Solved System Check virus

T

trisail86

Posts: 29   +0
Thank goodness of have found you all. Woke up with System Check virus this am. I've run your five steps and am pasting the logs. I am incredibly grateful that there are generous people such as yourselves who reach out to help others.

I am not getting the annoying windows anymore after running Anti-Malware, but I can't see my files/applications in Windows Explorer. Am curious what to do next. Here are the logs:

With great appreciation,
trisail86

Anti-Malware Log:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.25.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Doug :: OFFICE [administrator]

3/25/2012 2:30:38 PM
mbam-log-2012-03-25 (14-30-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 289113
Time elapsed: 33 minute(s), 47 second(s)

Memory Processes Detected: 1
C:\Documents and Settings\All Users\Application Data\XCMsXSJotCWrp.exe (Trojan.Agent) -> 2356 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 14
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D25F921-B9FE-4682-BF72-8AB8210D6D75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D25F921-B9FE-4682-BF72-8AB8210D6D75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D25F921-B9FE-4682-BF72-8AB8210D6D75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{4D25F920-B9FE-4682-BF72-8AB8210D6D75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{4D25F923-B9FE-4682-BF72-8AB8210D6D75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A48FE9AC-DD02-4FF7-9211-B7BA9A2C8BF2} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A48FE9AC-DD02-4FF7-9211-B7BA9A2C8BF2} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7AAEB1-9F3D-4491-9C06-C7165CA8D058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3B7AAEB1-9F3D-4491-9C06-C7165CA8D058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCR\MyWaySearchAssistantDE.Auxiliary (Adware.MyWaySearch) -> Quarantined and deleted successfully.
HKCR\MyWaySearchAssistantDE.Auxiliary.1 (Adware.MyWaySearch) -> Quarantined and deleted successfully.

Registry Values Detected: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|XCMsXSJotCWrp.exe (Trojan.Agent) -> Data: C:\Documents and Settings\All Users\Application Data\XCMsXSJotCWrp.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{4D25F926-B9FE-4682-BF72-8AB8210D6D75} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 12
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 3
C:\Program Files\MyWaySA (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\890166 (Trojan.BHO) -> Quarantined and deleted successfully.

Files Detected: 8
C:\Documents and Settings\All Users\Application Data\XCMsXSJotCWrp.exe (Trojan.Agent) -> Delete on reboot.
C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Doug\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Doug\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Doug\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\bemark2.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\f49f4daa.dat (Worm.Koobface) -> Quarantined and deleted successfully.
C:\WINDOWS\tmark2.dat (Malware.Trace) -> Quarantined and deleted successfully.

(end)
---

GMER Log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-03-25 15:20:35
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 ST3160828AS rev.8.03
Running: j7zmgweu.exe; Driver: C:\DOCUME~1\Doug\LOCALS~1\Temp\pwtdapod.sys


---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Doug at 15:27:38 on 2012-03-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.332 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Citrix\Secure Access Client\nsverctl.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
uStart Page = hxxp://www.hotsheet.com/
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyServer = http=127.0.0.1:9090
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0989.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0989.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Conime] %windir%\system32\conime.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [RunNarrator] Narrator.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9e.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: atk.com\myvpn
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/15.13/uploader2.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158951511156
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {85BA505F-FD01-4A91-836C-F7D502E89C9A} - hxxp://www.evite.com/html/imageUpload/ImageUploader4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {99A7E374-3E8E-4C78-A054-25522DC03DA2} - hxxp://web.vcstar.com/traffic/cameras/NVSViewer.CAB
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - hxxp://wegmansphoto.lifepics.com/net/Uploader/ImageUploader3.cab
DPF: {B6C8044E-3B7B-4E05-9000-C455FC92235A} - hxxp://web.vcstar.com/traffic/cameras/NVSProtocol.CAB
DPF: {BA2CB6B1-03EE-4068-87CC-F5E4DD772A9B} - hxxps://promontory-cag3.atk.com/CitrixLogonPoint/MyVPN/EPAClient/CitrixCAO.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{23E49CEC-4431-4899-977D-C14EA566FC69} : DhcpNameServer = 192.168.1.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2011-12-19 394672]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 nsverctl;Citrix Secure Access Client Service;c:\program files\citrix\secure access client\nsverctl.exe [2009-11-8 143360]
R3 Net6IM;Net6;c:\windows\system32\drivers\net6im51.sys [2009-11-8 73880]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
.
=============== Created Last 30 ================
.
2012-03-25 22:23:48 6582328 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9c475eb9-4992-43b6-b02c-cee2b202d2e1}\mpengine.dll
2012-03-25 21:29:07 -------- d-----w- c:\documents and settings\doug\application data\Malwarebytes
2012-03-25 21:28:35 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-03-25 21:28:31 20464 ---ha-w- c:\windows\system32\drivers\mbam.sys
2012-03-25 21:28:30 -------- d--h--w- c:\program files\Malwarebytes' Anti-Malware
2012-03-25 15:22:54 361472 ---ha-w- c:\documents and settings\all users\application data\CzJzkQK78iE2Hm.exe
2012-03-04 03:09:16 -------- d--h--w- c:\documents and settings\doug\application data\ElevatedDiagnostics
2012-02-28 21:07:31 -------- d--h--w- c:\documents and settings\all users\Kodak
.
==================== Find3M ====================
.
2012-01-28 15:32:01 10809376 ---ha-w- c:\program files\common files\lpuninstall.exe
.
============= FINISH: 15:34:41.48 ===============

DDS Attach.txt file:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/4/2005 1:28:29 PM
System Uptime: 3/25/2012 3:10:14 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0KF623
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 144 GiB total, 15.702 GiB free.
D: is Removable
E: is Removable
F: is Removable
G: is Removable
H: is CDROM ()
I: is CDROM ()
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart C4500 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP2112: 12/31/2011 11:35:39 PM - System Checkpoint
RP2113: 1/2/2012 8:55:53 AM - System Checkpoint
RP2114: 1/3/2012 9:33:45 AM - System Checkpoint
RP2115: 1/4/2012 10:50:18 AM - System Checkpoint
RP2116: 1/5/2012 1:54:56 PM - System Checkpoint
RP2117: 1/6/2012 2:16:01 PM - System Checkpoint
RP2118: 1/7/2012 2:54:14 PM - System Checkpoint
RP2119: 1/8/2012 3:12:30 PM - System Checkpoint
RP2120: 1/9/2012 4:55:34 PM - System Checkpoint
RP2121: 1/10/2012 5:01:58 PM - System Checkpoint
RP2122: 1/11/2012 5:19:31 PM - System Checkpoint
RP2123: 1/12/2012 6:31:18 PM - System Checkpoint
RP2124: 1/13/2012 6:53:44 PM - System Checkpoint
RP2125: 1/14/2012 9:34:52 PM - System Checkpoint
RP2126: 1/16/2012 12:01:07 AM - System Checkpoint
RP2127: 1/17/2012 12:29:49 AM - System Checkpoint
RP2128: 1/18/2012 12:46:25 AM - System Checkpoint
RP2129: 1/19/2012 7:18:12 AM - System Checkpoint
RP2130: 1/20/2012 8:53:23 AM - System Checkpoint
RP2131: 1/21/2012 9:21:49 AM - System Checkpoint
RP2132: 1/22/2012 11:04:14 AM - System Checkpoint
RP2133: 1/23/2012 11:35:16 AM - System Checkpoint
RP2134: 1/24/2012 1:12:20 PM - System Checkpoint
RP2135: 1/25/2012 2:33:20 PM - System Checkpoint
RP2136: 1/26/2012 2:38:22 PM - System Checkpoint
RP2137: 1/27/2012 4:01:22 PM - System Checkpoint
RP2138: 1/28/2012 4:05:15 PM - System Checkpoint
RP2139: 1/29/2012 4:19:04 PM - System Checkpoint
RP2140: 1/30/2012 4:26:17 PM - System Checkpoint
RP2141: 1/31/2012 4:27:53 PM - System Checkpoint
RP2142: 2/1/2012 4:38:14 PM - System Checkpoint
RP2143: 2/2/2012 5:03:30 PM - System Checkpoint
RP2144: 2/3/2012 6:15:16 PM - System Checkpoint
RP2145: 2/4/2012 7:35:56 PM - System Checkpoint
RP2146: 2/5/2012 9:35:42 PM - System Checkpoint
RP2147: 2/6/2012 10:29:36 PM - System Checkpoint
RP2148: 2/7/2012 11:57:59 PM - System Checkpoint
RP2149: 2/9/2012 12:12:00 AM - System Checkpoint
RP2150: 2/10/2012 7:08:08 AM - System Checkpoint
RP2151: 2/11/2012 8:57:24 AM - System Checkpoint
RP2152: 2/12/2012 9:23:15 AM - System Checkpoint
RP2153: 2/13/2012 10:11:10 AM - System Checkpoint
RP2154: 2/14/2012 11:31:39 AM - System Checkpoint
RP2155: 2/15/2012 12:01:48 PM - System Checkpoint
RP2156: 2/16/2012 1:10:35 PM - System Checkpoint
RP2157: 2/17/2012 1:50:44 PM - System Checkpoint
RP2158: 2/18/2012 2:15:25 PM - System Checkpoint
RP2159: 2/19/2012 3:10:29 PM - System Checkpoint
RP2160: 2/20/2012 3:40:46 PM - System Checkpoint
RP2161: 2/21/2012 4:42:12 PM - System Checkpoint
RP2162: 2/22/2012 4:56:13 PM - System Checkpoint
RP2163: 2/23/2012 6:53:24 PM - System Checkpoint
RP2164: 2/24/2012 7:03:00 PM - System Checkpoint
RP2165: 2/25/2012 7:18:09 PM - System Checkpoint
RP2166: 2/26/2012 8:09:56 PM - System Checkpoint
RP2167: 2/27/2012 8:33:50 PM - System Checkpoint
RP2168: 2/28/2012 8:52:13 PM - System Checkpoint
RP2169: 2/29/2012 9:26:38 PM - System Checkpoint
RP2170: 3/2/2012 12:11:35 AM - System Checkpoint
RP2171: 3/3/2012 12:58:38 AM - System Checkpoint
RP2172: 3/4/2012 1:05:02 AM - System Checkpoint
RP2173: 3/5/2012 1:30:07 AM - System Checkpoint
RP2174: 3/6/2012 6:40:31 AM - System Checkpoint
RP2175: 3/7/2012 7:21:57 AM - System Checkpoint
RP2176: 3/8/2012 7:30:44 AM - System Checkpoint
RP2177: 3/9/2012 7:59:26 AM - System Checkpoint
RP2178: 3/10/2012 9:02:26 AM - System Checkpoint
RP2179: 3/11/2012 10:12:20 AM - System Checkpoint
RP2180: 3/12/2012 1:02:13 PM - System Checkpoint
RP2181: 3/13/2012 1:49:59 PM - System Checkpoint
RP2182: 3/14/2012 2:45:34 PM - System Checkpoint
RP2183: 3/15/2012 3:30:28 PM - System Checkpoint
RP2184: 3/16/2012 5:10:32 PM - System Checkpoint
RP2185: 3/17/2012 5:20:43 PM - System Checkpoint
RP2186: 3/18/2012 8:45:50 PM - System Checkpoint
RP2187: 3/19/2012 11:08:12 PM - System Checkpoint
RP2188: 3/20/2012 11:33:50 PM - System Checkpoint
RP2189: 3/22/2012 5:32:24 AM - System Checkpoint
RP2190: 3/23/2012 6:54:31 AM - System Checkpoint
RP2191: 3/24/2012 7:01:16 AM - System Checkpoint
RP2192: 3/25/2012 7:26:07 AM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
924PLC32
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Reader 8.2.5
aioprnt
aioscnnr
AnswerWorks 5.0 English Runtime
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Aqualink RS System Simulator Rev MM
ATI Control Panel
ATI Display Driver
ATI Parental Control
Audible Download Manager
Avery Wizard 3.1
Avery® Wizard 2.1 for Microsoft® Office Word 2003
Bonjour
BufferChm
C4580
C4580_Help
C4USelfUpdater
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera WIA Driver
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon Digital Camera USB WIA Driver
Canon EOS-1D Mark II N WIA Driver
Canon EOS-1Ds Mark II WIA Driver
Canon EOS 5D WIA Driver
Canon EOS Kiss_N REBEL_XT 350D WIA Driver
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 2.1
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities RAW Image Converter
Canon Utilities RemoteCapture 2.1
Canon Utilities ZoomBrowser EX
Cards_Calendar_OrderGift_DoMorePlugout
center
Citrix Access Gateway Plug-in
Citrix XenApp Web Plugin
Compatibility Pack for the 2007 Office system
CustomerResearchQFolder
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Digital Content Portal
DocProc
DocProcQFolder
EducateU
essentials
eSupportQFolder
GearDrvs
Google Update Helper
GPBaseService
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 11.0
HP Imaging Device Functions 11.0
HP Photosmart C4500 All-In-One Driver Software 11.0 Rel .4
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Smart Web Printing
HP Solution Center 11.0
HP Update
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
ImageMixer VCD2
Intel(R) 537EP V9x DF PCI Modem
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
iPod for Windows 2005-02-07
iPod for Windows 2005-11-17
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro 8
Jasc Paint Shop Pro Studio, Dell Editon
Java Auto Updater
Java(TM) 6 Update 20
Kodak AIO Printer
KODAK AiO Software
LastPass (uninstall only)
Learn2 Player (Uninstall Only)
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
LUMIX Simple Viewer
Macromedia Flash Player
Malwarebytes Anti-Malware version 1.60.1.1000
MarketResearch
Memorex exPressit Label Design Studio
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Modem Event Monitor
Modem Helper
Modem On Hold
MotionDV STUDIO 5.6E LE for DV
Move Media Player
MovieEdit Task
MSN Toolbar
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Musicmatch for Windows Media Player
MyWay Search Assistant
NavFit98A
NETGEAR WG311v3 PCI Adapter
Network
NetZeroInstallers
ocr
OCR Software by I.R.I.S. 11.0
Panasonic DVC USB Driver
PanoStandAlone
PHOTOfunSTUDIO -viewer-
Picasa 3
Polar Precision Performance SW
PowerDVD 5.5
PreReq
PS_AIO_04_C4580_ProductContext
PS_AIO_04_C4580_Software
PS_AIO_04_C4580_Software_Min
PSSWCORE
Quick Movie Magic 1.0E
QuickBooks Simple Start Special Edition
Quicken 2008
Quicken Home Inventory Manager
QuickTime
RealPlayer
Rhapsody Player Engine
Rosetta Stone V3
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SmartWebPrinting
SolutionCenter
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sony USB Driver
Status
Symantec Technical Support Web Controls
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB960763)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
USB-IrDA Adapter
VideoToolkit01
Viewpoint Media Player
WD Diagnostics
WebCyberCoach 3.2 Dell
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows PowerShell(TM) 1.0
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Yahoo! Messenger
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
3/25/2012 8:35:39 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.242.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
3/25/2012 8:31:12 AM, error: Microsoft Antimalware [1014] - Microsoft Antimalware has encountered an error trying to remove history of malware and other potentially unwanted software. Time: 2/24/2012 8:31:10 AM User: NT AUTHORITY\SYSTEM Error Code: 0x80070005 Error description: Access is denied.
3/25/2012 7:23:53 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.242.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
3/24/2012 6:56:08 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.242.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
3/23/2012 6:41:50 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1750.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
3/22/2012 5:25:38 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1750.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
3/22/2012 2:21:09 PM, error: LDMS [3023] - The Logical Disk Manager Service failed while registering for device handle notifications on device \\?\STORAGE#RemovableMedia#8&37d4ea85&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}. Win32 Error: 2.
3/21/2012 8:45:25 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
3/21/2012 3:36:54 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1750.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
3/19/2012 10:19:20 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1750.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
3/19/2012 1:35:03 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1750.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
3/18/2012 6:48:26 AM, error: PSched [14103] - QoS [Adapter {23E49CEC-4431-4899-977D-C14EA566FC69}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
3/18/2012 11:35:25 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1750.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================================================

Let's see, if we can recover your missing features.
Download and run UnHide
Let me know, if it worked.

====================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

====================================================================

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
Broni-
Thank you!

(1) I ran UnHide and it worked in terms of my files and shortcuts being visibile again. Report pasted below.

(2) I ran aswMBR. The first time it ran, I got a blue screen after about 1 hr 20 min.

"A problem has been detected and windows has been shut down to prevent damage to your computer.
DRIVER_IRQL_NOT_LESS_OR_EQUAL
If first time, restart your computer...."

I ran aswMBR a second time and it looked to complete in 10 minutes. Log pasted below.

(3) I ran bootkit_cleaner. Results are pasted below as well.

Thanks!
trisail86

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 03/25/2012 08:09:56 PM
Windows Version: Windows XP

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 298615 files processed.

Restoring the Start Menu.
* 277 Shortcuts and Desktop items were restored.


Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
* NoDesktop policy was found and deleted!
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
* HideIcons policy was found and deleted!

Program finished at: 03/25/2012 08:28:11 PM
Execution time: 0 hours(s), 18 minute(s), and 15 seconds(s)


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-25 22:13:24
-----------------------------
22:13:24.406 OS Version: Windows 5.1.2600 Service Pack 3
22:13:24.406 Number of processors: 2 586 0x403
22:13:24.421 ComputerName: OFFICE UserName: Doug
22:13:28.125 Initialize success
22:14:18.187 AVAST engine defs: 12032501
06:13:28.343 The log file has been saved successfully to "C:\Documents and Settings\Doug\Desktop\aswMBR.txt"


Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`03ec1000
Boot sector MD5 is: e7e6f498a5aad54bc8d066e2192a8456

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...
 
