TechSpot

System Check virus

Solved
By trisail86
Mar 25, 2012
  1. Thank goodness of have found you all. Woke up with System Check virus this am. I've run your five steps and am pasting the logs. I am incredibly grateful that there are generous people such as yourselves who reach out to help others.

    I am not getting the annoying windows anymore after running Anti-Malware, but I can't see my files/applications in Windows Explorer. Am curious what to do next. Here are the logs:

    With great appreciation,
    trisail86

    Anti-Malware Log:
    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.25.03

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Doug :: OFFICE [administrator]

    3/25/2012 2:30:38 PM
    mbam-log-2012-03-25 (14-30-38).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 289113
    Time elapsed: 33 minute(s), 47 second(s)

    Memory Processes Detected: 1
    C:\Documents and Settings\All Users\Application Data\XCMsXSJotCWrp.exe (Trojan.Agent) -> 2356 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 14
    HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D25F921-B9FE-4682-BF72-8AB8210D6D75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D25F921-B9FE-4682-BF72-8AB8210D6D75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D25F921-B9FE-4682-BF72-8AB8210D6D75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{4D25F920-B9FE-4682-BF72-8AB8210D6D75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{4D25F923-B9FE-4682-BF72-8AB8210D6D75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A48FE9AC-DD02-4FF7-9211-B7BA9A2C8BF2} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A48FE9AC-DD02-4FF7-9211-B7BA9A2C8BF2} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7AAEB1-9F3D-4491-9C06-C7165CA8D058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3B7AAEB1-9F3D-4491-9C06-C7165CA8D058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKCR\MyWaySearchAssistantDE.Auxiliary (Adware.MyWaySearch) -> Quarantined and deleted successfully.
    HKCR\MyWaySearchAssistantDE.Auxiliary.1 (Adware.MyWaySearch) -> Quarantined and deleted successfully.

    Registry Values Detected: 3
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|XCMsXSJotCWrp.exe (Trojan.Agent) -> Data: C:\Documents and Settings\All Users\Application Data\XCMsXSJotCWrp.exe -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{4D25F926-B9FE-4682-BF72-8AB8210D6D75} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.

    Registry Data Items Detected: 12
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

    Folders Detected: 3
    C:\Program Files\MyWaySA (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWaySA\SrchAsDe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\890166 (Trojan.BHO) -> Quarantined and deleted successfully.

    Files Detected: 8
    C:\Documents and Settings\All Users\Application Data\XCMsXSJotCWrp.exe (Trojan.Agent) -> Delete on reboot.
    C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Doug\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Doug\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Doug\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\WINDOWS\bemark2.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\WINDOWS\f49f4daa.dat (Worm.Koobface) -> Quarantined and deleted successfully.
    C:\WINDOWS\tmark2.dat (Malware.Trace) -> Quarantined and deleted successfully.

    (end)
    ---

    GMER Log:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-03-25 15:20:35
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 ST3160828AS rev.8.03
    Running: j7zmgweu.exe; Driver: C:\DOCUME~1\Doug\LOCALS~1\Temp\pwtdapod.sys


    ---- Devices - GMER 1.0.15 ----

    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----

    DDS Log:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Doug at 15:27:38 on 2012-03-25
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.332 [GMT -7:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Citrix\Secure Access Client\nsverctl.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
    C:\WINDOWS\system32\svchost.exe -k HPService
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = hxxp://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
    uStart Page = hxxp://www.hotsheet.com/
    uDefault_Page_URL = hxxp://www.dell4me.com/myway
    uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
    uInternet Settings,ProxyServer = http=127.0.0.1:9090
    uInternet Settings,ProxyOverride = <local>;*.local
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    mURLSearchHooks: H - No File
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll
    BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0989.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0989.0\msneshellx.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [Conime] %windir%\system32\conime.exe
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    dRunOnce: [RunNarrator] Narrator.exe
    dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9e.exe
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
    IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass
    IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    Trusted Zone: atk.com\myvpn
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
    DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
    DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab
    DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/15.13/uploader2.cab
    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158951511156
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {85BA505F-FD01-4A91-836C-F7D502E89C9A} - hxxp://www.evite.com/html/imageUpload/ImageUploader4.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
    DPF: {99A7E374-3E8E-4C78-A054-25522DC03DA2} - hxxp://web.vcstar.com/traffic/cameras/NVSViewer.CAB
    DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
    DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - hxxp://wegmansphoto.lifepics.com/net/Uploader/ImageUploader3.cab
    DPF: {B6C8044E-3B7B-4E05-9000-C455FC92235A} - hxxp://web.vcstar.com/traffic/cameras/NVSProtocol.CAB
    DPF: {BA2CB6B1-03EE-4068-87CC-F5E4DD772A9B} - hxxps://promontory-cag3.atk.com/CitrixLogonPoint/MyVPN/EPAClient/CitrixCAO.cab
    DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{23E49CEC-4431-4899-977D-C14EA566FC69} : DhcpNameServer = 192.168.1.1
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
    R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2011-12-19 394672]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 nsverctl;Citrix Secure Access Client Service;c:\program files\citrix\secure access client\nsverctl.exe [2009-11-8 143360]
    R3 Net6IM;Net6;c:\windows\system32\drivers\net6im51.sys [2009-11-8 73880]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
    .
    =============== Created Last 30 ================
    .
    2012-03-25 22:23:48 6582328 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9c475eb9-4992-43b6-b02c-cee2b202d2e1}\mpengine.dll
    2012-03-25 21:29:07 -------- d-----w- c:\documents and settings\doug\application data\Malwarebytes
    2012-03-25 21:28:35 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-03-25 21:28:31 20464 ---ha-w- c:\windows\system32\drivers\mbam.sys
    2012-03-25 21:28:30 -------- d--h--w- c:\program files\Malwarebytes' Anti-Malware
    2012-03-25 15:22:54 361472 ---ha-w- c:\documents and settings\all users\application data\CzJzkQK78iE2Hm.exe
    2012-03-04 03:09:16 -------- d--h--w- c:\documents and settings\doug\application data\ElevatedDiagnostics
    2012-02-28 21:07:31 -------- d--h--w- c:\documents and settings\all users\Kodak
    .
    ==================== Find3M ====================
    .
    2012-01-28 15:32:01 10809376 ---ha-w- c:\program files\common files\lpuninstall.exe
    .
    ============= FINISH: 15:34:41.48 ===============

    DDS Attach.txt file:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/4/2005 1:28:29 PM
    System Uptime: 3/25/2012 3:10:14 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0KF623
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 144 GiB total, 15.702 GiB free.
    D: is Removable
    E: is Removable
    F: is Removable
    G: is Removable
    H: is CDROM ()
    I: is CDROM ()
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: Photosmart C4500 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart C4500 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP2112: 12/31/2011 11:35:39 PM - System Checkpoint
    RP2113: 1/2/2012 8:55:53 AM - System Checkpoint
    RP2114: 1/3/2012 9:33:45 AM - System Checkpoint
    RP2115: 1/4/2012 10:50:18 AM - System Checkpoint
    RP2116: 1/5/2012 1:54:56 PM - System Checkpoint
    RP2117: 1/6/2012 2:16:01 PM - System Checkpoint
    RP2118: 1/7/2012 2:54:14 PM - System Checkpoint
    RP2119: 1/8/2012 3:12:30 PM - System Checkpoint
    RP2120: 1/9/2012 4:55:34 PM - System Checkpoint
    RP2121: 1/10/2012 5:01:58 PM - System Checkpoint
    RP2122: 1/11/2012 5:19:31 PM - System Checkpoint
    RP2123: 1/12/2012 6:31:18 PM - System Checkpoint
    RP2124: 1/13/2012 6:53:44 PM - System Checkpoint
    RP2125: 1/14/2012 9:34:52 PM - System Checkpoint
    RP2126: 1/16/2012 12:01:07 AM - System Checkpoint
    RP2127: 1/17/2012 12:29:49 AM - System Checkpoint
    RP2128: 1/18/2012 12:46:25 AM - System Checkpoint
    RP2129: 1/19/2012 7:18:12 AM - System Checkpoint
    RP2130: 1/20/2012 8:53:23 AM - System Checkpoint
    RP2131: 1/21/2012 9:21:49 AM - System Checkpoint
    RP2132: 1/22/2012 11:04:14 AM - System Checkpoint
    RP2133: 1/23/2012 11:35:16 AM - System Checkpoint
    RP2134: 1/24/2012 1:12:20 PM - System Checkpoint
    RP2135: 1/25/2012 2:33:20 PM - System Checkpoint
    RP2136: 1/26/2012 2:38:22 PM - System Checkpoint
    RP2137: 1/27/2012 4:01:22 PM - System Checkpoint
    RP2138: 1/28/2012 4:05:15 PM - System Checkpoint
    RP2139: 1/29/2012 4:19:04 PM - System Checkpoint
    RP2140: 1/30/2012 4:26:17 PM - System Checkpoint
    RP2141: 1/31/2012 4:27:53 PM - System Checkpoint
    RP2142: 2/1/2012 4:38:14 PM - System Checkpoint
    RP2143: 2/2/2012 5:03:30 PM - System Checkpoint
    RP2144: 2/3/2012 6:15:16 PM - System Checkpoint
    RP2145: 2/4/2012 7:35:56 PM - System Checkpoint
    RP2146: 2/5/2012 9:35:42 PM - System Checkpoint
    RP2147: 2/6/2012 10:29:36 PM - System Checkpoint
    RP2148: 2/7/2012 11:57:59 PM - System Checkpoint
    RP2149: 2/9/2012 12:12:00 AM - System Checkpoint
    RP2150: 2/10/2012 7:08:08 AM - System Checkpoint
    RP2151: 2/11/2012 8:57:24 AM - System Checkpoint
    RP2152: 2/12/2012 9:23:15 AM - System Checkpoint
    RP2153: 2/13/2012 10:11:10 AM - System Checkpoint
    RP2154: 2/14/2012 11:31:39 AM - System Checkpoint
    RP2155: 2/15/2012 12:01:48 PM - System Checkpoint
    RP2156: 2/16/2012 1:10:35 PM - System Checkpoint
    RP2157: 2/17/2012 1:50:44 PM - System Checkpoint
    RP2158: 2/18/2012 2:15:25 PM - System Checkpoint
    RP2159: 2/19/2012 3:10:29 PM - System Checkpoint
    RP2160: 2/20/2012 3:40:46 PM - System Checkpoint
    RP2161: 2/21/2012 4:42:12 PM - System Checkpoint
    RP2162: 2/22/2012 4:56:13 PM - System Checkpoint
    RP2163: 2/23/2012 6:53:24 PM - System Checkpoint
    RP2164: 2/24/2012 7:03:00 PM - System Checkpoint
    RP2165: 2/25/2012 7:18:09 PM - System Checkpoint
    RP2166: 2/26/2012 8:09:56 PM - System Checkpoint
    RP2167: 2/27/2012 8:33:50 PM - System Checkpoint
    RP2168: 2/28/2012 8:52:13 PM - System Checkpoint
    RP2169: 2/29/2012 9:26:38 PM - System Checkpoint
    RP2170: 3/2/2012 12:11:35 AM - System Checkpoint
    RP2171: 3/3/2012 12:58:38 AM - System Checkpoint
    RP2172: 3/4/2012 1:05:02 AM - System Checkpoint
    RP2173: 3/5/2012 1:30:07 AM - System Checkpoint
    RP2174: 3/6/2012 6:40:31 AM - System Checkpoint
    RP2175: 3/7/2012 7:21:57 AM - System Checkpoint
    RP2176: 3/8/2012 7:30:44 AM - System Checkpoint
    RP2177: 3/9/2012 7:59:26 AM - System Checkpoint
    RP2178: 3/10/2012 9:02:26 AM - System Checkpoint
    RP2179: 3/11/2012 10:12:20 AM - System Checkpoint
    RP2180: 3/12/2012 1:02:13 PM - System Checkpoint
    RP2181: 3/13/2012 1:49:59 PM - System Checkpoint
    RP2182: 3/14/2012 2:45:34 PM - System Checkpoint
    RP2183: 3/15/2012 3:30:28 PM - System Checkpoint
    RP2184: 3/16/2012 5:10:32 PM - System Checkpoint
    RP2185: 3/17/2012 5:20:43 PM - System Checkpoint
    RP2186: 3/18/2012 8:45:50 PM - System Checkpoint
    RP2187: 3/19/2012 11:08:12 PM - System Checkpoint
    RP2188: 3/20/2012 11:33:50 PM - System Checkpoint
    RP2189: 3/22/2012 5:32:24 AM - System Checkpoint
    RP2190: 3/23/2012 6:54:31 AM - System Checkpoint
    RP2191: 3/24/2012 7:01:16 AM - System Checkpoint
    RP2192: 3/25/2012 7:26:07 AM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    924PLC32
    Adobe Acrobat 5.0
    Adobe Flash Player 10 ActiveX
    Adobe Reader 8.2.5
    aioprnt
    aioscnnr
    AnswerWorks 5.0 English Runtime
    AOLIcon
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Aqualink RS System Simulator Rev MM
    ATI Control Panel
    ATI Display Driver
    ATI Parental Control
    Audible Download Manager
    Avery Wizard 3.1
    Avery® Wizard 2.1 for Microsoft® Office Word 2003
    Bonjour
    BufferChm
    C4580
    C4580_Help
    C4USelfUpdater
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon Camera WIA Driver
    Canon Camera Window DC_DV 5 for ZoomBrowser EX
    Canon Camera Window DC_DV 6 for ZoomBrowser EX
    Canon Camera Window MC 6 for ZoomBrowser EX
    Canon Digital Camera USB WIA Driver
    Canon EOS-1D Mark II N WIA Driver
    Canon EOS-1Ds Mark II WIA Driver
    Canon EOS 5D WIA Driver
    Canon EOS Kiss_N REBEL_XT 350D WIA Driver
    Canon MovieEdit Task for ZoomBrowser EX
    Canon PhotoRecord
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities Digital Photo Professional 2.1
    Canon Utilities EOS Utility
    Canon Utilities PhotoStitch
    Canon Utilities RAW Image Converter
    Canon Utilities RemoteCapture 2.1
    Canon Utilities ZoomBrowser EX
    Cards_Calendar_OrderGift_DoMorePlugout
    center
    Citrix Access Gateway Plug-in
    Citrix XenApp Web Plugin
    Compatibility Pack for the 2007 Office system
    CustomerResearchQFolder
    Dell Digital Jukebox Driver
    Dell Driver Reset Tool
    Dell Game Console
    Dell Support Center (Support Software)
    Dell System Restore
    DellSupport
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    Digital Content Portal
    DocProc
    DocProcQFolder
    EducateU
    essentials
    eSupportQFolder
    GearDrvs
    Google Update Helper
    GPBaseService
    High Definition Audio Driver Package - KB835221
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Customer Participation Program 11.0
    HP Imaging Device Functions 11.0
    HP Photosmart C4500 All-In-One Driver Software 11.0 Rel .4
    HP Photosmart Essential 2.5
    HP Photosmart Essential 3.0
    HP Smart Web Printing
    HP Solution Center 11.0
    HP Update
    HPPhotoSmartPhotobookWebPack1
    HPProductAssistant
    ImageMixer VCD2
    Intel(R) 537EP V9x DF PCI Modem
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet for Wired Connections
    Internet Explorer Default Page
    iPod for Windows 2005-02-07
    iPod for Windows 2005-11-17
    iTunes
    Jasc Paint Shop Photo Album 5
    Jasc Paint Shop Pro 8
    Jasc Paint Shop Pro Studio, Dell Editon
    Java Auto Updater
    Java(TM) 6 Update 20
    Kodak AIO Printer
    KODAK AiO Software
    LastPass (uninstall only)
    Learn2 Player (Uninstall Only)
    LiveUpdate 3.2 (Symantec Corporation)
    LiveUpdate Notice (Symantec Corporation)
    LUMIX Simple Viewer
    Macromedia Flash Player
    Malwarebytes Anti-Malware version 1.60.1.1000
    MarketResearch
    Memorex exPressit Label Design Studio
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Basic Edition 2003
    Microsoft Office PowerPoint Viewer 2003
    Microsoft Office Professional Edition 2003
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    MobileMe Control Panel
    Modem Event Monitor
    Modem Helper
    Modem On Hold
    MotionDV STUDIO 5.6E LE for DV
    Move Media Player
    MovieEdit Task
    MSN Toolbar
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser
    Musicmatch for Windows Media Player
    MyWay Search Assistant
    NavFit98A
    NETGEAR WG311v3 PCI Adapter
    Network
    NetZeroInstallers
    ocr
    OCR Software by I.R.I.S. 11.0
    Panasonic DVC USB Driver
    PanoStandAlone
    PHOTOfunSTUDIO -viewer-
    Picasa 3
    Polar Precision Performance SW
    PowerDVD 5.5
    PreReq
    PS_AIO_04_C4580_ProductContext
    PS_AIO_04_C4580_Software
    PS_AIO_04_C4580_Software_Min
    PSSWCORE
    Quick Movie Magic 1.0E
    QuickBooks Simple Start Special Edition
    Quicken 2008
    Quicken Home Inventory Manager
    QuickTime
    RealPlayer
    Rhapsody Player Engine
    Rosetta Stone V3
    Scan
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SmartWebPrinting
    SolutionCenter
    Sonic DLA
    Sonic Encoders
    Sonic MyDVD LE
    Sonic RecordNow Audio
    Sonic RecordNow Copy
    Sonic RecordNow Data
    Sony USB Driver
    Status
    Symantec Technical Support Web Controls
    Toolbox
    TrayApp
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB969497)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Media Player 10 (KB910393)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB960763)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    USB-IrDA Adapter
    VideoToolkit01
    Viewpoint Media Player
    WD Diagnostics
    WebCyberCoach 3.2 Dell
    WebFldrs XP
    WebReg
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 10 Hotfix - KB895316
    Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
    Windows PowerShell(TM) 1.0
    Windows XP Media Center Edition 2005 KB2502898
    Windows XP Media Center Edition 2005 KB908246
    Windows XP Media Center Edition 2005 KB908250
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    Yahoo! Messenger
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/25/2012 8:35:39 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.242.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    3/25/2012 8:31:12 AM, error: Microsoft Antimalware [1014] - Microsoft Antimalware has encountered an error trying to remove history of malware and other potentially unwanted software. Time: 2/24/2012 8:31:10 AM User: NT AUTHORITY\SYSTEM Error Code: 0x80070005 Error description: Access is denied.
    3/25/2012 7:23:53 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.242.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    3/24/2012 6:56:08 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.242.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    3/23/2012 6:41:50 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1750.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    3/22/2012 5:25:38 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1750.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    3/22/2012 2:21:09 PM, error: LDMS [3023] - The Logical Disk Manager Service failed while registering for device handle notifications on device \\?\STORAGE#RemovableMedia#8&37d4ea85&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}. Win32 Error: 2.
    3/21/2012 8:45:25 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
    3/21/2012 3:36:54 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1750.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    3/19/2012 10:19:20 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1750.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    3/19/2012 1:35:03 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1750.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    3/18/2012 6:48:26 AM, error: PSched [14103] - QoS [Adapter {23E49CEC-4431-4899-977D-C14EA566FC69}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
    3/18/2012 11:35:25 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1750.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 47,693   +268

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================================================

    Let's see, if we can recover your missing features.
    Download and run UnHide
    Let me know, if it worked.

    ====================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ====================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  3. trisail86

    trisail86 TS Rookie Topic Starter Posts: 29

    Broni-
    Thank you!

    (1) I ran UnHide and it worked in terms of my files and shortcuts being visibile again. Report pasted below.

    (2) I ran aswMBR. The first time it ran, I got a blue screen after about 1 hr 20 min.

    "A problem has been detected and windows has been shut down to prevent damage to your computer.
    DRIVER_IRQL_NOT_LESS_OR_EQUAL
    If first time, restart your computer...."

    I ran aswMBR a second time and it looked to complete in 10 minutes. Log pasted below.

    (3) I ran bootkit_cleaner. Results are pasted below as well.

    Thanks!
    trisail86

    Unhide by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2012 BleepingComputer.com
    More Information about Unhide.exe can be found at this link:
    http://www.bleepingcomputer.com/forums/topic405109.html

    Program started at: 03/25/2012 08:09:56 PM
    Windows Version: Windows XP

    Please be patient while your files are made visible again.

    Processing the C:\ drive
    Finished processing the C:\ drive. 298615 files processed.

    Restoring the Start Menu.
    * 277 Shortcuts and Desktop items were restored.


    Searching for Windows Registry changes made by FakeHDD rogues.
    - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    * NoDesktop policy was found and deleted!
    - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    * HideIcons policy was found and deleted!

    Program finished at: 03/25/2012 08:28:11 PM
    Execution time: 0 hours(s), 18 minute(s), and 15 seconds(s)


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-25 22:13:24
    -----------------------------
    22:13:24.406 OS Version: Windows 5.1.2600 Service Pack 3
    22:13:24.406 Number of processors: 2 586 0x403
    22:13:24.421 ComputerName: OFFICE UserName: Doug
    22:13:28.125 Initialize success
    22:14:18.187 AVAST engine defs: 12032501
    06:13:28.343 The log file has been saved successfully to "C:\Documents and Settings\Doug\Desktop\aswMBR.txt"


    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`03ec1000
    Boot sector MD5 is: e7e6f498a5aad54bc8d066e2192a8456

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>


    Done;
    Press any key to quit...
     
  4. Broni

    Broni Malware Annihilator Posts: 47,693   +268

    Please download and run ListParts by Farbar (for 32-bit system) to your desktop.

    Please download and run ListParts64 by Farbar (for 64-bit system) to your desktop.

