I caught a virus, goes by av.exe in the TM

View previous topic View next topic Go down

I caught a virus, goes by av.exe in the TM

Post by stevo90277 on Thu Apr 08, 2010 2:50 am

Hello, I caught a virus. It doesn't let me run mbam.exe, instead it boots itself up, av.exe. Here's the HijackThis log:
Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:38:52 PM, on 4/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SttService.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\VMware\VMware VDM\Client\bin\wsnm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\TEMP\VS938D.EXE
C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
E:\Debug Malware\Software\Hijackthis\winlogon.scr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\apps\Java\jre5\bin\ssv.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\5.0.366.0\npchrome_frame.dll
O4 - HKLM\..\Run: [SIECACST] C:\Program Files\Siemens\CardOS API\bin\siecacst.exe
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ulutil2.dll,SetWriteBack
O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "E:\Debug Malware\Software\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\apps\Java\jre5\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\apps\Java\jre5\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.industrysoftware.automation.siemens.com
O15 - Trusted Zone: *.ugs.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1244484778015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244484770390
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = net.plm.eds.com
O17 - HKLM\Software\..\Telephony: DomainName = net.plm.eds.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6B288D1-1097-4AEB-A55C-5B845832FF70}: Domain = net.plm.eds.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = net.plm.eds.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = net.plm.eds.com,ugs.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = net.plm.eds.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = net.plm.eds.com,ugs.com,industrysoftware.automation.siemens.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = net.plm.eds.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = net.plm.eds.com,ugs.com,industrysoftware.automation.siemens.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = net.plm.eds.com,ugs.com,industrysoftware.automation.siemens.com
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\5.0.366.0\npchrome_frame.dll
O23 - Service: Amazon Download Agent - Amazon.com - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
O23 - Service: Juniper TNC Endpoint Assessment (EacService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Inc. - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
O23 - Service: iPass Endpoint Policy Management Agent (MobileAutmationAgentService) - Unknown owner - c:\program files\mobile automation\rstate.exe (file missing)
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Juniper OAC Service (odClientService) - Juniper Networks, Inc. - C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Stt Services (SttService) - Unknown owner - C:\WINDOWS\SttService.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: VMware VDM Client Service (wsnm) - VMware, Inc. - C:\Program Files\VMware\VMware VDM\Client\bin\wsnm.exe

--
End of file - 9508 bytes


Last edited by stevo90277 on Sat Apr 10, 2010 5:05 pm; edited 1 time in total

stevo90277
Novice
Novice

Status :
Online
Offline

Posts : 23
Joined : 2009-10-23
OS : Windows XP

View user profile

Back to top Go down

Re: I caught a virus, goes by av.exe in the TM

Post by Dr Jay on Thu Apr 08, 2010 7:33 pm

Please download [You must be registered and logged in to see this link.] and save it to your Desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS to start the program (if you are running on Vista then right-click the program and
    choose Run as Administrator).
  • At the top, tick on Scan All Users section and Include MD5.
  • At File Age set it to 90 Days
  • In the Processes, Modules, Services, Drivers, and Registry
    section, please set on Safe List.
  • In the Files Created Within and Files Modified Within section, set it to File Age
  • At the bottom, tick on all Safe List and Use Company Name WhiteList option
  • Under Additional Scans, tick on the "Extras" button and then click the checkboxes in front of the following items to select them:
      Reg - Disabled MS Config Items
      Reg - Drivers32
      Reg - Ext
      Reg - IE
      Explorer Bar
      Reg - NetSvcs
      Reg - Safeboot Minimal
      Reg - Safeboot Network
      File - Lop Check
      File - Purity Scan
  • Do NOT change any other settings.
  • Then, in the Custom Scans box, place this in:

    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\System32\*.sys
    %systemroot%\System32\drivers\*.dll
    %systemroot%\System32\drivers\*.ini
    %systemroot%\System32\drivers\*.exe
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*


  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

OTS output attached - too large to copy paste

Post by stevo90277 on Fri Apr 09, 2010 4:32 pm

Hi Dragonmaster J - the output was too large to copy and paste, please find the non-word wrapped, OTS output text file attached.


Last edited by stevo90277 on Fri Apr 09, 2010 4:36 pm; edited 1 time in total (Reason for editing : file attachment)

stevo90277
Novice
Novice

Status :
Online
Offline

Posts : 23
Joined : 2009-10-23
OS : Windows XP

View user profile

Back to top Go down

Re: I caught a virus, goes by av.exe in the TM

Post by Dr Jay on Sat Apr 10, 2010 3:11 am

Could not view the zip file.

Please copy and paste the logs here, in about two or more replies.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: I caught a virus, goes by av.exe in the TM

Post by stevo90277 on Sat Apr 10, 2010 5:54 am

Code:

OTS logfile created on: 4/8/2010 5:43:52 PM - Run 1
OTS by OldTimer - Version 3.1.28.0    Folder = C:\Documents and Settings\price\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 123.46 Gb Free Space | 82.83% Space Free | Partition Type: NTFS
Drive D: | 503.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 1.94 Gb Total Space | 0.13 Gb Free Space | 6.81% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CYPPRICE01
Current User Name: price
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 90 Days
 
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\price\Desktop\OTS.exe -> [2010/04/08 17:37:41 | 000,638,976 | ---- | M | MD5 = 0699456F9835951BCB3304564244386F] (OldTimer Tools)
googlecrashhandler.exe -> C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe -> [2010/03/17 14:21:19 | 000,136,176 | ---- | M | MD5 = 5466909C288218D868AAB8061D308E71] (Google Inc.)
sttservice.exe -> C:\WINDOWS\SttService.exe -> [2010/03/04 11:36:15 | 000,042,043 | ---- | M | MD5 = 8AD315D73A339D13260E2B43BD6BB41D] ()
tmlisten.exe -> C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe -> [2010/02/04 01:04:32 | 000,996,648 | ---- | M | MD5 = C8EAA941F921C74A7400E3CBA29A6CCA] (Trend Micro Inc.)
tmpfw.exe -> C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe -> [2010/02/04 01:04:32 | 000,488,768 | ---- | M | MD5 = 8825B730A43EAD5D56C18769A27B2F51] (Trend Micro Inc.)
cntaosmgr.exe -> C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe -> [2010/02/04 01:04:32 | 000,435,584 | ---- | M | MD5 = 5ADAB74DDEF9144392D723D1B9883DAB] (Trend Micro Inc.)
ntrtscan.exe -> C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe -> [2009/06/04 07:57:44 | 000,963,880 | ---- | M | MD5 = 2F691D751909CE7CC3D1427DF70A04AC] (Trend Micro Inc.)
inetinfo.exe -> C:\WINDOWS\system32\inetsrv\inetinfo.exe -> [2008/04/14 05:00:00 | 000,015,360 | ---- | M | MD5 = DB3C22745C0DA4666F3BE31F1AF36B2F] (Microsoft Corporation)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 17:12:19 | 001,033,728 | ---- | M | MD5 = 12896823FB95BFB3DC9B46BCAEDC9923] (Microsoft Corporation)
iap.exe -> C:\Program Files\Dell\OpenManage\Client\Iap.exe -> [2007/09/25 17:45:04 | 000,240,416 | ---- | M | Unable to obtain MD5] (Dell Inc.)
odclientservice.exe -> C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe -> [2007/03/16 15:53:44 | 000,303,177 | ---- | M | MD5 = 6B488C4220BD1296899FB1C7781FE8B1] (Juniper Networks, Inc.)
stacsv.exe -> C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe -> [2007/02/19 12:27:16 | 000,090,112 | ---- | M | MD5 = 686FA4ACFDCB4E16B7F0230B88F6D17E] (SigmaTel, Inc.)
dsaccessservice.exe -> C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe -> [2006/12/11 10:12:32 | 000,087,664 | ---- | M | MD5 = 1F47CBA81E6AD2E4DE51FD87362F0696] (Juniper Networks)
 
[Modules - Safe List]
ots.exe -> C:\Documents and Settings\price\Desktop\OTS.exe -> [2010/04/08 17:37:41 | 000,638,976 | ---- | M | MD5 = 0699456F9835951BCB3304564244386F] (OldTimer Tools)
 
[Win32 Services - Safe List]
(MobileAutmationAgentService) iPass Endpoint Policy Management Agent [Auto | Stopped] ->  -> File not found
(SttService) Stt Services [Auto | Running] -> C:\WINDOWS\SttService.exe -> [2010/03/04 11:36:15 | 000,042,043 | ---- | M | MD5 = 8AD315D73A339D13260E2B43BD6BB41D] ()
(tmlisten) OfficeScan NT Listener [Auto | Running] -> C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe -> [2010/02/04 01:04:32 | 000,996,648 | ---- | M | MD5 = C8EAA941F921C74A7400E3CBA29A6CCA] (Trend Micro Inc.)
(TmProxy) OfficeScan NT Proxy Service [On_Demand | Stopped] -> C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -> [2010/02/04 01:04:32 | 000,652,552 | ---- | M | MD5 = D49903A8B0EEA75A6EC1E162CDB6D473] (Trend Micro Inc.)
(TmPfw) OfficeScan NT Firewall [On_Demand | Running] -> C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe -> [2010/02/04 01:04:32 | 000,488,768 | ---- | M | MD5 = 8825B730A43EAD5D56C18769A27B2F51] (Trend Micro Inc.)
(Amazon Download Agent) Amazon Download Agent [On_Demand | Stopped] -> C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -> [2009/10/23 13:31:44 | 000,401,920 | ---- | M | MD5 = FF6F0F6A2D72065AE4300426FA414693] (Amazon.com)
(getPlusHelper) getPlus(R) Helper [On_Demand | Stopped] -> C:\Program Files\NOS\bin\getPlus_Helper.dll -> [2009/09/03 08:51:46 | 000,048,368 | ---- | M | MD5 = 3EE179E233EE2B87047570B233D3284F] (NOS Microsystems Ltd.)
(ntrtscan) OfficeScanNT RealTime Scan [Auto | Running] -> C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe -> [2009/06/04 07:57:44 | 000,963,880 | ---- | M | MD5 = 2F691D751909CE7CC3D1427DF70A04AC] (Trend Micro Inc.)
(wsnm) VMware VDM Client Service [Auto | Stopped] -> C:\Program Files\VMware\VMware VDM\Client\bin\wsnm.exe -> [2008/05/08 15:51:56 | 000,131,072 | ---- | M | MD5 = 93F0351D141575E47A931A686DB77735] (VMware, Inc.)
(W3SVC) World Wide Web Publishing [Auto | Running] -> C:\WINDOWS\system32\inetsrv\inetinfo.exe -> [2008/04/14 05:00:00 | 000,015,360 | ---- | M | MD5 = DB3C22745C0DA4666F3BE31F1AF36B2F] (Microsoft Corporation)
(SMTPSVC) Simple Mail Transfer Protocol (SMTP) [Disabled | Stopped] -> C:\WINDOWS\system32\inetsrv\inetinfo.exe -> [2008/04/14 05:00:00 | 000,015,360 | ---- | M | MD5 = DB3C22745C0DA4666F3BE31F1AF36B2F] (Microsoft Corporation)
(IISADMIN) IIS Admin [Auto | Running] -> C:\WINDOWS\system32\inetsrv\inetinfo.exe -> [2008/04/14 05:00:00 | 000,015,360 | ---- | M | MD5 = DB3C22745C0DA4666F3BE31F1AF36B2F] (Microsoft Corporation)
(Iap) Iap [Auto | Running] -> C:\Program Files\Dell\OpenManage\Client\Iap.exe -> [2007/09/25 17:45:04 | 000,240,416 | ---- | M | Unable to obtain MD5] (Dell Inc.)
(EacService) Juniper TNC Endpoint Assessment [On_Demand | Stopped] -> C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe -> [2007/03/16 17:33:59 | 000,081,992 | ---- | M | MD5 = 0A411E8065929D61309C5A610E7C022E] (Juniper Networks)
(odClientService) Juniper OAC Service [Auto | Running] -> C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe -> [2007/03/16 15:53:44 | 000,303,177 | ---- | M | MD5 = 6B488C4220BD1296899FB1C7781FE8B1] (Juniper Networks, Inc.)
(STacSV) SigmaTel Audio Service [Auto | Running] -> C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe -> [2007/02/19 12:27:16 | 000,090,112 | ---- | M | MD5 = 686FA4ACFDCB4E16B7F0230B88F6D17E] (SigmaTel, Inc.)
(JuniperAccessService) Juniper Unified Network Service [Auto | Running] -> C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe -> [2006/12/11 10:12:32 | 000,087,664 | ---- | M | MD5 = 1F47CBA81E6AD2E4DE51FD87362F0696] (Juniper Networks)
(ExtranetAccess) Contivity VPN Service [On_Demand | Stopped] -> C:\Program Files\Nortel Networks\Extranet_serv.exe -> [2006/05/09 14:37:50 | 000,835,584 | ---- | M | MD5 = FF56CB0563CC4AECC690C57C215C6A00] (Nortel Networks NA, Inc.)
 
