TechSpot

Google hijack problem

By Kergath
Sep 21, 2011
  1. I'm having issues with a google hijack. I also performed a system restore recently and skype is no longer working for me either. Not sure if they are related issues.

    Here's the logs:
    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7765

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 8.0.7601.17514

    9/21/2011 4:10:36 PM
    mbam-log-2011-09-21 (16-10-36).txt

    Scan type: Quick scan
    Objects scanned: 179256
    Time elapsed: 1 minute(s), 57 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-09-21 17:16:33
    Windows 6.1.7601 Service Pack 1
    Running: gmer.exe; Driver: C:\Users\Derek\AppData\Local\Temp\ugloapow.sys


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3881011562-596480335-2157353384-1000@RefCount 6
    Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Program Files\Electronic Arts\Mass Effect\x2122 2\Engine\Localization\DEU\Binaries\Uninstall-3DSexVilla2-Everlust-111.001.exe 1
    Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Derek\Desktop\The.Matrix.Path.Of.Neo.PC.Game(djDEVASTATE\x2122)\EAX4Unified_redist_4001.exe 1

    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_27
    Run by Derek at 17:17:37 on 2011-09-21
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3327.1628 [GMT -7:00]
    .
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Windows\System32\svchost.exe -k Akamai
    C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\LOLReplay\LOLRecorder.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MagicDisc\MagicDisc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Common Files\Steam\SteamService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Nero\Update\NASvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wuauclt.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqdirec.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\REGSVR32.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = http=127.0.0.1:57596
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
    BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - c:\program files\xfin_portal\auxi\comcastAu.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [Steam] "c:\program files\steam\steam.exe" -silent
    uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
    uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    StartupFolder: c:\users\derek\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
    StartupFolder: c:\users\derek\appdata\roaming\micros~1\windows\startm~1\programs\startup\regist~1.lnk - c:\program files\ubisoft\heroes of might and magic v\registration\RegistrationReminder.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\lolrec~1.lnk - c:\program files\lolreplay\LOLRecorder.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: EnableLinkedConnections = 1 (0x1)
    IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 68.87.85.102 68.87.69.150
    TCP: Interfaces\{B9F0FE0F-5863-4129-8C64-B45E1ABD637E} : DhcpNameServer = 68.87.85.102 68.87.69.150
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\derek\appdata\roaming\mozilla\firefox\profiles\xkctxi5h.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.leagueoflegends.com/
    FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files\sony\media go\npmediago.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
    R1 MpKsld11b1a23;MpKsld11b1a23;c:\programdata\microsoft\microsoft antimalware\definition updates\{200a9b08-317b-4d6c-a560-f4da4bde9784}\MpKsld11b1a23.sys [2011-9-21 28752]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-7-18 116608]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-1-26 176128]
    R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
    R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-3-29 598312]
    R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-1-26 7566848]
    R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-1-26 238592]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-6-23 275048]
    R3 ugloapow;ugloapow;c:\users\derek\appdata\local\temp\ugloapow.sys [2011-9-21 100864]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-3-6 39272]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-3-6 15872]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-6 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-6 1343400]
    .
    =============== Created Last 30 ================
    .
    2011-09-22 00:00:37 -------- d-----w- C:\gmer
    2011-09-21 23:35:48 439632 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{12df84b1-c9fc-4923-affc-e72e9195c206}\gapaengine.dll
    2011-09-21 23:35:48 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{200a9b08-317b-4d6c-a560-f4da4bde9784}\MpKsld11b1a23.sys
    2011-09-21 23:35:44 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{200a9b08-317b-4d6c-a560-f4da4bde9784}\offreg.dll
    2011-09-21 23:35:42 7269712 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{200a9b08-317b-4d6c-a560-f4da4bde9784}\mpengine.dll
    2011-09-21 23:33:36 -------- d-----w- c:\program files\Microsoft Security Client
    2011-09-21 23:12:30 -------- d-----w- c:\users\derek\appdata\roaming\SUPERAntiSpyware.com
    2011-09-21 23:12:16 -------- d-----w- c:\programdata\!SASCORE
    2011-09-21 23:12:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-09-21 23:12:14 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-09-21 23:06:11 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-09-21 23:05:56 -------- d-----w- c:\users\derek\appdata\local\temp
    2011-09-21 22:07:51 98816 ----a-w- c:\windows\sed.exe
    2011-09-21 22:07:51 518144 ----a-w- c:\windows\SWREG.exe
    2011-09-21 22:07:51 256000 ----a-w- c:\windows\PEV.exe
    2011-09-21 22:07:51 208896 ----a-w- c:\windows\MBR.exe
    2011-09-21 22:06:43 -------- d-----w- C:\ComboFix
    2011-09-21 21:27:21 -------- dc----w- c:\programdata\{9937DA50-1322-492A-A1C8-1911CDD1BD57}
    2011-09-21 21:23:09 -------- d-----w- c:\users\derek\appdata\roaming\Malwarebytes
    2011-09-21 21:22:57 -------- d-----w- c:\programdata\Malwarebytes
    2011-09-21 21:22:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-09-15 01:17:21 -------- d-----w- c:\program files\Ventrilo
    2011-09-13 04:01:32 -------- d-----w- c:\windows\system32\appmgmt
    2011-08-26 22:47:18 -------- d-----w- c:\program files\common files\scanner
    2011-08-26 22:47:17 -------- d-----w- c:\program files\comcasttb
    2011-08-26 22:47:06 -------- d-----w- c:\program files\CA
    2011-08-26 22:47:05 -------- d-----w- c:\windows\Downloaded Installations
    2011-08-26 22:45:15 -------- d-----w- c:\program files\xfin_portal
    2011-08-26 22:42:02 -------- d-----w- c:\users\derek\appdata\local\SupportSoft
    2011-08-26 22:40:24 -------- d-----w- c:\program files\common files\SupportSoft
    2011-08-26 22:40:24 -------- d-----w- c:\program files\ComcastUI
    2011-08-24 13:21:39 2048 ----a-w- c:\windows\system32\tzres.dll
    .
    ==================== Find3M ====================
    .
    2011-08-17 14:59:55 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-07-22 04:54:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-07-19 12:05:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll
    2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2011-07-09 02:30:00 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-06-29 13:54:54 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-06-24 04:27:01 169984 ----a-w- c:\windows\system32\winsrv.dll
    2011-06-24 04:22:20 271360 ----a-w- c:\windows\system32\conhost.exe
    .
    ============= FINISH: 17:29:31.37 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/5/2011 7:18:58 PM
    System Uptime: 9/21/2011 4:23:19 PM (1 hours ago)
    .
    Motherboard: ECS | | G31T-M7
    Processor: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz | CPU 1 | 2203/200mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 931 GiB total, 734.219 GiB free.
    D: is CDROM (UDF)
    E: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKslf4c8274d
    Device ID: ROOT\LEGACY_MPKSLF4C8274D\0000
    Manufacturer:
    Name: MpKslf4c8274d
    PNP Device ID: ROOT\LEGACY_MPKSLF4C8274D\0000
    Service: MpKslf4c8274d
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsla4511d04
    Device ID: ROOT\LEGACY_MPKSLA4511D04\0000
    Manufacturer:
    Name: MpKsla4511d04
    PNP Device ID: ROOT\LEGACY_MPKSLA4511D04\0000
    Service: MpKsla4511d04
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl68c83548
    Device ID: ROOT\LEGACY_MPKSL68C83548\0000
    Manufacturer:
    Name: MpKsl68c83548
    PNP Device ID: ROOT\LEGACY_MPKSL68C83548\0000
    Service: MpKsl68c83548
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl03249d40
    Device ID: ROOT\LEGACY_MPKSL03249D40\0000
    Manufacturer:
    Name: MpKsl03249d40
    PNP Device ID: ROOT\LEGACY_MPKSL03249D40\0000
    Service: MpKsl03249d40
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKslfa593dc8
    Device ID: ROOT\LEGACY_MPKSLFA593DC8\0000
    Manufacturer:
    Name: MpKslfa593dc8
    PNP Device ID: ROOT\LEGACY_MPKSLFA593DC8\0000
    Service: MpKslfa593dc8
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsla646d26e
    Device ID: ROOT\LEGACY_MPKSLA646D26E\0000
    Manufacturer:
    Name: MpKsla646d26e
    PNP Device ID: ROOT\LEGACY_MPKSLA646D26E\0000
    Service: MpKsla646d26e
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl040600f4
    Device ID: ROOT\LEGACY_MPKSL040600F4\0000
    Manufacturer:
    Name: MpKsl040600f4
    PNP Device ID: ROOT\LEGACY_MPKSL040600F4\0000
    Service: MpKsl040600f4
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl055c88b5
    Device ID: ROOT\LEGACY_MPKSL055C88B5\0000
    Manufacturer:
    Name: MpKsl055c88b5
    PNP Device ID: ROOT\LEGACY_MPKSL055C88B5\0000
    Service: MpKsl055c88b5
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKslfe828125
    Device ID: ROOT\LEGACY_MPKSLFE828125\0000
    Manufacturer:
    Name: MpKslfe828125
    PNP Device ID: ROOT\LEGACY_MPKSLFE828125\0000
    Service: MpKslfe828125
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl093a1754
    Device ID: ROOT\LEGACY_MPKSL093A1754\0000
    Manufacturer:
    Name: MpKsl093a1754
    PNP Device ID: ROOT\LEGACY_MPKSL093A1754\0000
    Service: MpKsl093a1754
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKslaecd84cb
    Device ID: ROOT\LEGACY_MPKSLAECD84CB\0000
    Manufacturer:
    Name: MpKslaecd84cb
    PNP Device ID: ROOT\LEGACY_MPKSLAECD84CB\0000
    Service: MpKslaecd84cb
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl39161332
    Device ID: ROOT\LEGACY_MPKSL39161332\0000
    Manufacturer:
    Name: MpKsl39161332
    PNP Device ID: ROOT\LEGACY_MPKSL39161332\0000
    Service: MpKsl39161332
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl0e0bea13
    Device ID: ROOT\LEGACY_MPKSL0E0BEA13\0000
    Manufacturer:
    Name: MpKsl0e0bea13
    PNP Device ID: ROOT\LEGACY_MPKSL0E0BEA13\0000
    Service: MpKsl0e0bea13
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKslc36014d0
    Device ID: ROOT\LEGACY_MPKSLC36014D0\0000
    Manufacturer:
    Name: MpKslc36014d0
    PNP Device ID: ROOT\LEGACY_MPKSLC36014D0\0000
    Service: MpKslc36014d0
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl47300ffd
    Device ID: ROOT\LEGACY_MPKSL47300FFD\0000
    Manufacturer:
    Name: MpKsl47300ffd
    PNP Device ID: ROOT\LEGACY_MPKSL47300FFD\0000
    Service: MpKsl47300ffd
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl4c25b95f
    Device ID: ROOT\LEGACY_MPKSL4C25B95F\0000
    Manufacturer:
    Name: MpKsl4c25b95f
    PNP Device ID: ROOT\LEGACY_MPKSL4C25B95F\0000
    Service: MpKsl4c25b95f
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKslca656fd9
    Device ID: ROOT\LEGACY_MPKSLCA656FD9\0000
    Manufacturer:
    Name: MpKslca656fd9
    PNP Device ID: ROOT\LEGACY_MPKSLCA656FD9\0000
    Service: MpKslca656fd9
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl8bc51ca4
    Device ID: ROOT\LEGACY_MPKSL8BC51CA4\0000
    Manufacturer:
    Name: MpKsl8bc51ca4
    PNP Device ID: ROOT\LEGACY_MPKSL8BC51CA4\0000
    Service: MpKsl8bc51ca4
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl4ef88ffd
    Device ID: ROOT\LEGACY_MPKSL4EF88FFD\0000
    Manufacturer:
    Name: MpKsl4ef88ffd
    PNP Device ID: ROOT\LEGACY_MPKSL4EF88FFD\0000
    Service: MpKsl4ef88ffd
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl95e737cd
    Device ID: ROOT\LEGACY_MPKSL95E737CD\0000
    Manufacturer:
    Name: MpKsl95e737cd
    PNP Device ID: ROOT\LEGACY_MPKSL95E737CD\0000
    Service: MpKsl95e737cd
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl58ff3399
    Device ID: ROOT\LEGACY_MPKSL58FF3399\0000
    Manufacturer:
    Name: MpKsl58ff3399
    PNP Device ID: ROOT\LEGACY_MPKSL58FF3399\0000
    Service: MpKsl58ff3399
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsle4e1232a
    Device ID: ROOT\LEGACY_MPKSLE4E1232A\0000
    Manufacturer:
    Name: MpKsle4e1232a
    PNP Device ID: ROOT\LEGACY_MPKSLE4E1232A\0000
    Service: MpKsle4e1232a
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl9b438dda
    Device ID: ROOT\LEGACY_MPKSL9B438DDA\0000
    Manufacturer:
    Name: MpKsl9b438dda
    PNP Device ID: ROOT\LEGACY_MPKSL9B438DDA\0000
    Service: MpKsl9b438dda
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl1b1b7ebf
    Device ID: ROOT\LEGACY_MPKSL1B1B7EBF\0000
    Manufacturer:
    Name: MpKsl1b1b7ebf
    PNP Device ID: ROOT\LEGACY_MPKSL1B1B7EBF\0000
    Service: MpKsl1b1b7ebf
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl9d6d5027
    Device ID: ROOT\LEGACY_MPKSL9D6D5027\0000
    Manufacturer:
    Name: MpKsl9d6d5027
    PNP Device ID: ROOT\LEGACY_MPKSL9D6D5027\0000
    Service: MpKsl9d6d5027
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl002e5e40
    Device ID: ROOT\LEGACY_MPKSL002E5E40\0000
    Manufacturer:
    Name: MpKsl002e5e40
    PNP Device ID: ROOT\LEGACY_MPKSL002E5E40\0000
    Service: MpKsl002e5e40
    .
    ==== System Restore Points ===================
    .
    RP144: 9/14/2011 6:16:17 PM - Installed Ventrilo Client
    RP145: 9/15/2011 12:23:59 AM - Windows Update
    RP146: 9/17/2011 12:32:34 AM - Removed Skype™ 5.5
    RP147: 9/19/2011 2:42:55 AM - Windows Update
    RP148: 9/21/2011 1:35:21 PM - Restore Operation
    RP149: 9/21/2011 1:52:51 PM - Windows Update
    RP150: 9/21/2011 2:13:24 PM - Installed Ad-Aware
    RP151: 9/21/2011 2:22:18 PM - Installed Ad-Aware
    RP152: 9/21/2011 2:23:58 PM - Installed Ad-Aware
    RP154: 9/21/2011 3:02:05 PM - Removed Ad-Aware
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    7-Zip 9.20
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.6
    Adobe Shockwave Player 11.5
    Akamai NetSession Interface
    Any Video Converter 3.2.1
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bing Bar
    Bloodline Champions
    Bonjour
    Borderlands
    Brink
    BufferChm
    CA Pest Patrol Realtime Protection
    Click to Call with Skype
    Clone2Go Video Converter Free Version 1.3.8
    Comcast Desktop Software (v1.2.0.9)
    Copy
    Dead Island
    Definition update for Microsoft Office 2010 (KB982726)
    Destinations
    DeviceDiscovery
    DJ_AIO_06_F2400_SW_Min
    Dragon Age II
    Dual-Core Optimizer
    EA Installer
    EA Shared Game Component: Activation
    EasyBits GO
    EAX4 Unified Redist
    F2400
    Fallout: New Vegas
    ffdshow [rev 2527] [2008-12-19]
    GPBaseService2
    Groove Games\Land Of The Dead
    Heroes of Might and Magic V
    High-Definition Video Playback
    HP Customer Participation Program 13.0
    HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
    HP Imaging Device Functions 13.0
    HP Print Projects 1.0
    HP Smart Web Printing 4.5
    HP Solution Center 13.0
    HP Update
    HPPhotoGadget
    hpPrintProjects
    HPProductAssistant
    HPSSupply
    hpWLPGInstaller
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 27
    Killing Floor
    League of Legends
    Left 4 Dead
    LOLReplay
    LOTD Update Pack #2 (3/6/06)
    Magic ISO Maker v5.5 (build 0281)
    MagicDisc 2.7.106
    Malwarebytes' Anti-Malware version 1.51.2.1300
    MarketResearch
    Mass Effect 2
    Media Go
    Media Go Video Playback Engine 1.64.105.02280
    Microsoft .NET Framework 4 Client Profile
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft IntelliPoint 8.0
    Microsoft IntelliType Pro 8.0
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft XNA Framework Redistributable 3.1
    Mozilla Firefox 6.0.2 (x86 en-US)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 10 Menu TemplatePack Basic
    Nero 10 Movie ThemePack Basic
    Nero BackItUp 10
    Nero BackItUp 10 Help (CHM)
    Nero Burning ROM 10
    Nero BurningROM 10 Help (CHM)
    Nero BurnRights 10
    Nero BurnRights 10 Help (CHM)
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero CoverDesigner 10
    Nero CoverDesigner 10 Help (CHM)
    Nero DiscCopy Gadget 10
    Nero DiscCopyGadget 10 Help (CHM)
    Nero DiscSpeed 10
    Nero DiscSpeed 10 Help (CHM)
    Nero Dolby Files 10
    Nero Express 10
    Nero Express 10 Help (CHM)
    Nero InfoTool 10
    Nero InfoTool 10 Help (CHM)
    Nero Kwik Media
    Nero Multimedia Suite 10
    Nero Recode 10
    Nero Recode 10 Help (CHM)
    Nero RescueAgent 10
    Nero RescueAgent 10 Help (CHM)
    Nero SoundTrax 10
    Nero SoundTrax 10 Help (CHM)
    Nero StartSmart 10
    Nero StartSmart 10 Help (CHM)
    Nero Update
    Nero Vision 10
    Nero Vision 10 Help (CHM)
    Nero WaveEditor 10
    Nero WaveEditor 10 Help (CHM)
    NeroKwikMedia Help (CHM)
    NVIDIA PhysX
    Origin
    Pando Media Booster
    Pcsx2 0.9.6
    PlayStation(R)Network Downloader
    PlayStation(R)Store
    QuickTime
    Scan
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Shop for HP Supplies
    Skype™ 5.5
    SmartWebPrinting
    SolutionCenter
    Spybot - Search & Destroy
    StarCraft II
    Status
    Steam
    SUPERAntiSpyware
    The Witcher: Enhanced Edition
    Titan Quest
    Titan Quest Immortal Throne
    Toolbox
    TrayApp
    Update for Microsoft Office 2010 (KB2494150)
    Vampire - The Masquerade Bloodlines
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WebReg
    Windows Live ID Sign-in Assistant
    WinRAR archiver
    XFINITY Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/21/2011 6:46:32 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/21/2011 3:49:02 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    9/21/2011 2:26:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Lavasoft Ad-Aware Service service to connect.
    9/21/2011 2:26:09 PM, Error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/21/2011 2:24:27 PM, Error: Service Control Manager [7000] - The Lbd service failed to start due to the following error: The system cannot find the file specified.
    9/21/2011 1:42:41 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/21/2011 1:42:04 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0
    9/21/2011 1:36:27 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{f1ed7c9d-4799-11e0-aa2f-806e6f6e6963}\System Volume Information\SystemRestore\New-software' was corrupted and it has been recovered. Some data might have been lost.
    9/20/2011 11:44:08 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/20/2011 11:43:38 AM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom1.
    9/19/2011 2:32:42 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/19/2011 11:26:00 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/18/2011 9:37:49 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/16/2011 11:11:15 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/16/2011 11:11:07 AM, Error: Service Control Manager [7023] - The iPod Service service terminated with the following error: %%-2147417831
    9/15/2011 6:57:18 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/15/2011 12:01:28 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{f1ed7c9d-4799-11e0-aa2f-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{94CA31F5-87EC-4744-B3D5-AA66816102F0}' was corrupted and it has been recovered. Some data might have been lost.
    9/14/2011 6:29:51 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================================================

    You're running two AV programs, Lavasoft Ad-Watch Live! Anti-Virus and MSE.
    One of them has to go.
    I suggest Lavasoft goes.

    Then....

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  3. Kergath

    Kergath TS Rookie Topic Starter

    I got an error when trying to run aswMBR though i'll post the log that it produced:

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-09-21 20:04:38
    -----------------------------
    20:04:38.297 OS Version: Windows 6.1.7601 Service Pack 1
    20:04:38.297 Number of processors: 2 586 0xF0D
    20:04:38.312 ComputerName: DEREK-PC UserName: Derek
    20:04:57.282 Initialze error 0 - driver not loaded
    20:08:02.649 AVAST engine defs: 11092101
    20:08:28.326 Scan error: Incorrect function.
    20:09:20.259 The log file has been saved successfully to "C:\Users\Derek\Desktop\aswMBR.txt"

    I uninstalled ad-aware and i disabled microsoft security essentials before i ran ComboFix but it told me it was still running but i ran anyways.