Broni-
Results of Listparts pasted below,

ListParts by Farbar Version: 12-03-2012 03
Ran by Doug (administrator) on 26-03-2012 at 20:08:29
Windows XP (X86)
Running From: C:\Documents and Settings\Doug\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 68%
Total physical RAM: 1022.07 MB
Available physical RAM: 322.72 MB
Total Pagefile: 2459.97 MB
Available Pagefile: 1658.51 MB
Total Virtual: 2047.88 MB
Available Virtual: 2000.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:144.3 GB) (Free:15.62 GB) NTFS ==>[Drive with boot components (Windows XP)]

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 63 MB 32 KB
Partition 2 Primary 144 GB 63 MB
Partition 3 Unknown 4754 MB 144 GB
======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

There is no volume associated with this partition.
======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 144 GB Healthy System (partition with boot components)
======================================================================================================

Disk: 0
Partition 3
Type : DB
Hidden: Yes
Active: No

There is no volume associated with this partition.
======================================================================================================

****** End Of Log ******
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Broni-
Ran TDSSKiller, no reboot required. Report pasted below (two parts due to length of report)

21:22:04.0983 0488 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
21:22:05.0561 0488 ============================================================
21:22:05.0561 0488 Current date / time: 2012/03/26 21:22:05.0561
21:22:05.0561 0488 SystemInfo:
21:22:05.0561 0488
21:22:05.0561 0488 OS Version: 5.1.2600 ServicePack: 3.0
21:22:05.0561 0488 Product type: Workstation
21:22:05.0561 0488 ComputerName: OFFICE
21:22:05.0561 0488 UserName: Doug
21:22:05.0561 0488 Windows directory: C:\WINDOWS
21:22:05.0561 0488 System windows directory: C:\WINDOWS
21:22:05.0561 0488 Processor architecture: Intel x86
21:22:05.0561 0488 Number of processors: 2
21:22:05.0561 0488 Page size: 0x1000
21:22:05.0561 0488 Boot type: Normal boot
21:22:05.0561 0488 ============================================================
21:22:09.0311 0488 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:22:09.0468 0488 \Device\Harddisk0\DR0:
21:22:09.0483 0488 MBR used
21:22:09.0483 0488 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F608, BlocksNum 0x12098F55
21:22:09.0561 0488 Initialize success
21:22:09.0561 0488 ============================================================
21:22:32.0046 1820 ============================================================
21:22:32.0046 1820 Scan started
21:22:32.0046 1820 Mode: Manual;
21:22:32.0046 1820 ============================================================
21:22:32.0218 1820 Abiosdsk - ok
21:22:32.0280 1820 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:22:32.0374 1820 abp480n5 - ok
21:22:32.0421 1820 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:22:32.0421 1820 ACPI - ok
21:22:32.0483 1820 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:22:32.0546 1820 ACPIEC - ok
21:22:32.0624 1820 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:22:32.0749 1820 adpu160m - ok
21:22:32.0780 1820 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:22:32.0780 1820 aec - ok
21:22:32.0827 1820 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
21:22:32.0936 1820 AFD - ok
21:22:33.0046 1820 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:22:33.0171 1820 agp440 - ok
21:22:33.0186 1820 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:22:33.0249 1820 agpCPQ - ok
21:22:33.0311 1820 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:22:33.0374 1820 Aha154x - ok
21:22:33.0405 1820 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:22:33.0483 1820 aic78u2 - ok
21:22:33.0515 1820 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:22:33.0561 1820 aic78xx - ok
21:22:33.0593 1820 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
21:22:33.0593 1820 Alerter - ok
21:22:33.0624 1820 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
21:22:33.0624 1820 ALG - ok
21:22:33.0655 1820 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
21:22:33.0686 1820 AliIde - ok
21:22:33.0718 1820 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:22:33.0765 1820 alim1541 - ok
21:22:33.0796 1820 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:22:33.0843 1820 amdagp - ok
21:22:33.0874 1820 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
21:22:33.0905 1820 amsint - ok
21:22:33.0983 1820 Apple Mobile Device (2e3e53a6aef23e24f402c7855b9b1542) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:22:33.0983 1820 Apple Mobile Device - ok
21:22:34.0030 1820 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
21:22:34.0030 1820 AppMgmt - ok
21:22:34.0061 1820 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
21:22:34.0093 1820 asc - ok
21:22:34.0108 1820 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:22:34.0140 1820 asc3350p - ok
21:22:34.0171 1820 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:22:34.0218 1820 asc3550 - ok
21:22:34.0327 1820 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:22:35.0046 1820 aspnet_state - ok
21:22:35.0171 1820 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:22:35.0171 1820 AsyncMac - ok
21:22:35.0249 1820 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:22:35.0249 1820 atapi - ok
21:22:35.0280 1820 Atdisk - ok
21:22:35.0327 1820 Ati HotKey Poller (abc57a6f6070baf9786c318f59f29f0b) C:\WINDOWS\system32\Ati2evxx.exe
21:22:35.0343 1820 Ati HotKey Poller - ok
21:22:35.0546 1820 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:22:35.0624 1820 ati2mtag - ok
21:22:35.0640 1820 ATIAVPCI (a42fa313df3937f9edf028ea0e153dce) C:\WINDOWS\system32\DRIVERS\atinavxx.sys
21:22:35.0733 1820 ATIAVPCI - ok
21:22:35.0811 1820 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:22:35.0952 1820 Atmarpc - ok
21:22:35.0999 1820 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
21:22:35.0999 1820 AudioSrv - ok
21:22:36.0030 1820 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:22:36.0046 1820 audstub - ok
21:22:36.0061 1820 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:22:36.0155 1820 Beep - ok
21:22:36.0202 1820 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
21:22:36.0233 1820 BITS - ok
21:22:36.0311 1820 Bonjour Service (5ab58c337ac65837fe404462ad6265ab) C:\Program Files\Bonjour\mDNSResponder.exe
21:22:36.0327 1820 Bonjour Service - ok
21:22:36.0374 1820 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
21:22:36.0374 1820 Browser - ok
21:22:36.0390 1820 bvrp_pci - ok
21:22:36.0405 1820 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:22:36.0436 1820 cbidf - ok
21:22:36.0436 1820 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:22:36.0436 1820 cbidf2k - ok
21:22:36.0530 1820 CCALib8 (5753532c476b83119d85aa43b1b10ab3) C:\Program Files\Canon\CAL\CALMAIN.exe
21:22:36.0546 1820 CCALib8 - ok
21:22:36.0577 1820 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:22:36.0608 1820 CCDECODE - ok
21:22:36.0640 1820 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:22:36.0671 1820 cd20xrnt - ok
21:22:36.0686 1820 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:22:36.0765 1820 Cdaudio - ok
21:22:36.0811 1820 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:22:36.0811 1820 Cdfs - ok
21:22:36.0858 1820 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
21:22:36.0874 1820 cdrbsdrv - ok
21:22:36.0874 1820 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:22:36.0968 1820 Cdrom - ok
21:22:36.0968 1820 Changer - ok
21:22:37.0030 1820 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
21:22:37.0030 1820 CiSvc - ok
21:22:37.0061 1820 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
21:22:37.0077 1820 ClipSrv - ok
21:22:37.0140 1820 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:22:37.0936 1820 clr_optimization_v2.0.50727_32 - ok
21:22:38.0093 1820 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:22:38.0155 1820 CmdIde - ok
21:22:38.0186 1820 COMSysApp - ok
21:22:38.0249 1820 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:22:38.0296 1820 Cpqarray - ok
21:22:38.0327 1820 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
21:22:38.0327 1820 CryptSvc - ok
21:22:38.0358 1820 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:22:38.0421 1820 dac2w2k - ok
21:22:38.0436 1820 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:22:38.0468 1820 dac960nt - ok
21:22:38.0515 1820 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:22:38.0515 1820 DcomLaunch - ok
21:22:38.0546 1820 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
21:22:38.0546 1820 Dhcp - ok
21:22:38.0593 1820 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:22:38.0593 1820 Disk - ok
21:22:38.0608 1820 dmadmin - ok
21:22:38.0671 1820 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:22:38.0874 1820 dmboot - ok
21:22:38.0952 1820 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:22:38.0968 1820 dmio - ok
21:22:38.0983 1820 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:22:38.0983 1820 dmload - ok
21:22:39.0015 1820 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
21:22:39.0015 1820 dmserver - ok
21:22:39.0061 1820 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:22:39.0061 1820 DMusic - ok
21:22:39.0093 1820 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
21:22:39.0093 1820 Dnscache - ok
21:22:39.0140 1820 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
21:22:39.0140 1820 Dot3svc - ok
21:22:39.0171 1820 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:22:39.0202 1820 dpti2o - ok
21:22:39.0218 1820 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:22:39.0218 1820 drmkaud - ok
21:22:39.0249 1820 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:\WINDOWS\system32\drivers\drvmcdb.sys
21:22:39.0249 1820 drvmcdb - ok
21:22:39.0265 1820 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:\WINDOWS\system32\drivers\drvnddm.sys
21:22:39.0265 1820 drvnddm - ok
21:22:39.0374 1820 DSBrokerService (fe80901578e7e3da70299a5aeb2b7fbd) C:\Program Files\DellSupport\brkrsvc.exe
21:22:40.0311 1820 DSBrokerService - ok
21:22:40.0421 1820 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
21:22:40.0515 1820 DSproct - ok
21:22:40.0671 1820 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
21:22:40.0671 1820 dsunidrv - ok
21:22:40.0733 1820 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
21:22:40.0733 1820 E100B - ok
21:22:40.0765 1820 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
21:22:40.0765 1820 EapHost - ok
21:22:40.0843 1820 ehRecvr (8301243bde5b6cd316d79c0191d50d9a) C:\WINDOWS\eHome\ehRecvr.exe
21:22:40.0843 1820 ehRecvr - ok
21:22:40.0890 1820 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
21:22:40.0890 1820 ehSched - ok
21:22:40.0921 1820 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
21:22:40.0921 1820 ERSvc - ok
21:22:40.0952 1820 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:22:40.0968 1820 Eventlog - ok
21:22:41.0015 1820 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
21:22:41.0015 1820 EventSystem - ok
21:22:41.0093 1820 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:22:41.0093 1820 Fastfat - ok
21:22:41.0124 1820 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:22:41.0155 1820 FastUserSwitchingCompatibility - ok
21:22:41.0202 1820 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
21:22:41.0202 1820 Fax - ok
21:22:41.0233 1820 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:22:41.0296 1820 Fdc - ok
21:22:41.0311 1820 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:22:41.0358 1820 Fips - ok
21:22:41.0452 1820 FLEXnet Licensing Service (d778107d7c2a19d7e7a884a9f0d79581) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:22:41.0983 1820 FLEXnet Licensing Service - ok
21:22:42.0093 1820 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:22:42.0155 1820 Flpydisk - ok
21:22:42.0186 1820 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:22:42.0186 1820 FltMgr - ok
21:22:42.0311 1820 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:22:42.0483 1820 FontCache3.0.0.0 - ok
21:22:42.0640 1820 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:22:42.0671 1820 Fs_Rec - ok
21:22:42.0780 1820 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:22:42.0796 1820 Ftdisk - ok
21:22:42.0843 1820 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:22:42.0858 1820 GEARAspiWDM - ok
21:22:42.0890 1820 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:22:42.0952 1820 Gpc - ok
21:22:42.0999 1820 grmnusb (cd007d03a9284bfe67d49c01213132bf) C:\WINDOWS\system32\drivers\grmnusb.sys
21:22:43.0015 1820 grmnusb - ok
21:22:43.0093 1820 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:22:43.0108 1820 gupdate - ok
21:22:43.0108 1820 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:22:43.0108 1820 gupdatem - ok
21:22:43.0140 1820 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:22:43.0499 1820 gusvc - ok
21:22:43.0640 1820 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:22:43.0640 1820 HDAudBus - ok
21:22:43.0718 1820 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:22:43.0718 1820 helpsvc - ok
21:22:43.0733 1820 HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys
21:22:43.0780 1820 HidIr - ok
21:22:43.0811 1820 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
21:22:43.0811 1820 HidServ - ok
21:22:43.0843 1820 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:22:43.0874 1820 HidUsb - ok
21:22:43.0921 1820 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
21:22:43.0921 1820 hkmsvc - ok
21:22:43.0952 1820 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
21:22:43.0968 1820 hpn - ok
21:22:44.0077 1820 hpqcxs08 (ed377b3c83fdea8d906109a085d219ba) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
21:22:44.0077 1820 hpqcxs08 - ok
21:22:44.0124 1820 hpqddsvc (ee4c7a4cf2316701ffde90f404520265) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
21:22:44.0124 1820 hpqddsvc - ok
21:22:44.0155 1820 HPSLPSVC (6f9cb6539a1b2508bd1c53d29334431a) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
21:22:44.0171 1820 HPSLPSVC - ok
21:22:44.0311 1820 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:22:44.0390 1820 HPZid412 - ok
21:22:44.0421 1820 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:22:44.0499 1820 HPZipr12 - ok
21:22:44.0530 1820 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:22:44.0561 1820 HPZius12 - ok
21:22:44.0608 1820 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:22:44.0608 1820 HTTP - ok
21:22:44.0640 1820 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
21:22:44.0640 1820 HTTPFilter - ok
21:22:44.0671 1820 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
21:22:44.0733 1820 i2omgmt - ok
21:22:44.0765 1820 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:22:44.0811 1820 i2omp - ok
21:22:44.0843 1820 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:22:44.0905 1820 i8042prt - ok
21:22:45.0061 1820 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:22:45.0343 1820 IDriverT - ok
21:22:45.0546 1820 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:22:45.0905 1820 idsvc - ok
21:22:46.0046 1820 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:22:46.0093 1820 Imapi - ok
21:22:46.0124 1820 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
21:22:46.0140 1820 ImapiService - ok
21:22:46.0186 1820 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:22:46.0202 1820 ini910u - ok
21:22:46.0280 1820 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
21:22:46.0343 1820 IntelC51 - ok
21:22:46.0515 1820 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
21:22:46.0921 1820 IntelC52 - ok
21:22:47.0202 1820 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
21:22:47.0265 1820 IntelC53 - ok
21:22:47.0374 1820 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:22:47.0390 1820 IntelIde - ok
21:22:47.0436 1820 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:22:47.0468 1820 intelppm - ok
21:22:47.0483 1820 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:22:47.0577 1820 Ip6Fw - ok
21:22:47.0624 1820 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:22:47.0624 1820 IpFilterDriver - ok
21:22:47.0671 1820 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:22:47.0733 1820 IpInIp - ok
21:22:47.0765 1820 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:22:47.0765 1820 IpNat - ok
21:22:47.0874 1820 iPod Service (8f610078437a459948480407f4db91ea) C:\Program Files\iPod\bin\iPodService.exe
21:22:47.0874 1820 iPod Service - ok
21:22:47.0905 1820 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:22:47.0983 1820 IPSec - ok
21:22:48.0030 1820 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys
21:22:48.0061 1820 IrBus - ok
21:22:48.0108 1820 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
21:22:48.0140 1820 irda - ok
21:22:48.0155 1820 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:22:48.0202 1820 IRENUM - ok
21:22:48.0233 1820 Irmon (49cc4533ce897cb2e93c1e84a818fde5) C:\WINDOWS\System32\irmon.dll
21:22:48.0249 1820 Irmon - ok
21:22:48.0265 1820 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:22:48.0265 1820 isapnp - ok
21:22:48.0343 1820 JavaQuickStarterService (1834c96fb1f9280bcf6ddfa6de8338bf) C:\Program Files\Java\jre6\bin\jqs.exe
21:22:48.0343 1820 JavaQuickStarterService - ok
21:22:48.0358 1820 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:22:48.0390 1820 Kbdclass - ok
21:22:48.0405 1820 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:22:48.0436 1820 kbdhid - ok
21:22:48.0452 1820 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:22:48.0452 1820 kmixer - ok
21:22:48.0546 1820 Kodak AiO Network Discovery Service (27277a11db52fefae5b01dc8fb570b28) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
21:22:48.0561 1820 Kodak AiO Network Discovery Service - ok
21:22:48.0593 1820 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:22:48.0593 1820 KSecDD - ok
21:22:48.0624 1820 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
21:22:48.0640 1820 lanmanserver - ok
21:22:48.0671 1820 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
21:22:48.0671 1820 lanmanworkstation - ok
21:22:48.0686 1820 lbrtfdc - ok
21:22:48.0765 1820 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
21:22:48.0765 1820 LmHosts - ok
21:22:48.0858 1820 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
21:22:48.0858 1820 McrdSvc - ok
21:22:48.0936 1820 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys
21:22:48.0936 1820 MCSTRM - ok
21:22:49.0030 1820 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
21:22:49.0030 1820 MDM - ok
21:22:49.0077 1820 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
21:22:49.0093 1820 Messenger - ok
21:22:49.0108 1820 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
21:22:49.0108 1820 MHN - ok
21:22:49.0140 1820 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
21:22:49.0202 1820 MHNDRV - ok
21:22:49.0218 1820 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:22:49.0233 1820 mnmdd - ok
21:22:49.0265 1820 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
21:22:49.0265 1820 mnmsrvc - ok
21:22:49.0311 1820 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:22:49.0311 1820 Modem - ok
21:22:49.0327 1820 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
21:22:49.0390 1820 MODEMCSA - ok
21:22:49.0436 1820 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
21:22:49.0436 1820 mohfilt - ok
21:22:49.0468 1820 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:22:49.0499 1820 Mouclass - ok
21:22:49.0546 1820 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:22:49.0593 1820 mouhid - ok
21:22:49.0624 1820 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:22:49.0624 1820 MountMgr - ok
21:22:49.0655 1820 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
21:22:49.0686 1820 MPE - ok
21:22:49.0718 1820 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
21:22:49.0905 1820 MpFilter - ok
21:22:50.0093 1820 MpKslfb07cfff (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9C475EB9-4992-43B6-B02C-CEE2B202D2E1}\MpKslfb07cfff.sys
21:22:50.0093 1820 MpKslfb07cfff - ok
21:22:50.0233 1820 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:22:50.0280 1820 mraid35x - ok
21:22:50.0327 1820 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:22:50.0327 1820 MRxDAV - ok
21:22:50.0374 1820 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:22:50.0436 1820 MRxSmb - ok
21:22:50.0468 1820 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
21:22:50.0468 1820 MSDTC - ok
21:22:50.0483 1820 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:22:50.0546 1820 Msfs - ok
21:22:50.0561 1820 MSIServer - ok
21:22:50.0593 1820 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:22:50.0608 1820 MSKSSRV - ok
21:22:50.0671 1820 MsMpSvc (90dc23d940551db35367fb1e40575b25) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
21:22:50.0686 1820 MsMpSvc - ok
21:22:50.0702 1820 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:22:50.0780 1820 MSPCLOCK - ok
21:22:50.0796 1820 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:22:50.0796 1820 MSPQM - ok
21:22:50.0827 1820 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:22:50.0827 1820 mssmbios - ok
21:22:50.0858 1820 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:22:50.0905 1820 MSTEE - ok
21:22:50.0921 1820 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
21:22:50.0968 1820 Mup - ok
21:22:50.0999 1820 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:22:51.0030 1820 NABTSFEC - ok
21:22:51.0108 1820 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
21:22:51.0108 1820 napagent - ok
21:22:51.0140 1820 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:22:51.0249 1820 NDIS - ok
21:22:51.0280 1820 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:22:51.0296 1820 NdisIP - ok
21:22:51.0327 1820 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:22:51.0358 1820 NdisTapi - ok
21:22:51.0374 1820 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:22:51.0390 1820 Ndisuio - ok
21:22:51.0421 1820 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:22:51.0499 1820 NdisWan - ok
21:22:51.0530 1820 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:22:51.0577 1820 NDProxy - ok
21:22:51.0608 1820 Net Driver HPZ12 (949941e4de88df1faf49a4b3cffb756f) C:\WINDOWS\system32\HPZinw12.dll
21:22:51.0608 1820 Net Driver HPZ12 - ok
21:22:51.0640 1820 Net6IM (348b1caedf9bff1057b564ae3577d382) C:\WINDOWS\system32\DRIVERS\net6im51.sys
21:22:51.0686 1820 Net6IM - ok
21:22:51.0733 1820 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
 
Part 2 of the TDSSKiller report:

21:22:51.0780 1820 NetBIOS - ok
21:22:51.0811 1820 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:22:51.0874 1820 NetBT - ok
21:22:51.0921 1820 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:22:51.0921 1820 NetDDE - ok
21:22:51.0921 1820 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:22:51.0936 1820 NetDDEdsdm - ok
21:22:51.0968 1820 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:22:51.0968 1820 Netlogon - ok
21:22:52.0030 1820 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
21:22:52.0046 1820 Netman - ok
21:22:52.0218 1820 NetSvc (9da26b773bd04b867a8e9f427cd048fc) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
21:22:52.0358 1820 NetSvc - ok
21:22:52.0546 1820 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:22:52.0593 1820 NetTcpPortSharing - ok
21:22:52.0655 1820 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
21:22:52.0655 1820 Nla - ok
21:22:52.0718 1820 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:22:52.0780 1820 Npfs - ok
21:22:52.0874 1820 nsverctl (9ad67299cd555a6f2b01831aac43b6f9) C:\Program Files\Citrix\Secure Access Client\nsverctl.exe
21:22:52.0874 1820 nsverctl - ok
21:22:52.0936 1820 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:22:52.0983 1820 Ntfs - ok
21:22:52.0999 1820 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:22:52.0999 1820 NtLmSsp - ok
21:22:53.0061 1820 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
21:22:53.0061 1820 NtmsSvc - ok
21:22:53.0108 1820 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:22:53.0124 1820 Null - ok
21:22:53.0202 1820 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:22:53.0374 1820 nv - ok
21:22:53.0390 1820 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:22:53.0436 1820 NwlnkFlt - ok
21:22:53.0452 1820 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:22:53.0515 1820 NwlnkFwd - ok
21:22:53.0577 1820 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:22:53.0655 1820 ose - ok
21:22:53.0811 1820 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:22:53.0905 1820 Parport - ok
21:22:53.0952 1820 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:22:53.0983 1820 PartMgr - ok
21:22:54.0015 1820 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:22:54.0061 1820 ParVdm - ok
21:22:54.0077 1820 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:22:54.0124 1820 PCI - ok
21:22:54.0140 1820 PCIDump - ok
21:22:54.0171 1820 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:22:54.0218 1820 PCIIde - ok
21:22:54.0249 1820 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:22:54.0280 1820 Pcmcia - ok
21:22:54.0296 1820 PDCOMP - ok
21:22:54.0311 1820 PDFRAME - ok
21:22:54.0311 1820 PDRELI - ok
21:22:54.0327 1820 PDRFRAME - ok
21:22:54.0358 1820 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
21:22:54.0390 1820 perc2 - ok
21:22:54.0421 1820 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:22:54.0452 1820 perc2hib - ok
21:22:54.0499 1820 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:22:54.0499 1820 PlugPlay - ok
21:22:54.0577 1820 Pml Driver HPZ12 (2f4ca141a609caf5c98f6e4760ef1b9b) C:\WINDOWS\system32\HPZipm12.dll
21:22:54.0577 1820 Pml Driver HPZ12 - ok
21:22:54.0624 1820 PolarUSB (3f1110901da07cc428710460276e28a0) C:\WINDOWS\system32\DRIVERS\PolarUSB.sys
21:22:54.0686 1820 PolarUSB - ok
21:22:54.0718 1820 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:22:54.0718 1820 PolicyAgent - ok
21:22:54.0749 1820 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:22:54.0796 1820 PptpMiniport - ok
21:22:54.0811 1820 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:22:54.0811 1820 ProtectedStorage - ok
21:22:54.0811 1820 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:22:54.0905 1820 PSched - ok
21:22:54.0936 1820 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:22:54.0952 1820 Ptilink - ok
21:22:54.0983 1820 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:22:54.0999 1820 PxHelp20 - ok
21:22:55.0046 1820 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:22:55.0077 1820 ql1080 - ok
21:22:55.0108 1820 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:22:55.0124 1820 Ql10wnt - ok
21:22:55.0155 1820 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:22:55.0171 1820 ql12160 - ok
21:22:55.0202 1820 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:22:55.0218 1820 ql1240 - ok
21:22:55.0233 1820 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:22:55.0265 1820 ql1280 - ok
21:22:55.0327 1820 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:22:55.0327 1820 RasAcd - ok
21:22:55.0374 1820 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
21:22:55.0405 1820 RasAuto - ok
21:22:55.0436 1820 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
21:22:55.0468 1820 Rasirda - ok
21:22:55.0499 1820 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:22:55.0530 1820 Rasl2tp - ok
21:22:55.0577 1820 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
21:22:55.0593 1820 RasMan - ok
21:22:55.0593 1820 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:22:55.0624 1820 RasPppoe - ok
21:22:55.0640 1820 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:22:55.0671 1820 Raspti - ok
21:22:55.0686 1820 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:22:55.0749 1820 Rdbss - ok
21:22:55.0765 1820 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:22:55.0780 1820 RDPCDD - ok
21:22:55.0796 1820 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:22:55.0874 1820 rdpdr - ok
21:22:55.0905 1820 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
21:22:55.0921 1820 RDPWD - ok
21:22:55.0968 1820 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
21:22:55.0968 1820 RDSessMgr - ok
21:22:55.0983 1820 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:22:56.0030 1820 redbook - ok
21:22:56.0093 1820 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
21:22:56.0093 1820 RemoteAccess - ok
21:22:56.0155 1820 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
21:22:56.0155 1820 RemoteRegistry - ok
21:22:56.0202 1820 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
21:22:56.0218 1820 RpcLocator - ok
21:22:56.0265 1820 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:22:56.0265 1820 RpcSs - ok
21:22:56.0327 1820 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
21:22:56.0327 1820 RSVP - ok
21:22:56.0374 1820 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:22:56.0374 1820 SamSs - ok
21:22:56.0405 1820 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
21:22:56.0405 1820 SCardSvr - ok
21:22:56.0452 1820 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
21:22:56.0452 1820 Schedule - ok
21:22:56.0515 1820 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:22:56.0561 1820 Secdrv - ok
21:22:56.0608 1820 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
21:22:56.0608 1820 seclogon - ok
21:22:56.0624 1820 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
21:22:56.0640 1820 SENS - ok
21:22:56.0671 1820 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:22:56.0718 1820 serenum - ok
21:22:56.0733 1820 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:22:56.0796 1820 Serial - ok
21:22:56.0827 1820 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:22:56.0843 1820 Sfloppy - ok
21:22:56.0874 1820 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
21:22:56.0890 1820 SharedAccess - ok
21:22:56.0921 1820 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:22:56.0921 1820 ShellHWDetection - ok
21:22:56.0936 1820 Simbad - ok
21:22:56.0968 1820 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:22:57.0061 1820 sisagp - ok
21:22:57.0093 1820 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:22:57.0124 1820 SLIP - ok
21:22:57.0186 1820 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
21:22:57.0233 1820 SONYPVU1 - ok
21:22:57.0311 1820 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:22:57.0343 1820 Sparrow - ok
21:22:57.0390 1820 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:22:57.0390 1820 splitter - ok
21:22:57.0421 1820 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:22:57.0421 1820 Spooler - ok
21:22:57.0483 1820 sprtsvc_dellsupportcenter - ok
21:22:57.0515 1820 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:22:57.0593 1820 sr - ok
21:22:57.0640 1820 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
21:22:57.0655 1820 srservice - ok
21:22:57.0686 1820 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:22:57.0686 1820 Srv - ok
21:22:57.0718 1820 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:\WINDOWS\system32\drivers\sscdbhk5.sys
21:22:57.0733 1820 sscdbhk5 - ok
21:22:57.0780 1820 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
21:22:57.0780 1820 SSDPSRV - ok
21:22:57.0796 1820 ssrtln (d79412e3942c8a257253487536d5a994) C:\WINDOWS\system32\drivers\ssrtln.sys
21:22:57.0843 1820 ssrtln - ok
21:22:57.0921 1820 STHDA (352b663a81402be7cd7bd4ea27c9998c) C:\WINDOWS\system32\drivers\sthda.sys
21:22:57.0921 1820 STHDA - ok
21:22:57.0983 1820 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
21:22:57.0983 1820 StillCam - ok
21:22:58.0030 1820 STIrUsb (9fa87afed9eb97dc90707ac8f19264f6) C:\WINDOWS\system32\DRIVERS\irstusb.sys
21:22:58.0093 1820 STIrUsb - ok
21:22:58.0140 1820 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
21:22:58.0140 1820 stisvc - ok
21:22:58.0171 1820 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:22:58.0202 1820 streamip - ok
21:22:58.0218 1820 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:22:58.0249 1820 swenum - ok
21:22:58.0280 1820 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:22:58.0280 1820 swmidi - ok
21:22:58.0296 1820 SwPrv - ok
21:22:58.0343 1820 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
21:22:58.0358 1820 symc810 - ok
21:22:58.0390 1820 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:22:58.0421 1820 symc8xx - ok
21:22:58.0436 1820 SymIM - ok
21:22:58.0452 1820 SymIMMP - ok
21:22:58.0468 1820 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:22:58.0483 1820 sym_hi - ok
21:22:58.0530 1820 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:22:58.0546 1820 sym_u3 - ok
21:22:58.0593 1820 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:22:58.0593 1820 sysaudio - ok
21:22:58.0624 1820 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
21:22:58.0640 1820 SysmonLog - ok
21:22:58.0671 1820 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
21:22:58.0671 1820 TapiSrv - ok
21:22:58.0718 1820 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:22:58.0749 1820 Tcpip - ok
21:22:58.0811 1820 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:22:58.0827 1820 TDPIPE - ok
21:22:58.0858 1820 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:22:58.0874 1820 TDTCP - ok
21:22:58.0905 1820 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:22:58.0905 1820 TermDD - ok
21:22:58.0968 1820 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
21:22:58.0968 1820 TermService - ok
21:22:59.0015 1820 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:\WINDOWS\system32\dla\tfsnboio.sys
21:22:59.0030 1820 tfsnboio - ok
21:22:59.0061 1820 tfsncofs (599804bc938b8305a5422319774da871) C:\WINDOWS\system32\dla\tfsncofs.sys
21:22:59.0093 1820 tfsncofs - ok
21:22:59.0108 1820 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:\WINDOWS\system32\dla\tfsndrct.sys
21:22:59.0124 1820 tfsndrct - ok
21:22:59.0155 1820 tfsndres (d8ddb3f2b1bef15cff6728d89c042c61) C:\WINDOWS\system32\dla\tfsndres.sys
21:22:59.0186 1820 tfsndres - ok
21:22:59.0218 1820 tfsnifs (c4f2dea75300971cdaee311007de138d) C:\WINDOWS\system32\dla\tfsnifs.sys
21:22:59.0280 1820 tfsnifs - ok
21:22:59.0296 1820 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:\WINDOWS\system32\dla\tfsnopio.sys
21:22:59.0311 1820 tfsnopio - ok
21:22:59.0343 1820 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:\WINDOWS\system32\dla\tfsnpool.sys
21:22:59.0374 1820 tfsnpool - ok
21:22:59.0421 1820 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:\WINDOWS\system32\dla\tfsnudf.sys
21:22:59.0483 1820 tfsnudf - ok
21:22:59.0515 1820 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:\WINDOWS\system32\dla\tfsnudfa.sys
21:22:59.0561 1820 tfsnudfa - ok
21:22:59.0608 1820 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:22:59.0608 1820 Themes - ok
21:22:59.0655 1820 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
21:22:59.0655 1820 TlntSvr - ok
21:22:59.0702 1820 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
21:22:59.0733 1820 TosIde - ok
21:22:59.0780 1820 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
21:22:59.0796 1820 TrkWks - ok
21:22:59.0827 1820 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:22:59.0874 1820 Udfs - ok
21:22:59.0890 1820 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
21:22:59.0921 1820 ultra - ok
21:22:59.0983 1820 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:22:59.0999 1820 Update - ok
21:23:00.0030 1820 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
21:23:00.0046 1820 upnphost - ok
21:23:00.0061 1820 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
21:23:00.0061 1820 UPS - ok
21:23:00.0108 1820 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:23:00.0108 1820 USBAAPL - ok
21:23:00.0155 1820 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:23:00.0233 1820 usbaudio - ok
21:23:00.0280 1820 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:23:00.0327 1820 usbccgp - ok
21:23:00.0358 1820 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:23:00.0390 1820 usbehci - ok
21:23:00.0405 1820 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:23:00.0452 1820 usbhub - ok
21:23:00.0483 1820 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:23:00.0515 1820 usbprint - ok
21:23:00.0530 1820 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:23:00.0561 1820 usbscan - ok
21:23:00.0577 1820 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:23:00.0624 1820 USBSTOR - ok
21:23:00.0640 1820 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:23:00.0671 1820 usbuhci - ok
21:23:00.0718 1820 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
21:23:00.0765 1820 usbvideo - ok
21:23:00.0796 1820 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:23:00.0827 1820 VgaSave - ok
21:23:00.0874 1820 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:23:00.0936 1820 viaagp - ok
21:23:00.0952 1820 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:23:00.0968 1820 ViaIde - ok
21:23:01.0015 1820 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:23:01.0077 1820 VolSnap - ok
21:23:01.0108 1820 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
21:23:01.0108 1820 VSS - ok
21:23:01.0155 1820 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
21:23:01.0155 1820 w32time - ok
21:23:01.0233 1820 W8335XP (7455b3c11a1d6a844b53febdb58646e9) C:\WINDOWS\system32\DRIVERS\WG311v3XP.sys
21:23:01.0233 1820 W8335XP - ok
21:23:01.0280 1820 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:23:01.0327 1820 Wanarp - ok
21:23:01.0343 1820 wanatw - ok
21:23:01.0358 1820 WDICA - ok
21:23:01.0390 1820 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:23:01.0390 1820 wdmaud - ok
21:23:01.0436 1820 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
21:23:01.0436 1820 WebClient - ok
21:23:01.0515 1820 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:23:01.0515 1820 winmgmt - ok
21:23:01.0577 1820 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:23:01.0577 1820 WmdmPmSN - ok
21:23:01.0640 1820 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
21:23:01.0640 1820 Wmi - ok
21:23:01.0671 1820 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:23:01.0952 1820 WmiApSrv - ok
21:23:02.0061 1820 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
21:23:02.0061 1820 wscsvc - ok
21:23:02.0155 1820 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:23:02.0186 1820 WSTCODEC - ok
21:23:02.0233 1820 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:23:02.0296 1820 WudfPf - ok
21:23:02.0343 1820 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:23:02.0405 1820 WudfRd - ok
21:23:02.0452 1820 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
21:23:02.0468 1820 WudfSvc - ok
21:23:02.0530 1820 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
21:23:02.0546 1820 WZCSVC - ok
21:23:02.0593 1820 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
21:23:02.0593 1820 xmlprov - ok
21:23:02.0624 1820 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
21:23:02.0640 1820 \Device\Harddisk0\DR0 - ok
21:23:02.0671 1820 Boot (0x1200) (891577e33300bb07b58b3d6690d4d082) \Device\Harddisk0\DR0\Partition0
21:23:02.0671 1820 \Device\Harddisk0\DR0\Partition0 - ok
21:23:02.0671 1820 ============================================================
21:23:02.0671 1820 Scan finished
21:23:02.0671 1820 ============================================================
21:23:02.0686 1920 Detected object count: 0
21:23:02.0686 1920 Actual detected object count: 0
 
Broni-
One last note as well. There looks to be a "System Check" icon for a shortcut both in the lower left side of windows toolbar next to "Start" menu and one on my desktop as well. I don't dare touch these until I hear from you what to do with them.

Trisail86
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Broni-
Combofix completed. Report pasted below.

ComboFix 12-03-26.04 - Doug 03/26/2012 22:57:36.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.683 [GMT -7:00]
Running from: c:\documents and settings\Doug\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\~CzJzkQK78iE2Hm
c:\documents and settings\All Users\Application Data\~CzJzkQK78iE2Hmr
c:\documents and settings\All Users\Application Data\CzJzkQK78iE2Hm
c:\documents and settings\Bernadette\Desktop\Doug Contact Folder.dug
c:\documents and settings\Doug\My Documents\~WRL1114.tmp
c:\documents and settings\Doug\My Documents\~WRL3137.tmp
c:\documents and settings\Doug\Start Menu\Programs\System Check
c:\documents and settings\Doug\Start Menu\Programs\System Check\System Check.lnk
c:\documents and settings\Doug\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\documents and settings\Doug\WINDOWS
c:\documents and settings\Stephanie\My Documents\~WRL0004.tmp
c:\documents and settings\Stephanie\My Documents\~WRL1490.tmp
c:\documents and settings\Stephanie\My Documents\~WRL1618.tmp
c:\documents and settings\Stephanie\My Documents\~WRL1910.tmp
c:\documents and settings\Stephanie\My Documents\~WRL3699.tmp
c:\windows\EventSystem.log
c:\windows\kb913800.exe
c:\windows\system32\bszip.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\ijl11.dll
c:\windows\system32\MrvGINA.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-02-27 to 2012-03-27 )))))))))))))))))))))))))))))))
.
.
2012-03-27 06:46 . 2012-03-27 06:46 -------- d-----w- c:\windows\LastGood
2012-03-26 05:13 . 2012-03-26 05:13 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9C475EB9-4992-43B6-B02C-CEE2B202D2E1}\MpKslfb07cfff.sys
2012-03-25 22:23 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9C475EB9-4992-43B6-B02C-CEE2B202D2E1}\mpengine.dll
2012-03-25 21:29 . 2012-03-25 21:29 -------- d-----w- c:\documents and settings\Doug\Application Data\Malwarebytes
2012-03-25 21:28 . 2012-03-25 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-03-25 21:28 . 2011-12-10 22:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-25 21:28 . 2012-03-25 21:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-25 15:22 . 2012-03-25 15:22 361472 ----a-w- c:\documents and settings\All Users\Application Data\CzJzkQK78iE2Hm.exe
2012-03-04 03:09 . 2012-03-04 03:09 -------- d-----w- c:\documents and settings\Doug\Application Data\ElevatedDiagnostics
2012-02-28 21:07 . 2012-02-28 21:07 -------- d-----w- c:\documents and settings\All Users\Kodak
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-08 06:03 . 2010-07-12 17:43 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-28 15:32 . 2012-01-15 01:44 10809376 ----a-w- c:\program files\Common Files\lpuninstall.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2011-06-17 2510848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2012-1-14 10809376]
.
c:\documents and settings\Megan\Start Menu\Programs\Startup\
Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2012-1-14 10809376]
.
c:\documents and settings\Stephanie\Start Menu\Programs\Startup\
Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2012-1-14 10809376]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2009-12-17 1795488]
Citrix Access Gateway.lnk - c:\program files\Citrix\Secure Access Client\nsload.exe [2009-11-8 1393304]
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\wlancfg5.exe [2006-1-26 1486848]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Citrix\\Secure Access Client\\nsload.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"<NO NAME>"=
"9090:TCP"= 9090:TCP:TINYPROXY
"53:TCP"= 53:TCP:TINYPROXY
"427:UDP"= 427:UDP:SLP_Port(427)
"5353:UDP"= 5353:UDP:Bonjour Port 5353
"9322:TCP"= 9322:TCP:EKDiscovery
.
R1 MpKslfb07cfff;MpKslfb07cfff;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9C475EB9-4992-43B6-B02C-CEE2B202D2E1}\MpKslfb07cfff.sys [3/25/2012 10:13 PM 29904]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [12/19/2011 5:32 PM 394672]
R2 nsverctl;Citrix Secure Access Client Service;c:\program files\Citrix\Secure Access Client\nsverctl.exe [11/8/2009 12:24 PM 143360]
R3 Net6IM;Net6;c:\windows\system32\drivers\net6im51.sys [11/8/2009 12:26 PM 73880]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 1:12 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 1:12 PM 135664]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 19:34]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 20:12]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 20:12]
.
2012-03-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 20:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotsheet.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyServer = http=127.0.0.1:9090
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\LastPass\context.html?cmd=fillforms
Trusted Zone: atk.com\myvpn
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {85BA505F-FD01-4A91-836C-F7D502E89C9A} - hxxp://www.evite.com/html/imageUpload/ImageUploader4.cab
DPF: {99A7E374-3E8E-4C78-A054-25522DC03DA2} - hxxp://web.vcstar.com/traffic/cameras/NVSViewer.CAB
DPF: {B6C8044E-3B7B-4E05-9000-C455FC92235A} - hxxp://web.vcstar.com/traffic/cameras/NVSProtocol.CAB
DPF: {BA2CB6B1-03EE-4068-87CC-F5E4DD772A9B} - hxxps://promontory-cag3.atk.com/CitrixLogonPoint/MyVPN/EPAClient/CitrixCAO.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil9e.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-27 06:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3008)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2012-03-27 06:33:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-27 13:33
.
Pre-Run: 16,669,876,224 bytes free
Post-Run: 17,173,045,248 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 4AB9B20E53DD85493ADA763C63D08381
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\documents and settings\All Users\Application Data\CzJzkQK78iE2Hm.exe


DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:9090
uInternet Settings,ProxyOverride = <local>;*.local

Driver::

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Broni-

I followed instructions. Pasted below or the Combofix results.

Additional note: When the scan completed, I had a dialogue box appear titled "Windows - Application Error". The text in dialogue box said: instruction 0x00650064 referenced at memory at 0x00650064. The memory could not be "written".

"Click on OK to terminate the program"
"Click on CANCEL to debug the program"

I selected OK and the lot.txt file from Combofix was on the screen. Pasted below (3parts due to length):

ComboFix 12-03-26.04 - Doug 03/27/2012 20:26:27.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.427 [GMT -7:00]
Running from: c:\documents and settings\Doug\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Doug\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\documents and settings\All Users\Application Data\CzJzkQK78iE2Hm.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Doug\Application Data\AdobeDLM.log
c:\documents and settings\Doug\Desktop\System Check.lnk
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-28 )))))))))))))))))))))))))))))))
.
.
2012-03-27 20:09 . 2012-03-27 20:09 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8D3B44C6-D960-4196-9494-F2267D5E2FC1}\offreg.dll
2012-03-27 19:35 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8D3B44C6-D960-4196-9494-F2267D5E2FC1}\mpengine.dll
2012-03-27 19:35 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2012-03-27 06:48 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2012-03-27 06:47 . 2012-01-09 16:20 139784 ------w- c:\windows\system32\dllcache\rdpwd.sys
2012-03-27 06:46 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2012-03-27 06:46 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-03-27 06:46 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-03-25 21:29 . 2012-03-25 21:29 -------- d-----w- c:\documents and settings\Doug\Application Data\Malwarebytes
2012-03-25 21:28 . 2012-03-25 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-03-25 21:28 . 2011-12-10 22:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-25 21:28 . 2012-03-25 21:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-25 15:22 . 2012-03-25 15:22 361472 ----a-w- c:\documents and settings\All Users\Application Data\CzJzkQK78iE2Hm.exe
2012-03-04 03:09 . 2012-03-04 03:09 -------- d-----w- c:\documents and settings\Doug\Application Data\ElevatedDiagnostics
2012-02-28 21:07 . 2012-02-28 21:07 -------- d-----w- c:\documents and settings\All Users\Kodak
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-08 06:03 . 2010-07-12 17:43 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-03 09:22 . 2005-08-16 10:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-28 15:32 . 2012-01-15 01:44 10809376 ----a-w- c:\program files\Common Files\lpuninstall.exe
2012-01-09 16:20 . 2005-08-16 10:37 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-27_13.26.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-14 03:17 . 2011-05-14 03:17 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920\vcomp.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll
+ 2011-05-14 08:06 . 2011-05-14 08:06 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll
+ 2011-05-14 08:23 . 2011-05-14 08:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll
+ 2011-05-14 01:37 . 2011-05-14 01:37 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll
+ 2012-03-27 20:00 . 2012-03-27 20:00 16384 c:\windows\Temp\Perflib_Perfdata_22c.dat
- 2007-01-29 08:58 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
+ 2007-01-29 08:58 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe
+ 2005-08-16 10:18 . 2012-03-27 19:57 73158 c:\windows\system32\perfc009.dat
- 2005-08-16 10:18 . 2012-03-12 13:34 73158 c:\windows\system32\perfc009.dat
+ 2005-08-16 10:18 . 2011-11-18 12:35 60416 c:\windows\system32\packager.exe
+ 2005-08-16 10:18 . 2011-09-26 18:41 20480 c:\windows\system32\oleaccrc.dll
- 2005-08-16 10:18 . 2011-02-22 23:06 66560 c:\windows\system32\mshtmled.dll
+ 2005-08-16 10:18 . 2011-12-17 19:46 66560 c:\windows\system32\mshtmled.dll
- 2006-11-08 02:03 . 2011-02-22 23:06 55296 c:\windows\system32\msfeedsbs.dll
+ 2006-11-08 02:03 . 2011-12-17 19:46 55296 c:\windows\system32\msfeedsbs.dll
- 2005-08-16 10:18 . 2008-04-14 00:11 23040 c:\windows\system32\mciseq.dll
+ 2005-08-16 10:18 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll
+ 2005-08-16 10:18 . 2011-12-17 19:46 43520 c:\windows\system32\licmgr10.dll
- 2005-08-16 10:18 . 2011-02-22 23:06 43520 c:\windows\system32\licmgr10.dll
- 2005-08-16 10:18 . 2011-02-22 23:06 25600 c:\windows\system32\jsproxy.dll
+ 2005-08-16 10:18 . 2011-12-17 19:46 25600 c:\windows\system32\jsproxy.dll
+ 2005-08-16 10:18 . 2011-07-08 14:02 10496 c:\windows\system32\drivers\ndistapi.sys
- 2009-06-09 17:36 . 2011-02-22 23:06 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-06-09 17:36 . 2011-12-17 19:46 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2011-11-18 12:35 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe
+ 2011-09-26 18:41 . 2011-09-26 18:41 20480 c:\windows\system32\dllcache\oleaccrc.dll
+ 2006-05-10 05:25 . 2011-12-17 19:46 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2006-05-10 05:25 . 2011-02-22 23:06 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2007-05-09 11:46 . 2011-02-22 23:06 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-05-09 11:46 . 2011-12-17 19:46 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2011-10-14 14:47 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll
+ 2006-10-17 17:05 . 2011-12-17 19:46 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2006-10-17 17:05 . 2011-02-22 23:06 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2006-05-10 05:25 . 2011-02-22 23:06 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-05-10 05:25 . 2011-12-17 19:46 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-12-14 07:08 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2005-08-16 10:18 . 2011-10-28 05:31 33280 c:\windows\system32\csrsrv.dll
- 2005-08-16 10:18 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll
+ 2011-12-25 10:49 . 2011-12-25 10:49 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2010-09-23 22:55 . 2010-09-23 22:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2011-12-25 18:07 . 2011-12-25 18:07 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2011-12-25 05:55 . 2011-12-25 05:55 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2010-09-23 09:26 . 2010-09-23 09:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2011-12-25 05:55 . 2011-12-25 05:55 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2010-09-23 09:26 . 2010-09-23 09:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2011-12-25 05:55 . 2011-12-25 05:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2010-09-23 09:26 . 2010-09-23 09:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2010-09-23 10:17 . 2010-09-23 10:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2011-12-25 06:49 . 2011-12-25 06:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2010-09-23 10:17 . 2010-09-23 10:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2011-12-25 06:49 . 2011-12-25 06:49 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2005-08-16 10:38 . 2009-06-24 05:01 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
+ 2005-08-16 10:38 . 2011-07-05 22:46 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
+ 2005-08-16 10:38 . 2011-07-05 22:46 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
- 2005-08-16 10:38 . 2009-06-24 05:01 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
+ 2005-08-16 10:38 . 2011-07-06 16:57 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
- 2005-08-16 10:38 . 2009-06-24 05:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
+ 2005-08-16 10:38 . 2011-07-06 16:57 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
- 2005-08-16 10:38 . 2009-06-24 05:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
+ 2005-11-28 19:07 . 2012-03-27 19:44 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2005-11-28 19:07 . 2011-04-14 20:36 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2005-11-28 19:07 . 2012-03-27 19:44 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2005-11-28 19:07 . 2011-04-14 20:36 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2005-11-28 19:07 . 2012-03-27 19:44 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2005-11-28 19:07 . 2011-04-14 20:36 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2005-11-28 19:07 . 2011-04-14 20:36 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2005-11-28 19:07 . 2012-03-27 19:44 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-01-23 13:33 . 2012-03-27 19:45 23040 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-01-23 13:33 . 2011-09-12 17:31 23040 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-01-23 13:33 . 2011-09-12 17:31 61440 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-01-23 13:33 . 2012-03-27 19:45 61440 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2007-01-23 13:33 . 2011-09-12 17:31 27136 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-01-23 13:33 . 2012-03-27 19:45 27136 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-01-23 13:33 . 2011-09-12 17:31 11264 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-01-23 13:33 . 2012-03-27 19:45 11264 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-01-23 13:33 . 2011-09-12 17:31 12288 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-01-23 13:33 . 2012-03-27 19:45 12288 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2012-03-27 19:58 . 2012-03-27 19:58 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2011-04-14 20:24 . 2011-04-14 20:24 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-06-04 19:01 . 2012-03-27 19:12 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-06-04 19:01 . 2011-04-27 01:51 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2012-03-27 19:17 . 2011-02-22 23:06 12800 c:\windows\ie8updates\KB2647516-IE8\xpshims.dll
+ 2012-03-27 19:17 . 2011-02-22 23:06 66560 c:\windows\ie8updates\KB2647516-IE8\mshtmled.dll
+ 2012-03-27 19:17 . 2011-02-22 23:06 55296 c:\windows\ie8updates\KB2647516-IE8\msfeedsbs.dll
+ 2012-03-27 19:17 . 2011-02-22 23:06 43520 c:\windows\ie8updates\KB2647516-IE8\licmgr10.dll
+ 2012-03-27 19:17 . 2011-02-22 23:06 25600 c:\windows\ie8updates\KB2647516-IE8\jsproxy.dll
+ 2012-03-27 19:26 . 2012-03-27 19:26 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_3b0919fb\System.Drawing.Design.dll
+ 2012-03-27 19:26 . 2012-03-27 19:26 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_8e8d62de\CustomMarshalers.dll
+ 2012-03-27 19:06 . 2012-03-27 19:06 90112 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_fab8784e\System.Drawing.Design.dll
+ 2012-03-27 19:05 . 2012-03-27 19:05 61440 c:\windows\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_c17d2b71\CustomMarshalers.dll
+ 2012-03-27 19:48 . 2012-03-27 19:48 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\e945a5f391364545485d15af876ab830\UIAutomationProvider.ni.dll
+ 2012-03-27 20:05 . 2012-03-27 20:05 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll
+ 2012-03-27 20:42 . 2012-03-27 20:42 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\dab766b18e6fe0a8f53a93c56be7b40e\System.Windows.Presentation.ni.dll
+ 2012-03-27 20:42 . 2012-03-27 20:42 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\31b65443e56a470d199f293085576e05\System.Web.DynamicData.Design.ni.dll
+ 2012-03-27 20:20 . 2012-03-27 20:20 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\89dfd3999ad1d72c59243d7b4bf40d5a\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-03-27 20:20 . 2012-03-27 20:20 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\e6a9cd66d11a21776dbf425e8e28099c\System.AddIn.Contract.ni.dll
+ 2012-03-27 20:07 . 2012-03-27 20:07 76288 c:\windows\assembly\NativeImages_v2.0.50727_32\ShellLib\2c294671377efe93f8b93a8fe97d5e9f\ShellLib.ni.dll
+ 2012-03-27 20:01 . 2012-03-27 20:01 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3aa4296d4aa01fe0533de2c15f818d5f\PresentationFontCache.ni.exe
+ 2012-03-27 20:01 . 2012-03-27 20:01 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\820acb71782d9cd006800b3ac7e1ca53\PresentationCFFRasterizer.ni.dll
+ 2012-03-27 20:07 . 2012-03-27 20:07 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\d07f0222f62dbed7898a6e2e909d407a\Microsoft.Vsa.ni.dll
+ 2012-03-27 20:07 . 2012-03-27 20:07 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\a140509b1342934fc5e58ae22ac9696c\Microsoft.VisualC.ni.dll
+ 2012-03-27 20:20 . 2012-03-27 20:20 30208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\9855d3fb15e6c63a811b1f0b66d78428\Microsoft.PowerShell.Commands.Utility.resources.ni.dll
+ 2012-03-27 20:20 . 2012-03-27 20:20 17408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7618f444d33b1311e952ba9285e4a4b2\Microsoft.PowerShell.Security.resources.ni.dll
+ 2012-03-27 20:19 . 2012-03-27 20:19 19456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\1b23e2c0707d81e7eb14f78552562635\Microsoft.PowerShell.Commands.Management.resources.ni.dll
+ 2012-03-27 20:20 . 2012-03-27 20:20 35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\05bbffbe100ede49139819641a41dfda\Microsoft.PowerShell.ConsoleHost.resources.ni.dll
+ 2012-03-27 20:19 . 2012-03-27 20:19 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\aefe683674c97a998f4e908c1a7ee7c6\Microsoft.Build.Framework.ni.dll
+ 2012-03-27 20:19 . 2012-03-27 20:19 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\845eef4d09f28da6ee05d99f93c90f6e\Microsoft.Build.Framework.ni.dll
+ 2012-03-27 20:17 . 2012-03-27 20:17 78336 c:\windows\assembly\NativeImages_v2.0.50727_32\Kodak.Statistics\02aa09ced8b279c347826607bf66597c\Kodak.Statistics.ni.exe
+ 2012-03-27 20:07 . 2012-03-27 20:07 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.WIA\090f7b3da7a35dd5188b36c7227e87a9\Interop.WIA.ni.dll
+ 2012-03-27 20:08 . 2012-03-27 20:08 98304 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.DeviceSettin#\ad3980c979042cbcf8963a0e82fad500\Inkjet.DeviceSettings.ni.dll
+ 2012-03-27 20:07 . 2012-03-27 20:07 80896 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Configuration\0664ade269ba04a1c292766bf6bdbfda\Inkjet.Configuration.ni.dll
+ 2012-03-27 20:08 . 2012-03-27 20:08 52736 c:\windows\assembly\NativeImages_v2.0.50727_32\HRIntp.Interop\6b1445ade5402931341badc27a3f8f69\HRIntp.Interop.ni.dll
+ 2012-03-27 20:08 . 2012-03-27 20:08 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\Helper\7bccba4baf707b00877da5797e50c6c6\Helper.ni.dll
+ 2012-03-27 20:19 . 2012-03-27 20:19 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\ab7ce2d94ca725c3889a4e3c1ee88ece\dfsvc.ni.exe
+ 2012-03-27 20:07 . 2012-03-27 20:07 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-04-14 20:28 . 2011-04-14 20:28 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-04-14 20:28 . 2011-04-14 20:28 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-10-02 19:01 . 2010-10-02 19:01 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-03-27 19:25 . 2012-03-27 19:25 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2005-08-16 10:38 . 2009-06-29 18:57 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
+ 2005-08-16 10:38 . 2011-07-13 01:05 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
- 2005-11-28 19:07 . 2011-04-14 20:36 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2005-11-28 19:07 . 2012-03-27 19:44 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-01-23 13:33 . 2011-09-12 17:31 4096 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-01-23 13:33 . 2012-03-27 19:45 4096 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2011-04-14 20:27 . 2011-04-14 20:27 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-04-14 20:28 . 2011-04-14 20:28 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-04-14 20:27 . 2011-04-14 20:27 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-05-14 08:17 . 2011-05-14 08:17 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
+ 2011-05-14 08:12 . 2011-05-14 08:12 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
+ 2011-05-14 08:11 . 2011-05-14 08:11 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll
+ 2005-08-16 10:18 . 2011-11-25 21:57 293376 c:\windows\system32\winsrv.dll
- 2005-08-16 10:18 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll
+ 2005-08-16 10:18 . 2011-10-14 14:47 176128 c:\windows\system32\winmm.dll
- 2005-08-16 10:18 . 2008-04-14 00:12 176128 c:\windows\system32\winmm.dll
+ 2005-08-16 10:18 . 2011-12-17 19:46 916992 c:\windows\system32\wininet.dll
- 2005-08-16 10:18 . 2009-08-25 09:17 354816 c:\windows\system32\winhttp.dll
+ 2005-08-16 10:18 . 2011-11-16 14:21 354816 c:\windows\system32\winhttp.dll
+ 2005-08-16 10:18 . 2011-12-17 19:46 105984 c:\windows\system32\url.dll
- 2005-08-16 10:18 . 2009-03-08 11:34 105984 c:\windows\system32\url.dll
+ 2008-07-30 03:59 . 2011-09-26 18:41 611328 c:\windows\system32\uiautomationcore.dll
+ 2005-08-16 10:18 . 2011-11-16 14:21 152064 c:\windows\system32\schannel.dll
- 2005-08-16 10:18 . 2008-04-14 00:12 386048 c:\windows\system32\qdvd.dll
+ 2005-08-16 10:18 . 2011-11-03 15:28 386048 c:\windows\system32\qdvd.dll
- 2005-08-16 10:18 . 2012-03-12 13:34 446144 c:\windows\system32\perfh009.dat
+ 2005-08-16 10:18 . 2012-03-27 19:57 446144 c:\windows\system32\perfh009.dat
- 2005-08-16 10:18 . 2008-04-14 00:12 551936 c:\windows\system32\oleaut32.dll
+ 2005-08-16 10:18 . 2010-12-20 17:32 551936 c:\windows\system32\oleaut32.dll
+ 2005-08-16 10:18 . 2011-09-26 18:41 220160 c:\windows\system32\oleacc.dll
+ 2005-08-16 10:18 . 2011-12-17 19:46 206848 c:\windows\system32\occache.dll
- 2005-08-16 10:18 . 2011-02-22 23:06 206848 c:\windows\system32\occache.dll
+ 2005-08-16 10:18 . 2011-12-17 19:46 611840 c:\windows\system32\mstime.dll
- 2005-08-16 10:18 . 2011-02-22 23:06 611840 c:\windows\system32\mstime.dll
+ 2006-11-08 02:03 . 2011-12-17 19:46 602112 c:\windows\system32\msfeeds.dll
- 2006-11-08 02:03 . 2011-02-22 23:06 602112 c:\windows\system32\msfeeds.dll
- 2005-08-16 10:40 . 2011-03-07 05:33 692736 c:\windows\system32\inetcomm.dll
+ 2005-08-16 10:40 . 2011-10-10 14:22 692736 c:\windows\system32\inetcomm.dll
+ 2005-08-16 10:18 . 2011-12-17 19:46 184320 c:\windows\system32\iepeers.dll
- 2005-08-16 10:18 . 2011-02-22 23:06 184320 c:\windows\system32\iepeers.dll
+ 2005-08-16 10:18 . 2011-12-17 19:46 387584 c:\windows\system32\iedkcs32.dll
- 2005-08-16 10:18 . 2011-02-22 23:06 387584 c:\windows\system32\iedkcs32.dll
+ 2005-08-16 10:18 . 2011-12-16 12:23 174080 c:\windows\system32\ie4uinit.exe
+ 2005-08-16 10:27 . 2012-03-27 19:59 317952 c:\windows\system32\FNTCACHE.DAT
- 2005-08-16 10:27 . 2011-10-28 14:13 317952 c:\windows\system32\FNTCACHE.DAT
- 2005-08-16 10:18 . 2011-02-05 01:48 456192 c:\windows\system32\encdec.dll
+ 2005-08-16 10:18 . 2011-10-15 00:38 456192 c:\windows\system32\encdec.dll
+ 2005-08-16 10:18 . 2011-04-21 13:37 105472 c:\windows\system32\drivers\mup.sys
+ 2005-11-28 18:37 . 2011-07-15 13:29 456320 c:\windows\system32\drivers\mrxsmb.sys
+ 2010-03-26 04:30 . 2011-04-18 20:18 165648 c:\windows\system32\drivers\MpFilter.sys
+ 2005-08-16 10:18 . 2011-08-17 13:49 138496 c:\windows\system32\drivers\afd.sys
- 2005-08-16 10:18 . 2008-10-16 14:43 138496 c:\windows\system32\drivers\afd.sys
+ 2010-06-18 17:45 . 2011-11-25 21:57 293376 c:\windows\system32\dllcache\winsrv.dll
- 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2011-10-14 14:47 . 2011-10-14 14:47 176128 c:\windows\system32\dllcache\winmm.dll
+ 2006-05-10 05:25 . 2011-12-17 19:46 916992 c:\windows\system32\dllcache\wininet.dll
- 2008-12-16 12:30 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2008-12-16 12:30 . 2011-11-16 14:21 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2006-09-18 14:15 . 2011-04-30 03:01 758784 c:\windows\system32\dllcache\vgx.dll
- 2006-10-17 17:05 . 2009-03-08 11:34 105984 c:\windows\system32\dllcache\url.dll
+ 2006-10-17 17:05 . 2011-12-17 19:46 105984 c:\windows\system32\dllcache\url.dll
+ 2008-12-05 06:54 . 2011-11-16 14:21 152064 c:\windows\system32\dllcache\schannel.dll
+ 2011-11-03 15:28 . 2011-11-03 15:28 386048 c:\windows\system32\dllcache\qdvd.dll
+ 2010-12-20 17:32 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll
+ 2011-09-26 18:41 . 2011-09-26 18:41 220160 c:\windows\system32\dllcache\oleacc.dll
- 2006-10-17 17:04 . 2011-02-22 23:06 206848 c:\windows\system32\dllcache\occache.dll
+ 2006-10-17 17:04 . 2011-12-17 19:46 206848 c:\windows\system32\dllcache\occache.dll
- 2006-05-10 05:25 . 2011-02-22 23:06 611840 c:\windows\system32\dllcache\mstime.dll
+ 2006-05-10 05:25 . 2011-12-17 19:46 611840 c:\windows\system32\dllcache\mstime.dll
+ 2007-05-09 11:46 . 2011-12-17 19:46 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2007-05-09 11:46 . 2011-02-22 23:06 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-11-12 10:46 . 2011-07-15 13:29 456320 c:\windows\system32\dllcache\mrxsmb.sys
+ 2008-08-15 19:16 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2008-08-15 19:16 . 2011-03-07 05:33 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2009-06-09 17:36 . 2011-12-17 19:46 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-06-09 17:36 . 2011-02-22 23:06 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2006-05-10 05:25 . 2011-12-17 19:46 184320 c:\windows\system32\dllcache\iepeers.dll
- 2006-05-10 05:25 . 2011-02-22 23:06 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-06-11 01:43 . 2011-02-22 23:06 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-06-11 01:43 . 2011-12-17 19:46 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2006-11-07 08:27 . 2011-02-22 23:06 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2006-11-07 08:27 . 2011-12-17 19:46 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2006-11-07 08:26 . 2011-12-16 12:23 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2011-02-05 01:48 . 2011-10-15 00:38 456192 c:\windows\system32\dllcache\encdec.dll
- 2011-02-05 01:48 . 2011-02-05 01:48 456192 c:\windows\system32\dllcache\encdec.dll
+ 2011-09-28 07:06 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll
+ 2008-06-20 11:40 . 2011-08-17 13:49 138496 c:\windows\system32\dllcache\afd.sys
- 2008-06-20 11:40 . 2008-10-16 14:43 138496 c:\windows\system32\dllcache\afd.sys
+ 2005-08-16 10:18 . 2011-09-28 07:06 599040 c:\windows\system32\crypt32.dll
- 2005-08-16 10:18 . 2008-04-14 00:11 599040 c:\windows\system32\crypt32.dll
 
Broni-
Re-transmission of same log file. I had trouble parsing the file so am starting over. In 3 parts:

ComboFix 12-03-26.04 - Doug 03/27/2012 20:26:27.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.427 [GMT -7:00]
Running from: c:\documents and settings\Doug\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Doug\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\documents and settings\All Users\Application Data\CzJzkQK78iE2Hm.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Doug\Application Data\AdobeDLM.log
c:\documents and settings\Doug\Desktop\System Check.lnk
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-28 )))))))))))))))))))))))))))))))
.
.
2012-03-27 20:09 . 2012-03-27 20:09 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8D3B44C6-D960-4196-9494-F2267D5E2FC1}\offreg.dll
2012-03-27 19:35 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8D3B44C6-D960-4196-9494-F2267D5E2FC1}\mpengine.dll
2012-03-27 19:35 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2012-03-27 06:48 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2012-03-27 06:47 . 2012-01-09 16:20 139784 ------w- c:\windows\system32\dllcache\rdpwd.sys
2012-03-27 06:46 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2012-03-27 06:46 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-03-27 06:46 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-03-25 21:29 . 2012-03-25 21:29 -------- d-----w- c:\documents and settings\Doug\Application Data\Malwarebytes
2012-03-25 21:28 . 2012-03-25 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-03-25 21:28 . 2011-12-10 22:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-25 21:28 . 2012-03-25 21:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-25 15:22 . 2012-03-25 15:22 361472 ----a-w- c:\documents and settings\All Users\Application Data\CzJzkQK78iE2Hm.exe
2012-03-04 03:09 . 2012-03-04 03:09 -------- d-----w- c:\documents and settings\Doug\Application Data\ElevatedDiagnostics
2012-02-28 21:07 . 2012-02-28 21:07 -------- d-----w- c:\documents and settings\All Users\Kodak
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-08 06:03 . 2010-07-12 17:43 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-03 09:22 . 2005-08-16 10:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-28 15:32 . 2012-01-15 01:44 10809376 ----a-w- c:\program files\Common Files\lpuninstall.exe
2012-01-09 16:20 . 2005-08-16 10:37 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-27_13.26.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-14 03:17 . 2011-05-14 03:17 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920\vcomp.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll
+ 2011-05-14 08:06 . 2011-05-14 08:06 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll
+ 2011-05-14 08:23 . 2011-05-14 08:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll
+ 2011-05-14 01:37 . 2011-05-14 01:37 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll
+ 2012-03-27 20:00 . 2012-03-27 20:00 16384 c:\windows\Temp\Perflib_Perfdata_22c.dat
- 2007-01-29 08:58 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
+ 2007-01-29 08:58 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe
+ 2005-08-16 10:18 . 2012-03-27 19:57 73158 c:\windows\system32\perfc009.dat
- 2005-08-16 10:18 . 2012-03-12 13:34 73158 c:\windows\system32\perfc009.dat
+ 2005-08-16 10:18 . 2011-11-18 12:35 60416 c:\windows\system32\packager.exe
+ 2005-08-16 10:18 . 2011-09-26 18:41 20480 c:\windows\system32\oleaccrc.dll
- 2005-08-16 10:18 . 2011-02-22 23:06 66560 c:\windows\system32\mshtmled.dll
+ 2005-08-16 10:18 . 2011-12-17 19:46 66560 c:\windows\system32\mshtmled.dll
- 2006-11-08 02:03 . 2011-02-22 23:06 55296 c:\windows\system32\msfeedsbs.dll
+ 2006-11-08 02:03 . 2011-12-17 19:46 55296 c:\windows\system32\msfeedsbs.dll
- 2005-08-16 10:18 . 2008-04-14 00:11 23040 c:\windows\system32\mciseq.dll
+ 2005-08-16 10:18 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll
 