[Driver Services - Safe List]
(ql1280) ql1280 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\ql1280.sys -> [2010/04/08 17:43:59 | 000,049,024 | ---- | M | MD5 = 907F0AEEA6BC451011611E732BD31FCF] (QLogic Corporation)
(vmm) Virtual Machine Monitor [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\VMM.sys -> [2010/01/10 18:10:57 | 000,229,208 | ---- | M | MD5 = E41FEF9E3056FE88C71E411F705BE41E] (Microsoft Corporation)
(TmFilter) Trend Micro Filter [Kernel | Auto | Running] -> C:\Program Files\Trend Micro\OfficeScan Client\tmxpflt.sys -> [2009/12/04 17:39:06 | 000,230,928 | ---- | M | MD5 = 3E615F370F0C7DB414B6BCD1C18399D4] (Trend Micro Inc.)
(TmPreFilter) Trend Micro PreFilter [Kernel | Auto | Running] -> C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -> [2009/12/04 17:38:18 | 000,036,368 | ---- | M | MD5 = C7C7959EC0940E0EDDFC881FED8EC214] (Trend Micro Inc.)
(VSApiNt) Trend Micro VSAPI NT [Kernel | Auto | Running] -> C:\Program Files\Trend Micro\OfficeScan Client\vsapint.sys -> [2009/12/04 17:05:06 | 001,322,680 | ---- | M | MD5 = 60DFBC34228CA36221B03460789F5D4E] (Trend Micro Inc.)
(tmcomm) tmcomm [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\tmcomm.sys -> [2009/05/25 06:34:58 | 000,142,992 | ---- | M | MD5 = 4D2F1C657FAB4707C33832154D8B7CBF] (Trend Micro Inc.)
(tmcfw) Trend Micro Common Firewall Service [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\TM_CFW.sys -> [2009/05/25 06:34:54 | 000,338,960 | ---- | M | MD5 = 2BBA31F2C6395727DEDCCFEE7EE90370] (Trend Micro Inc.)
(tmtdi) Trend Micro TDI Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\tmtdi.sys -> [2009/05/25 06:34:54 | 000,076,688 | ---- | M | MD5 = F0D408392E4DD0E2C1CE9CC7F0B8F136] (Trend Micro Inc.)
(NETw5x32) Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\NETw5x32.sys -> [2008/08/28 20:34:30 | 003,632,384 | ---- | M | MD5 = AA88346AB7849A1CB34BD3424FEBFECE] (Intel Corporation)
(WSUSBDMAN) VMware VDM Virtual Client USB Manager [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\WSUSBDMAN.sys -> [2008/05/08 15:45:16 | 000,021,504 | ---- | M | MD5 = 9790399837937DA3ED22F811ABC9F74E] (VMware, Inc.)
(gameenum) Game Port Enumerator [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\gameenum.sys -> [2008/04/13 11:45:29 | 000,010,624 | ---- | M | MD5 = 065639773D8B03F33577F6CDAEA21063] (Microsoft Corporation)
(amdagp) AMD AGP Bus Filter Driver [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\amdagp.sys -> [2008/04/13 10:36:40 | 000,043,008 | ---- | M | MD5 = 95B4FB835E28AA1336CEEB07FD5B9398] (Advanced Micro Devices, Inc.)
(sisagp) SIS AGP Bus Filter [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\sisagp.sys -> [2008/04/13 10:36:40 | 000,040,960 | ---- | M | MD5 = 6B33D0EBD30DB32E27D1D78FE946A754] (Silicon Integrated Systems Corporation)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/13 09:36:05 | 000,144,384 | ---- | M | MD5 = 573C7D0A32852B48F3058CFD8026F511] (Windows (R) Server 2003 DDK provider)
(fttxr5_O) fttxr5_O [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\fttxr5_O.sys -> [2008/01/16 10:09:08 | 000,177,152 | ---- | M | MD5 = 608CC916D3697DBC4674A5960941F281] (Promise Technology, Inc.)
(hptiop) hptiop [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\hptiop.sys -> [2008/01/15 17:13:44 | 000,014,496 | ---- | M | MD5 = ED25F39B985A9D81E67D04A4AC54F9B8] (HighPoint Technologies, Inc.)
(mv64xx) mv64xx [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\mv64xx.sys -> [2007/12/06 15:06:10 | 000,212,480 | ---- | M | MD5 = 01EB1C9599930B4C99E1B38ABA8B18CA] (Marvell Semiconductor, Inc.)
(SI3124) SiI-3124 SATALink Controller [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\SI3124.sys -> [2007/11/20 13:26:56 | 000,081,960 | ---- | M | MD5 = 6072EE91FC2A44C4605F59ADDD583CE7] (Silicon Image, Inc)
(Pnp680) SiI 680 ATA Controller [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\pnp680.sys -> [2007/11/13 14:48:46 | 000,071,720 | ---- | M | MD5 = 8C74C611ADAF9DA2A918B8E82E14766B] (Silicon Image, Inc)
(mvSata) mvSata [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\mvsata.sys -> [2007/10/20 05:56:04 | 000,043,520 | ---- | M | MD5 = 2C9AC0974BBC1BEF1C9C24A3F1917A8E] (Marvell Semiconductors Inc.)
(mv61xx) mv61xx [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\mv61xx.sys -> [2007/10/18 13:22:02 | 000,143,360 | ---- | M | MD5 = 72580605F36048262C674EE925031C3C] (Marvell Semiconductor, Inc.)
(SI3114r) SiI-3114 SATARaid Controller [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\SI3114r.sys -> [2007/10/04 11:27:24 | 000,116,776 | ---- | M | MD5 = D95DC9D7AAAFAAABBB7EB49EEE573DB8] (Silicon Image, Inc)
(SiRemFil) SATALink External Device Filter [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\SiRemFil.sys -> [2007/10/03 12:55:28 | 000,015,400 | ---- | M | MD5 = B19EFE5E45AE31F3C3E4C4F0F9DA3C49] (Silicon Image, Inc)
(SI3132) SiI-3132 SATALink Controller [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\SI3132.sys -> [2007/10/03 12:55:08 | 000,080,424 | ---- | M | MD5 = 0B9B5C6DF6226497EF4819B6E1B2EFD5] (Silicon Image, Inc)
(iaStor) Intel RAID Controller [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\iaStor.sys -> [2007/09/29 14:03:12 | 000,308,248 | ---- | M | MD5 = E5A0034847537EAEE3C00349D5C34C5F] (Intel Corporation)
(omci) OMCI WDM Device Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\omci.sys -> [2007/09/25 14:06:50 | 000,019,968 | R--- | M | MD5 = 1A30B4E6FAABE42EBDFCFFFF63E72117] (Dell Inc.)
(videX32) videX32 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\videX32.sys -> [2007/09/21 15:49:10 | 000,009,216 | ---- | M | MD5 = EEFA971BF5EBBFC7D93692EC60AFCB78] (VIA Technologies, Inc.)
(DLADResM) DLADResM [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\DLADResM.SYS -> [2007/07/23 13:05:20 | 000,009,104 | ---- | M | MD5 = 87413B94AE1FABC117C4E8AE6725134E] (Roxio)
(DLABMFSM) DLABMFSM [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\DLABMFSM.SYS -> [2007/07/23 13:04:58 | 000,037,360 | ---- | M | MD5 = A0500678A33802D8954153839301D539] (Roxio)
(DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -> [2007/07/23 13:04:56 | 000,098,448 | ---- | M | MD5 = AF389CE587B6BF5BBDCD6F6ABE5EABC0] (Roxio)
(DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -> [2007/07/23 13:04:56 | 000,093,552 | ---- | M | MD5 = FD85F682C1CC2A7CA878C7A448E6D87E] (Roxio)
(DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -> [2007/07/23 13:04:54 | 000,027,216 | ---- | M | MD5 = 38267CCA177354F1C64450A43A4F7627] (Roxio)
(DLABOIOM) DLABOIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\DLABOIOM.SYS -> [2007/07/23 13:04:52 | 000,032,848 | ---- | M | MD5 = B8D2F68CAC54D46281399F9092644794] (Roxio)
(DLAPoolM) DLAPoolM [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\DLAPoolM.SYS -> [2007/07/23 13:04:52 | 000,016,304 | ---- | M | MD5 = FD363369FD313B46B5AEAB1A688B52E9] (Roxio)
(DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -> [2007/07/23 13:04:50 | 000,108,752 | ---- | M | MD5 = 766A148235BE1C0039C974446E4C0EDC] (Roxio)
(DRVMCDB) DRVMCDB [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -> [2007/07/23 12:55:44 | 000,099,808 | ---- | M | MD5 = 5D3B71BB2BB0009D65D290E2EF374BD3] (Sonic Solutions)
(DLARTL_M) DLARTL_M [File_System | System | Running] -> C:\WINDOWS\system32\drivers\DLARTL_M.SYS -> [2007/07/23 12:49:44 | 000,030,064 | ---- | M | MD5 = 336AE18F0912EF4FBE5518849E004D74] (Roxio)
(DLACDBHM) DLACDBHM [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -> [2007/07/23 12:49:44 | 000,014,576 | ---- | M | MD5 = 0EE93AB799D1CB4EC90B36F3612FE907] (Roxio)
(DRVNDDM) DRVNDDM [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\DRVNDDM.SYS -> [2007/07/23 12:43:42 | 000,052,000 | ---- | M | MD5 = C591BA9F96F40A1FD6494DAFDCD17185] (Roxio)
(rr232x) rr232x [Kernel | Boot | Stopped] -> C:\WINDOWS\system32\DRIVERS\rr232x.sys -> [2007/07/02 08:56:04 | 000,101,888 | ---- | M | MD5 = 7CA6274491C7A3AD95034CE750C026A6] (HighPoint Technologies, Inc.)
(rr2340) rr2340 [Kernel | Boot | Stopped] -> C:\WINDOWS\system32\DRIVERS\rr2340.sys -> [2007/07/02 08:14:58 | 000,102,400 | ---- | M | MD5 = 37921C3D52CAF92F0CB1D4DCC68771BA] (HighPoint Technologies, Inc.)
(SI3112) SiI-3512 SATALink Controller [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\SI3112.sys -> [2007/06/28 15:08:30 | 000,074,280 | ---- | M | MD5 = 20655E752703CBF3A70AA164806A0D72] (Silicon Image, Inc)
(rr172x) rr172x [Kernel | Boot | Stopped] -> C:\WINDOWS\system32\DRIVERS\rr172x.sys -> [2007/06/12 03:06:26 | 000,083,200 | ---- | M | MD5 = A203F18D51CEBDF181F6259C6BED5842] (HighPoint Technologies, Inc.)
(Si3531) SiI-3531 SATA Controller [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\Si3531.sys -> [2007/06/01 09:29:04 | 000,210,736 | ---- | M | MD5 = 4346D5BBDDE7756D8614A3F193D60984] (Silicon Image, Inc)
(Si3132r5) SiI-3132 SoftRaid 5 Controller [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\3132r5c5.sys -> [2007/06/01 01:28:54 | 000,215,856 | ---- | M | MD5 = F6DD3F9474AFD65ACD4861F57D40B8AB] (Silicon Image, Inc)
(SiFilter) SATALink driver accelerator [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -> [2007/05/25 00:41:00 | 000,017,328 | ---- | M | MD5 = E853C341BBF4AC0007A8DB0858DBB09D] (Silicon Image, Inc.)
(vmscsi) vmscsi [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\vmscsi.sys -> [2007/05/09 03:13:00 | 000,017,968 | ---- | M | MD5 = 82132036EE4D3E8AA3E73FEEBE1A9741] (VMware, Inc.)
(nv) nv [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2007/04/28 17:05:00 | 006,727,136 | ---- | M | MD5 = 8129D762CC3E3C5AB9CF2EABC377FB73] (NVIDIA Corporation)
(ApfiltrService) Alps Touch Pad Filter Driver for Windows 2000/XP/Vista [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Apfiltr.sys -> [2007/04/19 18:15:20 | 000,132,608 | ---- | M | MD5 = 5F8054624F08179228832D7FFD6EFD52] (Alps Electric Co., Ltd.)
(arcm_x86) arcm_x86 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\arcm_x86.sys -> [2007/03/26 02:34:32 | 000,025,888 | ---- | M | MD5 = 74737B30BC25D15EEE4BB74B643BBC72] (ARECA Technology Corporation)
(ahcix86) ahcix86 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\ahcix86.sys -> [2007/03/07 03:47:30 | 000,119,808 | ---- | M | MD5 = F1B9E3A223CA684D98BB91FD82157601] (ATI Technologies Inc.)
(guardian2) guardian2 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\oz776.sys -> [2007/02/23 13:47:34 | 000,056,576 | ---- | M | MD5 = 0E1FD1EA2837D6B7A1D7B6C928014D05] (O2Micro)
(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\sthda.sys -> [2007/02/19 12:27:34 | 001,228,296 | ---- | M | MD5 = 31BA85E1CFF39A57F702A2A0877BB8E1] (SigmaTel, Inc.)
(b57w2k) Broadcom NetXtreme Gigabit Ethernet [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\b57xp32.sys -> [2007/02/16 13:46:00 | 000,160,256 | R--- | M | MD5 = F96038AA1EC4013A93D2420FC689D1E9] (Broadcom Corporation)
(Symmpi) Symmpi [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\symmpi.sys -> [2007/02/09 16:06:00 | 000,100,096 | ---- | M | MD5 = A42F863305943869BA00A613C8EE8C7E] (LSI Logic)
(Si3114r5) SiI-3114 SoftRaid 5 Controller [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\Si3114r5.sys -> [2007/02/07 11:30:06 | 000,209,200 | ---- | M | MD5 = 87D406C592327DED095FF314427A4FA7] (Silicon Image, Inc)
(aacsas) Adaptec SAS/SATA-II RAID Miniport Driver [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\aacsas.sys -> [2007/02/06 02:07:10 | 000,081,035 | ---- | M | MD5 = 0B8B2E6D048F68AFE75D19325658E615] (Adaptec, Inc.)
(SI3112r) Silicon Image SiI 3512 SATARaid Controller [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\SI3112r.sys -> [2007/02/01 08:50:10 | 000,110,128 | ---- | M | MD5 = EC2B7C23FB561A52904571439DDBAB78] (Silicon Image, Inc)
(2310_00) 2310_00 [Kernel | Boot | Stopped] -> C:\WINDOWS\system32\DRIVERS\2310_00.sys -> [2007/02/01 06:42:34 | 000,100,224 | ---- | M | MD5 = 0DC1AE59D45A03C1CF20F844FBB2AB9C] (HighPoint Technologies, Inc.)
(rr174x) rr174x [Kernel | Boot | Stopped] -> C:\WINDOWS\system32\DRIVERS\rr174x.sys -> [2007/02/01 06:16:16 | 000,107,296 | ---- | M | MD5 = 0DAE2A83CF23C4CC19FAD97584471A69] (HighPoint Technologies, Inc.)
(VPCNetS2) Virtual Machine Network Services Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\VMNetSrv.sys -> [2007/01/29 07:20:34 | 000,059,280 | ---- | M | MD5 = F96A678DEBDCCB0B4BB7F38CB2580589] (Microsoft Corporation)
(Pnp649r) CMD IDE Raid Controller [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\pnp649r.sys -> [2007/01/20 09:18:14 | 000,066,889 | ---- | M | MD5 = 5A5A6A1003EECD15DF2F383972E86188] (CMD Technology, Inc.)
(SiSRaid4) SiSRaid4 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\sisraid4.sys -> [2007/01/17 06:25:22 | 000,068,864 | ---- | M | MD5 = AF43FBB04FD9ACC46A115B50D7C11E1A] (Silicon Integrated Systems)
(sisraidx) sisraidx [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\sisraidx.sys -> [2007/01/12 06:36:00 | 000,047,616 | ---- | M | MD5 = 5DDFC6750D2D65A3D43AA7021C4EFC28] (Silicon Integrated Systems Corp.)
(jnprna) Juniper Network Agent Miniport [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\jnprna.sys -> [2006/11/14 09:49:54 | 000,398,720 | ---- | M | MD5 = E7AF6A889B7C14555886524782ED7617] (Juniper Networks, Inc.)
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSF_DPV.sys -> [2006/11/02 16:47:36 | 000,989,696 | R--- | M | MD5 = DDBD528E60F5961C142A490DC4EA7780] (Conexant Systems, Inc.)
(HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSFHWAZL.sys -> [2006/11/02 16:47:00 | 000,209,152 | R--- | M | MD5 = B1526810210980BED9D22315946C919D] (Conexant Systems, Inc.)
(winachsf) winachsf [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSF_CNXT.sys -> [2006/11/02 16:46:56 | 000,730,112 | R--- | M | MD5 = 96AFF1738271755A39B52EEF7E35F98F] (Conexant Systems, Inc.)
(adp94xx) adp94xx [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\adp94xx.sys -> [2006/10/12 16:54:00 | 000,360,960 | ---- | M | MD5 = 9A131B2A13021B980E3AB5199ED089B6] (Adaptec, Inc.)
(Si3124r5) SiI-3124 SoftRaid 5 Controller [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\3124r5A2.sys -> [2006/09/20 03:38:26 | 000,207,152 | ---- | M | MD5 = ACD6CD3D5E711C6779BB2DC7AF62B843] (Silicon Image, Inc)
(hptmv) hptmv [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\hptmv.sys -> [2006/08/01 06:57:44 | 000,065,024 | ---- | M | MD5 = 30BE020E400EA872B3E5391D9E6FD133] (HighPoint Technologies, Inc.)
(MegaINTL) MegaINTL [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\MegaINTL.sys -> [2006/07/28 04:07:52 | 000,177,536 | ---- | M | MD5 = 70E56CFD3491289431A3E4DED01489D6] (LSI Logic Corporation.)
(SI3114) SiI-3114 SATALink Controller [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\SI3114.sys -> [2006/06/21 03:21:50 | 000,061,952 | ---- | M | MD5 = CA7A0B85A2C7D78A07D794A2EA3FA8AB] (Silicon Image, Inc.)
(HpCISSm2) HpCISSm2 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\HpCISSm2.sys -> [2006/06/16 03:17:16 | 000,023,040 | ---- | M | MD5 = F574E2F0DA565EB7953426BD08C77642] (Hewlett-Packard Company)
(Eacfilt) Eacfilt Miniport [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\eacfilt.sys -> [2006/05/09 14:47:10 | 000,024,521 | ---- | M | MD5 = C4E93A2E20C678853C61184D93768742] (Nortel Networks)
(IPSECSHM) Nortel IPSECSHM Adapter [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ipsecw2k.sys -> [2006/05/09 14:46:42 | 000,155,216 | ---- | M | MD5 = 4904D7E701CAA114BA65D1E08318ADF0] (Nortel Networks NA, Inc.)
(IPSECEXT) Nortel Extranet Access Protocol [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ipsecw2k.sys -> [2006/05/09 14:46:42 | 000,155,216 | ---- | M | MD5 = 4904D7E701CAA114BA65D1E08318ADF0] (Nortel Networks NA, Inc.)
(lsi_sas2) lsi_sas2 [Kernel | Boot | Stopped] -> C:\WINDOWS\system32\DRIVERS\lsi_sas2.sys -> [2006/04/07 06:44:48 | 000,093,184 | ---- | M | MD5 = 909126BC6BF5284F6DF5A4C90D948A80] (LSI Logic)
(ultra) ultra [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\ultra.sys -> [2006/03/28 07:43:42 | 000,035,538 | ---- | M | MD5 = 41202827A5D13905DDD84E9F3219DDFC] (Promise Technology, Inc.)
(AFAMgt) AFAMgt [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\afamgt.sys -> [2006/03/28 07:43:40 | 000,091,707 | ---- | M | MD5 = F08FA97A7EAEA09390E743B3FE3468AB] (Adaptec, Inc.)
(SI3124r) SiI-3124 SATARaid Controller [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\SI3124R.sys -> [2006/02/26 08:21:22 | 000,100,881 | ---- | M | MD5 = 0C71855057883E63CA2C19736CBAB018] (Silicon Image, Inc)
(viapdsk) VIA ATA/ATAPI Host Controller [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\viapdsk.sys -> [2006/02/26 08:21:22 | 000,029,184 | ---- | M | MD5 = F314359357B6960EB727620470FFC9CF] (VIA Technologies, Inc.)
(UlSata) UlSata [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\ulsata.sys -> [2006/02/26 08:21:20 | 000,073,984 | ---- | M | MD5 = 2C2777217A706F62A9D225256CEAF30A] (Promise Technology, Inc.)
(sptrak) sptrak [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\sptrak.sys -> [2006/02/26 08:21:20 | 000,041,216 | ---- | M | MD5 = B04BDC24F80ECB319F64189194399989] (Promise Technology, Inc.)
(S150sx8) S150sx8 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\S150sx8.sys -> [2006/02/26 08:21:20 | 000,036,864 | ---- | M | MD5 = 13D1E68B006AE72276079F5FCBE5A471] (Promise Technology, Inc.)
(MegaIDE) MegaIDE [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\MegaIDE.sys -> [2006/02/26 08:21:18 | 000,163,277 | ---- | M | MD5 = 6D2428F65978E2FC695B312D986D496B] (LSI Logic Corporation.)
(hpt374) hpt374 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\hpt374.sys -> [2006/02/26 08:21:18 | 000,108,150 | ---- | M | MD5 = 4F824641FB33E1376D34D6F3D9E7D338] (HighPoint Technologies, Inc.)
(hptmv6) hptmv6 [Kernel | Boot | Stopped] -> C:\WINDOWS\system32\DRIVERS\hptmv6.sys -> [2006/02/26 08:21:18 | 000,093,696 | ---- | M | MD5 = CA91CB60E08F18F4D678B74040F7C58E] (HighPoint Technologies, Inc.)
(raidsrc) raidsrc [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\raidsrc.sys -> [2006/02/26 08:21:18 | 000,045,392 | ---- | M | MD5 = C46D405124B1EEAB53CD7886781A26BD] (Intel)
(hpt3xx) hpt3xx [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\hpt3xx.sys -> [2006/02/26 08:21:18 | 000,043,589 | ---- | M | MD5 = 9F2DFE54317B1CD38143686935A278D9] (HighPoint Technologies, Inc.)
(iteraid) ITERAID_Service_Install [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\iteraid.sys -> [2006/02/26 08:21:18 | 000,026,112 | ---- | M | MD5 = 979836FC6DC05218B4E93E5CCEA5654B] (Integrated Technology Express, Inc.)
(Hpt366) Hpt366 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\Hpt366.sys -> [2006/02/26 08:21:18 | 000,022,880 | ---- | M | MD5 = 4E4C5DDE3EB4E9392C9659818790ED6C] (Microsoft Corporation)
(hptpro) hptpro [Kernel | Boot | Stopped] -> C:\WINDOWS\system32\DRIVERS\hptpro.sys -> [2006/02/26 08:21:18 | 000,009,809 | ---- | M | MD5 = 977716F8A6EDDA986FDB41DE52BDB689] (HighPoint Technologies, Inc.)
(m5281) m5281 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\m5281.sys -> [2006/02/26 08:21:16 | 000,051,072 | ---- | M | MD5 = A51CD61975297508D4483FCBF931D86C] (ALi Corporation)
(m5228) m5228 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\m5228.sys -> [2006/02/26 08:21:16 | 000,045,069 | ---- | M | MD5 = 06C174E5C7845055C3D6317709AF6423] (ALi Corporation.)
(amdbusdr) amdbusdr [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\amdbusdr.sys -> [2006/02/26 08:21:16 | 000,029,696 | ---- | M | MD5 = EB7FA9D456B37C80E87F2957BB0BA066] (AMD)
(atiide) atiide [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\atiide.sys -> [2006/02/26 08:21:16 | 000,006,016 | ---- | M | MD5 = 15FC040D4E946BA968BA83D49D8AD151] (ATI Technologies Inc.)
(odFips) odFips [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\odFips.sys -> [2006/01/23 14:19:32 | 000,254,208 | ---- | M | MD5 = 28A25E6CCB36C7F14DEDCF05C5E4DE5F] (Funk Software, Inc.)
(mv614x) mv614x [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\mv614x.sys -> [2006/01/06 09:45:06 | 000,034,432 | ---- | M | MD5 = 6EB1D27590D4BC040F105D2BF35A6C4F] ()
(m5288) m5288 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\m5288.sys -> [2005/12/23 13:54:06 | 000,210,304 | ---- | M | MD5 = 485ED377977DC9661626AAAB614504CF] (ULi Electronics Inc.)
(fttxr52P) fttxr52P [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\fttxr52P.sys -> [2005/11/08 10:07:44 | 000,160,256 | ---- | M | MD5 = 449E63B8CF7935DF63FC4576EE0F1FC8] (Promise Technology, Inc.)
(m5287) m5287 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\m5287.sys -> [2005/09/23 09:53:24 | 000,103,680 | ---- | M | MD5 = 87CF2D570F452A5C1B9FC5C5A44389A5] (ULi Electronics Inc.)
(m5289) m5289 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\m5289.sys -> [2005/07/04 05:21:00 | 000,052,480 | ---- | M | MD5 = E1CA1EA9AD7C8C50EA533829A6854D63] (ULi Electronics Inc.)
(ulsata2) ulsata2 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\ulsata2.sys -> [2005/06/29 07:44:38 | 000,125,952 | ---- | M | MD5 = 97E68FF0DB46E3CFF9928131A44A1DBE] (Promise Technology, Inc.)
(nfrd960) IBM ServeRAID 4M/4L/4Mx/4Lx/5i/6M/6i/7k Device Driver [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\nfrd960.sys -> [2005/06/27 01:57:02 | 000,074,747 | ---- | M | MD5 = 14DA76EC458446298D957D17351D55F7] (IBM Corporation)
(SiSRaid2) SiSRaid2 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\SiSRaid2.sys -> [2005/01/11 09:58:48 | 000,030,976 | ---- | M | MD5 = B8A2F8DCDC75F19962D975727F393920] (Silicon Integrated Systems Corp)
(SiSRaid1) SiSRaid1 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\SiSRaid1.sys -> [2004/09/03 05:48:00 | 000,046,464 | ---- | M | MD5 = 4AD291BD35042BF3158246FBD6ACE72D] (Silicon Integrated Systems)
(SiSRaid) SiSRaid [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\SiSRaid.sys -> [2004/09/03 05:43:00 | 000,046,464 | ---- | M | MD5 = D0013138311FDAB6DAFCCEDFEED59AB1] (Silicon Integrated Systems)
(dontgo) Promise Removable Disk Control Driver [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\DontGo.sys -> [2004/06/29 05:25:26 | 000,007,680 | ---- | M | MD5 = EE1CF616037552F4E75FD6592D0677B6] (Promise Technology, Inc.)
(FastSx) FastSx [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\FastSx.sys -> [2004/05/19 10:31:36 | 000,167,424 | ---- | M | MD5 = A432068BF907088B4987A094C6039AB5] (Promise Technology, Inc.)
(bb-run) Promise driver accelerator [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\bb-run.sys -> [2003/11/05 00:45:12 | 000,017,408 | ---- | M | MD5 = 7270D070173B20AC9487EA16BB08B45F] (Promise Technology, Inc.)
(fasttx2k) fasttx2k [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -> [2003/04/28 00:15:58 | 000,140,800 | ---- | M | MD5 = 7CABD19B156AB246026A90882BD3E1A2] (Promise Technology, Inc.)
(fasttrak) fasttrak [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\fasttrak.sys -> [2003/04/25 07:20:48 | 000,065,536 | ---- | M | MD5 = 54BFB4045F5E7000E23AA1A595DEFA5D] (Promise Technology, Inc.)
(Pnp680r) Silicon Image SiI 0680 Medley Raid Controller [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\pnp680r.sys -> [2002/05/31 08:35:02 | 000,076,976 | ---- | M | MD5 = A1D7A9214B71EBBB6F31CB84AAC15525] (Silicon Image, Inc)
(Sparrow) Sparrow [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\sparrow.sys -> [2001/08/17 11:07:44 | 000,019,072 | ---- | M | MD5 = 83C0F71F86D3BDAF915685F3D568B20E] (Adaptec, Inc.)
(sym_u3) sym_u3 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\sym_u3.sys -> [2001/08/17 11:07:42 | 000,030,688 | ---- | M | MD5 = BF4FAB949A382A8E105F46EBB4937058] (LSI Logic)
(sym_hi) sym_hi [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\sym_hi.sys -> [2001/08/17 11:07:40 | 000,028,384 | ---- | M | MD5 = 80AC1C4ABBE2DF3B738BF15517A51F2C] (LSI Logic)
(symc8xx) symc8xx [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\symc8xx.sys -> [2001/08/17 11:07:36 | 000,032,640 | ---- | M | MD5 = 070E001D95CF725186EF8B20335F933C] (LSI Logic)
(symc810) symc810 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\symc810.sys -> [2001/08/17 11:07:34 | 000,016,256 | ---- | M | MD5 = 1FF3217614018630D0A6758630FC698C] (Symbios Logic Inc.)
(ql12160) ql12160 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\ql12160.sys -> [2001/08/17 10:52:20 | 000,045,312 | ---- | M | MD5 = 156ED0EF20C15114CA097A34A30D8A01] (QLogic Corporation)
(ql1080) ql1080 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\ql1080.sys -> [2001/08/17 10:52:20 | 000,040,320 | ---- | M | MD5 = 0A63FB54039EB5662433CABA3B26DBA7] (QLogic Corporation)
(dac2w2k) dac2w2k [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -> [2001/08/17 10:52:16 | 000,179,584 | ---- | M | MD5 = E550E7418984B65A78299D248F0A7F36] (Mylex Corporation)
(mraid35x) mraid35x [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\mraid35x.sys -> [2001/08/17 10:52:12 | 000,017,280 | ---- | M | MD5 = 3F4BB95E5A44F3BE34824E8E7CAF0737] (American Megatrends Inc.)
(asc) asc [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\asc.sys -> [2001/08/17 10:52:00 | 000,026,496 | ---- | M | MD5 = 62D318E9A0C8FC9B780008E724283707] (Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\asc3550.sys -> [2001/08/17 10:51:58 | 000,014,848 | ---- | M | MD5 = 5D8DE112AA0254B907861E9E9C31D597] (Advanced System Products, Inc.)
(AliIde) AliIde [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\aliide.sys -> [2001/08/17 10:51:56 | 000,005,248 | ---- | M | MD5 = 1140AB9938809700B46BB88E46D72A96] (Acer Laboratories Inc.)
(CmdIde) CmdIde [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\cmdide.sys -> [2001/08/17 10:51:54 | 000,006,656 | ---- | M | MD5 = E5DCB56C533014ECBC556A8357C929D5] (CMD Technology, Inc.)
(es1371) Creative AudioPCI (ES1371,ES1373) (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\es1371mp.sys -> [2001/08/17 05:19:34 | 000,040,704 | ---- | M | MD5 = A55DD7D8CED5D2624A9EE2DDA7BE0319] (Creative Technology Ltd.)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
HKEY_USERS\.DEFAULT\: "AutoConfigURL" -> http://proxyconf/ ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
HKEY_USERS\S-1-5-18\: "AutoConfigURL" -> http://proxyconf/ ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-954228201-601818101-482762101-64346\] > -> ->
HKEY_USERS\S-1-5-21-954228201-601818101-482762101-64346\: Main\\"Start Page" -> http://www.google.com/ ->
HKEY_USERS\S-1-5-21-954228201-601818101-482762101-64346\: "ProxyEnable" -> 0 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  ->
< FireFox Extensions [User Folders] > ->
~[Filtered]~
Reset Hosts
127.0.0.1      localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\apps\Java\jre5\bin\ssv.dll [SSVHelper Class] -> [2009/05/04 15:32:15 | 000,452,088 | ---- | M | MD5 = 7AD0691534D1827CECEC22FD6018E227] (Sun Microsystems, Inc.)
{ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} [HKLM] -> C:\Program Files\Google\Chrome Frame\Application\5.0.366.0\npchrome_frame.dll [ChromeFrame BHO] -> [2010/03/31 09:28:05 | 001,213,424 | ---- | M | MD5 = 7130CF5337EFC8C917FE7D53EA386C02] (@COMPANY_FULLNAME@)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"AmazonGSDownloaderTray" -> C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe [C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe] -> [2009/10/23 13:31:44 | 000,326,144 | ---- | M | MD5 = D5864EA9DE2E9C2EA8777A564E3E4408] (Amazon.com)
"Apoint" -> C:\Program Files\DellTPad\Apoint.exe [C:\Program Files\DellTPad\Apoint.exe] -> [2007/04/17 17:31:58 | 000,159,744 | ---- | M | MD5 = AE1F7D3B0ED4A112A118CF5FCF17F957] (Alps Electric Co., Ltd.)
"Communicator" -> C:\Program Files\Microsoft Office Communicator\communicator.exe ["C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey] -> [2009/06/03 23:47:00 | 005,069,648 | ---- | M | MD5 = 4E357923DAF0A4E3815B9388F824608E] (Microsoft Corporation)
"KernelFaultCheck" ->  [%systemroot%\system32\dumprep 0 -k] -> File not found
"Malwarebytes Anti-Malware (reboot)" -> E:\Debug Malware\Software\Malwarebytes' Anti-Malware\mbam.exe ["E:\Debug Malware\Software\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript] -> [2009/09/10 14:53:56 | 001,312,080 | ---- | M | MD5 = C5FCC0B761069FABD59E41B7C3280DDF] (Malwarebytes Corporation)
"NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2007/04/28 17:05:00 | 008,429,568 | ---- | M | MD5 = BCDDB364D1E1D6DAC48F0CEF7BEBAE85] (NVIDIA Corporation)
"NVHotkey" -> C:\WINDOWS\System32\nvhotkey.dll [rundll32.exe nvHotkey.dll,Start] -> [2007/04/28 17:05:00 | 000,067,584 | ---- | M | MD5 = AB3A572C654C1F6E24C568A481C48127] (NVIDIA Corporation)
"NvMediaCenter" -> C:\WINDOWS\System32\NvMcTray.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> [2007/04/28 17:05:00 | 000,081,920 | ---- | M | MD5 = 66821ED67E9D67B8BE32E0031EF0C065] (NVIDIA Corporation)
"nwiz" -> C:\WINDOWS\System32\nwiz.exe [nwiz.exe /installquiet] -> [2007/04/28 17:05:00 | 001,626,112 | ---- | M | MD5 = 0F919E1FAF47734B50F4FCB6111D73D8] ()
"OdTray.exe" -> C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe ["C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe"] -> [2007/03/16 15:52:46 | 001,028,160 | ---- | M | MD5 = 1C1B0B9ED71B293B42A69DE0225A56BD] (Juniper Networks, Inc.)
"OfficeScanNT Monitor" -> C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe ["C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe" -HideWindow] -> [2010/02/04 01:04:32 | 000,718,120 | ---- | M | MD5 = 46218C5B4622493F392CF46EDD6328CB] (Trend Micro Inc.)
"PDVDDXSrv" -> C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe ["C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"] -> [2006/10/20 15:23:38 | 000,118,784 | ---- | M | MD5 = BF67A8F7CC0E83D226FED8B4E27F8C33] (CyberLink Corp.)
"Ptipbmf" -> C:\WINDOWS\System32\ptipbmf.dll [rundll32.exe ptipbmf.dll,SetWriteCacheMode] -> [2007/10/20 05:55:58 | 000,118,784 | ---- | M | MD5 = 8CEADAF5628EDBE232E0C6E905DA77E8] (Promise Technology, Inc.)
"PtiuPbmd" -> C:\WINDOWS\System32\ulutil2.dll [Rundll32.exe ulutil2.dll,SetWriteBack] -> [2003/11/05 09:06:14 | 000,110,592 | ---- | M | MD5 = AB29E7A6BF1A97161F80397FE0BD9C85] (Promise Technology,Inc.)
"SIECACST" -> C:\Program Files\Siemens\CardOS API\bin\siecacst.exe [C:\Program Files\Siemens\CardOS API\bin\siecacst.exe] -> [2007/08/02 12:08:08 | 000,081,920 | ---- | M | MD5 = 1821923210EE42E23931FF04779E8916] (Siemens AG)
"SigmatelSysTrayApp" -> C:\WINDOWS\stsystra.exe [stsystra.exe] -> [2007/02/19 12:26:32 | 000,303,104 | ---- | M | MD5 = 34F44FE583D16815AD848855E7618E0D] (SigmaTel, Inc.)
< Run [HKEY_USERS\S-1-5-21-954228201-601818101-482762101-64346\] > -> HKEY_USERS\S-1-5-21-954228201-601818101-482762101-64346\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"ISUSPM" -> C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler] -> [2006/09/11 02:40:32 | 000,218,032 | ---- | M | MD5 = 43D083268A0919F3527A2837390BAF63] (Macrovision Corporation)
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< price Startup Folder > -> C:\Documents and Settings\price\Start Menu\Programs\Startup ->
< salesadmin Startup Folder > -> C:\Documents and Settings\salesadmin\Start Menu\Programs\Startup ->
< systemaccount Startup Folder > -> C:\Documents and Settings\systemaccount\Start Menu\Programs\Startup ->
< zzsttadmin Startup Folder > -> C:\Documents and Settings\zzsttadmin\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
\Infodelivery\Restrictions\\"NoSplash" ->  [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main
\Main\\"DisableFirstRunCustomize" ->  [1] -> File not found
< Software Policy Settings [HKEY_USERS\S-1-5-21-954228201-601818101-482762101-64346] > -> HKEY_USERS\S-1-5-21-954228201-601818101-482762101-64346\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
\\"NoWelcomeScreen" ->  [1] -> File not found
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"LogonType" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-954228201-601818101-482762101-64346] > -> HKEY_USERS\S-1-5-21-954228201-601818101-482762101-64346\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-954228201-601818101-482762101-64346\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoComputersNearMe" ->  [1] -> File not found
\\"NoFavoritesMenu" ->  [1] -> File not found
\\"NoSMMyPictures" ->  [1] -> File not found
\\"NoStartMenuMyMusic" ->  [1] -> File not found
\\"NoAutoTrayNotify" ->  [1] -> File not found
\\"NoSMBalloonTip" ->  [1] -> File not found
\\"NoDesktopCleanupWizard" ->  [1] -> File not found
\\"NoWelcomeScreen" ->  [1] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-954228201-601818101-482762101-64346] > -> HKEY_USERS\S-1-5-21-954228201-601818101-482762101-64346\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-954228201-601818101-482762101-64346\] > -> HKEY_USERS\S-1-5-21-954228201-601818101-482762101-64346\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000] -> [2009/08/17 23:48:08 | 018,341,216 | ---- | M | MD5 = 35B49E4A50B8E8F39E1723070F302705] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC} [HKLM] -> C:\apps\Java\jre5\bin\NPJPI150_19.dll [Menu: Sun Java Console] -> [2009/05/04 15:32:16 | 000,075,272 | ---- | M | MD5 = 694C8A11935358AD76C285F27B348F21] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2006/10/26 17:12:22 | 000,040,424 | ---- | M | MD5 = 7FC19DA1DC70C78D2FBD7A1D10942051] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-954228201-601818101-482762101-64346\] > -> HKEY_USERS\S-1-5-21-954228201-601818101-482762101-64346\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 17:12:22 | 000,040,424 | ---- | M | MD5 = 7FC19DA1DC70C78D2FBD7A1D10942051] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4 domain(s) found. ->
salesforce.com .[https] -> Trusted sites ->
*.industrysoftware.automation_siemens.com [*] -> Trusted sites ->
ura_siemens.us [https] -> Trusted sites ->
ugs.com .[*] -> Trusted sites ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4 domain(s) found. ->
salesforce.com .[https] -> Trusted sites ->
*.industrysoftware.automation_siemens.com [*] -> Trusted sites ->
ura_siemens.us [https] -> Trusted sites ->
ugs.com .[*] -> Trusted sites ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-954228201-601818101-482762101-64346\] > -> HKEY_USERS\S-1-5-21-954228201-601818101-482762101-64346\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-954228201-601818101-482762101-64346\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4 domain(s) found. ->
salesforce.com .[https] -> Trusted sites ->
*.industrysoftware.automation_siemens.com [*] -> Trusted sites ->


Last edited by stevo90277 on Sat Apr 10, 2010 5:03 pm; edited 1 time in total

stevo90277
Novice
Novice

Status :
Online
Offline

Posts : 23
Joined : 2009-10-23
OS : Windows XP

View user profile

Back to top Go down

Re: I caught a virus, goes by av.exe in the TM

Post by stevo90277 on Sat Apr 10, 2010 5:54 am

Code:

ura_siemens.us [https] -> Trusted sites ->
ugs.com .
[*] -> Trusted sites ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-954228201-601818101-482762101-64346\] > -> HKEY_USERS\S-1-5-21-954228201-601818101-482762101-64346\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-954228201-601818101-482762101-64346\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [HKLM] -> http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab [Office Genuine Advantage Validation Tool] ->
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] ->
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab [Windows Genuine Advantage Validation Tool] ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} [HKLM] -> http://office.microsoft.com/officeupdate/content/opuc3.cab [Office Update Installation Engine] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1244484778015 [WUWebControl Class] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244484770390 [MUWebControl Class] ->
{8100D56A-5661-482C-BEE8-AFECE305D968} [HKLM] -> http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab [Facebook Photo Uploader 5 Control] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_19-windows-i586.cab [Java Plug-in 1.5.0_19] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Reg Error: Key error.] ->
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [HKLM] -> http://office.microsoft.com/officeupdate/content/opuc4.cab [Office Update Installation Engine] ->
{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_19-windows-i586.cab [Java Plug-in 1.5.0_19] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_19-windows-i586.cab [Java Plug-in 1.5.0_19] ->
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} [HKLM] -> http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab [get_atlcom Class] ->
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [get_atlcom Class] ->
{E5F5D008-DD2C-4D32-977D-1A0ADF03058B} [HKLM] -> https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab [JuniperSetupSP1 Control] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.1.1 68.238.64.12 ->
Domain -> net.plm.eds.com ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{B6B288D1-1097-4AEB-A55C-5B845832FF70}\\DhcpNameServer -> 192.168.1.1 68.238.64.12 (Broadcom NetXtreme 57xx Gigabit Controller) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 17:12:19 | 001,033,728 | ---- | M | MD5 = 12896823FB95BFB3DC9B46BCAEDC9923] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
OdysseyClient -> C:\WINDOWS\System32\odyEvent.dll -> [2008/06/28 22:49:21 | 000,122,949 | ---- | M | MD5 = F503FCB7D0C8F5CB1E5F0EEE9001C06A] (Juniper Networks, Inc.)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" [HKLM] -> C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [] -> [2007/02/05 12:39:22 | 000,294,400 | ---- | M | MD5 = 9A451D3B7EEFE572D7B4B852F0F151F1] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> [2009/08/17 22:54:54 | 012,957,536 | ---- | M | MD5 = A4C6626DD0833249DFC8224014965E07] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> [2009/08/17 22:54:54 | 012,957,536 | ---- | M | MD5 = A4C6626DD0833249DFC8224014965E07] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2006/04/28 07:40:18 | 000,000,000 | ---- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
C:\autoexec.mba [] -> C:\autoexec.mba [ NTFS ] -> [2006/04/28 07:40:18 | 000,000,000 | ---- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
D:\AUTORUN.INF [[autorun] | open=start.exe | icon=WINV2531.ICO | label=BlackBerry User Tools | ] -> D:\AUTORUN.INF [ CDFS ] -> [2009/09/17 07:07:12 | 000,000,075 | R--- | M | MD5 = 8D1A3D8B92D5A202FC50C6CDE458A29E] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ ->
.com [@ = ComFile] -> "%1" %* ->
.exe [@ = secfile] -> C:\Documents and Settings\LocalService\Local Settings\Application Data\ave.exe -> [2010/04/07 19:32:57 | 000,195,072 | -HS- | M | MD5 = 0F296421F90F3E5E4848A479D02FFF0B] ()
< File Associations - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Classes\\ ->
.exe [@ = secfile] -> C:\Documents and Settings\LocalService\Local Settings\Application Data\ave.exe -> [2010/04/07 19:32:57 | 000,195,072 | -HS- | M | MD5 = 0F296421F90F3E5E4848A479D02FFF0B] ()
.exe [@ = secfile] -> C:\Documents and Settings\LocalService\Local Settings\Application Data\ave.exe -> [2010/04/07 19:32:57 | 000,195,072 | -HS- | M | MD5 = 0F296421F90F3E5E4848A479D02FFF0B] ()
.exe [@ = secfile] -> C:\Documents and Settings\price\Local Settings\Application Data\av.exe -> [2010/04/07 19:34:07 | 000,195,072 | -HS- | M | MD5 = 0F296421F90F3E5E4848A479D02FFF0B] ()