    Click on Scan button.

    Scan result will open in Notepad.
    Post it in your next reply.
     
  5. trisail86

    trisail86 TS Rookie Topic Starter Posts: 29

    Broni-
    Results of Listparts pasted below,

    ListParts by Farbar Version: 12-03-2012 03
    Ran by Doug (administrator) on 26-03-2012 at 20:08:29
    Windows XP (X86)
    Running From: C:\Documents and Settings\Doug\Desktop
    Language: 0409
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 68%
    Total physical RAM: 1022.07 MB
    Available physical RAM: 322.72 MB
    Total Pagefile: 2459.97 MB
    Available Pagefile: 1658.51 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 2000.9 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:144.3 GB) (Free:15.62 GB) NTFS ==>[Drive with boot components (Windows XP)]

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 149 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 63 MB 32 KB
    Partition 2 Primary 144 GB 63 MB
    Partition 3 Unknown 4754 MB 144 GB
    ======================================================================================================

    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.
    ======================================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 144 GB Healthy System (partition with boot components)
    ======================================================================================================

    Disk: 0
    Partition 3
    Type : DB
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.
    ======================================================================================================

    ****** End Of Log ******
     
  6. Broni

    Broni Malware Annihilator Posts: 47,693   +268

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  7. trisail86

    trisail86 TS Rookie Topic Starter Posts: 29

    Broni-
    Ran TDSSKiller, no reboot required. Report pasted below (two parts due to length of report)

    21:22:04.0983 0488 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
    21:22:05.0561 0488 ============================================================
    21:22:05.0561 0488 Current date / time: 2012/03/26 21:22:05.0561
    21:22:05.0561 0488 SystemInfo:
    21:22:05.0561 0488
    21:22:05.0561 0488 OS Version: 5.1.2600 ServicePack: 3.0
    21:22:05.0561 0488 Product type: Workstation
    21:22:05.0561 0488 ComputerName: OFFICE
    21:22:05.0561 0488 UserName: Doug
    21:22:05.0561 0488 Windows directory: C:\WINDOWS
    21:22:05.0561 0488 System windows directory: C:\WINDOWS
    21:22:05.0561 0488 Processor architecture: Intel x86
    21:22:05.0561 0488 Number of processors: 2
    21:22:05.0561 0488 Page size: 0x1000
    21:22:05.0561 0488 Boot type: Normal boot
    21:22:05.0561 0488 ============================================================
    21:22:09.0311 0488 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    21:22:09.0468 0488 \Device\Harddisk0\DR0:
    21:22:09.0483 0488 MBR used
    21:22:09.0483 0488 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F608, BlocksNum 0x12098F55
    21:22:09.0561 0488 Initialize success
    21:22:09.0561 0488 ============================================================
    21:22:32.0046 1820 ============================================================
    21:22:32.0046 1820 Scan started
    21:22:32.0046 1820 Mode: Manual;
    21:22:32.0046 1820 ============================================================
    21:22:32.0218 1820 Abiosdsk - ok
    21:22:32.0280 1820 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    21:22:32.0374 1820 abp480n5 - ok
    21:22:32.0421 1820 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    21:22:32.0421 1820 ACPI - ok
    21:22:32.0483 1820 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    21:22:32.0546 1820 ACPIEC - ok
    21:22:32.0624 1820 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    21:22:32.0749 1820 adpu160m - ok
    21:22:32.0780 1820 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    21:22:32.0780 1820 aec - ok
    21:22:32.0827 1820 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
    21:22:32.0936 1820 AFD - ok
    21:22:33.0046 1820 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    21:22:33.0171 1820 agp440 - ok
    21:22:33.0186 1820 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    21:22:33.0249 1820 agpCPQ - ok
    21:22:33.0311 1820 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    21:22:33.0374 1820 Aha154x - ok
    21:22:33.0405 1820 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    21:22:33.0483 1820 aic78u2 - ok
    21:22:33.0515 1820 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    21:22:33.0561 1820 aic78xx - ok
    21:22:33.0593 1820 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
    21:22:33.0593 1820 Alerter - ok
    21:22:33.0624 1820 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
    21:22:33.0624 1820 ALG - ok
    21:22:33.0655 1820 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    21:22:33.0686 1820 AliIde - ok
    21:22:33.0718 1820 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    21:22:33.0765 1820 alim1541 - ok
    21:22:33.0796 1820 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    21:22:33.0843 1820 amdagp - ok
    21:22:33.0874 1820 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    21:22:33.0905 1820 amsint - ok
    21:22:33.0983 1820 Apple Mobile Device (2e3e53a6aef23e24f402c7855b9b1542) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    21:22:33.0983 1820 Apple Mobile Device - ok
    21:22:34.0030 1820 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
    21:22:34.0030 1820 AppMgmt - ok
    21:22:34.0061 1820 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    21:22:34.0093 1820 asc - ok
    21:22:34.0108 1820 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    21:22:34.0140 1820 asc3350p - ok
    21:22:34.0171 1820 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    21:22:34.0218 1820 asc3550 - ok
    21:22:34.0327 1820 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    21:22:35.0046 1820 aspnet_state - ok
    21:22:35.0171 1820 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    21:22:35.0171 1820 AsyncMac - ok
    21:22:35.0249 1820 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    21:22:35.0249 1820 atapi - ok
    21:22:35.0280 1820 Atdisk - ok
    21:22:35.0327 1820 Ati HotKey Poller (abc57a6f6070baf9786c318f59f29f0b) C:\WINDOWS\system32\Ati2evxx.exe
    21:22:35.0343 1820 Ati HotKey Poller - ok
    21:22:35.0546 1820 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    21:22:35.0624 1820 ati2mtag - ok
    21:22:35.0640 1820 ATIAVPCI (a42fa313df3937f9edf028ea0e153dce) C:\WINDOWS\system32\DRIVERS\atinavxx.sys
    21:22:35.0733 1820 ATIAVPCI - ok
    21:22:35.0811 1820 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    21:22:35.0952 1820 Atmarpc - ok
    21:22:35.0999 1820 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
    21:22:35.0999 1820 AudioSrv - ok
    21:22:36.0030 1820 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    21:22:36.0046 1820 audstub - ok
    21:22:36.0061 1820 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    21:22:36.0155 1820 Beep - ok
    21:22:36.0202 1820 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
    21:22:36.0233 1820 BITS - ok
    21:22:36.0311 1820 Bonjour Service (5ab58c337ac65837fe404462ad6265ab) C:\Program Files\Bonjour\mDNSResponder.exe
    21:22:36.0327 1820 Bonjour Service - ok
    21:22:36.0374 1820 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
    21:22:36.0374 1820 Browser - ok
    21:22:36.0390 1820 bvrp_pci - ok
    21:22:36.0405 1820 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    21:22:36.0436 1820 cbidf - ok
    21:22:36.0436 1820 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    21:22:36.0436 1820 cbidf2k - ok
    21:22:36.0530 1820 CCALib8 (5753532c476b83119d85aa43b1b10ab3) C:\Program Files\Canon\CAL\CALMAIN.exe
    21:22:36.0546 1820 CCALib8 - ok
    21:22:36.0577 1820 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    21:22:36.0608 1820 CCDECODE - ok
    21:22:36.0640 1820 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    21:22:36.0671 1820 cd20xrnt - ok
    21:22:36.0686 1820 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    21:22:36.0765 1820 Cdaudio - ok
    21:22:36.0811 1820 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    21:22:36.0811 1820 Cdfs - ok
    21:22:36.0858 1820 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
    21:22:36.0874 1820 cdrbsdrv - ok
    21:22:36.0874 1820 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    21:22:36.0968 1820 Cdrom - ok
    21:22:36.0968 1820 Changer - ok
    21:22:37.0030 1820 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
    21:22:37.0030 1820 CiSvc - ok
    21:22:37.0061 1820 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
    21:22:37.0077 1820 ClipSrv - ok
    21:22:37.0140 1820 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    21:22:37.0936 1820 clr_optimization_v2.0.50727_32 - ok
    21:22:38.0093 1820 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    21:22:38.0155 1820 CmdIde - ok
    21:22:38.0186 1820 COMSysApp - ok
    21:22:38.0249 1820 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    21:22:38.0296 1820 Cpqarray - ok
    21:22:38.0327 1820 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
    21:22:38.0327 1820 CryptSvc - ok
    21:22:38.0358 1820 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    21:22:38.0421 1820 dac2w2k - ok
    21:22:38.0436 1820 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    21:22:38.0468 1820 dac960nt - ok
    21:22:38.0515 1820 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
    21:22:38.0515 1820 DcomLaunch - ok
    21:22:38.0546 1820 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
    21:22:38.0546 1820 Dhcp - ok
    21:22:38.0593 1820 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    21:22:38.0593 1820 Disk - ok
    21:22:38.0608 1820 dmadmin - ok
    21:22:38.0671 1820 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    21:22:38.0874 1820 dmboot - ok
    21:22:38.0952 1820 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    21:22:38.0968 1820 dmio - ok
    21:22:38.0983 1820 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    21:22:38.0983 1820 dmload - ok
    21:22:39.0015 1820 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
    21:22:39.0015 1820 dmserver - ok
    21:22:39.0061 1820 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    21:22:39.0061 1820 DMusic - ok
    21:22:39.0093 1820 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
    21:22:39.0093 1820 Dnscache - ok
    21:22:39.0140 1820 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
    21:22:39.0140 1820 Dot3svc - ok
    21:22:39.0171 1820 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    21:22:39.0202 1820 dpti2o - ok
    21:22:39.0218 1820 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    21:22:39.0218 1820 drmkaud - ok
    21:22:39.0249 1820 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:\WINDOWS\system32\drivers\drvmcdb.sys
    21:22:39.0249 1820 drvmcdb - ok
    21:22:39.0265 1820 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:\WINDOWS\system32\drivers\drvnddm.sys
    21:22:39.0265 1820 drvnddm - ok
    21:22:39.0374 1820 DSBrokerService (fe80901578e7e3da70299a5aeb2b7fbd) C:\Program Files\DellSupport\brkrsvc.exe
    21:22:40.0311 1820 DSBrokerService - ok
    21:22:40.0421 1820 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
    21:22:40.0515 1820 DSproct - ok
    21:22:40.0671 1820 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
    21:22:40.0671 1820 dsunidrv - ok
    21:22:40.0733 1820 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    21:22:40.0733 1820 E100B - ok
    21:22:40.0765 1820 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
    21:22:40.0765 1820 EapHost - ok
    21:22:40.0843 1820 ehRecvr (8301243bde5b6cd316d79c0191d50d9a) C:\WINDOWS\eHome\ehRecvr.exe
    21:22:40.0843 1820 ehRecvr - ok
    21:22:40.0890 1820 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
    21:22:40.0890 1820 ehSched - ok
    21:22:40.0921 1820 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
    21:22:40.0921 1820 ERSvc - ok
    21:22:40.0952 1820 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    21:22:40.0968 1820 Eventlog - ok
    21:22:41.0015 1820 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
    21:22:41.0015 1820 EventSystem - ok
    21:22:41.0093 1820 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    21:22:41.0093 1820 Fastfat - ok
    21:22:41.0124 1820 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    21:22:41.0155 1820 FastUserSwitchingCompatibility - ok
    21:22:41.0202 1820 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
    21:22:41.0202 1820 Fax - ok
    21:22:41.0233 1820 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    21:22:41.0296 1820 Fdc - ok
    21:22:41.0311 1820 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    21:22:41.0358 1820 Fips - ok
    21:22:41.0452 1820 FLEXnet Licensing Service (d778107d7c2a19d7e7a884a9f0d79581) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    21:22:41.0983 1820 FLEXnet Licensing Service - ok
    21:22:42.0093 1820 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    21:22:42.0155 1820 Flpydisk - ok
    21:22:42.0186 1820 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    21:22:42.0186 1820 FltMgr - ok
    21:22:42.0311 1820 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    21:22:42.0483 1820 FontCache3.0.0.0 - ok
    21:22:42.0640 1820 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    21:22:42.0671 1820 Fs_Rec - ok
    21:22:42.0780 1820 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    21:22:42.0796 1820 Ftdisk - ok
    21:22:42.0843 1820 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    21:22:42.0858 1820 GEARAspiWDM - ok
    21:22:42.0890 1820 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    21:22:42.0952 1820 Gpc - ok
    21:22:42.0999 1820 grmnusb (cd007d03a9284bfe67d49c01213132bf) C:\WINDOWS\system32\drivers\grmnusb.sys
    21:22:43.0015 1820 grmnusb - ok
    21:22:43.0093 1820 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
    21:22:43.0108 1820 gupdate - ok
    21:22:43.0108 1820 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
    21:22:43.0108 1820 gupdatem - ok
    21:22:43.0140 1820 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    21:22:43.0499 1820 gusvc - ok
    21:22:43.0640 1820 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    21:22:43.0640 1820 HDAudBus - ok
    21:22:43.0718 1820 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    21:22:43.0718 1820 helpsvc - ok
    21:22:43.0733 1820 HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys
    21:22:43.0780 1820 HidIr - ok
    21:22:43.0811 1820 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
    21:22:43.0811 1820 HidServ - ok
    21:22:43.0843 1820 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    21:22:43.0874 1820 HidUsb - ok
    21:22:43.0921 1820 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
    21:22:43.0921 1820 hkmsvc - ok
    21:22:43.0952 1820 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    21:22:43.0968 1820 hpn - ok
    21:22:44.0077 1820 hpqcxs08 (ed377b3c83fdea8d906109a085d219ba) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
    21:22:44.0077 1820 hpqcxs08 - ok
    21:22:44.0124 1820 hpqddsvc (ee4c7a4cf2316701ffde90f404520265) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
    21:22:44.0124 1820 hpqddsvc - ok
    21:22:44.0155 1820 HPSLPSVC (6f9cb6539a1b2508bd1c53d29334431a) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
    21:22:44.0171 1820 HPSLPSVC - ok
    21:22:44.0311 1820 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    21:22:44.0390 1820 HPZid412 - ok
    21:22:44.0421 1820 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    21:22:44.0499 1820 HPZipr12 - ok
    21:22:44.0530 1820 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    21:22:44.0561 1820 HPZius12 - ok
    21:22:44.0608 1820 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    21:22:44.0608 1820 HTTP - ok
    21:22:44.0640 1820 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
    21:22:44.0640 1820 HTTPFilter - ok
    21:22:44.0671 1820 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    21:22:44.0733 1820 i2omgmt - ok
    21:22:44.0765 1820 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    21:22:44.0811 1820 i2omp - ok
    21:22:44.0843 1820 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    21:22:44.0905 1820 i8042prt - ok
    21:22:45.0061 1820 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    21:22:45.0343 1820 IDriverT - ok
    21:22:45.0546 1820 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    21:22:45.0905 1820 idsvc - ok
    21:22:46.0046 1820 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    21:22:46.0093 1820 Imapi - ok
    21:22:46.0124 1820 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
    21:22:46.0140 1820 ImapiService - ok
    21:22:46.0186 1820 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    21:22:46.0202 1820 ini910u - ok
    21:22:46.0280 1820 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
    21:22:46.0343 1820 IntelC51 - ok
    21:22:46.0515 1820 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
    21:22:46.0921 1820 IntelC52 - ok
    21:22:47.0202 1820 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
    21:22:47.0265 1820 IntelC53 - ok
    21:22:47.0374 1820 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    21:22:47.0390 1820 IntelIde - ok
    21:22:47.0436 1820 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    21:22:47.0468 1820 intelppm - ok
    21:22:47.0483 1820 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    21:22:47.0577 1820 Ip6Fw - ok
    21:22:47.0624 1820 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    21:22:47.0624 1820 IpFilterDriver - ok
    21:22:47.0671 1820 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    21:22:47.0733 1820 IpInIp - ok
    21:22:47.0765 1820 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    21:22:47.0765 1820 IpNat - ok
    21:22:47.0874 1820 iPod Service (8f610078437a459948480407f4db91ea) C:\Program Files\iPod\bin\iPodService.exe
    21:22:47.0874 1820 iPod Service - ok
    21:22:47.0905 1820 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    21:22:47.0983 1820 IPSec - ok
    21:22:48.0030 1820 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys
    21:22:48.0061 1820 IrBus - ok
    21:22:48.0108 1820 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
    21:22:48.0140 1820 irda - ok
    21:22:48.0155 1820 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    21:22:48.0202 1820 IRENUM - ok
    21:22:48.0233 1820 Irmon (49cc4533ce897cb2e93c1e84a818fde5) C:\WINDOWS\System32\irmon.dll
    21:22:48.0249 1820 Irmon - ok
    21:22:48.0265 1820 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    21:22:48.0265 1820 isapnp - ok
    21:22:48.0343 1820 JavaQuickStarterService (1834c96fb1f9280bcf6ddfa6de8338bf) C:\Program Files\Java\jre6\bin\jqs.exe
    21:22:48.0343 1820 JavaQuickStarterService - ok
    21:22:48.0358 1820 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    21:22:48.0390 1820 Kbdclass - ok
    21:22:48.0405 1820 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    21:22:48.0436 1820 kbdhid - ok
    21:22:48.0452 1820 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    21:22:48.0452 1820 kmixer - ok
    21:22:48.0546 1820 Kodak AiO Network Discovery Service (27277a11db52fefae5b01dc8fb570b28) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
    21:22:48.0561 1820 Kodak AiO Network Discovery Service - ok
    21:22:48.0593 1820 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    21:22:48.0593 1820 KSecDD - ok
    21:22:48.0624 1820 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
    21:22:48.0640 1820 lanmanserver - ok
    21:22:48.0671 1820 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
    21:22:48.0671 1820 lanmanworkstation - ok
    21:22:48.0686 1820 lbrtfdc - ok
    21:22:48.0765 1820 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
    21:22:48.0765 1820 LmHosts - ok
    21:22:48.0858 1820 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
    21:22:48.0858 1820 McrdSvc - ok
    21:22:48.0936 1820 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys
    21:22:48.0936 1820 MCSTRM - ok
    21:22:49.0030 1820 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    21:22:49.0030 1820 MDM - ok
    21:22:49.0077 1820 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
    21:22:49.0093 1820 Messenger - ok
    21:22:49.0108 1820 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
    21:22:49.0108 1820 MHN - ok
    21:22:49.0140 1820 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
    21:22:49.0202 1820 MHNDRV - ok
    21:22:49.0218 1820 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    21:22:49.0233 1820 mnmdd - ok
    21:22:49.0265 1820 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
    21:22:49.0265 1820 mnmsrvc - ok
    21:22:49.0311 1820 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    21:22:49.0311 1820 Modem - ok
    21:22:49.0327 1820 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
    21:22:49.0390 1820 MODEMCSA - ok
    21:22:49.0436 1820 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
    21:22:49.0436 1820 mohfilt - ok
    21:22:49.0468 1820 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    21:22:49.0499 1820 Mouclass - ok
    21:22:49.0546 1820 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    21:22:49.0593 1820 mouhid - ok
    21:22:49.0624 1820 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    21:22:49.0624 1820 MountMgr - ok
    21:22:49.0655 1820 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
    21:22:49.0686 1820 MPE - ok
    21:22:49.0718 1820 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    21:22:49.0905 1820 MpFilter - ok
    21:22:50.0093 1820 MpKslfb07cfff (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9C475EB9-4992-43B6-B02C-CEE2B202D2E1}\MpKslfb07cfff.sys
    21:22:50.0093 1820 MpKslfb07cfff - ok
    21:22:50.0233 1820 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    21:22:50.0280 1820 mraid35x - ok
    21:22:50.0327 1820 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    21:22:50.0327 1820 MRxDAV - ok
    21:22:50.0374 1820 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    21:22:50.0436 1820 MRxSmb - ok
    21:22:50.0468 1820 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
    21:22:50.0468 1820 MSDTC - ok
    21:22:50.0483 1820 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    21:22:50.0546 1820 Msfs - ok
    21:22:50.0561 1820 MSIServer - ok
    21:22:50.0593 1820 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    21:22:50.0608 1820 MSKSSRV - ok
    21:22:50.0671 1820 MsMpSvc (90dc23d940551db35367fb1e40575b25) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    21:22:50.0686 1820 MsMpSvc - ok
    21:22:50.0702 1820 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    21:22:50.0780 1820 MSPCLOCK - ok
    21:22:50.0796 1820 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    21:22:50.0796 1820 MSPQM - ok
    21:22:50.0827 1820 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    21:22:50.0827 1820 mssmbios - ok
    21:22:50.0858 1820 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    21:22:50.0905 1820 MSTEE - ok
    21:22:50.0921 1820 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    21:22:50.0968 1820 Mup - ok
    21:22:50.0999 1820 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    21:22:51.0030 1820 NABTSFEC - ok
    21:22:51.0108 1820 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
    21:22:51.0108 1820 napagent - ok
    21:22:51.0140 1820 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    21:22:51.0249 1820 NDIS - ok
    21:22:51.0280 1820 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    21:22:51.0296 1820 NdisIP - ok
    21:22:51.0327 1820 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    21:22:51.0358 1820 NdisTapi - ok
    21:22:51.0374 1820 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    21:22:51.0390 1820 Ndisuio - ok
    21:22:51.0421 1820 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    21:22:51.0499 1820 NdisWan - ok
    21:22:51.0530 1820 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    21:22:51.0577 1820 NDProxy - ok
    21:22:51.0608 1820 Net Driver HPZ12 (949941e4de88df1faf49a4b3cffb756f) C:\WINDOWS\system32\HPZinw12.dll
    21:22:51.0608 1820 Net Driver HPZ12 - ok
    21:22:51.0640 1820 Net6IM (348b1caedf9bff1057b564ae3577d382) C:\WINDOWS\system32\DRIVERS\net6im51.sys
    21:22:51.0686 1820 Net6IM - ok
    21:22:51.0733 1820 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
     
  8. trisail86

    trisail86 TS Rookie Topic Starter Posts: 29

    Part 2 of the TDSSKiller report:

    21:22:51.0780 1820 NetBIOS - ok
    21:22:51.0811 1820 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    21:22:51.0874 1820 NetBT - ok
    21:22:51.0921 1820 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    21:22:51.0921 1820 NetDDE - ok
    21:22:51.0921 1820 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    21:22:51.0936 1820 NetDDEdsdm - ok
    21:22:51.0968 1820 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    21:22:51.0968 1820 Netlogon - ok
    21:22:52.0030 1820 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
    21:22:52.0046 1820 Netman - ok
    21:22:52.0218 1820 NetSvc (9da26b773bd04b867a8e9f427cd048fc) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    21:22:52.0358 1820 NetSvc - ok
    21:22:52.0546 1820 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    21:22:52.0593 1820 NetTcpPortSharing - ok
    21:22:52.0655 1820 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
    21:22:52.0655 1820 Nla - ok
    21:22:52.0718 1820 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    21:22:52.0780 1820 Npfs - ok
    21:22:52.0874 1820 nsverctl (9ad67299cd555a6f2b01831aac43b6f9) C:\Program Files\Citrix\Secure Access Client\nsverctl.exe
    21:22:52.0874 1820 nsverctl - ok
    21:22:52.0936 1820 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    21:22:52.0983 1820 Ntfs - ok
    21:22:52.0999 1820 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    21:22:52.0999 1820 NtLmSsp - ok
    21:22:53.0061 1820 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
    21:22:53.0061 1820 NtmsSvc - ok
    21:22:53.0108 1820 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    21:22:53.0124 1820 Null - ok
    21:22:53.0202 1820 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    21:22:53.0374 1820 nv - ok
    21:22:53.0390 1820 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    21:22:53.0436 1820 NwlnkFlt - ok
    21:22:53.0452 1820 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    21:22:53.0515 1820 NwlnkFwd - ok
    21:22:53.0577 1820 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    21:22:53.0655 1820 ose - ok
    21:22:53.0811 1820 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    21:22:53.0905 1820 Parport - ok
    21:22:53.0952 1820 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    21:22:53.0983 1820 PartMgr - ok
    21:22:54.0015 1820 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    21:22:54.0061 1820 ParVdm - ok
    21:22:54.0077 1820 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    21:22:54.0124 1820 PCI - ok
    21:22:54.0140 1820 PCIDump - ok
    21:22:54.0171 1820 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    21:22:54.0218 1820 PCIIde - ok
    21:22:54.0249 1820 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    21:22:54.0280 1820 Pcmcia - ok
    21:22:54.0296 1820 PDCOMP - ok
    21:22:54.0311 1820 PDFRAME - ok
    21:22:54.0311 1820 PDRELI - ok
    21:22:54.0327 1820 PDRFRAME - ok
    21:22:54.0358 1820 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    21:22:54.0390 1820 perc2 - ok
    21:22:54.0421 1820 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    21:22:54.0452 1820 perc2hib - ok
    21:22:54.0499 1820 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    21:22:54.0499 1820 PlugPlay - ok
    21:22:54.0577 1820 Pml Driver HPZ12 (2f4ca141a609caf5c98f6e4760ef1b9b) C:\WINDOWS\system32\HPZipm12.dll
    21:22:54.0577 1820 Pml Driver HPZ12 - ok
    21:22:54.0624 1820 PolarUSB (3f1110901da07cc428710460276e28a0) C:\WINDOWS\system32\DRIVERS\PolarUSB.sys
    21:22:54.0686 1820 PolarUSB - ok
    21:22:54.0718 1820 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    21:22:54.0718 1820 PolicyAgent - ok
    21:22:54.0749 1820 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    21:22:54.0796 1820 PptpMiniport - ok
    21:22:54.0811 1820 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    21:22:54.0811 1820 ProtectedStorage - ok
    21:22:54.0811 1820 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    21:22:54.0905 1820 PSched - ok
    21:22:54.0936 1820 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    21:22:54.0952 1820 Ptilink - ok
    21:22:54.0983 1820 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    21:22:54.0999 1820 PxHelp20 - ok
    21:22:55.0046 1820 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    21:22:55.0077 1820 ql1080 - ok
    21:22:55.0108 1820 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    21:22:55.0124 1820 Ql10wnt - ok
    21:22:55.0155 1820 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    21:22:55.0171 1820 ql12160 - ok
    21:22:55.0202 1820 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    21:22:55.0218 1820 ql1240 - ok
    21:22:55.0233 1820 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    21:22:55.0265 1820 ql1280 - ok
    21:22:55.0327 1820 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    21:22:55.0327 1820 RasAcd - ok
    21:22:55.0374 1820 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
    21:22:55.0405 1820 RasAuto - ok
    21:22:55.0436 1820 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
    21:22:55.0468 1820 Rasirda - ok
    21:22:55.0499 1820 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    21:22:55.0530 1820 Rasl2tp - ok
    21:22:55.0577 1820 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
    21:22:55.0593 1820 RasMan - ok
    21:22:55.0593 1820 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    21:22:55.0624 1820 RasPppoe - ok
    21:22:55.0640 1820 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    21:22:55.0671 1820 Raspti - ok
    21:22:55.0686 1820 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    21:22:55.0749 1820 Rdbss - ok
    21:22:55.0765 1820 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    21:22:55.0780 1820 RDPCDD - ok
    21:22:55.0796 1820 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    21:22:55.0874 1820 rdpdr - ok
    21:22:55.0905 1820 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    21:22:55.0921 1820 RDPWD - ok
    21:22:55.0968 1820 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
    21:22:55.0968 1820 RDSessMgr - ok
    21:22:55.0983 1820 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    21:22:56.0030 1820 redbook - ok
    21:22:56.0093 1820 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
    21:22:56.0093 1820 RemoteAccess - ok
    21:22:56.0155 1820 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
    21:22:56.0155 1820 RemoteRegistry - ok
    21:22:56.0202 1820 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
    21:22:56.0218 1820 RpcLocator - ok
    21:22:56.0265 1820 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
    21:22:56.0265 1820 RpcSs - ok
    21:22:56.0327 1820 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
    21:22:56.0327 1820 RSVP - ok
    21:22:56.0374 1820 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    21:22:56.0374 1820 SamSs - ok
    21:22:56.0405 1820 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
    21:22:56.0405 1820 SCardSvr - ok
    21:22:56.0452 1820 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
    21:22:56.0452 1820 Schedule - ok
    21:22:56.0515 1820 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    21:22:56.0561 1820 Secdrv - ok
    21:22:56.0608 1820 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
    21:22:56.0608 1820 seclogon - ok
    21:22:56.0624 1820 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
    21:22:56.0640 1820 SENS - ok
    21:22:56.0671 1820 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    21:22:56.0718 1820 serenum - ok
    21:22:56.0733 1820 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    21:22:56.0796 1820 Serial - ok
    21:22:56.0827 1820 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    21:22:56.0843 1820 Sfloppy - ok
    21:22:56.0874 1820 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
    21:22:56.0890 1820 SharedAccess - ok
    21:22:56.0921 1820 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    21:22:56.0921 1820 ShellHWDetection - ok
    21:22:56.0936 1820 Simbad - ok
    21:22:56.0968 1820 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    21:22:57.0061 1820 sisagp - ok
    21:22:57.0093 1820 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    21:22:57.0124 1820 SLIP - ok
    21:22:57.0186 1820 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
    21:22:57.0233 1820 SONYPVU1 - ok
    21:22:57.0311 1820 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    21:22:57.0343 1820 Sparrow - ok
    21:22:57.0390 1820 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    21:22:57.0390 1820 splitter - ok
    21:22:57.0421 1820 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
    21:22:57.0421 1820 Spooler - ok
    21:22:57.0483 1820 sprtsvc_dellsupportcenter - ok
    21:22:57.0515 1820 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    21:22:57.0593 1820 sr - ok
    21:22:57.0640 1820 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
    21:22:57.0655 1820 srservice - ok
    21:22:57.0686 1820 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    21:22:57.0686 1820 Srv - ok
    21:22:57.0718 1820 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:\WINDOWS\system32\drivers\sscdbhk5.sys
    21:22:57.0733 1820 sscdbhk5 - ok
    21:22:57.0780 1820 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
    21:22:57.0780 1820 SSDPSRV - ok
    21:22:57.0796 1820 ssrtln (d79412e3942c8a257253487536d5a994) C:\WINDOWS\system32\drivers\ssrtln.sys
    21:22:57.0843 1820 ssrtln - ok
    21:22:57.0921 1820 STHDA (352b663a81402be7cd7bd4ea27c9998c) C:\WINDOWS\system32\drivers\sthda.sys
    21:22:57.0921 1820 STHDA - ok
    21:22:57.0983 1820 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
    21:22:57.0983 1820 StillCam - ok
    21:22:58.0030 1820 STIrUsb (9fa87afed9eb97dc90707ac8f19264f6) C:\WINDOWS\system32\DRIVERS\irstusb.sys
    21:22:58.0093 1820 STIrUsb - ok
    21:22:58.0140 1820 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
    21:22:58.0140 1820 stisvc - ok
    21:22:58.0171 1820 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    21:22:58.0202 1820 streamip - ok
    21:22:58.0218 1820 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    21:22:58.0249 1820 swenum - ok
    21:22:58.0280 1820 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    21:22:58.0280 1820 swmidi - ok
    21:22:58.0296 1820 SwPrv - ok
    21:22:58.0343 1820 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    21:22:58.0358 1820 symc810 - ok
    21:22:58.0390 1820 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    21:22:58.0421 1820 symc8xx - ok
    21:22:58.0436 1820 SymIM - ok
    21:22:58.0452 1820 SymIMMP - ok
    21:22:58.0468 1820 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    21:22:58.0483 1820 sym_hi - ok
    21:22:58.0530 1820 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    21:22:58.0546 1820 sym_u3 - ok
    21:22:58.0593 1820 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    21:22:58.0593 1820 sysaudio - ok
    21:22:58.0624 1820 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
    21:22:58.0640 1820 SysmonLog - ok
    21:22:58.0671 1820 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
    21:22:58.0671 1820 TapiSrv - ok
    21:22:58.0718 1820 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    21:22:58.0749 1820 Tcpip - ok
    21:22:58.0811 1820 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    21:22:58.0827 1820 TDPIPE - ok
    21:22:58.0858 1820 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    21:22:58.0874 1820 TDTCP - ok
    21:22:58.0905 1820 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    21:22:58.0905 1820 TermDD - ok
    21:22:58.0968 1820 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
    21:22:58.0968 1820 TermService - ok
    21:22:59.0015 1820 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:\WINDOWS\system32\dla\tfsnboio.sys
    21:22:59.0030 1820 tfsnboio - ok
    21:22:59.0061 1820 tfsncofs (599804bc938b8305a5422319774da871) C:\WINDOWS\system32\dla\tfsncofs.sys
    21:22:59.0093 1820 tfsncofs - ok
    21:22:59.0108 1820 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:\WINDOWS\system32\dla\tfsndrct.sys
    21:22:59.0124 1820 tfsndrct - ok
    21:22:59.0155 1820 tfsndres (d8ddb3f2b1bef15cff6728d89c042c61) C:\WINDOWS\system32\dla\tfsndres.sys
    21:22:59.0186 1820 tfsndres - ok
    21:22:59.0218 1820 tfsnifs (c4f2dea75300971cdaee311007de138d) C:\WINDOWS\system32\dla\tfsnifs.sys
    21:22:59.0280 1820 tfsnifs - ok
    21:22:59.0296 1820 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:\WINDOWS\system32\dla\tfsnopio.sys
    21:22:59.0311 1820 tfsnopio - ok
    21:22:59.0343 1820 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:\WINDOWS\system32\dla\tfsnpool.sys
    21:22:59.0374 1820 tfsnpool - ok
    21:22:59.0421 1820 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:\WINDOWS\system32\dla\tfsnudf.sys
    21:22:59.0483 1820 tfsnudf - ok
    21:22:59.0515 1820 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:\WINDOWS\system32\dla\tfsnudfa.sys
    21:22:59.0561 1820 tfsnudfa - ok
    21:22:59.0608 1820 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    21:22:59.0608 1820 Themes - ok
    21:22:59.0655 1820 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
    21:22:59.0655 1820 TlntSvr - ok
    21:22:59.0702 1820 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    21:22:59.0733 1820 TosIde - ok
    21:22:59.0780 1820 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
    21:22:59.0796 1820 TrkWks - ok
    21:22:59.0827 1820 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    21:22:59.0874 1820 Udfs - ok
    21:22:59.0890 1820 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    21:22:59.0921 1820 ultra - ok
    21:22:59.0983 1820 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    21:22:59.0999 1820 Update - ok
    21:23:00.0030 1820 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
    21:23:00.0046 1820 upnphost - ok
    21:23:00.0061 1820 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
    21:23:00.0061 1820 UPS - ok
    21:23:00.0108 1820 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
    21:23:00.0108 1820 USBAAPL - ok
    21:23:00.0155 1820 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    21:23:00.0233 1820 usbaudio - ok
    21:23:00.0280 1820 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    21:23:00.0327 1820 usbccgp - ok
    21:23:00.0358 1820 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    21:23:00.0390 1820 usbehci - ok
    21:23:00.0405 1820 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    21:23:00.0452 1820 usbhub - ok
    21:23:00.0483 1820 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    21:23:00.0515 1820 usbprint - ok
    21:23:00.0530 1820 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    21:23:00.0561 1820 usbscan - ok
    21:23:00.0577 1820 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    21:23:00.0624 1820 USBSTOR - ok
    21:23:00.0640 1820 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    21:23:00.0671 1820 usbuhci - ok
    21:23:00.0718 1820 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
    21:23:00.0765 1820 usbvideo - ok
    21:23:00.0796 1820 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    21:23:00.0827 1820 VgaSave - ok
    21:23:00.0874 1820 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    21:23:00.0936 1820 viaagp - ok
    21:23:00.0952 1820 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    21:23:00.0968 1820 ViaIde - ok
    21:23:01.0015 1820 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    21:23:01.0077 1820 VolSnap - ok
    21:23:01.0108 1820 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
    21:23:01.0108 1820 VSS - ok
    21:23:01.0155 1820 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
    21:23:01.0155 1820 w32time - ok
    21:23:01.0233 1820 W8335XP (7455b3c11a1d6a844b53febdb58646e9) C:\WINDOWS\system32\DRIVERS\WG311v3XP.sys
    21:23:01.0233 1820 W8335XP - ok
    21:23:01.0280 1820 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    21:23:01.0327 1820 Wanarp - ok
    21:23:01.0343 1820 wanatw - ok
    21:23:01.0358 1820 WDICA - ok
    21:23:01.0390 1820 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    21:23:01.0390 1820 wdmaud - ok
    21:23:01.0436 1820 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
    21:23:01.0436 1820 WebClient - ok
    21:23:01.0515 1820 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
    21:23:01.0515 1820 winmgmt - ok
    21:23:01.0577 1820 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
    21:23:01.0577 1820 WmdmPmSN - ok
    21:23:01.0640 1820 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
    21:23:01.0640 1820 Wmi - ok
    21:23:01.0671 1820 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
    21:23:01.0952 1820 WmiApSrv - ok
    21:23:02.0061 1820 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
    21:23:02.0061 1820 wscsvc - ok
    21:23:02.0155 1820 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    21:23:02.0186 1820 WSTCODEC - ok
    21:23:02.0233 1820 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    21:23:02.0296 1820 WudfPf - ok
    21:23:02.0343 1820 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    21:23:02.0405 1820 WudfRd - ok
    21:23:02.0452 1820 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
    21:23:02.0468 1820 WudfSvc - ok
    21:23:02.0530 1820 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
    21:23:02.0546 1820 WZCSVC - ok
    21:23:02.0593 1820 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
    21:23:02.0593 1820 xmlprov - ok
    21:23:02.0624 1820 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
    21:23:02.0640 1820 \Device\Harddisk0\DR0 - ok
    21:23:02.0671 1820 Boot (0x1200) (891577e33300bb07b58b3d6690d4d082) \Device\Harddisk0\DR0\Partition0
    21:23:02.0671 1820 \Device\Harddisk0\DR0\Partition0 - ok
    21:23:02.0671 1820 ============================================================
    21:23:02.0671 1820 Scan finished
    21:23:02.0671 1820 ============================================================
    21:23:02.0686 1920 Detected object count: 0
    21:23:02.0686 1920 Actual detected object count: 0
     
  9. trisail86

    trisail86 TS Rookie Topic Starter Posts: 29

    Broni-
    One last note as well. There looks to be a "System Check" icon for a shortcut both in the lower left side of windows toolbar next to "Start" menu and one on my desktop as well. I don't dare touch these until I hear from you what to do with them.

    Trisail86
     
  10. Broni

    Broni Malware Annihilator Posts: 47,693   +268

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  11. trisail86

    trisail86 TS Rookie Topic Starter Posts: 29

    Broni-
    Combofix completed. Report pasted below.

    ComboFix 12-03-26.04 - Doug 03/26/2012 22:57:36.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.683 [GMT -7:00]
    Running from: c:\documents and settings\Doug\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\~CzJzkQK78iE2Hm
    c:\documents and settings\All Users\Application Data\~CzJzkQK78iE2Hmr
    c:\documents and settings\All Users\Application Data\CzJzkQK78iE2Hm
    c:\documents and settings\Bernadette\Desktop\Doug Contact Folder.dug
    c:\documents and settings\Doug\My Documents\~WRL1114.tmp
    c:\documents and settings\Doug\My Documents\~WRL3137.tmp
    c:\documents and settings\Doug\Start Menu\Programs\System Check
    c:\documents and settings\Doug\Start Menu\Programs\System Check\System Check.lnk
    c:\documents and settings\Doug\Start Menu\Programs\System Check\Uninstall System Check.lnk
    c:\documents and settings\Doug\WINDOWS
    c:\documents and settings\Stephanie\My Documents\~WRL0004.tmp
    c:\documents and settings\Stephanie\My Documents\~WRL1490.tmp
    c:\documents and settings\Stephanie\My Documents\~WRL1618.tmp
    c:\documents and settings\Stephanie\My Documents\~WRL1910.tmp
    c:\documents and settings\Stephanie\My Documents\~WRL3699.tmp
    c:\windows\EventSystem.log
    c:\windows\kb913800.exe
    c:\windows\system32\bszip.dll
    c:\windows\system32\drivers\etc\hosts.ics
    c:\windows\system32\ijl11.dll
    c:\windows\system32\MrvGINA.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-27 to 2012-03-27 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-27 06:46 . 2012-03-27 06:46 -------- d-----w- c:\windows\LastGood
    2012-03-26 05:13 . 2012-03-26 05:13 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9C475EB9-4992-43B6-B02C-CEE2B202D2E1}\MpKslfb07cfff.sys
    2012-03-25 22:23 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9C475EB9-4992-43B6-B02C-CEE2B202D2E1}\mpengine.dll
    2012-03-25 21:29 . 2012-03-25 21:29 -------- d-----w- c:\documents and settings\Doug\Application Data\Malwarebytes
    2012-03-25 21:28 . 2012-03-25 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-03-25 21:28 . 2011-12-10 22:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-25 21:28 . 2012-03-25 21:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-03-25 15:22 . 2012-03-25 15:22 361472 ----a-w- c:\documents and settings\All Users\Application Data\CzJzkQK78iE2Hm.exe
    2012-03-04 03:09 . 2012-03-04 03:09 -------- d-----w- c:\documents and settings\Doug\Application Data\ElevatedDiagnostics
    2012-02-28 21:07 . 2012-02-28 21:07 -------- d-----w- c:\documents and settings\All Users\Kodak
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-08 06:03 . 2010-07-12 17:43 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-01-28 15:32 . 2012-01-15 01:44 10809376 ----a-w- c:\program files\Common Files\lpuninstall.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
    "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
    "Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
    "EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2011-06-17 2510848]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]
    .
    c:\documents and settings\Administrator\Start Menu\Programs\Startup\
    Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2012-1-14 10809376]
    .
    c:\documents and settings\Megan\Start Menu\Programs\Startup\
    Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2012-1-14 10809376]
    .
    c:\documents and settings\Stephanie\Start Menu\Programs\Startup\
    Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2012-1-14 10809376]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2009-12-17 1795488]
    Citrix Access Gateway.lnk - c:\program files\Citrix\Secure Access Client\nsload.exe [2009-11-8 1393304]
    NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\wlancfg5.exe [2006-1-26 1486848]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
    "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\Citrix\\Secure Access Client\\nsload.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
    "c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
    "c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
    "c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "<NO NAME>"=
    "9090:TCP"= 9090:TCP:TINYPROXY
    "53:TCP"= 53:TCP:TINYPROXY
    "427:UDP"= 427:UDP:SLP_Port(427)
    "5353:UDP"= 5353:UDP:Bonjour Port 5353
    "9322:TCP"= 9322:TCP:EKDiscovery
    .
    R1 MpKslfb07cfff;MpKslfb07cfff;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9C475EB9-4992-43B6-B02C-CEE2B202D2E1}\MpKslfb07cfff.sys [3/25/2012 10:13 PM 29904]
    R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [12/19/2011 5:32 PM 394672]
    R2 nsverctl;Citrix Secure Access Client Service;c:\program files\Citrix\Secure Access Client\nsverctl.exe [11/8/2009 12:24 PM 143360]
    R3 Net6IM;Net6;c:\windows\system32\drivers\net6im51.sys [11/8/2009 12:26 PM 73880]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 1:12 PM 135664]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 1:12 PM 135664]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    *NewlyCreated* - WUAUSERV
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-23 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 19:34]
    .
    2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 20:12]
    .
    2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 20:12]
    .
    2012-03-27 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 20:26]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.hotsheet.com/
    uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
    uInternet Settings,ProxyServer = http=127.0.0.1:9090
    uInternet Settings,ProxyOverride = <local>;*.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
    IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass
    IE: LastPass Fill Forms - file://c:\program files\LastPass\context.html?cmd=fillforms
    Trusted Zone: atk.com\myvpn
    TCP: DhcpNameServer = 192.168.1.1
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
    DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
    DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
    DPF: {85BA505F-FD01-4A91-836C-F7D502E89C9A} - hxxp://www.evite.com/html/imageUpload/ImageUploader4.cab
    DPF: {99A7E374-3E8E-4C78-A054-25522DC03DA2} - hxxp://web.vcstar.com/traffic/cameras/NVSViewer.CAB
    DPF: {B6C8044E-3B7B-4E05-9000-C455FC92235A} - hxxp://web.vcstar.com/traffic/cameras/NVSProtocol.CAB
    DPF: {BA2CB6B1-03EE-4068-87CC-F5E4DD772A9B} - hxxps://promontory-cag3.atk.com/CitrixLogonPoint/MyVPN/EPAClient/CitrixCAO.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil9e.exe
    AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-03-27 06:26
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(3008)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Dell Support Center\bin\sprtsvc.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    c:\windows\system32\dllhost.exe
    c:\windows\eHome\ehmsas.exe
    c:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe
    .
    **************************************************************************
    .
    Completion time: 2012-03-27 06:33:24 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-03-27 13:33
    .
    Pre-Run: 16,669,876,224 bytes free
    Post-Run: 17,173,045,248 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 4AB9B20E53DD85493ADA763C63D08381
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,693   +268

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\documents and settings\All Users\Application Data\CzJzkQK78iE2Hm.exe
    
    
    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:9090
    uInternet Settings,ProxyOverride = <local>;*.local
    
    Driver::
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000000
    "FirewallOverride"=dword:00000000
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000000
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  13. trisail86

    trisail86 TS Rookie Topic Starter Posts: 29

    Broni-

    I followed instructions. Pasted below or the Combofix results.

    Additional note: When the scan completed, I had a dialogue box appear titled "Windows - Application Error". The text in dialogue box said: instruction 0x00650064 referenced at memory at 0x00650064. The memory could not be "written".

    "Click on OK to terminate the program"
    "Click on CANCEL to debug the program"

    I selected OK and the lot.txt file from Combofix was on the screen. Pasted below (3parts due to length):

    ComboFix 12-03-26.04 - Doug 03/27/2012 20:26:27.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.427 [GMT -7:00]
    Running from: c:\documents and settings\Doug\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Doug\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    FILE ::
    "c:\documents and settings\All Users\Application Data\CzJzkQK78iE2Hm.exe"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Doug\Application Data\AdobeDLM.log
    c:\documents and settings\Doug\Desktop\System Check.lnk
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-28 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-27 20:09 . 2012-03-27 20:09 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8D3B44C6-D960-4196-9494-F2267D5E2FC1}\offreg.dll
    2012-03-27 19:35 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8D3B44C6-D960-4196-9494-F2267D5E2FC1}\mpengine.dll
    2012-03-27 19:35 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
    2012-03-27 06:48 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
    2012-03-27 06:47 . 2012-01-09 16:20 139784 ------w- c:\windows\system32\dllcache\rdpwd.sys
    2012-03-27 06:46 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
    2012-03-27 06:46 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
    2012-03-27 06:46 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
    2012-03-25 21:29 . 2012-03-25 21:29 -------- d-----w- c:\documents and settings\Doug\Application Data\Malwarebytes
    2012-03-25 21:28 . 2012-03-25 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-03-25 21:28 . 2011-12-10 22:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-25 21:28 . 2012-03-25 21:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-03-25 15:22 . 2012-03-25 15:22 361472 ----a-w- c:\documents and settings\All Users\Application Data\CzJzkQK78iE2Hm.exe
    2012-03-04 03:09 . 2012-03-04 03:09 -------- d-----w- c:\documents and settings\Doug\Application Data\ElevatedDiagnostics
    2012-02-28 21:07 . 2012-02-28 21:07 -------- d-----w- c:\documents and settings\All Users\Kodak
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-08 06:03 . 2010-07-12 17:43 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-02-03 09:22 . 2005-08-16 10:18 1860096 ----a-w- c:\windows\system32\win32k.sys
    2012-01-28 15:32 . 2012-01-15 01:44 10809376 ----a-w- c:\program files\Common Files\lpuninstall.exe
    2012-01-09 16:20 . 2005-08-16 10:37 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-03-27_13.26.15 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-05-14 03:17 . 2011-05-14 03:17 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920\vcomp.dll
    + 2011-05-14 02:45 . 2011-05-14 02:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll
    + 2011-05-14 02:45 . 2011-05-14 02:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll
    + 2011-05-14 02:45 . 2011-05-14 02:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll
    + 2011-05-14 02:45 . 2011-05-14 02:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll
    + 2011-05-14 02:45 . 2011-05-14 02:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll
    + 2011-05-14 02:45 . 2011-05-14 02:45 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
    + 2011-05-14 02:45 . 2011-05-14 02:45 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll
    + 2011-05-14 02:45 . 2011-05-14 02:45 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll
    + 2011-05-14 02:45 . 2011-05-14 02:45 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll
    + 2011-05-14 08:06 . 2011-05-14 08:06 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll
    + 2011-05-14 08:23 . 2011-05-14 08:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll
    + 2011-05-14 01:37 . 2011-05-14 01:37 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll
    + 2012-03-27 20:00 . 2012-03-27 20:00 16384 c:\windows\Temp\Perflib_Perfdata_22c.dat
    - 2007-01-29 08:58 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
    + 2007-01-29 08:58 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe
    + 2005-08-16 10:18 . 2012-03-27 19:57 73158 c:\windows\system32\perfc009.dat
    - 2005-08-16 10:18 . 2012-03-12 13:34 73158 c:\windows\system32\perfc009.dat
    + 2005-08-16 10:18 . 2011-11-18 12:35 60416 c:\windows\system32\packager.exe
    + 2005-08-16 10:18 . 2011-09-26 18:41 20480 c:\windows\system32\oleaccrc.dll
    - 2005-08-16 10:18 . 2011-02-22 23:06 66560 c:\windows\system32\mshtmled.dll
    + 2005-08-16 10:18 . 2011-12-17 19:46 66560 c:\windows\system32\mshtmled.dll
    - 2006-11-08 02:03 . 2011-02-22 23:06 55296 c:\windows\system32\msfeedsbs.dll
    + 2006-11-08 02:03 . 2011-12-17 19:46 55296 c:\windows\system32\msfeedsbs.dll
    - 2005-08-16 10:18 . 2008-04-14 00:11 23040 c:\windows\system32\mciseq.dll
    + 2005-08-16 10:18 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll
    + 2005-08-16 10:18 . 2011-12-17 19:46 43520 c:\windows\system32\licmgr10.dll
    - 2005-08-16 10:18 . 2011-02-22 23:06 43520 c:\windows\system32\licmgr10.dll
    - 2005-08-16 10:18 . 2011-02-22 23:06 25600 c:\windows\system32\jsproxy.dll
    + 2005-08-16 10:18 . 2011-12-17 19:46 25600 c:\windows\system32\jsproxy.dll
    + 2005-08-16 10:18 . 2011-07-08 14:02 10496 c:\windows\system32\drivers\ndistapi.sys
    - 2009-06-09 17:36 . 2011-02-22 23:06 12800 c:\windows\system32\dllcache\xpshims.dll
    + 2009-06-09 17:36 . 2011-12-17 19:46 12800 c:\windows\system32\dllcache\xpshims.dll
    + 2011-11-18 12:35 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe
    + 2011-09-26 18:41 . 2011-09-26 18:41 20480 c:\windows\system32\dllcache\oleaccrc.dll
    + 2006-05-10 05:25 . 2011-12-17 19:46 66560 c:\windows\system32\dllcache\mshtmled.dll
    - 2006-05-10 05:25 . 2011-02-22 23:06 66560 c:\windows\system32\dllcache\mshtmled.dll
    - 2007-05-09 11:46 . 2011-02-22 23:06 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    + 2007-05-09 11:46 . 2011-12-17 19:46 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    + 2011-10-14 14:47 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll
    + 2006-10-17 17:05 . 2011-12-17 19:46 43520 c:\windows\system32\dllcache\licmgr10.dll
    - 2006-10-17 17:05 . 2011-02-22 23:06 43520 c:\windows\system32\dllcache\licmgr10.dll
    - 2006-05-10 05:25 . 2011-02-22 23:06 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2006-05-10 05:25 . 2011-12-17 19:46 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2009-12-14 07:08 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll
    - 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
    + 2005-08-16 10:18 . 2011-10-28 05:31 33280 c:\windows\system32\csrsrv.dll
    - 2005-08-16 10:18 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll
    + 2011-12-25 10:49 . 2011-12-25 10:49 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
    - 2010-09-23 22:55 . 2010-09-23 22:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
    + 2011-12-25 18:07 . 2011-12-25 18:07 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
    + 2011-12-25 05:55 . 2011-12-25 05:55 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
    - 2010-09-23 09:26 . 2010-09-23 09:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
    + 2011-12-25 05:55 . 2011-12-25 05:55 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
    - 2010-09-23 09:26 . 2010-09-23 09:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
    + 2011-12-25 05:55 . 2011-12-25 05:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
    - 2010-09-23 09:26 . 2010-09-23 09:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
    - 2010-09-23 10:17 . 2010-09-23 10:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
    + 2011-12-25 06:49 . 2011-12-25 06:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
    - 2010-09-23 10:17 . 2010-09-23 10:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
    + 2011-12-25 06:49 . 2011-12-25 06:49 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
    - 2005-08-16 10:38 . 2009-06-24 05:01 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
    + 2005-08-16 10:38 . 2011-07-05 22:46 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
    + 2005-08-16 10:38 . 2011-07-05 22:46 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
    - 2005-08-16 10:38 . 2009-06-24 05:01 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
    + 2005-08-16 10:38 . 2011-07-06 16:57 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
    - 2005-08-16 10:38 . 2009-06-24 05:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
    + 2005-08-16 10:38 . 2011-07-06 16:57 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
    - 2005-08-16 10:38 . 2009-06-24 05:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
    + 2005-11-28 19:07 . 2012-03-27 19:44 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    - 2005-11-28 19:07 . 2011-04-14 20:36 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    + 2005-11-28 19:07 . 2012-03-27 19:44 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    - 2005-11-28 19:07 . 2011-04-14 20:36 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    + 2005-11-28 19:07 . 2012-03-27 19:44 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    - 2005-11-28 19:07 . 2011-04-14 20:36 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    - 2005-11-28 19:07 . 2011-04-14 20:36 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2005-11-28 19:07 . 2012-03-27 19:44 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2007-01-23 13:33 . 2012-03-27 19:45 23040 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    - 2007-01-23 13:33 . 2011-09-12 17:31 23040 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    - 2007-01-23 13:33 . 2011-09-12 17:31 61440 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
    + 2007-01-23 13:33 . 2012-03-27 19:45 61440 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
    - 2007-01-23 13:33 . 2011-09-12 17:31 27136 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    + 2007-01-23 13:33 . 2012-03-27 19:45 27136 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    - 2007-01-23 13:33 . 2011-09-12 17:31 11264 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    + 2007-01-23 13:33 . 2012-03-27 19:45 11264 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    - 2007-01-23 13:33 . 2011-09-12 17:31 12288 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2007-01-23 13:33 . 2012-03-27 19:45 12288 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2012-03-27 19:58 . 2012-03-27 19:58 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
    - 2011-04-14 20:24 . 2011-04-14 20:24 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
    + 2010-06-04 19:01 . 2012-03-27 19:12 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
    - 2010-06-04 19:01 . 2011-04-27 01:51 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
    + 2012-03-27 19:17 . 2011-02-22 23:06 12800 c:\windows\ie8updates\KB2647516-IE8\xpshims.dll
    + 2012-03-27 19:17 . 2011-02-22 23:06 66560 c:\windows\ie8updates\KB2647516-IE8\mshtmled.dll
    + 2012-03-27 19:17 . 2011-02-22 23:06 55296 c:\windows\ie8updates\KB2647516-IE8\msfeedsbs.dll
    + 2012-03-27 19:17 . 2011-02-22 23:06 43520 c:\windows\ie8updates\KB2647516-IE8\licmgr10.dll
    + 2012-03-27 19:17 . 2011-02-22 23:06 25600 c:\windows\ie8updates\KB2647516-IE8\jsproxy.dll
    + 2012-03-27 19:26 . 2012-03-27 19:26 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_3b0919fb\System.Drawing.Design.dll
    + 2012-03-27 19:26 . 2012-03-27 19:26 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_8e8d62de\CustomMarshalers.dll
    + 2012-03-27 19:06 . 2012-03-27 19:06 90112 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_fab8784e\System.Drawing.Design.dll
    + 2012-03-27 19:05 . 2012-03-27 19:05 61440 c:\windows\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_c17d2b71\CustomMarshalers.dll
    + 2012-03-27 19:48 . 2012-03-27 19:48 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\e945a5f391364545485d15af876ab830\UIAutomationProvider.ni.dll
    + 2012-03-27 20:05 . 2012-03-27 20:05 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll
    + 2012-03-27 20:42 . 2012-03-27 20:42 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\dab766b18e6fe0a8f53a93c56be7b40e\System.Windows.Presentation.ni.dll
    + 2012-03-27 20:42 . 2012-03-27 20:42 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\31b65443e56a470d199f293085576e05\System.Web.DynamicData.Design.ni.dll
    + 2012-03-27 20:20 . 2012-03-27 20:20 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\89dfd3999ad1d72c59243d7b4bf40d5a\System.ComponentModel.DataAnnotations.ni.dll
    + 2012-03-27 20:20 . 2012-03-27 20:20 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\e6a9cd66d11a21776dbf425e8e28099c\System.AddIn.Contract.ni.dll
    + 2012-03-27 20:07 . 2012-03-27 20:07 76288 c:\windows\assembly\NativeImages_v2.0.50727_32\ShellLib\2c294671377efe93f8b93a8fe97d5e9f\ShellLib.ni.dll
    + 2012-03-27 20:01 . 2012-03-27 20:01 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3aa4296d4aa01fe0533de2c15f818d5f\PresentationFontCache.ni.exe
    + 2012-03-27 20:01 . 2012-03-27 20:01 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\820acb71782d9cd006800b3ac7e1ca53\PresentationCFFRasterizer.ni.dll
    + 2012-03-27 20:07 . 2012-03-27 20:07 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\d07f0222f62dbed7898a6e2e909d407a\Microsoft.Vsa.ni.dll
    + 2012-03-27 20:07 . 2012-03-27 20:07 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\a140509b1342934fc5e58ae22ac9696c\Microsoft.VisualC.ni.dll
    + 2012-03-27 20:20 . 2012-03-27 20:20 30208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\9855d3fb15e6c63a811b1f0b66d78428\Microsoft.PowerShell.Commands.Utility.resources.ni.dll
    + 2012-03-27 20:20 . 2012-03-27 20:20 17408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7618f444d33b1311e952ba9285e4a4b2\Microsoft.PowerShell.Security.resources.ni.dll
    + 2012-03-27 20:19 . 2012-03-27 20:19 19456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\1b23e2c0707d81e7eb14f78552562635\Microsoft.PowerShell.Commands.Management.resources.ni.dll
    + 2012-03-27 20:20 . 2012-03-27 20:20 35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\05bbffbe100ede49139819641a41dfda\Microsoft.PowerShell.ConsoleHost.resources.ni.dll
    + 2012-03-27 20:19 . 2012-03-27 20:19 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\aefe683674c97a998f4e908c1a7ee7c6\Microsoft.Build.Framework.ni.dll
    + 2012-03-27 20:19 . 2012-03-27 20:19 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\845eef4d09f28da6ee05d99f93c90f6e\Microsoft.Build.Framework.ni.dll
    + 2012-03-27 20:17 . 2012-03-27 20:17 78336 c:\windows\assembly\NativeImages_v2.0.50727_32\Kodak.Statistics\02aa09ced8b279c347826607bf66597c\Kodak.Statistics.ni.exe
    + 2012-03-27 20:07 . 2012-03-27 20:07 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.WIA\090f7b3da7a35dd5188b36c7227e87a9\Interop.WIA.ni.dll
    + 2012-03-27 20:08 . 2012-03-27 20:08 98304 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.DeviceSettin#\ad3980c979042cbcf8963a0e82fad500\Inkjet.DeviceSettings.ni.dll
    + 2012-03-27 20:07 . 2012-03-27 20:07 80896 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Configuration\0664ade269ba04a1c292766bf6bdbfda\Inkjet.Configuration.ni.dll
    + 2012-03-27 20:08 . 2012-03-27 20:08 52736 c:\windows\assembly\NativeImages_v2.0.50727_32\HRIntp.Interop\6b1445ade5402931341badc27a3f8f69\HRIntp.Interop.ni.dll
    + 2012-03-27 20:08 . 2012-03-27 20:08 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\Helper\7bccba4baf707b00877da5797e50c6c6\Helper.ni.dll
    + 2012-03-27 20:19 . 2012-03-27 20:19 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\ab7ce2d94ca725c3889a4e3c1ee88ece\dfsvc.ni.exe
    + 2012-03-27 20:07 . 2012-03-27 20:07 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    - 2011-04-14 20:28 . 2011-04-14 20:28 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    - 2011-04-14 20:28 . 2011-04-14 20:28 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    - 2010-10-02 19:01 . 2010-10-02 19:01 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
    + 2012-03-27 19:25 . 2012-03-27 19:25 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    - 2005-08-16 10:38 . 2009-06-29 18:57 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
    + 2005-08-16 10:38 . 2011-07-13 01:05 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
    - 2005-11-28 19:07 . 2011-04-14 20:36 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    + 2005-11-28 19:07 . 2012-03-27 19:44 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    - 2007-01-23 13:33 . 2011-09-12 17:31 4096 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    + 2007-01-23 13:33 . 2012-03-27 19:45 4096 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    - 2011-04-14 20:27 . 2011-04-14 20:27 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2011-04-14 20:28 . 2011-04-14 20:28 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2011-05-14 08:17 . 2011-05-14 08:17 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
    + 2011-05-14 08:12 . 2011-05-14 08:12 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
    + 2011-05-14 08:11 . 2011-05-14 08:11 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll
    + 2005-08-16 10:18 . 2011-11-25 21:57 293376 c:\windows\system32\winsrv.dll
    - 2005-08-16 10:18 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll
    + 2005-08-16 10:18 . 2011-10-14 14:47 176128 c:\windows\system32\winmm.dll
    - 2005-08-16 10:18 . 2008-04-14 00:12 176128 c:\windows\system32\winmm.dll
    + 2005-08-16 10:18 . 2011-12-17 19:46 916992 c:\windows\system32\wininet.dll
    - 2005-08-16 10:18 . 2009-08-25 09:17 354816 c:\windows\system32\winhttp.dll
    + 2005-08-16 10:18 . 2011-11-16 14:21 354816 c:\windows\system32\winhttp.dll
    + 2005-08-16 10:18 . 2011-12-17 19:46 105984 c:\windows\system32\url.dll
    - 2005-08-16 10:18 . 2009-03-08 11:34 105984 c:\windows\system32\url.dll
    + 2008-07-30 03:59 . 2011-09-26 18:41 611328 c:\windows\system32\uiautomationcore.dll
    + 2005-08-16 10:18 . 2011-11-16 14:21 152064 c:\windows\system32\schannel.dll
    - 2005-08-16 10:18 . 2008-04-14 00:12 386048 c:\windows\system32\qdvd.dll
    + 2005-08-16 10:18 . 2011-11-03 15:28 386048 c:\windows\system32\qdvd.dll
    - 2005-08-16 10:18 . 2012-03-12 13:34 446144 c:\windows\system32\perfh009.dat
    + 2005-08-16 10:18 . 2012-03-27 19:57 446144 c:\windows\system32\perfh009.dat
    - 2005-08-16 10:18 . 2008-04-14 00:12 551936 c:\windows\system32\oleaut32.dll
    + 2005-08-16 10:18 . 2010-12-20 17:32 551936 c:\windows\system32\oleaut32.dll
    + 2005-08-16 10:18 . 2011-09-26 18:41 220160 c:\windows\system32\oleacc.dll
    + 2005-08-16 10:18 . 2011-12-17 19:46 206848 c:\windows\system32\occache.dll
    - 2005-08-16 10:18 . 2011-02-22 23:06 206848 c:\windows\system32\occache.dll
    + 2005-08-16 10:18 . 2011-12-17 19:46 611840 c:\windows\system32\mstime.dll
    - 2005-08-16 10:18 . 2011-02-22 23:06 611840 c:\windows\system32\mstime.dll
    + 2006-11-08 02:03 . 2011-12-17 19:46 602112 c:\windows\system32\msfeeds.dll
    - 2006-11-08 02:03 . 2011-02-22 23:06 602112 c:\windows\system32\msfeeds.dll
    - 2005-08-16 10:40 . 2011-03-07 05:33 692736 c:\windows\system32\inetcomm.dll
    + 2005-08-16 10:40 . 2011-10-10 14:22 692736 c:\windows\system32\inetcomm.dll
    + 2005-08-16 10:18 . 2011-12-17 19:46 184320 c:\windows\system32\iepeers.dll
    - 2005-08-16 10:18 . 2011-02-22 23:06 184320 c:\windows\system32\iepeers.dll
    + 2005-08-16 10:18 . 2011-12-17 19:46 387584 c:\windows\system32\iedkcs32.dll
    - 2005-08-16 10:18 . 2011-02-22 23:06 387584 c:\windows\system32\iedkcs32.dll
    + 2005-08-16 10:18 . 2011-12-16 12:23 174080 c:\windows\system32\ie4uinit.exe
    + 2005-08-16 10:27 . 2012-03-27 19:59 317952 c:\windows\system32\FNTCACHE.DAT
    - 2005-08-16 10:27 . 2011-10-28 14:13 317952 c:\windows\system32\FNTCACHE.DAT
    - 2005-08-16 10:18 . 2011-02-05 01:48 456192 c:\windows\system32\encdec.dll
    + 2005-08-16 10:18 . 2011-10-15 00:38 456192 c:\windows\system32\encdec.dll
    + 2005-08-16 10:18 . 2011-04-21 13:37 105472 c:\windows\system32\drivers\mup.sys
    + 2005-11-28 18:37 . 2011-07-15 13:29 456320 c:\windows\system32\drivers\mrxsmb.sys
    + 2010-03-26 04:30 . 2011-04-18 20:18 165648 c:\windows\system32\drivers\MpFilter.sys
    + 2005-08-16 10:18 . 2011-08-17 13:49 138496 c:\windows\system32\drivers\afd.sys
    - 2005-08-16 10:18 . 2008-10-16 14:43 138496 c:\windows\system32\drivers\afd.sys
    + 2010-06-18 17:45 . 2011-11-25 21:57 293376 c:\windows\system32\dllcache\winsrv.dll
    - 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
    + 2011-10-14 14:47 . 2011-10-14 14:47 176128 c:\windows\system32\dllcache\winmm.dll
    + 2006-05-10 05:25 . 2011-12-17 19:46 916992 c:\windows\system32\dllcache\wininet.dll
    - 2008-12-16 12:30 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
    + 2008-12-16 12:30 . 2011-11-16 14:21 354816 c:\windows\system32\dllcache\winhttp.dll
    + 2006-09-18 14:15 . 2011-04-30 03:01 758784 c:\windows\system32\dllcache\vgx.dll
    - 2006-10-17 17:05 . 2009-03-08 11:34 105984 c:\windows\system32\dllcache\url.dll
    + 2006-10-17 17:05 . 2011-12-17 19:46 105984 c:\windows\system32\dllcache\url.dll
    + 2008-12-05 06:54 . 2011-11-16 14:21 152064 c:\windows\system32\dllcache\schannel.dll
    + 2011-11-03 15:28 . 2011-11-03 15:28 386048 c:\windows\system32\dllcache\qdvd.dll
    + 2010-12-20 17:32 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll
    + 2011-09-26 18:41 . 2011-09-26 18:41 220160 c:\windows\system32\dllcache\oleacc.dll
    - 2006-10-17 17:04 . 2011-02-22 23:06 206848 c:\windows\system32\dllcache\occache.dll
    + 2006-10-17 17:04 . 2011-12-17 19:46 206848 c:\windows\system32\dllcache\occache.dll
    - 2006-05-10 05:25 . 2011-02-22 23:06 611840 c:\windows\system32\dllcache\mstime.dll
    + 2006-05-10 05:25 . 2011-12-17 19:46 611840 c:\windows\system32\dllcache\mstime.dll
    + 2007-05-09 11:46 . 2011-12-17 19:46 602112 c:\windows\system32\dllcache\msfeeds.dll
    - 2007-05-09 11:46 . 2011-02-22 23:06 602112 c:\windows\system32\dllcache\msfeeds.dll
    + 2008-11-12 10:46 . 2011-07-15 13:29 456320 c:\windows\system32\dllcache\mrxsmb.sys
    + 2008-08-15 19:16 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll
    - 2008-08-15 19:16 . 2011-03-07 05:33 692736 c:\windows\system32\dllcache\inetcomm.dll
    + 2009-06-09 17:36 . 2011-12-17 19:46 247808 c:\windows\system32\dllcache\ieproxy.dll
    - 2009-06-09 17:36 . 2011-02-22 23:06 247808 c:\windows\system32\dllcache\ieproxy.dll
    + 2006-05-10 05:25 . 2011-12-17 19:46 184320 c:\windows\system32\dllcache\iepeers.dll
    - 2006-05-10 05:25 . 2011-02-22 23:06 184320 c:\windows\system32\dllcache\iepeers.dll
    - 2010-06-11 01:43 . 2011-02-22 23:06 743424 c:\windows\system32\dllcache\iedvtool.dll
    + 2010-06-11 01:43 . 2011-12-17 19:46 743424 c:\windows\system32\dllcache\iedvtool.dll
    - 2006-11-07 08:27 . 2011-02-22 23:06 387584 c:\windows\system32\dllcache\iedkcs32.dll
    + 2006-11-07 08:27 . 2011-12-17 19:46 387584 c:\windows\system32\dllcache\iedkcs32.dll
    + 2006-11-07 08:26 . 2011-12-16 12:23 174080 c:\windows\system32\dllcache\ie4uinit.exe
    + 2011-02-05 01:48 . 2011-10-15 00:38 456192 c:\windows\system32\dllcache\encdec.dll
    - 2011-02-05 01:48 . 2011-02-05 01:48 456192 c:\windows\system32\dllcache\encdec.dll
    + 2011-09-28 07:06 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll
    + 2008-06-20 11:40 . 2011-08-17 13:49 138496 c:\windows\system32\dllcache\afd.sys
    - 2008-06-20 11:40 . 2008-10-16 14:43 138496 c:\windows\system32\dllcache\afd.sys
    + 2005-08-16 10:18 . 2011-09-28 07:06 599040 c:\windows\system32\crypt32.dll
    - 2005-08-16 10:18 . 2008-04-14 00:11 599040 c:\windows\system32\crypt32.dll
     
  14. trisail86

    trisail86 TS Rookie Topic Starter Posts: 29

    Broni-
    Re-transmission of same log file. I had trouble parsing the file so am starting over. In 3 parts:

    ComboFix 12-03-26.04 - Doug 03/27/2012 20:26:27.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.427 [GMT -7:00]
    Running from: c:\documents and settings\Doug\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Doug\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    FILE ::
    "c:\documents and settings\All Users\Application Data\CzJzkQK78iE2Hm.exe"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Doug\Application Data\AdobeDLM.log
    c:\documents and settings\Doug\Desktop\System Check.lnk
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-28 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-27 20:09 . 2012-03-27 20:09 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8D3B44C6-D960-4196-9494-F2267D5E2FC1}\offreg.dll
    2012-03-27 19:35 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8D3B44C6-D960-4196-9494-F2267D5E2FC1}\mpengine.dll
    2012-03-27 19:35 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
    2012-03-27 06:48 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
    2012-03-27 06:47 . 2012-01-09 16:20 139784 ------w- c:\windows\system32\dllcache\rdpwd.sys
    2012-03-27 06:46 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
    2012-03-27 06:46 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
    2012-03-27 06:46 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
    2012-03-25 21:29 . 2012-03-25 21:29 -------- d-----w- c:\documents and settings\Doug\Application Data\Malwarebytes
    2012-03-25 21:28 . 2012-03-25 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-03-25 21:28 . 2011-12-10 22:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-25 21:28 . 2012-03-25 21:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-03-25 15:22 . 2012-03-25 15:22 361472 ----a-w- c:\documents and settings\All Users\Application Data\CzJzkQK78iE2Hm.exe
    2012-03-04 03:09 . 2012-03-04 03:09 -------- d-----w- c:\documents and settings\Doug\Application Data\ElevatedDiagnostics
    2012-02-28 21:07 . 2012-02-28 21:07 -------- d-----w- c:\documents and settings\All Users\Kodak
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-08 06:03 . 2010-07-12 17:43 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-02-03 09:22 . 2005-08-16 10:18 1860096 ----a-w- c:\windows\system32\win32k.sys
    2012-01-28 15:32 . 2012-01-15 01:44 10809376 ----a-w- c:\program files\Common Files\lpuninstall.exe
    2012-01-09 16:20 . 2005-08-16 10:37 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-03-27_13.26.15 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-05-14 03:17 . 2011-05-14 03:17 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920\vcomp.dll
    + 2011-05-14 02:45 . 2011-05-14 02:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll
    + 2011-05-14 02:45 . 2011-05-14 02:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll
    + 2011-05-14 02:45 . 2011-05-14 02:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll
    + 2011-05-14 02:45 . 2011-05-14 02:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll
    + 2011-05-14 02:45 . 2011-05-14 02:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll
    + 2011-05-14 02:45 . 2011-05-14 02:45 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
    + 2011-05-14 02:45 . 2011-05-14 02:45 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll
    + 2011-05-14 02:45 . 2011-05-14 02:45 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll
    + 2011-05-14 02:45 . 2011-05-14 02:45 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll
    + 2011-05-14 08:06 . 2011-05-14 08:06 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll
    + 2011-05-14 08:23 . 2011-05-14 08:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll
    + 2011-05-14 01:37 . 2011-05-14 01:37 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll
    + 2012-03-27 20:00 . 2012-03-27 20:00 16384 c:\windows\Temp\Perflib_Perfdata_22c.dat
    - 2007-01-29 08:58 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
    + 2007-01-29 08:58 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe
    + 2005-08-16 10:18 . 2012-03-27 19:57 73158 c:\windows\system32\perfc009.dat
    - 2005-08-16 10:18 . 2012-03-12 13:34 73158 c:\windows\system32\perfc009.dat
    + 2005-08-16 10:18 . 2011-11-18 12:35 60416 c:\windows\system32\packager.exe
    + 2005-08-16 10:18 . 2011-09-26 18:41 20480 c:\windows\system32\oleaccrc.dll
    - 2005-08-16 10:18 . 2011-02-22 23:06 66560 c:\windows\system32\mshtmled.dll
    + 2005-08-16 10:18 . 2011-12-17 19:46 66560 c:\windows\system32\mshtmled.dll
    - 2006-11-08 02:03 . 2011-02-22 23:06 55296 c:\windows\system32\msfeedsbs.dll
    + 2006-11-08 02:03 . 2011-12-17 19:46 55296 c:\windows\system32\msfeedsbs.dll
    - 2005-08-16 10:18 . 2008-04-14 00:11 23040 c:\windows\system32\mciseq.dll
    + 2005-08-16 10:18 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll
     