    ComboFix 11-09-21.04 - Derek 09/21/2011 20:22:59.2.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3327.1988 [GMT -7:00]
    Running from: c:\users\Derek\Downloads\ComboFix.exe
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-22 to 2011-09-22 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-22 03:53 . 2011-09-22 03:53 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-09-22 01:33 . 2011-09-22 01:33 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{200A9B08-317B-4D6C-A560-F4DA4BDE9784}\MpKsl76d0532d.sys
    2011-09-22 01:33 . 2011-09-22 01:33 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{200A9B08-317B-4D6C-A560-F4DA4BDE9784}\offreg.dll
    2011-09-22 00:00 . 2011-09-22 00:00 -------- d-----w- C:\gmer
    2011-09-21 23:35 . 2011-09-21 23:35 439632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12DF84B1-C9FC-4923-AFFC-E72E9195C206}\gapaengine.dll
    2011-09-21 23:35 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{200A9B08-317B-4D6C-A560-F4DA4BDE9784}\mpengine.dll
    2011-09-21 23:33 . 2011-09-21 23:33 -------- d-----w- c:\program files\Microsoft Security Client
    2011-09-21 23:12 . 2011-09-21 23:12 -------- d-----w- c:\users\Derek\AppData\Roaming\SUPERAntiSpyware.com
    2011-09-21 23:05 . 2011-09-22 03:53 -------- d-----w- c:\users\Derek\AppData\Local\temp
    2011-09-21 21:27 . 2011-09-21 21:27 -------- dc----w- c:\programdata\{9937DA50-1322-492A-A1C8-1911CDD1BD57}
    2011-09-21 21:23 . 2011-09-21 21:23 -------- d-----w- c:\users\Derek\AppData\Roaming\Malwarebytes
    2011-09-21 21:22 . 2011-09-21 21:22 -------- d-----w- c:\programdata\Malwarebytes
    2011-09-21 21:22 . 2011-09-21 21:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-09-17 07:25 . 2011-09-21 20:40 -------- d-----w- c:\users\Derek\AppData\Roaming\Ventrilo
    2011-09-15 01:17 . 2011-09-21 20:40 -------- d-----w- c:\program files\Ventrilo
    2011-09-13 09:34 . 2011-09-13 09:34 -------- d-----w- c:\windows\Sun
    2011-08-26 22:47 . 2011-08-26 22:47 -------- d-----w- c:\program files\Common Files\scanner
    2011-08-26 22:47 . 2011-08-26 22:47 -------- d-----w- c:\program files\comcasttb
    2011-08-26 22:47 . 2011-08-26 22:47 -------- d-----w- c:\program files\CA
    2011-08-26 22:47 . 2011-08-26 22:47 -------- d-----w- c:\windows\Downloaded Installations
    2011-08-26 22:45 . 2011-09-22 00:59 -------- d-----w- c:\program files\xfin_portal
    2011-08-26 22:42 . 2011-09-13 05:29 -------- d-----w- c:\users\Derek\AppData\Local\SupportSoft
    2011-08-26 22:40 . 2011-08-26 22:40 -------- d-----w- c:\program files\Common Files\SupportSoft
    2011-08-26 22:40 . 2011-08-26 22:40 -------- d-----w- c:\program files\ComcastUI
    2011-08-24 13:21 . 2011-07-09 04:29 2048 ----a-w- c:\windows\system32\tzres.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-17 14:59 . 2011-05-19 21:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-07-22 04:54 . 2011-08-10 04:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-07-19 12:05 . 2011-06-17 01:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-07-16 04:27 . 2011-08-10 04:15 290816 ----a-w- c:\windows\system32\KernelBase.dll
    2011-07-16 04:15 . 2011-08-10 04:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2011-07-16 02:17 . 2011-08-10 04:15 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 02:17 . 2011-08-10 04:15 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 02:17 . 2011-08-10 04:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 02:17 . 2011-08-10 04:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2011-07-09 02:30 . 2011-08-10 04:15 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-06-29 13:54 . 2011-03-31 03:51 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-06-24 04:27 . 2011-08-10 04:15 169984 ----a-w- c:\windows\system32\winsrv.dll
    2011-06-24 04:22 . 2011-08-10 04:15 271360 ----a-w- c:\windows\system32\conhost.exe
    2011-09-08 03:21 . 2011-03-27 23:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-09-21_22.49.54 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-03-06 04:04 . 2011-09-22 01:35 58748 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 04:55 . 2011-09-22 01:35 54936 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-03-06 02:57 . 2011-09-22 01:35 15222 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3881011562-596480335-2157353384-1000_UserData.bin
    + 2011-04-27 22:25 . 2011-04-27 22:25 65024 c:\windows\System32\drivers\NisDrvWFP.sys
    + 2011-04-18 20:18 . 2011-04-18 20:18 43392 c:\windows\System32\drivers\MpNWMon.sys
    - 2011-03-06 02:39 . 2011-09-21 21:31 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-03-06 02:39 . 2011-09-22 01:33 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-03-06 02:39 . 2011-09-22 01:33 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-03-06 02:39 . 2011-09-21 21:31 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:41 . 2011-09-22 01:33 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:41 . 2011-09-21 21:31 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-03-06 02:50 . 2011-09-22 01:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-03-06 02:50 . 2011-09-21 21:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:34 . 2011-09-21 21:36 87488 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2009-07-14 04:34 . 2011-09-22 01:36 87488 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2011-03-06 02:50 . 2011-09-22 01:35 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-03-06 02:50 . 2011-09-21 21:35 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-03-06 02:50 . 2011-09-22 01:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-03-06 02:50 . 2011-09-21 21:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-03-06 02:51 . 2011-09-21 22:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-03-06 02:51 . 2011-09-22 03:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-03-06 02:51 . 2011-09-21 22:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-03-06 02:51 . 2011-09-22 03:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-04-06 23:48 . 2011-04-06 23:48 11120 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
    + 2011-05-17 16:27 . 2011-05-17 16:27 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
    - 2011-04-12 22:11 . 2011-04-12 22:11 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
    + 2011-05-17 16:27 . 2011-05-17 16:27 44368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Culture.dll
    - 2010-03-18 20:16 . 2010-03-18 20:16 44368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Culture.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
    + 2011-09-22 01:21 . 2011-09-22 01:21 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
    + 2011-09-22 01:21 . 2011-09-22 01:21 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
    + 2011-09-22 01:21 . 2011-09-22 01:21 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
    + 2011-09-22 01:21 . 2011-09-22 01:21 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
    + 2011-09-22 01:21 . 2011-09-22 01:21 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
    + 2011-09-22 01:21 . 2011-09-22 01:21 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2011-07-21 19:43 . 2011-07-21 19:43 27648 c:\windows\Installer\a3af0.msp
    - 2011-03-21 00:58 . 2011-08-10 05:09 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
    + 2011-03-21 00:58 . 2011-09-22 01:25 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
    - 2011-03-21 00:58 . 2011-08-10 05:09 42848 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
    + 2011-03-21 00:58 . 2011-09-22 01:25 42848 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
    + 2011-03-21 00:58 . 2011-09-22 01:25 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
    - 2011-03-21 00:58 . 2011-08-10 05:09 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
    + 2011-09-22 01:49 . 2011-09-22 01:49 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\5e66ba90ab2f24317ca76582f3ea3948\UIAutomationProvider.ni.dll
    + 2011-09-22 01:51 . 2011-09-22 01:51 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\c42639bd8c7c7855c4d11be1f0ccdf97\System.Windows.Presentation.ni.dll
    + 2011-09-22 01:51 . 2011-09-22 01:51 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\3be20b4f9e9df41aaea426041f4f410a\System.Web.ApplicationServices.ni.dll
    + 2011-09-22 01:51 . 2011-09-22 01:51 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\3bea7a34d24b4dc1e3925b0b9bc9d45b\System.ServiceModel.Channels.ni.dll
    + 2011-09-22 01:50 . 2011-09-22 01:50 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\882adb9ad5e9b434ef926193f595e757\System.AddIn.Contract.ni.dll
    + 2011-09-22 01:49 . 2011-09-22 01:49 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\7ee890ba3e1869ab04930948df453d3f\Microsoft.VisualC.ni.dll
    + 2011-09-22 01:49 . 2011-09-22 01:49 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\950b5b880e8d8af1709f06b6a1a854a0\Accessibility.ni.dll
    - 2011-08-10 18:17 . 2011-08-10 18:17 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\4a63fb97b3c648a28b8047697869ee7d\UIAutomationProvider.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\4a63fb97b3c648a28b8047697869ee7d\UIAutomationProvider.ni.dll
    - 2011-08-10 22:06 . 2011-08-10 22:06 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\3ef94ae15e7d80bb818934265bb90c10\System.Windows.Presentation.ni.dll
    + 2011-09-22 01:48 . 2011-09-22 01:48 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\3ef94ae15e7d80bb818934265bb90c10\System.Windows.Presentation.ni.dll
    - 2011-08-10 22:05 . 2011-08-10 22:05 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\dd2bb107a0bbac08a0ccaf93c8bb7490\System.Web.DynamicData.Design.ni.dll
    + 2011-09-22 01:48 . 2011-09-22 01:48 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\dd2bb107a0bbac08a0ccaf93c8bb7490\System.Web.DynamicData.Design.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\54d33aa6cf3af2d6e28c7d46c0ce363f\System.ComponentModel.DataAnnotations.ni.dll
    - 2011-08-10 22:04 . 2011-08-10 22:04 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\54d33aa6cf3af2d6e28c7d46c0ce363f\System.ComponentModel.DataAnnotations.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\e88e6ace53ab318210c1657483321e40\System.AddIn.Contract.ni.dll
    - 2011-08-10 22:04 . 2011-08-10 22:04 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\e88e6ace53ab318210c1657483321e40\System.AddIn.Contract.ni.dll
    - 2011-08-10 22:01 . 2011-08-10 22:01 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\cd32e850b908317981c109dd20a0d5b2\stdole.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\cd32e850b908317981c109dd20a0d5b2\stdole.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\fe7afc935e0c66172577a1ded815993b\PresentationFontCache.ni.exe
    - 2011-08-10 22:04 . 2011-08-10 22:04 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\fe7afc935e0c66172577a1ded815993b\PresentationFontCache.ni.exe
    - 2011-08-10 18:17 . 2011-08-10 18:17 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\e5c56e2a79ebb350e0aa6805f4d5e649\PresentationCFFRasterizer.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\e5c56e2a79ebb350e0aa6805f4d5e649\PresentationCFFRasterizer.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\69b036f1479a9aa93430f2d1676032b2\napcrypt.ni.dll
    - 2011-08-10 22:04 . 2011-08-10 22:04 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\69b036f1479a9aa93430f2d1676032b2\napcrypt.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\a698e95f7aee68b567b029c993c82fdf\Microsoft.WSMan.Runtime.ni.dll
    - 2011-08-10 22:04 . 2011-08-10 22:04 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\a698e95f7aee68b567b029c993c82fdf\Microsoft.WSMan.Runtime.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 23040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\f5cca6362e06e2309a6e9178394f7a8b\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
    - 2011-08-10 22:04 . 2011-08-10 22:04 23040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\f5cca6362e06e2309a6e9178394f7a8b\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
    - 2011-08-10 22:04 . 2011-08-10 22:04 27136 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\d9b43f70e7e938a37e2e5d8565d799c8\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 27136 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\d9b43f70e7e938a37e2e5d8565d799c8\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
    - 2011-08-10 22:04 . 2011-08-10 22:04 25088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\d1bea82d1c7c4915105caf1f24beebf1\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 25088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\d1bea82d1c7c4915105caf1f24beebf1\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
    - 2011-08-10 22:04 . 2011-08-10 22:04 32256 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\cd8db1ed1e76bc6dd03076974c9193fd\Microsoft.Windows.Diagnosis.SDHost.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 32256 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\cd8db1ed1e76bc6dd03076974c9193fd\Microsoft.Windows.Diagnosis.SDHost.ni.dll
    - 2011-08-10 22:04 . 2011-08-10 22:04 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\7d5196989f1f33459333fd90719bebb0\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\7d5196989f1f33459333fd90719bebb0\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
    - 2011-08-10 22:04 . 2011-08-10 22:04 86528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\6e586e1d91803407aa5a99fb6a4fec25\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 86528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\6e586e1d91803407aa5a99fb6a4fec25\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\405aa271df15b8ce1b0b970f37687152\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
    - 2011-08-10 22:04 . 2011-08-10 22:04 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\405aa271df15b8ce1b0b970f37687152\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
    - 2011-08-10 22:03 . 2011-08-10 22:03 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\2ac41c859d5e5e84993a555e3eeaea90\Microsoft.Vsa.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\2ac41c859d5e5e84993a555e3eeaea90\Microsoft.Vsa.ni.dll
    - 2011-08-10 18:58 . 2011-08-10 18:58 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\fa0ab046907e7ed154ce2ba749eebb52\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.ni.dll
    + 2011-09-22 01:43 . 2011-09-22 01:43 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\fa0ab046907e7ed154ce2ba749eebb52\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.ni.dll
    + 2011-09-22 01:43 . 2011-09-22 01:43 35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f356c4455ca50bd2b3d1707214229ad8\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.ni.dll
    - 2011-08-10 18:59 . 2011-08-10 18:59 35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f356c4455ca50bd2b3d1707214229ad8\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.ni.dll
    - 2011-08-10 18:58 . 2011-08-10 18:58 43008 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\c5a915e87a37fdedf41ac24ee5f97bb1\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.ni.dll
    + 2011-09-22 01:43 . 2011-09-22 01:43 43008 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\c5a915e87a37fdedf41ac24ee5f97bb1\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.ni.dll
    - 2011-08-10 18:58 . 2011-08-10 18:58 42496 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\b282b2b3144437e0322d3c6c29e734d6\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.ni.dll
    + 2011-09-22 01:43 . 2011-09-22 01:43 42496 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\b282b2b3144437e0322d3c6c29e734d6\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.ni.dll
    + 2011-09-22 01:43 . 2011-09-22 01:43 58368 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\8d721ab82f8d49ed7d3fcc4f547cee5d\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.ni.dll
    - 2011-08-10 18:59 . 2011-08-10 18:59 58368 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\8d721ab82f8d49ed7d3fcc4f547cee5d\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.ni.dll
    + 2011-09-22 01:43 . 2011-09-22 01:43 84992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\772e59f6bfc61473ac9d7e0223eb5f83\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.ni.dll
    + 2011-09-22 01:43 . 2011-09-22 01:43 28160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\51705dba55e430dd088a76e7c07f8d3e\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.ni.dll
    - 2011-08-10 18:59 . 2011-08-10 18:59 28160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\51705dba55e430dd088a76e7c07f8d3e\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.ni.dll
    + 2011-09-22 01:43 . 2011-09-22 01:43 54784 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\3534f931f053ffd10f687f48170cd9c0\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.ni.dll
    - 2011-08-10 18:59 . 2011-08-10 18:59 54784 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\3534f931f053ffd10f687f48170cd9c0\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.ni.dll
    - 2011-08-10 22:04 . 2011-08-10 22:04 66560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\1bae59136b7143a0a5dd3d927d9ed4bd\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 66560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\1bae59136b7143a0a5dd3d927d9ed4bd\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.ni.dll
    + 2011-09-22 01:43 . 2011-09-22 01:43 28672 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\0c0a573d4a6aba73f2916a1d9e56bfb3\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.ni.dll
    - 2011-08-10 18:59 . 2011-08-10 18:59 28672 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\0c0a573d4a6aba73f2916a1d9e56bfb3\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.ni.dll
    - 2011-08-10 05:11 . 2011-08-10 05:11 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\f7ce61c1a288adc4c39512d9f6767daf\Microsoft.VisualC.ni.dll
    + 2011-09-22 01:43 . 2011-09-22 01:43 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\f7ce61c1a288adc4c39512d9f6767daf\Microsoft.VisualC.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 39936 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\e2aa50d1e49dd00b728aa499e89b2850\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 39936 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\e2aa50d1e49dd00b728aa499e89b2850\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\d0a9152ccf7fdbbff625ca972783ece8\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\d0a9152ccf7fdbbff625ca972783ece8\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop.ni.dll
    - 2011-08-10 22:03 . 2011-08-10 22:03 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\6a8f81602a36f184aa50eb8afdc297cd\Microsoft.Office.InfoPath.Permission.ni.dll
    + 2011-09-22 01:46 . 2011-09-22 01:46 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\6a8f81602a36f184aa50eb8afdc297cd\Microsoft.Office.InfoPath.Permission.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 95232 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\c0f026e83b07888411e78488c610bd67\Microsoft.MediaCenter.ITVVM.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 95232 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\c0f026e83b07888411e78488c610bd67\Microsoft.MediaCenter.ITVVM.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 36352 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\ad899316f7d4bf50e407ccf443c8f4a7\Microsoft.MediaCenter.iTv.Hosting.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 36352 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\ad899316f7d4bf50e407ccf443c8f4a7\Microsoft.MediaCenter.iTv.Hosting.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\9152d7f0adafac97d853647ca783b8e4\Microsoft.Build.Framework.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\9152d7f0adafac97d853647ca783b8e4\Microsoft.Build.Framework.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\5c219cc49d452997a91d916309511e68\Microsoft.Build.Framework.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\5c219cc49d452997a91d916309511e68\Microsoft.Build.Framework.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 54784 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft-Windows-H#\79448418d20d1b98196b184372c9e4ff\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 54784 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft-Windows-H#\79448418d20d1b98196b184372c9e4ff\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 23552 c:\windows\assembly\NativeImages_v2.0.50727_32\LoadMxf\ec98b5a1ea933fc3f5db6cae3051dbd4\LoadMxf.ni.exe
    + 2011-09-22 01:45 . 2011-09-22 01:45 23552 c:\windows\assembly\NativeImages_v2.0.50727_32\LoadMxf\ec98b5a1ea933fc3f5db6cae3051dbd4\LoadMxf.ni.exe
    - 2011-08-10 22:02 . 2011-08-10 22:02 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\ipdmctrl\f300d829828ecb386ecc5b972641e44c\ipdmctrl.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\ipdmctrl\f300d829828ecb386ecc5b972641e44c\ipdmctrl.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 60416 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\ac010bace23545b3a5b1825e5c7b046e\ehiUserXp.ni.dll
    - 2011-08-10 22:01 . 2011-08-10 22:01 60416 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\ac010bace23545b3a5b1825e5c7b046e\ehiUserXp.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 18432 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUPnP\43878a7234dc290fe15d91a9e66b77ad\ehiUPnP.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 18432 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUPnP\43878a7234dc290fe15d91a9e66b77ad\ehiUPnP.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiTVMSMusic\cd13468601c6297aa590494b3b08ff10\ehiTVMSMusic.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiTVMSMusic\cd13468601c6297aa590494b3b08ff10\ehiTVMSMusic.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 82432 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiiTv\be26ca008ddeb09baf776fd6840cb912\ehiiTv.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 82432 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiiTv\be26ca008ddeb09baf776fd6840cb912\ehiiTv.ni.dll
    - 2011-08-10 22:01 . 2011-08-10 22:01 33792 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiBmlDataCarousel\271614702adb380f0b93f287ca955dbf\ehiBmlDataCarousel.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 33792 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiBmlDataCarousel\271614702adb380f0b93f287ca955dbf\ehiBmlDataCarousel.ni.dll
    - 2011-08-10 22:01 . 2011-08-10 22:01 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiActivScp\ddf9461986193e36c2bbe7bd39fc2d66\ehiActivScp.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiActivScp\ddf9461986193e36c2bbe7bd39fc2d66\ehiActivScp.ni.dll
    - 2011-08-10 19:00 . 2011-08-10 19:00 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\027211443c6da8187fe92e682c048cd5\dfsvc.ni.exe
    + 2011-09-22 01:44 . 2011-09-22 01:44 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\027211443c6da8187fe92e682c048cd5\dfsvc.ni.exe
    + 2011-09-22 01:43 . 2011-09-22 01:43 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\AuditPolicyGPManage#\8286e5ea12f08f351f0d00280de1beba\AuditPolicyGPManagedStubs.Interop.ni.dll
    - 2011-08-10 05:11 . 2011-08-10 05:11 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\AuditPolicyGPManage#\8286e5ea12f08f351f0d00280de1beba\AuditPolicyGPManagedStubs.Interop.ni.dll
    + 2011-09-22 01:43 . 2011-09-22 01:43 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\b614f2d2f13857c09c98b02944fc1c41\Accessibility.ni.dll
    - 2011-08-10 05:11 . 2011-08-10 05:11 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\b614f2d2f13857c09c98b02944fc1c41\Accessibility.ni.dll
    + 2011-09-22 01:33 . 2011-09-22 01:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-09-21 21:31 . 2011-09-21 21:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-09-21 21:31 . 2011-09-21 21:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-09-22 01:33 . 2011-09-22 01:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-09-22 01:51 . 2011-09-22 01:51 9216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\1a890e72269abe36365d861bca8fca70\System.Xml.Serialization.ni.dll
    + 2011-09-22 01:49 . 2011-09-22 01:49 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\e335cdfdb3e46fb0f75cb2ce83dabf48\dfsvc.ni.exe
    + 2011-09-21 20:51 . 2011-07-27 05:47 361472 c:\windows\winsxs\x86_microsoft-windows-d..nese-eacommonapijpn_31bf3856ad364e35_6.1.7601.21779_none_9448d5bb47afabae\IMJPAPI.DLL
    + 2011-09-21 20:51 . 2011-07-27 04:27 361472 c:\windows\winsxs\x86_microsoft-windows-d..nese-eacommonapijpn_31bf3856ad364e35_6.1.7601.17658_none_93d3d87e2e82baab\IMJPAPI.DLL
    + 2011-09-21 20:51 . 2011-07-27 04:27 361472 c:\windows\winsxs\x86_microsoft-windows-d..nese-eacommonapijpn_31bf3856ad364e35_6.1.7600.21016_none_92a02f814a5b7f59\IMJPAPI.DLL
    + 2011-09-21 20:51 . 2011-07-27 04:30 361472 c:\windows\winsxs\x86_microsoft-windows-d..nese-eacommonapijpn_31bf3856ad364e35_6.1.7600.16856_none_91eb7ae4315e1c11\IMJPAPI.DLL
    + 2009-07-14 02:05 . 2011-09-22 01:20 626040 c:\windows\System32\perfh009.dat
     