[Registry - Additional Scans - Safe List]
< Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 ->
"msacm.ac3filter" -> C:\WINDOWS\System32\ac3filter.acm [ac3filter.acm] -> [2007/08/18 03:54:30 | 000,380,928 | ---- | M | MD5 = 9750B3FE2A107432EFCB2417EFA3D742] ()
"msacm.divxa32" -> C:\WINDOWS\System32\DivXa32.acm [DivXa32.acm] -> [2000/03/31 22:11:08 | 000,291,408 | ---- | M | MD5 = 765EAA222E1F6C7122EB22EE66D88CE1] (Packed With Joy !)
"msacm.iac2" -> C:\WINDOWS\system32\iac25_32.ax [C:\WINDOWS\system32\iac25_32.ax] -> [2008/04/13 17:12:42 | 000,199,680 | ---- | M | MD5 = 877C90686858D899B042BBA45E9B7F2C] (Intel Corporation)
"msacm.l3acm" -> C:\WINDOWS\system32\l3codeca.acm [C:\WINDOWS\system32\l3codeca.acm] -> [2008/04/13 17:09:57 | 000,290,816 | ---- | M | MD5 = 452705AC9E4C0DDE91A61F0E02292423] (Fraunhofer Institut Integrierte Schaltungen IIS)
"msacm.sl_anet" -> C:\WINDOWS\System32\sl_anet.acm [sl_anet.acm] -> [2008/04/13 17:10:50 | 000,086,016 | ---- | M | MD5 = 0DBB250A89E2E1C9281009AC269F0805] (Sipro Lab Telecom Inc.)
"msacm.trspch" -> C:\WINDOWS\System32\tssoft32.acm [tssoft32.acm] -> [2004/08/04 05:00:00 | 000,008,192 | ---- | M | MD5 = E8CD0D7E169ECCE2D4FD829DAAB786ED] (DSP GROUP, INC.)
"vidc.cvid" -> C:\WINDOWS\System32\iccvid.dll [iccvid.dll] -> [2008/04/13 17:11:54 | 000,080,384 | ---- | M | MD5 = 7E86D471EF8DED7B9D15106002120271] (Radius Inc.)
"vidc.ffds" -> C:\WINDOWS\System32\ff_vfw.dll [ff_vfw.dll] -> [2008/05/26 13:33:08 | 000,007,680 | ---- | M | MD5 = E84DB752B6E51A0B4A48D6100453E97C] ()
"vidc.iv31" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2004/08/04 05:00:00 | 000,199,168 | ---- | M | MD5 = 43ECA1576906BA76FB3E329A338A3CAE] ()
"vidc.iv32" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2004/08/04 05:00:00 | 000,199,168 | ---- | M | MD5 = 43ECA1576906BA76FB3E329A338A3CAE] ()
"vidc.iv41" -> C:\WINDOWS\System32\ir41_32.ax [ir41_32.ax] -> [2008/04/13 17:12:42 | 000,848,384 | ---- | M | MD5 = 948E1498C6438625247F94534AAA82FE] (Intel Corporation)
"vidc.iv50" -> C:\WINDOWS\System32\ir50_32.dll [ir50_32.dll] -> [2008/04/13 17:11:55 | 000,755,200 | ---- | M | MD5 = 5F10DC19D92CCF6B719B494572F4F74B] (Intel Corporation)
< Ext (PreApproved) - [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ ->
{02BCC737-B171-4746-94C9-0D8A0B2C0089} [HKLM] -> C:\Program Files\Microsoft Office\Office12\IEAWSDC.DLL [Microsoft Office Template and Media Control] -> [2007/08/24 00:36:58 | 000,175,968 | ---- | M | MD5 = 1BBD0EB601DD2DD8656365B6738A285B] ()
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2009/05/26 15:18:52 | 000,779,568 | ---- | M | MD5 = 119F55DAE2859632F2DD950031CD0A3B] (Apple Inc.)
{07B06095-5687-4D13-9E32-12B4259C9813} [HKLM] -> C:\Program Files\Microsoft Office\Office12\STSUPLD.DLL [STSUpld UploadCtl Class] -> [2006/10/26 16:59:30 | 000,227,128 | ---- | M | MD5 = 40A2F9DBE7434EB9B866D4B67FCA6C5B] (Microsoft Corporation)
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> C:\WINDOWS\system32\Adobe\Director\swdir.dll [Shockwave ActiveX Control] -> [2008/08/06 13:30:48 | 000,202,168 | ---- | M | MD5 = B8153BAD2E56C50B147867FA9DAEB095] (Adobe Systems, Inc.)
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> C:\WINDOWS\system32\Adobe\Director\swdir.dll [Shockwave ActiveX Control] -> [2008/08/06 13:30:48 | 000,202,168 | ---- | M | MD5 = B8153BAD2E56C50B147867FA9DAEB095] (Adobe Systems, Inc.)
{3FD37ABB-F90A-4DE5-AA38-179629E64C2F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Spreadsheet Launcher] -> [2007/08/28 20:49:52 | 000,143,760 | ---- | M | MD5 = 0BBEDE8B3549A85662B513A692D634D1] (Microsoft Corporation)
{4063BE15-3B08-470D-A0D5-B37161CFFD69} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2009/05/26 15:18:52 | 000,779,568 | ---- | M | MD5 = 119F55DAE2859632F2DD950031CD0A3B] (Apple Inc.)
{5852F5ED-8BF4-11D4-A245-0080C6F74284} [HKLM] -> C:\apps\Java\jre5\bin\JavaWebStart.dll [isInstalled Class] -> [2009/05/04 15:32:25 | 000,147,456 | ---- | M | MD5 = 714007027C55B2037224BD1071056666] (Sun Microsystems, Inc.)
{62B4D041-4667-40B6-BB50-4BC0A5043A73} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Export Database Launcher] -> [2007/08/28 20:49:52 | 000,143,760 | ---- | M | MD5 = 0BBEDE8B3549A85662B513A692D634D1] (Microsoft Corporation)
{65BCBEE4-7728-41A0-97BE-14E1CAE36AAE} [HKLM] -> C:\Program Files\Microsoft Office\Office12\STSLIST.DLL [Microsoft Office List 12.0] -> [2007/08/28 20:28:26 | 002,330,024 | ---- | M | MD5 = DE9921231880B4B4248AB8FD43BFA9A9] (Microsoft Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\apps\Java\jre5\bin\ssv.dll [SSVHelper Class] -> [2009/05/04 15:32:15 | 000,452,088 | ---- | M | MD5 = 7AD0691534D1827CECEC22FD6018E227] (Sun Microsystems, Inc.)
{8075631E-5146-11D5-A672-00B0D022E945} [HKLM] -> C:\Program Files\Microsoft Office\Office12\INLAUNCH.DLL [SharepointOpenXMLDocuments] -> [2006/10/26 18:41:50 | 000,066,368 | ---- | M | MD5 = AD96F7EA53EE83D658CC810402D588C0] (Microsoft Corporation)
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> C:\apps\Java\jre5\bin\NPJPI150_19.dll [Java Plug-in 1.5.0_19] -> [2009/05/04 15:32:16 | 000,075,272 | ---- | M | MD5 = 694C8A11935358AD76C285F27B348F21] (Sun Microsystems, Inc.)
{9203C2CB-1DC1-482D-967E-597AFF270F0D} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint OpenDocuments Class] -> [2007/08/28 20:49:52 | 000,143,760 | ---- | M | MD5 = 0BBEDE8B3549A85662B513A692D634D1] (Microsoft Corporation)
{9F9C4924-C3F3-4459-A396-9E9E0D8B83D1} [HKLM] -> Reg Error: Key error. [SharePoint OpenDocuments Class] -> File not found
{BDEADE3E-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientEventSubscription Class] -> [2007/08/24 00:29:36 | 000,801,160 | ---- | M | MD5 = 22331B4710065B11D4B637CA30B41C80] (Microsoft Corporation)
{BDEADE3F-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientMiscApis Class] -> [2007/08/24 00:29:36 | 000,801,160 | ---- | M | MD5 = 22331B4710065B11D4B637CA30B41C80] (Microsoft Corporation)
{BDEADE40-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientCommentThread Class] -> [2007/08/24 00:29:36 | 000,801,160 | ---- | M | MD5 = 22331B4710065B11D4B637CA30B41C80] (Microsoft Corporation)
{BDEADE42-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientComment Class] -> [2007/08/24 00:29:36 | 000,801,160 | ---- | M | MD5 = 22331B4710065B11D4B637CA30B41C80] (Microsoft Corporation)
{BDEADE43-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSBrowserUI Class] -> [2007/08/24 00:29:36 | 000,801,160 | ---- | M | MD5 = 22331B4710065B11D4B637CA30B41C80] (Microsoft Corporation)
{BDEADE98-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWS Post Data] -> [2007/08/24 00:29:36 | 000,801,160 | ---- | M | MD5 = 22331B4710065B11D4B637CA30B41C80] (Microsoft Corporation)
{BDEADE9E-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [SharePoint Spreadsheet Launcher] -> [2007/08/24 00:29:36 | 000,801,160 | ---- | M | MD5 = 22331B4710065B11D4B637CA30B41C80] (Microsoft Corporation)
{BDEADEB3-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2007/08/24 00:29:36 | 000,801,160 | ---- | M | MD5 = 22331B4710065B11D4B637CA30B41C80] (Microsoft Corporation)
{BDEADEB4-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2007/08/24 00:29:36 | 000,801,160 | ---- | M | MD5 = 22331B4710065B11D4B637CA30B41C80] (Microsoft Corporation)
{BDEADEB5-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2007/08/24 00:29:36 | 000,801,160 | ---- | M | MD5 = 22331B4710065B11D4B637CA30B41C80] (Microsoft Corporation)
{BDEADEB7-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSDiscussionServers Class] -> [2007/08/24 00:29:36 | 000,801,160 | ---- | M | MD5 = 22331B4710065B11D4B637CA30B41C80] (Microsoft Corporation)
{BDEADEB8-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientCollaboration Class] -> [2007/08/24 00:29:36 | 000,801,160 | ---- | M | MD5 = 22331B4710065B11D4B637CA30B41C80] (Microsoft Corporation)
{BDEADEDA-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE.Discussion] -> [2007/08/24 00:29:36 | 000,801,160 | ---- | M | MD5 = 22331B4710065B11D4B637CA30B41C80] (Microsoft Corporation)
{BDEADEDB-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE.Discussions] -> [2007/08/24 00:29:36 | 000,801,160 | ---- | M | MD5 = 22331B4710065B11D4B637CA30B41C80] (Microsoft Corporation)
{BDEADEDC-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE.DiscussionServer] -> [2007/08/24 00:29:36 | 000,801,160 | ---- | M | MD5 = 22331B4710065B11D4B637CA30B41C80] (Microsoft Corporation)
{BDEADEDD-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE.DiscussionServers] -> [2007/08/24 00:29:36 | 000,801,160 | ---- | M | MD5 = 22331B4710065B11D4B637CA30B41C80] (Microsoft Corporation)
{BDEADEDE-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE Global Class] -> [2007/08/24 00:29:36 | 000,801,160 | ---- | M | MD5 = 22331B4710065B11D4B637CA30B41C80] (Microsoft Corporation)
{BDEADEE0-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSDiscussionBar Class] -> [2007/08/24 00:29:36 | 000,801,160 | ---- | M | MD5 = 22331B4710065B11D4B637CA30B41C80] (Microsoft Corporation)
{BDEADEF2-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> Reg Error: Key error. [SharePoint OpenDocuments Class] -> File not found
{BDEADEF4-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> Reg Error: Key error. [SharePoint Stssync Handler] -> File not found
{BDEADEF5-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Stssync Handler] -> [2007/08/28 20:49:52 | 000,143,760 | ---- | M | MD5 = 0BBEDE8B3549A85662B513A692D634D1] (Microsoft Corporation)
{C9712B19-838B-45A5-ABF2-9A315DDDED50} [HKLM] -> C:\Program Files\Microsoft Office\Office12\AUTHZAX.DLL [Microsoft Office 12 Authorization Control] -> [2006/10/26 17:12:26 | 000,053,576 | ---- | M | MD5 = 525697973DC89B8BEC539C8E4568B7FF] (Microsoft Corporation)
{CA8A9780-280D-11CF-A24D-444553540000} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll [Adobe PDF Reader] -> [2007/05/10 20:26:40 | 000,632,432 | ---- | M | MD5 = 97E41D0A84A5318A970F41A8058D9529] (Adobe Systems, Inc.)
{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA} [HKLM] -> C:\apps\Java\jre5\bin\NPJPI150_19.dll [Java Plug-in 1.5.0_19] -> [2009/05/04 15:32:16 | 000,075,272 | ---- | M | MD5 = 694C8A11935358AD76C285F27B348F21] (Sun Microsystems, Inc.)
{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB} [HKLM] -> C:\apps\Java\jre5\bin\NPJPI150_19.dll [Java Plug-in 1.5.0_19
 redirector] -> [2009/05/04 15:32:16 | 000,075,272 | ---- | M | MD5 = 694C8A11935358AD76C285F27B348F21] (Sun Microsystems, Inc.)
{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC} [HKLM] -> C:\apps\Java\jre5\bin\NPJPI150_19.dll [Java Plug-in 1.5.0_19] -> [2009/05/04 15:32:16 | 000,075,272 | ---- | M | MD5 = 694C8A11935358AD76C285F27B348F21] (Sun Microsystems, Inc.)
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBC} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CB927D12-4FF7-4A9E-A169-56E4B8A75598} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [Behavior Object] -> [2009/05/26 15:18:52 | 000,779,568 | ---- | M | MD5 = 119F55DAE2859632F2DD950031CD0A3B] (Apple Inc.)
{CDEC13B2-0B3C-400E-B909-E27EE89C6799} [HKLM] -> C:\Program Files\Microsoft Office\Office12\STSUPLD.DLL [STSUpld CopyCtl Class] -> [2006/10/26 16:59:30 | 000,227,128 | ---- | M | MD5 = 40A2F9DBE7434EB9B866D4B67FCA6C5B] (Microsoft Corporation)
{CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{D27CDB6E-AE6D-11cf-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx [Shockwave Flash Object] -> [2010/01/26 17:58:36 | 003,981,080 | R--- | M | Unable to obtain MD5] (Adobe Systems, Inc.)
{DBDC1CDA-B64B-49f7-9535-6317AA416E51} [HKLM] -> C:\Program Files\VMware\VMware VDM\Client\bin\wswc.exe [VMware_VDM_Client Class] -> [2008/05/08 15:54:00 | 000,202,056 | ---- | M | MD5 = 783AE5C308029F856348B214D9C0B4F8] (VMware, Inc.)
{E0A900DF-9611-4446-86BD-4B1D47E7DB2A} [HKLM] -> C:\Program Files\Google\Chrome Frame\Application\5.0.366.0\npchrome_frame.dll [Chrome Frame] -> [2010/03/31 09:28:05 | 001,213,424 | ---- | M | MD5 = 7130CF5337EFC8C917FE7D53EA386C02] (@COMPANY_FULLNAME@)
{E18FEC31-2EA1-49A2-A7A6-902DC0D1FF05} [HKLM] -> C:\Program Files\Microsoft Office\Office12\NAME.DLL [NameCtrl Class] -> [2007/08/24 00:37:50 | 000,068,464 | ---- | M | MD5 = 1C7A4288196FE72EF9AB885CF047C67C] (Microsoft Corporation)
{E543A17A-F212-49C0-B63D-BF09B460250E} [HKLM] -> C:\Program Files\Microsoft Office\Office12\oisctrl.dll [OISClientLauncher Class] -> [2006/10/26 17:00:04 | 000,023,392 | ---- | M | MD5 = 6CE60565A76F2E816B0F688CD2DAA6E8] (Microsoft Corporation)
{E7339A62-0E31-4A5E-BA3D-F2FEDFBF8BE5} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Portal\PortalConnectCore.dll [PersonalSite Class] -> [2007/09/06 14:50:34 | 000,485,232 | ---- | M | MD5 = 76566D011872BA8833F73C24CC13A844] ()
{FF4E22ED-17D0-4D43-AD6F-E53D11FA3C61} [HKLM] -> C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll [Google Update Plugin] -> [2010/03/17 14:21:19 | 000,220,656 | ---- | M | MD5 = 94E2DDC3BD6C6AA620FD83B2AE87AA9F] (Google Inc.)
< Ext (Settings) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\ ->
{754FF233-5D4E-11D2-875B-00A0C93C09B3} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{B1549E58-3894-11D2-BB7F-00A0C999C4C1} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{BDD307C3-7BC0-4542-9F8F-A9611FE6C1BF} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{C533ADF1-0C80-11D1-8C54-00A02468F316} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Ext (Stats) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\ ->
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{0468C085-CA5B-11D0-AF08-00609797F0E0} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OUTLCTL.DLL [Outlook Today's Data-binding control] -> [2009/08/17 22:54:46 | 000,136,520 | ---- | M | MD5 = 190E048C0C70B09EB290699186CAAEDC] ()
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/22 21:08:42 | 000,062,080 | ---- | M | MD5 = C11F6A1F61481E24BE3FDC06EA6F7D2A] (Adobe Systems Incorporated)
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Error: Key error. [Reg Error: Value error.] -> File not found
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> C:\WINDOWS\system32\Adobe\Director\swdir.dll [Shockwave ActiveX Control] -> [2008/08/06 13:30:48 | 000,202,168 | ---- | M | MD5 = B8153BAD2E56C50B147867FA9DAEB095] (Adobe Systems, Inc.)
{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{2670000A-7350-4F3C-8081-5663EE0C6C49} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx [DHTML Edit Control Safe for scripting for IE5] -> [2009/07/27 15:27:12 | 000,128,512 | ---- | M | MD5 = AB2618C157C8D7BC89BA3402C6E52638] (Microsoft Corporation)
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} [HKLM] -> C:\WINDOWS\opuc.dll [Office Update Installation Engine] -> [2008/08/25 11:31:30 | 000,524,288 | ---- | M | MD5 = 79EC4757B46531DDC3E972B7708E5225] (Microsoft Corporation)
{4063BE15-3B08-470D-A0D5-B37161CFFD69} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2009/05/26 15:18:52 | 000,779,568 | ---- | M | MD5 = 119F55DAE2859632F2DD950031CD0A3B] (Apple Inc.)
{4E430174-1673-4FF3-BF28-A3B37F6573E7} [HKLM] -> C:\Program Files\Windows Desktop Search\wdsShell.dll [Windows Desktop Search Combo Control] -> [2007/02/05 12:40:00 | 000,761,856 | ---- | M | MD5 = 513745BE8215C45C293A330FF27C45D8] (Microsoft Corporation)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\apps\Java\jre5\bin\ssv.dll [SSVHelper Class] -> [2009/05/04 15:32:15 | 000,452,088 | ---- | M | MD5 = 7AD0691534D1827CECEC22FD6018E227] (Sun Microsystems, Inc.)
{8100D56A-5661-482C-BEE8-AFECE305D968} [HKLM] -> C:\WINDOWS\Downloaded Program Files\PhotoUploader55.ocx [Facebook Photo Uploader 5 Control] -> [2009/07/29 22:21:24 | 003,540,488 | ---- | M | MD5 = B36353934BB8B0E7CC8557AC5143EF41] ()
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> C:\apps\Java\jre5\bin\NPJPI150_19.dll [Java Plug-in 1.5.0_19] -> [2009/05/04 15:32:16 | 000,075,272 | ---- | M | MD5 = 694C8A11935358AD76C285F27B348F21] (Sun Microsystems, Inc.)
{9203C2CB-1DC1-482D-967E-597AFF270F0D} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint OpenDocuments Class] -> [2007/08/28 20:49:52 | 000,143,760 | ---- | M | MD5 = 0BBEDE8B3549A85662B513A692D634D1] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{AA58ED58-01DD-4D91-8333-CF10577473F7} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{BDEADEF5-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Stssync Handler] -> [2007/08/28 20:49:52 | 000,143,760 | ---- | M | MD5 = 0BBEDE8B3549A85662B513A692D634D1] (Microsoft Corporation)
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CA8A9780-280D-11CF-A24D-444553540000} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll [Adobe PDF Reader] -> [2007/05/10 20:26:40 | 000,632,432 | ---- | M | MD5 = 97E41D0A84A5318A970F41A8058D9529] (Adobe Systems, Inc.)
{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA} [HKLM] -> C:\apps\Java\jre5\bin\NPJPI150_19.dll [Java Plug-in 1.5.0_19] -> [2009/05/04 15:32:16 | 000,075,272 | ---- | M | MD5 = 694C8A11935358AD76C285F27B348F21] (Sun Microsystems, Inc.)
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx [Shockwave Flash Object] -> [2010/01/26 17:58:36 | 003,981,080 | R--- | M | Unable to obtain MD5] (Adobe Systems, Inc.)
{DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} [HKLM] -> C:\Program Files\QuickTime\QTSystem\QuickTimeCheck.ocx [QuickTimeCheck Class] -> [2009/05/26 15:18:52 | 000,116,016 | ---- | M | MD5 = 720A898D07E8BEF59303596E6186F4F8] (Apple Inc.)
{E0A900DF-9611-4446-86BD-4B1D47E7DB2A} [HKLM] -> C:\Program Files\Google\Chrome Frame\Application\5.0.366.0\npchrome_frame.dll [Chrome Frame] -> [2010/03/31 09:28:05 | 001,213,424 | ---- | M | MD5 = 7130CF5337EFC8C917FE7D53EA386C02] (@COMPANY_FULLNAME@)
{E18FEC31-2EA1-49A2-A7A6-902DC0D1FF05} [HKLM] -> C:\Program Files\Microsoft Office\Office12\NAME.DLL [NameCtrl Class] -> [2007/08/24 00:37:50 | 000,068,464 | ---- | M | MD5 = 1C7A4288196FE72EF9AB885CF047C67C] (Microsoft Corporation)
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gp.ocx [get_atlcom Class] -> [2009/09/03 08:52:32 | 000,046,976 | ---- | M | MD5 = 6D6A557967FFFC489292B0828FEA5EF1] ()
{E2E2DD38-D088-4134-82B7-F2BA38496583} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} [HKLM] -> C:\Program Files\Google\Chrome Frame\Application\5.0.366.0\npchrome_frame.dll [ChromeFrame BHO] -> [2010/03/31 09:28:05 | 001,213,424 | ---- | M | MD5 = 7130CF5337EFC8C917FE7D53EA386C02] (@COMPANY_FULLNAME@)
{FB5F1910-F110-11D2-BB9E-00C04F795683} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 ->  -> File not found
Ias -> C:\WINDOWS\system32\ias -> [2006/04/28 07:39:45 | 000,000,000 | ---D | M]
Iprip ->  -> File not found
Irmon ->  -> File not found
NWCWorkstation ->  -> File not found
Nwsapagent ->  -> File not found
WmdmPmSp ->  -> File not found
*MultiFile Done* -> ->
< SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ ->
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
Primary disk -> Driver Group
SCSI Class -> Driver Group
sermouse.sys -> Driver
System Bus Extender -> Driver Group
vga.sys -> Driver
< SafeBoot-Network Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ ->
{1a3e09be-1e45-494b-9174-d7385b45bbf5} -> Reg Error: Value error.
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E972-E325-11CE-BFC1-08002BE10318} -> Net
{4D36E973-E325-11CE-BFC1-08002BE10318} -> NetClient
{4D36E974-E325-11CE-BFC1-08002BE10318} -> NetService
{4D36E975-E325-11CE-BFC1-08002BE10318} -> NetTrans
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
NDIS Wrapper -> Driver Group
NetBIOSGroup -> Driver Group
NetDDEGroup -> Driver Group
Network -> Driver Group
NetworkProvider -> Driver Group
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
PNP_TDI -> Driver Group
Primary disk -> Driver Group
SCSI Class -> Driver Group
sermouse.sys -> Driver
Streams Drivers -> Driver Group
System Bus Extender -> Driver Group
TDI -> Driver Group
vga.sys -> Driver
 
[Files/Folders - Created Within 90 Days]
 OTS.exe -> C:\Documents and Settings\price\Desktop\OTS.exe -> [2010/04/08 17:37:58 | 000,638,976 | ---- | C | MD5 = 0699456F9835951BCB3304564244386F] (OldTimer Tools)
 avG -> C:\Documents and Settings\price\Local Settings\Application Data\avG -> [2010/04/07 19:34:09 | 000,000,000 | ---D | C]
 Adobe -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe -> [2010/04/06 07:16:07 | 000,000,000 | ---D | M]
 Adobe -> C:\Documents and Settings\NetworkService\Application Data\Adobe -> [2010/04/06 07:16:07 | 000,000,000 | ---D | M]
 usbccgp.sys -> C:\WINDOWS\System32\dllcache\usbccgp.sys -> [2010/04/06 07:07:26 | 000,032,128 | ---- | C | MD5 = 173F317CE0DB8E21322E71B7E60A27E8] (Microsoft Corporation)
 Sun -> C:\Documents and Settings\NetworkService\Application Data\Sun -> [2010/04/05 19:38:05 | 000,000,000 | ---D | M]
 Microsoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2010/04/05 19:15:28 | 000,000,000 | ---D | M]
 Macromedia -> C:\Documents and Settings\NetworkService\Application Data\Macromedia -> [2010/04/05 18:28:23 | 000,000,000 | ---D | M]
 Minidump -> C:\WINDOWS\Minidump -> [2010/03/23 07:19:38 | 000,000,000 | ---D | C]
 csrsrv.dll -> C:\WINDOWS\System32\dllcache\csrsrv.dll -> [2010/03/19 10:52:21 | 000,033,280 | ---- | C | MD5 = 51C5B2BC37AE9EC5FED75B4AEEE04B18] (Microsoft Corporation)
 shlwapi.dll -> C:\WINDOWS\System32\dllcache\shlwapi.dll -> [2010/03/19 10:52:19 | 000,474,112 | ---- | C | MD5 = C448A248B743F5FB935C787A5D97268B] (Microsoft Corporation)
 mspaint.exe -> C:\WINDOWS\System32\dllcache\mspaint.exe -> [2010/03/19 10:52:14 | 000,343,040 | ---- | C | MD5 = A68DA24239C7BA6C424E1AEAE7AA3E7A] (Microsoft Corporation)
 Apple Computer -> C:\Documents and Settings\price\Application Data\Apple Computer -> [2010/02/25 22:14:04 | 000,000,000 | ---D | C]
 Sun -> C:\WINDOWS\Sun -> [2010/02/17 18:33:06 | 000,000,000 | ---D | C]
 Sun -> C:\Documents and Settings\price\Application Data\Sun -> [2010/02/17 18:33:05 | 000,000,000 | ---D | C]
 D3DX81ab.dll -> C:\WINDOWS\System32\D3DX81ab.dll -> [2010/02/10 22:10:53 | 000,679,936 | ---- | C | MD5 = 5F14603DBE2908E5D2E3DF15248355BB] (Generated by JEDI)
 Temp -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp -> [2010/02/09 19:30:22 | 000,000,000 | ---D | M]
 Temp -> C:\Documents and Settings\price\My Documents\Temp -> [2010/02/02 18:26:44 | 000,000,000 | ---D | C]
 SapWorkDir -> C:\Documents and Settings\price\SapWorkDir -> [2010/01/29 08:16:46 | 000,000,000 | ---D | C]
 apps -> C:\apps -> [2010/01/26 22:14:39 | 000,000,000 | ---D | C]
 Java -> C:\Program Files\Common Files\Java -> [2010/01/26 22:14:37 | 000,000,000 | ---D | C]
 Sun -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Sun -> [2010/01/26 22:13:42 | 000,000,000 | ---D | M]
 winrm -> C:\WINDOWS\System32\winrm -> [2010/01/10 18:13:05 | 000,000,000 | ---D | C]
 WindowsPowerShell -> C:\WINDOWS\System32\WindowsPowerShell -> [2010/01/10 18:13:05 | 000,000,000 | ---D | C]
 $968930Uinstall_KB968930$ -> C:\WINDOWS\$968930Uinstall_KB968930$ -> [2010/01/10 18:13:01 | 000,000,000 | -H-D | C]
 VMM.sys -> C:\WINDOWS\System32\drivers\VMM.sys -> [2010/01/10 18:10:57 | 000,229,208 | ---- | C | MD5 = E41FEF9E3056FE88C71E411F705BE41E] (Microsoft Corporation)
 rktools.exe -> C:\WINDOWS\System32\rktools.exe -> [2010/01/09 01:28:10 | 012,337,752 | ---- | C | MD5 = A623A99D60F8D34D9FBE089BB64368F2] (Microsoft Corporation)
 Google -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google -> [2009/12/02 23:09:00 | 000,000,000 | ---D | M]
 Google -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Google -> [2009/12/02 23:05:06 | 000,000,000 | ---D | M]
 Macromedia -> C:\Documents and Settings\LocalService\Application Data\Macromedia -> [2009/11/17 19:56:07 | 000,000,000 | ---D | M]
 Adobe -> C:\Documents and Settings\LocalService\Application Data\Adobe -> [2009/11/17 19:53:54 | 000,000,000 | ---D | M]
 Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2009/10/07 06:23:27 | 000,000,000 | --SD | M]
 Adobe -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe -> [2009/09/02 08:26:42 | 000,000,000 | ---D | M]
 WinBatch -> C:\Documents and Settings\LocalService\Application Data\WinBatch -> [2009/09/02 07:45:26 | 000,000,000 | ---D | M]
 Microsoft -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2009/08/06 08:34:45 | 000,000,000 | ---D | M]
 Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2006/04/28 07:44:04 | 000,000,000 | --SD | M]
 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
 
[Files/Folders - Modified Within 90 Days]
 olV3RohQ -> C:\Documents and Settings\price\Local Settings\Application Data\olV3RohQ -> [2010/04/08 17:46:03 | 000,011,962 | -HS- | M | MD5 = 7A0589A43661C73EEB77D5456D9D72D3] ()
 olV3RohQ -> C:\Documents and Settings\All Users\Application Data\olV3RohQ -> [2010/04/08 17:46:03 | 000,011,962 | -HS- | M | MD5 = 7A0589A43661C73EEB77D5456D9D72D3] ()
 OTS.exe -> C:\Documents and Settings\price\Desktop\OTS.exe -> [2010/04/08 17:37:41 | 000,638,976 | ---- | M | MD5 = 0699456F9835951BCB3304564244386F] (OldTimer Tools)
 nvModes.001 -> C:\WINDOWS\System32\nvModes.001 -> [2010/04/08 17:32:30 | 000,043,876 | ---- | M | MD5 = 49CC495C20408CDD3217FDF3B94CECB8] ()
 GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2010/04/07 23:26:15 | 000,000,884 | ---- | M | MD5 = D834DC96CF6141D1BD0E3D0878AC0B9F] ()
 506037238 -> C:\Documents and Settings\price\Local Settings\Application Data\506037238 -> [2010/04/07 19:34:29 | 000,011,882 | -HS- | M | MD5 = 71969CAECBEB058A6AFA7A7A29311FF1] ()
 506037238 -> C:\Documents and Settings\All Users\Application Data\506037238 -> [2010/04/07 19:34:29 | 000,011,882 | -HS- | M | MD5 = 71969CAECBEB058A6AFA7A7A29311FF1] ()
 4133361706 -> C:\Documents and Settings\All Users\Application Data\4133361706 -> [2010/04/07 19:34:22 | 000,011,894 | -HS- | M | MD5 = 2C62365EDA4FA7341185B3CC85297568] ()
 4133361706 -> C:\Documents and Settings\price\Local Settings\Application Data\4133361706 -> [2010/04/07 19:34:22 | 000,011,882 | -HS- | M | MD5 = 2D07F5F0F6E15776D95316CAEBF7A067] ()
 av.exe -> C:\Documents and Settings\All Users\Application Data\av.exe -> [2010/04/07 19:34:14 | 000,195,072 | -HS- | M | MD5 = 0F296421F90F3E5E4848A479D02FFF0B] ()
 ave.exe -> C:\Documents and Settings\All Users\Application Data\ave.exe -> [2010/04/07 19:34:13 | 000,195,072 | -HS- | M | MD5 = 0F296421F90F3E5E4848A479D02FFF0B] ()
 vma.exe -> C:\Documents and Settings\price\Local Settings\Application Data\vma.exe -> [2010/04/07 19:34:08 | 000,195,072 | -HS- | M | MD5 = 0F296421F90F3E5E4848A479D02FFF0B] ()
 av.exe -> C:\Documents and Settings\price\Local Settings\Application Data\av.exe -> [2010/04/07 19:34:07 | 000,195,072 | -HS- | M | MD5 = 0F296421F90F3E5E4848A479D02FFF0B] ()
 MSASCui.exe -> C:\Documents and Settings\price\Local Settings\Application Data\MSASCui.exe -> [2010/04/07 19:34:06 | 000,195,072 | -HS- | M | MD5 = 0F296421F90F3E5E4848A479D02FFF0B] ()
 ave.exe -> C:\Documents and Settings\price\Local Settings\Application Data\ave.exe -> [2010/04/07 19:34:06 | 000,195,072 | -HS- | M | MD5 = 0F296421F90F3E5E4848A479D02FFF0B] ()
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/04/07 19:33:22 | 000,002,206 | ---- | M | MD5 = 5667DB33CF4FFFAD86ACDAA1871887E7] ()
 GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2010/04/07 19:33:19 | 000,000,880 | ---- | M | MD5 = 102FA9E2E4CF9CED3F9F8148EAE1CE4E] ()
 SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/04/07 19:32:49 | 000,000,006 | -H-- | M | MD5 = F1A6CD5ADAAB953A6764EA364E17BFB8] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/04/07 19:32:46 | 000,002,048 | --S- | M | MD5 = 6A2CB42966136854F4464516FBB4AE72] ()
 stt_inv_report_24.job -> C:\WINDOWS\tasks\stt_inv_report_24.job -> [2010/04/07 12:33:12 | 000,000,318 | ---- | M | MD5 = 1D538F8977C2569BC64C1B7994F6C52C] ()
 d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2010/04/06 07:16:17 | 000,001,324 | ---- | M | MD5 = 7DE457E14058B0E44F67338AFDA0880A] ()
 d3d8caps.dat -> C:\WINDOWS\System32\d3d8caps.dat -> [2010/04/06 07:16:17 | 000,000,552 | ---- | M | MD5 = 746791940330D3CA7218B8B4202D6527] ()
 NTUSER.DAT -> C:\Documents and Settings\price\NTUSER.DAT -> [2010/04/02 12:30:37 | 004,718,592 | -H-- | M | Unable to obtain MD5] ()
 cfgall.ini -> C:\WINDOWS\cfgall.ini -> [2010/03/23 07:17:35 | 000,019,145 | ---- | M | MD5 = ECFCE14738A50FA772E2E9508149F18D] ()
 nvModes.dat -> C:\WINDOWS\System32\nvModes.dat -> [2010/03/21 10:33:37 | 000,043,876 | ---- | M | MD5 = 49CC495C20408CDD3217FDF3B94CECB8] ()


Last edited by stevo90277 on Sat Apr 10, 2010 5:02 pm; edited 1 time in total

stevo90277
Novice
Novice

Status :
Online
Offline

Posts : 23
Joined : 2009-10-23
OS : Windows XP

View user profile

Back to top Go down

Re: I caught a virus, goes by av.exe in the TM

Post by stevo90277 on Sat Apr 10, 2010 5:58 am

Code:

imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010/03/20 16:46:09 | 000,001,809 | ---- | M | MD5 = B4AE4CA225E92C3D56CFE40ED5D338DF] ()
 JK order form.xls -> C:\Documents and Settings\price\Desktop\JK order form.xls -> [2010/03/09 18:00:18 | 000,189,952 | ---- | M | MD5 = EECA0CFCEEDCB9F0FA19F63BCD25572D] ()
 JK_Summary_Order_Form_03_01_10_revised format.xls -> C:\Documents and Settings\price\Desktop\JK_Summary_Order_Form_03_01_10_revised format.xls -> [2010/03/09 17:44:25 | 000,148,480 | ---- | M | MD5 = B2C5A1519EC87F549DE62F42A7E5E948] ()
 rebate -> C:\Documents and Settings\price\Desktop\rebate -> [2010/03/08 17:41:50 | 000,175,838 | ---- | M | MD5 = BB51038D94F498DD04D8A03EF96906EC] ()
 CooperVision Rebates.docx -> C:\Documents and Settings\price\My Documents\CooperVision Rebates.docx -> [2010/03/08 17:09:53 | 000,034,004 | ---- | M | MD5 = 67EC7F67205409C3A8F813AD28C180D3] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\price\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/03/08 15:43:03 | 000,036,864 | ---- | M | MD5 = 795AF636BED03DB3578F54C6AB02D871] ()
 SttService.exe -> C:\WINDOWS\SttService.exe -> [2010/03/04 11:36:15 | 000,042,043 | ---- | M | MD5 = 8AD315D73A339D13260E2B43BD6BB41D] ()
 DTC_QuestLab_Instructions.pdf -> C:\Documents and Settings\price\Desktop\DTC_QuestLab_Instructions.pdf -> [2010/02/12 19:38:48 | 000,022,568 | ---- | M | MD5 = 8F57D1FFAA77D02D56E1D4DAC6E89F0D] ()
 Requisition-FeJa6Yw9Xu.pdf -> C:\Documents and Settings\price\Desktop\Requisition-FeJa6Yw9Xu.pdf -> [2010/02/12 19:38:39 | 000,031,124 | ---- | M | MD5 = 446304F002C344705712A4562828916D] ()
 IconCache.db -> C:\Documents and Settings\price\Local Settings\Application Data\IconCache.db -> [2010/02/07 20:49:29 | 005,334,966 | -H-- | M | MD5 = 6A52159C7EC14C5B1D7DB76E8074F663] ()
 Tc RA Use Cases.docx -> C:\Documents and Settings\price\My Documents\Tc RA Use Cases.docx -> [2010/02/01 14:56:57 | 000,011,824 | ---- | M | MD5 = B20BD6546861F7812DE5FDE3509A6D07] ()
 Teamcenter Application Sharing.lnk -> C:\Documents and Settings\All Users\Desktop\Teamcenter Application Sharing.lnk -> [2010/01/12 23:54:19 | 000,001,772 | ---- | M | MD5 = FEC58F11B7DA8934BACA72167CB83B8A] ()
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010/01/10 18:21:58 | 000,271,784 | ---- | M | MD5 = 56395B71532C384C9CB91FEE83007E91] ()
 VMM.sys -> C:\WINDOWS\System32\drivers\VMM.sys -> [2010/01/10 18:10:57 | 000,229,208 | ---- | M | MD5 = E41FEF9E3056FE88C71E411F705BE41E] (Microsoft Corporation)
 rktools.exe -> C:\WINDOWS\System32\rktools.exe -> [2010/01/09 01:28:10 | 012,337,752 | ---- | M | MD5 = A623A99D60F8D34D9FBE089BB64368F2] (Microsoft Corporation)
 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
 31 C:\Documents and Settings\price\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\price\Local Settings\Temp\*.tmp ->
 31 C:\Documents and Settings\price\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\price\Local Settings\Temp\*.tmp ->
 31 C:\Documents and Settings\price\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\price\Local Settings\Temp\*.tmp ->
 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
 2 C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\*.tmp files -> C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\*.tmp ->
 11 C:\Documents and Settings\price\Local Settings\Temp\Google Toolbar\*.tmp files -> C:\Documents and Settings\price\Local Settings\Temp\Google Toolbar\*.tmp ->
 