  15. trisail86

    trisail86 TS Rookie Topic Starter Posts: 29

    Part 2


    + 2005-08-16 10:18 . 2011-12-17 19:46 43520 c:\windows\system32\licmgr10.dll
    - 2005-08-16 10:18 . 2011-02-22 23:06 43520 c:\windows\system32\licmgr10.dll
    - 2005-08-16 10:18 . 2011-02-22 23:06 25600 c:\windows\system32\jsproxy.dll
    + 2005-08-16 10:18 . 2011-12-17 19:46 25600 c:\windows\system32\jsproxy.dll
    + 2005-08-16 10:18 . 2011-07-08 14:02 10496 c:\windows\system32\drivers\ndistapi.sys
    - 2009-06-09 17:36 . 2011-02-22 23:06 12800 c:\windows\system32\dllcache\xpshims.dll
    + 2009-06-09 17:36 . 2011-12-17 19:46 12800 c:\windows\system32\dllcache\xpshims.dll
    + 2011-11-18 12:35 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe
    + 2011-09-26 18:41 . 2011-09-26 18:41 20480 c:\windows\system32\dllcache\oleaccrc.dll
    + 2006-05-10 05:25 . 2011-12-17 19:46 66560 c:\windows\system32\dllcache\mshtmled.dll
    - 2006-05-10 05:25 . 2011-02-22 23:06 66560 c:\windows\system32\dllcache\mshtmled.dll
    - 2007-05-09 11:46 . 2011-02-22 23:06 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    + 2007-05-09 11:46 . 2011-12-17 19:46 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    + 2011-10-14 14:47 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll
    + 2006-10-17 17:05 . 2011-12-17 19:46 43520 c:\windows\system32\dllcache\licmgr10.dll
    - 2006-10-17 17:05 . 2011-02-22 23:06 43520 c:\windows\system32\dllcache\licmgr10.dll
    - 2006-05-10 05:25 . 2011-02-22 23:06 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2006-05-10 05:25 . 2011-12-17 19:46 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2009-12-14 07:08 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll
    - 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
    + 2005-08-16 10:18 . 2011-10-28 05:31 33280 c:\windows\system32\csrsrv.dll
    - 2005-08-16 10:18 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll
    + 2011-12-25 10:49 . 2011-12-25 10:49 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
    - 2010-09-23 22:55 . 2010-09-23 22:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
    + 2011-12-25 18:07 . 2011-12-25 18:07 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
    + 2011-12-25 05:55 . 2011-12-25 05:55 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
    - 2010-09-23 09:26 . 2010-09-23 09:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
    + 2011-12-25 05:55 . 2011-12-25 05:55 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
    - 2010-09-23 09:26 . 2010-09-23 09:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
    + 2011-12-25 05:55 . 2011-12-25 05:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
    - 2010-09-23 09:26 . 2010-09-23 09:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
    - 2010-09-23 10:17 . 2010-09-23 10:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
    + 2011-12-25 06:49 . 2011-12-25 06:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
    - 2010-09-23 10:17 . 2010-09-23 10:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
    + 2011-12-25 06:49 . 2011-12-25 06:49 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
    - 2005-08-16 10:38 . 2009-06-24 05:01 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
    + 2005-08-16 10:38 . 2011-07-05 22:46 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
    + 2005-08-16 10:38 . 2011-07-05 22:46 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
    - 2005-08-16 10:38 . 2009-06-24 05:01 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
    + 2005-08-16 10:38 . 2011-07-06 16:57 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
    - 2005-08-16 10:38 . 2009-06-24 05:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
    + 2005-08-16 10:38 . 2011-07-06 16:57 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
    - 2005-08-16 10:38 . 2009-06-24 05:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
    + 2005-11-28 19:07 . 2012-03-27 19:44 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    - 2005-11-28 19:07 . 2011-04-14 20:36 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    + 2005-11-28 19:07 . 2012-03-27 19:44 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    - 2005-11-28 19:07 . 2011-04-14 20:36 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    + 2005-11-28 19:07 . 2012-03-27 19:44 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    - 2005-11-28 19:07 . 2011-04-14 20:36 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    - 2005-11-28 19:07 . 2011-04-14 20:36 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2005-11-28 19:07 . 2012-03-27 19:44 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2007-01-23 13:33 . 2012-03-27 19:45 23040 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    - 2007-01-23 13:33 . 2011-09-12 17:31 23040 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    - 2007-01-23 13:33 . 2011-09-12 17:31 61440 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
    + 2007-01-23 13:33 . 2012-03-27 19:45 61440 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
    - 2007-01-23 13:33 . 2011-09-12 17:31 27136 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    + 2007-01-23 13:33 . 2012-03-27 19:45 27136 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    - 2007-01-23 13:33 . 2011-09-12 17:31 11264 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    + 2007-01-23 13:33 . 2012-03-27 19:45 11264 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    - 2007-01-23 13:33 . 2011-09-12 17:31 12288 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2007-01-23 13:33 . 2012-03-27 19:45 12288 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2012-03-27 19:58 . 2012-03-27 19:58 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
    - 2011-04-14 20:24 . 2011-04-14 20:24 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
    + 2010-06-04 19:01 . 2012-03-27 19:12 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
    - 2010-06-04 19:01 . 2011-04-27 01:51 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
    + 2012-03-27 19:17 . 2011-02-22 23:06 12800 c:\windows\ie8updates\KB2647516-IE8\xpshims.dll
    + 2012-03-27 19:17 . 2011-02-22 23:06 66560 c:\windows\ie8updates\KB2647516-IE8\mshtmled.dll
    + 2012-03-27 19:17 . 2011-02-22 23:06 55296 c:\windows\ie8updates\KB2647516-IE8\msfeedsbs.dll
    + 2012-03-27 19:17 . 2011-02-22 23:06 43520 c:\windows\ie8updates\KB2647516-IE8\licmgr10.dll
    + 2012-03-27 19:17 . 2011-02-22 23:06 25600 c:\windows\ie8updates\KB2647516-IE8\jsproxy.dll
    + 2012-03-27 19:26 . 2012-03-27 19:26 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_3b0919fb\System.Drawing.Design.dll
    + 2012-03-27 19:26 . 2012-03-27 19:26 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_8e8d62de\CustomMarshalers.dll
    + 2012-03-27 19:06 . 2012-03-27 19:06 90112 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_fab8784e\System.Drawing.Design.dll
    + 2012-03-27 19:05 . 2012-03-27 19:05 61440 c:\windows\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_c17d2b71\CustomMarshalers.dll
    + 2012-03-27 19:48 . 2012-03-27 19:48 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\e945a5f391364545485d15af876ab830\UIAutomationProvider.ni.dll
    + 2012-03-27 20:05 . 2012-03-27 20:05 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll
    + 2012-03-27 20:42 . 2012-03-27 20:42 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\dab766b18e6fe0a8f53a93c56be7b40e\System.Windows.Presentation.ni.dll
    + 2012-03-27 20:42 . 2012-03-27 20:42 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\31b65443e56a470d199f293085576e05\System.Web.DynamicData.Design.ni.dll
    + 2012-03-27 20:20 . 2012-03-27 20:20 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\89dfd3999ad1d72c59243d7b4bf40d5a\System.ComponentModel.DataAnnotations.ni.dll
    + 2012-03-27 20:20 . 2012-03-27 20:20 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\e6a9cd66d11a21776dbf425e8e28099c\System.AddIn.Contract.ni.dll
    + 2012-03-27 20:07 . 2012-03-27 20:07 76288 c:\windows\assembly\NativeImages_v2.0.50727_32\ShellLib\2c294671377efe93f8b93a8fe97d5e9f\ShellLib.ni.dll
    + 2012-03-27 20:01 . 2012-03-27 20:01 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3aa4296d4aa01fe0533de2c15f818d5f\PresentationFontCache.ni.exe
    + 2012-03-27 20:01 . 2012-03-27 20:01 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\820acb71782d9cd006800b3ac7e1ca53\PresentationCFFRasterizer.ni.dll
    + 2012-03-27 20:07 . 2012-03-27 20:07 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\d07f0222f62dbed7898a6e2e909d407a\Microsoft.Vsa.ni.dll
    + 2012-03-27 20:07 . 2012-03-27 20:07 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\a140509b1342934fc5e58ae22ac9696c\Microsoft.VisualC.ni.dll
    + 2012-03-27 20:20 . 2012-03-27 20:20 30208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\9855d3fb15e6c63a811b1f0b66d78428\Microsoft.PowerShell.Commands.Utility.resources.ni.dll
    + 2012-03-27 20:20 . 2012-03-27 20:20 17408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7618f444d33b1311e952ba9285e4a4b2\Microsoft.PowerShell.Security.resources.ni.dll
    + 2012-03-27 20:19 . 2012-03-27 20:19 19456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\1b23e2c0707d81e7eb14f78552562635\Microsoft.PowerShell.Commands.Management.resources.ni.dll
    + 2012-03-27 20:20 . 2012-03-27 20:20 35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\05bbffbe100ede49139819641a41dfda\Microsoft.PowerShell.ConsoleHost.resources.ni.dll
    + 2012-03-27 20:19 . 2012-03-27 20:19 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\aefe683674c97a998f4e908c1a7ee7c6\Microsoft.Build.Framework.ni.dll
    + 2012-03-27 20:19 . 2012-03-27 20:19 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\845eef4d09f28da6ee05d99f93c90f6e\Microsoft.Build.Framework.ni.dll
    + 2012-03-27 20:17 . 2012-03-27 20:17 78336 c:\windows\assembly\NativeImages_v2.0.50727_32\Kodak.Statistics\02aa09ced8b279c347826607bf66597c\Kodak.Statistics.ni.exe
    + 2012-03-27 20:07 . 2012-03-27 20:07 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.WIA\090f7b3da7a35dd5188b36c7227e87a9\Interop.WIA.ni.dll
    + 2012-03-27 20:08 . 2012-03-27 20:08 98304 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.DeviceSettin#\ad3980c979042cbcf8963a0e82fad500\Inkjet.DeviceSettings.ni.dll
    + 2012-03-27 20:07 . 2012-03-27 20:07 80896 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Configuration\0664ade269ba04a1c292766bf6bdbfda\Inkjet.Configuration.ni.dll
    + 2012-03-27 20:08 . 2012-03-27 20:08 52736 c:\windows\assembly\NativeImages_v2.0.50727_32\HRIntp.Interop\6b1445ade5402931341badc27a3f8f69\HRIntp.Interop.ni.dll
    + 2012-03-27 20:08 . 2012-03-27 20:08 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\Helper\7bccba4baf707b00877da5797e50c6c6\Helper.ni.dll
    + 2012-03-27 20:19 . 2012-03-27 20:19 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\ab7ce2d94ca725c3889a4e3c1ee88ece\dfsvc.ni.exe
    + 2012-03-27 20:07 . 2012-03-27 20:07 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    - 2011-04-14 20:28 . 2011-04-14 20:28 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    - 2011-04-14 20:28 . 2011-04-14 20:28 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    - 2010-10-02 19:01 . 2010-10-02 19:01 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
    + 2012-03-27 19:25 . 2012-03-27 19:25 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    - 2005-08-16 10:38 . 2009-06-29 18:57 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
    + 2005-08-16 10:38 . 2011-07-13 01:05 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
    - 2005-11-28 19:07 . 2011-04-14 20:36 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    + 2005-11-28 19:07 . 2012-03-27 19:44 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    - 2007-01-23 13:33 . 2011-09-12 17:31 4096 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    + 2007-01-23 13:33 . 2012-03-27 19:45 4096 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    - 2011-04-14 20:27 . 2011-04-14 20:27 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2011-04-14 20:28 . 2011-04-14 20:28 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2011-05-14 08:17 . 2011-05-14 08:17 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
    + 2011-05-14 08:12 . 2011-05-14 08:12 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
    + 2011-05-14 08:11 . 2011-05-14 08:11 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll
    + 2005-08-16 10:18 . 2011-11-25 21:57 293376 c:\windows\system32\winsrv.dll
    - 2005-08-16 10:18 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll
    + 2005-08-16 10:18 . 2011-10-14 14:47 176128 c:\windows\system32\winmm.dll
    - 2005-08-16 10:18 . 2008-04-14 00:12 176128 c:\windows\system32\winmm.dll
    + 2005-08-16 10:18 . 2011-12-17 19:46 916992 c:\windows\system32\wininet.dll
    - 2005-08-16 10:18 . 2009-08-25 09:17 354816 c:\windows\system32\winhttp.dll
    + 2005-08-16 10:18 . 2011-11-16 14:21 354816 c:\windows\system32\winhttp.dll
    + 2005-08-16 10:18 . 2011-12-17 19:46 105984 c:\windows\system32\url.dll
    - 2005-08-16 10:18 . 2009-03-08 11:34 105984 c:\windows\system32\url.dll
    + 2008-07-30 03:59 . 2011-09-26 18:41 611328 c:\windows\system32\uiautomationcore.dll
    + 2005-08-16 10:18 . 2011-11-16 14:21 152064 c:\windows\system32\schannel.dll
    - 2005-08-16 10:18 . 2008-04-14 00:12 386048 c:\windows\system32\qdvd.dll
    + 2005-08-16 10:18 . 2011-11-03 15:28 386048 c:\windows\system32\qdvd.dll
    - 2005-08-16 10:18 . 2012-03-12 13:34 446144 c:\windows\system32\perfh009.dat
    + 2005-08-16 10:18 . 2012-03-27 19:57 446144 c:\windows\system32\perfh009.dat
    - 2005-08-16 10:18 . 2008-04-14 00:12 551936 c:\windows\system32\oleaut32.dll
    + 2005-08-16 10:18 . 2010-12-20 17:32 551936 c:\windows\system32\oleaut32.dll
    + 2005-08-16 10:18 . 2011-09-26 18:41 220160 c:\windows\system32\oleacc.dll
    + 2005-08-16 10:18 . 2011-12-17 19:46 206848 c:\windows\system32\occache.dll
    - 2005-08-16 10:18 . 2011-02-22 23:06 206848 c:\windows\system32\occache.dll
    + 2005-08-16 10:18 . 2011-12-17 19:46 611840 c:\windows\system32\mstime.dll
    - 2005-08-16 10:18 . 2011-02-22 23:06 611840 c:\windows\system32\mstime.dll
    + 2006-11-08 02:03 . 2011-12-17 19:46 602112 c:\windows\system32\msfeeds.dll
    - 2006-11-08 02:03 . 2011-02-22 23:06 602112 c:\windows\system32\msfeeds.dll
    - 2005-08-16 10:40 . 2011-03-07 05:33 692736 c:\windows\system32\inetcomm.dll
    + 2005-08-16 10:40 . 2011-10-10 14:22 692736 c:\windows\system32\inetcomm.dll
    + 2005-08-16 10:18 . 2011-12-17 19:46 184320 c:\windows\system32\iepeers.dll
    - 2005-08-16 10:18 . 2011-02-22 23:06 184320 c:\windows\system32\iepeers.dll
    + 2005-08-16 10:18 . 2011-12-17 19:46 387584 c:\windows\system32\iedkcs32.dll
    - 2005-08-16 10:18 . 2011-02-22 23:06 387584 c:\windows\system32\iedkcs32.dll
    + 2005-08-16 10:18 . 2011-12-16 12:23 174080 c:\windows\system32\ie4uinit.exe
    + 2005-08-16 10:27 . 2012-03-27 19:59 317952 c:\windows\system32\FNTCACHE.DAT
    - 2005-08-16 10:27 . 2011-10-28 14:13 317952 c:\windows\system32\FNTCACHE.DAT
    - 2005-08-16 10:18 . 2011-02-05 01:48 456192 c:\windows\system32\encdec.dll
    + 2005-08-16 10:18 . 2011-10-15 00:38 456192 c:\windows\system32\encdec.dll
    + 2005-08-16 10:18 . 2011-04-21 13:37 105472 c:\windows\system32\drivers\mup.sys
    + 2005-11-28 18:37 . 2011-07-15 13:29 456320 c:\windows\system32\drivers\mrxsmb.sys
    + 2010-03-26 04:30 . 2011-04-18 20:18 165648 c:\windows\system32\drivers\MpFilter.sys
    + 2005-08-16 10:18 . 2011-08-17 13:49 138496 c:\windows\system32\drivers\afd.sys
    - 2005-08-16 10:18 . 2008-10-16 14:43 138496 c:\windows\system32\drivers\afd.sys
    + 2010-06-18 17:45 . 2011-11-25 21:57 293376 c:\windows\system32\dllcache\winsrv.dll
    - 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
    + 2011-10-14 14:47 . 2011-10-14 14:47 176128 c:\windows\system32\dllcache\winmm.dll
    + 2006-05-10 05:25 . 2011-12-17 19:46 916992 c:\windows\system32\dllcache\wininet.dll
    - 2008-12-16 12:30 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
    + 2008-12-16 12:30 . 2011-11-16 14:21 354816 c:\windows\system32\dllcache\winhttp.dll
    + 2006-09-18 14:15 . 2011-04-30 03:01 758784 c:\windows\system32\dllcache\vgx.dll
    - 2006-10-17 17:05 . 2009-03-08 11:34 105984 c:\windows\system32\dllcache\url.dll
    + 2006-10-17 17:05 . 2011-12-17 19:46 105984 c:\windows\system32\dllcache\url.dll
    + 2008-12-05 06:54 . 2011-11-16 14:21 152064 c:\windows\system32\dllcache\schannel.dll
    + 2011-11-03 15:28 . 2011-11-03 15:28 386048 c:\windows\system32\dllcache\qdvd.dll
    + 2010-12-20 17:32 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll
    + 2011-09-26 18:41 . 2011-09-26 18:41 220160 c:\windows\system32\dllcache\oleacc.dll
    - 2006-10-17 17:04 . 2011-02-22 23:06 206848 c:\windows\system32\dllcache\occache.dll
    + 2006-10-17 17:04 . 2011-12-17 19:46 206848 c:\windows\system32\dllcache\occache.dll
    - 2006-05-10 05:25 . 2011-02-22 23:06 611840 c:\windows\system32\dllcache\mstime.dll
    + 2006-05-10 05:25 . 2011-12-17 19:46 611840 c:\windows\system32\dllcache\mstime.dll
    + 2007-05-09 11:46 . 2011-12-17 19:46 602112 c:\windows\system32\dllcache\msfeeds.dll
    - 2007-05-09 11:46 . 2011-02-22 23:06 602112 c:\windows\system32\dllcache\msfeeds.dll
    + 2008-11-12 10:46 . 2011-07-15 13:29 456320 c:\windows\system32\dllcache\mrxsmb.sys
    + 2008-08-15 19:16 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll
    - 2008-08-15 19:16 . 2011-03-07 05:33 692736 c:\windows\system32\dllcache\inetcomm.dll
    + 2009-06-09 17:36 . 2011-12-17 19:46 247808 c:\windows\system32\dllcache\ieproxy.dll
    - 2009-06-09 17:36 . 2011-02-22 23:06 247808 c:\windows\system32\dllcache\ieproxy.dll
    + 2006-05-10 05:25 . 2011-12-17 19:46 184320 c:\windows\system32\dllcache\iepeers.dll
    - 2006-05-10 05:25 . 2011-02-22 23:06 184320 c:\windows\system32\dllcache\iepeers.dll
    - 2010-06-11 01:43 . 2011-02-22 23:06 743424 c:\windows\system32\dllcache\iedvtool.dll
    + 2010-06-11 01:43 . 2011-12-17 19:46 743424 c:\windows\system32\dllcache\iedvtool.dll
    - 2006-11-07 08:27 . 2011-02-22 23:06 387584 c:\windows\system32\dllcache\iedkcs32.dll
    + 2006-11-07 08:27 . 2011-12-17 19:46 387584 c:\windows\system32\dllcache\iedkcs32.dll
    + 2006-11-07 08:26 . 2011-12-16 12:23 174080 c:\windows\system32\dllcache\ie4uinit.exe
    + 2011-02-05 01:48 . 2011-10-15 00:38 456192 c:\windows\system32\dllcache\encdec.dll
    - 2011-02-05 01:48 . 2011-02-05 01:48 456192 c:\windows\system32\dllcache\encdec.dll
    + 2011-09-28 07:06 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll
    + 2008-06-20 11:40 . 2011-08-17 13:49 138496 c:\windows\system32\dllcache\afd.sys
    - 2008-06-20 11:40 . 2008-10-16 14:43 138496 c:\windows\system32\dllcache\afd.sys
    + 2005-08-16 10:18 . 2011-09-28 07:06 599040 c:\windows\system32\crypt32.dll
    - 2005-08-16 10:18 . 2008-04-14 00:11 599040 c:\windows\system32\crypt32.dll
    + 2011-12-25 10:49 . 2011-12-25 10:49 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
    + 2011-07-07 12:18 . 2011-07-07 12:18 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
    - 2011-01-18 11:39 . 2011-01-18 11:39 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
    - 2011-01-18 11:39 . 2011-01-18 11:39 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
    + 2011-03-25 13:15 . 2011-03-25 13:15 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
    - 2011-01-18 11:39 . 2011-01-18 11:39 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
    + 2011-07-07 12:18 . 2011-07-07 12:18 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
    + 2011-12-25 05:55 . 2011-12-25 05:55 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
    - 2010-09-23 09:26 . 2010-09-23 09:26 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
    + 2011-12-25 05:53 . 2011-12-25 05:53 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
    - 2010-09-23 09:25 . 2010-09-23 09:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
    - 2010-09-23 10:17 . 2010-09-23 10:17 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
    + 2011-12-25 06:49 . 2011-12-25 06:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
    - 2005-08-16 10:38 . 2009-06-24 04:59 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
    + 2005-08-16 10:38 . 2011-07-05 22:44 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
    - 2005-08-16 10:38 . 2009-06-24 05:12 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
    + 2005-08-16 10:38 . 2011-07-06 16:57 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
    + 2012-03-27 19:35 . 2012-03-27 19:35 785920 c:\windows\Installer\1199f6d.msi
    + 2012-03-27 19:34 . 2012-03-27 19:34 483840 c:\windows\Installer\1199f4e.msi
    + 2012-03-27 19:34 . 2012-03-27 19:34 301056 c:\windows\Installer\1199f46.msi
    + 2011-12-25 12:40 . 2011-12-25 12:40 819200 c:\windows\Installer\1199f3f.msp
    + 2012-03-27 19:08 . 2012-03-27 19:08 467456 c:\windows\Installer\1199e4c.msi
    + 2005-11-28 19:07 . 2012-03-27 19:44 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    - 2005-11-28 19:07 . 2011-04-14 20:36 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    + 2005-11-28 19:07 . 2012-03-27 19:44 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    - 2005-11-28 19:07 . 2011-04-14 20:36 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    - 2005-11-28 19:07 . 2011-04-14 20:36 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
    + 2005-11-28 19:07 . 2012-03-27 19:44 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
    - 2005-11-28 19:07 . 2011-04-14 20:36 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
    + 2005-11-28 19:07 . 2012-03-27 19:44 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
    + 2007-01-23 13:33 . 2012-03-27 19:45 409600 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    - 2007-01-23 13:33 . 2011-09-12 17:31 409600 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    - 2007-01-23 13:33 . 2011-09-12 17:31 286720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    + 2007-01-23 13:33 . 2012-03-27 19:45 286720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    - 2007-01-23 13:33 . 2011-09-12 17:31 249856 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
    + 2007-01-23 13:33 . 2012-03-27 19:45 249856 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
    - 2007-01-23 13:33 . 2011-09-12 17:31 794624 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
    + 2007-01-23 13:33 . 2012-03-27 19:45 794624 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
    - 2007-01-23 13:33 . 2011-09-12 17:31 135168 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe
    + 2007-01-23 13:33 . 2012-03-27 19:45 135168 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2007-01-23 13:33 . 2011-09-12 17:31 593920 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
    + 2007-01-23 13:33 . 2012-03-27 19:45 593920 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
    + 2012-03-27 19:17 . 2011-02-22 23:06 916480 c:\windows\ie8updates\KB2647516-IE8\wininet.dll
    + 2012-03-27 19:17 . 2009-03-08 11:34 105984 c:\windows\ie8updates\KB2647516-IE8\url.dll
    + 2012-03-27 19:17 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2647516-IE8\spuninst\updspapi.dll
    + 2012-03-27 19:17 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2647516-IE8\spuninst\spuninst.exe
    + 2012-03-27 19:17 . 2011-02-22 23:06 206848 c:\windows\ie8updates\KB2647516-IE8\occache.dll
    + 2012-03-27 19:17 . 2011-02-22 23:06 611840 c:\windows\ie8updates\KB2647516-IE8\mstime.dll
    + 2012-03-27 19:17 . 2011-02-22 23:06 602112 c:\windows\ie8updates\KB2647516-IE8\msfeeds.dll
    + 2012-03-27 19:17 . 2011-02-22 23:06 247808 c:\windows\ie8updates\KB2647516-IE8\ieproxy.dll
    + 2012-03-27 19:17 . 2011-02-22 23:06 184320 c:\windows\ie8updates\KB2647516-IE8\iepeers.dll
    + 2012-03-27 19:17 . 2011-02-22 23:06 743424 c:\windows\ie8updates\KB2647516-IE8\iedvtool.dll
    + 2012-03-27 19:17 . 2011-02-22 23:06 387584 c:\windows\ie8updates\KB2647516-IE8\iedkcs32.dll
    + 2012-03-27 19:17 . 2011-02-18 11:49 173568 c:\windows\ie8updates\KB2647516-IE8\ie4uinit.exe
    + 2012-03-27 19:05 . 2009-03-08 11:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll
    + 2012-03-27 19:05 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll
    + 2012-03-27 19:05 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
    + 2005-08-05 19:06 . 2011-11-02 16:25 107008 c:\windows\ehome\mstvcapn.dll
    + 2008-11-12 10:46 . 2011-07-15 13:29 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
    + 2012-02-28 21:08 . 2012-02-28 21:08 771584 c:\windows\assembly\temp\2OJ90DBFJF\System.Runtime.Remoting.ni.dll
    + 2012-03-27 19:26 . 2012-03-27 19:26 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_729ffafc\System.Drawing.dll
    + 2012-03-27 19:27 . 2012-03-27 19:27 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_b0fe9bbb\System.Drawing.Design.dll
    + 2012-03-27 19:27 . 2012-03-27 19:27 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_e1183811\CustomMarshalers.dll
    + 2012-03-27 19:06 . 2012-03-27 19:06 847872 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_fe1ab459\System.Drawing.dll
    + 2012-03-27 20:19 . 2012-03-27 20:19 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\edc5691acfb65ac37f49de2ec497083a\WsatConfig.ni.exe
    + 2012-03-27 20:05 . 2012-03-27 20:05 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\4ad8369d6a60765d7e9b43cdf9023f41\WindowsFormsIntegration.ni.dll
    + 2012-03-27 20:08 . 2012-03-27 20:08 308736 c:\windows\assembly\NativeImages_v2.0.50727_32\Windows7.DesktopInt#\edc6cf20aeebff7e245749f50b4085a8\Windows7.DesktopIntegration.ni.dll
    + 2012-03-27 20:08 . 2012-03-27 20:08 643584 c:\windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\bdc241f475c6b2a3e9a9e79ae888a245\VistaBridgeLibrary.ni.dll
    + 2012-03-27 20:05 . 2012-03-27 20:05 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f102afdffdbe2565bcedb7fa0626b865\UIAutomationTypes.ni.dll
    + 2012-03-27 19:48 . 2012-03-27 19:48 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\9da95d4a319b7271d1f05f61f4b744d6\UIAutomationTypes.ni.dll
    + 2012-03-27 20:05 . 2012-03-27 20:05 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\68f4157e570c77df653057c0583395bd\UIAutomationClient.ni.dll
    + 2012-03-27 20:43 . 2012-03-27 20:43 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c2a12bd4056b44f8005a7eb3af161e6a\System.Xml.Linq.ni.dll
    + 2012-03-27 20:42 . 2012-03-27 20:42 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\fc63b434b2f253cd27625487f7b02ac0\System.Web.Routing.ni.dll
    + 2012-03-27 20:08 . 2012-03-27 20:08 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\67877f896b2b0e42286e838fe307f3fd\System.Web.RegularExpressions.ni.dll
    + 2012-03-27 20:42 . 2012-03-27 20:42 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\86650d4fb220f94f25bb5da42a03d454\System.Web.Extensions.Design.ni.dll
    + 2012-03-27 20:42 . 2012-03-27 20:42 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\654465871e547e131668874de7c60b8c\System.Web.Entity.ni.dll
    + 2012-03-27 20:42 . 2012-03-27 20:42 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f0d6895f6e709d425cb5da6053c603d2\System.Web.Entity.Design.ni.dll
    + 2012-03-27 20:42 . 2012-03-27 20:42 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3f3b7dc7208e302e39a2dfb5b2cb953b\System.Web.DynamicData.ni.dll
    + 2012-03-27 20:42 . 2012-03-27 20:42 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\e9cddd213343f15d611b14620d649bb0\System.Web.Abstractions.ni.dll
    + 2012-03-27 20:07 . 2012-03-27 20:07 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f25d114cb629d1f512f98883c6535a75\System.Transactions.ni.dll
    + 2012-03-27 20:07 . 2012-03-27 20:07 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
    + 2012-03-27 20:07 . 2012-03-27 20:07 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\5fb9981f4147b537b53be9d58bf4e9b4\System.Security.ni.dll
    + 2012-03-27 20:07 . 2012-03-27 20:07 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1335dd98ce5ce22ad1f51cc274ca5a1d\System.Runtime.Serialization.Formatters.Soap.ni.dll
    + 2012-03-27 20:07 . 2012-03-27 20:07 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c14e58265386feb509cc61bb5e8dd296\System.Runtime.Remoting.ni.dll
    + 2012-03-27 20:41 . 2012-03-27 20:41 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\a4b2b1ee81acd843970d9a81b281f1c1\System.Net.ni.dll
     
  16. trisail86

    trisail86 TS Rookie Topic Starter Posts: 29

    Part 3


    + 2012-03-27 20:07 . 2012-03-27 20:07 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
    + 2012-03-27 20:41 . 2012-03-27 20:41 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e3436edde657a5111d39d5b2eecf9715\System.Management.Instrumentation.ni.dll
    + 2012-03-27 20:41 . 2012-03-27 20:41 160256 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\5d6a0e02b8e1cff94d07d2507667edc7\System.Management.Automation.resources.ni.dll
    + 2012-03-27 20:18 . 2012-03-27 20:18 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\974ded7dd3bca225a1b90de778846c78\System.IO.Log.ni.dll
    + 2012-03-27 20:18 . 2012-03-27 20:18 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\01eba24390736a59c39becd825b5756e\System.IdentityModel.Selectors.ni.dll
    + 2012-03-27 20:07 . 2012-03-27 20:07 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.Wrapper.dll
    + 2012-03-27 20:07 . 2012-03-27 20:07 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.ni.dll
    + 2012-03-27 20:04 . 2012-03-27 20:04 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\e9ae7ae6d1e9edc7aaf819889cd1c692\System.Drawing.Design.ni.dll
    + 2012-03-27 20:08 . 2012-03-27 20:08 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\78a370dc153011708dd9e4cb0e606bfc\System.DirectoryServices.Protocols.ni.dll
    + 2012-03-27 20:41 . 2012-03-27 20:41 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\6e644fc7464d9fe23fc9cd6001296f2f\System.DirectoryServices.AccountManagement.ni.dll
    + 2012-03-27 20:40 . 2012-03-27 20:40 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\bac39be66bb9f987c1948b766833f8e6\System.Data.Services.Client.ni.dll
    + 2012-03-27 20:40 . 2012-03-27 20:40 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\2b5ecd231320e57010043c408783d80b\System.Data.Services.Design.ni.dll
    + 2012-03-27 20:40 . 2012-03-27 20:40 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\4ac9ac2326720485aefd4d79d2024945\System.Data.Entity.Design.ni.dll
    + 2012-03-27 20:20 . 2012-03-27 20:20 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\d504d550fd0a6994fcb1466ea7be92af\System.Data.DataSetExtensions.ni.dll
    + 2012-03-27 20:07 . 2012-03-27 20:07 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
    + 2012-03-27 20:07 . 2012-03-27 20:07 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\28637135c6939e74450bbbf110b12643\System.Configuration.Install.ni.dll
    + 2012-03-27 20:20 . 2012-03-27 20:20 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\958b5c0114d664ab5ba72575c301e2ea\System.AddIn.ni.dll
    + 2012-03-27 20:19 . 2012-03-27 20:19 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\4dcff3b0e79fc27e31549bb2af00efb5\SMSvcHost.ni.exe
    + 2012-03-27 20:19 . 2012-03-27 20:19 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\bd3bfd5b6ef659dac4d6cccb34577d33\SMDiagnostics.ni.dll
    + 2012-03-27 20:19 . 2012-03-27 20:19 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\edec83be646eb52204c991371751a428\ServiceModelReg.ni.exe
    + 2012-03-27 20:02 . 2012-03-27 20:02 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\52015457bc28e7a9a563d9eab8ab0015\PresentationFramework.Royale.ni.dll
    + 2012-03-27 20:02 . 2012-03-27 20:02 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\46a680814559114706a33282e9df4b7a\PresentationFramework.Classic.ni.dll
    + 2012-03-27 19:55 . 2012-03-27 19:55 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\447392b739fcc0dd9bf43d38ed157799\PresentationFramework.Classic.ni.dll
    + 2012-03-27 19:55 . 2012-03-27 19:55 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3d11f3e778bdb89425a689c18afb1041\PresentationFramework.Aero.ni.dll
    + 2012-03-27 19:55 . 2012-03-27 19:55 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2c273f5d4639fe3a367d224afea4c9e3\PresentationFramework.Luna.ni.dll
    + 2012-03-27 20:02 . 2012-03-27 20:02 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2713754549b1114c9152d33efe5f72c7\PresentationFramework.Aero.ni.dll
    + 2012-03-27 20:02 . 2012-03-27 20:02 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1552f18ca434c1dca6d082df476d089a\PresentationFramework.Luna.ni.dll
    + 2012-03-27 19:55 . 2012-03-27 19:55 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\04a3aea7cd8f46069bfa3e94fc0c3306\PresentationFramework.Royale.ni.dll
    + 2012-03-27 20:17 . 2012-03-27 20:17 170496 c:\windows\assembly\NativeImages_v2.0.50727_32\PhotobucketNet\4d7328198cbf7675cc9c95e0e35b3a08\PhotobucketNet.ni.dll
    + 2012-03-27 20:19 . 2012-03-27 20:19 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7c51497b188c82e2ccbe6315549ce023\MSBuild.ni.exe
    + 2012-03-27 20:19 . 2012-03-27 20:19 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f0f6dd614d294295c5d8386cc4192034\Microsoft.Transactions.Bridge.Dtc.ni.dll
    + 2012-03-27 20:20 . 2012-03-27 20:20 148480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\fb938a1d399e2cfca2304bdca4fe76dc\Microsoft.PowerShell.Security.ni.dll
    + 2012-03-27 20:20 . 2012-03-27 20:20 968192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\a03adbb7c3084d986da6e22dcce9805f\Microsoft.PowerShell.Commands.Utility.ni.dll
    + 2012-03-27 20:19 . 2012-03-27 20:19 433664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\8a25afef0d57ac430ba392595eba639f\Microsoft.PowerShell.Commands.Management.ni.dll
    + 2012-03-27 20:20 . 2012-03-27 20:20 492032 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\875af0c2a5e8a4bed88232b6f445cfaa\Microsoft.PowerShell.ConsoleHost.ni.dll
    + 2012-03-27 20:19 . 2012-03-27 20:19 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\fd1338828beec8737fed8f50f4fcc567\Microsoft.Build.Utilities.ni.dll
    + 2012-03-27 20:19 . 2012-03-27 20:19 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\0d5f999c4b7e51151548c37c676c1b8e\Microsoft.Build.Utilities.v3.5.ni.dll
    + 2012-03-27 20:19 . 2012-03-27 20:19 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\792168ce8fe03a3db43e12cf736cf91e\Microsoft.Build.Engine.ni.dll
    + 2012-03-27 20:19 . 2012-03-27 20:19 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\0a5277c34ddc1f55df1defb4231e814f\Microsoft.Build.Conversion.v3.5.ni.dll
    + 2012-03-27 20:08 . 2012-03-27 20:08 154624 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Windows\5affcb6397878456909e4146bde1852e\Inkjet.Windows.ni.dll
    + 2012-03-27 20:07 . 2012-03-27 20:07 283648 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Utilities\df0efdea1a90f47a74bdef0e44b03ca1\Inkjet.Utilities.ni.dll
    + 2012-03-27 20:18 . 2012-03-27 20:18 282624 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Utilities\1fedbfd38c19aaed497c6074f8ac8b49\Inkjet.Utilities.ni.dll
    + 2012-03-27 20:17 . 2012-03-27 20:17 138752 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Tray\b7e72140c977239ce82d5efa6898fd29\Inkjet.Tray.ni.dll
    + 2012-03-27 20:08 . 2012-03-27 20:08 977920 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Tools\eca871d2aa81d584f40f809c76ccca32\Inkjet.Tools.ni.dll
    + 2012-03-27 20:07 . 2012-03-27 20:07 180736 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Statistics\1e8aad9950f2993546a3be08455d86f0\Inkjet.Statistics.ni.dll
    + 2012-03-27 20:08 . 2012-03-27 20:08 378368 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Scanning\8d7de40c77dd12fa74038fa9fc82542f\Inkjet.Scanning.ni.dll
    + 2012-03-27 20:08 . 2012-03-27 20:08 567296 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Scan\2961364d4cf78c3bf20520dd3a08495c\Inkjet.Scan.ni.dll
    + 2012-03-27 20:08 . 2012-03-27 20:08 343040 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Printing\045776e2394659abee311416a741d45b\Inkjet.Printing.ni.dll
    + 2012-03-27 20:17 . 2012-03-27 20:17 299008 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Picasa\4c96838385b24db595674bdd5df8202b\Inkjet.Picasa.ni.dll
    + 2012-03-27 20:17 . 2012-03-27 20:17 210944 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.PhotoBucket\234ce8290fea998deaa26bbf8b6ab64a\Inkjet.PhotoBucket.ni.dll
    + 2012-03-27 20:07 . 2012-03-27 20:07 237056 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Localization\56696b3880309021b174d271ea96ff95\Inkjet.Localization.ni.dll
    + 2012-03-27 20:17 . 2012-03-27 20:17 522752 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.KodakGallery\ffad30e11faec6373aaee75d878fd51f\Inkjet.KodakGallery.ni.dll
    + 2012-03-27 20:08 . 2012-03-27 20:08 750080 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.IO\e0ba111ae7ead3a9ca0607a612f3f680\Inkjet.IO.ni.dll
    + 2012-03-27 20:07 . 2012-03-27 20:07 824320 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Hardware\8c7d08dd02d37cb7fab7a4d0c047d17b\Inkjet.Hardware.ni.dll
    + 2012-03-27 20:17 . 2012-03-27 20:17 163328 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Flickr\789aa3f606b9bf94a9c37363c70e54b3\Inkjet.Flickr.ni.dll
    + 2012-03-27 20:17 . 2012-03-27 20:17 162816 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Facebook\376578869265c9cdda3293729eb0f764\Inkjet.Facebook.ni.dll
    + 2012-03-27 20:08 . 2012-03-27 20:08 168448 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.EasyShare\7863193f0ce1c82f2b78a8f3b01957bf\Inkjet.EasyShare.ni.dll
    + 2012-03-27 20:07 . 2012-03-27 20:07 105472 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Diagnostics\313de9c18ccddcf244989ca8f29b1f97\Inkjet.Diagnostics.ni.dll
    + 2012-03-27 20:09 . 2012-03-27 20:09 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Browse\690b5b140c8854b3438c6b873d3c76ce\Inkjet.Browse.ni.dll
    + 2012-03-27 20:08 . 2012-03-27 20:08 169984 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Automation\2060c6851428e508f673a0dfd819e5fb\Inkjet.Automation.ni.dll
    + 2012-03-27 20:17 . 2012-03-27 20:17 102912 c:\windows\assembly\NativeImages_v2.0.50727_32\Google.GData.Photos\02ba21fb40349f021dd119aeb97f615f\Google.GData.Photos.ni.dll
    + 2012-03-27 20:17 . 2012-03-27 20:17 216064 c:\windows\assembly\NativeImages_v2.0.50727_32\Google.GData.Extens#\a6e6a3630c7494b6d3c048295cf74774\Google.GData.Extensions.ni.dll
    + 2012-03-27 20:17 . 2012-03-27 20:17 551936 c:\windows\assembly\NativeImages_v2.0.50727_32\Google.GData.Client\87e3d702fc2887158fb7c7b7d768a27f\Google.GData.Client.ni.dll
    + 2012-03-27 20:17 . 2012-03-27 20:17 372736 c:\windows\assembly\NativeImages_v2.0.50727_32\FlickrNet\fb8f415889238982d4b16620275ae916\FlickrNet.ni.dll
    + 2012-03-27 20:17 . 2012-03-27 20:17 238592 c:\windows\assembly\NativeImages_v2.0.50727_32\Facebook\d7a11ffb4aff45e159059699d3b37f65\Facebook.ni.dll
    + 2012-03-27 20:08 . 2012-03-27 20:08 435200 c:\windows\assembly\NativeImages_v2.0.50727_32\EastmanKodakCompany#\2582b031b1dbdc6161cead7f03f04a2b\EastmanKodakCompany.EasyShare.ni.dll
    + 2012-03-27 20:19 . 2012-03-27 20:19 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll
    + 2012-03-27 20:19 . 2012-03-27 20:19 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a8df37aadb089f1f34d3d2f103966fbc\ComSvcConfig.ni.exe
    + 2012-03-27 20:07 . 2012-03-27 20:07 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\25ce400b547f517258c8afb0480390ea\AspNetMMCExt.ni.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2011-04-14 20:28 . 2011-04-14 20:28 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    - 2011-04-14 20:28 . 2011-04-14 20:28 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    - 2011-04-14 20:28 . 2011-04-14 20:28 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    - 2011-04-14 20:28 . 2011-04-14 20:28 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    - 2011-04-14 20:28 . 2011-04-14 20:28 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2011-05-14 03:04 . 2011-05-14 03:04 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll
    + 2011-05-14 03:04 . 2011-05-14 03:04 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80.dll
    + 2005-08-16 10:18 . 2011-12-17 19:46 1212416 c:\windows\system32\urlmon.dll
    + 2005-08-16 10:18 . 2011-11-03 15:28 1292288 c:\windows\system32\quartz.dll
    + 2005-08-16 10:18 . 2011-11-01 16:07 1288704 c:\windows\system32\ole32.dll
    - 2005-08-16 10:18 . 2010-12-09 13:42 2148864 c:\windows\system32\ntoskrnl.exe
    + 2005-08-16 10:18 . 2011-10-25 13:37 2148864 c:\windows\system32\ntoskrnl.exe
    - 2004-08-04 04:59 . 2010-12-09 13:07 2027008 c:\windows\system32\ntkrnlpa.exe
    + 2004-08-04 04:59 . 2011-10-25 12:52 2027008 c:\windows\system32\ntkrnlpa.exe
    + 2005-08-16 10:18 . 2011-12-17 19:46 5979136 c:\windows\system32\mshtml.dll
    + 2006-10-17 16:57 . 2011-12-17 19:46 2000384 c:\windows\system32\iertutil.dll
    + 2008-10-15 17:32 . 2012-02-03 09:22 1860096 c:\windows\system32\dllcache\win32k.sys
    + 2006-05-10 05:25 . 2011-12-17 19:46 1212416 c:\windows\system32\dllcache\urlmon.dll
    + 2008-05-07 05:12 . 2011-11-03 15:28 1292288 c:\windows\system32\dllcache\quartz.dll
    + 2010-07-16 12:05 . 2011-11-01 16:07 1288704 c:\windows\system32\dllcache\ole32.dll
    + 2008-10-15 17:32 . 2011-10-25 13:33 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
    - 2008-10-15 17:32 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
    + 2008-10-15 17:32 . 2011-10-25 12:52 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
    - 2008-10-15 17:32 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
    + 2008-10-15 17:32 . 2011-10-25 12:52 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
    - 2008-10-15 17:32 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
    - 2008-10-15 17:32 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
    + 2008-10-15 17:32 . 2011-10-25 13:37 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
    + 2006-05-19 15:06 . 2011-12-17 19:46 5979136 c:\windows\system32\dllcache\mshtml.dll
    + 2007-05-09 11:46 . 2011-12-17 19:46 2000384 c:\windows\system32\dllcache\iertutil.dll
    - 2008-07-25 19:17 . 2008-07-25 19:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
    + 2011-03-25 13:15 . 2011-03-25 13:15 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
    + 2011-12-25 10:50 . 2011-12-25 10:50 5246976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
    + 2011-10-26 10:39 . 2011-10-26 10:39 3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
    + 2011-07-07 12:18 . 2011-07-07 12:18 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
    - 2011-01-18 11:39 . 2011-01-18 11:39 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    + 2011-07-07 12:18 . 2011-07-07 12:18 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    + 2011-12-25 18:07 . 2011-12-25 18:07 2064384 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
    + 2011-12-25 18:06 . 2011-12-25 18:06 1269760 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
    - 2010-09-23 22:55 . 2010-09-23 22:55 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
    + 2011-12-25 18:06 . 2011-12-25 18:06 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
    + 2011-12-25 05:54 . 2011-12-25 05:54 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
    - 2010-09-23 09:26 . 2010-09-23 09:26 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
    + 2011-12-25 05:53 . 2011-12-25 05:53 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
    - 2010-09-23 22:55 . 2010-09-23 22:55 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
    + 2011-12-25 18:06 . 2011-12-25 18:06 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
    - 2005-08-16 10:38 . 2009-06-29 18:58 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
    + 2005-08-16 10:38 . 2011-07-13 01:04 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
    - 2005-08-16 10:38 . 2009-06-24 05:00 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
    + 2005-08-16 10:38 . 2011-07-05 22:45 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
    + 2005-08-16 10:38 . 2011-07-05 22:46 2408448 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
    + 2005-08-16 10:38 . 2011-07-13 01:05 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
    - 2005-08-16 10:38 . 2009-06-29 18:58 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
    + 2011-11-01 20:34 . 2011-11-01 20:34 1552384 c:\windows\Installer\13c850e.msp
    + 2011-10-31 05:54 . 2011-10-31 05:54 2748416 c:\windows\Installer\13c84fe.msp
    + 2011-08-11 00:43 . 2011-08-11 00:43 3795968 c:\windows\Installer\13c84f7.msp
    + 2011-04-29 19:28 . 2011-04-29 19:28 1995264 c:\windows\Installer\1199f75.msp
    + 2011-12-26 16:59 . 2011-12-26 16:59 4368896 c:\windows\Installer\1199f20.msp
    + 2011-05-18 01:28 . 2011-05-18 01:28 6862848 c:\windows\Installer\1199f05.msp
    + 2011-04-29 20:04 . 2011-04-29 20:04 5053440 c:\windows\Installer\1199ef4.msp
    + 2011-10-30 06:10 . 2011-10-30 06:10 6824960 c:\windows\Installer\1199ecf.msp
    + 2011-10-31 19:37 . 2011-10-31 19:37 4146688 c:\windows\Installer\1199eb4.msp
    + 2011-11-01 20:34 . 2011-11-01 20:34 2531840 c:\windows\Installer\1199e9f.msp
    + 2011-05-23 21:15 . 2011-05-23 21:15 3617792 c:\windows\Installer\1199e86.msp
    + 2012-03-06 04:34 . 2012-03-06 04:34 5519872 c:\windows\Installer\1199e64.msp
    + 2011-07-27 14:39 . 2011-07-27 14:39 9892352 c:\windows\Installer\1199e53.msp
    + 2011-11-11 23:16 . 2011-11-11 23:16 8458240 c:\windows\Installer\1199e43.msp
    + 2007-04-19 21:09 . 2007-04-19 21:09 1061720 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\OMFC.DLL
    + 2009-04-04 01:21 . 2009-04-04 01:21 8543096 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\OARTCONV.DLL
    + 2012-03-27 19:17 . 2011-02-22 23:06 1210880 c:\windows\ie8updates\KB2647516-IE8\urlmon.dll
    + 2012-03-27 19:17 . 2011-02-22 23:06 5962240 c:\windows\ie8updates\KB2647516-IE8\mshtml.dll
    + 2012-03-27 19:17 . 2011-02-22 23:06 1991680 c:\windows\ie8updates\KB2647516-IE8\iertutil.dll
    - 2008-10-15 17:32 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
    + 2008-10-15 17:32 . 2011-10-25 13:33 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
    + 2008-10-15 17:32 . 2011-10-25 12:52 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
    - 2008-10-15 17:32 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
    + 2008-10-15 17:32 . 2011-10-25 12:52 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
    - 2008-10-15 17:32 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
    + 2008-10-15 17:32 . 2011-10-25 13:37 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
    - 2008-10-15 17:32 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
    + 2012-03-27 19:27 . 2012-03-27 19:27 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_5daa440e\System.dll
    + 2012-03-27 19:26 . 2012-03-27 19:26 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_17b1b1f7\System.dll
    + 2012-03-27 19:26 . 2012-03-27 19:26 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_ec7d23ae\System.Xml.dll
    + 2012-03-27 19:27 . 2012-03-27 19:27 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_0d337f34\System.Xml.dll
    + 2012-03-27 19:26 . 2012-03-27 19:26 3035136 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_8432fa13\System.Windows.Forms.dll
    + 2012-03-27 19:27 . 2012-03-27 19:27 7917568 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_43c4aa8f\System.Windows.Forms.dll
    + 2012-03-27 19:27 . 2012-03-27 19:27 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_40840961\System.Drawing.dll
    + 2012-03-27 19:27 . 2012-03-27 19:27 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_f1b08050\System.Design.dll
    + 2012-03-27 19:26 . 2012-03-27 19:26 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_7a7a8ffa\System.Design.dll
    + 2012-03-27 19:26 . 2012-03-27 19:26 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e534d5fa\mscorlib.dll
    + 2012-03-27 19:27 . 2012-03-27 19:27 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_68ad1032\mscorlib.dll
    + 2012-03-27 19:06 . 2012-03-27 19:06 1855488 c:\windows\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_7af2c0ee\System.dll
    + 2012-03-27 19:06 . 2012-03-27 19:06 2027520 c:\windows\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_3b9e64d2\System.Xml.dll
    + 2012-03-27 19:06 . 2012-03-27 19:06 2953216 c:\windows\assembly\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_f82eb851\System.Windows.Forms.dll
    + 2012-03-27 19:06 . 2012-03-27 19:06 1454080 c:\windows\assembly\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_2d69bac6\System.Design.dll
    + 2012-03-27 19:06 . 2012-03-27 19:06 3301376 c:\windows\assembly\NativeImages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_40b6fd61\mscorlib.dll
    + 2012-03-27 20:01 . 2012-03-27 20:01 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\174c2f776741812aed02c337bbcd1dae\WindowsBase.ni.dll
    + 2012-03-27 20:05 . 2012-03-27 20:05 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\94f5164ff4f664c5e4e7fb4c3af1abad\UIAutomationClientsideProviders.ni.dll
    + 2012-03-27 20:19 . 2012-03-27 20:19 3611648 c:\windows\assembly\NativeImages_v2.0.50727_32\twaingui\d48487924e10930123859eaaddc0383a\twaingui.ni.exe
    + 2012-03-27 20:01 . 2012-03-27 20:01 7953408 c:\windows\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
    + 2012-03-27 20:05 . 2012-03-27 20:05 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
    + 2012-03-27 20:43 . 2012-03-27 20:43 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\c4c671c737b553db8e07664816475333\System.WorkflowServices.ni.dll
    + 2012-03-27 20:43 . 2012-03-27 20:43 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\248ea47105ff4af6ee75e6fdd5b450a1\System.Workflow.Runtime.ni.dll
    + 2012-03-27 20:43 . 2012-03-27 20:43 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\80a288b6611668160334668cc2608e4a\System.Workflow.ComponentModel.ni.dll
    + 2012-03-27 20:43 . 2012-03-27 20:43 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\4c27548df5897320840ee0d65db38742\System.Workflow.Activities.ni.dll
    + 2012-03-27 20:08 . 2012-03-27 20:08 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e9ba004858dcdb5958d86f26f043f85a\System.Web.Services.ni.dll
    + 2012-03-27 20:42 . 2012-03-27 20:42 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\030cde14924eefebc06c240dbfe093a4\System.Web.Mobile.ni.dll
    + 2012-03-27 20:42 . 2012-03-27 20:42 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6379c8ca8ae11effb415139990923ff1\System.Web.Extensions.ni.dll
    + 2012-03-27 20:04 . 2012-03-27 20:04 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\e456140d5d6c43d7383bd36d3f9e12c6\System.Speech.ni.dll
    + 2012-03-27 20:41 . 2012-03-27 20:41 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\285dfbf2380436e187cb624bd1cd4683\System.ServiceModel.Web.ni.dll
    + 2012-03-27 20:18 . 2012-03-27 20:18 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f2532204217dc10f152afd077b09927c\System.Runtime.Serialization.ni.dll
    + 2012-03-27 20:04 . 2012-03-27 20:04 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\d51e6bb07124a1d780d1e024858e0dc1\System.Printing.ni.dll
    + 2012-03-27 20:41 . 2012-03-27 20:41 4950016 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\10fdfb918f01ebc41f38a391334146a9\System.Management.Automation.ni.dll
    + 2012-03-27 20:18 . 2012-03-27 20:18 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\8ef05061cd205c4f2a8583d97f32a603\System.IdentityModel.ni.dll
    + 2012-03-27 20:04 . 2012-03-27 20:04 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
    + 2012-03-27 20:07 . 2012-03-27 20:07 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\77d0e93f024055d04c07cc2700b4c590\System.DirectoryServices.ni.dll
    + 2012-03-27 20:07 . 2012-03-27 20:07 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\707a05a7d5a8d99dd56d1d50311a60d2\System.Deployment.ni.dll
    + 2012-03-27 20:03 . 2012-03-27 20:03 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll
    + 2012-03-27 20:07 . 2012-03-27 20:07 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\857300fa64d09c69125451fd8894f3da\System.Data.SqlXml.ni.dll
    + 2012-03-27 20:40 . 2012-03-27 20:40 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\e9d4a1fb13572c769ddd9b86e55baab4\System.Data.Services.ni.dll
    + 2012-03-27 20:08 . 2012-03-27 20:08 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\3f2e74586111fb32d5edc059f709fa94\System.Data.OracleClient.ni.dll
    + 2012-03-27 20:03 . 2012-03-27 20:03 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3d9c33f71d15a3e2e240092a244eba3\System.Data.Linq.ni.dll
    + 2012-03-27 20:39 . 2012-03-27 20:39 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\424160369b301ccd1b6fd86265611955\System.Data.Entity.ni.dll
    + 2012-03-27 20:03 . 2012-03-27 20:03 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\0a6d6717e76be12295711ff02c7aa1d4\System.Core.ni.dll
    + 2012-03-27 20:03 . 2012-03-27 20:03 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\33cdfb4c322a528260016ac759230501\ReachFramework.ni.dll
    + 2012-03-27 20:03 . 2012-03-27 20:03 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a6def83aee1aaf3336675ce58ac09013\PresentationUI.ni.dll
    + 2012-03-27 20:01 . 2012-03-27 20:01 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\59cd6ce5a254006179eee92952cd2272\PresentationBuildTasks.ni.dll
    + 2012-03-27 20:17 . 2012-03-27 20:17 1761792 c:\windows\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\aa974f4d5df17e6dd8cb5fc79b70628b\Newtonsoft.Json.Net20.ni.dll
    + 2012-03-27 20:17 . 2012-03-27 20:17 2437632 c:\windows\assembly\NativeImages_v2.0.50727_32\NetworkPrinterDisco#\2938b48ed6c62e372a5be0df4d19c484\NetworkPrinterDiscovery.ni.exe
    + 2012-03-27 20:20 . 2012-03-27 20:20 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\96e485c02ad346a2bd26a635e7fcb023\Microsoft.VisualBasic.ni.dll
    + 2012-03-27 20:19 . 2012-03-27 20:19 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f7071f9a1c0523540f6aa7f11c302fb6\Microsoft.Transactions.Bridge.ni.dll
    + 2012-03-27 20:07 . 2012-03-27 20:07 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\806b1d127ed3e906db972751e87585c4\Microsoft.JScript.ni.dll
    + 2012-03-27 20:19 . 2012-03-27 20:19 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\912789fd859e0887e10a935cade08e72\Microsoft.Build.Tasks.v3.5.ni.dll
    + 2012-03-27 20:19 . 2012-03-27 20:19 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\6c1d3eec78906cc2a2ecffb013114c50\Microsoft.Build.Tasks.ni.dll
    + 2012-03-27 20:19 . 2012-03-27 20:19 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d6edd4b4619a9052d3dfe50c3067d5e0\Microsoft.Build.Engine.ni.dll
    + 2012-03-27 20:17 . 2012-03-27 20:17 1248256 c:\windows\assembly\NativeImages_v2.0.50727_32\KodakAiOUpdater\4b4c408a039305243e5d1c88bc31be80\KodakAiOUpdater.ni.exe
    + 2012-03-27 20:18 . 2012-03-27 20:18 1178624 c:\windows\assembly\NativeImages_v2.0.50727_32\InkjetCore\791bc9cd2f9bf127fb9fe0f1dc7dc800\InkjetCore.ni.dll
    + 2012-03-27 20:07 . 2012-03-27 20:07 1190912 c:\windows\assembly\NativeImages_v2.0.50727_32\InkjetCore\54604393354d1b90d8a735104cfe2398\InkjetCore.ni.dll
    + 2012-03-27 20:17 . 2012-03-27 20:17 1532416 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Editing\5f58944a899aafadf7c082f1dec15587\Inkjet.Editing.ni.dll
    + 2012-03-27 20:16 . 2012-03-27 20:16 1218048 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Destination\2fac75563f0afec3473d4d532017b3b1\Inkjet.Destination.ni.dll
    + 2012-03-27 20:07 . 2012-03-27 20:07 1177600 c:\windows\assembly\NativeImages_v2.0.50727_32\idrskrn_net14\da7fe046c3e726a59c808701da3219ce\idrskrn_net14.ni.dll
    + 2012-03-27 20:08 . 2012-03-27 20:08 3764224 c:\windows\assembly\NativeImages_v2.0.50727_32\CommonControls\e04eb73ae3fc94333a4e485fe020d422\CommonControls.ni.dll
    + 2012-03-27 20:18 . 2012-03-27 20:18 3761152 c:\windows\assembly\NativeImages_v2.0.50727_32\CommonControls\d9568a3def95f39525da30d609ed95cd\CommonControls.ni.dll
    + 2012-03-27 20:08 . 2012-03-27 20:08 3207680 c:\windows\assembly\NativeImages_v2.0.50727_32\AiOPrinterTools\a1f82d527d7ded3cb3e471558318ab1b\AiOPrinterTools.ni.exe
    + 2012-03-27 20:08 . 2012-03-27 20:08 1059328 c:\windows\assembly\NativeImages_v2.0.50727_32\AiOHostDirector\c4e2e87bffbddcb94f6b4fbfea357acc\AiOHostDirector.ni.exe
    + 2012-03-27 20:07 . 2012-03-27 20:07 1874944 c:\windows\assembly\NativeImages_v2.0.50727_32\AiOHomeCenter\32dd378052047cf5e63472e6d2af0402\AiOHomeCenter.ni.exe
    + 2012-03-27 19:57 . 2012-03-27 19:57 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2012-03-27 19:27 . 2012-03-27 19:27 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
    - 2010-10-02 19:05 . 2010-10-02 19:05 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    - 2011-04-14 20:27 . 2011-04-14 20:27 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2012-03-27 19:56 . 2012-03-27 19:57 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    - 2011-04-14 20:28 . 2011-04-14 20:28 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    - 2010-10-02 19:04 . 2011-04-14 20:28 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2012-03-27 19:57 . 2012-03-27 19:57 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2012-03-27 19:25 . 2012-03-27 19:25 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
    - 2010-10-02 19:01 . 2010-10-02 19:01 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
    + 2012-03-27 19:25 . 2012-03-27 19:25 2064384 c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2012-03-27 19:25 . 2012-03-27 19:25 1269760 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
    - 2009-10-15 19:02 . 2009-10-15 19:02 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
    + 2012-03-27 19:05 . 2012-03-27 19:05 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
    + 2005-12-05 01:52 . 2012-03-04 23:23 54215544 c:\windows\system32\MRT.exe
    + 2006-11-08 02:03 . 2011-12-18 21:46 11082240 c:\windows\system32\ieframe.dll
    + 2007-05-09 11:46 . 2011-12-18 21:46 11082240 c:\windows\system32\dllcache\ieframe.dll
    + 2011-12-27 00:02 . 2011-12-27 00:02 12482048 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2656353\M2656353Uninstall.msp
    + 2011-03-28 10:27 . 2011-03-28 10:27 15456256 c:\windows\Installer\13c8506.msp
    + 2011-07-26 23:33 . 2011-07-26 23:33 10984448 c:\windows\Installer\13c84de.msp
    + 2011-07-12 03:43 . 2011-07-12 03:43 11641344 c:\windows\Installer\1199f7f.msp
    + 2011-12-26 16:02 . 2011-12-26 16:02 19677184 c:\windows\Installer\1199f39.msp
    + 2012-03-27 19:11 . 2012-03-27 19:11 20333056 c:\windows\Installer\1199ebf.msp
    + 2012-03-27 19:17 . 2011-02-22 23:06 11080704 c:\windows\ie8updates\KB2647516-IE8\ieframe.dll
    + 2012-03-27 20:04 . 2012-03-27 20:05 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
    + 2012-03-27 20:08 . 2012-03-27 20:08 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll
    + 2012-03-27 20:19 . 2012-03-27 20:19 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1cdcd6d97627d345d5ff446e6ec88b97\System.ServiceModel.ni.dll
    + 2012-03-27 20:04 . 2012-03-27 20:04 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\7c8f8fb506c32500acc1b6190d054f26\System.Design.ni.dll
    + 2012-03-27 20:02 . 2012-03-27 20:02 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5060105fb9e169399fe45600b1e9215e\PresentationFramework.ni.dll
    + 2012-03-27 20:01 . 2012-03-27 20:01 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\0665bba8c9962deadc418881eb3a2a2a\PresentationCore.ni.dll
    + 2012-03-27 20:00 . 2012-03-27 20:00 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
    + 2012-03-27 19:42 . 2012-03-27 19:42 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\c2678ff865d430dbcc94740aa5efdabc\mscorlib.ni.dll
    .
     
  17. trisail86

    trisail86 TS Rookie Topic Starter Posts: 29

    Part 4

    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
    "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
    "EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2011-06-17 2510848]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]
    .
    c:\documents and settings\Administrator\Start Menu\Programs\Startup\
    Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2012-1-14 10809376]
    .
    c:\documents and settings\Megan\Start Menu\Programs\Startup\
    Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2012-1-14 10809376]
    .
    c:\documents and settings\Stephanie\Start Menu\Programs\Startup\
    Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2012-1-14 10809376]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2009-12-17 1795488]
    Citrix Access Gateway.lnk - c:\program files\Citrix\Secure Access Client\nsload.exe [2009-11-8 1393304]
    NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\wlancfg5.exe [2006-1-26 1486848]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
    "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\Citrix\\Secure Access Client\\nsload.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
    "c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
    "c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
    "c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "<NO NAME>"=
    "9090:TCP"= 9090:TCP:TINYPROXY
    "53:TCP"= 53:TCP:TINYPROXY
    "427:UDP"= 427:UDP:SLP_Port(427)
    "5353:UDP"= 5353:UDP:Bonjour Port 5353
    "9322:TCP"= 9322:TCP:EKDiscovery
    .
    R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [12/19/2011 5:32 PM 394672]
    R2 nsverctl;Citrix Secure Access Client Service;c:\program files\Citrix\Secure Access Client\nsverctl.exe [11/8/2009 12:24 PM 143360]
    R3 Net6IM;Net6;c:\windows\system32\drivers\net6im51.sys [11/8/2009 12:26 PM 73880]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 1:12 PM 135664]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 1:12 PM 135664]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - EHSCHED
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-23 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 19:34]
    .
    2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 20:12]
    .
    2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 20:12]
    .
    2012-03-27 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.hotsheet.com/
    uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
    IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass
    IE: LastPass Fill Forms - file://c:\program files\LastPass\context.html?cmd=fillforms
    Trusted Zone: atk.com\myvpn
    TCP: DhcpNameServer = 192.168.1.1
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
    DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
    DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
    DPF: {85BA505F-FD01-4A91-836C-F7D502E89C9A} - hxxp://www.evite.com/html/imageUpload/ImageUploader4.cab
    DPF: {99A7E374-3E8E-4C78-A054-25522DC03DA2} - hxxp://web.vcstar.com/traffic/cameras/NVSViewer.CAB
    DPF: {B6C8044E-3B7B-4E05-9000-C455FC92235A} - hxxp://web.vcstar.com/traffic/cameras/NVSProtocol.CAB
    DPF: {BA2CB6B1-03EE-4068-87CC-F5E4DD772A9B} - hxxps://promontory-cag3.atk.com/CitrixLogonPoint/MyVPN/EPAClient/CitrixCAO.cab
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-03-27 20:43
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Completion time: 2012-03-27 20:47:52
    ComboFix-quarantined-files.txt 2012-03-28 03:47
    ComboFix2.txt 2012-03-27 13:33
    .
    Pre-Run: 15,646,384,128 bytes free
    Post-Run: 16,070,365,184 bytes free
    .
    - - End Of File - - A5B77D5F5E2767A5A797430FA0683E7B
     
  18. Broni

    Broni Malware Annihilator Posts: 47,693   +268

    Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
    NOTE. Make sure to reverse the above changes, when done with this step.
    Upload following files to http://www.virustotal.com/ for security check:
    - c:\documents and settings\All Users\Application Data\CzJzkQK78iE2Hm.exe
    If the file is listed as already analyzed, click on Reanalyse file now button.
    Post scan results.
     
  19. trisail86

    trisail86 TS Rookie Topic Starter Posts: 29

    Broni-
    I screwed up. I pasted the pathway in windows explorer to locate the file and by doing so, the executable ran and the "System Check" virus starting running again. The system check window is open on my computer.

    I ran the virustotal.com scan and the result is pasted below. Sorry, this is frustrating.

    SHA256: 660ef9a5b1464b9a070a1780f212e12b72dc7c251d5c2977222cffcc1e78a139
    SHA1: b92e9e933bcb1151a7915d211e1baa063d5a5549
    MD5: ab5c3661746468d35b3c680665f96a80
    File size: 353.0 KB ( 361472 bytes )
    File name: C:\Documents and Settings\All Users\Application Data\CzJzkQK78iE2Hm.exe
    File type: Win32 EXE
    Detection ratio: 25 / 41
    Analysis date: 2012-03-28 05:17:06 UTC ( 0 minutes ago )

    00
    Antivirus Result Update
    AhnLab-V3 Trojan/Win32.FakeAV 20120327
    AntiVir TR/Kazy.62856.1 20120327
    Antiy-AVL Trojan/Win32.Jorik.gen 20120327
    Avast Win32:FakeSysdefs-A [Trj] 20120328
    AVG Generic27.BFPC 20120327
    BitDefender Gen:Variant.Kazy.62856 20120328
    ByteHero - 20120327
    CAT-QuickHeal - 20120327
    ClamAV - 20120328
    Commtouch - 20120328
    Comodo TrojWare.Win32.Trojan.Agent.Gen 20120327
    DrWeb Trojan.Fakealert.27220 20120328
    Emsisoft Trojan.Win32.FakeSysdef!IK 20120328
    eTrust-Vet - 20120327
    F-Prot - 20120328
    F-Secure Gen:Variant.Kazy.62853 20120328
    Fortinet W32/FakeAlert.IY!tr 20120328
    GData Gen:Variant.Kazy.62853 20120328
    Ikarus Trojan.Win32.FakeSysdef 20120328
    Jiangmin Trojan/Fakeav.aycy 20120327
    K7AntiVirus Trojan 20120327
    Kaspersky Trojan.Win32.Jorik.Fraud.nya 20120327
    McAfee FakeAlert-SysDef.b 20120328
    McAfee-GW-Edition FakeAlert-SysDef.b 20120327
    Microsoft Trojan:Win32/FakeSysdef 20120327
    NOD32 Win32/Adware.HDDRescue.AB 20120328
    Norman - 20120327
    nProtect - 20120327
    Panda Generic Malware 20120327
    PCTools - 20120326
    Rising - 20120327
    Sophos Troj/FakeAV-FID 20120328
    SUPERAntiSpyware - 20120323
    Symantec Trojan.FakeAV 20120328
    TheHacker - 20120327
    TrendMicro - 20120327
    TrendMicro-HouseCall - 20120328
    VBA32 - 20120327
    VIPRE Trojan.Win32.Generic!BT 20120328
    ViRobot Trojan.Win32.FakeAV.361984 20120328
    VirusBuster - 20120323
     
  20. Broni

    Broni Malware Annihilator Posts: 47,693   +268

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\documents and settings\All Users\Application Data\CzJzkQK78iE2Hm.exe
    
    Rootkit::
    c:\documents and settings\All Users\Application Data\CzJzkQK78iE2Hm.exe
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  21. trisail86

    trisail86 TS Rookie Topic Starter Posts: 29

    Here is the report
    Part 1:
    ComboFix 12-03-26.04 - Doug 03/29/2012 16:58:16.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.493 [GMT -7:00]
    Running from: c:\documents and settings\Doug\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Doug\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    FILE ::
    "c:\documents and settings\All Users\Application Data\CzJzkQK78iE2Hm.exe"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\~CzJzkQK78iE2Hm
    c:\documents and settings\All Users\Application Data\~CzJzkQK78iE2Hmr
    c:\documents and settings\All Users\Application Data\CzJzkQK78iE2Hm
    c:\documents and settings\Doug\Desktop\System Check.lnk
    c:\documents and settings\Doug\Start Menu\Programs\System Check
    c:\documents and settings\Doug\Start Menu\Programs\System Check\System Check.lnk
    c:\documents and settings\Doug\Start Menu\Programs\System Check\Uninstall System Check.lnk
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-30 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-29 13:45 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8FFB04CA-411F-4741-A1B8-381382D8E759}\mpengine.dll
    2012-03-27 19:35 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
    2012-03-27 06:48 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
    2012-03-27 06:47 . 2012-01-09 16:20 139784 ------w- c:\windows\system32\dllcache\rdpwd.sys
    2012-03-27 06:46 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
    2012-03-27 06:46 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
    2012-03-27 06:46 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
    2012-03-25 21:29 . 2012-03-25 21:29 -------- d-----w- c:\documents and settings\Doug\Application Data\Malwarebytes
    2012-03-25 21:28 . 2012-03-25 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-03-25 21:28 . 2011-12-10 22:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-25 21:28 . 2012-03-25 21:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-03-04 03:09 . 2012-03-04 03:09 -------- d-----w- c:\documents and settings\Doug\Application Data\ElevatedDiagnostics
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-14 02:15 . 2010-07-12 17:43 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-02-03 09:22 . 2005-08-16 10:18 1860096 ----a-w- c:\windows\system32\win32k.sys
    2012-01-31 12:44 . 2010-07-11 20:18 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-28 15:32 . 2012-01-15 01:44 10809376 ----a-w- c:\program files\Common Files\lpuninstall.exe
    2012-01-09 16:20 . 2005-08-16 10:37 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
     
  22. trisail86

    trisail86 TS Rookie Topic Starter Posts: 29

    Part 2:

    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
    "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
    "EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2011-06-17 2510848]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]
    .
    c:\documents and settings\Administrator\Start Menu\Programs\Startup\
    Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2012-1-14 10809376]
    .
    c:\documents and settings\Megan\Start Menu\Programs\Startup\
    Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2012-1-14 10809376]
    .
    c:\documents and settings\Stephanie\Start Menu\Programs\Startup\
    Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2012-1-14 10809376]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2009-12-17 1795488]
    Citrix Access Gateway.lnk - c:\program files\Citrix\Secure Access Client\nsload.exe [2009-11-8 1393304]
    NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\wlancfg5.exe [2006-1-26 1486848]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
    "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\Citrix\\Secure Access Client\\nsload.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
    "c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
    "c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
    "c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
     
  23. trisail86

    trisail86 TS Rookie Topic Starter Posts: 29

    Part 3:

    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "<NO NAME>"=
    "9090:TCP"= 9090:TCP:TINYPROXY
    "53:TCP"= 53:TCP:TINYPROXY
    "427:UDP"= 427:UDP:SLP_Port(427)
    "5353:UDP"= 5353:UDP:Bonjour Port 5353
    "9322:TCP"= 9322:TCP:EKDiscovery
    .
    R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [12/19/2011 5:32 PM 394672]
    R2 nsverctl;Citrix Secure Access Client Service;c:\program files\Citrix\Secure Access Client\nsverctl.exe [11/8/2009 12:24 PM 143360]
    R3 Net6IM;Net6;c:\windows\system32\drivers\net6im51.sys [11/8/2009 12:26 PM 73880]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 1:12 PM 135664]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 1:12 PM 135664]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-23 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 19:34]
    .
    2012-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 20:12]
    .
    2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 20:12]
    .
    2012-03-30 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.hotsheet.com/
    uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
    IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass
    IE: LastPass Fill Forms - file://c:\program files\LastPass\context.html?cmd=fillforms
    Trusted Zone: atk.com\myvpn
    TCP: DhcpNameServer = 192.168.1.1
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
    DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
    DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
    DPF: {85BA505F-FD01-4A91-836C-F7D502E89C9A} - hxxp://www.evite.com/html/imageUpload/ImageUploader4.cab
    DPF: {99A7E374-3E8E-4C78-A054-25522DC03DA2} - hxxp://web.vcstar.com/traffic/cameras/NVSViewer.CAB
    DPF: {B6C8044E-3B7B-4E05-9000-C455FC92235A} - hxxp://web.vcstar.com/traffic/cameras/NVSProtocol.CAB
    DPF: {BA2CB6B1-03EE-4068-87CC-F5E4DD772A9B} - hxxps://promontory-cag3.atk.com/CitrixLogonPoint/MyVPN/EPAClient/CitrixCAO.cab
     
  24. trisail86

    trisail86 TS Rookie Topic Starter Posts: 29

    Part 4:

    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-03-29 17:28
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(1740)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Dell Support Center\bin\sprtsvc.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    c:\windows\system32\dllhost.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\eHome\ehmsas.exe
    c:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe
    .
    **************************************************************************
    .
    Completion time: 2012-03-29 17:34:40 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-03-30 00:34
    ComboFix2.txt 2012-03-28 03:47
    ComboFix3.txt 2012-03-27 13:33
    .
    Pre-Run: 16,100,876,288 bytes free
    Post-Run: 16,129,945,600 bytes free
    .
    - - End Of File - - 9B0E4FE6154F1B77C810FF3AACCC1027
     
  25. Broni

    Broni Malware Annihilator Posts: 47,693   +268

    Good :)
    Finally we got it.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.