  4. Kergath

    Kergath TS Rookie Topic Starter

    + 2009-07-14 02:05 . 2011-09-22 01:20 107316 c:\windows\System32\perfc009.dat
    + 2011-09-21 20:51 . 2011-07-27 04:27 361472 c:\windows\System32\IME\IMEJP10\IMJPAPI.DLL
    - 2009-07-13 23:26 . 2009-07-14 01:15 361472 c:\windows\System32\IME\IMEJP10\IMJPAPI.DLL
    + 2011-04-18 20:18 . 2011-04-18 20:18 165648 c:\windows\System32\drivers\MpFilter.sys
    + 2011-03-06 02:19 . 2011-09-22 01:33 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2011-03-06 02:19 . 2011-09-21 21:31 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2009-07-14 04:47 . 2011-09-22 01:32 387812 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 04:47 . 2011-09-21 21:30 387812 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-04-01 21:30 . 2011-09-22 01:01 773700 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3881011562-596480335-2157353384-1000-12288.dat
    + 2011-04-06 23:48 . 2011-04-06 23:48 236880 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Net.dll
    + 2011-05-17 16:27 . 2011-05-17 16:27 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
    - 2011-04-12 22:11 . 2011-04-12 22:11 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
    + 2011-04-06 23:48 . 2011-04-06 23:48 191840 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
    + 2011-05-17 16:27 . 2011-05-17 16:27 413520 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
    + 2011-05-17 16:27 . 2011-05-17 16:27 956240 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
    + 2011-05-17 16:27 . 2011-05-17 16:27 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
    - 2011-04-12 22:11 . 2011-04-12 22:11 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
    + 2011-09-22 01:21 . 2011-09-22 01:21 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
    + 2011-09-22 01:21 . 2011-09-22 01:21 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
    + 2011-09-22 01:21 . 2011-09-22 01:21 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2011-09-22 01:21 . 2011-09-22 01:21 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2011-09-22 01:21 . 2011-09-22 01:21 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2011-09-22 01:21 . 2011-09-22 01:21 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2011-09-22 01:21 . 2011-09-22 01:21 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2011-09-22 01:21 . 2011-09-22 01:21 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
    + 2011-09-22 01:21 . 2011-09-22 01:21 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
    + 2011-09-22 01:21 . 2011-09-22 01:21 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
    + 2011-09-22 01:21 . 2011-09-22 01:21 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
    + 2011-09-22 01:21 . 2011-09-22 01:21 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
    + 2011-09-22 01:21 . 2011-09-22 01:21 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
    + 2011-09-22 01:21 . 2011-09-22 01:21 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
    + 2011-09-22 01:21 . 2011-09-22 01:21 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
    + 2011-03-21 00:58 . 2011-09-22 01:25 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
    - 2011-03-21 00:58 . 2011-08-10 05:09 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
    - 2011-03-21 00:58 . 2011-08-10 05:09 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
    + 2011-03-21 00:58 . 2011-09-22 01:25 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
    - 2011-03-21 00:58 . 2011-08-10 05:09 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
    + 2011-03-21 00:58 . 2011-09-22 01:25 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
    + 2011-03-21 00:58 . 2011-09-22 01:25 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
    - 2011-03-21 00:58 . 2011-08-10 05:09 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
    - 2011-03-21 00:58 . 2011-08-10 05:09 469856 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
    + 2011-03-21 00:58 . 2011-09-22 01:25 469856 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
    - 2011-03-21 00:58 . 2011-08-10 05:09 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
    + 2011-03-21 00:58 . 2011-09-22 01:25 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
    + 2011-09-22 01:52 . 2011-09-22 01:52 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\1b8d986036465b9f0db4fbaf8876ad72\WindowsFormsIntegration.ni.dll
    + 2011-09-22 01:49 . 2011-09-22 01:49 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\7b9037ad1952bc81a382b2fcddd8320a\UIAutomationTypes.ni.dll
    + 2011-09-22 01:51 . 2011-09-22 01:51 484352 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\08b935a4ef1b64faec4e9739db313298\UIAutomationClient.ni.dll
    + 2011-09-22 01:49 . 2011-09-22 01:49 393216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\0f5813c19bc6dc46e87c6beafb97d525\System.Xml.Linq.ni.dll
    + 2011-09-22 01:49 . 2011-09-22 01:49 189440 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\8681ad3f75515a261e7980d01ac5fa2e\System.Windows.Input.Manipulations.ni.dll
    + 2011-09-22 01:49 . 2011-09-22 01:49 649728 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\5314989a2066877016eaac44f927092c\System.Transactions.ni.dll
    + 2011-09-22 01:51 . 2011-09-22 01:51 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\b784695a620842be9b660769dd43c898\System.ServiceProcess.ni.dll
    + 2011-09-22 01:51 . 2011-09-22 01:51 369664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8671670b07fb8597048ef4aae0a5ede4\System.ServiceModel.Routing.ni.dll
    + 2011-09-22 01:22 . 2011-09-22 01:22 736768 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\68dd8aa8c376dd3c44f8e56c3767ac1d\System.Security.ni.dll
    + 2011-09-22 01:49 . 2011-09-22 01:49 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\e8452df7471e5ba24ca642b4c4e1ef37\System.Runtime.Serialization.Formatters.Soap.ni.dll
    + 2011-09-22 01:49 . 2011-09-22 01:49 762880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\bbc34aac73481fc04fe9b7aff9927437\System.Runtime.Remoting.ni.dll
    + 2011-09-22 01:19 . 2011-09-22 01:19 145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\21335cc2e54f4995b582cfa9d1efbcaa\System.Numerics.ni.dll
    + 2011-09-22 01:51 . 2011-09-22 01:51 657408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\0db265c571d2baf9c46511b9955fa7c4\System.Net.ni.dll
    + 2011-09-22 01:51 . 2011-09-22 01:51 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\5539ada158b0520c68ab8cbaa6dab8b2\System.Messaging.ni.dll
    + 2011-09-22 01:51 . 2011-09-22 01:51 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\89a46fc2fa698580fd2fa81df5cd020a\System.Management.Instrumentation.ni.dll
    + 2011-09-22 01:51 . 2011-09-22 01:51 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\e022b746f10ca855a632ff405f7f1259\System.IO.Log.ni.dll
    + 2011-09-22 01:51 . 2011-09-22 01:51 229888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\a6518b3baf1d987d831c5fc1b295306d\System.IdentityModel.Selectors.ni.dll
    + 2011-09-22 01:49 . 2011-09-22 01:49 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\3c81550255199caad42b6927e52cbe20\System.EnterpriseServices.Wrapper.dll
    + 2011-09-22 01:49 . 2011-09-22 01:49 787456 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\3c81550255199caad42b6927e52cbe20\System.EnterpriseServices.ni.dll
    + 2011-09-22 01:22 . 2011-09-22 01:22 377856 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\a0ced4a2cbd6aa8f9cf2a28b641e0300\System.Dynamic.ni.dll
    + 2011-09-22 01:51 . 2011-09-22 01:51 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\8227f92f9e71e619b541050995617717\System.DirectoryServices.AccountManagement.ni.dll
    + 2011-09-22 01:51 . 2011-09-22 01:51 470528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\6ec8651192262a0732c9c187486e9fb9\System.DirectoryServices.Protocols.ni.dll
    + 2011-09-22 01:51 . 2011-09-22 01:51 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\1652ce31226964496c1d5b5b4f69277e\System.Device.ni.dll
    + 2011-09-22 01:50 . 2011-09-22 01:50 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\5b1934fc32b50e5a42a64999d0b27112\System.Data.DataSetExtensions.ni.dll
    + 2011-09-22 01:22 . 2011-09-22 01:22 982528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\786df9adb3752f8f67b90dedb60dc2a1\System.Configuration.ni.dll
    + 2011-09-22 01:50 . 2011-09-22 01:50 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\7a2a83b1625f100331691f44b6e9c3ab\System.Configuration.Install.ni.dll
    + 2011-09-22 01:22 . 2011-09-22 01:22 693760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\eb22b58fc80ef55a2879bd6f121e9989\System.ComponentModel.Composition.ni.dll
    + 2011-09-22 01:50 . 2011-09-22 01:50 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\a3084fbf0204cd93a9d1e8722774f0b7\System.ComponentModel.DataAnnotations.ni.dll
    + 2011-09-22 01:50 . 2011-09-22 01:50 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\6254a35e295c52224f7bdc9e5ac9c81f\System.AddIn.ni.dll
    + 2011-09-22 01:49 . 2011-09-22 01:49 411136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\2b905c99ccccb248a7653fabe4b55b09\System.Activities.DurableInstancing.ni.dll
    + 2011-09-22 01:49 . 2011-09-22 01:49 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\51bdfe23e8b22bbed5fabfed9371b5b0\SMSvcHost.ni.exe
    + 2011-09-22 01:49 . 2011-09-22 01:49 143360 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef32e2d63c908a8e4b21b30b2debcd03\SMDiagnostics.ni.dll
    + 2011-09-22 01:22 . 2011-09-22 01:22 387072 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ac6b30fb021fe513bc7f5eb98874ab98\PresentationFramework.Royale.ni.dll
    + 2011-09-22 01:21 . 2011-09-22 01:21 309760 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ab273e4606367562d98caf792f366523\PresentationFramework.Classic.ni.dll
    + 2011-09-22 01:21 . 2011-09-22 01:21 595968 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\64d84a18bdebd88f137f11ec220748ff\PresentationFramework.Aero.ni.dll
    + 2011-09-22 01:21 . 2011-09-22 01:21 755712 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\08ffd91342eb8f789914456a3a0d29dd\PresentationFramework.Luna.ni.dll
    + 2011-09-22 01:49 . 2011-09-22 01:49 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\43eb12b6198092efc2b8a030ace2e3f2\Microsoft.VisualBasic.Compatibility.Data.ni.dll
    + 2011-09-22 01:49 . 2011-09-22 01:49 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\da0ae911ee95f4e67660e8e584ca8e7b\Microsoft.Transactions.Bridge.Dtc.ni.dll
    + 2011-09-22 01:49 . 2011-09-22 01:49 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\8bd0bb7822eb2d50cb4c1a82a7f934e8\CustomMarshalers.ni.dll
    - 2011-08-10 22:06 . 2011-08-10 22:06 321024 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\41ccc24e8cc5f2474ce1105f0b8ebb78\WsatConfig.ni.exe
    + 2011-09-22 01:49 . 2011-09-22 01:49 321024 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\41ccc24e8cc5f2474ce1105f0b8ebb78\WsatConfig.ni.exe
    + 2011-09-22 01:49 . 2011-09-22 01:49 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bb04320c07e3c71ac2d18cb382d97f41\WindowsFormsIntegration.ni.dll
    - 2011-08-10 22:06 . 2011-08-10 22:06 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bb04320c07e3c71ac2d18cb382d97f41\WindowsFormsIntegration.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 185344 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\8b3b6ed74cb3d94695b0eaf94a362d42\UIAutomationTypes.ni.dll
    - 2011-08-10 18:17 . 2011-08-10 18:17 185344 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\8b3b6ed74cb3d94695b0eaf94a362d42\UIAutomationTypes.ni.dll
    - 2011-08-10 22:03 . 2011-08-10 22:03 452096 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\d63e6fb41aa502bf6724043e6ac1367f\UIAutomationClient.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 452096 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\d63e6fb41aa502bf6724043e6ac1367f\UIAutomationClient.ni.dll
    - 2011-08-10 22:06 . 2011-08-10 22:06 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\1c1f731e8684204f56f37cc66b5bc60d\TaskScheduler.ni.dll
    + 2011-09-22 01:49 . 2011-09-22 01:49 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\1c1f731e8684204f56f37cc66b5bc60d\TaskScheduler.ni.dll
    - 2011-08-10 22:05 . 2011-08-10 22:05 401408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\b096bd83a66a8d1dcd761747730cc64c\System.Xml.Linq.ni.dll
    + 2011-09-22 01:48 . 2011-09-22 01:48 401408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\b096bd83a66a8d1dcd761747730cc64c\System.Xml.Linq.ni.dll
    - 2011-08-10 22:05 . 2011-08-10 22:05 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\efca1fd7e9df8e24c007cd003346e0e5\System.Web.Routing.ni.dll
    + 2011-09-22 01:48 . 2011-09-22 01:48 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\efca1fd7e9df8e24c007cd003346e0e5\System.Web.Routing.ni.dll
    - 2011-08-10 18:19 . 2011-08-10 18:19 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\66126f1309396535f2ba93f752016902\System.Web.RegularExpressions.ni.dll
    + 2011-09-22 01:44 . 2011-09-22 01:44 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\66126f1309396535f2ba93f752016902\System.Web.RegularExpressions.ni.dll
    - 2011-08-10 22:05 . 2011-08-10 22:05 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6c551bf6f7716b0f527f4274fb04cc2e\System.Web.Extensions.Design.ni.dll
    + 2011-09-22 01:48 . 2011-09-22 01:48 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6c551bf6f7716b0f527f4274fb04cc2e\System.Web.Extensions.Design.ni.dll
    + 2011-09-22 01:48 . 2011-09-22 01:48 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\03eda303152940cb2e78a0030cf572b5\System.Web.Entity.ni.dll
    - 2011-08-10 22:05 . 2011-08-10 22:05 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\03eda303152940cb2e78a0030cf572b5\System.Web.Entity.ni.dll
    + 2011-09-22 01:48 . 2011-09-22 01:48 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\7b93fe55a51f2a6010365a17546170bc\System.Web.Entity.Design.ni.dll
    - 2011-08-10 22:05 . 2011-08-10 22:05 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\7b93fe55a51f2a6010365a17546170bc\System.Web.Entity.Design.ni.dll
    + 2011-09-22 01:48 . 2011-09-22 01:48 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\979bf2cab91b5d50aef1525ca96ff690\System.Web.DynamicData.ni.dll
    - 2011-08-10 22:05 . 2011-08-10 22:05 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\979bf2cab91b5d50aef1525ca96ff690\System.Web.DynamicData.ni.dll
    + 2011-09-22 01:48 . 2011-09-22 01:48 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\067516a8300bb5fdbddb38cb9f6c934e\System.Web.Abstractions.ni.dll
    - 2011-08-10 22:05 . 2011-08-10 22:05 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\067516a8300bb5fdbddb38cb9f6c934e\System.Web.Abstractions.ni.dll
    + 2011-09-22 01:44 . 2011-09-22 01:44 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4e03de263f1fec29c4a7fa18986d0868\System.Transactions.ni.dll
    - 2011-08-10 18:18 . 2011-08-10 18:18 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4e03de263f1fec29c4a7fa18986d0868\System.Transactions.ni.dll
    + 2011-09-22 01:44 . 2011-09-22 01:44 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\86a2ec5efbcfcd1105475364d7975b15\System.ServiceProcess.ni.dll
    - 2011-08-10 18:19 . 2011-08-10 18:19 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\86a2ec5efbcfcd1105475364d7975b15\System.ServiceProcess.ni.dll
    + 2011-09-22 01:43 . 2011-09-22 01:43 680448 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\c0d90fae726bca4f272ac9a2906b3741\System.Security.ni.dll
    - 2011-08-10 18:16 . 2011-08-10 18:16 680448 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\c0d90fae726bca4f272ac9a2906b3741\System.Security.ni.dll
    - 2011-08-10 18:17 . 2011-08-10 18:17 310784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e47bab16c150f9697594d8fd65532578\System.Runtime.Serialization.Formatters.Soap.ni.dll
    + 2011-09-22 01:44 . 2011-09-22 01:44 310784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e47bab16c150f9697594d8fd65532578\System.Runtime.Serialization.Formatters.Soap.ni.dll
    + 2011-09-22 01:44 . 2011-09-22 01:44 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3e3b399b69c569ab1ed3b0ace2c8c20\System.Runtime.Remoting.ni.dll
    - 2011-08-10 18:18 . 2011-08-10 18:18 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3e3b399b69c569ab1ed3b0ace2c8c20\System.Runtime.Remoting.ni.dll
    + 2011-09-22 01:48 . 2011-09-22 01:48 624128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\e16f381a978103ac92bf64b99716c857\System.Net.ni.dll
    - 2011-08-10 22:05 . 2011-08-10 22:05 624128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\e16f381a978103ac92bf64b99716c857\System.Net.ni.dll
    - 2011-08-10 19:00 . 2011-08-10 19:00 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\ac9fe083b4cf11aab834d6654cdeb429\System.Messaging.ni.dll
    + 2011-09-22 01:44 . 2011-09-22 01:44 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\ac9fe083b4cf11aab834d6654cdeb429\System.Messaging.ni.dll
    + 2011-09-22 01:48 . 2011-09-22 01:48 330240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\b95b509ac74958a1d8568293c3dc43ba\System.Management.Instrumentation.ni.dll
    - 2011-08-10 22:05 . 2011-08-10 22:05 330240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\b95b509ac74958a1d8568293c3dc43ba\System.Management.Instrumentation.ni.dll
    - 2011-08-10 22:05 . 2011-08-10 22:05 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e083fdbcc88f5850290f2cf65ae1efae\System.IO.Log.ni.dll
    + 2011-09-22 01:48 . 2011-09-22 01:48 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e083fdbcc88f5850290f2cf65ae1efae\System.IO.Log.ni.dll
    - 2011-08-10 19:00 . 2011-08-10 19:00 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\736226563a7f564e4629e34d52b3d6c6\System.IdentityModel.Selectors.ni.dll
    + 2011-09-22 01:44 . 2011-09-22 01:44 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\736226563a7f564e4629e34d52b3d6c6\System.IdentityModel.Selectors.ni.dll
    - 2011-08-10 18:18 . 2011-08-10 18:18 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\3a17291e4caa1a23f652129fc88e3dda\System.EnterpriseServices.Wrapper.dll
    + 2011-09-22 01:44 . 2011-09-22 01:44 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\3a17291e4caa1a23f652129fc88e3dda\System.EnterpriseServices.Wrapper.dll
    + 2011-09-22 01:44 . 2011-09-22 01:44 628224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\3a17291e4caa1a23f652129fc88e3dda\System.EnterpriseServices.ni.dll
    - 2011-08-10 18:18 . 2011-08-10 18:18 628224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\3a17291e4caa1a23f652129fc88e3dda\System.EnterpriseServices.ni.dll
    + 2011-09-22 01:44 . 2011-09-22 01:44 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\41d65038625368f089fc66b8a544f934\System.Drawing.Design.ni.dll
    - 2011-08-10 18:19 . 2011-08-10 18:19 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\41d65038625368f089fc66b8a544f934\System.Drawing.Design.ni.dll
    + 2011-09-22 01:44 . 2011-09-22 01:44 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\3c443dc0b8879bfe286a07f15060787f\System.DirectoryServices.Protocols.ni.dll
    - 2011-08-10 18:19 . 2011-08-10 18:19 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\3c443dc0b8879bfe286a07f15060787f\System.DirectoryServices.Protocols.ni.dll
    + 2011-09-22 01:48 . 2011-09-22 01:48 888320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\1f6d55f401cfe7041f9fd3b4aebffa9b\System.DirectoryServices.AccountManagement.ni.dll
    - 2011-08-10 22:05 . 2011-08-10 22:05 888320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\1f6d55f401cfe7041f9fd3b4aebffa9b\System.DirectoryServices.AccountManagement.ni.dll
    + 2011-09-22 01:48 . 2011-09-22 01:48 462336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\0896f955eb175a4e0bfff73b94f57619\System.Data.Services.Design.ni.dll
    - 2011-08-10 22:05 . 2011-08-10 22:05 462336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\0896f955eb175a4e0bfff73b94f57619\System.Data.Services.Design.ni.dll
    - 2011-08-10 22:05 . 2011-08-10 22:05 763392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\8f130b77f8f47e23cd748679173bdf33\System.Data.Entity.Design.ni.dll
    + 2011-09-22 01:48 . 2011-09-22 01:48 763392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\8f130b77f8f47e23cd748679173bdf33\System.Data.Entity.Design.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\ad3f6eae36ce486187311de6836b4904\System.Data.DataSetExtensions.ni.dll
    - 2011-08-10 22:04 . 2011-08-10 22:04 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\ad3f6eae36ce486187311de6836b4904\System.Data.DataSetExtensions.ni.dll
    + 2011-09-22 01:43 . 2011-09-22 01:43 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
    - 2011-08-10 18:16 . 2011-08-10 18:16 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
    + 2011-09-22 01:44 . 2011-09-22 01:44 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\81423a8207177ffcfac843f9d7b662d2\System.Configuration.Install.ni.dll
    - 2011-08-10 18:19 . 2011-08-10 18:19 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\81423a8207177ffcfac843f9d7b662d2\System.Configuration.Install.ni.dll
    + 2011-09-22 01:43 . 2011-09-22 01:43 633344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\fc5edc97ac59d0d0d45bb9b623b9927b\System.AddIn.ni.dll
    - 2011-08-10 18:58 . 2011-08-10 18:58 633344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\fc5edc97ac59d0d0d45bb9b623b9927b\System.AddIn.ni.dll
    + 2011-09-22 01:48 . 2011-09-22 01:48 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\88f0efe11487b846342fdee227f3da52\sysglobl.ni.dll
    - 2011-08-10 22:05 . 2011-08-10 22:05 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\88f0efe11487b846342fdee227f3da52\sysglobl.ni.dll
    - 2011-08-10 22:04 . 2011-08-10 22:04 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\4a33aa8911167af5fcba60f1b02ad45b\SMSvcHost.ni.exe
    + 2011-09-22 01:47 . 2011-09-22 01:47 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\4a33aa8911167af5fcba60f1b02ad45b\SMSvcHost.ni.exe
    + 2011-09-22 01:44 . 2011-09-22 01:44 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\b907dd027bbe99c5035b1d6355f83998\SMDiagnostics.ni.dll
    - 2011-08-10 18:59 . 2011-08-10 18:59 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\b907dd027bbe99c5035b1d6355f83998\SMDiagnostics.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 294912 c:\windows\assembly\NativeImages_v2.0.50727_32\SecurityAuditPolici#\bebba13c472daad81b7e0e908d34e76f\SecurityAuditPoliciesSnapIn.ni.dll
    - 2011-08-10 22:03 . 2011-08-10 22:03 294912 c:\windows\assembly\NativeImages_v2.0.50727_32\SecurityAuditPolici#\bebba13c472daad81b7e0e908d34e76f\SecurityAuditPoliciesSnapIn.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9997cb70ba2c05761f6196f65dae7588\PresentationFramework.Royale.ni.dll
    - 2011-08-10 18:19 . 2011-08-10 18:19 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9997cb70ba2c05761f6196f65dae7588\PresentationFramework.Royale.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7f94f6b13f92f1e093716d3e15bf86d1\PresentationFramework.Aero.ni.dll
    - 2011-08-10 18:19 . 2011-08-10 18:19 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7f94f6b13f92f1e093716d3e15bf86d1\PresentationFramework.Aero.ni.dll
    - 2011-08-10 18:19 . 2011-08-10 18:19 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4c9a05d7eea9a270d51ffe6f9466d8f8\PresentationFramework.Luna.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4c9a05d7eea9a270d51ffe6f9466d8f8\PresentationFramework.Luna.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 226816 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\16c2dcb95bda37843824b6b0d82d8ef6\PresentationFramework.Classic.ni.dll
    - 2011-08-10 18:19 . 2011-08-10 18:19 226816 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\16c2dcb95bda37843824b6b0d82d8ef6\PresentationFramework.Classic.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\7414a08bca5afde3f99fea854b32098f\napsnap.ni.dll
    - 2011-08-10 22:04 . 2011-08-10 22:04 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\7414a08bca5afde3f99fea854b32098f\napsnap.ni.dll
    - 2011-08-10 22:04 . 2011-08-10 22:04 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\380a55680ec523e5c32df8233cbbcca5\napinit.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\380a55680ec523e5c32df8233cbbcca5\napinit.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 114176 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\8fcb3f856afb930c5add8498cadb4d13\naphlpr.ni.dll
    - 2011-08-10 22:04 . 2011-08-10 22:04 114176 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\8fcb3f856afb930c5add8498cadb4d13\naphlpr.ni.dll
    - 2011-08-10 22:04 . 2011-08-10 22:04 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\46d3794a4a440f22cff17197648f6887\MSBuild.ni.exe
    + 2011-09-22 01:47 . 2011-09-22 01:47 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\46d3794a4a440f22cff17197648f6887\MSBuild.ni.exe
    - 2011-08-10 22:02 . 2011-08-10 22:02 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\71b549afed40761f8be9075ca9ad8dd7\MMCFxCommon.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\71b549afed40761f8be9075ca9ad8dd7\MMCFxCommon.ni.dll
     
  5. Kergath

    Kergath TS Rookie Topic Starter

    + 2011-09-22 01:47 . 2011-09-22 01:47 531968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\1fc72faf9a51b47557273b0ffd7491f2\Microsoft.WSMan.Management.ni.dll
    - 2011-08-10 22:04 . 2011-08-10 22:04 531968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\1fc72faf9a51b47557273b0ffd7491f2\Microsoft.WSMan.Management.ni.dll
    - 2011-08-10 22:04 . 2011-08-10 22:04 161792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\e4eb0bb5680ab582c63df3974222e537\Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 161792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\e4eb0bb5680ab582c63df3974222e537\Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0.ni.dll
    + 2011-09-22 01:43 . 2011-09-22 01:43 184320 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\dedfa5bd943e4a78b1d7eec44c6f737f\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 337408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\d3507fe27d8923dd419bfd835581752d\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0.ni.dll
    - 2011-08-10 22:04 . 2011-08-10 22:04 337408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\d3507fe27d8923dd419bfd835581752d\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0.ni.dll
    - 2011-08-10 22:04 . 2011-08-10 22:04 285184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\c35af2e781284aaa8950788a83537d49\Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 285184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\c35af2e781284aaa8950788a83537d49\Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0.ni.dll
    - 2011-08-10 22:04 . 2011-08-10 22:04 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\b7d6360dcead019981eefacfa72416e6\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\b7d6360dcead019981eefacfa72416e6\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.ni.dll
    - 2011-08-10 22:04 . 2011-08-10 22:04 365056 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\b42639fb347902bc5b1469968cd04d7b\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 365056 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\b42639fb347902bc5b1469968cd04d7b\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 621568 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\ae8fe0125b35fc268b9b2f9e3c1b3578\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.ni.dll
    - 2011-08-10 22:04 . 2011-08-10 22:04 621568 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\ae8fe0125b35fc268b9b2f9e3c1b3578\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 663552 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\9c748be94847db6c1e5301a99ba507b4\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.ni.dll
    - 2011-08-10 22:04 . 2011-08-10 22:04 663552 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\9c748be94847db6c1e5301a99ba507b4\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 303104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\9415b026c58ef2fc5927a383162e9e54\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.ni.dll
    - 2011-08-10 22:04 . 2011-08-10 22:04 303104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\9415b026c58ef2fc5927a383162e9e54\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.ni.dll
    - 2011-08-10 18:58 . 2011-08-10 18:58 215040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\76ee89a9fc6963c5243918faf33baca8\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.ni.dll
    + 2011-09-22 01:43 . 2011-09-22 01:43 215040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\76ee89a9fc6963c5243918faf33baca8\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.ni.dll
    - 2011-08-10 18:59 . 2011-08-10 18:59 112128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\6b120f8db932a314de97c4cd216f8784\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.ni.dll
    + 2011-09-22 01:43 . 2011-09-22 01:43 112128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\6b120f8db932a314de97c4cd216f8784\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\56f1f108a10d41cc682aefb717c3ae49\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0.ni.dll
    - 2011-08-10 22:04 . 2011-08-10 22:04 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\56f1f108a10d41cc682aefb717c3ae49\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0.ni.dll
    - 2011-08-10 18:59 . 2011-08-10 18:59 133120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\4a8e5945ad34fa301703ba1a919726ff\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.ni.dll
    + 2011-09-22 01:43 . 2011-09-22 01:43 133120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\4a8e5945ad34fa301703ba1a919726ff\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.ni.dll
    - 2011-08-10 18:59 . 2011-08-10 18:59 146432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\357ee59bdfd1a6401467728163ebb4b6\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.ni.dll
    + 2011-09-22 01:43 . 2011-09-22 01:43 146432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\357ee59bdfd1a6401467728163ebb4b6\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.ni.dll
    + 2011-09-22 01:43 . 2011-09-22 01:43 191488 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\02d9514b1b163c07b6be2916d5f0166e\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.ni.dll
    - 2011-08-10 22:04 . 2011-08-10 22:04 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\b96b80f166196dc0e148c73dc8452d25\Microsoft.Transactions.Bridge.Dtc.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\b96b80f166196dc0e148c73dc8452d25\Microsoft.Transactions.Bridge.Dtc.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 187392 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\ccf997ac543b2b58903fdf7bca34293d\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 187392 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\ccf997ac543b2b58903fdf7bca34293d\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\8e356070ffe04dd1260867eeae3a731e\Microsoft.Security.ApplicationId.Wizards.AutomaticRuleGenerationWizard.ni.dll
    - 2011-08-10 22:04 . 2011-08-10 22:04 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\8e356070ffe04dd1260867eeae3a731e\Microsoft.Security.ApplicationId.Wizards.AutomaticRuleGenerationWizard.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 157184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\58ea9f1d5b35b9826dfc5f6ce7cf654f\Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 157184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\58ea9f1d5b35b9826dfc5f6ce7cf654f\Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 210944 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\51f749767aea43448df7ad06e6d17c7d\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets.ni.dll
    - 2011-08-10 22:04 . 2011-08-10 22:04 210944 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\51f749767aea43448df7ad06e6d17c7d\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets.ni.dll
    + 2011-09-22 01:46 . 2011-09-22 01:46 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\79b58ce41005165465015645e9aca5c6\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
    - 2011-08-10 22:03 . 2011-08-10 22:03 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\79b58ce41005165465015645e9aca5c6\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
    - 2011-08-10 22:04 . 2011-08-10 22:04 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\546b00ea58f6edb79610c186b66a7e09\Microsoft.PowerShell.Security.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\546b00ea58f6edb79610c186b66a7e09\Microsoft.PowerShell.Security.ni.dll
    - 2011-08-10 22:03 . 2011-08-10 22:03 786432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\4674f7aab6bd1d78a2531f1f59b7789e\Microsoft.PowerShell.Commands.Management.ni.dll
    + 2011-09-22 01:46 . 2011-09-22 01:46 786432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\4674f7aab6bd1d78a2531f1f59b7789e\Microsoft.PowerShell.Commands.Management.ni.dll
    - 2011-08-10 22:03 . 2011-08-10 22:03 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\25e96c962b0b32cec74991f8d52a5da2\Microsoft.PowerShell.ConsoleHost.ni.dll
    + 2011-09-22 01:46 . 2011-09-22 01:46 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\25e96c962b0b32cec74991f8d52a5da2\Microsoft.PowerShell.ConsoleHost.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\05b332106dfa161a88f51f1d407cb68a\Microsoft.PowerShell.GraphicalHost.ni.dll
    - 2011-08-10 22:04 . 2011-08-10 22:04 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\05b332106dfa161a88f51f1d407cb68a\Microsoft.PowerShell.GraphicalHost.ni.dll
    - 2011-08-10 22:03 . 2011-08-10 22:03 854528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\b570b74b770a4358d562c5a31f2cbd81\Microsoft.Office.Tools.Word.v9.0.ni.dll
    + 2011-09-22 01:46 . 2011-09-22 01:46 854528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\b570b74b770a4358d562c5a31f2cbd81\Microsoft.Office.Tools.Word.v9.0.ni.dll
    + 2011-09-22 01:46 . 2011-09-22 01:46 816128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\96972941a997c074ddc332cb3c8127ea\Microsoft.Office.Tools.Common.v9.0.ni.dll
    - 2011-08-10 22:03 . 2011-08-10 22:03 816128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\96972941a997c074ddc332cb3c8127ea\Microsoft.Office.Tools.Common.v9.0.ni.dll
    + 2011-09-22 01:43 . 2011-09-22 01:43 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\58a8452f9bf9f47e742eeed9d951d4cd\Microsoft.Office.Tools.v9.0.ni.dll
    - 2011-08-10 18:58 . 2011-08-10 18:58 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\58a8452f9bf9f47e742eeed9d951d4cd\Microsoft.Office.Tools.v9.0.ni.dll
    + 2011-09-22 01:46 . 2011-09-22 01:46 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\22917976ee488c2705e1595e73f8b2a5\Microsoft.Office.Tools.Outlook.v9.0.ni.dll
    - 2011-08-10 22:03 . 2011-08-10 22:03 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\22917976ee488c2705e1595e73f8b2a5\Microsoft.Office.Tools.Outlook.v9.0.ni.dll
    - 2011-08-10 22:03 . 2011-08-10 22:03 206848 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\87ce9b5e36e642735313f17b8de9ac15\Microsoft.Office.InfoPath.Client.Internal.Host.Interop.ni.dll
    + 2011-09-22 01:46 . 2011-09-22 01:46 206848 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\87ce9b5e36e642735313f17b8de9ac15\Microsoft.Office.InfoPath.Client.Internal.Host.Interop.ni.dll
    + 2011-09-22 01:46 . 2011-09-22 01:46 114688 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\85a54fabbd2dfd3a4e78cf599b18f166\Microsoft.Office.InfoPath.ni.dll
    - 2011-08-10 22:03 . 2011-08-10 22:03 114688 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\85a54fabbd2dfd3a4e78cf599b18f166\Microsoft.Office.InfoPath.ni.dll
    - 2011-08-10 22:03 . 2011-08-10 22:03 375808 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\1c8f2020f97321ed4876d3ef703331e0\Microsoft.Office.Interop.InfoPath.ni.dll
    + 2011-09-22 01:46 . 2011-09-22 01:46 375808 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\1c8f2020f97321ed4876d3ef703331e0\Microsoft.Office.Interop.InfoPath.ni.dll
    + 2011-09-22 01:46 . 2011-09-22 01:46 268800 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\f0ca68cbe1b4e2c4cf1c05fd0ca9d181\Microsoft.Office.BusinessApplications.Diagnostics.ni.dll
    - 2011-08-10 22:03 . 2011-08-10 22:03 268800 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\f0ca68cbe1b4e2c4cf1c05fd0ca9d181\Microsoft.Office.BusinessApplications.Diagnostics.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 229888 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\d7ff7549a38cad34be4edc236f01e6d7\Microsoft.MediaCenter.iTv.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 229888 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\d7ff7549a38cad34be4edc236f01e6d7\Microsoft.MediaCenter.iTv.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 142848 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\b482cb6bb553894f8a3ccc811b172f58\Microsoft.MediaCenter.iTv.Media.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 142848 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\b482cb6bb553894f8a3ccc811b172f58\Microsoft.MediaCenter.iTv.Media.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 849920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\a5c7c9fc4ecd48e398cb4c809d8abf91\Microsoft.MediaCenter.Shell.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 849920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\a5c7c9fc4ecd48e398cb4c809d8abf91\Microsoft.MediaCenter.Shell.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 326144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\7db0f5953b2347728d542185b11658a6\Microsoft.MediaCenter.Playback.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 326144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\7db0f5953b2347728d542185b11658a6\Microsoft.MediaCenter.Playback.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 740864 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\69540ae92cded014582d929ecbad6d7a\Microsoft.MediaCenter.TV.Tuners.Interop.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 740864 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\69540ae92cded014582d929ecbad6d7a\Microsoft.MediaCenter.TV.Tuners.Interop.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 355840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\4bc59bbb2e91c6e7ae59f420369d4ea4\Microsoft.MediaCenter.Interop.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 355840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\4bc59bbb2e91c6e7ae59f420369d4ea4\Microsoft.MediaCenter.Interop.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 705024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\47d791d017ec3aed1a2d3f5fc9791100\Microsoft.MediaCenter.Sports.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 705024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\47d791d017ec3aed1a2d3f5fc9791100\Microsoft.MediaCenter.Sports.ni.dll
    - 2011-08-10 22:03 . 2011-08-10 22:03 105472 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\1c21bb0e47fd3d4bc6796312c5cb8d56\Microsoft.MediaCenter.Mheg.ni.dll
    + 2011-09-22 01:46 . 2011-09-22 01:46 105472 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\1c21bb0e47fd3d4bc6796312c5cb8d56\Microsoft.MediaCenter.Mheg.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\9658825555dc2c9af1a8ce12e6da2cd7\Microsoft.ManagementConsole.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\9658825555dc2c9af1a8ce12e6da2cd7\Microsoft.ManagementConsole.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 286208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.GroupPoli#\ca4fc1503283c934c8000cd0ebe9b90a\Microsoft.GroupPolicy.Interop.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 286208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.GroupPoli#\ca4fc1503283c934c8000cd0ebe9b90a\Microsoft.GroupPolicy.Interop.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 455168 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.GroupPoli#\02b2dc0d65a44379fa11870638cf894e\Microsoft.GroupPolicy.AdmTmplEditor.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 455168 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.GroupPoli#\02b2dc0d65a44379fa11870638cf894e\Microsoft.GroupPolicy.AdmTmplEditor.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 343040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessD#\e3672845a3d6c3ab606facc3366fbcbd\Microsoft.BusinessData.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 343040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessD#\e3672845a3d6c3ab606facc3366fbcbd\Microsoft.BusinessData.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\c52f2b0958be337e88f37a141e18be78\Microsoft.Build.Utilities.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\c52f2b0958be337e88f37a141e18be78\Microsoft.Build.Utilities.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\3f194ebe9a0c1e0903b32f663cb53556\Microsoft.Build.Utilities.v3.5.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\3f194ebe9a0c1e0903b32f663cb53556\Microsoft.Build.Utilities.v3.5.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\e62aa0d898b65d0d831c11b4f56c0785\Microsoft.Build.Engine.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\e62aa0d898b65d0d831c11b4f56c0785\Microsoft.Build.Engine.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\78fb000aaaba73f34dfa9028b7caef8c\Microsoft.Build.Conversion.v3.5.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\78fb000aaaba73f34dfa9028b7caef8c\Microsoft.Build.Conversion.v3.5.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 316928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\7858173b7a5d5ad1ad6b11b256a61a34\Microsoft.ApplicationId.Framework.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 316928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\7858173b7a5d5ad1ad6b11b256a61a34\Microsoft.ApplicationId.Framework.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 587776 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\3e9b7b340be2eedbe058129887e90807\Microsoft.ApplicationId.RuleWizard.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 587776 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\3e9b7b340be2eedbe058129887e90807\Microsoft.ApplicationId.RuleWizard.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 250880 c:\windows\assembly\NativeImages_v2.0.50727_32\Mcx2Dvcs\c75cc7be3eda189ceab3057410cb37d7\Mcx2Dvcs.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 250880 c:\windows\assembly\NativeImages_v2.0.50727_32\Mcx2Dvcs\c75cc7be3eda189ceab3057410cb37d7\Mcx2Dvcs.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 381952 c:\windows\assembly\NativeImages_v2.0.50727_32\mcupdate\9c5436e6a51dab1ac3bf25462916c630\mcupdate.ni.exe
    + 2011-09-22 01:45 . 2011-09-22 01:45 381952 c:\windows\assembly\NativeImages_v2.0.50727_32\mcupdate\9c5436e6a51dab1ac3bf25462916c630\mcupdate.ni.exe
    - 2011-08-10 22:01 . 2011-08-10 22:01 364032 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\fe969316614223634cba1c5544f4e3dd\mcstoredb.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 364032 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\fe969316614223634cba1c5544f4e3dd\mcstoredb.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 371712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcplayerinterop\18b7392840e312aa71f3be695f1f02a9\mcplayerinterop.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 371712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcplayerinterop\18b7392840e312aa71f3be695f1f02a9\mcplayerinterop.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\mcGlidHostObj\70446af728bb8bd6197f1326d0a2aea1\mcGlidHostObj.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\mcGlidHostObj\70446af728bb8bd6197f1326d0a2aea1\mcGlidHostObj.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 107520 c:\windows\assembly\NativeImages_v2.0.50727_32\MCESidebarCtrl\2ab9c4499b9ca0b66ec42306cfed3fa6\MCESidebarCtrl.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 107520 c:\windows\assembly\NativeImages_v2.0.50727_32\MCESidebarCtrl\2ab9c4499b9ca0b66ec42306cfed3fa6\MCESidebarCtrl.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\31231127c783eddf25c3d21761e1a15c\EventViewer.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\31231127c783eddf25c3d21761e1a15c\EventViewer.ni.dll
    - 2011-08-10 22:01 . 2011-08-10 22:01 693248 c:\windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\ceb1e5232940cce08c296cb9dfce4688\ehRecObj.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 693248 c:\windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\ceb1e5232940cce08c296cb9dfce4688\ehRecObj.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 202752 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiWUapi\8765166fc421d6759011b7ee203ec165\ehiWUapi.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 202752 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiWUapi\8765166fc421d6759011b7ee203ec165\ehiWUapi.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 340480 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiwmp\500915b29cda0fb0828e71db05814008\ehiwmp.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 340480 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiwmp\500915b29cda0fb0828e71db05814008\ehiwmp.ni.dll
    - 2011-08-10 22:01 . 2011-08-10 22:01 875520 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\85464949c28a523e3b6cf24679a9776c\ehiVidCtl.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 875520 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\85464949c28a523e3b6cf24679a9776c\ehiVidCtl.ni.dll
    + 2011-09-22 01:44 . 2011-09-22 01:44 442880 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\2ddabd185f08f72237aaa70edaffa6cc\ehiProxy.ni.dll
    - 2011-08-10 19:00 . 2011-08-10 19:00 442880 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\2ddabd185f08f72237aaa70edaffa6cc\ehiProxy.ni.dll
    - 2011-08-10 22:01 . 2011-08-10 22:01 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\536082f3ff1f0f6fcd7bd58878098071\ehiExtens.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\536082f3ff1f0f6fcd7bd58878098071\ehiExtens.ni.dll
    - 2011-08-10 19:00 . 2011-08-10 19:00 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost\c6f09d715e558a133eb8aa072d6fc6c5\ehExtHost.ni.exe
    + 2011-09-22 01:44 . 2011-09-22 01:44 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost\c6f09d715e558a133eb8aa072d6fc6c5\ehExtHost.ni.exe
    - 2011-08-10 19:00 . 2011-08-10 19:00 223744 c:\windows\assembly\NativeImages_v2.0.50727_32\ehCIR\0354cf4bd5196832512463b0273a9992\ehCIR.ni.dll
    + 2011-09-22 01:44 . 2011-09-22 01:44 223744 c:\windows\assembly\NativeImages_v2.0.50727_32\ehCIR\0354cf4bd5196832512463b0273a9992\ehCIR.ni.dll
    - 2011-08-10 19:00 . 2011-08-10 19:00 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\d17a5e7b3e9c6ea0f5c66093771b35eb\CustomMarshalers.ni.dll
    + 2011-09-22 01:44 . 2011-09-22 01:44 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\d17a5e7b3e9c6ea0f5c66093771b35eb\CustomMarshalers.ni.dll
    + 2011-09-22 01:43 . 2011-09-22 01:43 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a28cd0923e6ff03f952950eb713f03b3\ComSvcConfig.ni.exe
    - 2011-08-10 18:59 . 2011-08-10 18:59 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a28cd0923e6ff03f952950eb713f03b3\ComSvcConfig.ni.exe
    + 2011-09-22 01:43 . 2011-09-22 01:43 621568 c:\windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\482f9bd79c20ab87b6fa0fa2737d6aa3\BDATunePIA.ni.dll
    - 2011-08-10 18:58 . 2011-08-10 18:58 621568 c:\windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\482f9bd79c20ab87b6fa0fa2737d6aa3\BDATunePIA.ni.dll
    - 2011-08-10 18:58 . 2011-08-10 18:58 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\770bfd90d5375c81fd59f5a6cb435ba7\AspNetMMCExt.ni.dll
    + 2011-09-22 01:43 . 2011-09-22 01:43 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\770bfd90d5375c81fd59f5a6cb435ba7\AspNetMMCExt.ni.dll
    - 2009-07-14 02:03 . 2011-09-08 09:12 7340032 c:\windows\System32\SMI\Store\Machine\schema.dat
    + 2009-07-14 02:03 . 2011-09-22 01:32 7340032 c:\windows\System32\SMI\Store\Machine\schema.dat
    + 2009-07-14 04:34 . 2011-09-22 01:35 5981297 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    - 2009-07-14 04:34 . 2011-09-21 21:35 5981297 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    - 2010-03-18 20:16 . 2010-03-18 20:16 1663320 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll
    + 2011-04-06 23:48 . 2011-04-06 23:48 1663320 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll
    + 2011-04-06 23:48 . 2011-04-06 23:48 1368920 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsBase.dll
    + 2011-04-06 23:48 . 2011-04-06 23:48 6428520 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.dll
    + 2011-04-06 23:48 . 2011-04-06 23:48 3788128 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationCore.dll
    + 2011-04-06 23:48 . 2011-04-06 23:48 2261832 c:\windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
    - 2010-03-18 20:16 . 2010-03-18 20:16 2207568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.XML.dll
    + 2011-04-06 23:48 . 2011-04-06 23:48 2207568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.XML.dll
    + 2011-04-06 23:48 . 2011-04-06 23:48 6097256 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.dll
    + 2011-05-17 16:27 . 2011-05-17 16:27 2975064 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.dll
    + 2011-04-06 23:48 . 2011-04-06 23:48 1354584 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll
    - 2011-04-12 22:11 . 2011-04-12 22:11 5197648 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
    + 2011-05-17 16:27 . 2011-05-17 16:27 5197648 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
    + 2011-05-17 16:27 . 2011-05-17 16:27 1142616 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
    - 2011-04-12 22:11 . 2011-04-12 22:11 6735176 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
    + 2011-05-17 16:27 . 2011-05-17 16:27 6735176 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
    + 2011-09-22 01:21 . 2011-09-22 01:21 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
    + 2011-09-22 01:21 . 2011-09-22 01:21 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
    + 2011-09-22 01:21 . 2011-09-22 01:21 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2011-09-22 01:20 . 2011-09-22 01:20 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
    - 2011-08-10 05:07 . 2011-08-10 05:07 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
     