[Files - No Company Name]
 av.exe -> C:\Documents and Settings\All Users\Application Data\av.exe -> [2010/04/07 19:34:14 | 000,195,072 | -HS- | C | MD5 = 0F296421F90F3E5E4848A479D02FFF0B] ()
 ave.exe -> C:\Documents and Settings\All Users\Application Data\ave.exe -> [2010/04/07 19:34:13 | 000,195,072 | -HS- | C | MD5 = 0F296421F90F3E5E4848A479D02FFF0B] ()
 4133361706 -> C:\Documents and Settings\price\Local Settings\Application Data\4133361706 -> [2010/04/07 19:34:10 | 000,011,882 | -HS- | C | MD5 = 2D07F5F0F6E15776D95316CAEBF7A067] ()
 vma.exe -> C:\Documents and Settings\price\Local Settings\Application Data\vma.exe -> [2010/04/07 19:34:08 | 000,195,072 | -HS- | C | MD5 = 0F296421F90F3E5E4848A479D02FFF0B] ()
 MSASCui.exe -> C:\Documents and Settings\price\Local Settings\Application Data\MSASCui.exe -> [2010/04/07 19:34:06 | 000,195,072 | -HS- | C | MD5 = 0F296421F90F3E5E4848A479D02FFF0B] ()
 ave.exe -> C:\Documents and Settings\LocalService\Local Settings\Application Data\ave.exe -> [2010/04/07 19:32:57 | 000,195,072 | -HS- | C | MD5 = 0F296421F90F3E5E4848A479D02FFF0B] ()
 olV3RohQ -> C:\Documents and Settings\LocalService\Local Settings\Application Data\olV3RohQ -> [2010/04/07 19:32:57 | 000,011,934 | -HS- | C | MD5 = 0706BA20A8626AFE07B1B0F608C0B355] ()
 av.exe -> C:\Documents and Settings\price\Local Settings\Application Data\av.exe -> [2010/04/07 18:28:26 | 000,195,072 | -HS- | C | MD5 = 0F296421F90F3E5E4848A479D02FFF0B] ()
 4133361706 -> C:\Documents and Settings\All Users\Application Data\4133361706 -> [2010/04/07 18:28:26 | 000,011,894 | -HS- | C | MD5 = 2C62365EDA4FA7341185B3CC85297568] ()
 506037238 -> C:\Documents and Settings\price\Local Settings\Application Data\506037238 -> [2010/04/07 18:28:26 | 000,011,882 | -HS- | C | MD5 = 71969CAECBEB058A6AFA7A7A29311FF1] ()
 ave.exe -> C:\Documents and Settings\price\Local Settings\Application Data\ave.exe -> [2010/04/07 18:26:57 | 000,195,072 | -HS- | C | MD5 = 0F296421F90F3E5E4848A479D02FFF0B] ()
 olV3RohQ -> C:\Documents and Settings\price\Local Settings\Application Data\olV3RohQ -> [2010/04/07 18:26:57 | 000,011,962 | -HS- | C | MD5 = 7A0589A43661C73EEB77D5456D9D72D3] ()
 506037238 -> C:\Documents and Settings\All Users\Application Data\506037238 -> [2010/04/07 18:26:57 | 000,011,882 | -HS- | C | MD5 = 71969CAECBEB058A6AFA7A7A29311FF1] ()
 olV3RohQ -> C:\Documents and Settings\All Users\Application Data\olV3RohQ -> [2010/04/07 08:23:45 | 000,011,962 | -HS- | C | MD5 = 7A0589A43661C73EEB77D5456D9D72D3] ()
 olV3RohQ -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\olV3RohQ -> [2010/04/07 08:23:45 | 000,011,942 | -HS- | C | MD5 = 0E94EBF6C375E4CB0F664EB6A4989627] ()
 d3d8caps.dat -> C:\WINDOWS\System32\d3d8caps.dat -> [2010/04/06 07:16:17 | 000,000,552 | ---- | C | MD5 = 746791940330D3CA7218B8B4202D6527] ()
 JK order form.xls -> C:\Documents and Settings\price\Desktop\JK order form.xls -> [2010/03/09 18:00:16 | 000,189,952 | ---- | C | MD5 = EECA0CFCEEDCB9F0FA19F63BCD25572D] ()
 JK_Summary_Order_Form_03_01_10_revised format.xls -> C:\Documents and Settings\price\Desktop\JK_Summary_Order_Form_03_01_10_revised format.xls -> [2010/03/09 17:44:25 | 000,148,480 | ---- | C | MD5 = B2C5A1519EC87F549DE62F42A7E5E948] ()
 rebate -> C:\Documents and Settings\price\Desktop\rebate -> [2010/03/08 17:41:50 | 000,175,838 | ---- | C | MD5 = BB51038D94F498DD04D8A03EF96906EC] ()
 CooperVision Rebates.docx -> C:\Documents and Settings\price\My Documents\CooperVision Rebates.docx -> [2010/03/08 17:09:52 | 000,034,004 | ---- | C | MD5 = 67EC7F67205409C3A8F813AD28C180D3] ()
 DTC_QuestLab_Instructions.pdf -> C:\Documents and Settings\price\Desktop\DTC_QuestLab_Instructions.pdf -> [2010/02/12 19:38:49 | 000,022,568 | ---- | C | MD5 = 8F57D1FFAA77D02D56E1D4DAC6E89F0D] ()
 Requisition-FeJa6Yw9Xu.pdf -> C:\Documents and Settings\price\Desktop\Requisition-FeJa6Yw9Xu.pdf -> [2010/02/12 19:38:42 | 000,031,124 | ---- | C | MD5 = 446304F002C344705712A4562828916D] ()
 d3dx9.dll -> C:\WINDOWS\System32\d3dx9.dll -> [2010/02/10 22:10:53 | 001,970,176 | ---- | C | MD5 = B17FA8B31D403FAFF9143C5BD2F4646E] ()
 Tc RA Use Cases.docx -> C:\Documents and Settings\price\My Documents\Tc RA Use Cases.docx -> [2010/02/01 14:56:57 | 000,011,824 | ---- | C | MD5 = B20BD6546861F7812DE5FDE3509A6D07] ()
 Teamcenter Application Sharing.lnk -> C:\Documents and Settings\All Users\Desktop\Teamcenter Application Sharing.lnk -> [2010/01/12 23:54:19 | 000,001,772 | ---- | C | MD5 = FEC58F11B7DA8934BACA72167CB83B8A] ()
 frontpg.ini -> C:\WINDOWS\frontpg.ini -> [2009/07/28 09:37:44 | 000,000,000 | ---- | C | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
 smtpctrs.ini -> C:\WINDOWS\System32\smtpctrs.ini -> [2009/07/28 09:36:58 | 000,021,791 | ---- | C | MD5 = 005502CA34BBB1A0F9527454B8DF296C] ()
 ntfsdrct.ini -> C:\WINDOWS\System32\ntfsdrct.ini -> [2009/07/28 09:36:58 | 000,001,037 | ---- | C | MD5 = 0A915C8CAB902F6AC14ACFD0B8440439] ()
 w3ctrs.ini -> C:\WINDOWS\System32\w3ctrs.ini -> [2009/07/28 09:36:47 | 000,038,576 | ---- | C | MD5 = 786AEED8EF25B66E475E3DA5395B397C] ()
 axperf.ini -> C:\WINDOWS\System32\axperf.ini -> [2009/07/28 09:36:47 | 000,010,225 | ---- | C | MD5 = 8B402325C008C87FDB77B62C84D48244] ()
 infoctrs.ini -> C:\WINDOWS\System32\infoctrs.ini -> [2009/07/28 09:36:46 | 000,011,435 | ---- | C | MD5 = 9BA3DDB890E634C725AD0CE238D3C4CD] ()
 mv614x.sys -> C:\WINDOWS\System32\drivers\mv614x.sys -> [2008/09/15 10:12:20 | 000,034,432 | ---- | C | MD5 = 6EB1D27590D4BC040F105D2BF35A6C4F] ()
 h5krnl32.dll -> C:\WINDOWS\System32\h5krnl32.dll -> [2008/09/11 11:05:32 | 001,064,960 | ---- | C | MD5 = 886B0DFB2EE93FC9F2D11B285ED7DC89] ()
 h5icon32.dll -> C:\WINDOWS\System32\h5icon32.dll -> [2008/09/11 11:05:32 | 000,188,928 | ---- | C | MD5 = 21B9DD56BB08C4E13E1ADD94E1972940] ()
 h5menu32.dll -> C:\WINDOWS\System32\h5menu32.dll -> [2008/09/11 11:05:32 | 000,175,616 | ---- | C | MD5 = A0BA2E557D8E11610D66AE3AEE062C64] ()
 h5rtf32.dll -> C:\WINDOWS\System32\h5rtf32.dll -> [2008/09/11 11:05:32 | 000,095,744 | ---- | C | MD5 = 55F65C7107E39F0F4EFE5365AD197A2D] ()
 h5tool32.dll -> C:\WINDOWS\System32\h5tool32.dll -> [2008/09/11 11:05:32 | 000,051,200 | ---- | C | MD5 = AD9D9E27AA0680E44483CDA68E63CDD9] ()
 wwwbatch.ini -> C:\WINDOWS\wwwbatch.ini -> [2008/09/11 06:03:59 | 000,000,074 | ---- | C | MD5 = 13E7D49825117AD132C36BF26F0A6E64] ()
 init.ini -> C:\WINDOWS\init.ini -> [2008/06/28 22:49:13 | 000,000,082 | ---- | C | MD5 = A50ACCDE02783EE436631AC164D74F99] ()
 wininit.ini -> C:\WINDOWS\wininit.ini -> [2008/06/28 22:41:07 | 000,000,234 | ---- | C | MD5 = 4E4D5CAC9736A879908293E7B0AAAD7A] ()
 nvwdmcpl.dll -> C:\WINDOWS\System32\nvwdmcpl.dll -> [2008/06/28 22:16:54 | 001,703,936 | ---- | C | MD5 = 0D014CD9C90318E7CE9E309D647C2AF0] ()
 nvwimg.dll -> C:\WINDOWS\System32\nvwimg.dll -> [2008/06/28 22:16:54 | 001,019,904 | ---- | C | MD5 = 77E63187F756AED71E7AAF6C51829B4A] ()
 nvshell.dll -> C:\WINDOWS\System32\nvshell.dll -> [2008/06/28 22:16:52 | 000,466,944 | ---- | C | MD5 = C03FDD3279404D94BF88C1ABD3DB997F] ()
 nview.dll -> C:\WINDOWS\System32\nview.dll -> [2008/06/28 22:16:50 | 001,474,560 | ---- | C | MD5 = FD23AD825421DB66FD8A6AEC24581FC5] ()
 libavcodec.dll -> C:\WINDOWS\System32\libavcodec.dll -> [2008/05/26 13:33:08 | 003,607,040 | ---- | C | MD5 = 13E3F433996CB58E903F1B246689F779] ()
 audxlib.dll -> C:\WINDOWS\System32\audxlib.dll -> [2008/05/26 13:33:08 | 000,741,376 | ---- | C | MD5 = 5E05CEED4076B033453B514792F0BF79] ()
 ff_x264.dll -> C:\WINDOWS\System32\ff_x264.dll -> [2008/05/26 13:33:08 | 000,692,224 | ---- | C | MD5 = 1D3F07B2069BC088587C4D5C37203713] ()
 libmplayer.dll -> C:\WINDOWS\System32\libmplayer.dll -> [2008/05/26 13:33:08 | 000,455,680 | ---- | C | MD5 = 657FCBC9C2EC9CFF241FEF7F99F826FB] ()
 TomsMoComp_ff.dll -> C:\WINDOWS\System32\TomsMoComp_ff.dll -> [2008/05/26 13:33:08 | 000,204,800 | ---- | C | MD5 = B427CF9307F4F6EB626C9C7B4B99FD47] ()
 ff_kernelDeint.dll -> C:\WINDOWS\System32\ff_kernelDeint.dll -> [2008/05/26 13:33:08 | 000,204,800 | ---- | C | MD5 = 78529E8B484E8E98A7D2BC20D67D8B65] ()
 ff_libdts.dll -> C:\WINDOWS\System32\ff_libdts.dll -> [2008/05/26 13:33:08 | 000,155,648 | ---- | C | MD5 = A3A0A332B4BA45DF78B88C59D85F1A9D] ()
 ff_theora.dll -> C:\WINDOWS\System32\ff_theora.dll -> [2008/05/26 13:33:08 | 000,143,360 | ---- | C | MD5 = D4DC118A7336BA4F4B40A340E972EEC9] ()
 ff_samplerate.dll -> C:\WINDOWS\System32\ff_samplerate.dll -> [2008/05/26 13:33:08 | 000,122,880 | ---- | C | MD5 = A7E230374AA02D560FAF5301BA767EDC] ()
 ff_libmad.dll -> C:\WINDOWS\System32\ff_libmad.dll -> [2008/05/26 13:33:08 | 000,118,784 | ---- | C | MD5 = 474DBAD67416FD77B83236209352E8F1] ()
 libmpeg2_ff.dll -> C:\WINDOWS\System32\libmpeg2_ff.dll -> [2008/05/26 13:33:08 | 000,114,688 | ---- | C | MD5 = 5399D032D5DF4DAB7F0A069734C43122] ()
 ff_realaac.dll -> C:\WINDOWS\System32\ff_realaac.dll -> [2008/05/26 13:33:08 | 000,097,280 | ---- | C | MD5 = 73D652AEC4784C21A8471F1E155BBB1A] ()
 ff_liba52.dll -> C:\WINDOWS\System32\ff_liba52.dll -> [2008/05/26 13:33:08 | 000,041,984 | ---- | C | MD5 = F9B47238EFFEB04B39C51C01C580ABD2] ()
 ff_unrar.dll -> C:\WINDOWS\System32\ff_unrar.dll -> [2008/05/26 13:33:08 | 000,038,400 | ---- | C | MD5 = 0B3A41AFB6D96B979EC5D709A53823B5] ()
 ff_wmv9.dll -> C:\WINDOWS\System32\ff_wmv9.dll -> [2008/05/26 13:33:08 | 000,023,552 | ---- | C | MD5 = C828CB4F9FA5E89C86378427C9A59C59] ()
 ff_vfw.dll -> C:\WINDOWS\System32\ff_vfw.dll -> [2008/05/26 13:33:08 | 000,007,680 | ---- | C | MD5 = E84DB752B6E51A0B4A48D6100453E97C] ()
 ff_vfw.dll.manifest -> C:\WINDOWS\System32\ff_vfw.dll.manifest -> [2008/05/26 13:33:08 | 000,000,547 | ---- | C | MD5 = AB90E3453839235FD759A854203B948E] ()
 dxr.dll -> C:\WINDOWS\System32\dxr.dll -> [2008/03/29 08:42:22 | 000,245,248 | ---- | C | MD5 = 55741439A4BB493BC40F28FBF83A6735] ()
 mmfinfo.dll -> C:\WINDOWS\System32\mmfinfo.dll -> [2008/03/29 08:42:20 | 000,159,744 | ---- | C | MD5 = 61452B71670D12216F288D46D0879F71] ()
 avss.dll -> C:\WINDOWS\System32\avss.dll -> [2008/03/29 08:42:14 | 000,102,400 | ---- | C | MD5 = 73C01202400D5DE365CE692644ACDE8E] ()
 mkx.dll -> C:\WINDOWS\System32\mkx.dll -> [2008/03/29 08:42:08 | 000,148,992 | ---- | C | MD5 = 32490C8E20F677996F29E0C61BCCDB94] ()
 mp4.dll -> C:\WINDOWS\System32\mp4.dll -> [2008/03/29 08:42:04 | 000,141,312 | ---- | C | MD5 = E1B7DA4D31033282593DE3A83A3D2416] ()
 avi.dll -> C:\WINDOWS\System32\avi.dll -> [2008/03/29 08:42:04 | 000,108,032 | ---- | C | MD5 = 6A7C66DCED9E0EFF08E17AA292CA45C5] ()
 ogm.dll -> C:\WINDOWS\System32\ogm.dll -> [2008/03/29 08:42:02 | 000,120,832 | ---- | C | MD5 = ECFF38B199A6DA56E010B18F9BB38D90] ()
 ts.dll -> C:\WINDOWS\System32\ts.dll -> [2008/03/29 08:42:00 | 000,163,840 | ---- | C | MD5 = 1C93E5CFAF44133D11C61AE74842E400] ()
 avs.dll -> C:\WINDOWS\System32\avs.dll -> [2008/03/29 08:41:54 | 000,097,280 | ---- | C | MD5 = C637599D68AE20AD8BDA9B952DDFF3D6] ()
 mkzlib.dll -> C:\WINDOWS\System32\mkzlib.dll -> [2008/03/29 08:41:52 | 000,079,360 | ---- | C | MD5 = E370BE10AB395EE71602EAB9D107DA6C] ()
 mkunicode.dll -> C:\WINDOWS\System32\mkunicode.dll -> [2008/03/29 08:41:52 | 000,023,552 | ---- | C | MD5 = 48A2007CFE0AC7109B049711CD8878E9] ()
 OGACheckControl.DLL -> C:\WINDOWS\System32\OGACheckControl.DLL -> [2008/02/04 15:23:10 | 000,693,792 | ---- | C | MD5 = D1346A4683E98836E2FE003859E5DC0D] ()
 Registration.ini -> C:\WINDOWS\System32\Registration.ini -> [2007/10/13 02:30:20 | 000,000,137 | ---- | C | MD5 = 19E4C08A18AEB5C9415B429BE92E072A] ()
 siecaces.dll -> C:\WINDOWS\System32\siecaces.dll -> [2007/06/04 09:41:00 | 000,311,296 | ---- | C | MD5 = 6E1F3792079A9FC2DD144CA5008A1595] ()
 gmp4_2_1.dll -> C:\WINDOWS\System32\gmp4_2_1.dll -> [2007/04/16 14:01:06 | 000,184,320 | ---- | C | MD5 = 83AF0F721659A39FAA27A04D6D69189F] ()
 siecacsp.dll -> C:\WINDOWS\System32\siecacsp.dll -> [2007/04/12 09:48:40 | 000,028,672 | ---- | C | MD5 = CE2C01622A1F8FF6C510F6220ECCD3D1] ()
 idxcntrs.ini -> C:\WINDOWS\System32\idxcntrs.ini -> [2007/01/03 08:24:36 | 000,020,698 | ---- | C | MD5 = 266B46818EBC36E23797E2C3C3118308] ()
 gsrvctr.ini -> C:\WINDOWS\System32\gsrvctr.ini -> [2007/01/03 08:22:46 | 000,030,628 | ---- | C | MD5 = 75E434ABE214E96C58F4B5617C152DD4] ()
 gthrctr.ini -> C:\WINDOWS\System32\gthrctr.ini -> [2007/01/03 08:22:14 | 000,031,698 | ---- | C | MD5 = 04C05F57312D4B5F62780F21C0DE7A31] ()
 GlobalUserInterface.CompositeFont -> C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> [2006/06/29 14:58:52 | 000,030,808 | ---- | C | MD5 = A6AFBC3436A20A7834D45CDE9D69926C] ()
 GlobalSansSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont -> [2006/06/29 14:53:56 | 000,026,489 | ---- | C | MD5 = D6B2075824BA9FAA4B37D98B13447F32] ()
 smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2006/05/15 07:31:51 | 000,000,061 | ---- | C | MD5 = C0759373CABA4620D082671DC8B0B919] ()
 vtssm32.dll -> C:\WINDOWS\System32\vtssm32.dll -> [2006/04/28 11:37:26 | 000,015,872 | ---- | C | MD5 = 0A01394CB678689633DD15A4BF7C0B85] ()
 saplogon.ini -> C:\WINDOWS\saplogon.ini -> [2006/04/28 11:32:41 | 000,004,883 | ---- | C | MD5 = 4D0B2C589B32BD71DCD7683F7724C80B] ()
 cfgall.ini -> C:\WINDOWS\cfgall.ini -> [2006/04/28 11:21:12 | 000,019,145 | ---- | C | MD5 = ECFCE14738A50FA772E2E9508149F18D] ()
 ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2006/04/28 10:58:04 | 000,000,376 | ---- | C | MD5 = EC940475561F651E8CCA80C9144191D0] ()
 Oeminfo.ini -> C:\WINDOWS\System32\Oeminfo.ini -> [2006/04/28 09:59:50 | 000,000,516 | ---- | C | MD5 = A857096C738C16EE4ED14940C6EAD514] ()
 GlobalSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSerif.CompositeFont -> [2006/04/18 15:39:28 | 000,029,779 | ---- | C | MD5 = B77AB4697B17FBBB25E41A15CC31D94E] ()
 GlobalMonospace.CompositeFont -> C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont -> [2006/04/18 15:39:28 | 000,026,040 | ---- | C | MD5 = B7F882C45E520600053327AA42FA3A4F] ()
 odFIPS.sys.icv -> C:\WINDOWS\System32\drivers\odFIPS.sys.icv -> [2006/01/23 14:19:36 | 000,000,064 | ---- | C | MD5 = 1974A8415931ECFD3A14516D6AEC42C5] ()
 
[File - Lop Check]
 Funk Software -> C:\Documents and Settings\Administrator\Application Data\Funk Software -> [2008/06/28 23:01:12 | 000,000,000 | ---D | M]
 WinBatch -> C:\Documents and Settings\Administrator\Application Data\WinBatch -> [2008/09/11 06:03:46 | 000,000,000 | ---D | M]
 Windows Desktop Search -> C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search -> [2009/08/06 08:36:15 | 000,000,000 | ---D | M]
 Amazon -> C:\Documents and Settings\All Users\Application Data\Amazon -> [2009/11/29 15:47:24 | 000,000,000 | ---D | M]
 Juniper Networks -> C:\Documents and Settings\All Users\Application Data\Juniper Networks -> [2008/06/28 22:49:15 | 000,000,000 | ---D | M]
 Uninstall -> C:\Documents and Settings\All Users\Application Data\Uninstall -> [2008/06/28 22:42:07 | 000,000,000 | ---D | M]
 WinBatch -> C:\Documents and Settings\Default User\Application Data\WinBatch -> [2008/09/11 06:03:46 | 000,000,000 | ---D | M]
 WinBatch -> C:\Documents and Settings\LocalService\Application Data\WinBatch -> [2009/09/02 07:45:26 | 000,000,000 | ---D | M]
 Funk Software -> C:\Documents and Settings\price\Application Data\Funk Software -> [2009/09/02 08:22:54 | 000,000,000 | ---D | M]
 WinBatch -> C:\Documents and Settings\price\Application Data\WinBatch -> [2008/09/11 06:03:46 | 000,000,000 | ---D | M]
 Windows Desktop Search -> C:\Documents and Settings\price\Application Data\Windows Desktop Search -> [2009/09/02 08:22:33 | 000,000,000 | ---D | M]
 Funk Software -> C:\Documents and Settings\salesadmin\Application Data\Funk Software -> [2008/06/29 20:23:44 | 000,000,000 | ---D | M]
 WinBatch -> C:\Documents and Settings\salesadmin\Application Data\WinBatch -> [2008/09/11 06:03:46 | 000,000,000 | ---D | M]
 OfficeUpdate12 -> C:\Documents and Settings\systemaccount\Application Data\OfficeUpdate12 -> [2008/09/15 08:46:05 | 000,000,000 | ---D | M]
 WinBatch -> C:\Documents and Settings\systemaccount\Application Data\WinBatch -> [2008/09/11 15:57:57 | 000,000,000 | ---D | M]
 WinBatch -> C:\Documents and Settings\zzsttadmin\Application Data\WinBatch -> [2008/09/11 06:03:46 | 000,000,000 | ---D | M]
 stt_inv_report_24.job -> C:\WINDOWS\Tasks\stt_inv_report_24.job -> [2010/04/07 12:33:12 | 000,000,318 | ---- | M | MD5 = 1D538F8977C2569BC64C1B7994F6C52C] ()
 
[File - Purity Scan]
 
