dds log
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24
Run by Richard at 15:41:40 on 2012-01-16
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2038.978 [GMT -7:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\System32\alg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\ProgramData\jEGCsSWIMfSR.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\ProgramData\Uwrw4Km7OaDAvt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3059010
uSearch Bar = Preserve
uURLSearchHooks: Vgrabber Toolbar: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - c:\program files\vgrabber\prxtbVgra.dll
mURLSearchHooks: Vgrabber Toolbar: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - c:\program files\vgrabber\prxtbVgra.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Vgrabber Toolbar: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - c:\program files\vgrabber\prxtbVgra.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Vgrabber Toolbar: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - c:\program files\vgrabber\prxtbVgra.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Facebook Update] "c:\users\richard\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [jEGCsSWIMfSR.exe] c:\programdata\jEGCsSWIMfSR.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\richard\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{00B717E8-023D-4A14-BDCA-01DFE6F8F883} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{AB5CA5A9-01F7-44B4-8690-426221FA9EE1} : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{AB5CA5A9-01F7-44B4-8690-426221FA9EE1}\055534B46594255535 : NameServer = 192.168.1.1
TCP: Interfaces\{AB5CA5A9-01F7-44B4-8690-426221FA9EE1}\055534B46594255535 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AB5CA5A9-01F7-44B4-8690-426221FA9EE1}\140707C65626565637 : DhcpNameServer = 10.128.128.128
TCP: Interfaces\{AB5CA5A9-01F7-44B4-8690-426221FA9EE1}\157756374775966496 : DhcpNameServer = 192.168.9.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{AB5CA5A9-01F7-44B4-8690-426221FA9EE1}\2596467656679656774556C6 : NameServer = 192.168.0.1,205.171.3.25
TCP: Interfaces\{AB5CA5A9-01F7-44B4-8690-426221FA9EE1}\2596467656679656774556C6 : DhcpNameServer = 4.2.2.1 4.2.2.2
TCP: Interfaces\{AB5CA5A9-01F7-44B4-8690-426221FA9EE1}\D496B65602751627460294E66696E6964796 : DhcpNameServer = 209.150.200.10 66.213.224.2
TCP: Interfaces\{AB5CA5A9-01F7-44B4-8690-426221FA9EE1}\E4544574541425 : NameServer = 192.168.1.1
TCP: Interfaces\{AB5CA5A9-01F7-44B4-8690-426221FA9EE1}\E4544574541425 : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\richard\appdata\roaming\mozilla\firefox\profiles\ndegllfq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3059010&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3059010&SearchSource=13
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\richard\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: HP Smart Web Printing:
smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: HP Smart Web Printing:
smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - a4a1ff75000000000000001f3a1ea795
FF - user.js: extensions.BabylonToolbar_i.hardId - a4a1ff75000000000000001f3a1ea795
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15337
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.170:47:29
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108844
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-17 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-17 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-17 66616]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-3 652872]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-4-26 223088]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-2-17 20464]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-19 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-19 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2011-4-4 20480]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-21 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-2-17 1343400]
.
=============== Created Last 30 ================
.
2012-01-16 22:14:09 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6ab3c6b9-32f1-43f3-a3e7-f1bec42b41e2}\offreg.dll
2012-01-16 22:11:36 358656 ------w- c:\programdata\Uwrw4Km7OaDAvt.exe
2012-01-16 20:50:17 455424 ---ha-w- c:\programdata\jEGCsSWIMfSR.exe
2012-01-16 01:58:44 -------- d-----w- c:\program files\v-Grabber
2012-01-16 01:58:25 -------- d-----w- c:\program files\Conduit
2012-01-16 01:58:21 -------- d--h--w- c:\users\richard\appdata\local\Conduit
2012-01-16 01:58:20 -------- d-----w- c:\program files\Vgrabber
2012-01-16 01:46:37 -------- d--h--w- c:\users\richard\appdata\local\The Weather Channel
2012-01-15 23:55:59 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-15 23:55:59 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-15 23:55:59 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-15 23:55:59 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-15 23:55:59 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-15 23:55:58 314880 ----a-w- c:\windows\system32\webio.dll
2012-01-15 23:55:58 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-15 23:55:58 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-15 23:55:58 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-15 23:55:58 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-01-15 14:31:42 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6ab3c6b9-32f1-43f3-a3e7-f1bec42b41e2}\mpengine.dll
2012-01-11 16:30:40 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 16:30:37 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-11 16:30:28 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 16:30:28 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-01-10 09:41:54 57344 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\ZIMFPRNT.DLL
2012-01-10 09:41:35 53248 ----a-w- c:\windows\system32\ZTAG.DLL
2012-01-10 09:41:35 106496 ----a-w- c:\windows\system32\ZSPOOL.DLL
2012-01-10 09:41:34 61440 ----a-w- c:\windows\system32\ZIMF.DLL
2012-01-10 09:41:34 430080 ----a-w- c:\windows\system32\ZSHP1018.EXE
2012-01-10 09:41:34 102400 ----a-w- c:\windows\system32\ZLhp1018.DLL
2011-12-29 07:47:39 -------- d--h--w- c:\programdata\Tarma Installer
2011-12-29 07:47:26 -------- d--h--w- c:\users\richard\appdata\local\Babylon
2011-12-29 07:47:25 -------- d--h--w- c:\users\richard\appdata\roaming\Babylon
2011-12-29 07:47:25 -------- d--h--w- c:\programdata\Babylon
.
==================== Find3M ====================
.
2012-01-15 14:51:36 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 22:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-07 22:51:21 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-12-03 03:18:08 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-11-24 04:25:27 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 19:18:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-11-20 19:18:47 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-11-05 04:35:00 981504 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 04:26:03 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 02:48:51 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-26 04:47:40 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 04:47:40 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 04:28:12 38912 ----a-w- c:\windows\system32\csrsrv.dll
.
============= FINISH: 15:42:18.85 ===============