  6. Kergath

    Kergath TS Rookie Topic Starter

    + 2011-08-16 06:56 . 2011-08-16 06:56 3460096 c:\windows\Installer\a3adb.msp
    + 2011-05-20 00:24 . 2011-05-20 00:24 1939968 c:\windows\Installer\96e65.msi
    + 2011-06-15 22:32 . 2011-06-15 22:32 1871872 c:\windows\Installer\96e5f.msi
    + 2011-03-21 00:58 . 2011-09-22 01:25 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
    - 2011-03-21 00:58 . 2011-08-10 05:09 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
    + 2011-03-21 00:58 . 2011-09-22 01:25 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
    - 2011-03-21 00:58 . 2011-08-10 05:09 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
    - 2011-03-21 00:58 . 2011-08-10 05:09 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
    + 2011-03-21 00:58 . 2011-09-22 01:25 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
    + 2011-03-21 00:58 . 2011-09-22 01:25 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
    - 2011-03-21 00:58 . 2011-08-10 05:09 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
    + 2010-03-18 20:16 . 2010-03-18 20:16 1663320 c:\windows\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A\4.0.30319\wpfgfx_x86.dll
    + 2010-03-18 20:16 . 2010-03-18 20:16 1303896 c:\windows\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A\4.0.30319\WindowsBase_x86.dll
    + 2010-03-18 20:16 . 2010-03-18 20:16 6346600 c:\windows\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A\4.0.30319\PresentationFramework_x86.dll
    + 2010-03-18 20:16 . 2010-03-18 20:16 3545952 c:\windows\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A\4.0.30319\PresentationCore_x86.dll
    + 2011-09-22 01:21 . 2011-09-22 01:21 3857920 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\6c4a0cae96fe506534d1ed4b8e905d04\WindowsBase.ni.dll
    + 2011-09-22 01:52 . 2011-09-22 01:52 1063424 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\e6474cae2445440fccb0e62e689e6c22\UIAutomationClientsideProviders.ni.dll
    + 2011-09-22 01:21 . 2011-09-22 01:21 9086464 c:\windows\assembly\NativeImages_v4.0.30319_32\System\ffc825af968e2afbdd0d894b475331f3\System.ni.dll
    + 2011-09-22 01:22 . 2011-09-22 01:22 5617664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\6cf9069b4b5feb38824a79009ed9c7b4\System.Xml.ni.dll
    + 2011-09-22 01:49 . 2011-09-22 01:49 1782272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cadbfd56dbffb78f67b92027bd56862e\System.Xaml.ni.dll
    + 2011-09-22 01:51 . 2011-09-22 01:51 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\a216205660fa7dabec6af4a7c52956ee\System.Windows.Forms.DataVisualization.ni.dll
    + 2011-09-22 01:51 . 2011-09-22 01:51 1885696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\40c543317017c549c3d17d714c3cf1fc\System.Web.Services.ni.dll
    + 2011-09-22 01:51 . 2011-09-22 01:51 2012160 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\86d3010efe01e554be5b8cd680fcfe2a\System.Speech.ni.dll
    + 2011-09-22 01:51 . 2011-09-22 01:51 1140736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f37365c0acb4b409a486f3aa4512a03e\System.ServiceModel.Discovery.ni.dll
    + 2011-09-22 01:51 . 2011-09-22 01:51 1392640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\a53b7bb4838c656363b29f79f708a0f0\System.ServiceModel.Activities.ni.dll
    + 2011-09-22 01:49 . 2011-09-22 01:49 2647040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\33b886ae33f78b046f90bda3dde2688e\System.Runtime.Serialization.ni.dll
    + 2011-09-22 01:49 . 2011-09-22 01:49 1021952 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\5c659e2195f712d6638b8536da384cda\System.Runtime.DurableInstancing.ni.dll
    + 2011-09-22 01:49 . 2011-09-22 01:49 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\0751e44f42a603bfe153a4bbd124f62f\System.Printing.ni.dll
    + 2011-09-22 01:51 . 2011-09-22 01:51 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\307dea1fa71faaa1c2dc0175487d9639\System.Management.ni.dll
    + 2011-09-22 01:51 . 2011-09-22 01:51 1072640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\e1acefba94c07ca77d751b68bc3e33d3\System.IdentityModel.ni.dll
    + 2011-09-22 01:21 . 2011-09-22 01:21 1652736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ea0f339fb15935f1878e115be1c04f8f\System.Drawing.ni.dll
    + 2011-09-22 01:49 . 2011-09-22 01:49 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\be3d47a08a8e4118e75e31a402259409\System.DirectoryServices.ni.dll
    + 2011-09-22 01:49 . 2011-09-22 01:49 1879040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\864c2fd53f879fcd5f9b335cf49a66b4\System.Deployment.ni.dll
    + 2011-09-22 01:22 . 2011-09-22 01:22 6815232 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\80bdabbd69127228408b96ca23460389\System.Data.ni.dll
    + 2011-09-22 01:22 . 2011-09-22 01:22 2549760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\ec8c58572e78fa5fc63bb8b29ed7481a\System.Data.SqlXml.ni.dll
    + 2011-09-22 01:51 . 2011-09-22 01:51 1343488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\04f451f2d493483696f852bdce8c36e0\System.Data.Services.Client.ni.dll
    + 2011-09-22 01:21 . 2011-09-22 01:21 2517504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\8a671058b35f625fb958ff2228fbc9cf\System.Data.Linq.ni.dll
    + 2011-09-22 01:21 . 2011-09-22 01:21 7069696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\2721a63758cab451543e8a58dc4ffeeb\System.Core.ni.dll
    + 2011-09-22 01:49 . 2011-09-22 01:49 4129792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\c527fa8c447a9edfeb14eeaf4af0a742\System.Activities.ni.dll
    + 2011-09-22 01:50 . 2011-09-22 01:50 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\5be7a4e9c92dff127c74c0d744b3f523\System.Activities.Presentation.ni.dll
    + 2011-09-22 01:49 . 2011-09-22 01:49 1547264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\1871f74f0a94ec1d26071dcc872d4189\System.Activities.Core.Presentation.ni.dll
    + 2011-09-22 01:49 . 2011-09-22 01:49 2907136 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\5d8782e167084ab1fced20b86cfb26e2\ReachFramework.ni.dll
    + 2011-09-22 01:49 . 2011-09-22 01:49 1640448 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\de59faecd59acbc6caabecbd8efbbb50\PresentationUI.ni.dll
    + 2011-09-22 01:49 . 2011-09-22 01:49 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\ce05202cabbee87cda0b3df2e56a6b20\Microsoft.VisualBasic.ni.dll
    + 2011-09-22 01:49 . 2011-09-22 01:49 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\899c60052ad7e741dc444017cc907ca8\Microsoft.VisualBasic.Activities.Compiler.ni.dll
    + 2011-09-22 01:49 . 2011-09-22 01:49 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\0adf14e7c198b3e2a634e53a23ddad7b\Microsoft.VisualBasic.Compatibility.ni.dll
    + 2011-09-22 01:49 . 2011-09-22 01:49 1085952 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\4376863f8deba766befd5d8e41316a91\Microsoft.Transactions.Bridge.ni.dll
    + 2011-09-22 01:51 . 2011-09-22 01:51 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\2ceaa7403e2bdea36367a0a67d972f03\Microsoft.JScript.ni.dll
    - 2011-09-13 04:12 . 2011-09-13 04:12 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\113a314e9f32a5efc41f409118a71063\Microsoft.CSharp.ni.dll
    + 2011-09-22 01:22 . 2011-09-22 01:22 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\113a314e9f32a5efc41f409118a71063\Microsoft.CSharp.ni.dll
    + 2011-09-22 01:46 . 2011-09-22 01:46 3347968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll
    - 2011-08-10 18:16 . 2011-08-10 18:16 3347968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll
    - 2011-08-10 22:06 . 2011-08-10 22:06 1047552 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\92104881c09380b6b86ec656e8c502f6\UIAutomationClientsideProviders.ni.dll
    + 2011-09-22 01:49 . 2011-09-22 01:49 1047552 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\92104881c09380b6b86ec656e8c502f6\UIAutomationClientsideProviders.ni.dll
    + 2011-09-22 01:43 . 2011-09-22 01:43 7963648 c:\windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
    - 2011-08-10 18:16 . 2011-08-10 18:16 7963648 c:\windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
    + 2011-09-22 01:43 . 2011-09-22 01:43 5453312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
    - 2011-08-10 18:16 . 2011-08-10 18:16 5453312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
    - 2011-08-10 22:06 . 2011-08-10 22:06 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\a6409b4be5018e5cbad7ef197d4237e1\System.WorkflowServices.ni.dll
    + 2011-09-22 01:49 . 2011-09-22 01:49 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\a6409b4be5018e5cbad7ef197d4237e1\System.WorkflowServices.ni.dll
    - 2011-08-10 18:19 . 2011-08-10 18:19 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\9af55d8d4cb44eabe53e940244864daa\System.Workflow.Runtime.ni.dll
    + 2011-09-22 01:49 . 2011-09-22 01:49 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\9af55d8d4cb44eabe53e940244864daa\System.Workflow.Runtime.ni.dll
    - 2011-08-10 18:19 . 2011-08-10 18:19 4515840 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\f40e6a02c815ee66b49d4f48802d9d9c\System.Workflow.ComponentModel.ni.dll
    + 2011-09-22 01:49 . 2011-09-22 01:49 4515840 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\f40e6a02c815ee66b49d4f48802d9d9c\System.Workflow.ComponentModel.ni.dll
    - 2011-08-10 18:19 . 2011-08-10 18:19 2995200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\82e83c3d87d72cafffc60c55585daaaa\System.Workflow.Activities.ni.dll
    + 2011-09-22 01:48 . 2011-09-22 01:48 2995200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\82e83c3d87d72cafffc60c55585daaaa\System.Workflow.Activities.ni.dll
    + 2011-09-22 01:44 . 2011-09-22 01:44 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\873449038f590bc102daf0effd94c952\System.Web.Services.ni.dll
    - 2011-08-10 18:18 . 2011-08-10 18:18 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\873449038f590bc102daf0effd94c952\System.Web.Services.ni.dll
    + 2011-09-22 01:48 . 2011-09-22 01:48 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4de6ad3bad2dc4fbbbd33b16b1a7b219\System.Web.Mobile.ni.dll
    - 2011-08-10 22:05 . 2011-08-10 22:05 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4de6ad3bad2dc4fbbbd33b16b1a7b219\System.Web.Mobile.ni.dll
    - 2011-08-10 22:05 . 2011-08-10 22:05 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\871d3f0cc83d73a106151257ee74a4aa\System.Web.Extensions.ni.dll
    + 2011-09-22 01:48 . 2011-09-22 01:48 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\871d3f0cc83d73a106151257ee74a4aa\System.Web.Extensions.ni.dll
    - 2011-08-10 22:05 . 2011-08-10 22:05 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2c7c32228442440e4c23f772fd64b24b\System.Speech.ni.dll
    + 2011-09-22 01:48 . 2011-09-22 01:48 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2c7c32228442440e4c23f772fd64b24b\System.Speech.ni.dll
    + 2011-09-22 01:48 . 2011-09-22 01:48 1707008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\0139ae05cabaf2ac25cc85279e187e0a\System.ServiceModel.Web.ni.dll
    - 2011-08-10 22:05 . 2011-08-10 22:05 1707008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\0139ae05cabaf2ac25cc85279e187e0a\System.ServiceModel.Web.ni.dll
    + 2011-09-22 01:44 . 2011-09-22 01:44 2347008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e285e2af5e0e8ac7d91936b2cb18542f\System.Runtime.Serialization.ni.dll
    - 2011-08-10 19:00 . 2011-08-10 19:00 2347008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e285e2af5e0e8ac7d91936b2cb18542f\System.Runtime.Serialization.ni.dll
    - 2011-08-10 18:18 . 2011-08-10 18:18 1044480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\b2834d89c14922370db32e5e4564e03a\System.Printing.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 1044480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\b2834d89c14922370db32e5e4564e03a\System.Printing.ni.dll
    - 2011-08-10 22:03 . 2011-08-10 22:03 1051136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e9a08576157b4aeb91a3aaa452fcb00\System.Management.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 1051136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e9a08576157b4aeb91a3aaa452fcb00\System.Management.ni.dll
    + 2011-09-22 01:46 . 2011-09-22 01:46 8872960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\d22401acd64bf25bd6f92a2ab44c5b0d\System.Management.Automation.ni.dll
    - 2011-08-10 22:03 . 2011-08-10 22:03 8872960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\d22401acd64bf25bd6f92a2ab44c5b0d\System.Management.Automation.ni.dll
    - 2011-08-10 19:00 . 2011-08-10 19:00 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\5ab23d203c8bfade7160ea915719c730\System.IdentityModel.ni.dll
    + 2011-09-22 01:44 . 2011-09-22 01:44 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\5ab23d203c8bfade7160ea915719c730\System.IdentityModel.ni.dll
    + 2011-09-22 01:44 . 2011-09-22 01:44 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
    - 2011-08-10 18:17 . 2011-08-10 18:17 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
    - 2011-08-10 18:18 . 2011-08-10 18:18 1117184 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\ac4d095d0371999fa879f8167e9a82fa\System.DirectoryServices.ni.dll
    + 2011-09-22 01:44 . 2011-09-22 01:44 1117184 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\ac4d095d0371999fa879f8167e9a82fa\System.DirectoryServices.ni.dll
    - 2011-08-10 18:17 . 2011-08-10 18:17 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\364993b444187c2dd988cab2fb0f98c6\System.Deployment.ni.dll
    + 2011-09-22 01:44 . 2011-09-22 01:44 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\364993b444187c2dd988cab2fb0f98c6\System.Deployment.ni.dll
    + 2011-09-22 01:44 . 2011-09-22 01:44 6611456 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\b7d1c271ec6b4df64c95563fc81ffc2f\System.Data.ni.dll
    - 2011-08-10 18:18 . 2011-08-10 18:18 6611456 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\b7d1c271ec6b4df64c95563fc81ffc2f\System.Data.ni.dll
    - 2011-08-10 18:16 . 2011-08-10 18:16 2508288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\6c9eef4471f39022ab9418637c7ee9e1\System.Data.SqlXml.ni.dll
    + 2011-09-22 01:43 . 2011-09-22 01:43 2508288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\6c9eef4471f39022ab9418637c7ee9e1\System.Data.SqlXml.ni.dll
    + 2011-09-22 01:48 . 2011-09-22 01:48 2029568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\702efea190a39de2bacb81cbaf32de99\System.Data.Services.ni.dll
    - 2011-08-10 22:05 . 2011-08-10 22:05 2029568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\702efea190a39de2bacb81cbaf32de99\System.Data.Services.ni.dll
    + 2011-09-22 01:48 . 2011-09-22 01:48 1378816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3da17a7980d13fae329f2c3a77797b08\System.Data.Services.Client.ni.dll
    - 2011-08-10 22:05 . 2011-08-10 22:05 1378816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3da17a7980d13fae329f2c3a77797b08\System.Data.Services.Client.ni.dll
    + 2011-09-22 01:44 . 2011-09-22 01:44 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\12dc224b1ddff3b0c5b3fce1ac958a3f\System.Data.OracleClient.ni.dll
    - 2011-08-10 18:19 . 2011-08-10 18:19 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\12dc224b1ddff3b0c5b3fce1ac958a3f\System.Data.OracleClient.ni.dll
    + 2011-09-22 01:48 . 2011-09-22 01:48 2516992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\1992ecfb8eb3318820e3d28df55bee6a\System.Data.Linq.ni.dll
    - 2011-08-10 22:05 . 2011-08-10 22:05 2516992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\1992ecfb8eb3318820e3d28df55bee6a\System.Data.Linq.ni.dll
    - 2011-08-10 22:05 . 2011-08-10 22:05 9921536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\301160f0d81368efb2f79e9b714ec505\System.Data.Entity.ni.dll
    + 2011-09-22 01:48 . 2011-09-22 01:48 9921536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\301160f0d81368efb2f79e9b714ec505\System.Data.Entity.ni.dll
    - 2011-08-10 18:59 . 2011-08-10 18:59 2297856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\ebdaeeb5ef1a6209d67a2f70fcaf5cd5\System.Core.ni.dll
    + 2011-09-22 01:43 . 2011-09-22 01:43 2297856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\ebdaeeb5ef1a6209d67a2f70fcaf5cd5\System.Core.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 1351168 c:\windows\assembly\NativeImages_v2.0.50727_32\SrpUxSnapIn\1d6036aecde52527be8ef132c7f21c52\SrpUxSnapIn.ni.dll
    - 2011-08-10 22:04 . 2011-08-10 22:04 1351168 c:\windows\assembly\NativeImages_v2.0.50727_32\SrpUxSnapIn\1d6036aecde52527be8ef132c7f21c52\SrpUxSnapIn.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 2157056 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\a09206d231b222c74183c7255bcacb35\ReachFramework.ni.dll
    - 2011-08-10 18:18 . 2011-08-10 18:18 2157056 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\a09206d231b222c74183c7255bcacb35\ReachFramework.ni.dll
    - 2011-08-10 18:18 . 2011-08-10 18:18 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\7f0d64056a690c2fe26071b7368b4c56\PresentationUI.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\7f0d64056a690c2fe26071b7368b4c56\PresentationUI.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 1451520 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\c16377318357fb4fcda87c1015815a76\PresentationBuildTasks.ni.dll
    - 2011-08-10 22:04 . 2011-08-10 22:04 1451520 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\c16377318357fb4fcda87c1015815a76\PresentationBuildTasks.ni.dll
    - 2011-08-10 22:04 . 2011-08-10 22:04 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\dedb365e2c9ea7bdab2d94edab2bf994\Narrator.ni.exe
    + 2011-09-22 01:47 . 2011-09-22 01:47 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\dedb365e2c9ea7bdab2d94edab2bf994\Narrator.ni.exe
    + 2011-09-22 01:47 . 2011-09-22 01:47 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\97051ca60f5e2ea7927adebcb2af9097\MMCEx.ni.dll
    - 2011-08-10 22:04 . 2011-08-10 22:04 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\97051ca60f5e2ea7927adebcb2af9097\MMCEx.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\40f947b2a4ecb8ba656104c3f77bb79b\MIGUIControls.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\40f947b2a4ecb8ba656104c3f77bb79b\MIGUIControls.ni.dll
    - 2011-08-10 22:04 . 2011-08-10 22:04 1300992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\0e8e6ead7f4a6b149f12335a81660a83\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 1300992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\0e8e6ead7f4a6b149f12335a81660a83\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\47a4b624c147aae197214d4ee5f0661b\Microsoft.VisualBasic.ni.dll
    - 2011-08-10 22:04 . 2011-08-10 22:04 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\47a4b624c147aae197214d4ee5f0661b\Microsoft.VisualBasic.ni.dll
    - 2011-08-10 19:00 . 2011-08-10 19:00 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\0d7a48003dd32151b3518b3ee7f13350\Microsoft.Transactions.Bridge.ni.dll
    + 2011-09-22 01:44 . 2011-09-22 01:44 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\0d7a48003dd32151b3518b3ee7f13350\Microsoft.Transactions.Bridge.ni.dll
    + 2011-09-22 01:46 . 2011-09-22 01:46 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\cc48d4fd4b90ec099b5768ba7c2feb3c\Microsoft.PowerShell.Commands.Utility.ni.dll
    - 2011-08-10 22:03 . 2011-08-10 22:03 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\cc48d4fd4b90ec099b5768ba7c2feb3c\Microsoft.PowerShell.Commands.Utility.ni.dll
    + 2011-09-22 01:46 . 2011-09-22 01:46 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\2382705165b2bbc756181d6a5dae25d6\Microsoft.PowerShell.Editor.ni.dll
    - 2011-08-10 22:03 . 2011-08-10 22:03 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\2382705165b2bbc756181d6a5dae25d6\Microsoft.PowerShell.Editor.ni.dll
    - 2011-08-10 22:04 . 2011-08-10 22:04 1704960 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\21182b3224f3c2aea9e41d915ba7bebe\Microsoft.PowerShell.GPowerShell.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 1704960 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\21182b3224f3c2aea9e41d915ba7bebe\Microsoft.PowerShell.GPowerShell.ni.dll
    - 2011-08-10 22:03 . 2011-08-10 22:03 1354752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\20dc7f1c1038bda85dbcdad44cf7e92f\Microsoft.Office.Tools.Excel.v9.0.ni.dll
    + 2011-09-22 01:46 . 2011-09-22 01:46 1354752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\20dc7f1c1038bda85dbcdad44cf7e92f\Microsoft.Office.Tools.Excel.v9.0.ni.dll
    - 2011-08-10 22:03 . 2011-08-10 22:03 1787904 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\fdf6074f600abc65f2421689e6a9a8e7\Microsoft.Office.InfoPath.Client.Internal.Host.ni.dll
    + 2011-09-22 01:46 . 2011-09-22 01:46 1787904 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\fdf6074f600abc65f2421689e6a9a8e7\Microsoft.Office.InfoPath.Client.Internal.Host.ni.dll
    - 2011-08-10 22:03 . 2011-08-10 22:03 1183744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\482b2286c8e9ca76a486365ddccbca1d\Microsoft.Office.Interop.InfoPath.SemiTrust.ni.dll
    + 2011-09-22 01:46 . 2011-09-22 01:46 1183744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\482b2286c8e9ca76a486365ddccbca1d\Microsoft.Office.Interop.InfoPath.SemiTrust.ni.dll
    - 2011-08-10 22:03 . 2011-08-10 22:03 4743168 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\cbd8bd03e99a594e832f3416a268e1d3\Microsoft.Office.BusinessApplications.SyncServices.ni.dll
    + 2011-09-22 01:46 . 2011-09-22 01:46 4743168 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\cbd8bd03e99a594e832f3416a268e1d3\Microsoft.Office.BusinessApplications.SyncServices.ni.dll
    + 2011-09-22 01:46 . 2011-09-22 01:46 2091520 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\9eb098a89d482bd53c08e5f91f7bdcb0\Microsoft.Office.BusinessApplications.RuntimeUi.ni.dll
    - 2011-08-10 22:03 . 2011-08-10 22:03 2091520 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\9eb098a89d482bd53c08e5f91f7bdcb0\Microsoft.Office.BusinessApplications.RuntimeUi.ni.dll
    + 2011-09-22 01:46 . 2011-09-22 01:46 3190272 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\6341c1ae808c7ebd681f187ef3582ece\Microsoft.Office.BusinessData.ni.dll
    - 2011-08-10 22:03 . 2011-08-10 22:03 3190272 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\6341c1ae808c7ebd681f187ef3582ece\Microsoft.Office.BusinessData.ni.dll
    + 2011-09-22 01:46 . 2011-09-22 01:46 1547776 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\504e4330282715990af2f4d8c8aaf190\Microsoft.Office.BusinessApplications.Runtime.ni.dll
    - 2011-08-10 22:03 . 2011-08-10 22:03 1547776 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\504e4330282715990af2f4d8c8aaf190\Microsoft.Office.BusinessApplications.Runtime.ni.dll
    - 2011-08-10 22:01 . 2011-08-10 22:01 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\ffec5408d56ba9fb311518d6ec521691\Microsoft.MediaCenter.UI.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\ffec5408d56ba9fb311518d6ec521691\Microsoft.MediaCenter.UI.ni.dll
    - 2011-08-10 19:00 . 2011-08-10 19:00 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\81359c52225ae557ddf7dbdf3c0bf048\Microsoft.MediaCenter.ni.dll
    + 2011-09-22 01:44 . 2011-09-22 01:44 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\81359c52225ae557ddf7dbdf3c0bf048\Microsoft.MediaCenter.ni.dll
    + 2011-09-22 01:46 . 2011-09-22 01:46 1125376 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\095434506dfac602ab100a99c49f790c\Microsoft.MediaCenter.Bml.ni.dll
    - 2011-08-10 22:03 . 2011-08-10 22:03 1125376 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\095434506dfac602ab100a99c49f790c\Microsoft.MediaCenter.Bml.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 2335744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\35138a36b7d07f4d37adf96745ef80cb\Microsoft.JScript.ni.dll
    - 2011-08-10 22:03 . 2011-08-10 22:03 2335744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\35138a36b7d07f4d37adf96745ef80cb\Microsoft.JScript.ni.dll
    - 2011-08-10 22:03 . 2011-08-10 22:03 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\9c17eb4bfbca7719a4f10bbd3473d07d\Microsoft.Ink.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\9c17eb4bfbca7719a4f10bbd3473d07d\Microsoft.Ink.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 4071424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.GroupPoli#\7b33c762eb77d661a3f1acb831e2b67b\Microsoft.GroupPolicy.Reporting.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 4071424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.GroupPoli#\7b33c762eb77d661a3f1acb831e2b67b\Microsoft.GroupPolicy.Reporting.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\4b45a3a1f24d0d773f9f8fb2d8ce8164\Microsoft.Build.Tasks.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\4b45a3a1f24d0d773f9f8fb2d8ce8164\Microsoft.Build.Tasks.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 1970176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\01de5c2808a0c30578614dae24c5d591\Microsoft.Build.Tasks.v3.5.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 1970176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\01de5c2808a0c30578614dae24c5d591\Microsoft.Build.Tasks.v3.5.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\db9750e8aae34d7bd25b76564f2cebd5\Microsoft.Build.Engine.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\db9750e8aae34d7bd25b76564f2cebd5\Microsoft.Build.Engine.ni.dll
    - 2011-08-10 22:01 . 2011-08-10 22:01 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\9004890e93911c7612aa5f218c474618\mcstore.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\9004890e93911c7612aa5f218c474618\mcstore.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 3328512 c:\windows\assembly\NativeImages_v2.0.50727_32\mcepg\24f438b585be87a5734e48aa616bbc07\mcepg.ni.dll
    - 2011-08-10 22:01 . 2011-08-10 22:01 3328512 c:\windows\assembly\NativeImages_v2.0.50727_32\mcepg\24f438b585be87a5734e48aa616bbc07\mcepg.ni.dll
    + 2011-05-24 10:00 . 2011-09-22 01:18 25325517 c:\windows\winsxs\ManifestCache\a786a517e28d5687_blobs.bin
    + 2011-03-06 03:07 . 2011-09-22 01:23 46249416 c:\windows\System32\MRT.exe
    - 2011-03-28 05:23 . 2011-09-21 21:30 42435968 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3881011562-596480335-2157353384-1000-8192.dat
    + 2011-03-28 05:23 . 2011-09-22 01:32 42435968 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3881011562-596480335-2157353384-1000-8192.dat
    + 2011-05-19 05:55 . 2011-05-19 05:55 19624448 c:\windows\Installer\a3ab3.msp
    + 2011-09-22 01:21 . 2011-09-22 01:21 13138432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0e3eea502999efc06079a0f40a795731\System.Windows.Forms.ni.dll
    + 2011-09-22 01:51 . 2011-09-22 01:51 18058752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\56df5c322f32e926eb46047f65d0a357\System.ServiceModel.ni.dll
    + 2011-09-22 01:51 . 2011-09-22 01:51 13346816 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\093195c829c13c7ad35cb3ad43b52b6a\System.Data.Entity.ni.dll
    + 2011-09-22 01:22 . 2011-09-22 01:22 18000384 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d23889e1eceadc97a6f227dbb392cb60\PresentationFramework.ni.dll
    + 2011-09-22 01:22 . 2011-09-22 01:22 11450880 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\55b41158ada67f5b5a132e120e7de269\PresentationCore.ni.dll
    + 2011-09-22 01:19 . 2011-09-22 01:19 14407680 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\93e7df09dacd5fef442cc22d28efec83\mscorlib.ni.dll
    + 2011-09-22 01:44 . 2011-09-22 01:44 12433408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll
    - 2011-08-10 18:17 . 2011-08-10 18:17 12433408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll
    + 2011-09-22 01:44 . 2011-09-22 01:44 11819520 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\33b601c8e2cf4993e68d763389246197\System.Web.ni.dll
    - 2011-08-10 18:18 . 2011-08-10 18:18 11819520 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\33b601c8e2cf4993e68d763389246197\System.Web.ni.dll
    - 2011-08-10 18:59 . 2011-08-10 18:59 17478656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\052fc9c848a7f4630980ae0fd7a282e0\System.ServiceModel.ni.dll
    + 2011-09-22 01:44 . 2011-09-22 01:44 17478656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\052fc9c848a7f4630980ae0fd7a282e0\System.ServiceModel.ni.dll
    + 2011-09-22 01:44 . 2011-09-22 01:44 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\cbd362859e818467b75aaf0287af0fe2\System.Design.ni.dll
    - 2011-08-10 18:19 . 2011-08-10 18:19 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\cbd362859e818467b75aaf0287af0fe2\System.Design.ni.dll
    + 2011-09-22 01:47 . 2011-09-22 01:47 14339072 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c60906a715473ceccf93f0559527e84d\PresentationFramework.ni.dll
    - 2011-08-10 18:17 . 2011-08-10 18:17 14339072 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c60906a715473ceccf93f0559527e84d\PresentationFramework.ni.dll
    + 2011-09-22 01:46 . 2011-09-22 01:46 12234752 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5566b57732d9edea236f54d06149835a\PresentationCore.ni.dll
    - 2011-08-10 18:17 . 2011-08-10 18:17 12234752 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5566b57732d9edea236f54d06149835a\PresentationCore.ni.dll
    - 2011-08-10 05:11 . 2011-08-10 05:11 11490304 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
    + 2011-09-22 01:43 . 2011-09-22 01:43 11490304 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
    + 2011-09-22 01:45 . 2011-09-22 01:45 18686976 c:\windows\assembly\NativeImages_v2.0.50727_32\ehshell\68e0ac1bcbdf7fed0c8041181c8aff87\ehshell.ni.dll
    - 2011-08-10 22:02 . 2011-08-10 22:02 18686976 c:\windows\assembly\NativeImages_v2.0.50727_32\ehshell\68e0ac1bcbdf7fed0c8041181c8aff87\ehshell.ni.dll
    + 2011-04-07 02:43 . 2011-04-07 02:43 123313664 c:\windows\Installer\a3ac7.msp
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files\Steam\steam.exe" [2011-08-03 1242448]
    "Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
    "ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-08-26 17361032]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-22 1778064]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
    "NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-04-08 1406248]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
    "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-09-01 1047208]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    .
    c:\users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-4-9 576000]
    Registration Heroes of Might & Magic 5.LNK - c:\program files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe [2011-3-30 868352]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
    LOLRecorder.lnk - c:\program files\LOLReplay\LOLRecorder.exe [2011-8-27 372736]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux3"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R1 MpKsl002e5e40;MpKsl002e5e40;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BEC80BE6-62AD-491F-A5BA-BF13D5804781}\MpKsl002e5e40.sys [x]
    R1 MpKsl03249d40;MpKsl03249d40;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C2C5A6CC-1FED-4574-B4EF-99BD553B8D36}\MpKsl03249d40.sys [x]
    R1 MpKsl040600f4;MpKsl040600f4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B133DB4A-8696-444B-B341-9174AF32A3AF}\MpKsl040600f4.sys [x]
    R1 MpKsl055c88b5;MpKsl055c88b5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2E9F1E25-37AC-402D-BD27-7B202604CA4F}\MpKsl055c88b5.sys [x]
    R1 MpKsl093a1754;MpKsl093a1754;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1A386B1-78A5-4F18-B46F-3DA3ED2F3629}\MpKsl093a1754.sys [x]
    R1 MpKsl0e0bea13;MpKsl0e0bea13;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A107679D-E6D1-4B1D-A179-A9CAF5509ED3}\MpKsl0e0bea13.sys [x]
    R1 MpKsl1b1b7ebf;MpKsl1b1b7ebf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{53896F6C-109C-40C6-8D7E-23FADB9FE428}\MpKsl1b1b7ebf.sys [x]
    R1 MpKsl39161332;MpKsl39161332;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7272F1A1-E3D9-4151-A365-02E7E2D14D60}\MpKsl39161332.sys [x]
    R1 MpKsl47300ffd;MpKsl47300ffd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1D5DEA57-B4F9-4F72-AA3E-BB057CEAD9D3}\MpKsl47300ffd.sys [x]
    R1 MpKsl4c25b95f;MpKsl4c25b95f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33FDADE8-0EEF-46E5-890B-F23CC9CD2679}\MpKsl4c25b95f.sys [x]
    R1 MpKsl4ef88ffd;MpKsl4ef88ffd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD9B4117-D71F-4C42-A403-2C88F39897EE}\MpKsl4ef88ffd.sys [x]
    R1 MpKsl58ff3399;MpKsl58ff3399;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BEC80BE6-62AD-491F-A5BA-BF13D5804781}\MpKsl58ff3399.sys [x]
    R1 MpKsl68c83548;MpKsl68c83548;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E6812986-CE24-44AC-9C83-A0793251F027}\MpKsl68c83548.sys [x]
    R1 MpKsl8bc51ca4;MpKsl8bc51ca4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA7CFBF1-EEC2-4900-BCAD-90A1F4A8408C}\MpKsl8bc51ca4.sys [x]
    R1 MpKsl95e737cd;MpKsl95e737cd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8AC43A24-B16D-4897-91D0-BFE0F2D9BFC4}\MpKsl95e737cd.sys [x]
    R1 MpKsl9b438dda;MpKsl9b438dda;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66377808-71FB-488D-B788-077C1EA52D70}\MpKsl9b438dda.sys [x]
    R1 MpKsl9d6d5027;MpKsl9d6d5027;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{529B0A21-E307-4C56-B06D-A9002765309A}\MpKsl9d6d5027.sys [x]
    R1 MpKsla4511d04;MpKsla4511d04;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5C1DAC28-D9F0-433A-9E88-CEA686D3C7D7}\MpKsla4511d04.sys [x]
    R1 MpKsla646d26e;MpKsla646d26e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{20FF1153-2611-45AB-BDED-9981E58A0C59}\MpKsla646d26e.sys [x]
    R1 MpKslaecd84cb;MpKslaecd84cb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7272F1A1-E3D9-4151-A365-02E7E2D14D60}\MpKslaecd84cb.sys [x]
    R1 MpKslc36014d0;MpKslc36014d0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E6812986-CE24-44AC-9C83-A0793251F027}\MpKslc36014d0.sys [x]
    R1 MpKslca656fd9;MpKslca656fd9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{46B8DBC8-5CDF-46FD-9E2D-B9F338155853}\MpKslca656fd9.sys [x]
    R1 MpKsle4e1232a;MpKsle4e1232a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{46B8DBC8-5CDF-46FD-9E2D-B9F338155853}\MpKsle4e1232a.sys [x]
    R1 MpKslf4c8274d;MpKslf4c8274d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2C145FE5-7943-4D07-A025-EA6F9A09D14D}\MpKslf4c8274d.sys [x]
    R1 MpKslfa593dc8;MpKslfa593dc8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B9CF9C14-9375-4361-8B23-7E89251DAB51}\MpKslfa593dc8.sys [x]
    R1 MpKslfe828125;MpKslfe828125;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{03D616AA-0FAB-4259-A769-BFD51CAF40C0}\MpKslfe828125.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-06 1343400]
    S1 MpKsl76d0532d;MpKsl76d0532d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{200A9B08-317B-4D6C-A560-F4DA4BDE9784}\MpKsl76d0532d.sys [2011-09-22 28752]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-27 176128]
    S2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
    S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-03-29 598312]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-27 7566848]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-27 238592]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ASWMBR
    *NewlyCreated* - MPKSL76D0532D
    *Deregistered* - aswMBR
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    Akamai REG_MULTI_SZ Akamai
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = http=127.0.0.1:57596
    IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 68.87.85.102 68.87.69.150
    FF - ProfilePath - c:\users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\xkctxi5h.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.leagueoflegends.com/
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
    Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3881011562-596480335-2157353384-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-3881011562-596480335-2157353384-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_USERS\S-1-5-21-3881011562-596480335-2157353384-1000\Software\SecuROM\License information*]
    "datasecu"=hex:7a,17,17,14,6c,f7,1b,1a,ac,65,d3,c8,4c,a8,4c,f3,e3,01,17,94,c1,
    bf,97,ab,a4,94,e4,7d,03,1e,1a,1a,e8,fe,8c,2a,16,d6,3c,c9,06,33,d5,ad,b4,44,\
    "rkeysecu"=hex:f2,ff,11,5e,5a,6c,15,a8,b9,da,6a,0d,9f,27,c5,7c
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(640)
    c:\program files\CA\PPRT\bin\CACheck.dll
    c:\program files\CA\PPRT\bin\CAHook.dll
    c:\program files\CA\PPRT\bin\CAServer.dll
    .
    Completion time: 2011-09-21 21:08:48
    ComboFix-quarantined-files.txt 2011-09-22 04:08
    ComboFix2.txt 2011-09-21 23:05
    .
    Pre-Run: 803,568,660,480 bytes free
    Post-Run: 803,325,489,152 bytes free
    .
    - - End Of File - - 36FB38E3D4232CF89C075F0C936D7212
     