[Custom Scans]
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
 2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp ->
< %systemroot%\system32\*.exe /lockedfiles >
 2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp ->
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
 default.sav -> C:\WINDOWS\system32\config\default.sav -> [2006/04/28 03:32:52 | 000,094,208 | ---- | M | MD5 = 140ED66726F54A238A6F5D647FFE97A1] ()
 software.sav -> C:\WINDOWS\system32\config\software.sav -> [2006/04/28 03:32:52 | 000,659,456 | ---- | M | MD5 = A3DDF6EA26CBC82F75028D2BB6558AFF] ()
 system.sav -> C:\WINDOWS\system32\config\system.sav -> [2006/04/28 03:32:52 | 000,868,352 | ---- | M | MD5 = 6EBB0CF3229671809F1D83B0CC91230A] ()
< %systemroot%\System32\*.sys >
 ansi.sys -> C:\WINDOWS\system32\ansi.sys -> [2004/08/04 05:00:00 | 000,009,029 | ---- | M | MD5 = 8AAD333C876590293F72B315E162BCC7] ()
 country.sys -> C:\WINDOWS\system32\country.sys -> [2004/08/04 05:00:00 | 000,027,097 | ---- | M | MD5 = 0FE9F16075C9ACB941C957B7C649176E] ()
 himem.sys -> C:\WINDOWS\system32\himem.sys -> [2004/08/04 05:00:00 | 000,004,768 | ---- | M | MD5 = E6BC0F98FECEF245A0010D350C1A0B9B] ()
 key01.sys -> C:\WINDOWS\system32\key01.sys -> [2004/08/04 05:00:00 | 000,042,809 | ---- | M | MD5 = 582BCDD47CF4B68B5CB528F18E3CB808] ()
 keyboard.sys -> C:\WINDOWS\system32\keyboard.sys -> [2004/08/04 05:00:00 | 000,042,537 | ---- | M | MD5 = FBBCFEC1379C5C02D88A361993EDF1B8] ()
 ntdos.sys -> C:\WINDOWS\system32\ntdos.sys -> [2004/08/04 05:00:00 | 000,027,866 | ---- | M | MD5 = FFFF296A08DBF2AC0126C62E3778AC0D] ()
 ntdos404.sys -> C:\WINDOWS\system32\ntdos404.sys -> [2004/08/04 05:00:00 | 000,029,146 | ---- | M | MD5 = CF9ED169FF86D935E47999E82359E898] ()
 ntdos411.sys -> C:\WINDOWS\system32\ntdos411.sys -> [2004/08/04 05:00:00 | 000,029,370 | ---- | M | MD5 = 03B945AC0481CD8BB161C3569D8ED1C3] ()
 ntdos412.sys -> C:\WINDOWS\system32\ntdos412.sys -> [2004/08/04 05:00:00 | 000,029,274 | ---- | M | MD5 = BBC957DC18C17CC027EB80B7C77F2AEA] ()
 ntdos804.sys -> C:\WINDOWS\system32\ntdos804.sys -> [2004/08/04 05:00:00 | 000,029,146 | ---- | M | MD5 = 3CFFAEFFF23B0D208214A6D3061A5B1B] ()
 ntio.sys -> C:\WINDOWS\system32\ntio.sys -> [2004/08/04 05:00:00 | 000,033,840 | ---- | M | MD5 = 4FE09F868CE65B334B42862C372C69CC] ()
 ntio404.sys -> C:\WINDOWS\system32\ntio404.sys -> [2004/08/04 05:00:00 | 000,034,560 | ---- | M | MD5 = 6F73F50162DEF60C84B725C18CD9140F] ()
 ntio411.sys -> C:\WINDOWS\system32\ntio411.sys -> [2004/08/04 05:00:00 | 000,035,648 | ---- | M | MD5 = 0FDD5E69C1FF3B58043D44F2CC743D45] ()
 ntio412.sys -> C:\WINDOWS\system32\ntio412.sys -> [2004/08/04 05:00:00 | 000,035,424 | ---- | M | MD5 = 8842837C4D8311BF8E72BEE8CCC42217] ()
 ntio804.sys -> C:\WINDOWS\system32\ntio804.sys -> [2004/08/04 05:00:00 | 000,034,560 | ---- | M | MD5 = 6B56CEB3C6F9D5CD7293DBD9FE23B311] ()
 watchdog.sys -> C:\WINDOWS\system32\watchdog.sys -> [2008/04/13 11:44:59 | 000,017,664 | ---- | M | MD5 = 9A10AACBFDC4922715375FB4065EC930] (Microsoft Corporation)
 win32k.sys -> C:\WINDOWS\system32\win32k.sys -> [2009/08/14 06:21:25 | 001,850,624 | ---- | M | MD5 = 716ED09D8D9A9E1E4A03549B32B68186] (Microsoft Corporation)
 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
< %systemroot%\System32\drivers\*.dll >
 adv01nt5.dll -> C:\WINDOWS\system32\drivers\adv01nt5.dll -> [2008/04/13 17:11:48 | 000,004,255 | ---- | M | MD5 = 1A7DDD37DEB481A9C25BBE705D63966B] (Intel(R) Corporation)
 adv02nt5.dll -> C:\WINDOWS\system32\drivers\adv02nt5.dll -> [2008/04/13 17:11:48 | 000,003,967 | ---- | M | MD5 = 9A193E5B5416E800B1FEDD7A4C5425C9] (Intel(R) Corporation)
 adv05nt5.dll -> C:\WINDOWS\system32\drivers\adv05nt5.dll -> [2008/04/13 17:11:48 | 000,003,615 | ---- | M | MD5 = E2FB83E16D003E973C0A6F25CA39A281] (Intel(R) Corporation)
 adv07nt5.dll -> C:\WINDOWS\system32\drivers\adv07nt5.dll -> [2008/04/13 17:11:48 | 000,003,647 | ---- | M | MD5 = 23C8D06EBE70CA5D8364818AD6342BDA] (Intel(R) Corporation)
 adv08nt5.dll -> C:\WINDOWS\system32\drivers\adv08nt5.dll -> [2008/04/13 17:11:48 | 000,003,135 | ---- | M | MD5 = 9FD9797D7E74AEA57915C726D82697F4] (Intel(R) Corporation)
 adv09nt5.dll -> C:\WINDOWS\system32\drivers\adv09nt5.dll -> [2008/04/13 17:11:48 | 000,003,711 | ---- | M | MD5 = 76DEC026845C0C7679C194BF3FAD81F0] (Intel(R) Corporation)
 adv11nt5.dll -> C:\WINDOWS\system32\drivers\adv11nt5.dll -> [2008/04/13 17:11:48 | 000,003,775 | ---- | M | MD5 = DB6D4CBF4DEBFA810A83035952EEC707] (Intel(R) Corporation)
 atv01nt5.dll -> C:\WINDOWS\system32\drivers\atv01nt5.dll -> [2008/04/13 17:11:50 | 000,021,183 | ---- | M | MD5 = 1532382086A0B61982E69FEFFBA77469] (Intel(R) Corporation)
 atv02nt5.dll -> C:\WINDOWS\system32\drivers\atv02nt5.dll -> [2008/04/13 17:11:50 | 000,011,359 | ---- | M | MD5 = 99265584139E0361156AF8AAFB9F05FD] (Intel(R) Corporation)
 atv04nt5.dll -> C:\WINDOWS\system32\drivers\atv04nt5.dll -> [2008/04/13 17:11:50 | 000,025,471 | ---- | M | MD5 = 379F31C68379519C15A2B7BF66F8A80E] (Intel(R) Corporation)
 atv06nt5.dll -> C:\WINDOWS\system32\drivers\atv06nt5.dll -> [2008/04/13 17:11:50 | 000,014,143 | ---- | M | MD5 = 4CCDEF76BC20B56037C24D39E5C0E4EA] (Intel(R) Corporation)
 atv10nt5.dll -> C:\WINDOWS\system32\drivers\atv10nt5.dll -> [2008/04/13 17:11:50 | 000,017,279 | ---- | M | MD5 = AA4F39968C3C48F44AC93C19C74531AC] (Intel(R) Corporation)
 ch7xxnt5.dll -> C:\WINDOWS\system32\drivers\ch7xxnt5.dll -> [2008/04/13 17:11:50 | 000,015,423 | ---- | M | MD5 = 61ED91FDC8BDC432C9E51DDCB3D66FEE] (Intel(R) Corporation)
 siint5.dll -> C:\WINDOWS\system32\drivers\siint5.dll -> [2008/04/13 17:12:05 | 000,003,901 | ---- | M | MD5 = 6B910A4F9FD45CAE6579564DA22D69AE] (Intel(R) Corporation)
 vchnt5.dll -> C:\WINDOWS\system32\drivers\vchnt5.dll -> [2008/04/13 17:12:08 | 000,011,325 | ---- | M | MD5 = 5E9313B8BFB6025E7C38E9A0BF185303] (Intel(R) Corporation)
< %systemroot%\System32\drivers\*.ini >
< %systemroot%\System32\drivers\*.exe >
< %SYSTEMDRIVE%\*.* >
 AUTOEXEC.BAT -> C:\AUTOEXEC.BAT -> [2006/04/28 07:40:18 | 000,000,000 | ---- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
 autoexec.mba -> C:\autoexec.mba -> [2006/04/28 07:40:18 | 000,000,000 | ---- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
 Boot.bak -> C:\Boot.bak -> [2009/09/02 07:11:47 | 000,000,335 | ---- | M | MD5 = AE225011FFF8E752DE8CBB799A9490CD] ()
 boot.ini -> C:\boot.ini -> [2009/11/22 10:54:45 | 000,000,407 | RHS- | M | MD5 = 601D3021E9533F0DC7FAE3DC7DE3A06A] ()
 cmldr -> C:\cmldr -> [2004/08/04 00:00:00 | 000,260,272 | ---- | M | MD5 = 94E5450C43E4CF78E1D3AD4816966909] ()
 ComboFix.txt -> C:\ComboFix.txt -> [2009/11/22 18:06:09 | 000,018,933 | ---- | M | MD5 = 8B6CCEDF018D5C0941CF2C2CA3B89046] ()
 config.mba -> C:\config.mba -> [2006/04/28 07:40:18 | 000,000,000 | ---- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
 CONFIG.SYS -> C:\CONFIG.SYS -> [2006/04/28 07:40:18 | 000,000,000 | ---- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
 IO.SYS -> C:\IO.SYS -> [2006/04/28 07:40:18 | 000,000,000 | RHS- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
 MSDOS.SYS -> C:\MSDOS.SYS -> [2006/04/28 07:40:18 | 000,000,000 | RHS- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
 NTDETECT.COM -> C:\NTDETECT.COM -> [2004/08/04 05:00:00 | 000,047,564 | RHS- | M | MD5 = B2DE3452DE03674C6CEC68B8C8CE7C78] ()
 ntldr -> C:\ntldr -> [2005/03/25 02:00:00 | 000,295,536 | -H-- | M | MD5 = EAAD72A0CBD33F63D4CDA5E933A5D6D8] ()
 pagefile.sys -> C:\pagefile.sys -> [2010/04/07 19:32:41 | 2145,386,496 | -HS- | M | Unable to obtain MD5] ()
 SAPGUIlog.txt -> C:\SAPGUIlog.txt -> [2006/04/28 11:38:20 | 000,000,639 | ---- | M | MD5 = 7DFDAA329BF504E8585A87D2586DD217] ()
 tmuninst.ini -> C:\tmuninst.ini -> [2008/09/11 09:23:09 | 000,000,021 | ---- | M | MD5 = 05366F70AB13209D326C42926BE5844E] ()
< %PROGRAMFILES%\*. >
 Adobe -> C:\Program Files\Adobe -> [2008/12/18 11:58:36 | 000,000,000 | ---D | M]
 Amazon -> C:\Program Files\Amazon -> [2009/11/29 15:47:17 | 000,000,000 | ---D | M]
 Broadcom -> C:\Program Files\Broadcom -> [2008/06/28 22:20:33 | 000,000,000 | ---D | M]
 Cheat Engine -> C:\Program Files\Cheat Engine -> [2010/04/07 21:19:41 | 000,000,000 | ---D | M]
 Common Files -> C:\Program Files\Common Files -> [2010/01/26 22:14:37 | 000,000,000 | ---D | M]
 ComPlus Applications -> C:\Program Files\ComPlus Applications -> [2006/04/28 07:37:26 | 000,000,000 | ---D | M]
 CONEXANT -> C:\Program Files\CONEXANT -> [2008/06/28 22:36:43 | 000,000,000 | ---D | M]
 CyberLink -> C:\Program Files\CyberLink -> [2008/06/28 22:43:28 | 000,000,000 | ---D | M]
 Dell -> C:\Program Files\Dell -> [2009/09/02 07:46:31 | 000,000,000 | ---D | M]
 DellTPad -> C:\Program Files\DellTPad -> [2008/06/28 22:26:41 | 000,000,000 | ---D | M]
 DIFX -> C:\Program Files\DIFX -> [2009/06/18 17:32:38 | 000,000,000 | ---D | M]
 eqsydv -> C:\Program Files\eqsydv -> [2009/10/15 21:21:43 | 000,000,000 | ---D | M]
 Google -> C:\Program Files\Google -> [2009/12/02 23:05:25 | 000,000,000 | ---D | M]
 InstallShield Installation Information -> C:\Program Files\InstallShield Installation Information -> [2008/06/28 22:43:27 | 000,000,000 | -H-D | M]
 Intel -> C:\Program Files\Intel -> [2008/06/29 20:39:26 | 000,000,000 | ---D | M]
 Internet Explorer -> C:\Program Files\Internet Explorer -> [2010/03/20 16:44:15 | 000,000,000 | ---D | M]
 Juniper Networks -> C:\Program Files\Juniper Networks -> [2008/06/28 22:49:18 | 000,000,000 | ---D | M]
 Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009/10/26 13:43:07 | 000,000,000 | ---D | M]
 Messenger -> C:\Program Files\Messenger -> [2008/06/28 22:31:39 | 000,000,000 | ---D | M]
 Microsoft CAPICOM 2.1.0.2 -> C:\Program Files\Microsoft CAPICOM 2.1.0.2 -> [2009/08/06 09:20:24 | 000,000,000 | ---D | M]
 microsoft frontpage -> C:\Program Files\microsoft frontpage -> [2006/04/28 07:40:40 | 000,000,000 | ---D | M]
 Microsoft Office -> C:\Program Files\Microsoft Office -> [2009/08/06 08:28:45 | 000,000,000 | ---D | M]
 Microsoft Office Communicator -> C:\Program Files\Microsoft Office Communicator -> [2009/06/18 18:17:21 | 000,000,000 | ---D | M]
 Microsoft Virtual PC -> C:\Program Files\Microsoft Virtual PC -> [2009/12/28 14:16:33 | 000,000,000 | ---D | M]
 Microsoft Visual Studio -> C:\Program Files\Microsoft Visual Studio -> [2006/04/28 10:55:35 | 000,000,000 | ---D | M]
 Microsoft Visual Studio 8 -> C:\Program Files\Microsoft Visual Studio 8 -> [2009/08/06 08:27:08 | 000,000,000 | ---D | M]
 Microsoft Works -> C:\Program Files\Microsoft Works -> [2009/08/06 08:29:06 | 000,000,000 | ---D | M]
 Microsoft.NET -> C:\Program Files\Microsoft.NET -> [2009/08/06 08:28:30 | 000,000,000 | ---D | M]
 Movie Maker -> C:\Program Files\Movie Maker -> [2009/07/13 15:39:32 | 000,000,000 | ---D | M]
 MSBuild -> C:\Program Files\MSBuild -> [2009/08/06 08:19:27 | 000,000,000 | ---D | M]
 MSECache -> C:\Program Files\MSECache -> [2009/08/06 08:36:33 | 000,000,000 | ---D | M]
 msn -> C:\Program Files\msn -> [2009/07/13 15:39:33 | 000,000,000 | ---D | M]
 msn gaming zone -> C:\Program Files\msn gaming zone -> [2006/04/28 07:40:40 | 000,000,000 | ---D | M]
 MSXML 4.0 -> C:\Program Files\MSXML 4.0 -> [2008/09/15 09:39:14 | 000,000,000 | ---D | M]
 MSXML 6.0 -> C:\Program Files\MSXML 6.0 -> [2009/06/08 11:59:05 | 000,000,000 | ---D | M]
 NetMeeting -> C:\Program Files\NetMeeting -> [2009/07/13 15:35:27 | 000,000,000 | ---D | M]
 Nortel Networks -> C:\Program Files\Nortel Networks -> [2009/08/04 08:16:13 | 000,000,000 | ---D | M]
 NOS -> C:\Program Files\NOS -> [2008/09/15 10:34:38 | 000,000,000 | ---D | M]
 O2Micro OZ776 SCR Driver -> C:\Program Files\O2Micro OZ776 SCR Driver -> [2008/06/28 22:22:28 | 000,000,000 | ---D | M]
 Online Services -> C:\Program Files\Online Services -> [2006/04/28 07:38:38 | 000,000,000 | ---D | M]
 Outlook Express -> C:\Program Files\Outlook Express -> [2009/09/02 07:32:19 | 000,000,000 | ---D | M]
 QuickTime -> C:\Program Files\QuickTime -> [2009/06/19 14:10:17 | 000,000,000 | ---D | M]
 Reference Assemblies -> C:\Program Files\Reference Assemblies -> [2009/06/08 12:04:24 | 000,000,000 | ---D | M]
 Ricochet Xtreme -> C:\Program Files\Ricochet Xtreme -> [2009/11/30 20:10:43 | 000,000,000 | ---D | M]
 Roxio -> C:\Program Files\Roxio -> [2010/01/12 06:51:23 | 000,000,000 | ---D | M]
 SAP -> C:\Program Files\SAP -> [2008/09/22 15:43:48 | 000,000,000 | ---D | M]
 Siemens -> C:\Program Files\Siemens -> [2010/01/12 23:54:17 | 000,000,000 | ---D | M]
 SigmaTel -> C:\Program Files\SigmaTel -> [2008/06/28 22:15:38 | 000,000,000 | ---D | M]
 stt -> C:\Program Files\stt -> [2010/04/07 12:33:12 | 000,000,000 | ---D | M]
 Trend Micro -> C:\Program Files\Trend Micro -> [2006/04/28 11:02:16 | 000,000,000 | ---D | M]
 TrustedCA_Client -> C:\Program Files\TrustedCA_Client -> [2008/09/11 15:59:46 | 000,000,000 | ---D | M]
 UGS -> C:\Program Files\UGS -> [2010/01/12 23:51:38 | 000,000,000 | ---D | M]
 Uninstall Information -> C:\Program Files\Uninstall Information -> [2006/04/28 07:45:18 | 000,000,000 | -H-D | M]
 VMware -> C:\Program Files\VMware -> [2008/09/15 09:57:23 | 000,000,000 | ---D | M]
 Windows Desktop Search -> C:\Program Files\Windows Desktop Search -> [2009/08/06 08:34:22 | 000,000,000 | ---D | M]
 Windows Media Connect 2 -> C:\Program Files\Windows Media Connect 2 -> [2008/09/12 10:33:07 | 000,000,000 | ---D | M]
 Windows Media Player -> C:\Program Files\Windows Media Player -> [2009/07/13 15:35:22 | 000,000,000 | ---D | M]
 Windows NT -> C:\Program Files\Windows NT -> [2009/07/13 15:35:21 | 000,000,000 | ---D | M]
 WindowsUpdate -> C:\Program Files\WindowsUpdate -> [2006/04/28 07:38:40 | 000,000,000 | -H-D | M]
 xerox -> C:\Program Files\xerox -> [2006/04/28 07:40:40 | 000,000,000 | ---D | M]
< %appdata%\*.* >
 desktop.ini -> C:\Documents and Settings\price\Application Data\desktop.ini -> [2006/04/28 03:33:55 | 000,000,062 | -HS- | M | MD5 = 88CF0FF92A4A9FA7BD9B7513B2E9E22B] ()
< End of report >


Last edited by stevo90277 on Sat Apr 10, 2010 5:04 pm; edited 1 time in total

stevo90277
Novice
Novice

Status :
Online
Offline

Posts : 23
Joined : 2009-10-23
OS : Windows XP

View user profile

Back to top Go down

Re: I caught a virus, goes by av.exe in the TM

Post by Dr Jay on Sat Apr 10, 2010 6:28 pm

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

Code:
[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> salesforce.com .[https] -> Trusted sites
YN -> *.industrysoftware.automation_siemens.com [*] -> Trusted sites
YN -> ura_siemens.us [https] -> Trusted sites
YN -> ugs.com .[*] -> Trusted sites
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> salesforce.com .[https] -> Trusted sites
YN -> *.industrysoftware.automation_siemens.com [*] -> Trusted sites
YN -> ura_siemens.us [https] -> Trusted sites
YN -> ugs.com .[*] -> Trusted sites
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-954228201-601818101-482762101-64346\] > -> HKEY_USERS\S-1-5-21-954228201-601818101-482762101-64346\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> salesforce.com .[https] -> Trusted sites
YN -> *.industrysoftware.automation_siemens.com [*] -> Trusted sites
YN -> ura_siemens.us [https] -> Trusted sites
YN -> ugs.com . ->
YN ->  [*] -> Trusted sites
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\
YY -> .exe [@ = secfile] -> C:\Documents and Settings\LocalService\Local Settings\Application Data\ave.exe
< File Associations - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Classes\\
YY -> .exe [@ = secfile] -> C:\Documents and Settings\LocalService\Local Settings\Application Data\ave.exe
YY -> .exe [@ = secfile] -> C:\Documents and Settings\LocalService\Local Settings\Application Data\ave.exe
YY -> .exe [@ = secfile] -> C:\Documents and Settings\price\Local Settings\Application Data\av.exe
[Files/Folders - Modified Within 90 Days]
NY ->  olV3RohQ -> C:\Documents and Settings\price\Local Settings\Application Data\olV3RohQ
NY ->  olV3RohQ -> C:\Documents and Settings\All Users\Application Data\olV3RohQ
NY ->  506037238 -> C:\Documents and Settings\price\Local Settings\Application Data\506037238
NY ->  506037238 -> C:\Documents and Settings\All Users\Application Data\506037238
NY ->  4133361706 -> C:\Documents and Settings\All Users\Application Data\4133361706
NY ->  4133361706 -> C:\Documents and Settings\price\Local Settings\Application Data\4133361706
NY ->  av.exe -> C:\Documents and Settings\All Users\Application Data\av.exe
NY ->  ave.exe -> C:\Documents and Settings\All Users\Application Data\ave.exe
NY ->  vma.exe -> C:\Documents and Settings\price\Local Settings\Application Data\vma.exe
NY ->  av.exe -> C:\Documents and Settings\price\Local Settings\Application Data\av.exe
NY ->  MSASCui.exe -> C:\Documents and Settings\price\Local Settings\Application Data\MSASCui.exe
NY ->  ave.exe -> C:\Documents and Settings\price\Local Settings\Application Data\ave.exe
[Purity]
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: I caught a virus, goes by av.exe in the TM

Post by stevo90277 on Sat Apr 10, 2010 11:27 pm

I did it. It asked me to reboot. I did. When it booted up, I didn't see any change in the log. Did I do it right?

stevo90277
Novice
Novice

Status :
Online
Offline

Posts : 23
Joined : 2009-10-23
OS : Windows XP

View user profile

Back to top Go down

Re: I caught a virus, goes by av.exe in the TM

Post by Dr Jay on Sun Apr 11, 2010 9:27 am

Do you mean nothing appeared in the fix log from OTS?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: I caught a virus, goes by av.exe in the TM

Post by stevo90277 on Sun Apr 11, 2010 2:28 pm

that's correct. Also, now none of my programs start up normally - a dialog screen asking what program I want to use to start up the program pops up for everything I try to run.

stevo90277
Novice
Novice

Status :
Online
Offline

Posts : 23
Joined : 2009-10-23
OS : Windows XP

View user profile

Back to top Go down

Re: I caught a virus, goes by av.exe in the TM

Post by Dr Jay on Sun Apr 11, 2010 6:09 pm

Download [You must be registered and logged in to see this link.] to your desktop

  • A window will pop up, Press 2 and then Enter. A scan will start, let it run uninterrupted. It should only take a few minutes.
  • A log will appear when it is finished, it will also be saved in the same location as LockSearch, which should be on your desktop. Post the contents of the log in your reply


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: I caught a virus, goes by av.exe in the TM

Post by stevo90277 on Mon Apr 12, 2010 6:38 pm

LockSearch by jpshortstuff (05.11.09.1)
Log created at 18:51 on 11/04/2010 (price)
Scanning C:\


C:\pagefile.sys
-------------------------


C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe
-------------------------


C:\Documents and Settings\price\Local Settings\Application Data\avG\av.exe
-------------------------


C:\Documents and Settings\price\Local Settings\Application Data\avG\ave.exe
-------------------------


C:\Documents and Settings\price\Local Settings\Application Data\avG\MSASCui.exe
-------------------------


C:\Documents and Settings\price\Local Settings\Application Data\avG\vma.exe
-------------------------


C:\Documents and Settings\price\Local Settings\Application Data\Microsoft\Windows Defender\av.exe
-------------------------


C:\Documents and Settings\price\Local Settings\Application Data\Microsoft\Windows Defender\ave.exe
-------------------------


C:\Documents and Settings\price\Local Settings\Application Data\Microsoft\Windows Defender\MSASCui.exe
-------------------------


C:\Documents and Settings\price\Local Settings\Application Data\Microsoft\Windows Defender\vma.exe
-------------------------


C:\System Volume Information\_restore{9D862C0B-DFCE-497A-833E-904DC67CD429}\RP108\A0017061.exe
-------------------------


C:\System Volume Information\_restore{9D862C0B-DFCE-497A-833E-904DC67CD429}\RP108\A0017063.exe
-------------------------


C:\System Volume Information\_restore{9D862C0B-DFCE-497A-833E-904DC67CD429}\RP108\A0017064.exe
-------------------------


C:\System Volume Information\_restore{9D862C0B-DFCE-497A-833E-904DC67CD429}\RP112\A0021121.exe
-------------------------


C:\System Volume Information\_restore{9D862C0B-DFCE-497A-833E-904DC67CD429}\RP112\A0021122.exe
-------------------------


C:\System Volume Information\_restore{9D862C0B-DFCE-497A-833E-904DC67CD429}\RP112\A0021123.exe
-------------------------


C:\System Volume Information\_restore{9D862C0B-DFCE-497A-833E-904DC67CD429}\RP112\A0021124.exe
-------------------------


C:\System Volume Information\_restore{9D862C0B-DFCE-497A-833E-904DC67CD429}\RP112\A0021125.exe
-------------------------


C:\System Volume Information\_restore{9D862C0B-DFCE-497A-833E-904DC67CD429}\RP112\A0021126.exe
-------------------------


C:\System Volume Information\_restore{9D862C0B-DFCE-497A-833E-904DC67CD429}\RP112\A0021127.exe
-------------------------


C:\System Volume Information\_restore{9D862C0B-DFCE-497A-833E-904DC67CD429}\RP112\A0021128.exe
-------------------------


C:\System Volume Information\_restore{9D862C0B-DFCE-497A-833E-904DC67CD429}\RP112\A0021129.exe
-------------------------


C:\_OTS\MovedFiles\04102010_161602\C_Documents and Settings\All Users\Application Data\av.exe
-------------------------


C:\_OTS\MovedFiles\04102010_161602\C_Documents and Settings\All Users\Application Data\ave.exe
-------------------------


C:\_OTS\MovedFiles\04102010_161602\C_Documents and Settings\price\Local Settings\Application Data\ave.exe
-------------------------


C:\_OTS\MovedFiles\04102010_161602\C_Documents and Settings\price\Local Settings\Application Data\MSASCui.exe
-------------------------


C:\_OTS\MovedFiles\04102010_161602\C_Documents and Settings\price\Local Settings\Application Data\vma.exe
-------------------------

-=E.O.F=-

stevo90277
Novice
Novice

Status :
Online
Offline

Posts : 23
Joined : 2009-10-23
OS : Windows XP

View user profile

Back to top Go down

Re: I caught a virus, goes by av.exe in the TM

Post by Dr Jay on Tue Apr 13, 2010 1:52 am

Please download [You must be registered and logged in to see this link.]

  • Save it to your desktop.
  • Please double-click OTM to run it. (Note for Vista: Right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL C (or, after highlighting, right-click and choose CopyCrying

    :files
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe
    C:\Documents and Settings\price\Local Settings\Application Data\avG\av.exe
    C:\Documents and Settings\price\Local Settings\Application Data\avG\ave.exe
    C:\Documents and Settings\price\Local Settings\Application Data\avG\MSASCui.exe
    C:\Documents and Settings\price\Local Settings\Application Data\avG\vma.exe
    C:\Documents and Settings\price\Local Settings\Application Data\Microsoft\Windows Defender\av.exe
    C:\Documents and Settings\price\Local Settings\Application Data\Microsoft\Windows Defender\ave.exe
    C:\Documents and Settings\price\Local Settings\Application Data\Microsoft\Windows Defender\MSASCui.exe
    C:\Documents and Settings\price\Local Settings\Application Data\Microsoft\Windows Defender\vma.exe

    :Commands
    [emptytemp]
    [purity]
    [Reboot]

  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and
open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: I caught a virus, goes by av.exe in the TM

Post by stevo90277 on Wed Apr 14, 2010 11:43 pm

All processes killed
========== FILES ==========
File/Folder C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe not found.
File/Folder C:\Documents and Settings\price\Local Settings\Application Data\avG\av.exe not found.
File/Folder C:\Documents and Settings\price\Local Settings\Application Data\avG\ave.exe not found.
File/Folder C:\Documents and Settings\price\Local Settings\Application Data\avG\MSASCui.exe not found.
File/Folder C:\Documents and Settings\price\Local Settings\Application Data\avG\vma.exe not found.
File/Folder C:\Documents and Settings\price\Local Settings\Application Data\Microsoft\Windows Defender\av.exe not found.
File/Folder C:\Documents and Settings\price\Local Settings\Application Data\Microsoft\Windows Defender\ave.exe not found.
File/Folder C:\Documents and Settings\price\Local Settings\Application Data\Microsoft\Windows Defender\MSASCui.exe not found.
File/Folder C:\Documents and Settings\price\Local Settings\Application Data\Microsoft\Windows Defender\vma.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: price
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 868776 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: salesadmin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: systemaccount
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: zzsttadmin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 6174 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 313440 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.00 mb


OTM by OldTimer - Version 3.1.10.1 log created on 04142010_163412

Files moved on Reboot...
File C:\WINDOWS\temp\Perflib_Perfdata_6c8.dat not found!

Registry entries deleted on Reboot...

stevo90277
Novice
Novice

Status :
Online
Offline

Posts : 23
Joined : 2009-10-23
OS : Windows XP

View user profile

Back to top Go down

Re: I caught a virus, goes by av.exe in the TM

Post by Dr Jay on Thu Apr 15, 2010 1:29 am

That did not work so well. Goofy

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: I caught a virus, goes by av.exe in the TM

Post by stevo90277 on Fri Apr 16, 2010 6:45 pm

combofix log 1/3

ComboFix 10-04-15.05 - price 04/16/2010 11:05:40.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2923 [GMT -7:00]
Running from: c:\documents and settings\price\Desktop\ComboFix.exe
AV: Trend Micro OfficeScan Antivirus *On-access scanning disabled* (Outdated) {0DAA9119-FD08-45C7-A0D4-435C2125DC25}
AV: Trend Micro OfficeScan Antivirus *On-access scanning disabled* (Outdated) {63AEB1F9-3232-41B0-85E9-57A26F039C34}
AV: Trend Micro OfficeScan Antivirus *On-access scanning disabled* (Outdated) {E6508629-3691-4CDC-A98C-DBB1C46CE0E8}
AV: Trend Micro OfficeScan Antivirus *On-access scanning disabled* (Outdated) {EE66AC07-84E2-41D3-A1F6-CAA0156912A4}
AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {07F71C9E-8DE4-4226-B23A-C065A56821F8}
AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {0BEAD907-62D3-45B6-91D7-1B7B378434FD}
AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {495CC023-7AA3-4062-9163-DAFC95BCCB95}
AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {6789DEB4-4214-4AE8-A310-E2DED4AE8079}
AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {9DFB6C67-B09B-451B-96C8-8F03241927EE}
AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {D5C7FEBD-12D0-4782-8AD7-6B290082768C}
AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {DE57F669-2848-4BDC-83C0-C5C7E3AF3D7B}
FW: Trend Micro OfficeScan Enterprise Client Firewall *disabled* {63AEB1F9-3232-41B0-85E9-57A26F039C34}
FW: Trend Micro OfficeScan Enterprise Client Firewall *enabled* {71A20E43-2C24-456C-AF94-9682743CB5C4}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\Cheat Engine\dbk32.sys

----- BITS: Possible infected sites -----

[You must be registered and logged in to see this link.]
.
((((((((((((((((((((((((( Files Created from 2010-03-16 to 2010-04-16 )))))))))))))))))))))))))))))))
.