Part 2


+ 2005-08-16 10:18 . 2011-12-17 19:46 43520 c:\windows\system32\licmgr10.dll
- 2005-08-16 10:18 . 2011-02-22 23:06 43520 c:\windows\system32\licmgr10.dll
- 2005-08-16 10:18 . 2011-02-22 23:06 25600 c:\windows\system32\jsproxy.dll
+ 2005-08-16 10:18 . 2011-12-17 19:46 25600 c:\windows\system32\jsproxy.dll
+ 2005-08-16 10:18 . 2011-07-08 14:02 10496 c:\windows\system32\drivers\ndistapi.sys
- 2009-06-09 17:36 . 2011-02-22 23:06 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-06-09 17:36 . 2011-12-17 19:46 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2011-11-18 12:35 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe
+ 2011-09-26 18:41 . 2011-09-26 18:41 20480 c:\windows\system32\dllcache\oleaccrc.dll
+ 2006-05-10 05:25 . 2011-12-17 19:46 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2006-05-10 05:25 . 2011-02-22 23:06 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2007-05-09 11:46 . 2011-02-22 23:06 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-05-09 11:46 . 2011-12-17 19:46 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2011-10-14 14:47 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll
+ 2006-10-17 17:05 . 2011-12-17 19:46 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2006-10-17 17:05 . 2011-02-22 23:06 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2006-05-10 05:25 . 2011-02-22 23:06 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-05-10 05:25 . 2011-12-17 19:46 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-12-14 07:08 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2005-08-16 10:18 . 2011-10-28 05:31 33280 c:\windows\system32\csrsrv.dll
- 2005-08-16 10:18 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll
+ 2011-12-25 10:49 . 2011-12-25 10:49 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2010-09-23 22:55 . 2010-09-23 22:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2011-12-25 18:07 . 2011-12-25 18:07 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2011-12-25 05:55 . 2011-12-25 05:55 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2010-09-23 09:26 . 2010-09-23 09:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2011-12-25 05:55 . 2011-12-25 05:55 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2010-09-23 09:26 . 2010-09-23 09:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2011-12-25 05:55 . 2011-12-25 05:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2010-09-23 09:26 . 2010-09-23 09:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2010-09-23 10:17 . 2010-09-23 10:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2011-12-25 06:49 . 2011-12-25 06:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2010-09-23 10:17 . 2010-09-23 10:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2011-12-25 06:49 . 2011-12-25 06:49 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2005-08-16 10:38 . 2009-06-24 05:01 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
+ 2005-08-16 10:38 . 2011-07-05 22:46 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
+ 2005-08-16 10:38 . 2011-07-05 22:46 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
- 2005-08-16 10:38 . 2009-06-24 05:01 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
+ 2005-08-16 10:38 . 2011-07-06 16:57 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
- 2005-08-16 10:38 . 2009-06-24 05:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
+ 2005-08-16 10:38 . 2011-07-06 16:57 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
- 2005-08-16 10:38 . 2009-06-24 05:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
+ 2005-11-28 19:07 . 2012-03-27 19:44 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2005-11-28 19:07 . 2011-04-14 20:36 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2005-11-28 19:07 . 2012-03-27 19:44 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2005-11-28 19:07 . 2011-04-14 20:36 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2005-11-28 19:07 . 2012-03-27 19:44 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2005-11-28 19:07 . 2011-04-14 20:36 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2005-11-28 19:07 . 2011-04-14 20:36 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2005-11-28 19:07 . 2012-03-27 19:44 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-01-23 13:33 . 2012-03-27 19:45 23040 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-01-23 13:33 . 2011-09-12 17:31 23040 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-01-23 13:33 . 2011-09-12 17:31 61440 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-01-23 13:33 . 2012-03-27 19:45 61440 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2007-01-23 13:33 . 2011-09-12 17:31 27136 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-01-23 13:33 . 2012-03-27 19:45 27136 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-01-23 13:33 . 2011-09-12 17:31 11264 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-01-23 13:33 . 2012-03-27 19:45 11264 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-01-23 13:33 . 2011-09-12 17:31 12288 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-01-23 13:33 . 2012-03-27 19:45 12288 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2012-03-27 19:58 . 2012-03-27 19:58 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2011-04-14 20:24 . 2011-04-14 20:24 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-06-04 19:01 . 2012-03-27 19:12 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-06-04 19:01 . 2011-04-27 01:51 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2012-03-27 19:17 . 2011-02-22 23:06 12800 c:\windows\ie8updates\KB2647516-IE8\xpshims.dll
+ 2012-03-27 19:17 . 2011-02-22 23:06 66560 c:\windows\ie8updates\KB2647516-IE8\mshtmled.dll
+ 2012-03-27 19:17 . 2011-02-22 23:06 55296 c:\windows\ie8updates\KB2647516-IE8\msfeedsbs.dll
+ 2012-03-27 19:17 . 2011-02-22 23:06 43520 c:\windows\ie8updates\KB2647516-IE8\licmgr10.dll
+ 2012-03-27 19:17 . 2011-02-22 23:06 25600 c:\windows\ie8updates\KB2647516-IE8\jsproxy.dll
+ 2012-03-27 19:26 . 2012-03-27 19:26 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_3b0919fb\System.Drawing.Design.dll
+ 2012-03-27 19:26 . 2012-03-27 19:26 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_8e8d62de\CustomMarshalers.dll
+ 2012-03-27 19:06 . 2012-03-27 19:06 90112 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_fab8784e\System.Drawing.Design.dll
+ 2012-03-27 19:05 . 2012-03-27 19:05 61440 c:\windows\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_c17d2b71\CustomMarshalers.dll
+ 2012-03-27 19:48 . 2012-03-27 19:48 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\e945a5f391364545485d15af876ab830\UIAutomationProvider.ni.dll
+ 2012-03-27 20:05 . 2012-03-27 20:05 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll
+ 2012-03-27 20:42 . 2012-03-27 20:42 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\dab766b18e6fe0a8f53a93c56be7b40e\System.Windows.Presentation.ni.dll
+ 2012-03-27 20:42 . 2012-03-27 20:42 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\31b65443e56a470d199f293085576e05\System.Web.DynamicData.Design.ni.dll
+ 2012-03-27 20:20 . 2012-03-27 20:20 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\89dfd3999ad1d72c59243d7b4bf40d5a\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-03-27 20:20 . 2012-03-27 20:20 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\e6a9cd66d11a21776dbf425e8e28099c\System.AddIn.Contract.ni.dll
+ 2012-03-27 20:07 . 2012-03-27 20:07 76288 c:\windows\assembly\NativeImages_v2.0.50727_32\ShellLib\2c294671377efe93f8b93a8fe97d5e9f\ShellLib.ni.dll
+ 2012-03-27 20:01 . 2012-03-27 20:01 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3aa4296d4aa01fe0533de2c15f818d5f\PresentationFontCache.ni.exe
+ 2012-03-27 20:01 . 2012-03-27 20:01 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\820acb71782d9cd006800b3ac7e1ca53\PresentationCFFRasterizer.ni.dll
+ 2012-03-27 20:07 . 2012-03-27 20:07 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\d07f0222f62dbed7898a6e2e909d407a\Microsoft.Vsa.ni.dll
+ 2012-03-27 20:07 . 2012-03-27 20:07 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\a140509b1342934fc5e58ae22ac9696c\Microsoft.VisualC.ni.dll
+ 2012-03-27 20:20 . 2012-03-27 20:20 30208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\9855d3fb15e6c63a811b1f0b66d78428\Microsoft.PowerShell.Commands.Utility.resources.ni.dll
+ 2012-03-27 20:20 . 2012-03-27 20:20 17408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7618f444d33b1311e952ba9285e4a4b2\Microsoft.PowerShell.Security.resources.ni.dll
+ 2012-03-27 20:19 . 2012-03-27 20:19 19456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\1b23e2c0707d81e7eb14f78552562635\Microsoft.PowerShell.Commands.Management.resources.ni.dll
+ 2012-03-27 20:20 . 2012-03-27 20:20 35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\05bbffbe100ede49139819641a41dfda\Microsoft.PowerShell.ConsoleHost.resources.ni.dll
+ 2012-03-27 20:19 . 2012-03-27 20:19 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\aefe683674c97a998f4e908c1a7ee7c6\Microsoft.Build.Framework.ni.dll
+ 2012-03-27 20:19 . 2012-03-27 20:19 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\845eef4d09f28da6ee05d99f93c90f6e\Microsoft.Build.Framework.ni.dll
+ 2012-03-27 20:17 . 2012-03-27 20:17 78336 c:\windows\assembly\NativeImages_v2.0.50727_32\Kodak.Statistics\02aa09ced8b279c347826607bf66597c\Kodak.Statistics.ni.exe
+ 2012-03-27 20:07 . 2012-03-27 20:07 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.WIA\090f7b3da7a35dd5188b36c7227e87a9\Interop.WIA.ni.dll
+ 2012-03-27 20:08 . 2012-03-27 20:08 98304 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.DeviceSettin#\ad3980c979042cbcf8963a0e82fad500\Inkjet.DeviceSettings.ni.dll
+ 2012-03-27 20:07 . 2012-03-27 20:07 80896 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Configuration\0664ade269ba04a1c292766bf6bdbfda\Inkjet.Configuration.ni.dll
+ 2012-03-27 20:08 . 2012-03-27 20:08 52736 c:\windows\assembly\NativeImages_v2.0.50727_32\HRIntp.Interop\6b1445ade5402931341badc27a3f8f69\HRIntp.Interop.ni.dll
+ 2012-03-27 20:08 . 2012-03-27 20:08 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\Helper\7bccba4baf707b00877da5797e50c6c6\Helper.ni.dll
+ 2012-03-27 20:19 . 2012-03-27 20:19 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\ab7ce2d94ca725c3889a4e3c1ee88ece\dfsvc.ni.exe
+ 2012-03-27 20:07 . 2012-03-27 20:07 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-04-14 20:28 . 2011-04-14 20:28 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-04-14 20:28 . 2011-04-14 20:28 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-10-02 19:01 . 2010-10-02 19:01 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-03-27 19:25 . 2012-03-27 19:25 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2005-08-16 10:38 . 2009-06-29 18:57 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
+ 2005-08-16 10:38 . 2011-07-13 01:05 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
- 2005-11-28 19:07 . 2011-04-14 20:36 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2005-11-28 19:07 . 2012-03-27 19:44 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-01-23 13:33 . 2011-09-12 17:31 4096 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-01-23 13:33 . 2012-03-27 19:45 4096 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2011-04-14 20:27 . 2011-04-14 20:27 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-04-14 20:28 . 2011-04-14 20:28 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-04-14 20:27 . 2011-04-14 20:27 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-05-14 08:17 . 2011-05-14 08:17 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
+ 2011-05-14 08:12 . 2011-05-14 08:12 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
+ 2011-05-14 08:11 . 2011-05-14 08:11 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll
+ 2005-08-16 10:18 . 2011-11-25 21:57 293376 c:\windows\system32\winsrv.dll
- 2005-08-16 10:18 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll
+ 2005-08-16 10:18 . 2011-10-14 14:47 176128 c:\windows\system32\winmm.dll
- 2005-08-16 10:18 . 2008-04-14 00:12 176128 c:\windows\system32\winmm.dll
+ 2005-08-16 10:18 . 2011-12-17 19:46 916992 c:\windows\system32\wininet.dll
- 2005-08-16 10:18 . 2009-08-25 09:17 354816 c:\windows\system32\winhttp.dll
+ 2005-08-16 10:18 . 2011-11-16 14:21 354816 c:\windows\system32\winhttp.dll
+ 2005-08-16 10:18 . 2011-12-17 19:46 105984 c:\windows\system32\url.dll
- 2005-08-16 10:18 . 2009-03-08 11:34 105984 c:\windows\system32\url.dll
+ 2008-07-30 03:59 . 2011-09-26 18:41 611328 c:\windows\system32\uiautomationcore.dll
+ 2005-08-16 10:18 . 2011-11-16 14:21 152064 c:\windows\system32\schannel.dll
- 2005-08-16 10:18 . 2008-04-14 00:12 386048 c:\windows\system32\qdvd.dll
+ 2005-08-16 10:18 . 2011-11-03 15:28 386048 c:\windows\system32\qdvd.dll
- 2005-08-16 10:18 . 2012-03-12 13:34 446144 c:\windows\system32\perfh009.dat
+ 2005-08-16 10:18 . 2012-03-27 19:57 446144 c:\windows\system32\perfh009.dat
- 2005-08-16 10:18 . 2008-04-14 00:12 551936 c:\windows\system32\oleaut32.dll
+ 2005-08-16 10:18 . 2010-12-20 17:32 551936 c:\windows\system32\oleaut32.dll
+ 2005-08-16 10:18 . 2011-09-26 18:41 220160 c:\windows\system32\oleacc.dll
+ 2005-08-16 10:18 . 2011-12-17 19:46 206848 c:\windows\system32\occache.dll
- 2005-08-16 10:18 . 2011-02-22 23:06 206848 c:\windows\system32\occache.dll
+ 2005-08-16 10:18 . 2011-12-17 19:46 611840 c:\windows\system32\mstime.dll
- 2005-08-16 10:18 . 2011-02-22 23:06 611840 c:\windows\system32\mstime.dll
+ 2006-11-08 02:03 . 2011-12-17 19:46 602112 c:\windows\system32\msfeeds.dll
- 2006-11-08 02:03 . 2011-02-22 23:06 602112 c:\windows\system32\msfeeds.dll
- 2005-08-16 10:40 . 2011-03-07 05:33 692736 c:\windows\system32\inetcomm.dll
+ 2005-08-16 10:40 . 2011-10-10 14:22 692736 c:\windows\system32\inetcomm.dll
+ 2005-08-16 10:18 . 2011-12-17 19:46 184320 c:\windows\system32\iepeers.dll
- 2005-08-16 10:18 . 2011-02-22 23:06 184320 c:\windows\system32\iepeers.dll
+ 2005-08-16 10:18 . 2011-12-17 19:46 387584 c:\windows\system32\iedkcs32.dll
- 2005-08-16 10:18 . 2011-02-22 23:06 387584 c:\windows\system32\iedkcs32.dll
+ 2005-08-16 10:18 . 2011-12-16 12:23 174080 c:\windows\system32\ie4uinit.exe
+ 2005-08-16 10:27 . 2012-03-27 19:59 317952 c:\windows\system32\FNTCACHE.DAT
- 2005-08-16 10:27 . 2011-10-28 14:13 317952 c:\windows\system32\FNTCACHE.DAT
- 2005-08-16 10:18 . 2011-02-05 01:48 456192 c:\windows\system32\encdec.dll
+ 2005-08-16 10:18 . 2011-10-15 00:38 456192 c:\windows\system32\encdec.dll
+ 2005-08-16 10:18 . 2011-04-21 13:37 105472 c:\windows\system32\drivers\mup.sys
+ 2005-11-28 18:37 . 2011-07-15 13:29 456320 c:\windows\system32\drivers\mrxsmb.sys
+ 2010-03-26 04:30 . 2011-04-18 20:18 165648 c:\windows\system32\drivers\MpFilter.sys
+ 2005-08-16 10:18 . 2011-08-17 13:49 138496 c:\windows\system32\drivers\afd.sys
- 2005-08-16 10:18 . 2008-10-16 14:43 138496 c:\windows\system32\drivers\afd.sys
+ 2010-06-18 17:45 . 2011-11-25 21:57 293376 c:\windows\system32\dllcache\winsrv.dll
- 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2011-10-14 14:47 . 2011-10-14 14:47 176128 c:\windows\system32\dllcache\winmm.dll
+ 2006-05-10 05:25 . 2011-12-17 19:46 916992 c:\windows\system32\dllcache\wininet.dll
- 2008-12-16 12:30 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2008-12-16 12:30 . 2011-11-16 14:21 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2006-09-18 14:15 . 2011-04-30 03:01 758784 c:\windows\system32\dllcache\vgx.dll
- 2006-10-17 17:05 . 2009-03-08 11:34 105984 c:\windows\system32\dllcache\url.dll
+ 2006-10-17 17:05 . 2011-12-17 19:46 105984 c:\windows\system32\dllcache\url.dll
+ 2008-12-05 06:54 . 2011-11-16 14:21 152064 c:\windows\system32\dllcache\schannel.dll
+ 2011-11-03 15:28 . 2011-11-03 15:28 386048 c:\windows\system32\dllcache\qdvd.dll
+ 2010-12-20 17:32 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll
+ 2011-09-26 18:41 . 2011-09-26 18:41 220160 c:\windows\system32\dllcache\oleacc.dll
- 2006-10-17 17:04 . 2011-02-22 23:06 206848 c:\windows\system32\dllcache\occache.dll
+ 2006-10-17 17:04 . 2011-12-17 19:46 206848 c:\windows\system32\dllcache\occache.dll
- 2006-05-10 05:25 . 2011-02-22 23:06 611840 c:\windows\system32\dllcache\mstime.dll
+ 2006-05-10 05:25 . 2011-12-17 19:46 611840 c:\windows\system32\dllcache\mstime.dll
+ 2007-05-09 11:46 . 2011-12-17 19:46 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2007-05-09 11:46 . 2011-02-22 23:06 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-11-12 10:46 . 2011-07-15 13:29 456320 c:\windows\system32\dllcache\mrxsmb.sys
+ 2008-08-15 19:16 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2008-08-15 19:16 . 2011-03-07 05:33 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2009-06-09 17:36 . 2011-12-17 19:46 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-06-09 17:36 . 2011-02-22 23:06 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2006-05-10 05:25 . 2011-12-17 19:46 184320 c:\windows\system32\dllcache\iepeers.dll
- 2006-05-10 05:25 . 2011-02-22 23:06 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-06-11 01:43 . 2011-02-22 23:06 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-06-11 01:43 . 2011-12-17 19:46 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2006-11-07 08:27 . 2011-02-22 23:06 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2006-11-07 08:27 . 2011-12-17 19:46 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2006-11-07 08:26 . 2011-12-16 12:23 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2011-02-05 01:48 . 2011-10-15 00:38 456192 c:\windows\system32\dllcache\encdec.dll
- 2011-02-05 01:48 . 2011-02-05 01:48 456192 c:\windows\system32\dllcache\encdec.dll
+ 2011-09-28 07:06 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll
+ 2008-06-20 11:40 . 2011-08-17 13:49 138496 c:\windows\system32\dllcache\afd.sys
- 2008-06-20 11:40 . 2008-10-16 14:43 138496 c:\windows\system32\dllcache\afd.sys
+ 2005-08-16 10:18 . 2011-09-28 07:06 599040 c:\windows\system32\crypt32.dll
- 2005-08-16 10:18 . 2008-04-14 00:11 599040 c:\windows\system32\crypt32.dll
+ 2011-12-25 10:49 . 2011-12-25 10:49 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2011-07-07 12:18 . 2011-07-07 12:18 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2011-01-18 11:39 . 2011-01-18 11:39 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2011-01-18 11:39 . 2011-01-18 11:39 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-03-25 13:15 . 2011-03-25 13:15 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2011-01-18 11:39 . 2011-01-18 11:39 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-07-07 12:18 . 2011-07-07 12:18 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-12-25 05:55 . 2011-12-25 05:55 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2010-09-23 09:26 . 2010-09-23 09:26 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2011-12-25 05:53 . 2011-12-25 05:53 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2010-09-23 09:25 . 2010-09-23 09:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2010-09-23 10:17 . 2010-09-23 10:17 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2011-12-25 06:49 . 2011-12-25 06:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2005-08-16 10:38 . 2009-06-24 04:59 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
+ 2005-08-16 10:38 . 2011-07-05 22:44 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
- 2005-08-16 10:38 . 2009-06-24 05:12 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
+ 2005-08-16 10:38 . 2011-07-06 16:57 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
+ 2012-03-27 19:35 . 2012-03-27 19:35 785920 c:\windows\Installer\1199f6d.msi
+ 2012-03-27 19:34 . 2012-03-27 19:34 483840 c:\windows\Installer\1199f4e.msi
+ 2012-03-27 19:34 . 2012-03-27 19:34 301056 c:\windows\Installer\1199f46.msi
+ 2011-12-25 12:40 . 2011-12-25 12:40 819200 c:\windows\Installer\1199f3f.msp
+ 2012-03-27 19:08 . 2012-03-27 19:08 467456 c:\windows\Installer\1199e4c.msi
+ 2005-11-28 19:07 . 2012-03-27 19:44 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2005-11-28 19:07 . 2011-04-14 20:36 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2005-11-28 19:07 . 2012-03-27 19:44 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2005-11-28 19:07 . 2011-04-14 20:36 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2005-11-28 19:07 . 2011-04-14 20:36 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2005-11-28 19:07 . 2012-03-27 19:44 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2005-11-28 19:07 . 2011-04-14 20:36 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2005-11-28 19:07 . 2012-03-27 19:44 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-01-23 13:33 . 2012-03-27 19:45 409600 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-01-23 13:33 . 2011-09-12 17:31 409600 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-01-23 13:33 . 2011-09-12 17:31 286720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-01-23 13:33 . 2012-03-27 19:45 286720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-01-23 13:33 . 2011-09-12 17:31 249856 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-01-23 13:33 . 2012-03-27 19:45 249856 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-01-23 13:33 . 2011-09-12 17:31 794624 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-01-23 13:33 . 2012-03-27 19:45 794624 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-01-23 13:33 . 2011-09-12 17:31 135168 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-01-23 13:33 . 2012-03-27 19:45 135168 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-01-23 13:33 . 2011-09-12 17:31 593920 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-01-23 13:33 . 2012-03-27 19:45 593920 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2012-03-27 19:17 . 2011-02-22 23:06 916480 c:\windows\ie8updates\KB2647516-IE8\wininet.dll
+ 2012-03-27 19:17 . 2009-03-08 11:34 105984 c:\windows\ie8updates\KB2647516-IE8\url.dll
+ 2012-03-27 19:17 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2647516-IE8\spuninst\updspapi.dll
+ 2012-03-27 19:17 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2647516-IE8\spuninst\spuninst.exe
+ 2012-03-27 19:17 . 2011-02-22 23:06 206848 c:\windows\ie8updates\KB2647516-IE8\occache.dll
+ 2012-03-27 19:17 . 2011-02-22 23:06 611840 c:\windows\ie8updates\KB2647516-IE8\mstime.dll
+ 2012-03-27 19:17 . 2011-02-22 23:06 602112 c:\windows\ie8updates\KB2647516-IE8\msfeeds.dll
+ 2012-03-27 19:17 . 2011-02-22 23:06 247808 c:\windows\ie8updates\KB2647516-IE8\ieproxy.dll
+ 2012-03-27 19:17 . 2011-02-22 23:06 184320 c:\windows\ie8updates\KB2647516-IE8\iepeers.dll
+ 2012-03-27 19:17 . 2011-02-22 23:06 743424 c:\windows\ie8updates\KB2647516-IE8\iedvtool.dll
+ 2012-03-27 19:17 . 2011-02-22 23:06 387584 c:\windows\ie8updates\KB2647516-IE8\iedkcs32.dll
+ 2012-03-27 19:17 . 2011-02-18 11:49 173568 c:\windows\ie8updates\KB2647516-IE8\ie4uinit.exe
+ 2012-03-27 19:05 . 2009-03-08 11:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll
+ 2012-03-27 19:05 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll
+ 2012-03-27 19:05 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
+ 2005-08-05 19:06 . 2011-11-02 16:25 107008 c:\windows\ehome\mstvcapn.dll
+ 2008-11-12 10:46 . 2011-07-15 13:29 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2012-02-28 21:08 . 2012-02-28 21:08 771584 c:\windows\assembly\temp\2OJ90DBFJF\System.Runtime.Remoting.ni.dll
+ 2012-03-27 19:26 . 2012-03-27 19:26 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_729ffafc\System.Drawing.dll
+ 2012-03-27 19:27 . 2012-03-27 19:27 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_b0fe9bbb\System.Drawing.Design.dll
+ 2012-03-27 19:27 . 2012-03-27 19:27 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_e1183811\CustomMarshalers.dll
+ 2012-03-27 19:06 . 2012-03-27 19:06 847872 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_fe1ab459\System.Drawing.dll
+ 2012-03-27 20:19 . 2012-03-27 20:19 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\edc5691acfb65ac37f49de2ec497083a\WsatConfig.ni.exe
+ 2012-03-27 20:05 . 2012-03-27 20:05 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\4ad8369d6a60765d7e9b43cdf9023f41\WindowsFormsIntegration.ni.dll
+ 2012-03-27 20:08 . 2012-03-27 20:08 308736 c:\windows\assembly\NativeImages_v2.0.50727_32\Windows7.DesktopInt#\edc6cf20aeebff7e245749f50b4085a8\Windows7.DesktopIntegration.ni.dll
+ 2012-03-27 20:08 . 2012-03-27 20:08 643584 c:\windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\bdc241f475c6b2a3e9a9e79ae888a245\VistaBridgeLibrary.ni.dll
+ 2012-03-27 20:05 . 2012-03-27 20:05 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f102afdffdbe2565bcedb7fa0626b865\UIAutomationTypes.ni.dll
+ 2012-03-27 19:48 . 2012-03-27 19:48 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\9da95d4a319b7271d1f05f61f4b744d6\UIAutomationTypes.ni.dll
+ 2012-03-27 20:05 . 2012-03-27 20:05 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\68f4157e570c77df653057c0583395bd\UIAutomationClient.ni.dll
+ 2012-03-27 20:43 . 2012-03-27 20:43 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c2a12bd4056b44f8005a7eb3af161e6a\System.Xml.Linq.ni.dll
+ 2012-03-27 20:42 . 2012-03-27 20:42 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\fc63b434b2f253cd27625487f7b02ac0\System.Web.Routing.ni.dll
+ 2012-03-27 20:08 . 2012-03-27 20:08 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\67877f896b2b0e42286e838fe307f3fd\System.Web.RegularExpressions.ni.dll
+ 2012-03-27 20:42 . 2012-03-27 20:42 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\86650d4fb220f94f25bb5da42a03d454\System.Web.Extensions.Design.ni.dll
+ 2012-03-27 20:42 . 2012-03-27 20:42 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\654465871e547e131668874de7c60b8c\System.Web.Entity.ni.dll
+ 2012-03-27 20:42 . 2012-03-27 20:42 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f0d6895f6e709d425cb5da6053c603d2\System.Web.Entity.Design.ni.dll
+ 2012-03-27 20:42 . 2012-03-27 20:42 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3f3b7dc7208e302e39a2dfb5b2cb953b\System.Web.DynamicData.ni.dll
+ 2012-03-27 20:42 . 2012-03-27 20:42 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\e9cddd213343f15d611b14620d649bb0\System.Web.Abstractions.ni.dll
+ 2012-03-27 20:07 . 2012-03-27 20:07 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f25d114cb629d1f512f98883c6535a75\System.Transactions.ni.dll
+ 2012-03-27 20:07 . 2012-03-27 20:07 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
+ 2012-03-27 20:07 . 2012-03-27 20:07 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\5fb9981f4147b537b53be9d58bf4e9b4\System.Security.ni.dll
+ 2012-03-27 20:07 . 2012-03-27 20:07 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1335dd98ce5ce22ad1f51cc274ca5a1d\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-03-27 20:07 . 2012-03-27 20:07 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c14e58265386feb509cc61bb5e8dd296\System.Runtime.Remoting.ni.dll
+ 2012-03-27 20:41 . 2012-03-27 20:41 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\a4b2b1ee81acd843970d9a81b281f1c1\System.Net.ni.dll
 
Part 3


+ 2012-03-27 20:07 . 2012-03-27 20:07 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
+ 2012-03-27 20:41 . 2012-03-27 20:41 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e3436edde657a5111d39d5b2eecf9715\System.Management.Instrumentation.ni.dll
+ 2012-03-27 20:41 . 2012-03-27 20:41 160256 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\5d6a0e02b8e1cff94d07d2507667edc7\System.Management.Automation.resources.ni.dll
+ 2012-03-27 20:18 . 2012-03-27 20:18 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\974ded7dd3bca225a1b90de778846c78\System.IO.Log.ni.dll
+ 2012-03-27 20:18 . 2012-03-27 20:18 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\01eba24390736a59c39becd825b5756e\System.IdentityModel.Selectors.ni.dll
+ 2012-03-27 20:07 . 2012-03-27 20:07 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.Wrapper.dll
+ 2012-03-27 20:07 . 2012-03-27 20:07 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.ni.dll
+ 2012-03-27 20:04 . 2012-03-27 20:04 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\e9ae7ae6d1e9edc7aaf819889cd1c692\System.Drawing.Design.ni.dll
+ 2012-03-27 20:08 . 2012-03-27 20:08 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\78a370dc153011708dd9e4cb0e606bfc\System.DirectoryServices.Protocols.ni.dll
+ 2012-03-27 20:41 . 2012-03-27 20:41 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\6e644fc7464d9fe23fc9cd6001296f2f\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-03-27 20:40 . 2012-03-27 20:40 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\bac39be66bb9f987c1948b766833f8e6\System.Data.Services.Client.ni.dll
+ 2012-03-27 20:40 . 2012-03-27 20:40 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\2b5ecd231320e57010043c408783d80b\System.Data.Services.Design.ni.dll
+ 2012-03-27 20:40 . 2012-03-27 20:40 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\4ac9ac2326720485aefd4d79d2024945\System.Data.Entity.Design.ni.dll
+ 2012-03-27 20:20 . 2012-03-27 20:20 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\d504d550fd0a6994fcb1466ea7be92af\System.Data.DataSetExtensions.ni.dll
+ 2012-03-27 20:07 . 2012-03-27 20:07 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
+ 2012-03-27 20:07 . 2012-03-27 20:07 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\28637135c6939e74450bbbf110b12643\System.Configuration.Install.ni.dll
+ 2012-03-27 20:20 . 2012-03-27 20:20 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\958b5c0114d664ab5ba72575c301e2ea\System.AddIn.ni.dll
+ 2012-03-27 20:19 . 2012-03-27 20:19 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\4dcff3b0e79fc27e31549bb2af00efb5\SMSvcHost.ni.exe
+ 2012-03-27 20:19 . 2012-03-27 20:19 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\bd3bfd5b6ef659dac4d6cccb34577d33\SMDiagnostics.ni.dll
+ 2012-03-27 20:19 . 2012-03-27 20:19 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\edec83be646eb52204c991371751a428\ServiceModelReg.ni.exe
+ 2012-03-27 20:02 . 2012-03-27 20:02 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\52015457bc28e7a9a563d9eab8ab0015\PresentationFramework.Royale.ni.dll
+ 2012-03-27 20:02 . 2012-03-27 20:02 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\46a680814559114706a33282e9df4b7a\PresentationFramework.Classic.ni.dll
+ 2012-03-27 19:55 . 2012-03-27 19:55 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\447392b739fcc0dd9bf43d38ed157799\PresentationFramework.Classic.ni.dll
+ 2012-03-27 19:55 . 2012-03-27 19:55 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3d11f3e778bdb89425a689c18afb1041\PresentationFramework.Aero.ni.dll
+ 2012-03-27 19:55 . 2012-03-27 19:55 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2c273f5d4639fe3a367d224afea4c9e3\PresentationFramework.Luna.ni.dll
+ 2012-03-27 20:02 . 2012-03-27 20:02 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2713754549b1114c9152d33efe5f72c7\PresentationFramework.Aero.ni.dll
+ 2012-03-27 20:02 . 2012-03-27 20:02 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1552f18ca434c1dca6d082df476d089a\PresentationFramework.Luna.ni.dll
+ 2012-03-27 19:55 . 2012-03-27 19:55 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\04a3aea7cd8f46069bfa3e94fc0c3306\PresentationFramework.Royale.ni.dll
+ 2012-03-27 20:17 . 2012-03-27 20:17 170496 c:\windows\assembly\NativeImages_v2.0.50727_32\PhotobucketNet\4d7328198cbf7675cc9c95e0e35b3a08\PhotobucketNet.ni.dll
+ 2012-03-27 20:19 . 2012-03-27 20:19 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7c51497b188c82e2ccbe6315549ce023\MSBuild.ni.exe
+ 2012-03-27 20:19 . 2012-03-27 20:19 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f0f6dd614d294295c5d8386cc4192034\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-03-27 20:20 . 2012-03-27 20:20 148480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\fb938a1d399e2cfca2304bdca4fe76dc\Microsoft.PowerShell.Security.ni.dll
+ 2012-03-27 20:20 . 2012-03-27 20:20 968192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\a03adbb7c3084d986da6e22dcce9805f\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-03-27 20:19 . 2012-03-27 20:19 433664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\8a25afef0d57ac430ba392595eba639f\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-03-27 20:20 . 2012-03-27 20:20 492032 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\875af0c2a5e8a4bed88232b6f445cfaa\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-03-27 20:19 . 2012-03-27 20:19 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\fd1338828beec8737fed8f50f4fcc567\Microsoft.Build.Utilities.ni.dll
+ 2012-03-27 20:19 . 2012-03-27 20:19 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\0d5f999c4b7e51151548c37c676c1b8e\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-03-27 20:19 . 2012-03-27 20:19 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\792168ce8fe03a3db43e12cf736cf91e\Microsoft.Build.Engine.ni.dll
+ 2012-03-27 20:19 . 2012-03-27 20:19 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\0a5277c34ddc1f55df1defb4231e814f\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-03-27 20:08 . 2012-03-27 20:08 154624 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Windows\5affcb6397878456909e4146bde1852e\Inkjet.Windows.ni.dll
+ 2012-03-27 20:07 . 2012-03-27 20:07 283648 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Utilities\df0efdea1a90f47a74bdef0e44b03ca1\Inkjet.Utilities.ni.dll
+ 2012-03-27 20:18 . 2012-03-27 20:18 282624 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Utilities\1fedbfd38c19aaed497c6074f8ac8b49\Inkjet.Utilities.ni.dll
+ 2012-03-27 20:17 . 2012-03-27 20:17 138752 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Tray\b7e72140c977239ce82d5efa6898fd29\Inkjet.Tray.ni.dll
+ 2012-03-27 20:08 . 2012-03-27 20:08 977920 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Tools\eca871d2aa81d584f40f809c76ccca32\Inkjet.Tools.ni.dll
+ 2012-03-27 20:07 . 2012-03-27 20:07 180736 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Statistics\1e8aad9950f2993546a3be08455d86f0\Inkjet.Statistics.ni.dll
+ 2012-03-27 20:08 . 2012-03-27 20:08 378368 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Scanning\8d7de40c77dd12fa74038fa9fc82542f\Inkjet.Scanning.ni.dll
+ 2012-03-27 20:08 . 2012-03-27 20:08 567296 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Scan\2961364d4cf78c3bf20520dd3a08495c\Inkjet.Scan.ni.dll
+ 2012-03-27 20:08 . 2012-03-27 20:08 343040 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Printing\045776e2394659abee311416a741d45b\Inkjet.Printing.ni.dll
+ 2012-03-27 20:17 . 2012-03-27 20:17 299008 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Picasa\4c96838385b24db595674bdd5df8202b\Inkjet.Picasa.ni.dll
+ 2012-03-27 20:17 . 2012-03-27 20:17 210944 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.PhotoBucket\234ce8290fea998deaa26bbf8b6ab64a\Inkjet.PhotoBucket.ni.dll
+ 2012-03-27 20:07 . 2012-03-27 20:07 237056 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Localization\56696b3880309021b174d271ea96ff95\Inkjet.Localization.ni.dll
+ 2012-03-27 20:17 . 2012-03-27 20:17 522752 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.KodakGallery\ffad30e11faec6373aaee75d878fd51f\Inkjet.KodakGallery.ni.dll
+ 2012-03-27 20:08 . 2012-03-27 20:08 750080 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.IO\e0ba111ae7ead3a9ca0607a612f3f680\Inkjet.IO.ni.dll
+ 2012-03-27 20:07 . 2012-03-27 20:07 824320 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Hardware\8c7d08dd02d37cb7fab7a4d0c047d17b\Inkjet.Hardware.ni.dll
+ 2012-03-27 20:17 . 2012-03-27 20:17 163328 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Flickr\789aa3f606b9bf94a9c37363c70e54b3\Inkjet.Flickr.ni.dll
+ 2012-03-27 20:17 . 2012-03-27 20:17 162816 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Facebook\376578869265c9cdda3293729eb0f764\Inkjet.Facebook.ni.dll
+ 2012-03-27 20:08 . 2012-03-27 20:08 168448 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.EasyShare\7863193f0ce1c82f2b78a8f3b01957bf\Inkjet.EasyShare.ni.dll
+ 2012-03-27 20:07 . 2012-03-27 20:07 105472 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Diagnostics\313de9c18ccddcf244989ca8f29b1f97\Inkjet.Diagnostics.ni.dll
+ 2012-03-27 20:09 . 2012-03-27 20:09 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Browse\690b5b140c8854b3438c6b873d3c76ce\Inkjet.Browse.ni.dll
+ 2012-03-27 20:08 . 2012-03-27 20:08 169984 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Automation\2060c6851428e508f673a0dfd819e5fb\Inkjet.Automation.ni.dll
+ 2012-03-27 20:17 . 2012-03-27 20:17 102912 c:\windows\assembly\NativeImages_v2.0.50727_32\Google.GData.Photos\02ba21fb40349f021dd119aeb97f615f\Google.GData.Photos.ni.dll
+ 2012-03-27 20:17 . 2012-03-27 20:17 216064 c:\windows\assembly\NativeImages_v2.0.50727_32\Google.GData.Extens#\a6e6a3630c7494b6d3c048295cf74774\Google.GData.Extensions.ni.dll
+ 2012-03-27 20:17 . 2012-03-27 20:17 551936 c:\windows\assembly\NativeImages_v2.0.50727_32\Google.GData.Client\87e3d702fc2887158fb7c7b7d768a27f\Google.GData.Client.ni.dll
+ 2012-03-27 20:17 . 2012-03-27 20:17 372736 c:\windows\assembly\NativeImages_v2.0.50727_32\FlickrNet\fb8f415889238982d4b16620275ae916\FlickrNet.ni.dll
+ 2012-03-27 20:17 . 2012-03-27 20:17 238592 c:\windows\assembly\NativeImages_v2.0.50727_32\Facebook\d7a11ffb4aff45e159059699d3b37f65\Facebook.ni.dll
+ 2012-03-27 20:08 . 2012-03-27 20:08 435200 c:\windows\assembly\NativeImages_v2.0.50727_32\EastmanKodakCompany#\2582b031b1dbdc6161cead7f03f04a2b\EastmanKodakCompany.EasyShare.ni.dll
+ 2012-03-27 20:19 . 2012-03-27 20:19 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll
+ 2012-03-27 20:19 . 2012-03-27 20:19 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a8df37aadb089f1f34d3d2f103966fbc\ComSvcConfig.ni.exe
+ 2012-03-27 20:07 . 2012-03-27 20:07 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\25ce400b547f517258c8afb0480390ea\AspNetMMCExt.ni.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-04-14 20:28 . 2011-04-14 20:28 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-04-14 20:28 . 2011-04-14 20:28 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-04-14 20:28 . 2011-04-14 20:28 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-04-14 20:28 . 2011-04-14 20:28 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-04-14 20:28 . 2011-04-14 20:28 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-05-14 03:04 . 2011-05-14 03:04 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll
+ 2011-05-14 03:04 . 2011-05-14 03:04 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80.dll
+ 2005-08-16 10:18 . 2011-12-17 19:46 1212416 c:\windows\system32\urlmon.dll
+ 2005-08-16 10:18 . 2011-11-03 15:28 1292288 c:\windows\system32\quartz.dll
+ 2005-08-16 10:18 . 2011-11-01 16:07 1288704 c:\windows\system32\ole32.dll
- 2005-08-16 10:18 . 2010-12-09 13:42 2148864 c:\windows\system32\ntoskrnl.exe
+ 2005-08-16 10:18 . 2011-10-25 13:37 2148864 c:\windows\system32\ntoskrnl.exe
- 2004-08-04 04:59 . 2010-12-09 13:07 2027008 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-04 04:59 . 2011-10-25 12:52 2027008 c:\windows\system32\ntkrnlpa.exe
+ 2005-08-16 10:18 . 2011-12-17 19:46 5979136 c:\windows\system32\mshtml.dll
+ 2006-10-17 16:57 . 2011-12-17 19:46 2000384 c:\windows\system32\iertutil.dll
+ 2008-10-15 17:32 . 2012-02-03 09:22 1860096 c:\windows\system32\dllcache\win32k.sys
+ 2006-05-10 05:25 . 2011-12-17 19:46 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2008-05-07 05:12 . 2011-11-03 15:28 1292288 c:\windows\system32\dllcache\quartz.dll
+ 2010-07-16 12:05 . 2011-11-01 16:07 1288704 c:\windows\system32\dllcache\ole32.dll
+ 2008-10-15 17:32 . 2011-10-25 13:33 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-10-15 17:32 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-15 17:32 . 2011-10-25 12:52 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-15 17:32 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-15 17:32 . 2011-10-25 12:52 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-10-15 17:32 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-10-15 17:32 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-10-15 17:32 . 2011-10-25 13:37 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2006-05-19 15:06 . 2011-12-17 19:46 5979136 c:\windows\system32\dllcache\mshtml.dll
+ 2007-05-09 11:46 . 2011-12-17 19:46 2000384 c:\windows\system32\dllcache\iertutil.dll
- 2008-07-25 19:17 . 2008-07-25 19:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2011-03-25 13:15 . 2011-03-25 13:15 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2011-12-25 10:50 . 2011-12-25 10:50 5246976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2011-10-26 10:39 . 2011-10-26 10:39 3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-07-07 12:18 . 2011-07-07 12:18 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2011-01-18 11:39 . 2011-01-18 11:39 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-07-07 12:18 . 2011-07-07 12:18 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-12-25 18:07 . 2011-12-25 18:07 2064384 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2011-12-25 18:06 . 2011-12-25 18:06 1269760 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2010-09-23 22:55 . 2010-09-23 22:55 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2011-12-25 18:06 . 2011-12-25 18:06 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2011-12-25 05:54 . 2011-12-25 05:54 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2010-09-23 09:26 . 2010-09-23 09:26 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2011-12-25 05:53 . 2011-12-25 05:53 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2010-09-23 22:55 . 2010-09-23 22:55 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2011-12-25 18:06 . 2011-12-25 18:06 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2005-08-16 10:38 . 2009-06-29 18:58 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
+ 2005-08-16 10:38 . 2011-07-13 01:04 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
- 2005-08-16 10:38 . 2009-06-24 05:00 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
+ 2005-08-16 10:38 . 2011-07-05 22:45 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
+ 2005-08-16 10:38 . 2011-07-05 22:46 2408448 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
+ 2005-08-16 10:38 . 2011-07-13 01:05 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
- 2005-08-16 10:38 . 2009-06-29 18:58 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
+ 2011-11-01 20:34 . 2011-11-01 20:34 1552384 c:\windows\Installer\13c850e.msp
+ 2011-10-31 05:54 . 2011-10-31 05:54 2748416 c:\windows\Installer\13c84fe.msp
+ 2011-08-11 00:43 . 2011-08-11 00:43 3795968 c:\windows\Installer\13c84f7.msp
+ 2011-04-29 19:28 . 2011-04-29 19:28 1995264 c:\windows\Installer\1199f75.msp
+ 2011-12-26 16:59 . 2011-12-26 16:59 4368896 c:\windows\Installer\1199f20.msp
+ 2011-05-18 01:28 . 2011-05-18 01:28 6862848 c:\windows\Installer\1199f05.msp
+ 2011-04-29 20:04 . 2011-04-29 20:04 5053440 c:\windows\Installer\1199ef4.msp
+ 2011-10-30 06:10 . 2011-10-30 06:10 6824960 c:\windows\Installer\1199ecf.msp
+ 2011-10-31 19:37 . 2011-10-31 19:37 4146688 c:\windows\Installer\1199eb4.msp
+ 2011-11-01 20:34 . 2011-11-01 20:34 2531840 c:\windows\Installer\1199e9f.msp
+ 2011-05-23 21:15 . 2011-05-23 21:15 3617792 c:\windows\Installer\1199e86.msp
+ 2012-03-06 04:34 . 2012-03-06 04:34 5519872 c:\windows\Installer\1199e64.msp
+ 2011-07-27 14:39 . 2011-07-27 14:39 9892352 c:\windows\Installer\1199e53.msp
+ 2011-11-11 23:16 . 2011-11-11 23:16 8458240 c:\windows\Installer\1199e43.msp
+ 2007-04-19 21:09 . 2007-04-19 21:09 1061720 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\OMFC.DLL
+ 2009-04-04 01:21 . 2009-04-04 01:21 8543096 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\OARTCONV.DLL
+ 2012-03-27 19:17 . 2011-02-22 23:06 1210880 c:\windows\ie8updates\KB2647516-IE8\urlmon.dll
+ 2012-03-27 19:17 . 2011-02-22 23:06 5962240 c:\windows\ie8updates\KB2647516-IE8\mshtml.dll
+ 2012-03-27 19:17 . 2011-02-22 23:06 1991680 c:\windows\ie8updates\KB2647516-IE8\iertutil.dll
- 2008-10-15 17:32 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-15 17:32 . 2011-10-25 13:33 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-15 17:32 . 2011-10-25 12:52 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-15 17:32 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-15 17:32 . 2011-10-25 12:52 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-15 17:32 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-15 17:32 . 2011-10-25 13:37 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2008-10-15 17:32 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2012-03-27 19:27 . 2012-03-27 19:27 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_5daa440e\System.dll
+ 2012-03-27 19:26 . 2012-03-27 19:26 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_17b1b1f7\System.dll
+ 2012-03-27 19:26 . 2012-03-27 19:26 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_ec7d23ae\System.Xml.dll
+ 2012-03-27 19:27 . 2012-03-27 19:27 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_0d337f34\System.Xml.dll
+ 2012-03-27 19:26 . 2012-03-27 19:26 3035136 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_8432fa13\System.Windows.Forms.dll
+ 2012-03-27 19:27 . 2012-03-27 19:27 7917568 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_43c4aa8f\System.Windows.Forms.dll
+ 2012-03-27 19:27 . 2012-03-27 19:27 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_40840961\System.Drawing.dll
+ 2012-03-27 19:27 . 2012-03-27 19:27 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_f1b08050\System.Design.dll
+ 2012-03-27 19:26 . 2012-03-27 19:26 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_7a7a8ffa\System.Design.dll
+ 2012-03-27 19:26 . 2012-03-27 19:26 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e534d5fa\mscorlib.dll
+ 2012-03-27 19:27 . 2012-03-27 19:27 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_68ad1032\mscorlib.dll
+ 2012-03-27 19:06 . 2012-03-27 19:06 1855488 c:\windows\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_7af2c0ee\System.dll
+ 2012-03-27 19:06 . 2012-03-27 19:06 2027520 c:\windows\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_3b9e64d2\System.Xml.dll
+ 2012-03-27 19:06 . 2012-03-27 19:06 2953216 c:\windows\assembly\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_f82eb851\System.Windows.Forms.dll
+ 2012-03-27 19:06 . 2012-03-27 19:06 1454080 c:\windows\assembly\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_2d69bac6\System.Design.dll
+ 2012-03-27 19:06 . 2012-03-27 19:06 3301376 c:\windows\assembly\NativeImages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_40b6fd61\mscorlib.dll
+ 2012-03-27 20:01 . 2012-03-27 20:01 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\174c2f776741812aed02c337bbcd1dae\WindowsBase.ni.dll
+ 2012-03-27 20:05 . 2012-03-27 20:05 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\94f5164ff4f664c5e4e7fb4c3af1abad\UIAutomationClientsideProviders.ni.dll
+ 2012-03-27 20:19 . 2012-03-27 20:19 3611648 c:\windows\assembly\NativeImages_v2.0.50727_32\twaingui\d48487924e10930123859eaaddc0383a\twaingui.ni.exe
+ 2012-03-27 20:01 . 2012-03-27 20:01 7953408 c:\windows\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
+ 2012-03-27 20:05 . 2012-03-27 20:05 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
+ 2012-03-27 20:43 . 2012-03-27 20:43 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\c4c671c737b553db8e07664816475333\System.WorkflowServices.ni.dll
+ 2012-03-27 20:43 . 2012-03-27 20:43 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\248ea47105ff4af6ee75e6fdd5b450a1\System.Workflow.Runtime.ni.dll
+ 2012-03-27 20:43 . 2012-03-27 20:43 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\80a288b6611668160334668cc2608e4a\System.Workflow.ComponentModel.ni.dll
+ 2012-03-27 20:43 . 2012-03-27 20:43 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\4c27548df5897320840ee0d65db38742\System.Workflow.Activities.ni.dll
+ 2012-03-27 20:08 . 2012-03-27 20:08 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e9ba004858dcdb5958d86f26f043f85a\System.Web.Services.ni.dll
+ 2012-03-27 20:42 . 2012-03-27 20:42 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\030cde14924eefebc06c240dbfe093a4\System.Web.Mobile.ni.dll
+ 2012-03-27 20:42 . 2012-03-27 20:42 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6379c8ca8ae11effb415139990923ff1\System.Web.Extensions.ni.dll
+ 2012-03-27 20:04 . 2012-03-27 20:04 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\e456140d5d6c43d7383bd36d3f9e12c6\System.Speech.ni.dll
+ 2012-03-27 20:41 . 2012-03-27 20:41 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\285dfbf2380436e187cb624bd1cd4683\System.ServiceModel.Web.ni.dll
+ 2012-03-27 20:18 . 2012-03-27 20:18 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f2532204217dc10f152afd077b09927c\System.Runtime.Serialization.ni.dll
+ 2012-03-27 20:04 . 2012-03-27 20:04 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\d51e6bb07124a1d780d1e024858e0dc1\System.Printing.ni.dll
+ 2012-03-27 20:41 . 2012-03-27 20:41 4950016 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\10fdfb918f01ebc41f38a391334146a9\System.Management.Automation.ni.dll
+ 2012-03-27 20:18 . 2012-03-27 20:18 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\8ef05061cd205c4f2a8583d97f32a603\System.IdentityModel.ni.dll
+ 2012-03-27 20:04 . 2012-03-27 20:04 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
+ 2012-03-27 20:07 . 2012-03-27 20:07 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\77d0e93f024055d04c07cc2700b4c590\System.DirectoryServices.ni.dll
+ 2012-03-27 20:07 . 2012-03-27 20:07 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\707a05a7d5a8d99dd56d1d50311a60d2\System.Deployment.ni.dll
+ 2012-03-27 20:03 . 2012-03-27 20:03 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll
+ 2012-03-27 20:07 . 2012-03-27 20:07 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\857300fa64d09c69125451fd8894f3da\System.Data.SqlXml.ni.dll
+ 2012-03-27 20:40 . 2012-03-27 20:40 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\e9d4a1fb13572c769ddd9b86e55baab4\System.Data.Services.ni.dll
+ 2012-03-27 20:08 . 2012-03-27 20:08 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\3f2e74586111fb32d5edc059f709fa94\System.Data.OracleClient.ni.dll
+ 2012-03-27 20:03 . 2012-03-27 20:03 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3d9c33f71d15a3e2e240092a244eba3\System.Data.Linq.ni.dll
+ 2012-03-27 20:39 . 2012-03-27 20:39 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\424160369b301ccd1b6fd86265611955\System.Data.Entity.ni.dll
+ 2012-03-27 20:03 . 2012-03-27 20:03 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\0a6d6717e76be12295711ff02c7aa1d4\System.Core.ni.dll
+ 2012-03-27 20:03 . 2012-03-27 20:03 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\33cdfb4c322a528260016ac759230501\ReachFramework.ni.dll
+ 2012-03-27 20:03 . 2012-03-27 20:03 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a6def83aee1aaf3336675ce58ac09013\PresentationUI.ni.dll
+ 2012-03-27 20:01 . 2012-03-27 20:01 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\59cd6ce5a254006179eee92952cd2272\PresentationBuildTasks.ni.dll
+ 2012-03-27 20:17 . 2012-03-27 20:17 1761792 c:\windows\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\aa974f4d5df17e6dd8cb5fc79b70628b\Newtonsoft.Json.Net20.ni.dll
+ 2012-03-27 20:17 . 2012-03-27 20:17 2437632 c:\windows\assembly\NativeImages_v2.0.50727_32\NetworkPrinterDisco#\2938b48ed6c62e372a5be0df4d19c484\NetworkPrinterDiscovery.ni.exe
+ 2012-03-27 20:20 . 2012-03-27 20:20 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\96e485c02ad346a2bd26a635e7fcb023\Microsoft.VisualBasic.ni.dll
+ 2012-03-27 20:19 . 2012-03-27 20:19 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f7071f9a1c0523540f6aa7f11c302fb6\Microsoft.Transactions.Bridge.ni.dll
+ 2012-03-27 20:07 . 2012-03-27 20:07 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\806b1d127ed3e906db972751e87585c4\Microsoft.JScript.ni.dll
+ 2012-03-27 20:19 . 2012-03-27 20:19 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\912789fd859e0887e10a935cade08e72\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-03-27 20:19 . 2012-03-27 20:19 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\6c1d3eec78906cc2a2ecffb013114c50\Microsoft.Build.Tasks.ni.dll
+ 2012-03-27 20:19 . 2012-03-27 20:19 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d6edd4b4619a9052d3dfe50c3067d5e0\Microsoft.Build.Engine.ni.dll
+ 2012-03-27 20:17 . 2012-03-27 20:17 1248256 c:\windows\assembly\NativeImages_v2.0.50727_32\KodakAiOUpdater\4b4c408a039305243e5d1c88bc31be80\KodakAiOUpdater.ni.exe
+ 2012-03-27 20:18 . 2012-03-27 20:18 1178624 c:\windows\assembly\NativeImages_v2.0.50727_32\InkjetCore\791bc9cd2f9bf127fb9fe0f1dc7dc800\InkjetCore.ni.dll
+ 2012-03-27 20:07 . 2012-03-27 20:07 1190912 c:\windows\assembly\NativeImages_v2.0.50727_32\InkjetCore\54604393354d1b90d8a735104cfe2398\InkjetCore.ni.dll
+ 2012-03-27 20:17 . 2012-03-27 20:17 1532416 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Editing\5f58944a899aafadf7c082f1dec15587\Inkjet.Editing.ni.dll
+ 2012-03-27 20:16 . 2012-03-27 20:16 1218048 c:\windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Destination\2fac75563f0afec3473d4d532017b3b1\Inkjet.Destination.ni.dll
+ 2012-03-27 20:07 . 2012-03-27 20:07 1177600 c:\windows\assembly\NativeImages_v2.0.50727_32\idrskrn_net14\da7fe046c3e726a59c808701da3219ce\idrskrn_net14.ni.dll
+ 2012-03-27 20:08 . 2012-03-27 20:08 3764224 c:\windows\assembly\NativeImages_v2.0.50727_32\CommonControls\e04eb73ae3fc94333a4e485fe020d422\CommonControls.ni.dll
+ 2012-03-27 20:18 . 2012-03-27 20:18 3761152 c:\windows\assembly\NativeImages_v2.0.50727_32\CommonControls\d9568a3def95f39525da30d609ed95cd\CommonControls.ni.dll
+ 2012-03-27 20:08 . 2012-03-27 20:08 3207680 c:\windows\assembly\NativeImages_v2.0.50727_32\AiOPrinterTools\a1f82d527d7ded3cb3e471558318ab1b\AiOPrinterTools.ni.exe
+ 2012-03-27 20:08 . 2012-03-27 20:08 1059328 c:\windows\assembly\NativeImages_v2.0.50727_32\AiOHostDirector\c4e2e87bffbddcb94f6b4fbfea357acc\AiOHostDirector.ni.exe
+ 2012-03-27 20:07 . 2012-03-27 20:07 1874944 c:\windows\assembly\NativeImages_v2.0.50727_32\AiOHomeCenter\32dd378052047cf5e63472e6d2af0402\AiOHomeCenter.ni.exe
+ 2012-03-27 19:57 . 2012-03-27 19:57 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-03-27 19:27 . 2012-03-27 19:27 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2010-10-02 19:05 . 2010-10-02 19:05 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-04-14 20:27 . 2011-04-14 20:27 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-03-27 19:56 . 2012-03-27 19:57 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-04-14 20:28 . 2011-04-14 20:28 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-10-02 19:04 . 2011-04-14 20:28 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-03-27 19:57 . 2012-03-27 19:57 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-03-27 19:25 . 2012-03-27 19:25 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2010-10-02 19:01 . 2010-10-02 19:01 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2012-03-27 19:25 . 2012-03-27 19:25 2064384 c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-03-27 19:25 . 2012-03-27 19:25 1269760 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-10-15 19:02 . 2009-10-15 19:02 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-03-27 19:05 . 2012-03-27 19:05 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
+ 2005-12-05 01:52 . 2012-03-04 23:23 54215544 c:\windows\system32\MRT.exe
+ 2006-11-08 02:03 . 2011-12-18 21:46 11082240 c:\windows\system32\ieframe.dll
+ 2007-05-09 11:46 . 2011-12-18 21:46 11082240 c:\windows\system32\dllcache\ieframe.dll
+ 2011-12-27 00:02 . 2011-12-27 00:02 12482048 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2656353\M2656353Uninstall.msp
+ 2011-03-28 10:27 . 2011-03-28 10:27 15456256 c:\windows\Installer\13c8506.msp
+ 2011-07-26 23:33 . 2011-07-26 23:33 10984448 c:\windows\Installer\13c84de.msp
+ 2011-07-12 03:43 . 2011-07-12 03:43 11641344 c:\windows\Installer\1199f7f.msp
+ 2011-12-26 16:02 . 2011-12-26 16:02 19677184 c:\windows\Installer\1199f39.msp
+ 2012-03-27 19:11 . 2012-03-27 19:11 20333056 c:\windows\Installer\1199ebf.msp
+ 2012-03-27 19:17 . 2011-02-22 23:06 11080704 c:\windows\ie8updates\KB2647516-IE8\ieframe.dll
+ 2012-03-27 20:04 . 2012-03-27 20:05 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
+ 2012-03-27 20:08 . 2012-03-27 20:08 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll
+ 2012-03-27 20:19 . 2012-03-27 20:19 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1cdcd6d97627d345d5ff446e6ec88b97\System.ServiceModel.ni.dll
+ 2012-03-27 20:04 . 2012-03-27 20:04 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\7c8f8fb506c32500acc1b6190d054f26\System.Design.ni.dll
+ 2012-03-27 20:02 . 2012-03-27 20:02 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5060105fb9e169399fe45600b1e9215e\PresentationFramework.ni.dll
+ 2012-03-27 20:01 . 2012-03-27 20:01 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\0665bba8c9962deadc418881eb3a2a2a\PresentationCore.ni.dll
+ 2012-03-27 20:00 . 2012-03-27 20:00 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
+ 2012-03-27 19:42 . 2012-03-27 19:42 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\c2678ff865d430dbcc94740aa5efdabc\mscorlib.ni.dll
.
 
Part 4

-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2011-06-17 2510848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2012-1-14 10809376]
.
c:\documents and settings\Megan\Start Menu\Programs\Startup\
Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2012-1-14 10809376]
.
c:\documents and settings\Stephanie\Start Menu\Programs\Startup\
Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2012-1-14 10809376]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2009-12-17 1795488]
Citrix Access Gateway.lnk - c:\program files\Citrix\Secure Access Client\nsload.exe [2009-11-8 1393304]
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\wlancfg5.exe [2006-1-26 1486848]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Citrix\\Secure Access Client\\nsload.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"<NO NAME>"=
"9090:TCP"= 9090:TCP:TINYPROXY
"53:TCP"= 53:TCP:TINYPROXY
"427:UDP"= 427:UDP:SLP_Port(427)
"5353:UDP"= 5353:UDP:Bonjour Port 5353
"9322:TCP"= 9322:TCP:EKDiscovery
.
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [12/19/2011 5:32 PM 394672]
R2 nsverctl;Citrix Secure Access Client Service;c:\program files\Citrix\Secure Access Client\nsverctl.exe [11/8/2009 12:24 PM 143360]
R3 Net6IM;Net6;c:\windows\system32\drivers\net6im51.sys [11/8/2009 12:26 PM 73880]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 1:12 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 1:12 PM 135664]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - EHSCHED
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 19:34]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 20:12]
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 20:12]
.
2012-03-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotsheet.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\LastPass\context.html?cmd=fillforms
Trusted Zone: atk.com\myvpn
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {85BA505F-FD01-4A91-836C-F7D502E89C9A} - hxxp://www.evite.com/html/imageUpload/ImageUploader4.cab
DPF: {99A7E374-3E8E-4C78-A054-25522DC03DA2} - hxxp://web.vcstar.com/traffic/cameras/NVSViewer.CAB
DPF: {B6C8044E-3B7B-4E05-9000-C455FC92235A} - hxxp://web.vcstar.com/traffic/cameras/NVSProtocol.CAB
DPF: {BA2CB6B1-03EE-4068-87CC-F5E4DD772A9B} - hxxps://promontory-cag3.atk.com/CitrixLogonPoint/MyVPN/EPAClient/CitrixCAO.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-27 20:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-03-27 20:47:52
ComboFix-quarantined-files.txt 2012-03-28 03:47
ComboFix2.txt 2012-03-27 13:33
.
Pre-Run: 15,646,384,128 bytes free
Post-Run: 16,070,365,184 bytes free
.
- - End Of File - - A5B77D5F5E2767A5A797430FA0683E7B
 
Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
NOTE. Make sure to reverse the above changes, when done with this step.
Upload following files to http://www.virustotal.com/ for security check:
- c:\documents and settings\All Users\Application Data\CzJzkQK78iE2Hm.exe
If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.
 
Broni-
I screwed up. I pasted the pathway in windows explorer to locate the file and by doing so, the executable ran and the "System Check" virus starting running again. The system check window is open on my computer.

I ran the virustotal.com scan and the result is pasted below. Sorry, this is frustrating.

SHA256: 660ef9a5b1464b9a070a1780f212e12b72dc7c251d5c2977222cffcc1e78a139
SHA1: b92e9e933bcb1151a7915d211e1baa063d5a5549
MD5: ab5c3661746468d35b3c680665f96a80
File size: 353.0 KB ( 361472 bytes )
File name: C:\Documents and Settings\All Users\Application Data\CzJzkQK78iE2Hm.exe
File type: Win32 EXE
Detection ratio: 25 / 41
Analysis date: 2012-03-28 05:17:06 UTC ( 0 minutes ago )

00
Antivirus Result Update
AhnLab-V3 Trojan/Win32.FakeAV 20120327
AntiVir TR/Kazy.62856.1 20120327
Antiy-AVL Trojan/Win32.Jorik.gen 20120327
Avast Win32:FakeSysdefs-A [Trj] 20120328
AVG Generic27.BFPC 20120327
BitDefender Gen:Variant.Kazy.62856 20120328
ByteHero - 20120327
CAT-QuickHeal - 20120327
ClamAV - 20120328
Commtouch - 20120328
Comodo TrojWare.Win32.Trojan.Agent.Gen 20120327
DrWeb Trojan.Fakealert.27220 20120328
Emsisoft Trojan.Win32.FakeSysdef!IK 20120328
eTrust-Vet - 20120327
F-Prot - 20120328
F-Secure Gen:Variant.Kazy.62853 20120328
Fortinet W32/FakeAlert.IY!tr 20120328
GData Gen:Variant.Kazy.62853 20120328
Ikarus Trojan.Win32.FakeSysdef 20120328
Jiangmin Trojan/Fakeav.aycy 20120327
K7AntiVirus Trojan 20120327
Kaspersky Trojan.Win32.Jorik.Fraud.nya 20120327
McAfee FakeAlert-SysDef.b 20120328
McAfee-GW-Edition FakeAlert-SysDef.b 20120327
Microsoft Trojan:Win32/FakeSysdef 20120327
NOD32 Win32/Adware.HDDRescue.AB 20120328
Norman - 20120327
nProtect - 20120327
Panda Generic Malware 20120327
PCTools - 20120326
Rising - 20120327
Sophos Troj/FakeAV-FID 20120328
SUPERAntiSpyware - 20120323
Symantec Trojan.FakeAV 20120328
TheHacker - 20120327
TrendMicro - 20120327
TrendMicro-HouseCall - 20120328
VBA32 - 20120327
VIPRE Trojan.Win32.Generic!BT 20120328
ViRobot Trojan.Win32.FakeAV.361984 20120328
VirusBuster - 20120323
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\documents and settings\All Users\Application Data\CzJzkQK78iE2Hm.exe

Rootkit::
c:\documents and settings\All Users\Application Data\CzJzkQK78iE2Hm.exe

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Here is the report
Part 1:
ComboFix 12-03-26.04 - Doug 03/29/2012 16:58:16.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.493 [GMT -7:00]
Running from: c:\documents and settings\Doug\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Doug\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\documents and settings\All Users\Application Data\CzJzkQK78iE2Hm.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\~CzJzkQK78iE2Hm
c:\documents and settings\All Users\Application Data\~CzJzkQK78iE2Hmr
c:\documents and settings\All Users\Application Data\CzJzkQK78iE2Hm
c:\documents and settings\Doug\Desktop\System Check.lnk
c:\documents and settings\Doug\Start Menu\Programs\System Check
c:\documents and settings\Doug\Start Menu\Programs\System Check\System Check.lnk
c:\documents and settings\Doug\Start Menu\Programs\System Check\Uninstall System Check.lnk
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-30 )))))))))))))))))))))))))))))))
.
.
2012-03-29 13:45 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8FFB04CA-411F-4741-A1B8-381382D8E759}\mpengine.dll
2012-03-27 19:35 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2012-03-27 06:48 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2012-03-27 06:47 . 2012-01-09 16:20 139784 ------w- c:\windows\system32\dllcache\rdpwd.sys
2012-03-27 06:46 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2012-03-27 06:46 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-03-27 06:46 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-03-25 21:29 . 2012-03-25 21:29 -------- d-----w- c:\documents and settings\Doug\Application Data\Malwarebytes
2012-03-25 21:28 . 2012-03-25 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-03-25 21:28 . 2011-12-10 22:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-25 21:28 . 2012-03-25 21:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-04 03:09 . 2012-03-04 03:09 -------- d-----w- c:\documents and settings\Doug\Application Data\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 02:15 . 2010-07-12 17:43 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-03 09:22 . 2005-08-16 10:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2010-07-11 20:18 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-28 15:32 . 2012-01-15 01:44 10809376 ----a-w- c:\program files\Common Files\lpuninstall.exe
2012-01-09 16:20 . 2005-08-16 10:37 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
 
Part 2:

.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2011-06-17 2510848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2012-1-14 10809376]
.
c:\documents and settings\Megan\Start Menu\Programs\Startup\
Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2012-1-14 10809376]
.
c:\documents and settings\Stephanie\Start Menu\Programs\Startup\
Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2012-1-14 10809376]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2009-12-17 1795488]
Citrix Access Gateway.lnk - c:\program files\Citrix\Secure Access Client\nsload.exe [2009-11-8 1393304]
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\wlancfg5.exe [2006-1-26 1486848]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Citrix\\Secure Access Client\\nsload.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
 
Part 3:

.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"<NO NAME>"=
"9090:TCP"= 9090:TCP:TINYPROXY
"53:TCP"= 53:TCP:TINYPROXY
"427:UDP"= 427:UDP:SLP_Port(427)
"5353:UDP"= 5353:UDP:Bonjour Port 5353
"9322:TCP"= 9322:TCP:EKDiscovery
.
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [12/19/2011 5:32 PM 394672]
R2 nsverctl;Citrix Secure Access Client Service;c:\program files\Citrix\Secure Access Client\nsverctl.exe [11/8/2009 12:24 PM 143360]
R3 Net6IM;Net6;c:\windows\system32\drivers\net6im51.sys [11/8/2009 12:26 PM 73880]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 1:12 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 1:12 PM 135664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 19:34]
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 20:12]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 20:12]
.
2012-03-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotsheet.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\LastPass\context.html?cmd=fillforms
Trusted Zone: atk.com\myvpn
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {85BA505F-FD01-4A91-836C-F7D502E89C9A} - hxxp://www.evite.com/html/imageUpload/ImageUploader4.cab
DPF: {99A7E374-3E8E-4C78-A054-25522DC03DA2} - hxxp://web.vcstar.com/traffic/cameras/NVSViewer.CAB
DPF: {B6C8044E-3B7B-4E05-9000-C455FC92235A} - hxxp://web.vcstar.com/traffic/cameras/NVSProtocol.CAB
DPF: {BA2CB6B1-03EE-4068-87CC-F5E4DD772A9B} - hxxps://promontory-cag3.atk.com/CitrixLogonPoint/MyVPN/EPAClient/CitrixCAO.cab
 
Part 4:

.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-29 17:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1740)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2012-03-29 17:34:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-30 00:34
ComboFix2.txt 2012-03-28 03:47
ComboFix3.txt 2012-03-27 13:33
.
Pre-Run: 16,100,876,288 bytes free
Post-Run: 16,129,945,600 bytes free
.
- - End Of File - - 9B0E4FE6154F1B77C810FF3AACCC1027
 
Good :)
Finally we got it.

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
815
uber_beetle
uber_beetle
A
Microsoft breaks users' PCs again with latest Windows 11 update
Replies
19
Views
413
trparky
T
D
Microsoft reveals how much Windows 10 Extended Security Updates will cost
Replies
16
Views
291
Gezzer
G

Latest posts

Back