  7. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Please download Rootkit Unhooker from one of the following links and save it to your desktop.
    In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

    • Double-click on RKUnhookerLE.exe to start the program.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • Click the Report tab, then click Scan.
    • Check Drivers, Stealth, and uncheck the rest.
    • Click OK.
    • Wait until it's finished and then go to File > Save Report.
    • Save the report to your Desktop.
    • Copy and paste the contents of the report into your next reply.
    -- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
     
  8. Kergath

    Kergath TS Rookie Topic Starter

    RkU Version: 3.8.389.593, Type LE (SR2)
    ==============================================
    OS Name: Windows 7
    Version 6.1.7601 (Service Pack 1)
    Number of processors #2
    ==============================================
    >Drivers
    ==============================================
    0x94014000 C:\Windows\system32\DRIVERS\atikmdag.sys 7888896 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
    0x82C38000 C:\Windows\system32\ntoskrnl.exe 4206592 bytes (Microsoft Corporation, NT Kernel & System)
    0x82C38000 PnpManager 4206592 bytes
    0x82C38000 RAW 4206592 bytes
    0x82C38000 WMIxWDM 4206592 bytes
    0x970F0000 Win32k 2416640 bytes
    0x970F0000 C:\Windows\System32\win32k.sys 2416640 bytes (Microsoft Corporation, Multi-User Win32 Driver)
    0x8C834000 C:\Windows\System32\drivers\tcpip.sys 1351680 bytes (Microsoft Corporation, TCP/IP Driver)
    0x8C422000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
    0x93510000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
    0x8C603000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
    0x83514000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
    0x9FC1E000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
    0x9527E000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
    0x83434000 C:\Windows\system32\mcupdate_GenuineIntel.dll 544768 bytes (Microsoft Corporation, Intel Microcode Update Library)
    0x835BF000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
    0x93414000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
    0x8C58F000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
    0x8C71D000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0x9FD47000 C:\Windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
    0x9506A000 C:\Windows\system32\drivers\HdAudio.sys 327680 bytes (Microsoft Corporation, High Definition Audio Function Driver)
    0x9FCED000 C:\Windows\System32\DRIVERS\srv2.sys 327680 bytes (Microsoft Corporation, Smb 2.0 Server driver)
    0x97380000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
    0x9360C000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
    0x836ED000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
    0x8363E000 C:\Windows\system32\drivers\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
    0x935C7000 C:\Windows\system32\DRIVERS\Rt86win7.sys 282624 bytes (Realtek , Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver )
    0x9500B000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
    0x834D2000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
    0x8C7B5000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0x95102000 C:\Windows\system32\DRIVERS\udfs.sys 262144 bytes (Microsoft Corporation, UDF File System Driver)
    0x934D1000 C:\Windows\system32\DRIVERS\atikmpag.sys 258048 bytes (Advanced Micro Devices, Inc., AMD multi-vendor Miniport Driver)
    0x8C9B8000 C:\Windows\system32\drivers\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
    0x8C6BA000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
    0x95351000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
    0x9479A000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
    0x82C01000 ACPI_HAL 225280 bytes
    0x82C01000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0x83400000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0x937B3000 C:\Windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
    0x8CA44000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
    0x8CBC0000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
    0x8C97E000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
    0x950BA000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0x8C9FF000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
    0x8C551000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
    0x9FDAE000 C:\Windows\System32\Drivers\fastfat.SYS 172032 bytes (Microsoft Corporation, Fast FAT File System Driver)
    0x83697000 C:\Windows\system32\drivers\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
    0x83763000 C:\Windows\system32\drivers\vmbus.sys 172032 bytes (Microsoft Corporation, Virtual Machine Bus)
    0x8CAFD000 C:\Windows\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
    0x9378D000 C:\Windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
    0x8CA87000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
    0x8C6F8000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
    0x951BD000 C:\Windows\system32\DRIVERS\Dot4.sys 147456 bytes (Microsoft Corporation, IEEE-1284.4-1999 Driver)
    0x837A8000 C:\Windows\system32\drivers\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
    0x9532E000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0x936F1000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0x9FCBF000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
    0x9349E000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
    0x8CB3E000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
    0x8CADE000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0x947D3000 C:\Windows\system32\drivers\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
    0x8C800000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
    0x973D0000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
    0x93770000 C:\Windows\system32\DRIVERS\mcdbus.sys 118784 bytes (MagicISO, Inc., MagicISO SCSI Host Controller)
    0x95226000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
    0x9538C000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
    0x8C777000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
    0x95241000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
    0x95303000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
    0x950E9000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
    0x93478000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
    0x93684000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
    0x9366C000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
    0x936CE000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0x93713000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0x9372B000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0x93742000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
    0x8CB9D000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
    0x9517E000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
    0x8374D000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
    0x951F5000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
    0x8C57C000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0x9526B000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
    0x8C791000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0x8378D000 00000090 73728 bytes
    0x936BC000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
    0x934BF000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
    0x9531C000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
    0x8378D000 C:\Windows\system32\drivers\winhv.sys 73728 bytes (Microsoft Corporation, Windows Hypervisor Interface Driver)
    0x8CA76000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
    0x9516D000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
    0x837D4000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
    0x95059000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
    0x836CC000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
    0x834B9000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
    0x8C7A4000 C:\Windows\system32\drivers\termdd.sys 69632 bytes (Microsoft Corporation, Remote Desktop Server Driver)
    0x9525B000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
    0x8CA2C000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
    0x836DD000 C:\Windows\system32\drivers\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
    0x937E7000 C:\Windows\system32\DRIVERS\AmdLLD.sys 61440 bytes (AMD, Inc., AMD Low Level Device Driver)
    0x9FE5E000 C:\Windows\system32\DRIVERS\NisDrvWFP.sys 61440 bytes (Microsoft Corporation, Microsoft Network Inspection System Driver)
    0x94000000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
    0x93490000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
    0x8C81F000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
    0x8CB8F000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
    0x8373F000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
    0x8C5EC000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
    0x93400000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
    0x95197000 C:\Windows\system32\DRIVERS\usbscan.sys 57344 bytes (Microsoft Corporation, USB Scanner Driver)
    0x83630000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
    0x936AF000 C:\Windows\system32\drivers\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
    0x9514C000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
    0x951B0000 C:\Windows\system32\DRIVERS\dot4usb.sys 53248 bytes (Microsoft Corporation, DOT4USB filter driver)
    0x93763000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
    0x9369C000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
    0x9FCE0000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
    0x8CB5F000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
    0x8C40A000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
    0x9520F000 C:\Windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
    0x8CBB4000 C:\Windows\system32\DRIVERS\TDI.SYS 49152 bytes (Microsoft Corporation, TDI Wrapper)
    0x8CB32000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    0x9FE42000 C:\Users\Derek\AppData\Local\Temp\aswMBR.sys 45056 bytes
    0x95159000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
    0x93661000 C:\Windows\system32\DRIVERS\fdc.sys 45056 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
    0x951EA000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
    0x9521B000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
    0x8CB84000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
    0x936E6000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0x951A5000 C:\Windows\system32\DRIVERS\usbprint.sys 45056 bytes (Microsoft Corporation, USB Printer driver)
    0x947F2000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
    0x836C1000 C:\Windows\system32\drivers\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
    0x95142000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
    0x9504F000 C:\Windows\system32\DRIVERS\flpydisk.sys 40960 bytes (Microsoft Corporation, Floppy Driver)
    0x9FD3D000 C:\Windows\system32\DRIVERS\MpNWMon.sys 40960 bytes (Microsoft Corporation, Network monitor driver)
    0x8C400000 C:\Windows\system32\drivers\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
    0x8C7F6000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
    0x93759000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
    0x9FCB5000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
    0x93657000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
    0x837CB000 C:\Windows\system32\drivers\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
    0x8379F000 C:\Windows\system32\drivers\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
    0x9FE7B000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
    0x951E1000 C:\Windows\system32\DRIVERS\Dot4Prt.sys 36864 bytes (Microsoft Corporation, IEEE-1284.4 Print Class Driver)
    0x95164000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes
    0x8C5FA000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
    0x97350000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
    0x8C9AF000 C:\Windows\system32\drivers\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
    0x83686000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0x834CA000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
    0x9FE4F000 C:\Users\Derek\AppData\Local\Temp\catchme.sys 32768 bytes
    0x8CA3C000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
    0x8368F000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
    0x8CB6C000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
    0x8CB74000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
    0x8CB7C000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
    0x8C9F7000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
    0x8CB2B000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
    0x95208000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
    0x83738000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
    0x8CB24000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
    0x953A7000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
    0x8CBF2000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
    0x936A9000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
    0x9FE6D000 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9ED0A321-B675-4571-883A-E6AAEC66FB5C}\MpKsl3c9fef5f.sys 24576 bytes (Microsoft Corporation, KSLDriver)
    0x9FE4D000 C:\Windows\system32\Drivers\PROCEXP113.SYS 8192 bytes
    0x9400F000 C:\Windows\system32\drivers\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0x95195000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
    0x80BC5000 00000088 6656 bytes
    0x80BC5000 C:\Windows\system32\kdcom.dll 6656 bytes (Microsoft Corporation, Serial Kernel Debugger)
    !!!!!!!!!!!Hidden driver: 0x86621F38 00000316 0 bytes
    ==============================================
    >Stealth
    ==============================================
    0x86628990 Unknown page with executable code, 1648 bytes
    0x8662663B Unknown page with executable code, 2501 bytes
    0x86626108 Unknown thread object [ ETHREAD 0x861ACD48 ] TID: 216, 600 bytes
    0x86626B2D Unknown thread object [ ETHREAD 0x86636960 ] TID: 224, 600 bytes
    0x86627A11 Unknown thread object [ ETHREAD 0x86636688 ] TID: 228, 600 bytes
    0x86623FB5 Unknown page with executable code, 75 bytes


    !!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)
     
  9. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  10. Kergath

    Kergath TS Rookie Topic Starter

    2011/09/22 19:55:01.0735 0912 TDSS rootkit removing tool 2.5.23.0 Sep 20 2011 08:53:10
    2011/09/22 19:55:02.0185 0912 ================================================================================
    2011/09/22 19:55:02.0185 0912 SystemInfo:
    2011/09/22 19:55:02.0185 0912
    2011/09/22 19:55:02.0185 0912 OS Version: 6.1.7601 ServicePack: 1.0
    2011/09/22 19:55:02.0185 0912 Product type: Workstation
    2011/09/22 19:55:02.0186 0912 ComputerName: DEREK-PC
    2011/09/22 19:55:02.0186 0912 UserName: Derek
    2011/09/22 19:55:02.0186 0912 Windows directory: C:\Windows
    2011/09/22 19:55:02.0186 0912 System windows directory: C:\Windows
    2011/09/22 19:55:02.0186 0912 Processor architecture: Intel x86
    2011/09/22 19:55:02.0186 0912 Number of processors: 2
    2011/09/22 19:55:02.0186 0912 Page size: 0x1000
    2011/09/22 19:55:02.0186 0912 Boot type: Normal boot
    2011/09/22 19:55:02.0186 0912 ================================================================================
    2011/09/22 19:55:03.0658 0912 Initialize success
    2011/09/22 19:55:07.0914 5304 ================================================================================
    2011/09/22 19:55:07.0914 5304 Scan started
    2011/09/22 19:55:07.0914 5304 Mode: Manual;
    2011/09/22 19:55:07.0914 5304 ================================================================================
    2011/09/22 19:55:08.0904 5304 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
    2011/09/22 19:55:08.0935 5304 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
    2011/09/22 19:55:08.0956 5304 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
    2011/09/22 19:55:08.0995 5304 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/09/22 19:55:09.0029 5304 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/09/22 19:55:09.0056 5304 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/09/22 19:55:09.0119 5304 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
    2011/09/22 19:55:09.0143 5304 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
    2011/09/22 19:55:09.0166 5304 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    2011/09/22 19:55:09.0226 5304 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
    2011/09/22 19:55:09.0274 5304 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
    2011/09/22 19:55:09.0300 5304 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
    2011/09/22 19:55:09.0320 5304 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/09/22 19:55:09.0484 5304 amdkmdag (d05cf4523e0c04ef82454abfd84fdc1d) C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/09/22 19:55:09.0643 5304 amdkmdap (92dc2e0ae49148f83b24d89c737b0c97) C:\Windows\system32\DRIVERS\atikmpag.sys
    2011/09/22 19:55:09.0702 5304 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\Windows\system32\DRIVERS\AmdLLD.sys
    2011/09/22 19:55:09.0718 5304 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/09/22 19:55:09.0763 5304 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
    2011/09/22 19:55:09.0787 5304 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/09/22 19:55:09.0807 5304 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
    2011/09/22 19:55:09.0873 5304 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
    2011/09/22 19:55:09.0946 5304 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    2011/09/22 19:55:09.0965 5304 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/09/22 19:55:09.0997 5304 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/09/22 19:55:10.0036 5304 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
    2011/09/22 19:55:10.0229 5304 atikmdag (d05cf4523e0c04ef82454abfd84fdc1d) C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/09/22 19:55:10.0567 5304 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    2011/09/22 19:55:10.0594 5304 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    2011/09/22 19:55:10.0624 5304 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    2011/09/22 19:55:10.0656 5304 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/09/22 19:55:10.0731 5304 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
    2011/09/22 19:55:10.0752 5304 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/09/22 19:55:10.0778 5304 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/09/22 19:55:10.0815 5304 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    2011/09/22 19:55:10.0840 5304 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/09/22 19:55:10.0864 5304 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/09/22 19:55:10.0907 5304 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/09/22 19:55:10.0922 5304 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/09/22 19:55:10.0983 5304 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/09/22 19:55:11.0041 5304 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/09/22 19:55:11.0065 5304 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    2011/09/22 19:55:11.0106 5304 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    2011/09/22 19:55:11.0148 5304 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/09/22 19:55:11.0179 5304 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
    2011/09/22 19:55:11.0213 5304 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    2011/09/22 19:55:11.0246 5304 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/09/22 19:55:11.0300 5304 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
    2011/09/22 19:55:11.0351 5304 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/09/22 19:55:11.0405 5304 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
    2011/09/22 19:55:11.0472 5304 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
    2011/09/22 19:55:11.0493 5304 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    2011/09/22 19:55:11.0545 5304 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    2011/09/22 19:55:11.0609 5304 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
    2011/09/22 19:55:11.0645 5304 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    2011/09/22 19:55:11.0670 5304 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
    2011/09/22 19:55:11.0704 5304 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    2011/09/22 19:55:11.0753 5304 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/09/22 19:55:11.0835 5304 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    2011/09/22 19:55:11.0940 5304 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/09/22 19:55:11.0988 5304 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
    2011/09/22 19:55:12.0035 5304 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    2011/09/22 19:55:12.0066 5304 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    2011/09/22 19:55:12.0094 5304 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    2011/09/22 19:55:12.0132 5304 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    2011/09/22 19:55:12.0148 5304 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    2011/09/22 19:55:12.0175 5304 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/09/22 19:55:12.0199 5304 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    2011/09/22 19:55:12.0227 5304 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    2011/09/22 19:55:12.0287 5304 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
    2011/09/22 19:55:12.0311 5304 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/09/22 19:55:12.0348 5304 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/09/22 19:55:12.0367 5304 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/09/22 19:55:12.0443 5304 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/09/22 19:55:12.0464 5304 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    2011/09/22 19:55:12.0523 5304 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
    2011/09/22 19:55:12.0570 5304 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
    2011/09/22 19:55:12.0593 5304 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/09/22 19:55:12.0622 5304 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/09/22 19:55:12.0652 5304 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    2011/09/22 19:55:12.0694 5304 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/09/22 19:55:12.0771 5304 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
    2011/09/22 19:55:12.0831 5304 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
    2011/09/22 19:55:12.0872 5304 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
    2011/09/22 19:55:12.0902 5304 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/09/22 19:55:12.0962 5304 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
    2011/09/22 19:55:12.0987 5304 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/09/22 19:55:13.0016 5304 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
    2011/09/22 19:55:13.0047 5304 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/09/22 19:55:13.0068 5304 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/09/22 19:55:13.0108 5304 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
    2011/09/22 19:55:13.0131 5304 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    2011/09/22 19:55:13.0163 5304 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    2011/09/22 19:55:13.0180 5304 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
    2011/09/22 19:55:13.0213 5304 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
    2011/09/22 19:55:13.0264 5304 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/09/22 19:55:13.0289 5304 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/09/22 19:55:13.0343 5304 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
    2011/09/22 19:55:13.0370 5304 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/09/22 19:55:13.0513 5304 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/09/22 19:55:13.0556 5304 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/09/22 19:55:13.0584 5304 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/09/22 19:55:13.0600 5304 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/09/22 19:55:13.0628 5304 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/09/22 19:55:13.0662 5304 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    2011/09/22 19:55:13.0712 5304 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
    2011/09/22 19:55:13.0740 5304 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    2011/09/22 19:55:13.0765 5304 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/09/22 19:55:13.0800 5304 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    2011/09/22 19:55:13.0894 5304 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    2011/09/22 19:55:13.0941 5304 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/09/22 19:55:13.0968 5304 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/09/22 19:55:14.0011 5304 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
    2011/09/22 19:55:14.0072 5304 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
    2011/09/22 19:55:14.0118 5304 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
    2011/09/22 19:55:14.0572 5304 MpKslb90d6e82 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9ED0A321-B675-4571-883A-E6AAEC66FB5C}\MpKslb90d6e82.sys
    2011/09/22 19:55:14.0655 5304 MpKsle94120ba (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9ED0A321-B675-4571-883A-E6AAEC66FB5C}\MpKsle94120ba.sys
    2011/09/22 19:55:14.0806 5304 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
    2011/09/22 19:55:14.0842 5304 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    2011/09/22 19:55:14.0891 5304 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
    2011/09/22 19:55:14.0944 5304 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/09/22 19:55:14.0996 5304 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/09/22 19:55:15.0024 5304 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/09/22 19:55:15.0066 5304 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
    2011/09/22 19:55:15.0109 5304 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
    2011/09/22 19:55:15.0165 5304 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    2011/09/22 19:55:15.0185 5304 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/09/22 19:55:15.0254 5304 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
    2011/09/22 19:55:15.0297 5304 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/09/22 19:55:15.0325 5304 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/09/22 19:55:15.0341 5304 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    2011/09/22 19:55:15.0386 5304 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    2011/09/22 19:55:15.0443 5304 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
    2011/09/22 19:55:15.0465 5304 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    2011/09/22 19:55:15.0487 5304 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/09/22 19:55:15.0506 5304 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    2011/09/22 19:55:15.0547 5304 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/09/22 19:55:15.0680 5304 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
    2011/09/22 19:55:15.0714 5304 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/09/22 19:55:15.0742 5304 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/09/22 19:55:15.0793 5304 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/09/22 19:55:15.0845 5304 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/09/22 19:55:15.0892 5304 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
    2011/09/22 19:55:15.0923 5304 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    2011/09/22 19:55:15.0972 5304 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
    2011/09/22 19:55:16.0037 5304 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/09/22 19:55:16.0098 5304 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    2011/09/22 19:55:16.0133 5304 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    2011/09/22 19:55:16.0158 5304 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    2011/09/22 19:55:16.0237 5304 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
    2011/09/22 19:55:16.0275 5304 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    2011/09/22 19:55:16.0325 5304 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
    2011/09/22 19:55:16.0364 5304 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
    2011/09/22 19:55:16.0418 5304 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
    2011/09/22 19:55:16.0454 5304 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
    2011/09/22 19:55:16.0513 5304 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    2011/09/22 19:55:16.0550 5304 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
    2011/09/22 19:55:16.0579 5304 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    2011/09/22 19:55:16.0626 5304 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
    2011/09/22 19:55:16.0647 5304 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
    2011/09/22 19:55:16.0670 5304 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/09/22 19:55:16.0699 5304 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    2011/09/22 19:55:16.0733 5304 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    2011/09/22 19:55:16.0839 5304 Point32 (420336f91eb745811cf130c80ede0653) C:\Windows\system32\DRIVERS\point32.sys
    2011/09/22 19:55:16.0883 5304 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/09/22 19:55:16.0900 5304 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    2011/09/22 19:55:16.0952 5304 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    2011/09/22 19:55:17.0001 5304 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/09/22 19:55:17.0035 5304 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/09/22 19:55:17.0060 5304 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    2011/09/22 19:55:17.0079 5304 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/09/22 19:55:17.0101 5304 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/09/22 19:55:17.0125 5304 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/09/22 19:55:17.0158 5304 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/09/22 19:55:17.0179 5304 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/09/22 19:55:17.0223 5304 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/09/22 19:55:17.0254 5304 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/09/22 19:55:17.0281 5304 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/09/22 19:55:17.0316 5304 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
    2011/09/22 19:55:17.0339 5304 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    2011/09/22 19:55:17.0363 5304 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    2011/09/22 19:55:17.0411 5304 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
    2011/09/22 19:55:17.0447 5304 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
    2011/09/22 19:55:17.0488 5304 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
    2011/09/22 19:55:17.0546 5304 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/09/22 19:55:17.0600 5304 RTL8167 (d5ede44ca85899e0478208c8413c1c31) C:\Windows\system32\DRIVERS\Rt86win7.sys
    2011/09/22 19:55:17.0646 5304 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
    2011/09/22 19:55:17.0696 5304 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
    2011/09/22 19:55:17.0724 5304 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/09/22 19:55:17.0773 5304 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/09/22 19:55:17.0825 5304 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    2011/09/22 19:55:17.0849 5304 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    2011/09/22 19:55:17.0899 5304 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/09/22 19:55:17.0965 5304 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
    2011/09/22 19:55:17.0980 5304 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/09/22 19:55:18.0004 5304 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
    2011/09/22 19:55:18.0019 5304 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/09/22 19:55:18.0080 5304 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
    2011/09/22 19:55:18.0108 5304 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/09/22 19:55:18.0137 5304 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/09/22 19:55:18.0176 5304 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    2011/09/22 19:55:18.0211 5304 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    2011/09/22 19:55:18.0270 5304 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
    2011/09/22 19:55:18.0320 5304 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
    2011/09/22 19:55:18.0344 5304 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/09/22 19:55:18.0403 5304 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/09/22 19:55:18.0458 5304 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
    2011/09/22 19:55:18.0496 5304 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
    2011/09/22 19:55:18.0512 5304 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
    2011/09/22 19:55:18.0622 5304 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys
    2011/09/22 19:55:18.0689 5304 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/09/22 19:55:18.0743 5304 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
    2011/09/22 19:55:18.0799 5304 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
    2011/09/22 19:55:18.0822 5304 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
    2011/09/22 19:55:18.0856 5304 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
    2011/09/22 19:55:18.0872 5304 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
    2011/09/22 19:55:18.0953 5304 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/09/22 19:55:18.0996 5304 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
    2011/09/22 19:55:19.0065 5304 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/09/22 19:55:19.0108 5304 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/09/22 19:55:19.0144 5304 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
    2011/09/22 19:55:19.0184 5304 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
    2011/09/22 19:55:19.0222 5304 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
    2011/09/22 19:55:19.0248 5304 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    2011/09/22 19:55:19.0312 5304 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
    2011/09/22 19:55:19.0364 5304 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/09/22 19:55:19.0401 5304 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
    2011/09/22 19:55:19.0424 5304 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/09/22 19:55:19.0471 5304 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/09/22 19:55:19.0502 5304 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/09/22 19:55:19.0520 5304 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/09/22 19:55:19.0564 5304 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/09/22 19:55:19.0607 5304 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/09/22 19:55:19.0630 5304 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/09/22 19:55:19.0685 5304 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
    2011/09/22 19:55:19.0707 5304 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/09/22 19:55:19.0726 5304 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    2011/09/22 19:55:19.0799 5304 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
    2011/09/22 19:55:19.0828 5304 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
    2011/09/22 19:55:19.0854 5304 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    2011/09/22 19:55:19.0876 5304 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
    2011/09/22 19:55:19.0916 5304 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
    2011/09/22 19:55:19.0963 5304 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
    2011/09/22 19:55:19.0985 5304 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
    2011/09/22 19:55:20.0020 5304 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    2011/09/22 19:55:20.0061 5304 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
    2011/09/22 19:55:20.0090 5304 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/09/22 19:55:20.0123 5304 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    2011/09/22 19:55:20.0150 5304 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/09/22 19:55:20.0198 5304 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/09/22 19:55:20.0211 5304 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/09/22 19:55:20.0274 5304 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    2011/09/22 19:55:20.0319 5304 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    2011/09/22 19:55:20.0398 5304 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/09/22 19:55:20.0415 5304 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    2011/09/22 19:55:20.0493 5304 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
    2011/09/22 19:55:20.0555 5304 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/09/22 19:55:20.0614 5304 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
    2011/09/22 19:55:20.0658 5304 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/09/22 19:55:20.0699 5304 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0
    2011/09/22 19:55:20.0705 5304 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
    2011/09/22 19:55:20.0716 5304 Boot (0x1200) (2df0d862e581774744a6031277e9528d) \Device\Harddisk0\DR0\Partition0
     
  11. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    The log is incomplete.
    Please repost it.
     
  12. Kergath

    Kergath TS Rookie Topic Starter

    Reposted it again but it seems to be the same as the last one.

    Also: skype is now running for me after the last fix but a game (league of legends) stopped running last night.

    Edit: My mistake my notepad was off screen and figured out the issue. Here is the entire scan.

    2011/09/22 19:55:01.0735 0912 TDSS rootkit removing tool 2.5.23.0 Sep 20 2011 08:53:10
    2011/09/22 19:55:02.0185 0912 ================================================================================
    2011/09/22 19:55:02.0185 0912 SystemInfo:
    2011/09/22 19:55:02.0185 0912
    2011/09/22 19:55:02.0185 0912 OS Version: 6.1.7601 ServicePack: 1.0
    2011/09/22 19:55:02.0185 0912 Product type: Workstation
    2011/09/22 19:55:02.0186 0912 ComputerName: DEREK-PC
    2011/09/22 19:55:02.0186 0912 UserName: Derek
    2011/09/22 19:55:02.0186 0912 Windows directory: C:\Windows
    2011/09/22 19:55:02.0186 0912 System windows directory: C:\Windows
    2011/09/22 19:55:02.0186 0912 Processor architecture: Intel x86
    2011/09/22 19:55:02.0186 0912 Number of processors: 2
    2011/09/22 19:55:02.0186 0912 Page size: 0x1000
    2011/09/22 19:55:02.0186 0912 Boot type: Normal boot
    2011/09/22 19:55:02.0186 0912 ================================================================================
    2011/09/22 19:55:03.0658 0912 Initialize success
    2011/09/22 19:55:07.0914 5304 ================================================================================
    2011/09/22 19:55:07.0914 5304 Scan started
    2011/09/22 19:55:07.0914 5304 Mode: Manual;
    2011/09/22 19:55:07.0914 5304 ================================================================================
    2011/09/22 19:55:08.0904 5304 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
    2011/09/22 19:55:08.0935 5304 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
    2011/09/22 19:55:08.0956 5304 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
    2011/09/22 19:55:08.0995 5304 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/09/22 19:55:09.0029 5304 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/09/22 19:55:09.0056 5304 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/09/22 19:55:09.0119 5304 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
    2011/09/22 19:55:09.0143 5304 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
    2011/09/22 19:55:09.0166 5304 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    2011/09/22 19:55:09.0226 5304 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
    2011/09/22 19:55:09.0274 5304 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
    2011/09/22 19:55:09.0300 5304 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
    2011/09/22 19:55:09.0320 5304 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/09/22 19:55:09.0484 5304 amdkmdag (d05cf4523e0c04ef82454abfd84fdc1d) C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/09/22 19:55:09.0643 5304 amdkmdap (92dc2e0ae49148f83b24d89c737b0c97) C:\Windows\system32\DRIVERS\atikmpag.sys
    2011/09/22 19:55:09.0702 5304 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\Windows\system32\DRIVERS\AmdLLD.sys
    2011/09/22 19:55:09.0718 5304 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/09/22 19:55:09.0763 5304 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
    2011/09/22 19:55:09.0787 5304 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/09/22 19:55:09.0807 5304 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
    2011/09/22 19:55:09.0873 5304 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
    2011/09/22 19:55:09.0946 5304 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    2011/09/22 19:55:09.0965 5304 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/09/22 19:55:09.0997 5304 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/09/22 19:55:10.0036 5304 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
    2011/09/22 19:55:10.0229 5304 atikmdag (d05cf4523e0c04ef82454abfd84fdc1d) C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/09/22 19:55:10.0567 5304 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    2011/09/22 19:55:10.0594 5304 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    2011/09/22 19:55:10.0624 5304 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    2011/09/22 19:55:10.0656 5304 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/09/22 19:55:10.0731 5304 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
    2011/09/22 19:55:10.0752 5304 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/09/22 19:55:10.0778 5304 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/09/22 19:55:10.0815 5304 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    2011/09/22 19:55:10.0840 5304 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/09/22 19:55:10.0864 5304 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/09/22 19:55:10.0907 5304 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/09/22 19:55:10.0922 5304 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/09/22 19:55:10.0983 5304 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/09/22 19:55:11.0041 5304 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/09/22 19:55:11.0065 5304 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    2011/09/22 19:55:11.0106 5304 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    2011/09/22 19:55:11.0148 5304 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/09/22 19:55:11.0179 5304 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
    2011/09/22 19:55:11.0213 5304 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    2011/09/22 19:55:11.0246 5304 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/09/22 19:55:11.0300 5304 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
    2011/09/22 19:55:11.0351 5304 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/09/22 19:55:11.0405 5304 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
    2011/09/22 19:55:11.0472 5304 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
    2011/09/22 19:55:11.0493 5304 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    2011/09/22 19:55:11.0545 5304 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    2011/09/22 19:55:11.0609 5304 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
    2011/09/22 19:55:11.0645 5304 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    2011/09/22 19:55:11.0670 5304 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
    2011/09/22 19:55:11.0704 5304 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    2011/09/22 19:55:11.0753 5304 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/09/22 19:55:11.0835 5304 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    2011/09/22 19:55:11.0940 5304 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/09/22 19:55:11.0988 5304 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
    2011/09/22 19:55:12.0035 5304 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    2011/09/22 19:55:12.0066 5304 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    2011/09/22 19:55:12.0094 5304 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    2011/09/22 19:55:12.0132 5304 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    2011/09/22 19:55:12.0148 5304 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    2011/09/22 19:55:12.0175 5304 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/09/22 19:55:12.0199 5304 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    2011/09/22 19:55:12.0227 5304 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    2011/09/22 19:55:12.0287 5304 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
    2011/09/22 19:55:12.0311 5304 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/09/22 19:55:12.0348 5304 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/09/22 19:55:12.0367 5304 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/09/22 19:55:12.0443 5304 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/09/22 19:55:12.0464 5304 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    2011/09/22 19:55:12.0523 5304 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
    2011/09/22 19:55:12.0570 5304 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
    2011/09/22 19:55:12.0593 5304 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/09/22 19:55:12.0622 5304 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/09/22 19:55:12.0652 5304 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    2011/09/22 19:55:12.0694 5304 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/09/22 19:55:12.0771 5304 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
    2011/09/22 19:55:12.0831 5304 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
    2011/09/22 19:55:12.0872 5304 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
    2011/09/22 19:55:12.0902 5304 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/09/22 19:55:12.0962 5304 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
    2011/09/22 19:55:12.0987 5304 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/09/22 19:55:13.0016 5304 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
    2011/09/22 19:55:13.0047 5304 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/09/22 19:55:13.0068 5304 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/09/22 19:55:13.0108 5304 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
    2011/09/22 19:55:13.0131 5304 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    2011/09/22 19:55:13.0163 5304 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    2011/09/22 19:55:13.0180 5304 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
    2011/09/22 19:55:13.0213 5304 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
    2011/09/22 19:55:13.0264 5304 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/09/22 19:55:13.0289 5304 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/09/22 19:55:13.0343 5304 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
    2011/09/22 19:55:13.0370 5304 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/09/22 19:55:13.0513 5304 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/09/22 19:55:13.0556 5304 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/09/22 19:55:13.0584 5304 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/09/22 19:55:13.0600 5304 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/09/22 19:55:13.0628 5304 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/09/22 19:55:13.0662 5304 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    2011/09/22 19:55:13.0712 5304 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
    2011/09/22 19:55:13.0740 5304 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    2011/09/22 19:55:13.0765 5304 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/09/22 19:55:13.0800 5304 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    2011/09/22 19:55:13.0894 5304 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    2011/09/22 19:55:13.0941 5304 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/09/22 19:55:13.0968 5304 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/09/22 19:55:14.0011 5304 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
    2011/09/22 19:55:14.0072 5304 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
    2011/09/22 19:55:14.0118 5304 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
    2011/09/22 19:55:14.0572 5304 MpKslb90d6e82 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9ED0A321-B675-4571-883A-E6AAEC66FB5C}\MpKslb90d6e82.sys
    2011/09/22 19:55:14.0655 5304 MpKsle94120ba (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9ED0A321-B675-4571-883A-E6AAEC66FB5C}\MpKsle94120ba.sys
    2011/09/22 19:55:14.0806 5304 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
    2011/09/22 19:55:14.0842 5304 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    2011/09/22 19:55:14.0891 5304 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
    2011/09/22 19:55:14.0944 5304 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/09/22 19:55:14.0996 5304 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/09/22 19:55:15.0024 5304 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/09/22 19:55:15.0066 5304 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
    2011/09/22 19:55:15.0109 5304 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
    2011/09/22 19:55:15.0165 5304 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    2011/09/22 19:55:15.0185 5304 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/09/22 19:55:15.0254 5304 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
    2011/09/22 19:55:15.0297 5304 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/09/22 19:55:15.0325 5304 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/09/22 19:55:15.0341 5304 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    2011/09/22 19:55:15.0386 5304 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    2011/09/22 19:55:15.0443 5304 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
    2011/09/22 19:55:15.0465 5304 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    2011/09/22 19:55:15.0487 5304 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/09/22 19:55:15.0506 5304 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    2011/09/22 19:55:15.0547 5304 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/09/22 19:55:15.0680 5304 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
    2011/09/22 19:55:15.0714 5304 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/09/22 19:55:15.0742 5304 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/09/22 19:55:15.0793 5304 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/09/22 19:55:15.0845 5304 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/09/22 19:55:15.0892 5304 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
    2011/09/22 19:55:15.0923 5304 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    2011/09/22 19:55:15.0972 5304 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
    2011/09/22 19:55:16.0037 5304 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/09/22 19:55:16.0098 5304 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    2011/09/22 19:55:16.0133 5304 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    2011/09/22 19:55:16.0158 5304 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    2011/09/22 19:55:16.0237 5304 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
    2011/09/22 19:55:16.0275 5304 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    2011/09/22 19:55:16.0325 5304 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
    2011/09/22 19:55:16.0364 5304 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
    2011/09/22 19:55:16.0418 5304 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
    2011/09/22 19:55:16.0454 5304 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
    2011/09/22 19:55:16.0513 5304 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    2011/09/22 19:55:16.0550 5304 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
    2011/09/22 19:55:16.0579 5304 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    2011/09/22 19:55:16.0626 5304 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
    2011/09/22 19:55:16.0647 5304 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
    2011/09/22 19:55:16.0670 5304 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/09/22 19:55:16.0699 5304 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    2011/09/22 19:55:16.0733 5304 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    2011/09/22 19:55:16.0839 5304 Point32 (420336f91eb745811cf130c80ede0653) C:\Windows\system32\DRIVERS\point32.sys
    2011/09/22 19:55:16.0883 5304 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/09/22 19:55:16.0900 5304 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    2011/09/22 19:55:16.0952 5304 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    2011/09/22 19:55:17.0001 5304 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/09/22 19:55:17.0035 5304 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/09/22 19:55:17.0060 5304 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    2011/09/22 19:55:17.0079 5304 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/09/22 19:55:17.0101 5304 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/09/22 19:55:17.0125 5304 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/09/22 19:55:17.0158 5304 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/09/22 19:55:17.0179 5304 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/09/22 19:55:17.0223 5304 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/09/22 19:55:17.0254 5304 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/09/22 19:55:17.0281 5304 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/09/22 19:55:17.0316 5304 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
    2011/09/22 19:55:17.0339 5304 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    2011/09/22 19:55:17.0363 5304 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    2011/09/22 19:55:17.0411 5304 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
    2011/09/22 19:55:17.0447 5304 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
    2011/09/22 19:55:17.0488 5304 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
    2011/09/22 19:55:17.0546 5304 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/09/22 19:55:17.0600 5304 RTL8167 (d5ede44ca85899e0478208c8413c1c31) C:\Windows\system32\DRIVERS\Rt86win7.sys
    2011/09/22 19:55:17.0646 5304 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
    2011/09/22 19:55:17.0696 5304 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
    2011/09/22 19:55:17.0724 5304 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/09/22 19:55:17.0773 5304 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/09/22 19:55:17.0825 5304 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    2011/09/22 19:55:17.0849 5304 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    2011/09/22 19:55:17.0899 5304 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/09/22 19:55:17.0965 5304 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
    2011/09/22 19:55:17.0980 5304 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/09/22 19:55:18.0004 5304 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
    2011/09/22 19:55:18.0019 5304 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/09/22 19:55:18.0080 5304 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
    2011/09/22 19:55:18.0108 5304 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/09/22 19:55:18.0137 5304 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/09/22 19:55:18.0176 5304 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    2011/09/22 19:55:18.0211 5304 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    2011/09/22 19:55:18.0270 5304 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
    2011/09/22 19:55:18.0320 5304 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
    2011/09/22 19:55:18.0344 5304 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/09/22 19:55:18.0403 5304 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/09/22 19:55:18.0458 5304 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
    2011/09/22 19:55:18.0496 5304 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
    2011/09/22 19:55:18.0512 5304 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
    2011/09/22 19:55:18.0622 5304 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys
    2011/09/22 19:55:18.0689 5304 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/09/22 19:55:18.0743 5304 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
    2011/09/22 19:55:18.0799 5304 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
    2011/09/22 19:55:18.0822 5304 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
    2011/09/22 19:55:18.0856 5304 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
    2011/09/22 19:55:18.0872 5304 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
    2011/09/22 19:55:18.0953 5304 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/09/22 19:55:18.0996 5304 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
    2011/09/22 19:55:19.0065 5304 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/09/22 19:55:19.0108 5304 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/09/22 19:55:19.0144 5304 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
    2011/09/22 19:55:19.0184 5304 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
    2011/09/22 19:55:19.0222 5304 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
    2011/09/22 19:55:19.0248 5304 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    2011/09/22 19:55:19.0312 5304 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
    2011/09/22 19:55:19.0364 5304 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/09/22 19:55:19.0401 5304 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
    2011/09/22 19:55:19.0424 5304 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/09/22 19:55:19.0471 5304 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/09/22 19:55:19.0502 5304 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/09/22 19:55:19.0520 5304 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/09/22 19:55:19.0564 5304 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/09/22 19:55:19.0607 5304 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/09/22 19:55:19.0630 5304 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/09/22 19:55:19.0685 5304 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
    2011/09/22 19:55:19.0707 5304 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/09/22 19:55:19.0726 5304 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    2011/09/22 19:55:19.0799 5304 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
    2011/09/22 19:55:19.0828 5304 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
    2011/09/22 19:55:19.0854 5304 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    2011/09/22 19:55:19.0876 5304 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
    2011/09/22 19:55:19.0916 5304 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
    2011/09/22 19:55:19.0963 5304 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
    2011/09/22 19:55:19.0985 5304 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
    2011/09/22 19:55:20.0020 5304 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    2011/09/22 19:55:20.0061 5304 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
    2011/09/22 19:55:20.0090 5304 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/09/22 19:55:20.0123 5304 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    2011/09/22 19:55:20.0150 5304 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/09/22 19:55:20.0198 5304 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/09/22 19:55:20.0211 5304 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/09/22 19:55:20.0274 5304 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    2011/09/22 19:55:20.0319 5304 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    2011/09/22 19:55:20.0398 5304 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/09/22 19:55:20.0415 5304 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    2011/09/22 19:55:20.0493 5304 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
    2011/09/22 19:55:20.0555 5304 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/09/22 19:55:20.0614 5304 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
    2011/09/22 19:55:20.0658 5304 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/09/22 19:55:20.0699 5304 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0
    2011/09/22 19:55:20.0705 5304 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
    2011/09/22 19:55:20.0716 5304 Boot (0x1200) (2df0d862e581774744a6031277e9528d) \Device\Harddisk0\DR0\Partition0
    2011/09/22 19:55:20.0734 5304 Boot (0x1200) (0050d3c46719eff53efd7d1b2d596e03) \Device\Harddisk0\DR0\Partition1
    2011/09/22 19:55:20.0741 5304 ================================================================================
    2011/09/22 19:55:20.0742 5304 Scan finished
    2011/09/22 19:55:20.0742 5304 ================================================================================
    2011/09/22 19:55:20.0754 5276 Detected object count: 1
    2011/09/22 19:55:20.0754 5276 Actual detected object count: 1
    2011/09/22 19:55:30.0763 5276 \Device\Harddisk0\DR0 (Rootkit.Boot.SST.a) - will be cured after reboot
    2011/09/22 19:55:30.0763 5276 \Device\Harddisk0\DR0 - ok
    2011/09/22 19:55:30.0764 5276 Rootkit.Boot.SST.a(\Device\Harddisk0\DR0) - User select action: Cure
    2011/09/22 19:55:47.0710 4988 Deinitialize success
     
  13. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Good :)
    Post new RKUnhooker log.
     
  14. Kergath

    Kergath TS Rookie Topic Starter

    Reinstalled the game and it seems to be working so idk maybe that was it. The google hijack seems to have stopped also.

    Heres the log:

    RkU Version: 3.8.389.593, Type LE (SR2)
    ==============================================
    OS Name: Windows 7
    Version 6.1.7601 (Service Pack 1)
    Number of processors #2
    ==============================================
    >Drivers
    ==============================================
    0x9401A000 C:\Windows\system32\DRIVERS\atikmdag.sys 7888896 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
    0x82C10000 C:\Windows\system32\ntoskrnl.exe 4206592 bytes (Microsoft Corporation, NT Kernel & System)
    0x82C10000 PnpManager 4206592 bytes
    0x82C10000 RAW 4206592 bytes
    0x82C10000 WMIxWDM 4206592 bytes
    0x96950000 Win32k 2416640 bytes
    0x96950000 C:\Windows\System32\win32k.sys 2416640 bytes (Microsoft Corporation, Multi-User Win32 Driver)
    0x8C80F000 C:\Windows\System32\drivers\tcpip.sys 1351680 bytes (Microsoft Corporation, TCP/IP Driver)
    0x8C401000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
    0x93501000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
    0x8C5E2000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
    0x8C10A000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
    0x9F42A000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
    0x95689000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
    0x8C02A000 C:\Windows\system32\mcupdate_GenuineIntel.dll 544768 bytes (Microsoft Corporation, Intel Microcode Update Library)
    0x8C1B5000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
    0x93405000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
    0x8C56E000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
    0x8CB9B000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0x9F549000 C:\Windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
    0x95475000 C:\Windows\system32\drivers\HdAudio.sys 327680 bytes (Microsoft Corporation, High Definition Audio Function Driver)
    0x9F4F9000 C:\Windows\System32\DRIVERS\srv2.sys 327680 bytes (Microsoft Corporation, Smb 2.0 Server driver)
    0x96800000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
    0x935FD000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
    0x8C2E3000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
    0x8C234000 C:\Windows\system32\drivers\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
    0x935B8000 C:\Windows\system32\DRIVERS\Rt86win7.sys 282624 bytes (Realtek , Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver )
    0x95416000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
    0x8C0C8000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
    0x8C78B000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0x95517000 C:\Windows\system32\DRIVERS\udfs.sys 262144 bytes (Microsoft Corporation, UDF File System Driver)
    0x934C2000 C:\Windows\system32\DRIVERS\atikmpag.sys 258048 bytes (Advanced Micro Devices, Inc., AMD multi-vendor Miniport Driver)
    0x8C993000 C:\Windows\system32\drivers\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
    0x8C699000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
    0x9575C000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
    0x947A0000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
    0x83013000 ACPI_HAL 225280 bytes
    0x83013000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0x8C3CA000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0x9379E000 C:\Windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
    0x8CA1F000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
    0x8C6FC000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
    0x8C959000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
    0x954C5000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0x8C9DA000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
    0x8C530000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
    0x9F5B0000 C:\Windows\System32\Drivers\fastfat.SYS 172032 bytes (Microsoft Corporation, Fast FAT File System Driver)
    0x8C28D000 C:\Windows\system32\drivers\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
    0x8C359000 C:\Windows\system32\drivers\vmbus.sys 172032 bytes (Microsoft Corporation, Virtual Machine Bus)
    0x8CAD8000 C:\Windows\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
    0x93778000 C:\Windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
    0x8CA62000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
    0x8C6D7000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
    0x955C8000 C:\Windows\system32\DRIVERS\Dot4.sys 147456 bytes (Microsoft Corporation, IEEE-1284.4-1999 Driver)
    0x8C39E000 C:\Windows\system32\drivers\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
    0x95739000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0x936DC000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0x9F4CB000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
    0x9348F000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
    0x8CB19000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
    0x8CAB9000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0x947D9000 C:\Windows\system32\drivers\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
    0x8C72E000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
    0x96850000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
    0x9375B000 C:\Windows\system32\DRIVERS\mcdbus.sys 118784 bytes (MagicISO, Inc., MagicISO SCSI Host Controller)
    0x95631000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
    0x95797000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
    0x8C74D000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
    0x9564C000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
    0x9570E000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
    0x954F4000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
    0x93469000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
    0x93675000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
    0x9365D000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
    0x936B9000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0x936FE000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0x93716000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0x9372D000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
    0x8CB78000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
    0x95589000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
    0x8C343000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
    0x95600000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
    0x8C55B000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0x95676000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
    0x8C767000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0x8C383000 00000090 73728 bytes
    0x936A7000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
    0x934B0000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
    0x95727000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
    0x8C383000 C:\Windows\system32\drivers\winhv.sys 73728 bytes (Microsoft Corporation, Windows Hypervisor Interface Driver)
    0x8CA51000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
    0x95578000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
    0x8C000000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
    0x95464000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
    0x8C2C2000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
    0x8C0AF000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
    0x8C77A000 C:\Windows\system32\drivers\termdd.sys 69632 bytes (Microsoft Corporation, Remote Desktop Server Driver)
    0x95666000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
    0x8CA07000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
    0x8C2D3000 C:\Windows\system32\drivers\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
    0x937D2000 C:\Windows\system32\DRIVERS\AmdLLD.sys 61440 bytes (AMD, Inc., AMD Low Level Device Driver)
    0x9F59B000 C:\Windows\system32\DRIVERS\NisDrvWFP.sys 61440 bytes (Microsoft Corporation, Microsoft Network Inspection System Driver)
    0x9400B000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
    0x93481000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
    0x8C800000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
    0x8CB6A000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
    0x8C335000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
    0x8C5CB000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
    0x937E1000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
    0x955A2000 C:\Windows\system32\DRIVERS\usbscan.sys 57344 bytes (Microsoft Corporation, USB Scanner Driver)
    0x8C226000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
    0x9369A000 C:\Windows\system32\drivers\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
    0x95557000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
    0x955BB000 C:\Windows\system32\DRIVERS\dot4usb.sys 53248 bytes (Microsoft Corporation, DOT4USB filter driver)
    0x9374E000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
    0x9368D000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
    0x9F4EC000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
    0x8CB3A000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
    0x8C7E0000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
    0x9561A000 C:\Windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
    0x8CB8F000 C:\Windows\system32\DRIVERS\TDI.SYS 49152 bytes (Microsoft Corporation, TDI Wrapper)
    0x8CB0D000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    0x95564000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
    0x93652000 C:\Windows\system32\DRIVERS\fdc.sys 45056 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
    0x955F5000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
    0x95626000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
    0x8CB5F000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
    0x936D1000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0x955B0000 C:\Windows\system32\DRIVERS\usbprint.sys 45056 bytes (Microsoft Corporation, USB Printer driver)
    0x94000000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
    0x8C2B7000 C:\Windows\system32\drivers\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
    0x9550D000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
    0x9545A000 C:\Windows\system32\DRIVERS\flpydisk.sys 40960 bytes (Microsoft Corporation, Floppy Driver)
    0x957B9000 C:\Windows\system32\DRIVERS\MpNWMon.sys 40960 bytes (Microsoft Corporation, Network monitor driver)
    0x8C7D6000 C:\Windows\system32\drivers\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
    0x8C7CC000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
    0x93744000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
    0x9F4C1000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
    0x93648000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
    0x8C3C1000 C:\Windows\system32\drivers\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
    0x8C395000 C:\Windows\system32\drivers\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
    0x9F65A000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
    0x955EC000 C:\Windows\system32\DRIVERS\Dot4Prt.sys 36864 bytes (Microsoft Corporation, IEEE-1284.4 Print Class Driver)
    0x9556F000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes
    0x8C5D9000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
    0x96BB0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
    0x8C98A000 C:\Windows\system32\drivers\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
    0x8C27C000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0x8C0C0000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
    0x8CA17000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
    0x80BA5000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
    0x8C285000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
    0x8CB47000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
    0x8CB4F000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
    0x8CB57000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
    0x8C9D2000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
    0x8CB06000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
    0x95613000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
    0x8C32E000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
    0x8CAFF000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
    0x957B2000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
    0x8CBF5000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
    0x947F8000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
    0x9F5AA000 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AB72E3F9-3A61-4D72-BB74-FADE1A027574}\MpKslb9a7e23c.sys 24576 bytes (Microsoft Corporation, KSLDriver)
    0x947FE000 C:\Windows\system32\drivers\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0x955A0000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
    ==============================================
    >Stealth
    ==============================================


    Nothing detected :(
     
  15. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Very good :)

    Give me fresh aswMBR and Combofix logs.
     
  16. Kergath

    Kergath TS Rookie Topic Starter

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-09-22 21:22:34
    -----------------------------
    21:22:34.431 OS Version: Windows 6.1.7601 Service Pack 1
    21:22:34.431 Number of processors: 2 586 0xF0D
    21:22:34.432 ComputerName: DEREK-PC UserName: Derek
    21:22:35.870 Initialize success
    21:22:40.959 AVAST engine defs: 11092101
    21:22:43.243 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
    21:22:43.245 Disk 0 Vendor: WDC_WD10EADS-114BB1 80.00A80 Size: 953869MB BusType: 3
    21:22:45.262 Disk 0 MBR read successfully
    21:22:45.265 Disk 0 MBR scan
    21:22:45.270 Disk 0 Windows 7 default MBR code
    21:22:45.274 Disk 0 scanning sectors +1953521664
    21:22:45.383 Disk 0 scanning C:\Windows\system32\drivers
    21:22:58.900 Service scanning
    21:22:59.398 Service MpKslb9a7e23c c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AB72E3F9-3A61-4D72-BB74-FADE1A027574}\MpKslb9a7e23c.sys **LOCKED** 32
    21:22:59.406 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
    21:23:00.057 Modules scanning
    21:23:08.346 Disk 0 trace - called modules:
    21:23:08.361 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
    21:23:08.694 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x862109a8]
    21:23:08.700 3 CLASSPNP.SYS[8ca6659e] -> nt!IofCallDriver -> [0x85d60760]
    21:23:08.706 5 ACPI.sys[8c23d3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0x85db8908]
    21:23:10.634 AVAST engine scan C:\Windows
    21:23:17.034 AVAST engine scan C:\Windows\system32
    21:27:42.348 AVAST engine scan C:\Windows\system32\drivers
    21:28:11.006 AVAST engine scan C:\Users\Derek
    21:51:01.673 Disk 0 MBR has been saved successfully to "C:\Users\Derek\Desktop\MBR.dat"
    21:51:01.759 The log file has been saved successfully to "C:\Users\Derek\Desktop\aswMBR.txt"


    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-09-22 21:54:59
    -----------------------------
    21:54:59.848 OS Version: Windows 6.1.7601 Service Pack 1
    21:54:59.848 Number of processors: 2 586 0xF0D
    21:54:59.848 ComputerName: DEREK-PC UserName: Derek
    21:55:22.020 Initialize success
    21:55:26.496 AVAST engine defs: 11092101
    21:55:29.315 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
    21:55:29.318 Disk 0 Vendor: WDC_WD10EADS-114BB1 80.00A80 Size: 953869MB BusType: 3
    21:55:31.336 Disk 0 MBR read successfully
    21:55:31.339 Disk 0 MBR scan
    21:55:31.343 Disk 0 Windows 7 default MBR code
    21:55:31.347 Disk 0 scanning sectors +1953521664
    21:55:31.452 Disk 0 scanning C:\Windows\system32\drivers
    21:55:47.184 Service scanning
    21:55:52.320 Service MpKsl72951d0f c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AB72E3F9-3A61-4D72-BB74-FADE1A027574}\MpKsl72951d0f.sys **LOCKED** 32
    21:55:52.328 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
    21:55:52.982 Modules scanning
    21:55:58.469 Disk 0 trace - called modules:
    21:55:58.491 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
    21:55:58.497 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8620a810]
    21:55:58.504 3 CLASSPNP.SYS[8ca6759e] -> nt!IofCallDriver -> [0x85470918]
    21:55:58.509 5 ACPI.sys[8c22c3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0x85db8030]
    21:55:59.863 AVAST engine scan C:\Windows
    21:56:04.085 AVAST engine scan C:\Windows\system32
    21:58:53.816 AVAST engine scan C:\Windows\system32\drivers
    21:59:10.782 AVAST engine scan C:\Users\Derek
    22:24:10.797 AVAST engine scan C:\ProgramData
    22:28:37.357 Scan finished successfully
    22:51:03.763 Disk 0 MBR has been saved successfully to "C:\Users\Derek\Desktop\MBR.dat"
    22:51:03.821 The log file has been saved successfully to "C:\Users\Derek\Desktop\aswMBR.txt"


    ComboFix 11-09-23.03 - Derek 09/23/2011 12:07:54.3.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3327.1902 [GMT -7:00]
    Running from: c:\users\Derek\Downloads\ComboFix.exe
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-23 to 2011-09-23 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-23 19:14 . 2011-09-23 19:14 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-09-21 21:27 . 2011-09-21 21:27 -------- dc----w- c:\programdata\{9937DA50-1322-492A-A1C8-1911CDD1BD57}
    2011-09-21 21:23 . 2011-09-21 21:23 -------- d-----w- c:\users\Derek\AppData\Roaming\Malwarebytes
    2011-09-21 21:22 . 2011-09-21 21:22 -------- d-----w- c:\programdata\Malwarebytes
    2011-09-21 21:22 . 2011-09-21 21:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-09-17 07:25 . 2011-09-21 20:40 -------- d-----w- c:\users\Derek\AppData\Roaming\Ventrilo
    2011-09-15 01:17 . 2011-09-21 20:40 -------- d-----w- c:\program files\Ventrilo
    2011-09-13 09:34 . 2011-09-13 09:34 -------- d-----w- c:\windows\Sun
    2011-08-26 22:47 . 2011-08-26 22:47 -------- d-----w- c:\program files\Common Files\scanner
    2011-08-26 22:47 . 2011-08-26 22:47 -------- d-----w- c:\program files\comcasttb
    2011-08-26 22:47 . 2011-08-26 22:47 -------- d-----w- c:\program files\CA
    2011-08-26 22:47 . 2011-08-26 22:47 -------- d-----w- c:\windows\Downloaded Installations
    2011-08-26 22:45 . 2011-09-22 00:59 -------- d-----w- c:\program files\xfin_portal
    2011-08-26 22:42 . 2011-09-13 05:29 -------- d-----w- c:\users\Derek\AppData\Local\SupportSoft
    2011-08-26 22:40 . 2011-08-26 22:40 -------- d-----w- c:\program files\Common Files\SupportSoft
    2011-08-26 22:40 . 2011-08-26 22:40 -------- d-----w- c:\program files\ComcastUI
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-17 14:59 . 2011-05-19 21:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-07-22 04:54 . 2011-08-10 04:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-07-19 12:05 . 2011-06-17 01:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-07-16 04:27 . 2011-08-10 04:15 290816 ----a-w- c:\windows\system32\KernelBase.dll
    2011-07-16 04:15 . 2011-08-10 04:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 04:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2011-07-16 02:17 . 2011-08-10 04:15 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 02:17 . 2011-08-10 04:15 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 02:17 . 2011-08-10 04:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 02:17 . 2011-08-10 04:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2011-07-09 04:29 . 2011-08-24 13:21 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-07-09 02:30 . 2011-08-10 04:15 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-06-29 13:54 . 2011-03-31 03:51 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-09-08 03:21 . 2011-03-27 23:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files\Steam\steam.exe" [2011-08-03 1242448]
    "Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
    "ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-09-12 17351304]
    "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-09-22 3077528]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-22 1778064]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
    "NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-04-08 1406248]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
    "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-09-01 1047208]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    .
    c:\users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-4-9 576000]
    Registration Heroes of Might & Magic 5.LNK - c:\program files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe [2011-3-30 868352]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
    LOLRecorder.lnk - c:\program files\LOLReplay\LOLRecorder.exe [2011-9-21 405504]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux3"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R1 MpKsl002e5e40;MpKsl002e5e40;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BEC80BE6-62AD-491F-A5BA-BF13D5804781}\MpKsl002e5e40.sys [x]
    R1 MpKsl03249d40;MpKsl03249d40;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C2C5A6CC-1FED-4574-B4EF-99BD553B8D36}\MpKsl03249d40.sys [x]
    R1 MpKsl040600f4;MpKsl040600f4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B133DB4A-8696-444B-B341-9174AF32A3AF}\MpKsl040600f4.sys [x]
    R1 MpKsl055c88b5;MpKsl055c88b5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2E9F1E25-37AC-402D-BD27-7B202604CA4F}\MpKsl055c88b5.sys [x]
    R1 MpKsl093a1754;MpKsl093a1754;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1A386B1-78A5-4F18-B46F-3DA3ED2F3629}\MpKsl093a1754.sys [x]
    R1 MpKsl0e0bea13;MpKsl0e0bea13;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A107679D-E6D1-4B1D-A179-A9CAF5509ED3}\MpKsl0e0bea13.sys [x]
    R1 MpKsl1b1b7ebf;MpKsl1b1b7ebf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{53896F6C-109C-40C6-8D7E-23FADB9FE428}\MpKsl1b1b7ebf.sys [x]
    R1 MpKsl39161332;MpKsl39161332;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7272F1A1-E3D9-4151-A365-02E7E2D14D60}\MpKsl39161332.sys [x]
    R1 MpKsl47300ffd;MpKsl47300ffd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1D5DEA57-B4F9-4F72-AA3E-BB057CEAD9D3}\MpKsl47300ffd.sys [x]
    R1 MpKsl4c25b95f;MpKsl4c25b95f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33FDADE8-0EEF-46E5-890B-F23CC9CD2679}\MpKsl4c25b95f.sys [x]
    R1 MpKsl4ef88ffd;MpKsl4ef88ffd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD9B4117-D71F-4C42-A403-2C88F39897EE}\MpKsl4ef88ffd.sys [x]
    R1 MpKsl58ff3399;MpKsl58ff3399;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BEC80BE6-62AD-491F-A5BA-BF13D5804781}\MpKsl58ff3399.sys [x]
    R1 MpKsl68c83548;MpKsl68c83548;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E6812986-CE24-44AC-9C83-A0793251F027}\MpKsl68c83548.sys [x]
    R1 MpKsl72951d0f;MpKsl72951d0f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB72E3F9-3A61-4D72-BB74-FADE1A027574}\MpKsl72951d0f.sys [x]
    R1 MpKsl8bc51ca4;MpKsl8bc51ca4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA7CFBF1-EEC2-4900-BCAD-90A1F4A8408C}\MpKsl8bc51ca4.sys [x]
    R1 MpKsl95e737cd;MpKsl95e737cd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8AC43A24-B16D-4897-91D0-BFE0F2D9BFC4}\MpKsl95e737cd.sys [x]
    R1 MpKsl9b438dda;MpKsl9b438dda;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66377808-71FB-488D-B788-077C1EA52D70}\MpKsl9b438dda.sys [x]
    R1 MpKsl9d6d5027;MpKsl9d6d5027;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{529B0A21-E307-4C56-B06D-A9002765309A}\MpKsl9d6d5027.sys [x]
    R1 MpKsla4511d04;MpKsla4511d04;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5C1DAC28-D9F0-433A-9E88-CEA686D3C7D7}\MpKsla4511d04.sys [x]
    R1 MpKsla646d26e;MpKsla646d26e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{20FF1153-2611-45AB-BDED-9981E58A0C59}\MpKsla646d26e.sys [x]
    R1 MpKslaecd84cb;MpKslaecd84cb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7272F1A1-E3D9-4151-A365-02E7E2D14D60}\MpKslaecd84cb.sys [x]
    R1 MpKslc36014d0;MpKslc36014d0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E6812986-CE24-44AC-9C83-A0793251F027}\MpKslc36014d0.sys [x]
    R1 MpKslca656fd9;MpKslca656fd9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{46B8DBC8-5CDF-46FD-9E2D-B9F338155853}\MpKslca656fd9.sys [x]
    R1 MpKsle4e1232a;MpKsle4e1232a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{46B8DBC8-5CDF-46FD-9E2D-B9F338155853}\MpKsle4e1232a.sys [x]
    R1 MpKslf4c8274d;MpKslf4c8274d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2C145FE5-7943-4D07-A025-EA6F9A09D14D}\MpKslf4c8274d.sys [x]
    R1 MpKslfa593dc8;MpKslfa593dc8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B9CF9C14-9375-4361-8B23-7E89251DAB51}\MpKslfa593dc8.sys [x]
    R1 MpKslfe828125;MpKslfe828125;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{03D616AA-0FAB-4259-A769-BFD51CAF40C0}\MpKslfe828125.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-06 1343400]
    S1 MpKsl5c355ebc;MpKsl5c355ebc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB72E3F9-3A61-4D72-BB74-FADE1A027574}\MpKsl5c355ebc.sys [2011-09-23 28752]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-27 176128]
    S2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
    S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-03-29 598312]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-27 7566848]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-27 238592]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MPKSL5C355EBC
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    Akamai REG_MULTI_SZ Akamai
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = http=127.0.0.1:57596
    IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 68.87.85.102 68.87.69.150
    FF - ProfilePath - c:\users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\xkctxi5h.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.leagueoflegends.com/
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3881011562-596480335-2157353384-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-3881011562-596480335-2157353384-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_USERS\S-1-5-21-3881011562-596480335-2157353384-1000\Software\SecuROM\License information*]
    "datasecu"=hex:7a,17,17,14,6c,f7,1b,1a,ac,65,d3,c8,4c,a8,4c,f3,e3,01,17,94,c1,
    bf,97,ab,a4,94,e4,7d,03,1e,1a,1a,e8,fe,8c,2a,16,d6,3c,c9,06,33,d5,ad,b4,44,\
    "rkeysecu"=hex:f2,ff,11,5e,5a,6c,15,a8,b9,da,6a,0d,9f,27,c5,7c
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(664)
    c:\program files\CA\PPRT\bin\CACheck.dll
    c:\program files\CA\PPRT\bin\CAHook.dll
    c:\program files\CA\PPRT\bin\CAServer.dll
    .
    Completion time: 2011-09-23 12:16:29
    ComboFix-quarantined-files.txt 2011-09-23 19:16
    ComboFix2.txt 2011-09-22 04:09
    ComboFix3.txt 2011-09-21 23:05
    .
    Pre-Run: 799,777,701,888 bytes free
    Post-Run: 799,587,475,456 bytes free
    .
    - - End Of File - - 491E7D349D447277385EDD3CE5F89F93
     
  17. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    All looks good.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  18. Kergath

    Kergath TS Rookie Topic Starter

    The google hijacks have stopped and all of my programs start. It seems to be running a little slower than before but that could be any number of reasons lol.

    Heres the logs:

    OTL logfile created on: 9/23/2011 4:55:25 PM - Run 1
    OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Derek\Downloads
    Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.25 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 71.63% Memory free
    6.49 Gb Paging File | 5.15 Gb Available in Paging File | 79.33% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 931.41 Gb Total Space | 744.73 Gb Free Space | 79.96% Space Free | Partition Type: NTFS
    Drive D: | 4.24 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive E: | 5.47 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: DEREK-PC | User Name: Derek | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/09/23 16:51:42 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Derek\Downloads\OTL.exe
    PRC - [2011/09/22 08:10:09 | 000,419,624 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
    PRC - [2011/09/21 12:29:50 | 000,405,504 | ---- | M] () -- C:\Program Files\LOLReplay\LOLRecorder.exe
    PRC - [2011/08/03 09:01:17 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
    PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    PRC - [2011/03/29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
    PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2011/01/26 22:55:56 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
    PRC - [2011/01/26 22:55:26 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
    PRC - [2010/11/20 05:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009/08/19 10:25:52 | 001,589,208 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
    PRC - [2009/06/17 10:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
    PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/09/22 08:10:07 | 014,410,024 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll
    MOD - [2011/09/22 08:10:04 | 000,914,216 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-52.dll
    MOD - [2011/09/22 08:10:04 | 000,190,248 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll
    MOD - [2011/09/22 08:10:04 | 000,155,432 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-52.dll
    MOD - [2011/09/22 08:10:04 | 000,091,432 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-50.dll
    MOD - [2011/09/21 18:45:56 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e9a08576157b4aeb91a3aaa452fcb00\System.Management.ni.dll
    MOD - [2011/09/21 18:44:29 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll
    MOD - [2011/09/21 18:44:14 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\b7d1c271ec6b4df64c95563fc81ffc2f\System.Data.ni.dll
    MOD - [2011/09/21 18:44:10 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
    MOD - [2011/09/21 18:43:45 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
    MOD - [2011/09/21 18:43:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
    MOD - [2011/09/21 18:43:39 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
    MOD - [2011/09/21 18:43:31 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
    MOD - [2011/09/21 12:29:50 | 000,405,504 | ---- | M] () -- C:\Program Files\LOLReplay\LOLRecorder.exe
    MOD - [2011/08/30 22:18:24 | 000,369,152 | ---- | M] () -- C:\Program Files\LOLReplay\lrf.dll
    MOD - [2010/11/17 13:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2010/11/04 18:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2009/08/19 10:25:52 | 001,589,208 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
    MOD - [2007/04/16 15:47:34 | 000,128,512 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/09/22 08:10:09 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2011/09/21 16:14:31 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_b31de1e.dll -- (Akamai)
    SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
    SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV - [2011/03/29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
    SRV - [2011/03/06 03:00:46 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2011/01/26 22:55:26 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
    SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/06/17 10:49:44 | 000,616,408 | ---- | M] () [Auto | Running] -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
    SRV - [2007/09/26 13:55:04 | 000,283,912 | ---- | M] (CA, Inc.) [Auto | Stopped] -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/09/23 13:08:09 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CC6F7E7B-0035-4213-B42E-33408EE45E0F}\MpKslabc765cf.sys -- (MpKslabc765cf)
    DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
    DRV - [2011/01/26 23:36:16 | 007,566,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2011/01/26 23:36:16 | 007,566,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
    DRV - [2011/01/26 22:13:12 | 000,238,592 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
    DRV - [2010/11/20 05:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
    DRV - [2010/11/20 05:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2010/11/20 05:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
    DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 03:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV - [2010/11/20 02:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2010/11/20 02:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
    DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3881011562-596480335-2157353384-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-3881011562-596480335-2157353384-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D9 44 ED FD E1 F2 CB 01 [binary data]
    IE - HKU\S-1-5-21-3881011562-596480335-2157353384-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3881011562-596480335-2157353384-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    IE - HKU\S-1-5-21-3881011562-596480335-2157353384-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:57596

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.leagueoflegends.com/"


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files\Common Files\doubleTwist\NPPodcast.dll File not found
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/29 19:03:54 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/07 20:21:36 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/12 22:29:10 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/29 19:03:54 | 000,000,000 | ---D | M]

    [2011/03/27 18:35:28 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Derek\AppData\Roaming\Mozilla\Extensions
    [2011/09/23 14:32:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\xkctxi5h.default\extensions
    [2011/09/21 13:40:28 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\xkctxi5h.default\extensions\anttoolbar@ant.com
    [2011/09/23 14:32:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\xkctxi5h.default\extensions\staged
    [2011/03/21 15:12:42 | 000,000,863 | -H-- | M] () -- C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\xkctxi5h.default\searchplugins\conduit.xml
    [2011/06/24 13:40:41 | 000,009,981 | -H-- | M] () -- C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\xkctxi5h.default\searchplugins\CouponAlert_2p.xml
    [2011/09/21 13:38:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/09/21 13:40:25 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2011/06/16 18:02:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/09/13 02:32:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2011/09/13 02:36:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
    () (No name found) -- C:\USERS\DEREK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XKCTXI5H.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
    () (No name found) -- C:\USERS\DEREK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XKCTXI5H.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
    [2011/09/07 20:21:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/06/22 17:29:29 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
    [2011/03/18 11:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
    [2011/07/19 05:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011/03/18 11:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
    [2011/04/06 21:17:23 | 000,002,191 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    [2011/08/11 20:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2011/09/21 18:10:10 | 000,436,898 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 15053 more lines...
    O2 - BHO: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files\xfin_portal\comcastdx.dll File not found
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files\xfin_portal\auxi\comcastAu.dll (Visicom Media)
    O3 - HKLM\..\Toolbar: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files\xfin_portal\comcastdx.dll File not found
    O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
    O4 - HKU\S-1-5-21-3881011562-596480335-2157353384-1000..\Run: [ComcastAntispyClient] C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ()
    O4 - HKU\S-1-5-21-3881011562-596480335-2157353384-1000..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
    O4 - HKU\S-1-5-21-3881011562-596480335-2157353384-1000..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
    O4 - HKU\S-1-5-21-3881011562-596480335-2157353384-1000..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
    O4 - Startup: C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
    O4 - Startup: C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-3881011562-596480335-2157353384-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3881011562-596480335-2157353384-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-3881011562-596480335-2157353384-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9F0FE0F-5863-4129-8C64-B45E1ABD637E}: DhcpNameServer = 68.87.85.102 68.87.69.150
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2011/01/17 11:59:50 | 003,610,200 | ---- | M] () - C:\autosave.fos -- [ NTFS ]
    O32 - AutoRun File - [2007/01/23 16:48:51 | 000,000,041 | R--- | M] () - D:\autorun.inf -- [ UDF ]
    O32 - AutoRun File - [2011/03/17 07:20:06 | 000,000,044 | R--- | M] () - E:\autorun.inf -- [ UDF ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O35 - HKU\S-1-5-21-3881011562-596480335-2157353384-1000..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
    Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/09/23 12:16:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/09/23 12:15:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/09/22 20:27:15 | 000,000,000 | ---D | C] -- C:\Riot Games
    [2011/09/22 19:54:25 | 001,403,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Derek\Desktop\tdsskiller.exe
    [2011/09/22 11:55:15 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2011/09/21 21:35:29 | 000,000,000 | ---D | C] -- C:\Users\Derek\Desktop\LeagueOfLegends
    [2011/09/21 20:04:16 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Derek\Desktop\aswMBR.exe
    [2011/09/21 17:17:16 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Derek\Desktop\dds.scr
    [2011/09/21 17:00:37 | 000,000,000 | ---D | C] -- C:\gmer
    [2011/09/21 16:33:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2011/09/21 16:12:30 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\SUPERAntiSpyware.com
    [2011/09/21 16:05:56 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\temp
    [2011/09/21 15:07:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/09/21 15:07:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/09/21 15:07:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/09/21 14:55:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/09/21 14:47:51 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/09/21 14:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\{9937DA50-1322-492A-A1C8-1911CDD1BD57}
    [2011/09/21 14:23:09 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\Malwarebytes
    [2011/09/21 14:22:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/09/21 14:22:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/09/21 14:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/09/17 00:25:54 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\Ventrilo
    [2011/09/15 12:27:24 | 000,000,000 | ---D | C] -- C:\Users\Derek\Desktop\Skins
    [2011/09/15 12:23:50 | 000,000,000 | ---D | C] -- C:\Users\Derek\Desktop\League of Legends Backups
    [2011/09/15 12:19:15 | 000,000,000 | ---D | C] -- C:\Users\Derek\Desktop\Riven Skin
    [2011/09/15 12:18:00 | 000,000,000 | ---D | C] -- C:\Users\Derek\Desktop\1.4.2
    [2011/09/14 18:17:21 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
    [2011/09/13 02:34:08 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [2011/09/13 01:59:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2011/09/12 21:01:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
    [2011/09/06 18:06:41 | 000,000,000 | ---D | C] -- C:\Users\Derek\Documents\DeadIsland
    [2011/08/26 15:47:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\scanner
    [2011/08/26 15:47:17 | 000,000,000 | ---D | C] -- C:\Program Files\comcasttb
    [2011/08/26 15:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\CA
    [2011/08/26 15:47:05 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
    [2011/08/26 15:45:15 | 000,000,000 | ---D | C] -- C:\Program Files\xfin_portal
    [2011/08/26 15:42:02 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\SupportSoft
    [2011/08/26 15:40:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SupportSoft
    [2011/08/26 15:40:24 | 000,000,000 | ---D | C] -- C:\Program Files\ComcastUI
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/09/23 13:14:20 | 000,021,024 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/09/23 13:14:20 | 000,021,024 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/09/23 13:07:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/09/23 13:07:00 | 2616,647,680 | -HS- | M] () -- C:\hiberfil.sys
    [2011/09/22 22:51:03 | 000,000,512 | ---- | M] () -- C:\Users\Derek\Desktop\MBR.dat
    [2011/09/22 21:53:10 | 359,178,031 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/09/22 20:33:22 | 000,001,720 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
    [2011/09/22 19:58:49 | 000,001,919 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
    [2011/09/22 19:58:49 | 000,001,847 | ---- | M] () -- C:\Users\Derek\Desktop\LOL Recorder.lnk
    [2011/09/22 19:54:42 | 001,403,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Derek\Desktop\tdsskiller.exe
    [2011/09/21 22:22:37 | 000,139,264 | ---- | M] () -- C:\Users\Derek\Desktop\RKUnhookerLE.EXE
    [2011/09/21 21:51:34 | 001,336,048 | ---- | M] () -- C:\Users\Derek\Desktop\Female EZ.jpg
    [2011/09/21 21:18:17 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Derek\Desktop\aswMBR.exe
    [2011/09/21 18:20:31 | 000,626,040 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/09/21 18:20:31 | 000,107,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/09/21 18:10:10 | 000,436,898 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/09/21 17:17:18 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Derek\Desktop\dds.scr
    [2011/09/21 16:34:20 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2011/09/21 15:48:39 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110921-181010.backup
    [2011/09/21 14:25:47 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
    [2011/09/21 14:25:47 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
    [2011/09/21 14:22:58 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/09/21 13:49:58 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2011/09/20 22:51:59 | 000,004,585 | ---- | M] () -- C:\Users\Derek\Desktop\Untitled.png
    [2011/09/13 01:59:07 | 000,002,503 | ---- | M] () -- C:\Users\Derek\Desktop\Skype.lnk
    [2011/09/12 22:12:20 | 000,490,683 | ---- | M] () -- C:\Users\Derek\Desktop\lee sin.jpg
    [2011/09/12 20:36:47 | 000,000,440 | ---- | M] () -- C:\ProgramData\P1kAlMiG2Kb7Fz
    [2011/09/12 20:33:42 | 000,000,232 | ---- | M] () -- C:\ProgramData\~P1kAlMiG2Kb7Fz
    [2011/09/12 20:33:42 | 000,000,168 | ---- | M] () -- C:\ProgramData\~P1kAlMiG2Kb7Fzr
    [2011/09/06 18:06:27 | 000,000,215 | -H-- | M] () -- C:\Users\Derek\Desktop\Dead Island.url
    [2011/09/01 20:02:02 | 001,100,131 | -H-- | M] () -- C:\Users\Derek\Documents\BrilliantCoupon_V16_20100419.pdf
    [2011/08/26 15:42:03 | 000,000,197 | -H-- | M] () -- C:\Users\Derek\Desktop\Comcast Email.url
    [2011/08/26 15:42:03 | 000,000,191 | -H-- | M] () -- C:\Users\Derek\Desktop\Comcast Security.url
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/09/22 21:51:01 | 000,000,512 | ---- | C] () -- C:\Users\Derek\Desktop\MBR.dat
    [2011/09/22 20:33:22 | 000,001,720 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
    [2011/09/22 11:55:11 | 359,178,031 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2011/09/21 22:22:32 | 000,139,264 | ---- | C] () -- C:\Users\Derek\Desktop\RKUnhookerLE.EXE
    [2011/09/21 21:51:30 | 001,336,048 | ---- | C] () -- C:\Users\Derek\Desktop\Female EZ.jpg
    [2011/09/21 16:33:40 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2011/09/21 15:07:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/09/21 15:07:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/09/21 15:07:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/09/21 15:07:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/09/21 15:07:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/09/21 14:22:58 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/09/21 13:57:15 | 000,002,503 | ---- | C] () -- C:\Users\Derek\Desktop\Skype.lnk
    [2011/09/21 13:49:58 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2011/09/20 22:51:59 | 000,004,585 | ---- | C] () -- C:\Users\Derek\Desktop\Untitled.png
    [2011/09/12 22:12:10 | 000,490,683 | ---- | C] () -- C:\Users\Derek\Desktop\lee sin.jpg
    [2011/09/12 20:33:42 | 000,000,232 | ---- | C] () -- C:\ProgramData\~P1kAlMiG2Kb7Fz
    [2011/09/12 20:33:42 | 000,000,168 | ---- | C] () -- C:\ProgramData\~P1kAlMiG2Kb7Fzr
    [2011/09/12 20:33:39 | 000,000,440 | ---- | C] () -- C:\ProgramData\P1kAlMiG2Kb7Fz
    [2011/09/06 18:05:06 | 000,000,215 | -H-- | C] () -- C:\Users\Derek\Desktop\Dead Island.url
    [2011/09/01 20:02:02 | 001,100,131 | -H-- | C] () -- C:\Users\Derek\Documents\BrilliantCoupon_V16_20100419.pdf
    [2011/08/26 15:42:03 | 000,000,197 | -H-- | C] () -- C:\Users\Derek\Desktop\Comcast Email.url
    [2011/08/26 15:42:03 | 000,000,191 | -H-- | C] () -- C:\Users\Derek\Desktop\Comcast Security.url
    [2011/08/13 14:25:16 | 000,012,596 | -HS- | C] () -- C:\Users\Derek\AppData\Local\0048k445d7v5ikh72424tvc3b4
    [2011/08/13 14:25:16 | 000,002,220 | -HS- | C] () -- C:\ProgramData\0048k445d7v5ikh72424tvc3b4
    [2011/06/29 16:19:18 | 000,040,960 | R--- | C] () -- C:\Windows\System32\psfind.dll
    [2011/04/25 21:07:45 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2011/04/20 20:55:46 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
    [2011/04/20 20:55:46 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
    [2011/04/09 02:37:36 | 000,000,292 | ---- | C] () -- C:\Windows\vtmb.ini
    [2011/04/01 18:35:05 | 000,867,610 | ---- | C] () -- C:\Users\Derek\AppData\Roaming\unins000.exe
    [2011/04/01 18:35:05 | 000,000,000 | -H-- | C] () -- C:\Users\Derek\AppData\Roaming\unins000.dat
    [2011/03/30 22:45:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2011/03/30 21:25:17 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
    [2011/03/29 18:57:11 | 000,165,725 | ---- | C] () -- C:\Windows\hpoins44.dat
    [2011/03/06 15:11:17 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
    [2011/03/06 15:09:57 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2011/03/05 19:35:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2011/01/26 22:12:00 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
    [2010/12/21 02:27:22 | 000,003,113 | ---- | C] () -- C:\Windows\System32\atipblag.dat
    [2010/12/17 16:00:46 | 000,227,587 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2009/12/03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
    [2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
    [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
    [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
    [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
    [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
    [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
    [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
    [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
    [2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
    [2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
    [2009/07/13 21:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 21:33:53 | 000,409,472 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2009/07/13 19:05:48 | 000,626,040 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2009/07/13 19:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2009/07/13 19:05:48 | 000,107,316 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2009/07/13 19:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2009/07/13 19:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2009/07/13 19:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2009/07/13 16:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2009/06/11 02:30:02 | 000,000,586 | ---- | C] () -- C:\Windows\hpomdl44.dat
    [2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

    ========== LOP Check ==========

    [2011/04/12 21:11:01 | 000,000,000 | -H-D | M] -- C:\Users\Derek\AppData\Roaming\AnvSoft
    [2011/09/12 22:29:28 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\Catalina Marketing Corp
    [2011/04/12 21:02:11 | 000,000,000 | -H-D | M] -- C:\Users\Derek\AppData\Roaming\Clone2Go Video Converter Free Version
    [2011/09/12 22:29:28 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\GetRightToGo
    [2011/09/12 21:00:49 | 000,000,000 | -H-D | M] -- C:\Users\Derek\AppData\Roaming\go
    [2011/05/08 14:51:23 | 000,000,000 | -H-D | M] -- C:\Users\Derek\AppData\Roaming\LolClient
    [2011/04/12 21:17:15 | 000,000,000 | -H-D | M] -- C:\Users\Derek\AppData\Roaming\Sony
    [2011/09/12 22:23:36 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\thriXXX
    [2011/07/05 07:09:24 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/09/21 13:41:53 | 000,058,608 | ---- | M] () -- C:\aaw7boot.log
    [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2011/01/17 11:59:50 | 003,610,200 | ---- | M] () -- C:\autosave.fos
    [2011/09/23 12:16:30 | 000,018,101 | ---- | M] () -- C:\ComboFix.txt
    [2009/06/10 14:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2011/09/23 13:07:00 | 2616,647,680 | -HS- | M] () -- C:\hiberfil.sys
    [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2011/09/23 13:07:02 | 3488,866,304 | -HS- | M] () -- C:\pagefile.sys
    [2011/09/22 19:55:47 | 000,067,914 | ---- | M] () -- C:\TDSSKiller.2.5.23.0_22.09.2011_19.55.01_log.txt
    [2011/09/22 20:21:27 | 000,066,806 | ---- | M] () -- C:\TDSSKiller.2.5.23.0_22.09.2011_20.14.57_log.txt
    [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

    < %systemroot%\Fonts\*.com >
    [2009/07/13 21:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 21:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 21:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 21:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
     
  19. Kergath

    Kergath TS Rookie Topic Starter

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 14:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2009/04/16 14:08:20 | 000,312,832 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpfpp70v.dll
    [2009/07/13 18:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2010/11/20 05:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2011/08/13 14:26:06 | 000,000,127 | ---- | M] () -- C:\Users\Derek\AppData\Roaming\Microsoft\gb_19813686.bat
    [2011/08/14 15:53:52 | 000,000,137 | ---- | M] () -- C:\Users\Derek\AppData\Roaming\Microsoft\gb_29735662.bat

    < %PROGRAMFILES%\*.* >
    [2009/07/13 21:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/03/05 19:51:29 | 000,000,221 | -HS- | M] () -- C:\Users\Derek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/09/21 21:18:17 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Derek\Desktop\aswMBR.exe
    [2011/09/21 22:22:37 | 000,139,264 | ---- | M] () -- C:\Users\Derek\Desktop\RKUnhookerLE.EXE
    [2011/09/22 19:54:42 | 001,403,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Derek\Desktop\tdsskiller.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 14:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2005/09/11 16:55:14 | 000,000,043 | ---- | M] () -- C:\Users\Derek\Favorites\autorun.inf
    [2005/09/11 16:55:14 | 000,001,042 | ---- | M] () -- C:\Users\Derek\Favorites\autorun.ini
    [2005/09/11 16:55:14 | 000,022,246 | ---- | M] () -- C:\Users\Derek\Favorites\css.ico
    [2005/09/11 23:43:32 | 481,285,404 | -H-- | M] () -- C:\Users\Derek\Favorites\css4.cab
    [2011/03/06 20:21:28 | 000,000,402 | -HS- | M] () -- C:\Users\Derek\Favorites\desktop.ini
    [2005/09/11 16:55:21 | 000,010,929 | -H-- | M] () -- C:\Users\Derek\Favorites\game_install_agreement.rtf
    [2005/09/11 16:55:21 | 000,010,824 | -H-- | M] () -- C:\Users\Derek\Favorites\steam_install_agreement.rtf
    [2005/09/11 16:55:21 | 000,000,101 | ---- | M] () -- C:\Users\Derek\Favorites\valve.inf

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/08/13 14:30:32 | 000,002,220 | -HS- | M] () -- C:\ProgramData\0048k445d7v5ikh72424tvc3b4
    [2011/09/12 21:00:17 | 000,002,274 | ---- | M] () -- C:\ProgramData\hpzinstall.log
    [2011/09/12 20:36:47 | 000,000,440 | ---- | M] () -- C:\ProgramData\P1kAlMiG2Kb7Fz
    [2011/09/12 20:33:42 | 000,000,232 | ---- | M] () -- C:\ProgramData\~P1kAlMiG2Kb7Fz
    [2011/09/12 20:33:42 | 000,000,168 | ---- | M] () -- C:\ProgramData\~P1kAlMiG2Kb7Fzr

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >


    OTL Extras logfile created on: 9/23/2011 4:55:25 PM - Run 1
    OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Derek\Downloads
    Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.25 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 71.63% Memory free
    6.49 Gb Paging File | 5.15 Gb Available in Paging File | 79.33% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 931.41 Gb Total Space | 744.73 Gb Free Space | 79.96% Space Free | Partition Type: NTFS
    Drive D: | 4.24 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive E: | 5.47 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: DEREK-PC | User Name: Derek | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-3881011562-596480335-2157353384-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM)
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
    "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
    "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
    "{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
    "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
    "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
    "{0F895695-33CC-4203-9C47-25EF2AC9441C}" = Media Go
    "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}" = Nero Kwik Media
    "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 27
    "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
    "{28101984-0BA6-40FD-9ABE-72F62F80C06C}" = Heroes of Might and Magic V
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
    "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
    "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
    "{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
    "{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4D565319-8B91-41CB-961C-0DDC86101AC5}" = Dragon Age II
    "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
    "{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
    "{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
    "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback
    "{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
    "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
    "{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{6C90C4C4-559D-4FE8-A4BF-37550E74D1FC}" = Bloodline Champions
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
    "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{75D84EF7-0D8C-4E70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
    "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
    "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
    "{7D62ABA3-35EC-623E-2C5F-1B3332CB705B}" = Media Go Video Playback Engine 1.64.105.02280
    "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
    "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
    "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
    "{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
    "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
    "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
    "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
    "{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
    "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
    "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
    "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
    "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
    "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
    "{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
    "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CD232781-26CA-4E18-BC70-4343A2F0D583}" = Microsoft IntelliPoint 8.0
    "{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
    "{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
    "{D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}" = EA Shared Game Component: Activation
    "{D4CFC5F3-481C-40AA-9944-E7E4E732136C}" = Microsoft IntelliType Pro 8.0
    "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
    "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
    "{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
    "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
    "{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
    "{F05A5232-CE5E-4274-AB27-44EB8105898D}" = CA Pest Patrol Realtime Protection
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
    "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
    "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
    "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
    "{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
    "{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "7-Zip" = 7-Zip 9.20
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Akamai" = Akamai NetSession Interface
    "Any Video Converter_is1" = Any Video Converter 3.2.1
    "Clone2Go Video Converter Free Version_is1" = Clone2Go Video Converter Free Version 1.3.8
    "com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Shared Game Component: Activation
    "EA Installer.1522122559" = EA Installer
    "ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Print Projects" = HP Print Projects 1.0
    "HP Smart Web Printing" = HP Smart Web Printing 4.5
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
    "LandOfTheDead" = Groove Games\Land Of The Dead
    "LOLReplay" = LOLReplay
    "LOTD Update Pack #2 (3/6/06)" = LOTD Update Pack #2 (3/6/06)
    "Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
    "MagicDisc 2.7.106" = MagicDisc 2.7.106
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "Origin" = Origin
    "Shop for HP Supplies" = Shop for HP Supplies
    "StarCraft II" = StarCraft II
    "Steam App 1250" = Killing Floor
    "Steam App 22350" = Brink
    "Steam App 22380" = Fallout: New Vegas
    "Steam App 500" = Left 4 Dead
    "Steam App 91310" = Dead Island
    "WinRAR archiver" = WinRAR archiver

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3881011562-596480335-2157353384-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Game Organizer" = EasyBits GO

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 9/22/2011 11:13:17 AM | Computer Name = Derek-PC | Source = BackItUp5 | ID = 5225
    Description =

    Error - 9/22/2011 12:12:47 PM | Computer Name = Derek-PC | Source = SideBySide | ID = 16842824
    Description = Activation context generation failed for "c:\program files\microsoft
    security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
    security client\MSESysprep.dll" on line 10. The element imaging appears as a child
    of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
    this version of Windows.

    Error - 9/22/2011 5:29:35 PM | Computer Name = Derek-PC | Source = BackItUp5 | ID = 5225
    Description =

    Error - 9/22/2011 10:58:00 PM | Computer Name = Derek-PC | Source = BackItUp5 | ID = 5225
    Description =

    Error - 9/22/2011 11:13:21 PM | Computer Name = Derek-PC | Source = BackItUp5 | ID = 5225
    Description =

    Error - 9/23/2011 12:54:01 AM | Computer Name = Derek-PC | Source = BackItUp5 | ID = 5225
    Description =

    Error - 9/23/2011 10:16:31 AM | Computer Name = Derek-PC | Source = BackItUp5 | ID = 5225
    Description =

    Error - 9/23/2011 12:34:28 PM | Computer Name = Derek-PC | Source = BackItUp5 | ID = 5225
    Description =

    Error - 9/23/2011 2:05:18 PM | Computer Name = Derek-PC | Source = SideBySide | ID = 16842824
    Description = Activation context generation failed for "c:\program files\microsoft
    security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
    security client\MSESysprep.dll" on line 10. The element imaging appears as a child
    of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
    this version of Windows.

    Error - 9/23/2011 4:07:36 PM | Computer Name = Derek-PC | Source = BackItUp5 | ID = 5225
    Description =

    [ System Events ]
    Error - 9/22/2011 11:11:06 AM | Computer Name = Derek-PC | Source = Service Control Manager | ID = 7000
    Description = The Steam Client Service service failed to start due to the following
    error: %%1053

    Error - 9/22/2011 11:11:47 AM | Computer Name = Derek-PC | Source = DCOM | ID = 10010
    Description =

    Error - 9/22/2011 2:55:16 PM | Computer Name = Derek-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 11:54:01 AM on ?9/?22/?2011 was unexpected.

    Error - 9/22/2011 2:55:21 PM | Computer Name = Derek-PC | Source = BugCheck | ID = 1001
    Description =

    Error - 9/23/2011 12:53:15 AM | Computer Name = Derek-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 9:52:22 PM on ?9/?22/?2011 was unexpected.

    Error - 9/23/2011 12:53:18 AM | Computer Name = DEREK-PC | Source = BugCheck | ID = 1001
    Description =

    Error - 9/23/2011 12:53:45 AM | Computer Name = Derek-PC | Source = Microsoft Antimalware | ID = 3002
    Description = %%860 Real-Time Protection feature has encountered an error and failed.

    Feature:
    %%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

    Error - 9/23/2011 3:07:48 PM | Computer Name = Derek-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 9/23/2011 3:11:27 PM | Computer Name = Derek-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 9/23/2011 3:14:28 PM | Computer Name = Derek-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.


    < End of report >
     
  20. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Good news :)

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\S-1-5-21-3881011562-596480335-2157353384-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:57596
      O2 - BHO: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files\xfin_portal\comcastdx.dll File not found
      O3 - HKLM\..\Toolbar: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files\xfin_portal\comcastdx.dll File not found
      O4 - Startup: C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe ()
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
      [2011/08/13 14:25:16 | 000,012,596 | -HS- | C] () -- C:\Users\Derek\AppData\Local\0048k445d7v5ikh72424tvc3b4
      [2011/08/13 14:25:16 | 000,002,220 | -HS- | C] () -- C:\ProgramData\0048k445d7v5ikh72424tvc3b4
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ====================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  21. Kergath

    Kergath TS Rookie Topic Starter

    All processes killed
    ========== OTL ==========
    HKU\S-1-5-21-3881011562-596480335-2157353384-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4b9bcce8-a70b-402a-a7e1-db96831ee26f}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b9bcce8-a70b-402a-a7e1-db96831ee26f}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4b9bcce8-a70b-402a-a7e1-db96831ee26f} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b9bcce8-a70b-402a-a7e1-db96831ee26f}\ not found.
    C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK moved successfully.
    C:\Program Files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe moved successfully.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\Windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP\WiseCustomCalla.dll deleted successfully.
    C:\Windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP folder deleted successfully.
    C:\Users\Derek\AppData\Local\0048k445d7v5ikh72424tvc3b4 moved successfully.
    C:\ProgramData\0048k445d7v5ikh72424tvc3b4 moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56502 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Derek
    ->Temp folder emptied: 103228 bytes
    ->Temporary Internet Files folder emptied: 171071841 bytes
    ->Java cache emptied: 3710545 bytes
    ->FireFox cache emptied: 158519154 bytes
    ->Flash cache emptied: 59780 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 5789 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 318.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Derek
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.29.1 log created on 09232011_235911

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...


    Results of screen317's Security Check version 0.99.7
    Windows 7 Service Pack 1 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Microsoft Security Essentials
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    MVPS Hosts File
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 27
    Out of date Java installed!
    Adobe Flash Player 10.3.183.5
    Adobe Reader 9.4.6
    Out of date Adobe Reader installed!
    Mozilla Firefox (x86 en-US..) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Microsoft Security Client Antimalware MsMpEng.exe
    Microsoft Security Client Antimalware NisSrv.exe
    ``````````End of Log````````````

    As for the ESET:
    C:\ProgramData\Spybot - Search & Destroy\Recovery\WinPalevo1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
     
  22. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    ====================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  23. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    The issue seems to be resolved.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...