2010-04-14 23:34 . 2010-04-14 23:34 -------- d-----w- C:\_OTM
2010-04-10 23:16 . 2010-04-10 23:16 -------- d-----w- C:\_OTS
2010-04-08 02:34 . 2010-04-12 01:51 -------- d-----w- c:\documents and settings\price\Local Settings\Application Data\avG
2010-04-06 14:16 . 2010-04-06 14:16 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-06 14:16 . 2010-04-06 14:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-06 14:07 . 2008-04-13 20:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-04-06 14:07 . 2008-04-13 20:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-03-19 17:52 . 2009-12-14 07:08 33280 -c----w- c:\windows\system32\dllcache\csrsrv.dll
2010-03-19 17:52 . 2009-12-08 09:23 474112 -c----w- c:\windows\system32\dllcache\shlwapi.dll
2010-03-19 17:52 . 2009-12-16 18:43 343040 -c----w- c:\windows\system32\dllcache\mspaint.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-16 18:12 . 2009-10-13 04:05 -------- d-----w- c:\program files\Cheat Engine
2010-04-15 06:20 . 2010-04-14 23:41 6174 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-04-15 06:14 . 2008-09-23 06:53 49024 ----a-w- c:\windows\system32\drivers\ql1280.sys
2010-04-15 00:45 . 2008-06-29 05:17 43861 ----a-w- c:\windows\system32\nvModes.dat
2010-04-14 23:46 . 2009-06-08 19:08 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-07 19:33 . 2009-09-02 14:43 -------- d-----w- c:\program files\stt
2010-03-20 23:43 . 2008-09-23 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-04 18:36 . 2009-09-02 14:43 42043 ----a-w- c:\windows\SttService.exe
2010-02-26 05:14 . 2010-02-26 05:14 -------- d-----w- c:\documents and settings\price\Application Data\Apple Computer
2010-02-01 20:23 . 2009-12-28 21:38 165232 ---ha-w- c:\documents and settings\price\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll
2008-06-12 12:53 . 2008-09-22 22:57 3125248 ----a-w- c:\program files\Common Files\sapxlhelper.dll
2008-06-12 12:53 . 2008-09-22 22:57 192512 ----a-w- c:\program files\Common Files\sapconsr3.dll
2008-06-12 12:53 . 2008-09-22 22:57 626688 ----a-w- c:\program files\Common Files\sapconsaccess.dll
2008-06-12 12:53 . 2008-09-22 22:57 949760 ----a-w- c:\program files\Common Files\SAPActiveXL_nosig.xlt
2008-06-12 12:53 . 2008-09-22 22:57 955904 ----a-w- c:\program files\Common Files\SAPActiveXL.xlt
2008-06-12 12:53 . 2008-09-22 22:57 40960 ----a-w- c:\program files\Common Files\DigitalSignature.ocx
2007-07-09 21:30 . 2007-07-09 21:30 57344 ----a-w- c:\program files\internet explorer\plugins\PluginWrapper.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-04-28 14:50 . 2009-08-07 03:24 44768 c:\windows\system32\wups2.dll
+ 2006-04-28 14:38 . 2009-08-07 03:24 35552 c:\windows\system32\wups.dll
+ 2006-04-28 14:38 . 2009-08-07 03:24 53472 c:\windows\system32\wuauclt.exe
+ 2009-10-09 22:56 . 2009-10-09 22:56 14848 c:\windows\system32\wsmprovhost.exe
+ 2009-10-09 22:56 . 2009-10-09 22:56 12288 c:\windows\system32\wsmplpxy.dll
+ 2009-10-19 21:06 . 2009-10-19 21:06 12800 c:\windows\system32\wksprtPS.dll
+ 2009-10-09 22:56 . 2009-10-09 22:56 12288 c:\windows\system32\winrssrv.dll
+ 2009-10-09 22:56 . 2009-10-09 22:56 22528 c:\windows\system32\winrshost.exe
+ 2009-10-10 00:22 . 2009-10-10 00:22 69632 c:\windows\system32\winrs.exe
+ 2009-10-09 22:56 . 2009-10-09 22:56 25088 c:\windows\system32\winrmprov.dll
+ 2009-10-09 22:56 . 2009-10-09 22:56 24064 c:\windows\system32\WindowsPowerShell\v1.0\pwrshsip.dll
+ 2009-12-12 23:22 . 2001-08-18 06:36 87040 c:\windows\system32\wiafbdrv.dll
+ 2008-09-11 16:43 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2009-10-19 21:06 . 2009-10-19 21:06 46080 c:\windows\system32\TSWbPrxy.exe
+ 2008-09-11 16:45 . 2009-10-19 21:06 36864 c:\windows\system32\tsgQec.dll
+ 2006-04-28 15:05 . 2009-06-16 17:58 26144 c:\windows\system32\spupdsvc.exe
+ 2008-03-07 21:00 . 2007-06-22 15:35 92160 c:\windows\system32\spool\drivers\w32x86\3\xxuiwlv7.dll
+ 2008-03-07 21:00 . 2007-06-22 15:35 92672 c:\windows\system32\spool\drivers\w32x86\3\xxstrv7.dll
+ 2008-03-07 21:00 . 2007-06-22 15:35 10752 c:\windows\system32\spool\drivers\w32x86\3\xxresv7.dll
+ 2008-03-07 21:00 . 2007-06-22 15:37 82432 c:\windows\system32\spool\drivers\w32x86\3\xwprenv7.dll
+ 2004-12-07 13:28 . 2004-12-07 14:28 81288 c:\windows\system32\spool\drivers\w32x86\3\XLndAlrt.dat
+ 2007-04-26 20:37 . 2007-04-26 21:37 15360 c:\windows\system32\spool\drivers\w32x86\3\XBD32.DLL
+ 2008-09-12 17:33 . 2009-06-16 17:58 16928 c:\windows\system32\spmsg.dll
+ 2009-12-29 00:06 . 2009-08-07 03:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-12-29 00:06 . 2009-08-07 03:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 79872 c:\windows\system32\raschap.dll
+ 2004-08-04 12:00 . 2009-10-12 13:38 79872 c:\windows\system32\raschap.dll
+ 2009-10-10 00:22 . 2009-10-10 00:22 42496 c:\windows\system32\pwrshplugin.dll
- 2004-08-04 12:00 . 2009-04-29 04:56 44544 c:\windows\system32\pngfilt.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 44544 c:\windows\system32\pngfilt.dll
+ 2004-08-04 12:00 . 2009-10-08 22:56 20480 c:\windows\system32\oleaccrc.dll
+ 2009-10-19 21:06 . 2009-10-19 21:06 44544 c:\windows\system32\MsRdpWebAccess.dll
- 2007-08-13 22:54 . 2009-04-29 04:55 52224 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 22:54 . 2010-01-05 10:00 52224 c:\windows\system32\msfeedsbs.dll
+ 2004-08-04 12:00 . 2009-09-04 21:03 58880 c:\windows\system32\msasn1.dll
+ 2009-12-03 14:31 . 2009-12-03 14:31 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2008-09-15 17:21 . 2010-02-18 06:03 84507 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
- 2004-08-04 12:00 . 2009-04-29 04:55 27648 c:\windows\system32\jsproxy.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 27648 c:\windows\system32\jsproxy.dll
+ 2010-01-27 05:15 . 2009-05-04 18:30 53346 c:\windows\system32\javaw.exe
+ 2010-01-27 05:15 . 2009-05-04 18:29 53344 c:\windows\system32\java.exe
+ 2007-08-13 22:39 . 2009-12-31 15:33 13824 c:\windows\system32\ieudinit.exe
- 2007-08-13 22:39 . 2009-04-28 09:05 13824 c:\windows\system32\ieudinit.exe
+ 2004-08-04 12:00 . 2010-01-05 10:00 44544 c:\windows\system32\iernonce.dll
- 2004-08-04 12:00 . 2009-04-29 04:55 44544 c:\windows\system32\iernonce.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 78336 c:\windows\system32\ieencode.dll
- 2004-08-04 12:00 . 2009-04-29 04:55 78336 c:\windows\system32\ieencode.dll
+ 2004-08-04 12:00 . 2009-12-31 15:33 70656 c:\windows\system32\ie4uinit.exe
- 2004-08-04 12:00 . 2009-04-28 09:05 70656 c:\windows\system32\ie4uinit.exe
- 2007-08-13 22:36 . 2009-04-29 04:55 63488 c:\windows\system32\icardie.dll
+ 2007-08-13 22:36 . 2010-01-05 10:00 63488 c:\windows\system32\icardie.dll
+ 2009-12-12 23:22 . 2001-08-18 06:36 13312 c:\windows\system32\hpsjmcro.dll
- 2004-08-04 12:00 . 2009-06-16 14:36 81920 c:\windows\system32\fontsub.dll
+ 2004-08-04 12:00 . 2009-10-15 16:28 81920 c:\windows\system32\fontsub.dll
+ 2007-01-29 14:20 . 2007-01-29 14:20 59280 c:\windows\system32\drivers\VMNetSrv.sys
+ 2009-12-12 23:22 . 2008-04-13 21:45 15104 c:\windows\system32\drivers\usbscan.sys
+ 2006-04-28 14:38 . 2009-08-07 03:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2006-04-28 14:38 . 2009-08-07 03:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2009-10-19 21:06 . 2009-10-19 21:06 12800 c:\windows\system32\dllcache\wksprtPS.dll
+ 2009-12-12 23:22 . 2001-08-18 06:36 87040 c:\windows\system32\dllcache\wiafbdrv.dll
+ 2009-12-12 23:22 . 2008-04-13 21:45 15104 c:\windows\system32\dllcache\usbscan.sys
+ 2009-10-19 21:06 . 2009-10-19 21:06 46080 c:\windows\system32\dllcache\TSWbPrxy.exe
+ 2009-10-19 21:06 . 2009-10-19 21:06 36864 c:\windows\system32\dllcache\tsgQec.dll
+ 2010-01-04 16:17 . 2009-10-12 13:38 79872 c:\windows\system32\dllcache\raschap.dll
+ 2008-09-23 06:53 . 2010-04-15 06:14 49024 c:\windows\system32\dllcache\ql1280.sys
- 2008-09-23 06:53 . 2001-08-17 17:52 49024 c:\windows\system32\dllcache\ql1280.sys
- 2004-08-04 12:00 . 2009-04-29 04:56 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-04 12:00 . 2009-10-08 22:56 20480 c:\windows\system32\dllcache\oleaccrc.dll
+ 2009-10-19 21:06 . 2009-10-19 21:06 44544 c:\windows\system32\dllcache\MsRdpWebAccess.dll
+ 2008-09-12 16:44 . 2010-01-05 10:00 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-09-12 16:44 . 2009-04-29 04:55 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2010-01-04 16:14 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll
- 2004-08-04 12:00 . 2009-04-29 04:55 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2008-09-12 16:44 . 2009-12-31 15:33 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2008-09-12 16:44 . 2009-04-28 09:05 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2004-08-04 12:00 . 2010-01-05 10:00 44544 c:\windows\system32\dllcache\iernonce.dll
- 2004-08-04 12:00 . 2009-04-29 04:55 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 78336 c:\windows\system32\dllcache\ieencode.dll
- 2004-08-04 12:00 . 2009-04-29 04:55 78336 c:\windows\system32\dllcache\ieencode.dll
- 2004-08-04 12:00 . 2009-04-28 09:05 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-04 12:00 . 2009-12-31 15:33 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2008-09-12 16:44 . 2009-04-29 04:55 63488 c:\windows\system32\dllcache\icardie.dll
+ 2008-09-12 16:44 . 2010-01-05 10:00 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-12-12 23:22 . 2001-08-18 06:36 13312 c:\windows\system32\dllcache\hpsjmcro.dll
- 2008-06-29 05:23 . 2009-06-16 14:36 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2008-06-29 05:23 . 2009-10-15 16:28 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2010-01-04 16:12 . 2010-01-05 10:00 17408 c:\windows\system32\dllcache\corpol.dll
+ 2004-08-04 12:00 . 2009-08-07 03:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2004-08-04 12:00 . 2009-12-14 07:08 33280 c:\windows\system32\csrsrv.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 17408 c:\windows\system32\corpol.dll
+ 2009-07-09 18:24 . 2010-04-07 15:25 70920 c:\windows\system32\config\systemprofile\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
+ 2004-08-04 12:00 . 2009-08-07 03:24 96480 c:\windows\system32\cdm.dll
+ 2010-03-25 05:38 . 2010-03-25 05:38 11412 c:\windows\SoftwareDistribution\EventCache\{C9627E36-FA69-41D3-8473-3683A4D8A63B}.bin
+ 2009-06-25 03:56 . 2009-06-25 03:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
+ 2008-05-28 08:49 . 2008-05-28 08:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2007-04-14 03:58 . 2007-04-14 03:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2008-05-28 08:49 . 2008-05-28 08:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2007-04-14 03:57 . 2007-04-14 03:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2007-04-14 03:57 . 2007-04-14 03:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2008-05-28 08:49 . 2008-05-28 08:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2008-05-28 09:30 . 2008-05-28 09:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2007-04-14 04:30 . 2007-04-14 04:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-03-17 21:21 . 2010-03-17 21:21 22528 c:\windows\Installer\29b49a57.msi
+ 2010-01-11 01:10 . 2010-01-11 01:10 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2009-08-06 15:29 . 2010-03-20 23:43 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-08-06 15:29 . 2009-08-06 16:21 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-08-06 15:29 . 2010-03-20 23:43 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-08-06 15:29 . 2009-08-06 16:21 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-08-06 15:29 . 2010-03-20 23:43 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-08-06 15:29 . 2009-08-06 16:21 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-01-13 06:54 . 2010-01-13 06:54 90126 c:\windows\Installer\{65826D4C-79E6-4EEB-925F-87AF08206CAF}\NewShortcut4_D6F3B387396040109193E23DA8DCF248.exe
+ 2010-01-13 06:54 . 2010-01-13 06:54 90126 c:\windows\Installer\{65826D4C-79E6-4EEB-925F-87AF08206CAF}\NewShortcut3_D6F3B387396040109193E23DA8DCF248.exe
+ 2010-01-13 06:54 . 2010-01-13 06:54 65536 c:\windows\Installer\{65826D4C-79E6-4EEB-925F-87AF08206CAF}\NewShortcut2_F9E04826A01C4F85B5BA6BA9826F32CF.exe
+ 2010-01-13 06:54 . 2010-01-13 06:54 65536 c:\windows\Installer\{65826D4C-79E6-4EEB-925F-87AF08206CAF}\NewShortcut1.exe
+ 2010-03-20 23:44 . 2009-10-29 07:46 44544 c:\windows\ie7updates\KB978207-IE7\pngfilt.dll
+ 2010-03-20 23:44 . 2009-10-29 07:46 52224 c:\windows\ie7updates\KB978207-IE7\msfeedsbs.dll
+ 2010-03-20 23:44 . 2009-10-29 07:46 27648 c:\windows\ie7updates\KB978207-IE7\jsproxy.dll
+ 2010-03-20 23:44 . 2009-10-28 14:36 13824 c:\windows\ie7updates\KB978207-IE7\ieudinit.exe
+ 2010-03-20 23:44 . 2009-10-29 07:46 44544 c:\windows\ie7updates\KB978207-IE7\iernonce.dll
+ 2010-03-20 23:44 . 2009-10-29 07:46 78336 c:\windows\ie7updates\KB978207-IE7\ieencode.dll
+ 2010-03-20 23:44 . 2009-10-28 14:36 70656 c:\windows\ie7updates\KB978207-IE7\ie4uinit.exe
+ 2010-03-20 23:44 . 2009-10-29 07:46 63488 c:\windows\ie7updates\KB978207-IE7\icardie.dll
+ 2010-03-20 23:44 . 2009-10-29 07:46 17408 c:\windows\ie7updates\KB978207-IE7\corpol.dll
+ 2010-01-11 01:15 . 2009-04-29 04:56 44544 c:\windows\ie7updates\KB976325-IE7\pngfilt.dll
+ 2010-01-11 01:15 . 2009-04-29 04:55 52224 c:\windows\ie7updates\KB976325-IE7\msfeedsbs.dll
+ 2010-01-11 01:15 . 2009-04-29 04:55 27648 c:\windows\ie7updates\KB976325-IE7\jsproxy.dll
+ 2010-01-11 01:15 . 2009-04-28 09:05 13824 c:\windows\ie7updates\KB976325-IE7\ieudinit.exe
+ 2010-01-11 01:15 . 2009-04-29 04:55 44544 c:\windows\ie7updates\KB976325-IE7\iernonce.dll
+ 2010-01-11 01:15 . 2009-04-29 04:55 78336 c:\windows\ie7updates\KB976325-IE7\ieencode.dll
+ 2010-01-11 01:15 . 2009-04-28 09:05 70656 c:\windows\ie7updates\KB976325-IE7\ie4uinit.exe
+ 2010-01-11 01:15 . 2009-04-29 04:55 63488 c:\windows\ie7updates\KB976325-IE7\icardie.dll
+ 2010-01-11 01:15 . 2008-04-14 00:11 35328 c:\windows\ie7updates\KB976325-IE7\corpol.dll
+ 2010-01-11 01:14 . 2010-01-11 01:14 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_bb845ffa\System.Drawing.Design.dll
+ 2010-01-11 01:14 . 2010-01-11 01:14 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_c7315fc3\CustomMarshalers.dll
+ 2010-01-11 01:24 . 2010-01-11 01:24 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll
+ 2010-01-11 01:32 . 2010-01-11 01:32 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll
+ 2010-01-11 01:32 . 2010-01-11 01:32 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll
+ 2010-01-11 01:22 . 2010-01-11 01:22 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3dd0f86c966c75755d62eab8ddf0634c\PresentationFontCache.ni.exe
+ 2010-01-11 01:20 . 2010-01-11 01:20 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\034d081fe294bab1ee1ecc98c1181424\PresentationCFFRasterizer.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\2f6d26933767848fd267b84b8b3b0cb3\Microsoft.WSMan.Runtime.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\fa5d088b15e4d4f0b8173008fbad39ea\Microsoft.WSMan.Management.resources.ni.dll
+ 2010-01-11 01:31 . 2010-01-11 01:31 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30 38912 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\bf5726c79172ad8a45a7114f1b8f3f7e\Microsoft.PowerShell.ConsoleHost.resources.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30 67072 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\9b2a698e603d1cf0d19c083dc39d1d7b\Microsoft.PowerShell.Editor.resources.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30 18432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\735a4719bea85fe8b3a54207a95bfcf5\Microsoft.PowerShell.Commands.Diagnostics.resources.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30 45568 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\3299617d786b1277c3664ad5ae0d2a42\Microsoft.PowerShell.Commands.Utility.resources.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30 36352 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\2f71f3e6224fe2adf9dd89efc712e4a4\Microsoft.PowerShell.GPowerShell.resources.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30 24576 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\28aad9ce73d578cbd57efb27966ac255\Microsoft.PowerShell.GraphicalHost.resources.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30 16896 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\2601faa66db9e2db95ca019fd9e4000e\Microsoft.PowerShell.Security.resources.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30 31744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\206fb781bef989ee10d70a16f69b0d95\Microsoft.PowerShell.Commands.Management.resources.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30 91648 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Backgroun#\84511052318cb515e2939c9f18160ad3\Microsoft.BackgroundIntelligentTransfer.Management.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30 14848 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Backgroun#\6646d2130f7d86a7183a55745dfaf1cb\Microsoft.BackgroundIntelligentTransfer.Management.resources.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe
+ 2010-01-11 01:29 . 2010-01-11 01:29 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll
- 2009-06-08 19:08 . 2009-06-08 19:08 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-06-08 19:08 . 2009-06-08 19:08 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-06-08 19:08 . 2009-06-08 19:08 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-01-11 01:13 . 2010-01-11 01:13 13824 c:\windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-06-08 19:08 . 2009-06-08 19:08 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-06-08 19:08 . 2009-06-08 19:08 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-06-08 19:08 . 2009-06-08 19:08 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-01-11 01:13 . 2010-01-11 01:13 69632 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
+ 2010-01-11 01:13 . 2010-01-11 01:13 16896 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.GraphicalHost.resources.dll
+ 2010-01-11 01:13 . 2010-01-11 01:13 40960 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.GPowerShell.resources.dll
+ 2010-01-11 01:13 . 2010-01-11 01:13 69632 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Editor.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Editor.resources.dll
+ 2010-01-11 01:13 . 2010-01-11 01:13 40960 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.resources.dll
+ 2010-01-11 01:13 . 2010-01-11 01:13 49152 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.resources.dll
+ 2010-01-11 01:13 . 2010-01-11 01:13 36864 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.resources.dll
+ 2010-01-11 01:13 . 2010-01-11 01:13 10752 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.resources.dll
- 2009-06-08 19:08 . 2009-06-08 19:08 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-06-08 19:08 . 2009-06-08 19:08 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-01-11 01:13 . 2010-01-11 01:13 57344 c:\windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll
- 2009-06-08 19:08 . 2009-06-08 19:08 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-06-08 19:08 . 2009-06-08 19:08 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-06-08 19:08 . 2009-06-08 19:08 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-06-08 19:08 . 2009-06-08 19:08 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-06-08 19:08 . 2009-06-08 19:08 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-01-11 01:17 . 2008-04-14 00:12 60416 c:\windows\$NtUninstallKB976098-v2$\tzchange.exe
+ 2010-01-11 01:17 . 2009-10-29 02:03 16896 c:\windows\$NtUninstallKB976098-v2$\spuninst\tzchange.dll
+ 2010-01-11 01:16 . 2008-04-14 00:11 57344 c:\windows\$NtUninstallKB974571$\msasn1.dll
+ 2010-01-11 01:17 . 2008-04-14 00:12 79872 c:\windows\$NtUninstallKB974318$\raschap.dll
+ 2010-01-11 01:14 . 2004-08-04 12:00 16896 c:\windows\$NtUninstallKB971513$\oleaccrc.dll
+ 2010-01-11 01:17 . 2008-04-14 00:12 53248 c:\windows\$NtUninstallKB969084$\tsgqec.dll
+ 2010-01-11 01:15 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB976325-IE7\update\spcustom.dll
+ 2010-01-11 01:15 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB976325-IE7\spmsg.dll
+ 2010-01-04 16:12 . 2009-10-29 07:45 44544 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\pngfilt.dll
+ 2010-01-04 16:12 . 2009-10-29 07:45 52224 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\msfeedsbs.dll
+ 2010-01-04 16:12 . 2009-10-29 07:45 27648 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\jsproxy.dll
+ 2010-01-04 16:12 . 2009-10-28 14:05 13824 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieudinit.exe
+ 2010-01-04 16:12 . 2009-10-29 07:45 44544 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\iernonce.dll
+ 2010-01-04 16:12 . 2009-10-29 07:45 78336 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieencode.dll
+ 2010-01-04 16:12 . 2009-10-28 14:05 70656 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ie4uinit.exe
+ 2010-01-04 16:12 . 2009-10-29 07:45 63488 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\icardie.dll
+ 2010-01-04 16:12 . 2009-10-29 07:45 17408 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\corpol.dll
+ 2010-01-11 01:16 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB975025\update\spcustom.dll
+ 2010-01-11 01:16 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB975025\spmsg.dll
+ 2010-01-11 01:16 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974571\update\spcustom.dll
+ 2010-01-11 01:16 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974571\spmsg.dll
+ 2010-01-04 16:14 . 2009-09-04 20:57 58880 c:\windows\$hf_mig$\KB974571\SP3QFE\msasn1.dll
+ 2010-01-11 01:14 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974392\update\spcustom.dll
+ 2010-01-11 01:14 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974392\spmsg.dll
+ 2010-01-11 01:17 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974318\update\spcustom.dll
+ 2010-01-11 01:17 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974318\spmsg.dll
+ 2010-01-04 16:17 . 2009-10-12 13:28 79872 c:\windows\$hf_mig$\KB974318\SP3QFE\raschap.dll
+ 2010-01-11 01:16 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974112\update\spcustom.dll
+ 2010-01-11 01:16 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974112\spmsg.dll
+ 2010-01-11 01:15 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973904\update\spcustom.dll
+ 2010-01-11 01:15 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973904\spmsg.dll
+ 2010-01-11 01:16 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB973687\update\spcustom.dll
+ 2010-01-11 01:16 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB973687\spmsg.dll
+ 2010-01-11 01:12 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973525\update\spcustom.dll
+ 2010-01-11 01:12 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973525\spmsg.dll
+ 2010-01-11 01:10 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB971961\update\spcustom.dll
+ 2010-01-11 01:10 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB971961\spmsg.dll
+ 2010-01-11 01:12 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB971486\update\spcustom.dll
+ 2010-01-11 01:12 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB971486\spmsg.dll
+ 2010-01-11 01:10 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB969947\update\spcustom.dll
+ 2010-01-11 01:10 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB969947\spmsg.dll
+ 2010-01-11 01:17 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB969059\update\spcustom.dll
+ 2010-01-11 01:17 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB969059\spmsg.dll
+ 2010-01-11 01:16 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB956844\update\spcustom.dll
+ 2010-01-11 01:16 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB956844\spmsg.dll
+ 2010-01-11 01:17 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB955759\update\spcustom.dll
+ 2010-01-11 01:17 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB955759\spmsg.dll
+ 2009-10-09 22:57 . 2009-10-09 22:57 20480 c:\windows\$968930Uinstall_KB968930$\PSCustomSetupUtil.exe
+ 2010-01-11 01:19 . 2010-01-11 01:19 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2009-06-08 19:08 . 2009-06-08 19:08 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-10-09 22:56 . 2009-10-09 22:56 2048 c:\windows\system32\winrsmgr.dll
+ 2009-10-10 00:23 . 2009-10-10 00:23 4608 c:\windows\system32\WindowsPowerShell\v1.0\pwrshmsg.dll
+ 2009-10-10 00:23 . 2009-10-10 00:23 4096 c:\windows\system32\WindowsPowerShell\v1.0\powershell_ise.resources.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-06-08 19:08 . 2009-06-08 19:08 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-01-11 01:13 . 2010-01-11 01:13 7168 c:\windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-06-08 19:08 . 2009-06-08 19:08 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-01-11 01:13 . 2010-01-11 01:13 9216 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Security.resources.dll
+ 2010-01-11 01:13 . 2010-01-11 01:13 7168 c:\windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.resources.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-06-08 19:08 . 2009-06-08 19:08 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-06-08 19:08 . 2009-06-08 19:08 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-10-09 22:56 . 2009-10-09 22:56 9216 c:\windows\$968930Uinstall_KB968930$\PSSetupNativeUtils.exe

stevo90277
Novice
Novice

Status :
Online
Offline

Posts : 23
Joined : 2009-10-23
OS : Windows XP

View user profile

Back to top Go down

Re: I caught a virus, goes by av.exe in the TM

Post by stevo90277 on Fri Apr 16, 2010 6:46 pm

combofix log 2/3
Code:

- 2009-06-08 19:08 . 2009-06-08 19:08   113664              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19   113664              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-06-08 19:08 . 2009-06-08 19:08   258048              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19   258048              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2006-04-28 14:38 . 2009-08-07 03:24   209632              c:\windows\system32\wuweb.dll
+ 2006-04-28 14:38 . 2009-08-07 03:24   327896              c:\windows\system32\wucltui.dll
+ 2006-04-28 14:38 . 2009-08-07 03:23   575704              c:\windows\system32\wuapi.dll
+ 2009-10-09 22:56 . 2009-10-09 22:56   209408              c:\windows\system32\WsmWmiPl.dll
+ 2009-10-10 00:22 . 2009-10-10 00:22   368640              c:\windows\system32\WsmRes.dll
+ 2009-10-09 22:56 . 2009-10-09 22:56   139776              c:\windows\system32\WsmAuto.dll
+ 2009-10-09 22:56 . 2009-10-09 22:56   225280              c:\windows\system32\wsmanhttpconfig.exe
+ 2004-08-04 12:00 . 2009-04-02 07:02   604160              c:\windows\system32\wmspdmod.dll
+ 2009-10-19 21:06 . 2009-10-19 21:06   223232              c:\windows\system32\wksprt.exe
+ 2009-10-09 22:56 . 2009-10-09 22:56   233984              c:\windows\system32\winrscmd.dll
+ 2009-08-01 07:27 . 2009-08-01 07:27   201184              c:\windows\system32\winrm.vbs
+ 2004-08-04 12:00 . 2010-01-05 10:00   832512              c:\windows\system32\wininet.dll
+ 2009-10-10 00:23 . 2009-10-10 00:23   148480              c:\windows\system32\WindowsPowerShell\v1.0\pspluginwkr.dll
+ 2009-10-09 22:57 . 2009-10-09 22:57   204800              c:\windows\system32\WindowsPowerShell\v1.0\powershell_ise.exe
+ 2009-10-09 22:56 . 2009-10-09 22:56   448000              c:\windows\system32\WindowsPowerShell\v1.0\powershell.exe
+ 2009-10-09 22:57 . 2009-10-09 22:57   112640              c:\windows\system32\WindowsPowerShell\v1.0\Modules\BitsTransfer\microsoft.backgroundintelligenttransfer.management.interop.dll
+ 2009-07-16 18:22 . 2009-07-16 18:22   126976              c:\windows\system32\WindowsPowerShell\v1.0\CompiledComposition.Microsoft.PowerShell.GPowerShell.dll
+ 2009-10-10 00:23 . 2009-10-10 00:23   178176              c:\windows\system32\wevtfwd.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00   233472              c:\windows\system32\webcheck.dll
- 2004-08-04 12:00 . 2009-04-29 04:56   233472              c:\windows\system32\webcheck.dll
+ 2007-01-29 14:20 . 2007-01-29 14:20   144800              c:\windows\system32\VMNetSrv.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00   105984              c:\windows\system32\url.dll
- 2004-08-04 12:00 . 2009-04-29 04:56   105984              c:\windows\system32\url.dll
+ 2008-07-30 02:59 . 2009-10-08 22:57   611328              c:\windows\system32\uiautomationcore.dll
- 2004-08-04 12:00 . 2009-06-16 14:36   119808              c:\windows\system32\t2embed.dll
+ 2004-08-04 12:00 . 2009-10-15 16:28   119808              c:\windows\system32\t2embed.dll
- 2004-08-04 12:00 . 2008-10-03 10:02   247326              c:\windows\system32\strmdll.dll
+ 2004-08-04 12:00 . 2009-08-26 08:00   247326              c:\windows\system32\strmdll.dll
+ 2008-03-07 21:00 . 2007-06-22 15:35   106496              c:\windows\system32\spool\drivers\w32x86\3\xxwmv7.dll
+ 2008-03-07 21:00 . 2007-06-22 15:35   217600              c:\windows\system32\spool\drivers\w32x86\3\xxuiv7.dll
+ 2008-03-07 21:00 . 2007-06-22 15:35   114688              c:\windows\system32\spool\drivers\w32x86\3\xxpclrv7.dll
+ 2007-04-26 20:38 . 2007-04-26 21:38   311296              c:\windows\system32\spool\drivers\w32x86\3\XNETSNMP.DLL
+ 2007-04-26 20:37 . 2007-04-26 21:37   101376              c:\windows\system32\spool\drivers\w32x86\3\XMODELS.DLL
+ 2007-04-26 20:40 . 2007-04-26 21:40   483328              c:\windows\system32\spool\drivers\w32x86\3\XBDSTAT.EXE
+ 2007-04-26 20:38 . 2007-04-26 21:38   106496              c:\windows\system32\spool\drivers\w32x86\3\XBDSNMP.DLL
+ 2008-03-07 21:00 . 2007-06-22 15:39   207872              c:\windows\system32\spool\drivers\w32x86\3\pclxl.dll
+ 2004-12-15 15:19 . 2004-12-15 16:19   831488              c:\windows\system32\spool\drivers\w32x86\3\LIBEAY32.DLL
+ 2004-08-04 12:00 . 2009-12-08 09:23   474112              c:\windows\system32\shlwapi.dll
- 2004-08-04 12:00 . 2008-04-14 00:12   474112              c:\windows\system32\shlwapi.dll
+ 2004-08-04 12:00 . 2009-10-12 13:38   149504              c:\windows\system32\rastls.dll
+ 2004-08-04 12:00 . 2009-10-08 22:57   220160              c:\windows\system32\oleacc.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00   102912              c:\windows\system32\occache.dll
- 2004-08-04 12:00 . 2009-04-29 04:56   102912              c:\windows\system32\occache.dll
+ 2004-08-04 12:00 . 2009-10-13 10:30   270336              c:\windows\system32\oakley.dll
- 2004-08-04 12:00 . 2008-04-14 00:12   270336              c:\windows\system32\oakley.dll
- 2004-08-04 12:00 . 2009-04-29 04:56   671232              c:\windows\system32\mstime.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00   671232              c:\windows\system32\mstime.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00   193024              c:\windows\system32\msrating.dll
- 2004-08-04 12:00 . 2009-04-29 04:56   193024              c:\windows\system32\msrating.dll
+ 2006-04-28 14:37 . 2009-12-16 18:43   343040              c:\windows\system32\mspaint.exe
- 2006-04-28 14:37 . 2008-04-14 00:12   343040              c:\windows\system32\mspaint.exe
- 2004-08-04 12:00 . 2009-04-29 04:56   477696              c:\windows\system32\mshtmled.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00   477696              c:\windows\system32\mshtmled.dll
- 2007-08-13 22:54 . 2009-04-29 04:55   459264              c:\windows\system32\msfeeds.dll
+ 2007-08-13 22:54 . 2010-01-05 10:00   459264              c:\windows\system32\msfeeds.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21   257440              c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2010-01-27 00:58 . 2010-01-27 00:58   256280              c:\windows\system32\Macromed\Flash\FlashUtil10e.exe
- 2004-08-04 12:00 . 2008-05-09 10:53   512000              c:\windows\system32\jscript.dll
+ 2004-08-04 12:00 . 2009-08-13 15:16   512000              c:\windows\system32\jscript.dll
+ 2010-01-27 05:15 . 2009-05-04 22:16   131174              c:\windows\system32\javaws.exe
+ 2009-07-28 16:37 . 2010-04-15 06:18   226013              c:\windows\system32\inetsrv\MetaBase.bin
- 2007-08-13 22:34 . 2009-04-29 04:55   268288              c:\windows\system32\iertutil.dll
+ 2007-08-13 22:34 . 2010-01-05 10:00   268288              c:\windows\system32\iertutil.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00   192512              c:\windows\system32\iepeers.dll
- 2004-08-04 12:00 . 2009-04-29 04:55   385024              c:\windows\system32\iedkcs32.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00   385024              c:\windows\system32\iedkcs32.dll
+ 2007-07-11 16:27 . 2010-01-05 10:00   380928              c:\windows\system32\ieapfltr.dll
+ 2004-08-04 12:00 . 2009-12-18 13:04   161792              c:\windows\system32\ieakui.dll
- 2004-08-04 12:00 . 2009-04-25 05:26   161792              c:\windows\system32\ieakui.dll
- 2004-08-04 12:00 . 2009-04-29 04:55   230400              c:\windows\system32\ieaksie.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00   230400              c:\windows\system32\ieaksie.dll
- 2004-08-04 12:00 . 2009-04-29 04:55   153088              c:\windows\system32\ieakeng.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00   153088              c:\windows\system32\ieakeng.dll
+ 2009-08-11 01:31 . 2009-08-11 01:31   633344              c:\windows\system32\gpprefcl.dll
- 2006-04-28 10:33 . 2009-08-06 15:38   271784              c:\windows\system32\FNTCACHE.DAT
+ 2006-04-28 10:33 . 2010-01-11 01:21   271784              c:\windows\system32\FNTCACHE.DAT
+ 2004-08-04 12:00 . 2010-01-05 10:00   133120              c:\windows\system32\extmgr.dll
- 2004-08-04 12:00 . 2009-04-29 04:55   133120              c:\windows\system32\extmgr.dll
- 2004-08-04 12:00 . 2009-04-29 04:55   214528              c:\windows\system32\dxtrans.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00   214528              c:\windows\system32\dxtrans.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00   347136              c:\windows\system32\dxtmsft.dll
- 2004-08-04 12:00 . 2009-04-29 04:55   347136              c:\windows\system32\dxtmsft.dll
+ 2010-01-11 01:10 . 2010-01-11 01:10   229208              c:\windows\system32\drivers\VMM.sys
+ 2004-08-04 12:00 . 2009-12-31 16:50   353792              c:\windows\system32\drivers\srv.sys
+ 2004-08-04 12:00 . 2009-12-04 18:22   455424              c:\windows\system32\drivers\mrxsmb.sys
+ 2006-04-28 14:38 . 2009-08-07 03:24   209632              c:\windows\system32\dllcache\wuweb.dll
+ 2006-04-28 14:38 . 2009-08-07 03:24   327896              c:\windows\system32\dllcache\wucltui.dll
+ 2006-04-28 14:38 . 2009-08-07 03:23   575704              c:\windows\system32\dllcache\wuapi.dll
+ 2004-08-04 12:00 . 2009-04-02 07:02   604160              c:\windows\system32\dllcache\wmspdmod.dll
+ 2009-10-19 21:06 . 2009-10-19 21:06   223232              c:\windows\system32\dllcache\wksprt.exe
+ 2004-08-04 12:00 . 2010-01-05 10:00   832512              c:\windows\system32\dllcache\wininet.dll
- 2004-08-04 12:00 . 2009-04-29 04:56   233472              c:\windows\system32\dllcache\webcheck.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00   233472              c:\windows\system32\dllcache\webcheck.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00   105984              c:\windows\system32\dllcache\url.dll
- 2004-08-04 12:00 . 2009-04-29 04:56   105984              c:\windows\system32\dllcache\url.dll
+ 2010-01-04 16:15 . 2009-06-21 21:44   153088              c:\windows\system32\dllcache\triedit.dll
- 2008-06-29 05:23 . 2009-06-16 14:36   119808              c:\windows\system32\dllcache\t2embed.dll
+ 2008-06-29 05:23 . 2009-10-15 16:28   119808              c:\windows\system32\dllcache\t2embed.dll
+ 2004-08-04 12:00 . 2009-08-26 08:00   247326              c:\windows\system32\dllcache\strmdll.dll
- 2004-08-04 12:00 . 2008-10-03 10:02   247326              c:\windows\system32\dllcache\strmdll.dll
+ 2009-06-08 18:38 . 2009-12-31 16:50   353792              c:\windows\system32\dllcache\srv.sys
+ 2010-01-04 16:17 . 2009-10-12 13:38   149504              c:\windows\system32\dllcache\rastls.dll
+ 2004-08-04 12:00 . 2009-10-08 22:57   220160              c:\windows\system32\dllcache\oleacc.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00   102912              c:\windows\system32\dllcache\occache.dll
- 2004-08-04 12:00 . 2009-04-29 04:56   102912              c:\windows\system32\dllcache\occache.dll
+ 2010-01-04 16:11 . 2009-10-13 10:30   270336              c:\windows\system32\dllcache\oakley.dll
- 2004-08-04 12:00 . 2009-04-29 04:56   671232              c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00   671232              c:\windows\system32\dllcache\mstime.dll
- 2004-08-04 12:00 . 2009-04-29 04:56   193024              c:\windows\system32\dllcache\msrating.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00   193024              c:\windows\system32\dllcache\msrating.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00   477696              c:\windows\system32\dllcache\mshtmled.dll
- 2004-08-04 12:00 . 2009-04-29 04:56   477696              c:\windows\system32\dllcache\mshtmled.dll
- 2008-09-12 16:44 . 2009-04-29 04:55   459264              c:\windows\system32\dllcache\msfeeds.dll
+ 2008-09-12 16:44 . 2010-01-05 10:00   459264              c:\windows\system32\dllcache\msfeeds.dll
+ 2009-06-08 18:38 . 2009-12-04 18:22   455424              c:\windows\system32\dllcache\mrxsmb.sys
+ 2008-06-29 05:25 . 2009-08-13 15:16   512000              c:\windows\system32\dllcache\jscript.dll
- 2008-06-29 05:25 . 2008-05-09 10:53   512000              c:\windows\system32\dllcache\jscript.dll
+ 2006-04-28 14:37 . 2009-12-18 13:05   634648              c:\windows\system32\dllcache\iexplore.exe
- 2008-09-12 16:44 . 2009-04-29 04:55   268288              c:\windows\system32\dllcache\iertutil.dll
+ 2008-09-12 16:44 . 2010-01-05 10:00   268288              c:\windows\system32\dllcache\iertutil.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00   192512              c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00   385024              c:\windows\system32\dllcache\iedkcs32.dll
- 2004-08-04 12:00 . 2009-04-29 04:55   385024              c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-09-12 16:44 . 2010-01-05 10:00   380928              c:\windows\system32\dllcache\ieapfltr.dll
+ 2004-08-04 12:00 . 2009-12-18 13:04   161792              c:\windows\system32\dllcache\ieakui.dll
- 2004-08-04 12:00 . 2009-04-25 05:26   161792              c:\windows\system32\dllcache\ieakui.dll
- 2004-08-04 12:00 . 2009-04-29 04:55   230400              c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00   230400              c:\windows\system32\dllcache\ieaksie.dll
- 2004-08-04 12:00 . 2009-04-29 04:55   153088              c:\windows\system32\dllcache\ieakeng.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00   153088              c:\windows\system32\dllcache\ieakeng.dll
- 2004-08-04 12:00 . 2009-04-29 04:55   133120              c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00   133120              c:\windows\system32\dllcache\extmgr.dll
- 2004-08-04 12:00 . 2009-04-29 04:55   214528              c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00   214528              c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-04 12:00 . 2009-04-29 04:55   347136              c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00   347136              c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-04 12:00 . 2009-04-29 04:55   124928              c:\windows\system32\dllcache\advpack.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00   124928              c:\windows\system32\dllcache\advpack.dll
+ 2010-01-04 16:17 . 2009-11-21 15:51   471552              c:\windows\system32\dllcache\aclayers.dll
+ 2009-10-19 21:06 . 2009-10-19 21:06   130560              c:\windows\system32\dllcache\aaclient.dll
+ 2010-02-11 05:10 . 2007-12-27 01:30   679936              c:\windows\system32\D3DX81ab.dll
- 2009-10-13 04:05 . 2007-12-27 00:30   679936              c:\windows\system32\D3DX81ab.dll
- 2004-08-04 12:00 . 2009-04-29 04:55   124928              c:\windows\system32\advpack.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00   124928              c:\windows\system32\advpack.dll
+ 2008-09-11 16:45 . 2009-10-19 21:06   130560              c:\windows\system32\aaclient.dll
+ 2009-08-08 07:51 . 2009-08-08 07:51   989016              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-05-28 08:49 . 2008-05-28 08:49   102400              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-14 03:58 . 2007-04-14 03:58   102400              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-14 03:56 . 2007-04-14 03:56   315392              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2008-05-28 08:48 . 2008-05-28 08:48   315392              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2007-04-14 04:30 . 2007-04-14 04:30   258048              c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2008-05-28 09:30 . 2008-05-28 09:30   258048              c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2009-12-28 21:16 . 2009-12-28 21:16   833536              c:\windows\Installer\63dee9.msi
+ 2010-01-13 06:54 . 2010-01-13 06:54   934400              c:\windows\Installer\5873a02.msi
+ 2010-01-12 13:51 . 2010-01-12 13:51   874496              c:\windows\Installer\1e0be30.msi
+ 2010-01-11 01:10 . 2010-01-11 01:10   429568              c:\windows\Installer\198dd06f.msi
+ 2010-01-27 05:14 . 2010-01-27 05:14   967168              c:\windows\Installer\125e8461.msi
+ 2009-08-06 15:29 . 2010-03-20 23:43   888080              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-08-06 15:29 . 2009-08-06 16:21   888080              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-08-06 15:29 . 2009-08-06 16:21   272648              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-08-06 15:29 . 2010-03-20 23:43   272648              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-08-06 15:29 . 2010-03-20 23:43   922384              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2009-08-06 15:29 . 2009-08-06 16:21   922384              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-08-06 15:29 . 2010-03-20 23:43   845584              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2009-08-06 15:29 . 2009-08-06 16:21   845584              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-08-06 15:29 . 2010-03-20 23:43   217864              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2009-08-06 15:29 . 2009-08-06 16:21   217864              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2009-08-06 15:29 . 2010-03-20 23:43   159504              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2009-08-06 15:29 . 2009-08-06 16:21   159504              c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-08-06 15:31 . 2009-08-06 15:31   120408              c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6215\IPOMINT.DLL
+ 2010-03-20 23:44 . 2009-10-29 07:46   832512              c:\windows\ie7updates\KB978207-IE7\wininet.dll
+ 2010-03-20 23:44 . 2009-10-29 07:46   233472              c:\windows\ie7updates\KB978207-IE7\webcheck.dll
+ 2010-03-20 23:44 . 2009-10-29 07:46   105984              c:\windows\ie7updates\KB978207-IE7\url.dll
+ 2010-03-20 23:44 . 2009-05-26 11:40   382840              c:\windows\ie7updates\KB978207-IE7\spuninst\updspapi.dll
+ 2010-03-20 23:44 . 2009-05-26 11:40   231288              c:\windows\ie7updates\KB978207-IE7\spuninst\spuninst.exe
+ 2010-03-20 23:44 . 2009-10-29 07:46   102912              c:\windows\ie7updates\KB978207-IE7\occache.dll
+ 2010-03-20 23:44 . 2009-10-29 07:46   671232              c:\windows\ie7updates\KB978207-IE7\mstime.dll
+ 2010-03-20 23:44 . 2009-10-29 07:46   193024              c:\windows\ie7updates\KB978207-IE7\msrating.dll
+ 2010-03-20 23:44 . 2009-10-29 07:46   477696              c:\windows\ie7updates\KB978207-IE7\mshtmled.dll
+ 2010-03-20 23:44 . 2009-10-29 07:46   459264              c:\windows\ie7updates\KB978207-IE7\msfeeds.dll
+ 2010-03-20 23:44 . 2009-10-28 06:54   634632              c:\windows\ie7updates\KB978207-IE7\iexplore.exe
+ 2010-03-20 23:44 . 2009-10-29 07:46   268288              c:\windows\ie7updates\KB978207-IE7\iertutil.dll
+ 2010-03-20 23:44 . 2007-08-13 22:54   191488              c:\windows\ie7updates\KB978207-IE7\iepeers.dll
+ 2010-03-20 23:44 . 2009-10-29 07:46   385024              c:\windows\ie7updates\KB978207-IE7\iedkcs32.dll
+ 2010-03-20 23:44 . 2009-10-29 07:46   380928              c:\windows\ie7updates\KB978207-IE7\ieapfltr.dll
+ 2010-03-20 23:44 . 2009-10-28 06:52   161792              c:\windows\ie7updates\KB978207-IE7\ieakui.dll
+ 2010-03-20 23:44 . 2009-10-29 07:46   230400              c:\windows\ie7updates\KB978207-IE7\ieaksie.dll
+ 2010-03-20 23:44 . 2009-10-29 07:46   153088              c:\windows\ie7updates\KB978207-IE7\ieakeng.dll
+ 2010-03-20 23:44 . 2009-10-29 07:46   133120              c:\windows\ie7updates\KB978207-IE7\extmgr.dll
+ 2010-03-20 23:44 . 2009-10-29 07:46   214528              c:\windows\ie7updates\KB978207-IE7\dxtrans.dll
+ 2010-03-20 23:44 . 2009-10-29 07:46   347136              c:\windows\ie7updates\KB978207-IE7\dxtmsft.dll
+ 2010-03-20 23:44 . 2009-10-29 07:46   124928              c:\windows\ie7updates\KB978207-IE7\advpack.dll
+ 2010-01-11 01:15 . 2009-04-29 04:56   827392              c:\windows\ie7updates\KB976325-IE7\wininet.dll
+ 2010-01-11 01:15 . 2009-04-29 04:56   233472              c:\windows\ie7updates\KB976325-IE7\webcheck.dll
+ 2010-01-11 01:15 . 2009-04-29 04:56   105984              c:\windows\ie7updates\KB976325-IE7\url.dll
+ 2010-01-11 01:15 . 2009-05-26 11:40   382840              c:\windows\ie7updates\KB976325-IE7\spuninst\updspapi.dll
+ 2010-01-11 01:15 . 2009-05-26 11:40   231288              c:\windows\ie7updates\KB976325-IE7\spuninst\spuninst.exe
+ 2010-01-11 01:15 . 2009-04-29 04:56   102912              c:\windows\ie7updates\KB976325-IE7\occache.dll
+ 2010-01-11 01:15 . 2009-04-29 04:56   671232              c:\windows\ie7updates\KB976325-IE7\mstime.dll
+ 2010-01-11 01:15 . 2009-04-29 04:56   193024              c:\windows\ie7updates\KB976325-IE7\msrating.dll
+ 2010-01-11 01:15 . 2009-04-29 04:56   477696              c:\windows\ie7updates\KB976325-IE7\mshtmled.dll
+ 2010-01-11 01:15 . 2009-04-29 04:55   459264              c:\windows\ie7updates\KB976325-IE7\msfeeds.dll
+ 2010-01-11 01:15 . 2009-04-25 05:27   636088              c:\windows\ie7updates\KB976325-IE7\iexplore.exe
+ 2010-01-11 01:15 . 2009-04-29 04:55   268288              c:\windows\ie7updates\KB976325-IE7\iertutil.dll
+ 2010-01-11 01:15 . 2009-04-29 04:55   385024              c:\windows\ie7updates\KB976325-IE7\iedkcs32.dll
+ 2010-01-11 01:15 . 2009-04-29 04:55   383488              c:\windows\ie7updates\KB976325-IE7\ieapfltr.dll
+ 2010-01-11 01:15 . 2009-04-25 05:26   161792              c:\windows\ie7updates\KB976325-IE7\ieakui.dll
+ 2010-01-11 01:15 . 2009-04-29 04:55   230400              c:\windows\ie7updates\KB976325-IE7\ieaksie.dll
+ 2010-01-11 01:15 . 2009-04-29 04:55   153088              c:\windows\ie7updates\KB976325-IE7\ieakeng.dll
+ 2010-01-11 01:15 . 2009-04-29 04:55   133120              c:\windows\ie7updates\KB976325-IE7\extmgr.dll
+ 2010-01-11 01:15 . 2009-04-29 04:55   214528              c:\windows\ie7updates\KB976325-IE7\dxtrans.dll
+ 2010-01-11 01:15 . 2009-04-29 04:55   347136              c:\windows\ie7updates\KB976325-IE7\dxtmsft.dll
+ 2010-01-11 01:15 . 2009-04-29 04:55   124928              c:\windows\ie7updates\KB976325-IE7\advpack.dll
+ 2009-06-08 18:38 . 2009-12-04 18:22   455424              c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2006-09-11 09:40 . 2008-10-24 17:14   488736              c:\windows\Downloaded Program Files\isusweb.dll
+ 2010-01-11 01:14 . 2010-01-11 01:14   835584              c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_9d1988ce\System.Drawing.dll
+ 2010-01-11 01:14 . 2010-01-11 01:14   192512              c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_6feee519\System.Drawing.Design.dll
+ 2010-01-11 01:14 . 2010-01-11 01:14   118784              c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_7764031e\CustomMarshalers.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30   321536              c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e2098e43d115155d6ba91ba3a7e577cf\WsatConfig.ni.exe
+ 2010-01-11 01:24 . 2010-01-11 01:24   240128              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc207f927cbbd6dfc9dc0c3eae68\WindowsFormsIntegration.ni.dll
+ 2010-01-11 01:24 . 2010-01-11 01:24   187904              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll
+ 2010-01-11 01:24 . 2010-01-11 01:24   447488              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf25609b704061a93500efa6f241d\UIAutomationClient.ni.dll
+ 2010-01-11 01:32 . 2010-01-11 01:32   400896              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll
+ 2010-01-11 01:32 . 2010-01-11 01:32   129536              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll
+ 2010-01-11 01:32 . 2010-01-11 01:32   202240              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll
+ 2010-01-11 01:32 . 2010-01-11 01:32   859648              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll
+ 2010-01-11 01:32 . 2010-01-11 01:32   328704              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll
+ 2010-01-11 01:32 . 2010-01-11 01:32   301056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll
+ 2010-01-11 01:32 . 2010-01-11 01:32   547328              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll
+ 2010-01-11 01:32 . 2010-01-11 01:32   141312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll
+ 2010-01-11 01:31 . 2010-01-11 01:31   627200              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll
+ 2010-01-11 01:31 . 2010-01-11 01:31   212992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30   676352              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll
+ 2010-01-11 01:31 . 2010-01-11 01:31   311296              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-01-11 01:31 . 2010-01-11 01:31   621056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll
+ 2010-01-11 01:31 . 2010-01-11 01:31   998400              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll
+ 2010-01-11 01:31 . 2010-01-11 01:31   330752              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll
+ 2010-01-11 01:31 . 2010-01-11 01:31   250368              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\6b73bd61cf54e258356314dedd7c7755\System.Management.Automation.resources.ni.dll
+ 2010-01-11 01:29 . 2010-01-11 01:29   381440              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll
+ 2010-01-11 01:29 . 2010-01-11 01:29   212992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll
+ 2010-01-11 01:31 . 2010-01-11 01:31   280064              c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll
+ 2010-01-11 01:31 . 2010-01-11 01:31   627712              c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll
+ 2010-01-11 01:23 . 2010-01-11 01:23   208384              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d7208c0fb72ff97429f2636ced321\System.Drawing.Design.ni.dll
+ 2010-01-11 01:31 . 2010-01-11 01:31   881152              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-01-11 01:31 . 2010-01-11 01:31   455680              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll
+ 2010-01-11 01:31 . 2010-01-11 01:31   939008              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll
+ 2010-01-11 01:31 . 2010-01-11 01:31   354816              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll
+ 2010-01-11 01:31 . 2010-01-11 01:31   756736              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30   135680              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30   971264              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll
+ 2010-01-11 01:31 . 2010-01-11 01:31   141312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30   633856              c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30   366080              c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6af32fe5cbec0aa54e2efa6910c73651\SMSvcHost.ni.exe
+ 2010-01-11 01:30 . 2010-01-11 01:30   256000              c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\7602d7687fb9bd21cd9ae60d2b187c99\SMDiagnostics.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30   320512              c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe
+ 2010-01-11 01:23 . 2010-01-11 01:23   258048              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96f74da5fc40b92f09069230bc0df4f0\PresentationFramework.Royale.ni.dll
+ 2010-01-11 01:23 . 2010-01-11 01:23   539648              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bb4d16b042b72c2c85a0f8ac9d48f28\PresentationFramework.Luna.ni.dll
+ 2010-01-11 01:23 . 2010-01-11 01:23   368128              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\30c5c2682d3c5bdaa83bb9a36ee48afa\PresentationFramework.Aero.ni.dll
+ 2010-01-11 01:23 . 2010-01-11 01:23   224768              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07e952efd70f5608e221a008e6231ace\PresentationFramework.Classic.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30   133632              c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe
+ 2010-01-11 01:30 . 2010-01-11 01:30   508928              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\333d4715b7c6e99d2cdba4a3edc65d51\Microsoft.WSMan.Management.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30   386560              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc4d66e0a92b3767006a84f2519d2457\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30   729600              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\c5009f514e6afe56fb257a81bf48ef25\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30   737792              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\86affe3b4a1382114b533ccf7f5f560f\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30   291328              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\861acb15092a21e516d387e7ee7815e6\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30   515584              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\4c3ba58468aeb0315c31705354357c99\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30   156160              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\2529703d3e0d2f9fd06cc0230f2bda3f\Microsoft.PowerShell.Security.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30   144384              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\58ca3ecc52b7246b448c109817198a0b\Microsoft.Build.Utilities.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30   175104              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30   839680              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8c651f75bb741330370986dcad8e9e5b\Microsoft.Build.Engine.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30   222720              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30   220672              c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30   410112              c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a17c65f0cffaa4f792dd38d50df9d526\ComSvcConfig.ni.exe
+ 2010-01-11 01:29 . 2010-01-11 01:29   842240              c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll
- 2009-06-08 19:08 . 2009-06-08 19:08   839680              c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19   839680              c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-06-08 19:08 . 2009-06-08 19:08   835584              c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19   835584              c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19   114688              c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-06-08 19:08 . 2009-06-08 19:08   114688              c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19   258048              c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-06-08 19:08 . 2009-06-08 19:08   258048              c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-06-08 19:08 . 2009-06-08 19:08   131072              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19   131072              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-06-08 19:08 . 2009-06-08 19:08   303104              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19   303104              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19   258048              c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-06-08 19:08 . 2009-06-08 19:08   258048              c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19   372736              c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2009-06-08 19:08 . 2009-06-08 19:08   372736              c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-01-11 01:13 . 2010-01-11 01:13   253952              c:\windows\assembly\GAC_MSIL\System.Management.Automation.resources\1.0.0.0_en_31bf3856ad364e35\System.Management.Automation.resources.dll
- 2009-06-08 19:08 . 2009-06-08 19:08   626688              c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19   626688              c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-06-08 19:08 . 2009-06-08 19:08   401408              c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19   401408              c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-06-08 19:08 . 2009-06-08 19:08   188416              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19   188416              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19   970752              c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-06-08 19:08 . 2009-06-08 19:08   970752              c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-06-08 19:08 . 2009-06-08 19:08   745472              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19   745472              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19   425984              c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-06-08 19:08 . 2009-06-08 19:08   425984              c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-06-08 19:08 . 2009-06-08 19:08   110592              c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19   110592              c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-01-11 01:13 . 2010-01-11 01:13   274432              c:\windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19   659456              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-06-08 19:08 . 2009-06-08 19:08   659456              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-06-08 19:08 . 2009-06-08 19:08   372736              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19   372736              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-06-08 19:08 . 2009-06-08 19:08   110592              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19   110592              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-01-11 01:13 . 2010-01-11 01:13   278528              c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.GraphicalHost.dll
+ 2010-01-11 01:13 . 2010-01-11 01:13   651264              c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.GPowerShell.dll
+ 2010-01-11 01:13 . 2010-01-11 01:13   991232              c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Editor\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Editor.dll
+ 2010-01-11 01:13 . 2010-01-11 01:13   200704              c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
+ 2010-01-11 01:13 . 2010-01-11 01:13   618496              c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
+ 2010-01-11 01:13 . 2010-01-11 01:13   262144              c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
+ 2010-01-11 01:13 . 2010-01-11 01:13   102400              c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
- 2009-06-08 19:08 . 2009-06-08 19:08   749568              c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19   749568              c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-06-08 19:08 . 2009-06-08 19:08   655360              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19   655360              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-06-08 19:08 . 2009-06-08 19:08   348160              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19   348160              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-06-08 19:08 . 2009-06-08 19:08   507904              c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19   507904              c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-06-08 19:08 . 2009-06-08 19:08   261632              c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19   261632              c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19   113664              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-06-08 19:08 . 2009-06-08 19:08   113664              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-06-08 19:08 . 2009-06-08 19:08   258048              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19   258048              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19   486400              c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2009-06-08 19:08 . 2009-06-08 19:08   486400              c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-01-11 01:14 . 2010-01-11 01:14   117144              c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
+ 2004-08-04 12:00 . 2009-11-21 15:51   471552              c:\windows\AppPatch\aclayers.dll
+ 2010-01-11 01:17 . 2009-05-26 11:40   382840              c:\windows\$NtUninstallKB976098-v2$\spuninst\updspapi.dll
+ 2010-01-11 01:17 . 2009-05-26 11:40   231288              c:\windows\$NtUninstallKB976098-v2$\spuninst\spuninst.exe
+ 2010-01-11 01:16 . 2009-05-26 11:40   382840              c:\windows\$NtUninstallKB975025$\spuninst\updspapi.dll
+ 2010-01-11 01:16 . 2009-05-26 11:40   231288              c:\windows\$NtUninstallKB975025$\spuninst\spuninst.exe
+ 2010-01-11 01:16 . 2009-05-26 11:40   382840              c:\windows\$NtUninstallKB974571$\spuninst\updspapi.dll
+ 2010-01-11 01:16 . 2009-05-26 11:40   231288              c:\windows\$NtUninstallKB974571$\spuninst\spuninst.exe
+ 2010-01-11 01:14 . 2009-05-26 11:40   382840              c:\windows\$NtUninstallKB974392$\spuninst\updspapi.dll
+ 2010-01-11 01:14 . 2009-05-26 11:40   231288              c:\windows\$NtUninstallKB974392$\spuninst\spuninst.exe
+ 2010-01-11 01:14 . 2008-04-14 00:12   270336              c:\windows\$NtUninstallKB974392$\oakley.dll
+ 2010-01-11 01:17 . 2009-05-26 11:40   382840              c:\windows\$NtUninstallKB974318$\spuninst\updspapi.dll
+ 2010-01-11 01:17 . 2009-05-26 11:40   231288              c:\windows\$NtUninstallKB974318$\spuninst\spuninst.exe
+ 2010-01-11 01:17 . 2008-04-14 00:12   150016              c:\windows\$NtUninstallKB974318$\rastls.dll
+ 2010-01-11 01:16 . 2008-10-03 10:02   247326              c:\windows\$NtUninstallKB974112$\strmdll.dll
+ 2010-01-11 01:16 . 2009-05-26 11:40   382840              c:\windows\$NtUninstallKB974112$\spuninst\updspapi.dll
+ 2010-01-11 01:16 . 2009-05-26 11:40   231288              c:\windows\$NtUninstallKB974112$\spuninst\spuninst.exe
+ 2010-01-11 01:15 . 2009-05-26 11:40   382840              c:\windows\$NtUninstallKB973904$\spuninst\updspapi.dll
+ 2010-01-11 01:15 . 2009-05-26 11:40   231288              c:\windows\$NtUninstallKB973904$\spuninst\spuninst.exe
+ 2010-01-11 01:16 . 2009-05-26 11:40   382840              c:\windows\$NtUninstallKB973687$\spuninst\updspapi.dll
+ 2010-01-11 01:16 . 2008-07-08 13:02   231288              c:\windows\$NtUninstallKB973687$\spuninst\spuninst.exe
+ 2010-01-11 01:12 . 2009-05-26 11:40   382840              c:\windows\$NtUninstallKB973525$\spuninst\updspapi.dll
+ 2010-01-11 01:12 . 2009-05-26 11:40   231288              c:\windows\$NtUninstallKB973525$\spuninst\spuninst.exe
+ 2010-01-11 01:10 . 2009-05-26 11:40   382840              c:\windows\$NtUninstallKB971961$\spuninst\updspapi.dll
+ 2010-01-11 01:10 . 2009-05-26 11:40   231288              c:\windows\$NtUninstallKB971961$\spuninst\spuninst.exe
+ 2010-01-11 01:10 . 2008-05-09 10:53   512000              c:\windows\$NtUninstallKB971961$\jscript.dll
+ 2010-01-11 01:14 . 2008-07-30 02:59   161296              c:\windows\$NtUninstallKB971513$\uiautomationcore.dll
+ 2010-01-11 01:14 . 2009-03-23 18:50   382840              c:\windows\$NtUninstallKB971513$\spuninst\updspapi.dll
+ 2010-01-11 01:14 . 2009-03-23 18:50   231288              c:\windows\$NtUninstallKB971513$\spuninst\spuninst.exe
+ 2010-01-11 01:14 . 2004-08-04 12:00   163328              c:\windows\$NtUninstallKB971513$\oleacc.dll
+ 2010-01-11 01:12 . 2009-05-26 11:40   382840              c:\windows\$NtUninstallKB971486$\spuninst\updspapi.dll
+ 2010-01-11 01:12 . 2009-05-26 11:40   231288              c:\windows\$NtUninstallKB971486$\spuninst\spuninst.exe
+ 2010-01-11 01:10 . 2008-07-08 13:02   382840              c:\windows\$NtUninstallKB969947$\spuninst\updspapi.dll
+ 2010-01-11 01:10 . 2008-07-08 13:02   231288              c:\windows\$NtUninstallKB969947$\spuninst\spuninst.exe
+ 2010-01-11 01:17 . 2009-06-16 17:58   382496              c:\windows\$NtUninstallKB969084$\spuninst\updspapi.dll
+ 2010-01-11 01:17 . 2009-06-16 17:58   231456              c:\windows\$NtUninstallKB969084$\spuninst\spuninst.exe
+ 2010-01-11 01:17 . 2008-04-14 00:12   677888              c:\windows\$NtUninstallKB969084$\mstsc.exe
+ 2010-01-11 01:17 . 2008-04-14 00:11   136192              c:\windows\$NtUninstallKB969084$\aaclient.dll
+ 2010-01-11 01:17 . 2008-07-08 13:02   382840              c:\windows\$NtUninstallKB969059$\spuninst\updspapi.dll
+ 2010-01-11 01:17 . 2008-07-08 13:02   231288              c:\windows\$NtUninstallKB969059$\spuninst\spuninst.exe
+ 2010-01-11 01:17 . 2007-07-27 18:41   382840              c:\windows\$NtUninstallKB968816_WM9$\spuninst\updspapi.dll
+ 2010-01-11 01:17 . 2007-07-27 18:41   231288              c:\windows\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe
+ 2010-01-11 01:18 . 2009-05-26 11:40   382840              c:\windows\$NtUninstallKB958869$\spuninst\updspapi.dll
+ 2010-01-11 01:18 . 2009-05-26 11:40   231288              c:\windows\$NtUninstallKB958869$\spuninst\spuninst.exe
+ 2010-01-11 01:16 . 2008-04-14 00:12   153088              c:\windows\$NtUninstallKB956844$\triedit.dll
+ 2010-01-11 01:16 . 2008-07-08 13:02   382840              c:\windows\$NtUninstallKB956844$\spuninst\updspapi.dll
+ 2010-01-11 01:16 . 2008-07-08 13:02   231288              c:\windows\$NtUninstallKB956844$\spuninst\spuninst.exe
+ 2010-01-11 01:17 . 2009-05-27 01:10   382840              c:\windows\$NtUninstallKB955759$\spuninst\updspapi.dll
+ 2010-01-11 01:17 . 2009-05-26 11:40   231288              c:\windows\$NtUninstallKB955759$\spuninst\spuninst.exe
+ 2010-01-11 01:17 . 2008-04-14 00:11   451072              c:\windows\$NtUninstallKB955759$\aclayers.dll
+ 2010-01-11 01:16 . 2006-10-19 01:47   603648              c:\windows\$NtUninstallKB954155_WM9$\wmspdmod.dll
+ 2010-01-11 01:16 . 2007-07-27 18:41   382840              c:\windows\$NtUninstallKB954155_WM9$\spuninst\updspapi.dll
+ 2010-01-11 01:16 . 2007-07-27 18:41   231288              c:\windows\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe
+ 2010-01-11 01:10 . 2007-10-05 23:42   379184              c:\windows\$NtUninstallKB943729$\spuninst\updspapi.dll
+ 2010-01-11 01:10 . 2007-10-05 23:42   221488              c:\windows\$NtUninstallKB943729$\spuninst\spuninst.exe
+ 2010-01-11 01:15 . 2009-05-26 11:40   382840              c:\windows\$hf_mig$\KB976325-IE7\update\updspapi.dll
+ 2010-01-11 01:15 . 2009-05-26 11:40   755576              c:\windows\$hf_mig$\KB976325-IE7\update\update.exe
+ 2010-01-11 01:15 . 2009-05-26 11:40   231288              c:\windows\$hf_mig$\KB976325-IE7\spuninst.exe
+ 2010-01-04 16:12 . 2009-10-29 07:45   841216              c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\wininet.dll
+ 2010-01-04 16:12 . 2009-10-29 07:45   233472              c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\webcheck.dll
+ 2010-01-04 16:12 . 2009-10-29 07:45   105984              c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\url.dll
+ 2010-01-04 16:12 . 2009-10-29 07:45   102912              c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\occache.dll
+ 2010-01-04 16:12 . 2009-10-29 07:45   671232              c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mstime.dll
+ 2010-01-04 16:12 . 2009-10-29 07:45   193024              c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\msrating.dll
+ 2010-01-04 16:12 . 2009-10-29 07:45   477696              c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mshtmled.dll
+ 2010-01-04 16:12 . 2009-10-29 07:45   459264              c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\msfeeds.dll
+ 2010-01-04 16:12 . 2009-10-28 06:54   634632              c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\iexplore.exe
+ 2010-01-04 16:12 . 2009-10-29 07:45   268288              c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\iertutil.dll
+ 2010-01-04 16:12 . 2009-10-29 07:45   388608              c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\iedkcs32.dll
+ 2010-01-04 16:12 . 2009-10-29 07:45   380928              c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieapfltr.dll
+ 2010-01-04 16:12 . 2009-10-28 06:52   161792              c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieakui.dll
+ 2010-01-04 16:12 . 2009-10-29 07:45   230400              c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieaksie.dll
+ 2010-01-04 16:12 . 2009-10-29 07:45   153088              c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieakeng.dll
+ 2010-01-04 16:12 . 2009-10-29 07:45   132608              c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\extmgr.dll
+ 2010-01-04 16:12 . 2009-10-29 07:45   214528              c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\dxtrans.dll
+ 2010-01-04 16:12 . 2009-10-29 07:45   347136              c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\dxtmsft.dll

