-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
[-] 2005-04-28 . 7440D29F257B7E44329343F944F2142C . 1286144 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll
[-] 2005-04-28 . 5950E4F28FDA9D147576BF6798937397 . 1285120 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\ole32.dll
[-] 2004-08-10 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\ole32.dll
.
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[-] 2004-08-10 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
.
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2004-08-03 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
.
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-10 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 2004-08-10 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-10 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-10 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
.
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-10 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
.
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll
[-] 2004-08-10 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2004-08-10 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-10 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
.
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-10 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
.
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-10 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
.
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-10 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
.
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2004-08-10 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\appmgmts.dll
[-] 2004-08-10 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
.
[-] 2004-08-10 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\dllcache\acpiec.sys
[-] 2004-08-10 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2004-08-03 21:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtServicePackUninstall$\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
[-] 2004-08-03 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-10 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
.
[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2004-08-10 13:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-10 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
.
[-] 2004-08-10 13:00 . 6EAA72FD9EF993EC1FA9A06DE65105DA . 25088 . . [10.0.3790.3646] . . c:\windows\system32\mspmsnsv.dll
.
[-] 2012-05-04 . 8E99A0CE02C1BEDA6C0935A4DDE9CEAA . 2069120 . . [5.1.2600.6223] . . c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\sp3qfe\ntkrnlpa.exe
[-] 2012-05-04 . 5DD80D56AF1CEFBFF4F25951069B55BB . 2069120 . . [5.1.2600.6223] . . c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\sp3gdr\ntkrnlpa.exe
[-] 2012-04-11 . 063A0F8A90D8E2B802E5243FE9AABCF3 . 2069120 . . [5.1.2600.6206] . . c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\sp3qfe\ntkrnlpa.exe
[-] 2012-04-11 . 0C9E44D256948FA68AE10D67984862CE . 2069120 . . [5.1.2600.6206] . . c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\sp3gdr\ntkrnlpa.exe
[-] 2010-12-09 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[-] 2010-12-09 . 9ED77E2307F6EC6F174C063C15AA3B8C . 2027008 . . [5.1.2600.6055] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-12-09 . 84FF488E249DBD2050EB39EA81C6F5C2 . 2069376 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2010-04-28 . 756362706DE8BC92F11E197C98A73844 . 2066944 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
[-] 2010-04-27 . 49E936E1398D1A536E84CD5D068F0F09 . 2024448 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe
[-] 2010-02-16 . E8B8801DE921912EBDEEFC76662F7EAD . 2024448 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . 089F1E207B067A4DDEB2EEC37BBB1AA7 . 2023936 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 32B1A971183EC22DD91EEDA61C499E7C . 2023936 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[-] 2009-02-06 . 65D4220799E6FC2CB079070A6393CC0E . 2023936 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . 8206B5F94A6A9450E934029420C1693F . 2023936 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-08-14 . DC097A896A03B8277457D228FD12D4E6 . 2015744 . . [5.1.2600.3427] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[-] 2008-04-13 . 7F653A89F6E89E3AE0D49830EECE35D4 . 2023936 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 . A58AC1C6199EF34228ABEE7FC057AE09 . 2015744 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
[-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . 3CD941E472DDF3534E53038535719771 . 2015232 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2004-08-03 . FB142B7007CA2EEA76966C6C5CC12150 . 2015232 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
.
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-10 13:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
.
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
[-] 2004-08-10 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll
.
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2004-08-10 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
.
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2004-08-10 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
.
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2004-08-10 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
.
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\olepro32.dll
[-] 2004-08-10 13:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
.
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-10 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2004-08-10 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
[-] 2012-05-04 . 099A0F80A563EBE935F4A9750F96C219 . 2192640 . . [5.1.2600.6223] . . c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\sp3qfe\ntoskrnl.exe
[-] 2012-05-04 . DDF0CB8CD3C6007CDF4AD8F0409ED930 . 2192640 . . [5.1.2600.6223] . . c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\sp3gdr\ntoskrnl.exe
[-] 2012-04-11 . 8D061BB825BC606C2B1C6F7452D1BAAA . 2192640 . . [5.1.2600.6206] . . c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\sp3qfe\ntoskrnl.exe
[-] 2012-04-11 . 536168936EBF326E36C655EC5AE34B03 . 2192640 . . [5.1.2600.6206] . . c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\sp3gdr\ntoskrnl.exe
[-] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[-] 2010-12-09 . 60E16152D847D7A7B7D3DA4C4B8E2120 . 2148864 . . [5.1.2600.6055] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-12-09 . 64C1ADF6DF629F340C5A439FE0EF8ED1 . 2192768 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2010-04-27 . 466A3E1239F4A9428797730E81A7A865 . 2146304 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe
[-] 2010-04-27 . A2ABBEC40CDB57454645D06B7EBD22F5 . 2190080 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[-] 2010-02-16 . 048DB3459FAB4CA741DCC84E1F374D65 . 2146304 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 9696C553F994340CD6AA5C5A724C3A19 . 2145280 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-08-04 . 78FCC97CD878D4CF5B5D2158A5A7CF92 . 2145280 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 . 0CBA44D0938D57F334C0862424148B70 . 2145280 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . F6F8245B3A2E9CA834DD318E7AE0C6D0 . 2145280 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-08-14 . DD31AB4B91C2605601A3C108AF57A0C9 . 2136064 . . [5.1.2600.3427] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-13 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 . 1220FAF071DEA8653EE21DE7DCDA8BFD . 2136064 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 48B3E89AF7074CEE0314A3E0C7FAFFDB . 2135552 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2004-08-03 . 626309040459C3915997EF98EC1C8D40 . 2148352 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2004-08-10 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
.
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2006-12-19 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
[-] 2006-12-19 . B6763F8534AC547CF1AF98AFDFF2EDC8 . 333824 . . [5.1.2600.3051] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
[-] 2004-08-10 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB927802$\wiaservc.dll
.
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2004-08-10 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
.
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2006-06-26 . B5D08C96B2DADAF5171FB69E341B272B . 7680 . . [5.1.2600.2938] . . c:\windows\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
[-] 2006-06-26 . 5F098BD2AE6B03044B085DECFFDF91EC . 8192 . . [5.1.2600.2938] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
[-] 2004-08-10 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB920683$\rasadhlp.dll
.
((((((((((((((((((((((((((((( [email protected]_07.59.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-20 08:19 . 2012-06-02 14:19 45080 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.6.7600.256\wups2.dll
+ 2012-07-20 08:19 . 2012-06-02 14:19 35864 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.6.7600.256\wups.dll
+ 2004-09-10 13:57 . 2011-11-18 12:35 60416 c:\windows\system32\packager.exe
+ 2004-09-10 14:34 . 2012-06-02 14:19 35864 c:\windows\system32\dllcache\wups.dll
+ 2004-09-10 14:34 . 2012-06-02 14:19 53784 c:\windows\system32\dllcache\wuauclt.exe
+ 2011-11-18 12:35 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe
+ 2004-09-10 13:56 . 2012-06-02 14:19 97304 c:\windows\system32\dllcache\cdm.dll
+ 2012-07-04 13:20 . 2012-07-04 13:17 227824 c:\windows\system32\javaws.exe
+ 2004-09-10 14:34 . 2012-06-02 14:19 210968 c:\windows\system32\dllcache\wuweb.dll
+ 2004-09-10 14:34 . 2012-06-02 14:19 329240 c:\windows\system32\dllcache\wucltui.dll
+ 2004-09-10 14:34 . 2012-06-02 14:19 577048 c:\windows\system32\dllcache\wuapi.dll
+ 2004-09-10 14:34 . 2012-06-02 14:19 1933848 c:\windows\system32\dllcache\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2011-05-09 09:49 176936 ----a-w- c:\program files\ZoneAlarm_Security\prxtbZon0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}"= "c:\program files\ZoneAlarm_Security\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetMeter"="c:\program files\NetMeter\NetMeter.exe" [2009-08-09 293888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 57344]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-18 2334560]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Trillian.lnk - c:\program files\Trillian\trillian.exe [2010-8-10 1867776]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Workrave.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Workrave.lnk
backup=c:\windows\pss\Workrave.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
2007-07-28 15:55 4376328 ----a-w- c:\program files\DAP\DAP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 17:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
2005-01-24 18:58 81920 ----a-w- c:\progra~1\Sony\SONICS~1\SSAAD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Documents and Settings\\Owner\\My Documents\\Downloads\\WoW-BurningCrusade-enUS-Installer-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\AOL 9.0\\aol.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\recettear\\recettear.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\recettear\\custom.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\blackwell deception\\Deception.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22/02/2011 08:13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [19/01/2011 04:32 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/01/2011 06:41 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [10/02/2011 07:54 297168]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18/04/2011 17:39 7398752]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [08/02/2011 05:33 269520]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [30/03/2011 17:17 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10/02/2011 07:53 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/02/2011 07:53 27216]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [27/07/2007 17:23 7040]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [01/04/2012 15:29 250056]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [02/06/2011 11:08 11336]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [25/04/2012 22:02 113120]
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 02:18]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1936352823-199163826-2050354253-1006Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-08 18:29]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1936352823-199163826-2050354253-1006UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-08 18:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2645238
uInternet Connection Wizard,ShellNext = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\nj9eh881.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ZoneAlarm Security Customized Web Search
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre7\bin\jusched.exe
AddRemove-Yahoo! Toolbar - c:\progra~1\Yahoo!\Common\UNYT_W~1.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-20 18:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1936352823-199163826-2050354253-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:5b,64,76,c0,80,06,5e,89,0a,b2,c7,17,da,4b,20,9a,b6,80,2a,67,57,dd,2a,
01,e3,b3,e3,2c,c9,27,84,d0,ab,d9,65,10,56,c0,7b,fc,c4,97,0c,63,ca,b0,ba,d2,\
"??"=hex:61,d7,46,f3,ae,25,fa,3c,e7,80,16,a5,b5,3e,a3,e4
.
[HKEY_USERS\S-1-5-21-1936352823-199163826-2050354253-1006\Software\SecuROM\License information*]
"datasecu"=hex:86,9f,f3,91,a1,78,6f,61,b2,f5,28,7c,73,52,47,ff,fb,48,5a,ba,04,
19,3f,1a,69,09,7b,f5,6f,98,02,db,82,1c,c7,4c,b5,c9,fd,cf,23,4d,b0,1c,52,7c,\
"rkeysecu"=hex:df,23,b2,e5,db,bd,77,15,08,3d,20,dc,ad,9e,4d,a7
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\02\01\14\121\14o"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\]*‘|`Yé]
"DisplayName"="?\11???"
"DeviceDesc"="?\11???"
"ProviderName"=""
"MFG"="????ª"
"ReinstallString"="c:\\WINDOWS\\System32\\ReinstallBackups\\]???\\DriverFiles\\.INF"
"DeviceInstanceIds"=multi:"\0c\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1192)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Mabinogi\npkcmsvc.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\windows\eHome\ehmsas.exe
c:\apps\ABoard\AOSD.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\windows\system32\dllhost.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2012-07-20 18:55:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-20 17:55
ComboFix2.txt 2012-07-20 08:14
.
Pre-Run: 56,759,533,568 bytes free
Post-Run: 56,859,287,552 bytes free
.
- - End Of File - - D33DEC552044125595C818A29E6D491E
  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
Attached is proquota.zip. Download, Save the file then right click and Extract All. This will create a folder called proquota in the same folder. Inside the proquota folder should be proquota.exe. Copy it and save it to c:\windows\system32\
  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
Run the FixIt on

http://support.microsoft.com/kb/822798


After you copy the proquota.exe file, run Combofix again (without a script) and let's see if it is happy now.

When you submit a file to virustotal, they pass the file on to most of the major anti-virus companies who test it and report back. Usually you get a number 0/42 or similar. If that's the case then the files are probably not infected. Often the file will have been already tested and they will tell you that and give you the rating. You can ask to see the report or have it retested but if it's 0/42 then there is no point. If you get something besides 0 in the first then ask to see the report and then copy and paste it into a reply.
  • 0

#15
HDL

HDL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Done.

ComboFix 12-07-20.02 - Owner 21/07/2012 8:05.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.959.478 [GMT 1:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\dasetup.log
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2012-06-21 to 2012-07-21 )))))))))))))))))))))))))))))))
.
.
2012-07-21 06:07 . 2008-04-14 04:00 50176 ----a-w- c:\windows\system32\proquota.exe
2012-07-21 06:07 . 2008-04-14 04:00 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2012-07-21 05:56 . 2012-07-21 05:56 -------- d-----w- c:\windows\LastGood
2012-07-20 10:47 . 2012-07-20 10:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-20 10:47 . 2012-07-03 12:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-20 08:38 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2012-07-20 08:38 . 2012-05-11 14:42 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2012-07-20 08:34 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2012-07-20 08:34 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-07-20 08:34 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-07-20 08:26 . 2012-07-20 08:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-19 17:45 . 2012-07-19 17:45 -------- d-----w- C:\_OTL
2012-07-18 15:53 . 2012-07-18 16:16 -------- d-----w- c:\program files\WhoCrashed
2012-07-04 14:07 . 2012-07-04 15:20 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\eSupport.com
2012-07-04 13:22 . 2012-07-04 13:22 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Sun
2012-07-04 13:20 . 2012-07-04 13:20 -------- d-----w- c:\program files\Oracle
2012-07-04 13:20 . 2012-07-04 13:20 -------- d-----w- c:\documents and settings\Owner\Application Data\Oracle
2012-07-04 13:20 . 2012-05-04 18:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-17 02:18 . 2012-04-01 14:29 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-17 02:18 . 2011-05-18 07:02 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-04 13:17 . 2007-08-06 21:50 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-13 13:19 . 2004-09-10 13:57 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2009-04-12 17:34 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-09-10 13:57 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-09-10 13:57 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 14:19 . 2007-04-16 21:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 14:19 . 2007-04-16 21:46 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 14:19 . 2004-09-10 14:34 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 14:19 . 2004-09-10 14:34 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 14:19 . 2004-09-10 14:34 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 14:19 . 2007-04-16 21:46 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 14:19 . 2007-04-16 21:45 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 14:19 . 2004-09-10 14:34 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 14:19 . 2004-09-10 14:34 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 14:19 . 2004-09-10 13:56 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 14:19 . 2007-04-16 21:45 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 14:19 . 2004-09-10 14:34 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 14:19 . 2004-09-10 14:34 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2004-09-10 13:56 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-09-10 13:57 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2004-09-10 13:57 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-09-10 13:57 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-09-10 13:57 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 18:29 . 2010-07-10 21:31 687504 ----a-w- c:\windows\system32\deployJava1.dll
2009-09-29 19:00 . 2009-09-29 19:00 57369 ----a-w- c:\program files\winsetup.exe
2009-09-29 18:59 . 2009-09-29 18:59 8421321 ----a-w- c:\program files\Awakener.exe
2007-12-05 17:27 . 2007-12-05 02:58 1071886 ----a-w- c:\program files\WoW-2.0.0-enUS-Installer-downloader.exe
2007-08-05 20:13 . 2007-08-05 20:13 774144 ----a-w- c:\program files\RngInterstitial.dll
2012-07-19 18:07 . 2011-05-06 17:28 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-10 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
.
[-] 2004-08-10 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2004-08-10 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-03 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-10 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-10 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys
[-] 2004-08-10 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\I386\NTFS.SYS
.
[-] 2004-08-10 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2004-08-10 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
.
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\browser.dll
[-] 2004-08-10 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
.
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-10 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
.
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-10 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll
.
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2004-08-10 13:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-10 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
.
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2004-08-10 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\rpcss.dll
.
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-10 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-10 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe
.
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe
[-] 2004-08-10 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2004-08-10 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2004-08-10 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2004-08-10 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL
[-] 2004-08-10 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-10 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll
[-] 2004-08-10 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
.
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-10 13:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll
.
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-10 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
.
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2004-08-10 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB935839$\kernel32.dll
.
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2004-08-10 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll
.
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-10 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
.
[-] 2012-05-11 . 886B62A906B3967CBBF0FD2C833A30BF . 6007808 . . [8.00.6001.19258] . . c:\windows\SoftwareDistribution\Download\0908f26c2838967d66a8d2b24a21ddc6\SP3GDR\mshtml.dll
[-] 2012-05-11 . 886B62A906B3967CBBF0FD2C833A30BF . 6007808 . . [8.00.6001.19258] . . c:\windows\system32\mshtml.dll
[-] 2012-05-11 . 886B62A906B3967CBBF0FD2C833A30BF . 6007808 . . [8.00.6001.19258] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2012-05-11 . 55F148B94246A77FB4AC33346671CAC8 . 6009344 . . [8.00.6001.23345] . . c:\windows\$hf_mig$\KB2699988-IE8\SP3QFE\mshtml.dll
[-] 2012-05-11 . 55F148B94246A77FB4AC33346671CAC8 . 6009344 . . [8.00.6001.23345] . . c:\windows\SoftwareDistribution\Download\0908f26c2838967d66a8d2b24a21ddc6\SP3QFE\mshtml.dll
[-] 2011-02-22 . 3422847AA07E37076A87D0B7D5044DC6 . 5964800 . . [8.00.6001.23141] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\mshtml.dll
[-] 2011-02-22 . C2EF2335F1B6C2BE20A67D9098F6C9A1 . 5962240 . . [8.00.6001.19046] . . c:\windows\ie8updates\KB2699988-IE8\mshtml.dll
[-] 2010-12-20 . 1EDCEC5D649DBAC37ED9FFB5A14CEB0C . 5961216 . . [8.00.6001.19019] . . c:\windows\ie8updates\KB2497640-IE8\mshtml.dll
[-] 2010-12-20 . 2A2C070EC691CE410533A1DA7AA3CD86 . 5962240 . . [8.00.6001.23111] . . c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtml.dll
[-] 2010-11-06 . 864E69F32656A7121444BA0193D7B64B . 5960704 . . [8.00.6001.23091] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mshtml.dll
[-] 2010-11-06 . D7CCA87057901C87ED8CC40DDCC7FA1B . 5959168 . . [8.00.6001.18999] . . c:\windows\ie8updates\KB2482017-IE8\mshtml.dll
[-] 2010-09-10 . DE41132DA8E5A3CD57201C6F2175EC05 . 5957120 . . [8.00.6001.18975] . . c:\windows\ie8updates\KB2416400-IE8\mshtml.dll
[-] 2010-09-10 . 8A03CC037E6B7D1796192815231B0C3F . 5958656 . . [8.00.6001.23067] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\mshtml.dll
[-] 2010-06-24 . 94DC7E938C57F3C3D1BC4A0F68FC5830 . 5954560 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\mshtml.dll
[-] 2010-06-24 . 4D7EF94795384CD2BBAAB078B7929FEA . 5951488 . . [8.00.6001.18939] . . c:\windows\ie8updates\KB2360131-IE8\mshtml.dll
[-] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . c:\windows\ie8updates\KB2183461-IE8\mshtml.dll
[-] 2010-05-06 . 9BE28F749A7FE7F8F177C6AA2E9DA609 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[-] 2010-02-25 . 7054F6ADC9B670887659F1561603B0D0 . 5944832 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll
[-] 2010-02-25 . 974772C74DA7C7A8E7C813A9908A845F . 5946880 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
[-] 2009-12-21 . BE6EEBEF636773A8E7A82214E81C563A . 5942784 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\mshtml.dll
[-] 2009-12-21 . E6B64C6C729BBC38AB7CC92CE33F97A5 . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . C0F9AC6FAB2C788FFEE3E69585A0E93F . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . CBB1EF54B86EDB78649909DD1699E5CA . 5940736 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\mshtml.dll
[-] 2009-10-22 . CDA69BC1C23B0EA033B989F67CB722FF . 5939712 . . [8.00.6001.18852] . . c:\windows\ie8updates\KB976325-IE8\mshtml.dll
[-] 2009-10-22 . A6CF28C6E0B6D10098AB601D85EE55E8 . 5943296 . . [8.00.6001.22942] . . c:\windows\$hf_mig$\KB976749-IE8\SP3QFE\mshtml.dll
[-] 2009-08-29 . 0E49677EE57A928765FC47FFBACD5326 . 5940224 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976749-IE8\mshtml.dll
[-] 2009-08-29 . B68F6E6C66D17D9EDABF3D5DA71046DA . 5942272 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll
[-] 2009-07-19 . 5A32B43A48D6DCA339BF24105D9A028F . 5937152 . . [8.00.6001.18812] . . c:\windows\ie8updates\KB974455-IE8\mshtml.dll
[-] 2009-07-19 . F25D866DD486AD30E05E5596CB363C3E . 5938176 . . [8.00.6001.22902] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
[-] 2009-05-13 . EEAADAA744B20E68CF5EB4FBB4F8AFA9 . 5936128 . . [8.00.6001.18783] . . c:\windows\ie8updates\KB972260-IE8\mshtml.dll
[-] 2009-05-13 . 1290E417BF806185CC7B2845E78A104E . 5936128 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\mshtml.dll
[-] 2009-02-21 . 1BB754AB47B327DE8DBF2FA18C36357C . 3596800 . . [7.00.6000.21015] . . c:\windows\SoftwareDistribution\Download\baf4833efdfcb1ed85e5c9347d37106a\SP3QFE\mshtml.dll
[-] 2009-02-20 . C7C3E41CC2F6EB4A629FE2184136C098 . 3595264 . . [7.00.6000.16825] . . c:\windows\SoftwareDistribution\Download\baf4833efdfcb1ed85e5c9347d37106a\SP3GDR\mshtml.dll
[-] 2009-02-20 . 2F70F2F74C40397D031016FA162981C2 . 3068416 . . [6.00.2900.5764] . . c:\windows\ie8\mshtml.dll
[-] 2009-02-20 . 1618A4A2C5DD8164B8295190C8EA6544 . 3068416 . . [6.00.2900.5764] . . c:\windows\$hf_mig$\KB963027\SP3QFE\mshtml.dll
[-] 2008-12-12 . C8169B4320AC0CB8D1ED20454322E839 . 3060224 . . [6.00.2900.3492] . . c:\windows\$NtServicePackUninstall$\mshtml.dll
[-] 2008-12-12 . 6D1D493622EA050DBAABD0C4C1DFADB5 . 3067392 . . [6.00.2900.3492] . . c:\windows\$hf_mig$\KB960714\SP2QFE\mshtml.dll
[-] 2008-12-12 . B6DAA74E2ED36C71B502945589A683AE . 3067904 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3QFE\mshtml.dll
[-] 2008-12-12 . C828AA1C5469E72251F3D367005E589F . 3067904 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3GDR\mshtml.dll
[-] 2008-12-12 . C828AA1C5469E72251F3D367005E589F . 3067904 . . [6.00.2900.5726] . . c:\windows\$NtUninstallKB963027$\mshtml.dll
[-] 2008-10-16 . C99D8B48FC245D98E1A2BAB6594458C9 . 3067392 . . [6.00.2900.3462] . . c:\windows\$hf_mig$\KB958215\SP2QFE\mshtml.dll
[-] 2008-10-16 . CC5A2205D37AE67CE23AB7FD3E1FDACA . 3067904 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\mshtml.dll
[-] 2008-10-16 . B846C2DE341CF32B42AD297437233742 . 3067904 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3GDR\mshtml.dll
[-] 2008-10-16 . B846C2DE341CF32B42AD297437233742 . 3067904 . . [6.00.2900.5694] . . c:\windows\$NtUninstallKB960714$\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB958215$\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2007-05-04 . 00ADCB32832A10ED9419493BCEA97526 . 3064320 . . [6.00.2900.3132] . . c:\windows\$hf_mig$\KB933566\SP2QFE\mshtml.dll
[-] 2007-05-04 . 4D92717B5BBCE85F1254BAD23B0D357C . 3058688 . . [6.00.2900.3132] . . c:\windows\$NtUninstallKB960714_0$\mshtml.dll
[-] 2004-08-10 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB933566$\mshtml.dll
.
[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\dllcache\msvcrt.dll
[-] 2004-08-10 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-10 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL
[-] 2004-08-10 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2004-08-10 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
.
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-10 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll
.
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-10 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
.
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-10 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
.
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-10 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
.
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll
[-] 2004-08-10 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
.
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-10 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-08-10 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll
.
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2004-08-10 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll
.
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-10 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[-] 2012-05-16 . 6B1774334E2975AA60596E54F5EA1430 . 916992 . . [8.00.6001.19272] . . c:\windows\SoftwareDistribution\Download\0908f26c2838967d66a8d2b24a21ddc6\SP3GDR\wininet.dll
[-] 2012-05-16 . 6B1774334E2975AA60596E54F5EA1430 . 916992 . . [8.00.6001.19272] . . c:\windows\system32\wininet.dll
[-] 2012-05-16 . 6B1774334E2975AA60596E54F5EA1430 . 916992 . . [8.00.6001.19272] . . c:\windows\system32\dllcache\wininet.dll
[-] 2012-05-16 . 553AD35768CD27959391DD5AA82CEF6F . 920064 . . [8.00.6001.23359] . . c:\windows\$hf_mig$\KB2699988-IE8\SP3QFE\wininet.dll
[-] 2012-05-16 . 553AD35768CD27959391DD5AA82CEF6F . 920064 . . [8.00.6001.23359] . . c:\windows\SoftwareDistribution\Download\0908f26c2838967d66a8d2b24a21ddc6\SP3QFE\wininet.dll
[-] 2011-02-22 . A9FA95F0D7F511959AC721E4843E5967 . 919552 . . [8.00.6001.23139] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\wininet.dll
[-] 2011-02-22 . F192D49EEFE297FA858B2C774BA2291D . 916480 . . [8.00.6001.19044] . . c:\windows\ie8updates\KB2699988-IE8\wininet.dll
[-] 2010-12-20 . 88014D62B5E3CDB0AC67948D86C926C8 . 916480 . . [8.00.6001.19019] . . c:\windows\ie8updates\KB2497640-IE8\wininet.dll
[-] 2010-12-20 . 5504B4ECCE892EB82CD2C5FA71940AC1 . 919552 . . [8.00.6001.23111] . . c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\wininet.dll
[-] 2010-11-06 . 9357C4249F4810FB0E49C13387A8A77C . 919552 . . [8.00.6001.23084] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\wininet.dll
[-] 2010-11-06 . 306A2B05EA9846278113964DC6E2C940 . 916480 . . [8.00.6001.18992] . . c:\windows\ie8updates\KB2482017-IE8\wininet.dll
[-] 2010-09-10 . 36FE8ABC59AAFBE20CBE54BC372F9429 . 916480 . . [8.00.6001.18968] . . c:\windows\ie8updates\KB2416400-IE8\wininet.dll
[-] 2010-09-10 . 0555E190DCD06B8998E6DDCA42DAEB82 . 919552 . . [8.00.6001.23060] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\wininet.dll
[-] 2010-06-24 . 60237E50D575FBA9BEC9BC043F157149 . 919040 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll
[-] 2010-06-24 . D3DEB6B2B424AC93DE3801EAEB21A9A5 . 916480 . . [8.00.6001.18939] . . c:\windows\ie8updates\KB2360131-IE8\wininet.dll
[-] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2183461-IE8\wininet.dll
[-] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[-] 2010-02-25 . 7A42CFED96CDA7F2FB1A26D1F9F65775 . 916480 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll
[-] 2010-02-25 . 4458D59F2B0369F4D3B137541D284041 . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[-] 2009-12-21 . FF4241C74E0C0A5AFFFE05F584213ECB . 916480 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\wininet.dll
[-] 2009-12-21 . 5E1F666B8955FD77E65D65C4C4D882A3 . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . 6AF52998B90F72FF2325D84D90EDA1CC . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . 75240F6EDBCE7B85DF66874407D38A4F . 916480 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\wininet.dll
[-] 2009-08-29 . CF0A5FE05BF614C24950D8FAEC1BC309 . 916480 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll
[-] 2009-08-29 . 972B226BDAD71C55F3CC9A72BBF8F1C1 . 916480 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
[-] 2009-07-03 . 7E8A47A2E6561274B83E257CE74803FD . 915456 . . [8.00.6001.18806] . . c:\windows\ie8updates\KB974455-IE8\wininet.dll
[-] 2009-07-03 . 38114DAB42FB2EB84D1726C42B8D80C5 . 915456 . . [8.00.6001.22896] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[-] 2009-05-13 . 366C72AF6970DB7BB39AB0142BF09DB5 . 915456 . . [8.00.6001.18783] . . c:\windows\ie8updates\KB972260-IE8\wininet.dll
[-] 2009-05-13 . C0EB6850C8A02A154281749DC61FAF22 . 915456 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\wininet.dll
[-] 2009-03-03 . 28775945CCD53DEE280EF58DEA1A94C4 . 826368 . . [7.00.6000.16827] . . c:\windows\SoftwareDistribution\Download\baf4833efdfcb1ed85e5c9347d37106a\SP3GDR\wininet.dll
[-] 2009-03-03 . C8667854873938CA13C986F16B0CD183 . 828416 . . [7.00.6000.21020] . . c:\windows\SoftwareDistribution\Download\baf4833efdfcb1ed85e5c9347d37106a\SP3QFE\wininet.dll
[-] 2009-02-20 . 5B6A3EB7BB2F338BC2CB9F2FA4AAEA9E . 666112 . . [6.00.2900.5764] . . c:\windows\ie8\wininet.dll
[-] 2009-02-20 . 711FEABED387B29FF7ED61BC6806A06C . 667648 . . [6.00.2900.5764] . . c:\windows\$hf_mig$\KB963027\SP3QFE\wininet.dll
[-] 2008-10-16 . 6F1E4BFD78C4E0D05FF3725D59B72925 . 659456 . . [6.00.2900.3462] . . c:\windows\$NtServicePackUninstall$\wininet.dll
[-] 2008-10-16 . 93C9D0A216498EE14EB9B26119BB95EE . 667648 . . [6.00.2900.3462] . . c:\windows\$hf_mig$\KB958215\SP2QFE\wininet.dll
[-] 2008-10-16 . E8FCE58A470999350F64C591557F9E42 . 667136 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
[-] 2008-10-16 . 1576318BF08D28CC61D1278114AD8D5B . 666112 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll
[-] 2008-10-16 . 1576318BF08D28CC61D1278114AD8D5B . 666112 . . [6.00.2900.5694] . . c:\windows\$NtUninstallKB963027$\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB958215$\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2007-04-18 . 4261BA03AFD659DE04F0A17DFBDD454D . 665600 . . [6.00.2900.3121] . . c:\windows\$hf_mig$\KB933566\SP2QFE\wininet.dll
[-] 2007-04-18 . B7156CD97E739F3014BC4D61758F868A . 658944 . . [6.00.2900.3121] . . c:\windows\$NtUninstallKB958215_0$\wininet.dll
[-] 2004-08-10 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB933566$\wininet.dll
.
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-10 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
.
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2004-08-10 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2004-08-10 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2004-08-10 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
[-] 2004-08-10 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\I386\REGEDIT.EXE
.
[-] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\SoftwareDistribution\Download\1dfa26aa7c55425acf0fd8a07e6aaee7\sp3gdr\ole32.dll
[-] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\ole32.dll
[-] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\dllcache\ole32.dll
[-] 2011-11-01 . 7D9DDE1AB4B00DDB173F5A16E9206517 . 1289216 . . [5.1.2600.6168] . . c:\windows\$hf_mig$\KB2624667\SP3QFE\ole32.dll
[-] 2011-11-01 . 7D9DDE1AB4B00DDB173F5A16E9206517 . 1289216 . . [5.1.2600.6168] . . c:\windows\SoftwareDistribution\Download\1dfa26aa7c55425acf0fd8a07e6aaee7\sp3qfe\ole32.dll
[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\$NtUninstallKB2624667$\ole32.dll
[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\ole32.dll
[-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
[-] 2005-04-28 . 7440D29F257B7E44329343F944F2142C . 1286144 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll
[-] 2005-04-28 . 5950E4F28FDA9D147576BF6798937397 . 1285120 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\ole32.dll
[-] 2004-08-10 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\ole32.dll
.
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[-] 2004-08-10 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
.
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2004-08-03 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
.
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-10 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 2004-08-10 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-10 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-10 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
.
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-10 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
.
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll
[-] 2004-08-10 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2004-08-10 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-10 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
.
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-10 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
.
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-10 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
.
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-10 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
.
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2004-08-10 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\appmgmts.dll
[-] 2004-08-10 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
.
[-] 2004-08-10 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\dllcache\acpiec.sys
[-] 2004-08-10 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2004-08-03 21:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtServicePackUninstall$\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
[-] 2004-08-03 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-10 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
.
[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2004-08-10 13:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-10 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
.
[-] 2004-08-10 13:00 . 6EAA72FD9EF993EC1FA9A06DE65105DA . 25088 . . [10.0.3790.3646] . . c:\windows\system32\mspmsnsv.dll
.
[-] 2012-05-04 . 8E99A0CE02C1BEDA6C0935A4DDE9CEAA . 2069120 . . [5.1.2600.6223] . . c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\sp3qfe\ntkrnlpa.exe
[-] 2012-05-04 . 5DD80D56AF1CEFBFF4F25951069B55BB . 2069120 . . [5.1.2600.6223] . . c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\sp3gdr\ntkrnlpa.exe
[-] 2012-04-11 . 063A0F8A90D8E2B802E5243FE9AABCF3 . 2069120 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntkrnlpa.exe
[-] 2012-04-11 . 063A0F8A90D8E2B802E5243FE9AABCF3 . 2069120 . . [5.1.2600.6206] . . c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\sp3qfe\ntkrnlpa.exe
[-] 2012-04-11 . 0C9E44D256948FA68AE10D67984862CE . 2069120 . . [5.1.2600.6206] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2012-04-11 . 0C9E44D256948FA68AE10D67984862CE . 2069120 . . [5.1.2600.6206] . . c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\sp3gdr\ntkrnlpa.exe
[-] 2012-04-11 . 0C9E44D256948FA68AE10D67984862CE . 2069120 . . [5.1.2600.6206] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2012-04-11 . 61CCE48F7BD00E0E4D5CDE206F2DDC1B . 2026496 . . [5.1.2600.6206] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-12-09 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[-] 2010-12-09 . 9ED77E2307F6EC6F174C063C15AA3B8C . 2027008 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2676562$\ntkrnlpa.exe
[-] 2010-04-28 . 756362706DE8BC92F11E197C98A73844 . 2066944 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
[-] 2010-04-27 . 49E936E1398D1A536E84CD5D068F0F09 . 2024448 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe
[-] 2010-02-16 . E8B8801DE921912EBDEEFC76662F7EAD . 2024448 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . 089F1E207B067A4DDEB2EEC37BBB1AA7 . 2023936 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 32B1A971183EC22DD91EEDA61C499E7C . 2023936 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[-] 2009-02-06 . 65D4220799E6FC2CB079070A6393CC0E . 2023936 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . 8206B5F94A6A9450E934029420C1693F . 2023936 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-08-14 . DC097A896A03B8277457D228FD12D4E6 . 2015744 . . [5.1.2600.3427] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[-] 2008-04-13 . 7F653A89F6E89E3AE0D49830EECE35D4 . 2023936 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 . A58AC1C6199EF34228ABEE7FC057AE09 . 2015744 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
[-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . 3CD941E472DDF3534E53038535719771 . 2015232 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2004-08-03 . FB142B7007CA2EEA76966C6C5CC12150 . 2015232 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
.
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-10 13:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
.
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
[-] 2004-08-10 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll
.
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2004-08-10 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
.
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2004-08-10 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
.
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2004-08-10 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
.
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\olepro32.dll
[-] 2004-08-10 13:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
.
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-10 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2004-08-10 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
[-] 2012-05-04 . 099A0F80A563EBE935F4A9750F96C219 . 2192640 . . [5.1.2600.6223] . . c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\sp3qfe\ntoskrnl.exe
[-] 2012-05-04 . DDF0CB8CD3C6007CDF4AD8F0409ED930 . 2192640 . . [5.1.2600.6223] . . c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\sp3gdr\ntoskrnl.exe
[-] 2012-04-11 . 8D061BB825BC606C2B1C6F7452D1BAAA . 2192640 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntoskrnl.exe
[-] 2012-04-11 . 8D061BB825BC606C2B1C6F7452D1BAAA . 2192640 . . [5.1.2600.6206] . . c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\sp3qfe\ntoskrnl.exe
[-] 2012-04-11 . A144D60B35E6DD14CCB9649B5E0D1092 . 2148352 . . [5.1.2600.6206] . . c:\windows\system32\ntoskrnl.exe
[-] 2012-04-11 . 536168936EBF326E36C655EC5AE34B03 . 2192640 . . [5.1.2600.6206] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2012-04-11 . 536168936EBF326E36C655EC5AE34B03 . 2192640 . . [5.1.2600.6206] . . c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\sp3gdr\ntoskrnl.exe
[-] 2012-04-11 . 536168936EBF326E36C655EC5AE34B03 . 2192640 . . [5.1.2600.6206] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[-] 2010-12-09 . 60E16152D847D7A7B7D3DA4C4B8E2120 . 2148864 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2676562$\ntoskrnl.exe
[-] 2010-04-27 . 466A3E1239F4A9428797730E81A7A865 . 2146304 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe
[-] 2010-04-27 . A2ABBEC40CDB57454645D06B7EBD22F5 . 2190080 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[-] 2010-02-16 . 048DB3459FAB4CA741DCC84E1F374D65 . 2146304 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 9696C553F994340CD6AA5C5A724C3A19 . 2145280 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-08-04 . 78FCC97CD878D4CF5B5D2158A5A7CF92 . 2145280 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 . 0CBA44D0938D57F334C0862424148B70 . 2145280 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . F6F8245B3A2E9CA834DD318E7AE0C6D0 . 2145280 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-08-14 . DD31AB4B91C2605601A3C108AF57A0C9 . 2136064 . . [5.1.2600.3427] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-13 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 . 1220FAF071DEA8653EE21DE7DCDA8BFD . 2136064 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 48B3E89AF7074CEE0314A3E0C7FAFFDB . 2135552 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2004-08-03 . 626309040459C3915997EF98EC1C8D40 . 2148352 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2004-08-10 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
.
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2006-12-19 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
[-] 2006-12-19 . B6763F8534AC547CF1AF98AFDFF2EDC8 . 333824 . . [5.1.2600.3051] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
[-] 2004-08-10 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB927802$\wiaservc.dll
.
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2004-08-10 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
.
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2006-06-26 . B5D08C96B2DADAF5171FB69E341B272B . 7680 . . [5.1.2600.2938] . . c:\windows\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
[-] 2006-06-26 . 5F098BD2AE6B03044B085DECFFDF91EC . 8192 . . [5.1.2600.2938] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
[-] 2004-08-10 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB920683$\rasadhlp.dll
.
((((((((((((((((((((((((((((( [email protected]_07.59.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-01-29 08:58 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
+ 2007-01-29 08:58 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe
+ 2012-07-20 08:19 . 2012-06-02 14:19 45080 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.6.7600.256\wups2.dll
+ 2012-07-20 08:19 . 2012-06-02 14:19 35864 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.6.7600.256\wups.dll
+ 2004-09-10 13:57 . 2012-07-20 22:25 71488 c:\windows\system32\perfc009.dat
+ 2004-09-10 13:57 . 2011-11-18 12:35 60416 c:\windows\system32\packager.exe
+ 2004-09-10 13:57 . 2011-09-26 10:41 20480 c:\windows\system32\oleaccrc.dll
+ 2004-09-10 13:57 . 2012-05-11 14:42 67072 c:\windows\system32\mshtmled.dll
- 2009-03-08 03:31 . 2011-02-22 23:06 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 03:31 . 2012-05-11 14:42 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-09-10 13:57 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll
- 2004-09-10 13:57 . 2008-04-14 00:11 23040 c:\windows\system32\mciseq.dll
+ 2004-09-10 13:57 . 2012-05-11 14:42 25600 c:\windows\system32\jsproxy.dll
- 2004-09-10 13:57 . 2011-02-22 23:06 25600 c:\windows\system32\jsproxy.dll
+ 2004-09-10 13:57 . 2011-07-08 14:02 10496 c:\windows\system32\drivers\ndistapi.sys
+ 2009-06-09 22:18 . 2012-05-11 14:42 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-06-09 22:18 . 2011-02-22 23:06 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2004-09-10 14:34 . 2012-06-02 14:19 35864 c:\windows\system32\dllcache\wups.dll
+ 2004-09-10 14:34 . 2012-06-02 14:19 53784 c:\windows\system32\dllcache\wuauclt.exe
+ 2011-11-18 12:35 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe
+ 2011-09-26 10:41 . 2011-09-26 10:41 20480 c:\windows\system32\dllcache\oleaccrc.dll
+ 2009-03-08 03:31 . 2012-05-11 14:42 67072 c:\windows\system32\dllcache\mshtmled.dll
- 2009-07-28 20:12 . 2011-02-22 23:06 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-07-28 20:12 . 2012-05-11 14:42 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2011-10-14 14:47 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll
+ 2009-03-08 03:34 . 2012-05-11 14:42 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2009-03-08 03:34 . 2011-02-22 23:06 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2004-09-10 13:57 . 2012-05-11 14:42 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2004-09-10 13:57 . 2011-02-22 23:06 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-12-14 07:08 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2004-09-10 13:56 . 2012-06-02 14:19 97304 c:\windows\system32\dllcache\cdm.dll
- 2004-09-10 13:56 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll
+ 2004-09-10 13:56 . 2011-10-28 05:31 33280 c:\windows\system32\csrsrv.dll
+ 2011-12-25 02:49 . 2011-12-25 02:49 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2010-09-23 14:55 . 2010-09-23 14:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2011-12-25 10:07 . 2011-12-25 10:07 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2010-09-23 01:26 . 2010-09-23 01:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2011-12-24 21:55 . 2011-12-24 21:55 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2010-09-23 01:26 . 2010-09-23 01:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2011-12-24 21:55 . 2011-12-24 21:55 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2011-12-24 21:55 . 2011-12-24 21:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2010-09-23 01:26 . 2010-09-23 01:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2010-09-23 02:17 . 2010-09-23 02:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2011-12-24 22:49 . 2011-12-24 22:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2010-09-23 02:17 . 2010-09-23 02:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2011-12-24 22:49 . 2011-12-24 22:49 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2004-09-10 14:31 . 2012-04-26 07:28 12288 c:\windows\Microsoft.NET\Framework\v1.0.3705\zh-CHT\System.Drawing.Resources.dll
+ 2004-09-10 14:31 . 2012-04-26 07:21 12288 c:\windows\Microsoft.NET\Framework\v1.0.3705\zh-CHS\System.Drawing.Resources.dll
- 2004-09-10 14:31 . 2009-06-23 21:01 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
+ 2004-09-10 14:31 . 2012-01-13 16:03 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
- 2004-09-10 14:31 . 2009-06-23 21:01 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
+ 2004-09-10 14:31 . 2012-01-13 16:03 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
+ 2004-09-10 14:31 . 2012-04-26 07:27 13824 c:\windows\Microsoft.NET\Framework\v1.0.3705\ko\System.Drawing.Resources.dll
+ 2004-09-10 14:31 . 2012-04-26 07:29 24576 c:\windows\Microsoft.NET\Framework\v1.0.3705\JA\System.Drawing.Resources.dll
- 2004-09-10 14:31 . 2002-01-25 06:02 24576 c:\windows\Microsoft.NET\Framework\v1.0.3705\JA\System.Drawing.Resources.dll
+ 2004-09-10 14:31 . 2012-04-26 07:29 13312 c:\windows\Microsoft.NET\Framework\v1.0.3705\it\System.Drawing.Resources.dll
+ 2004-09-10 14:31 . 2012-04-26 07:30 13824 c:\windows\Microsoft.NET\Framework\v1.0.3705\fr\System.Drawing.Resources.dll
+ 2004-09-10 14:31 . 2012-04-26 07:21 13312 c:\windows\Microsoft.NET\Framework\v1.0.3705\es\System.Drawing.Resources.dll
+ 2004-09-10 14:31 . 2012-04-26 07:27 13312 c:\windows\Microsoft.NET\Framework\v1.0.3705\DE\System.Drawing.Resources.dll
- 2004-09-10 14:31 . 2009-06-23 21:12 32768 c:\windows\Microsoft.NET\Fram