stevo90277
Novice
Novice

Status :
Online
Offline

Posts : 23
Joined : 2009-10-23
OS : Windows XP

View user profile

Back to top Go down

Re: I caught a virus, goes by av.exe in the TM

Post by stevo90277 on Fri Apr 16, 2010 6:47 pm

combofix log 3/3
+ 2010-01-04 16:12 . 2009-10-29 07:45 124928 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\advpack.dll
+ 2010-01-11 01:16 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975025\update\updspapi.dll
+ 2010-01-11 01:16 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975025\update\update.exe
+ 2010-01-11 01:16 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB975025\spuninst.exe
+ 2010-01-11 01:16 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974571\update\updspapi.dll
+ 2010-01-11 01:16 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974571\update\update.exe
+ 2010-01-11 01:16 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974571\spuninst.exe
+ 2010-01-11 01:14 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974392\update\updspapi.dll
+ 2010-01-11 01:14 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974392\update\update.exe
+ 2010-01-11 01:14 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974392\spuninst.exe
+ 2010-01-04 16:11 . 2009-10-13 10:38 270336 c:\windows\$hf_mig$\KB974392\SP3QFE\oakley.dll
+ 2010-01-11 01:17 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974318\update\updspapi.dll
+ 2010-01-11 01:17 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974318\update\update.exe
+ 2010-01-11 01:17 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974318\spuninst.exe
+ 2009-10-13 02:58 . 2009-10-13 02:58 150016 c:\windows\$hf_mig$\KB974318\SP3QFE\rastls.dll
+ 2010-01-11 01:16 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974112\update\updspapi.dll
+ 2010-01-11 01:16 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974112\update\update.exe
+ 2010-01-11 01:16 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974112\spuninst.exe
+ 2010-01-04 16:15 . 2009-08-26 08:03 247326 c:\windows\$hf_mig$\KB974112\SP3QFE\strmdll.dll
+ 2010-01-11 01:15 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973904\update\updspapi.dll
+ 2010-01-11 01:15 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB973904\update\update.exe
+ 2010-01-11 01:15 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB973904\spuninst.exe
+ 2010-01-04 16:13 . 2009-07-29 14:01 119648 c:\windows\$hf_mig$\KB973904\SP3QFE\msconv97.dll
+ 2010-01-11 01:16 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973687\update\updspapi.dll
+ 2010-01-11 01:16 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB973687\update\update.exe
+ 2010-01-11 01:16 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB973687\spuninst.exe
+ 2010-01-11 01:12 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973525\update\updspapi.dll
+ 2010-01-11 01:12 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB973525\update\update.exe
+ 2010-01-11 01:12 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB973525\spuninst.exe
+ 2010-01-11 01:10 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB971961\update\updspapi.dll
+ 2010-01-11 01:10 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB971961\update\update.exe
+ 2010-01-11 01:10 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB971961\spuninst.exe
+ 2010-01-04 16:05 . 2009-08-13 15:02 512000 c:\windows\$hf_mig$\KB971961\SP3QFE\jscript.dll
+ 2010-01-11 01:12 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB971486\update\updspapi.dll
+ 2010-01-11 01:12 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB971486\update\update.exe
+ 2010-01-11 01:12 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB971486\spuninst.exe
+ 2010-01-11 01:10 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB969947\update\updspapi.dll
+ 2010-01-11 01:10 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB969947\update\update.exe
+ 2010-01-11 01:10 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB969947\spuninst.exe
+ 2010-01-11 01:17 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB969059\update\updspapi.dll
+ 2010-01-11 01:17 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB969059\update\update.exe
+ 2010-01-11 01:17 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB969059\spuninst.exe
+ 2010-01-11 01:16 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB956844\update\updspapi.dll
+ 2010-01-11 01:16 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB956844\update\update.exe
+ 2010-01-11 01:16 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB956844\spuninst.exe
+ 2010-01-04 16:15 . 2009-06-21 21:49 153088 c:\windows\$hf_mig$\KB956844\SP3QFE\triedit.dll
+ 2010-01-11 01:17 . 2009-05-27 01:10 382840 c:\windows\$hf_mig$\KB955759\update\updspapi.dll
+ 2010-01-11 01:17 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB955759\update\update.exe
+ 2010-01-11 01:17 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB955759\spuninst.exe
+ 2010-01-04 16:17 . 2009-11-21 15:40 471552 c:\windows\$hf_mig$\KB955759\SP3QFE\aclayers.dll
+ 2010-01-11 01:13 . 2009-06-18 02:59 379184 c:\windows\$968930Uinstall_KB968930$\spuninst\updspapi.dll
+ 2010-01-11 01:13 . 2009-06-18 02:59 221488 c:\windows\$968930Uinstall_KB968930$\spuninst\spuninst.exe
+ 2010-01-04 16:18 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2009-07-21 08:03 . 2009-07-21 08:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2006-04-28 14:38 . 2009-08-07 03:23 1929952 c:\windows\system32\wuaueng.dll
+ 2009-10-10 00:23 . 2009-10-10 00:23 1107456 c:\windows\system32\WsmSvc.dll
+ 2004-08-04 12:00 . 2009-05-20 12:56 2458112 c:\windows\system32\WMVCore.dll
- 2004-08-04 12:00 . 2008-06-18 10:03 2458112 c:\windows\system32\WMVCore.dll
+ 2004-08-04 12:00 . 2009-08-14 13:21 1850624 c:\windows\system32\win32k.sys
+ 2004-08-04 12:00 . 2010-01-05 10:00 1168384 c:\windows\system32\urlmon.dll
+ 2008-03-07 21:00 . 2007-06-22 15:37 1414656 c:\windows\system32\spool\drivers\w32x86\3\xwpuiv7.dll
+ 2008-03-07 21:00 . 2007-06-22 15:36 3701760 c:\windows\system32\spool\drivers\w32x86\3\xwprv7.dll
+ 2008-03-07 21:00 . 2007-06-22 15:39 1058816 c:\windows\system32\spool\drivers\w32x86\3\PCL5ERES.DLL
+ 2004-08-04 12:00 . 2009-07-17 16:22 1435648 c:\windows\system32\query.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 1435648 c:\windows\system32\query.dll
+ 2004-08-04 12:00 . 2009-08-04 15:13 2145280 c:\windows\system32\ntoskrnl.exe
- 2004-08-04 12:00 . 2009-02-06 11:06 2145280 c:\windows\system32\ntoskrnl.exe
- 2004-08-03 22:59 . 2009-02-06 10:32 2023936 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-03 22:59 . 2009-08-04 14:20 2023936 c:\windows\system32\ntkrnlpa.exe
+ 2008-08-30 03:06 . 2009-07-31 18:05 1372672 c:\windows\system32\msxml6.dll
+ 2009-07-21 08:05 . 2009-07-21 08:05 1348432 c:\windows\system32\msxml4.dll
+ 2004-08-04 12:00 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
+ 2006-04-28 14:37 . 2009-10-19 21:06 2689024 c:\windows\system32\mstscax.dll
+ 2006-04-28 14:37 . 2009-10-19 21:06 1033728 c:\windows\system32\mstsc.exe
+ 2004-08-04 12:00 . 2010-01-05 22:30 3599360 c:\windows\system32\mshtml.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2007-08-13 22:54 . 2010-01-05 10:00 6067200 c:\windows\system32\ieframe.dll
+ 2007-02-12 20:10 . 2009-06-29 08:33 2452872 c:\windows\system32\ieapfltr.dat
+ 2009-08-18 07:33 . 2009-08-18 07:33 1193832 c:\windows\system32\FM20.DLL
+ 2006-04-28 14:38 . 2009-08-07 03:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
- 2004-08-04 12:00 . 2008-06-18 10:03 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2004-08-04 12:00 . 2009-05-20 12:56 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2009-02-09 11:13 . 2009-08-14 13:21 1850624 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-04 12:00 . 2010-01-05 10:00 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2010-01-04 16:16 . 2009-07-17 16:22 1435648 c:\windows\system32\dllcache\query.dll
+ 2009-06-08 18:40 . 2009-08-05 04:44 2189184 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-06-08 18:40 . 2009-08-04 14:20 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-06-08 18:40 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-02-08 00:02 . 2009-02-08 00:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-02-08 00:02 . 2009-08-04 14:20 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-06-08 18:40 . 2009-08-04 15:13 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2009-06-08 18:40 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-09-12 16:17 . 2009-07-31 18:05 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2004-08-04 12:00 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2006-04-28 14:37 . 2009-10-19 21:06 2689024 c:\windows\system32\dllcache\mstscax.dll
+ 2006-04-28 14:37 . 2009-10-19 21:06 1033728 c:\windows\system32\dllcache\mstsc.exe
+ 2004-08-04 12:00 . 2010-01-05 22:30 3599360 c:\windows\system32\dllcache\mshtml.dll
+ 2008-09-12 16:44 . 2010-01-05 10:00 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2008-09-12 16:44 . 2009-06-29 08:33 2452872 c:\windows\system32\dllcache\ieapfltr.dat
+ 2010-02-11 05:10 . 2007-12-27 01:30 1970176 c:\windows\system32\d3dx9.dll
- 2009-10-13 04:05 . 2007-12-27 00:30 1970176 c:\windows\system32\d3dx9.dll
+ 2009-08-08 07:51 . 2009-08-08 07:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2009-08-08 07:51 . 2009-08-08 07:51 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2008-11-25 11:59 . 2008-11-25 11:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2007-04-14 04:35 . 2007-04-14 04:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-28 09:35 . 2008-05-28 09:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-28 09:35 . 2008-05-28 09:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2007-04-14 04:35 . 2007-04-14 04:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2008-05-28 08:48 . 2008-05-28 08:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2007-04-14 03:57 . 2007-04-14 03:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2008-05-28 08:48 . 2008-05-28 08:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2007-04-14 03:57 . 2007-04-14 03:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2008-05-28 08:43 . 2008-05-28 08:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2007-04-14 03:50 . 2007-04-14 03:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2009-08-18 20:58 . 2009-08-18 20:58 8301056 c:\windows\Installer\198dd0e8.msp
+ 2009-07-27 12:31 . 2009-07-27 12:31 3738624 c:\windows\Installer\198dd0d4.msp
+ 2009-08-18 20:57 . 2009-08-18 20:57 9122304 c:\windows\Installer\198dd0c0.msp
+ 2009-10-16 15:09 . 2009-10-16 15:09 2518016 c:\windows\Installer\198dd0ac.msp
+ 2009-08-18 21:08 . 2009-08-18 21:08 1373696 c:\windows\Installer\198dd082.msp
- 2009-08-06 15:29 . 2009-08-06 16:21 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-08-06 15:29 . 2010-03-20 23:43 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-08-06 15:29 . 2009-08-06 16:21 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-08-06 15:29 . 2010-03-20 23:43 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2007-10-06 00:31 . 2007-10-06 00:31 5287984 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6215\IPEDITOR.DLL
+ 2010-03-20 23:44 . 2009-10-29 07:46 1168384 c:\windows\ie7updates\KB978207-IE7\urlmon.dll
+ 2010-03-20 23:44 . 2009-10-29 21:16 3598336 c:\windows\ie7updates\KB978207-IE7\mshtml.dll
+ 2010-03-20 23:44 . 2009-10-29 07:46 6067200 c:\windows\ie7updates\KB978207-IE7\ieframe.dll
+ 2010-01-11 01:15 . 2009-04-29 04:56 1159680 c:\windows\ie7updates\KB976325-IE7\urlmon.dll
+ 2010-01-11 01:15 . 2009-04-29 04:56 3596288 c:\windows\ie7updates\KB976325-IE7\mshtml.dll
+ 2010-01-11 01:15 . 2009-04-29 04:55 6066176 c:\windows\ie7updates\KB976325-IE7\ieframe.dll
+ 2010-01-11 01:15 . 2008-07-09 14:25 2455488 c:\windows\ie7updates\KB976325-IE7\ieapfltr.dat
+ 2009-06-08 18:40 . 2009-08-05 04:44 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-06-08 18:40 . 2009-08-04 14:20 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-06-08 18:40 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-02-08 00:02 . 2009-02-08 00:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-02-08 00:02 . 2009-08-04 14:20 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-06-08 18:40 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-06-08 18:40 . 2009-08-04 15:13 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-01-11 01:14 . 2010-01-11 01:14 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_304fb07b\System.dll
+ 2010-01-11 01:14 . 2010-01-11 01:14 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_2f351576\System.dll
+ 2010-01-11 01:14 . 2010-01-11 01:14 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_82419471\System.Xml.dll
+ 2010-01-11 01:14 . 2010-01-11 01:14 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_32b6d1ab\System.Xml.dll
+ 2010-01-11 01:14 . 2010-01-11 01:14 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_f13c4a50\System.Windows.Forms.dll
+ 2010-01-11 01:14 . 2010-01-11 01:14 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_295f27d0\System.Windows.Forms.dll
+ 2010-01-11 01:14 . 2010-01-11 01:14 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_7b444564\System.Drawing.dll
+ 2010-01-11 01:14 . 2010-01-11 01:14 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_205d5166\System.Design.dll
+ 2010-01-11 01:14 . 2010-01-11 01:14 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_06532aa8\System.Design.dll
+ 2010-01-11 01:14 . 2010-01-11 01:14 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a4de1ec1\mscorlib.dll
+ 2010-01-11 01:15 . 2010-01-11 01:15 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_46156929\mscorlib.dll
+ 2010-01-11 01:20 . 2010-01-11 01:20 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\204d6e5b335134f23ca37638b9227ecf\WindowsBase.ni.dll
+ 2010-01-11 01:24 . 2010-01-11 01:24 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f2ed6a204eb13841e99b77025464afc\UIAutomationClientsideProviders.ni.dll
+ 2010-01-11 01:20 . 2010-01-11 01:20 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll
+ 2010-01-11 01:24 . 2010-01-11 01:24 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll
+ 2010-01-11 01:32 . 2010-01-11 01:32 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll
+ 2010-01-11 01:32 . 2010-01-11 01:32 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll
+ 2010-01-11 01:32 . 2010-01-11 01:32 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll
+ 2010-01-11 01:32 . 2010-01-11 01:32 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll
+ 2010-01-11 01:32 . 2010-01-11 01:32 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll
+ 2010-01-11 01:32 . 2010-01-11 01:32 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll
+ 2010-01-11 01:32 . 2010-01-11 01:32 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll
+ 2010-01-11 01:23 . 2010-01-11 01:23 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\99594bae1d022502925f5b9dfcdaae9a\System.Speech.ni.dll
+ 2010-01-11 01:31 . 2010-01-11 01:31 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll
+ 2010-01-11 01:29 . 2010-01-11 01:29 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\67ad55827f2542552b576170f0a7dc56\System.Runtime.Serialization.ni.dll
+ 2010-01-11 01:23 . 2010-01-11 01:23 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e5313735a40c0800f116e27fba4754db\System.Printing.ni.dll
+ 2010-01-11 01:31 . 2010-01-11 01:31 8365056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\4fddbe9c2ff96b543a624459cad647b6\System.Management.Automation.ni.dll
+ 2010-01-11 01:29 . 2010-01-11 01:29 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll
+ 2010-01-11 01:23 . 2010-01-11 01:23 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\abb2ac7e08bee026f857d8fa36f9fe6f\System.Drawing.ni.dll
+ 2010-01-11 01:31 . 2010-01-11 01:31 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f47ebb9db460874b1bcbfc391dc970b1\System.DirectoryServices.ni.dll
+ 2010-01-11 01:31 . 2010-01-11 01:31 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c94a427baa7683f4221b91f90c18461b\System.Deployment.ni.dll
+ 2010-01-11 01:23 . 2010-01-11 01:23 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\694c07365e0fd6bba0bc304d4d2404a7\System.Data.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll
+ 2010-01-11 01:31 . 2010-01-11 01:31 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll
+ 2010-01-11 01:23 . 2010-01-11 01:23 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9f8324460604cf1fe7681b\System.Data.Linq.ni.dll
+ 2010-01-11 01:31 . 2010-01-11 01:31 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll
+ 2010-01-11 01:23 . 2010-01-11 01:23 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c0a42d2ad8a4078040b334f6770ea11f\System.Core.ni.dll
+ 2010-01-11 01:23 . 2010-01-11 01:23 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\954685c29689d2a6126ceca1fd55e904\ReachFramework.ni.dll
+ 2010-01-11 01:23 . 2010-01-11 01:23 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a3a6f52ce1d09a7bdccc8e7fc664792d\PresentationUI.ni.dll
+ 2010-01-11 01:20 . 2010-01-11 01:20 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\f906701365083c1473db31519147e263\PresentationBuildTasks.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6eee9b772b6d12d3dbd82f118c2ab2e5\Microsoft.VisualBasic.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f19e9b439636d0744597fff1331cad04\Microsoft.Transactions.Bridge.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30 3722240 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\d7580a8595db77e165a51e2c1add4720\Microsoft.PowerShell.Editor.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30 1704448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\d38b060a0a380c671c5e45c31905d2f0\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30 1609728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\74362bea6bc8a906a45d74c393969423\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2010-01-11 01:31 . 2010-01-11 01:31 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Jscript\5b1af7b5be24c7ace065fe1c81c2b650\Microsoft.Jscript.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9eec1cc7ac37e0c7f3205e8156149c5a\Microsoft.Build.Tasks.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-01-11 01:30 . 2010-01-11 01:30 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll
- 2009-06-08 19:08 . 2009-06-08 19:08 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-06-08 19:08 . 2009-06-08 19:08 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-06-08 19:08 . 2009-06-08 19:08 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-01-11 01:13 . 2010-01-11 01:13 2682880 c:\windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-06-08 19:08 . 2009-06-08 19:08 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-06-08 19:08 . 2009-06-08 19:08 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-06-08 19:08 . 2009-06-08 19:08 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-06-08 19:08 . 2009-06-08 19:08 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-01-11 01:19 . 2010-01-11 01:19 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-01-11 01:14 . 2010-01-11 01:14 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2009-06-19 00:51 . 2009-06-19 00:51 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-01-11 01:14 . 2010-01-11 01:14 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-06-19 00:51 . 2009-06-19 00:51 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-01-11 01:16 . 2008-08-30 03:06 1350664 c:\windows\$NtUninstallKB973687$\msxml6.dll
+ 2010-01-11 01:16 . 2008-09-04 17:15 1106944 c:\windows\$NtUninstallKB973687$\msxml3.dll
+ 2010-01-11 01:12 . 2009-02-06 11:06 2145280 c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
+ 2010-01-11 01:12 . 2009-02-06 10:32 2023936 c:\windows\$NtUninstallKB971486$\ntkrpamp.exe
+ 2010-01-11 01:12 . 2009-02-06 10:32 2023936 c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
+ 2010-01-11 01:12 . 2009-02-06 11:06 2145280 c:\windows\$NtUninstallKB971486$\ntkrnlmp.exe
+ 2010-01-11 01:10 . 2009-04-17 12:26 1847168 c:\windows\$NtUninstallKB969947$\win32k.sys
+ 2010-01-11 01:17 . 2009-06-10 13:19 2066432 c:\windows\$NtUninstallKB969084$\mstscax.dll
+ 2010-01-11 01:17 . 2008-04-14 00:12 1435648 c:\windows\$NtUninstallKB969059$\query.dll
+ 2010-01-11 01:17 . 2008-06-18 10:03 2458112 c:\windows\$NtUninstallKB968816_WM9$\wmvcore.dll
+ 2010-01-04 16:12 . 2009-10-29 07:45 1170944 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\urlmon.dll
+ 2010-01-04 16:12 . 2009-10-29 07:45 3602432 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mshtml.dll
+ 2010-01-04 16:12 . 2009-10-29 07:45 6070784 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieframe.dll
+ 2010-01-04 16:12 . 2009-06-29 08:33 2452872 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieapfltr.dat
+ 2010-01-04 16:14 . 2009-07-31 04:24 1447424 c:\windows\$hf_mig$\KB973687\SP3QFE\msxml6.dll
+ 2010-01-04 16:14 . 2009-07-31 04:24 1172480 c:\windows\$hf_mig$\KB973687\SP3QFE\msxml3.dll
+ 2010-01-04 16:08 . 2009-08-04 13:56 2189312 c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
+ 2010-01-04 16:08 . 2009-08-04 13:17 2023936 c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrpamp.exe
+ 2009-08-05 02:47 . 2009-08-05 02:47 2066176 c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
+ 2010-01-04 16:08 . 2009-08-04 13:54 2145280 c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlmp.exe
+ 2009-08-15 01:49 . 2009-08-15 01:49 1859712 c:\windows\$hf_mig$\KB969947\SP3QFE\win32k.sys
+ 2010-01-04 16:16 . 2009-07-17 16:01 1435648 c:\windows\$hf_mig$\KB969059\SP3QFE\query.dll
+ 2010-01-09 08:28 . 2010-01-09 08:28 12337752 c:\windows\system32\rktools.exe
+ 2010-01-11 01:11 . 2010-02-01 18:26 30364104 c:\windows\system32\MRT.exe
+ 2009-08-11 05:08 . 2009-08-11 05:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp
+ 2009-08-18 19:50 . 2009-08-18 19:50 12022272 c:\windows\Installer\47a8891.msp
+ 2009-08-15 04:32 . 2009-08-15 04:32 11110912 c:\windows\Installer\198dd106.msp
+ 2009-08-18 21:19 . 2009-08-18 21:19 10098688 c:\windows\Installer\198dd0fd.msp
+ 2009-08-10 22:09 . 2009-08-10 22:09 17254912 c:\windows\Installer\198dd099.msp
+ 2010-01-13 06:54 . 2010-01-13 06:54 10829312 c:\windows\Downloaded Installations\{B06DB85F-066C-4871-9FFA-A3A99854E6FC}\Teamcenter's Application Sharing.msi
+ 2010-01-11 01:24 . 2010-01-11 01:24 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll
+ 2010-01-11 01:32 . 2010-01-11 01:32 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll
+ 2010-01-11 01:29 . 2010-01-11 01:29 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll
+ 2010-01-11 01:23 . 2010-01-11 01:23 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5\System.Design.ni.dll
+ 2010-01-11 01:23 . 2010-01-11 01:23 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\58c7ac6b6054038dc9346d7ec8e32b4c\PresentationFramework.ni.dll
+ 2010-01-11 01:22 . 2010-01-11 01:22 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\94badbd64df59de7da249f71da38b1c2\PresentationCore.ni.dll
+ 2010-01-11 01:20 . 2010-01-11 01:20 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SIECACST"="c:\program files\Siemens\CardOS API\bin\siecacst.exe" [2007-08-02 81920]
"Ptipbmf"="ptipbmf.dll" [2007-10-20 118784]
"PtiuPbmd"="ulutil2.dll" [2003-11-05 110592]
"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2009-06-04 5069648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-29 8429568]
"nwiz"="nwiz.exe" [2007-04-29 1626112]
"NVHotkey"="nvHotkey.dll" [2007-04-29 67584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-29 81920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-04-18 159744]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"OdTray.exe"="c:\program files\Juniper Networks\Odyssey Access Client\OdTray.exe" [2007-03-16 1028160]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\Pccntmon.exe" [2010-02-04 718120]
"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"LogonType"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoStartMenuMyMusic"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]
2008-06-29 05:49 122949 ----a-w- c:\windows\system32\odyEvent.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 aacsas;Adaptec SAS/SATA-II RAID Miniport Driver;c:\windows\system32\drivers\aacsas.sys [9/15/2008 10:12 AM 81035]
R0 adp94xx;adp94xx;c:\windows\system32\drivers\adp94xx.sys [9/15/2008 10:12 AM 360960]
R0 AFAMgt;AFAMgt;c:\windows\system32\drivers\afamgt.sys [9/15/2008 10:12 AM 91707]
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [9/15/2008 10:12 AM 119808]
R0 amdbusdr;amdbusdr;c:\windows\system32\drivers\AmdBusDr.sys [9/15/2008 10:12 AM 29696]
R0 arcm_x86;arcm_x86;c:\windows\system32\drivers\arcm_x86.sys [9/15/2008 10:12 AM 25888]
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [9/15/2008 10:12 AM 6016]
R0 dontgo;Promise Removable Disk Control Driver;c:\windows\system32\drivers\dontgo.sys [9/15/2008 10:12 AM 7680]
R0 FastSx;FastSx;c:\windows\system32\drivers\FastSx.sys [9/15/2008 10:12 AM 167424]
R0 fasttrak;fasttrak;c:\windows\system32\drivers\Fasttrak.sys [9/15/2008 10:12 AM 65536]
R0 fttxr5_O;fttxr5_O;c:\windows\system32\drivers\fttxr5_O.sys [9/15/2008 10:12 AM 177152]
R0 fttxr52P;fttxr52P;c:\windows\system32\drivers\fttxr52P.sys [9/15/2008 10:12 AM 160256]
R0 HpCISSm2;HpCISSm2;c:\windows\system32\drivers\HpCISSm2.sys [9/15/2008 10:12 AM 23040]
R0 Hpt366;Hpt366;c:\windows\system32\drivers\Hpt366.sys [9/15/2008 10:12 AM 22880]
R0 hpt374;hpt374;c:\windows\system32\drivers\hpt374.sys [9/15/2008 10:12 AM 108150]
R0 hptiop;hptiop;c:\windows\system32\drivers\hptiop.sys [9/15/2008 10:12 AM 14496]
R0 hptmv;hptmv;c:\windows\system32\drivers\hptmv.sys [9/15/2008 10:12 AM 65024]
R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [9/15/2008 10:12 AM 26112]
R0 m5228;m5228;c:\windows\system32\drivers\m5228.sys [9/15/2008 10:12 AM 45069]
R0 m5281;m5281;c:\windows\system32\drivers\m5281.sys [9/15/2008 10:12 AM 51072]
R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [9/15/2008 10:12 AM 103680]
R0 m5288;m5288;c:\windows\system32\drivers\m5288.sys [9/15/2008 10:12 AM 210304]
R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [9/15/2008 10:12 AM 52480]
R0 MegaIDE;MegaIDE;c:\windows\system32\drivers\MegaIDE.sys [9/15/2008 10:12 AM 163277]
R0 MegaINTL;MegaINTL;c:\windows\system32\drivers\MegaINTL.sys [9/15/2008 10:12 AM 177536]
R0 mv614x;mv614x;c:\windows\system32\drivers\mv614x.sys [9/15/2008 10:12 AM 34432]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [9/15/2008 10:12 AM 143360]
R0 mv64xx;mv64xx;c:\windows\system32\drivers\mv64xx.sys [9/15/2008 10:12 AM 212480]
R0 mvSata;mvSata;c:\windows\system32\drivers\mvsata.sys [9/15/2008 10:12 AM 43520]
R0 nfrd960;IBM ServeRAID 4M/4L/4Mx/4Lx/5i/6M/6i/7k Device Driver;c:\windows\system32\drivers\nfrd960.sys [9/15/2008 10:12 AM 74747]
R0 odFips;odFips;c:\windows\system32\drivers\odFIPS.sys [1/23/2006 2:19 PM 254208]
R0 Pnp649r;CMD IDE Raid Controller;c:\windows\system32\drivers\pnp649r.sys [9/15/2008 10:12 AM 66889]
R0 Pnp680;SiI 680 ATA Controller;c:\windows\system32\drivers\PnP680.sys [9/15/2008 10:12 AM 71720]
R0 raidsrc;raidsrc;c:\windows\system32\drivers\raidsrc.sys [9/15/2008 10:12 AM 45392]
R0 S150sx8;S150sx8;c:\windows\system32\drivers\S150sx8.sys [9/15/2008 10:12 AM 36864]
R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [9/15/2008 10:12 AM 110128]
R0 SI3114;SiI-3114 SATALink Controller;c:\windows\system32\drivers\SI3114.sys [9/15/2008 10:12 AM 61952]
R0 SI3124;SiI-3124 SATALink Controller;c:\windows\system32\drivers\SI3124.sys [9/15/2008 10:12 AM 81960]
R0 SI3124r;SiI-3124 SATARaid Controller;c:\windows\system32\drivers\SI3124r.sys [9/15/2008 10:12 AM 100881]
R0 Si3124r5;SiI-3124 SoftRaid 5 Controller;c:\windows\system32\drivers\3124r5A2.sys [9/15/2008 10:12 AM 207152]
R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [9/15/2008 10:12 AM 210736]
R0 SiSRaid1;SiSRaid1;c:\windows\system32\drivers\SiSRaid1.sys [9/15/2008 10:11 AM 46464]
R0 SiSRaid4;SiSRaid4;c:\windows\system32\drivers\sisraid4.sys [9/15/2008 10:11 AM 68864]
R0 sisraidx;sisraidx;c:\windows\system32\drivers\sisraidx.sys [9/15/2008 10:11 AM 47616]
R0 sptrak;sptrak;c:\windows\system32\drivers\sptrak.sys [9/15/2008 10:12 AM 41216]
R0 ulsata2;ulsata2;c:\windows\system32\drivers\ulsata2.sys [9/15/2008 10:12 AM 125952]
R0 viapdsk;VIA ATA/ATAPI Host Controller;c:\windows\system32\drivers\viapdsk.sys [9/15/2008 10:11 AM 29184]
R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [4/28/2006 6:57 AM 17968]
R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [12/11/2006 10:12 AM 87664]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [11/9/2005 6:34 PM 36368]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [8/4/2009 8:15 AM 24521]
R3 jnprna;Juniper Network Agent Miniport;c:\windows\system32\drivers\jnprna.sys [11/14/2006 9:49 AM 398720]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [5/25/2009 6:34 AM 338960]
R3 WSUSBDMAN;VMware VDM Virtual Client USB Manager;c:\windows\system32\drivers\WSUSBDMAN.sys [5/8/2008 3:45 PM 21504]
S0 2310_00;2310_00;c:\windows\system32\drivers\2310_00.sys [9/15/2008 10:12 AM 100224]
S0 hptmv6;hptmv6;c:\windows\system32\drivers\hptmv6.sys [9/15/2008 10:12 AM 93696]
S0 hptpro;hptpro;c:\windows\system32\drivers\hptpro.sys [9/15/2008 10:12 AM 9809]
S0 lsi_sas2;lsi_sas2;c:\windows\system32\drivers\lsi_sas2.sys [9/15/2008 10:12 AM 93184]
S0 rr172x;rr172x;c:\windows\system32\drivers\rr172x.sys [9/15/2008 10:12 AM 83200]
S0 rr174x;rr174x;c:\windows\system32\drivers\rr174x.sys [9/15/2008 10:12 AM 107296]
S0 rr232x;rr232x;c:\windows\system32\drivers\rr232x.sys [9/15/2008 10:12 AM 101888]
S0 rr2340;rr2340;c:\windows\system32\drivers\rr2340.sys [9/15/2008 10:12 AM 102400]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/2/2009 11:04 PM 135664]
S2 MobileAutmationAgentService;iPass Endpoint Policy Management Agent;"c:\program files\mobile automation\rstate.exe" --> c:\program files\mobile automation\rstate.exe [?]
S2 SttService;Stt Services;c:\windows\SttService.exe [9/2/2009 7:43 AM 42043]
S2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\tmxpflt.sys [11/9/2005 6:34 PM 230928]
S2 wsnm;VMware VDM Client Service;c:\program files\VMware\VMware VDM\Client\bin\wsnm.exe [5/8/2008 3:51 PM 131072]
S3 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [11/29/2009 3:47 PM 401920]
S3 EacService;Juniper TNC Endpoint Assessment;c:\program files\Common Files\Juniper Networks\TNC Client\jTnccService.exe [3/16/2007 5:33 PM 81992]
S3 ExtranetAccess;Contivity VPN Service;c:\program files\Nortel Networks\Extranet_serv.exe [8/4/2009 8:15 AM 835584]
S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [8/4/2009 8:15 AM 155216]
S3 TmPfw;OfficeScan NT Firewall;c:\program files\Trend Micro\OfficeScan Client\TmPfw.exe [5/25/2009 6:34 AM 488768]
S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [5/25/2009 6:30 AM 652552]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 5:00 AM 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder

2010-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-03 06:04]

2010-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-03 06:04]

2010-04-07 c:\windows\Tasks\stt_inv_report_24.job
- c:\program files\stt\stt_report_controller.bat [2009-09-02 02:48]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: salesforce.com
Trusted Zone: siemens.com\*.industrysoftware.automation
Trusted Zone: siemens.us\ura
Trusted Zone: ugs.com
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Malwarebytes Anti-Malware (reboot) - e:\debug malware\Software\Malwarebytes' Anti-Malware\mbam.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-04-16 11:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x80800000]<< >>UNKNOWN [0xF1A72000]<< >>UNKNOWN [0xF7657000]<< >>UNKNOWN [0xF7647000]<< >>UNKNOWN [0x8B50AAC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0xf765bf28
\Driver\ACPI -> 0xf735ecb8
\Driver\atapi -> 0xf72a7852
\Driver\iaStor -> 0xf7214002
IoDeviceObjectType -> DeleteProcedure -> 0x808ac6a8
ParseProcedure -> 0x808ab7e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> 0x808ac6a8
ParseProcedure -> 0x808ab7e8
NDIS: Broadcom NetXtreme 57xx Gigabit Controller -> SendCompleteHandler -> 0xf694cbb0
PacketIndicateHandler -> 0xf693ba0d
SendHandler -> 0xf694fb40
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\WININET.dll
c:\windows\system32\odyEvent.dll

- - - - - - - > 'lsass.exe'(1048)
c:\windows\system32\WININET.dll
.
Completion time: 2010-04-16 11:16:52
ComboFix-quarantined-files.txt 2010-04-16 18:16
ComboFix2.txt 2009-11-23 01:06
ComboFix3.txt 2009-11-22 21:08
ComboFix4.txt 2009-11-22 18:49

Pre-Run: 134,108,975,104 bytes free
Post-Run: 134,172,774,400 bytes free

- - End Of File - - BE96276F6BFAB87EDE309121838AA9EE

stevo90277
Novice
Novice

Status :
Online
Offline

Posts : 23
Joined : 2009-10-23
OS : Windows XP

View user profile

Back to top Go down

Re: I caught a virus, goes by av.exe in the TM

Post by Dr Jay on Fri Apr 16, 2010 8:16 pm

Please download the [You must be registered and logged in to see this link.]. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum