Root Kit....Zero Access

Page 1 of 6 1, 2, 3, 4, 5, 6  Next

View previous topic View next topic Go down

Root Kit....Zero Access

Post by JonEJet on Tue May 29, 2012 4:26 pm

Having problems with the laptop. Tried running combo fix, but it won't run, It keeps wanting me to reboot the computer.

Says I have a Root Kit, Zero Access.

Please help

JonEJet
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-07-16
OS OS : XP
Points Points : 30186
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by Gabethebabe on Wed May 30, 2012 7:13 am

Hi there JonEJet!

I am Gabethebabe and I will be helping you with this issue. Before we start some general remarks/rules:
  • Whilst I´m helping you, please follow my instructions carefully and do not experiment on your own or accept help from other persons.
  • Feel free to ask questions! Especially if my instructions are not clear. I´m here to help, not confuse you.
  • I will try and respond quickly, but please understand I do have a real life (job, wife, 3 kids, kinky hobbies).
  • Stick with me till the end. If your computer starts running better, doesn´t mean it is clean yet!

====================

OK, so Zero Access is a nasty piece of work.

Normally combofix should be capable of removing it, I understand that it enters a reboot loop that does not end? We´re going to have and try some other things, then Smile

Please download Zero Access Removal tool by Symantec from [You must be registered and logged in to see this link.] and save it to your desktop.

  • Close all programs and doubleclick FixZeroAccess.exe to run the tool.
  • Accept the EULA and click Proceed
  • Allow the tool to restart your computer
  • After restarting it should provide you with a report
  • Please let me know what was the result.

As a matter of fact, since this is the first time I work with this tool, let me know if it saves a report to your desktop.

====================

After this, reboot your computer and try running ComboFix again.


Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Wed May 30, 2012 2:34 pm

Gabe,

First, I'd like to thank you for spending a little time helping me try to fix my computer. Your help is greatly appreciated.

So.....I downloaded, and ran the Zero Access Fix Tool. Similar to Combo Fix, it immediately shut down, and re booted my system. After re start, it ask me to run Zero Access again, which I did. It didn't seem like it ever really "scanned" my system, if that's what the tool does in fact do. Very quickly, a box popped up indicating there were no infections found.

I then ran Combo Fix again, per your instructions, and once again I found myself in the same reboot loop.

I saved Zero Access to my desktop, but there is no report to show to you.

Ugh. What now?

Thanks

JonEJet
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-07-16
OS OS : XP
Points Points : 30186
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by Gabethebabe on Wed May 30, 2012 2:37 pm

Lets try two other tools:

  • Download TDSSKiller by Kaspersky from [You must be registered and logged in to see this link.] and save it to your desktop
  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
  • The report can also be found in the root of your Windows drive (most likely C:\).

====================

Please download aswMBR by Alwil Software from [You must be registered and logged in to see this link.] and save it to your desktop.

  • Double click aswMBR.exe to run the tool
  • Click the Scan button to start the scan
  • Don´t panic if you see any **Rootkit** entries. The tool sometimes produces false alarms
  • Once the scan finishes click Save log to save the log to your desktop
  • Copy and paste the contents of this log (aswMBR.txt) into your next reply.


Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Wed May 30, 2012 3:04 pm

10:55:57.0670 3820 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
10:55:58.0092 3820 ============================================================
10:55:58.0092 3820 Current date / time: 2012/05/30 10:55:58.0092
10:55:58.0092 3820 SystemInfo:
10:55:58.0092 3820
10:55:58.0092 3820 OS Version: 6.0.6001 ServicePack: 1.0
10:55:58.0092 3820 Product type: Workstation
10:55:58.0092 3820 ComputerName: JONEJET-PC
10:55:58.0093 3820 UserName: JonEJet
10:55:58.0093 3820 Windows directory: C:\Windows
10:55:58.0093 3820 System windows directory: C:\Windows
10:55:58.0093 3820 Processor architecture: Intel x86
10:55:58.0093 3820 Number of processors: 2
10:55:58.0093 3820 Page size: 0x1000
10:55:58.0093 3820 Boot type: Normal boot
10:55:58.0093 3820 ============================================================
10:56:04.0989 3820 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:56:04.0993 3820 ============================================================
10:56:04.0993 3820 \Device\Harddisk0\DR0:
10:56:04.0993 3820 MBR partitions:
10:56:04.0993 3820 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xDCA4800
10:56:04.0993 3820 ============================================================
10:56:05.0053 3820 C: <-> \Device\Harddisk0\DR0\Partition0
10:56:05.0053 3820 ============================================================
10:56:05.0053 3820 Initialize success
10:56:05.0053 3820 ============================================================
10:56:07.0938 0300 ============================================================
10:56:07.0938 0300 Scan started
10:56:07.0938 0300 Mode: Manual;
10:56:07.0938 0300 ============================================================
10:56:12.0627 0300 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
10:56:12.0636 0300 ACPI - ok
10:56:12.0734 0300 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
10:56:12.0747 0300 adp94xx - ok
10:56:12.0794 0300 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
10:56:12.0801 0300 adpahci - ok
10:56:12.0853 0300 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
10:56:12.0856 0300 adpu160m - ok
10:56:12.0908 0300 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
10:56:12.0912 0300 adpu320 - ok
10:56:12.0973 0300 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
10:56:12.0975 0300 AeLookupSvc - ok
10:56:13.0072 0300 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
10:56:13.0078 0300 AFD - ok
10:56:13.0128 0300 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe
10:56:13.0130 0300 AgereModemAudio - ok
10:56:14.0078 0300 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
10:56:14.0132 0300 AgereSoftModem - ok
10:56:14.0179 0300 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
10:56:14.0183 0300 agp440 - ok
10:56:14.0824 0300 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
10:56:14.0828 0300 aic78xx - ok
10:56:14.0869 0300 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
10:56:14.0873 0300 ALG - ok
10:56:14.0923 0300 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
10:56:14.0926 0300 aliide - ok
10:56:15.0324 0300 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
10:56:15.0326 0300 amdagp - ok
10:56:15.0343 0300 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
10:56:15.0345 0300 amdide - ok
10:56:15.0392 0300 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
10:56:15.0394 0300 AmdK7 - ok
10:56:15.0425 0300 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
10:56:15.0427 0300 AmdK8 - ok
10:56:15.0546 0300 AntiVirSchedulerService (b4837fe56d76b2e9ea90e5365cf6a2be) C:\Program Files\Avira\AntiVir Desktop\sched.exe
10:56:17.0217 0300 AntiVirSchedulerService - ok
10:56:18.0035 0300 AntiVirService (df5a3016052755c910a206058b4a1729) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
10:56:18.0043 0300 AntiVirService - ok
10:56:18.0103 0300 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
10:56:18.0106 0300 Appinfo - ok
10:56:18.0178 0300 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
10:56:18.0180 0300 arc - ok
10:56:18.0247 0300 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
10:56:18.0249 0300 arcsas - ok
10:56:18.0283 0300 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\Windows\system32\drivers\aswFsBlk.sys
10:56:18.0285 0300 aswFsBlk - ok
10:56:18.0330 0300 aswMonFlt (6693141560b1615d8dccf0d8eb00087e) C:\Windows\system32\drivers\aswMonFlt.sys
10:56:18.0332 0300 aswMonFlt - ok
10:56:18.0349 0300 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\Windows\system32\drivers\aswRdr.sys
10:56:18.0350 0300 aswRdr - ok
10:56:18.0443 0300 aswSnx (dcb199b967375753b5019ec15f008f53) C:\Windows\system32\drivers\aswSnx.sys
10:56:18.0455 0300 aswSnx - ok
10:56:18.0503 0300 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\Windows\system32\drivers\aswSP.sys
10:56:18.0510 0300 aswSP - ok
10:56:18.0535 0300 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\Windows\system32\drivers\aswTdi.sys
10:56:18.0537 0300 aswTdi - ok
10:56:18.0593 0300 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
10:56:18.0595 0300 AsyncMac - ok
10:56:18.0628 0300 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
10:56:18.0629 0300 atapi - ok
10:56:18.0699 0300 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
10:56:18.0707 0300 AudioEndpointBuilder - ok
10:56:18.0718 0300 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
10:56:18.0722 0300 Audiosrv - ok
10:56:18.0803 0300 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
10:56:18.0804 0300 avast! Antivirus - ok
10:56:18.0842 0300 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
10:56:18.0844 0300 avgntflt - ok
10:56:18.0888 0300 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
10:56:18.0891 0300 avipbb - ok
10:56:19.0049 0300 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
10:56:19.0054 0300 BBSvc - ok
10:56:19.0112 0300 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
10:56:19.0113 0300 Beep - ok
10:56:19.0274 0300 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\system32\qmgr.dll
10:56:19.0295 0300 BITS - ok
10:56:19.0305 0300 blbdrive - ok
10:56:19.0349 0300 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
10:56:19.0352 0300 bowser - ok
10:56:19.0401 0300 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
10:56:19.0403 0300 BrFiltLo - ok
10:56:19.0419 0300 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
10:56:19.0421 0300 BrFiltUp - ok
10:56:19.0448 0300 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
10:56:19.0451 0300 Browser - ok
10:56:19.0474 0300 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
10:56:19.0477 0300 Brserid - ok
10:56:19.0500 0300 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
10:56:19.0504 0300 BrSerWdm - ok
10:56:19.0529 0300 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
10:56:19.0530 0300 BrUsbMdm - ok
10:56:19.0542 0300 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
10:56:19.0544 0300 BrUsbSer - ok
10:56:19.0568 0300 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
10:56:19.0571 0300 BTHMODEM - ok
10:56:19.0693 0300 catchme - ok
10:56:19.0751 0300 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
10:56:19.0754 0300 cdfs - ok
10:56:19.0801 0300 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
10:56:19.0804 0300 CertPropSvc - ok
10:56:19.0861 0300 CFSvcs (c82162949bba6cc5d006c7bd008f3cf1) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
10:56:19.0864 0300 CFSvcs - ok
10:56:19.0885 0300 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
10:56:19.0888 0300 circlass - ok
10:56:19.0961 0300 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
10:56:19.0969 0300 CLFS - ok
10:56:20.0042 0300 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:56:20.0047 0300 clr_optimization_v2.0.50727_32 - ok
10:56:20.0179 0300 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:56:20.0184 0300 clr_optimization_v4.0.30319_32 - ok
10:56:20.0252 0300 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
10:56:20.0254 0300 CmBatt - ok
10:56:20.0302 0300 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
10:56:20.0304 0300 cmdide - ok
10:56:20.0322 0300 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
10:56:20.0324 0300 Compbatt - ok
10:56:20.0336 0300 COMSysApp - ok
10:56:20.0359 0300 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
10:56:20.0362 0300 crcdisk - ok
10:56:20.0388 0300 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
10:56:20.0390 0300 Crusoe - ok
10:56:20.0452 0300 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
10:56:20.0456 0300 CryptSvc - ok
10:56:20.0629 0300 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
10:56:20.0637 0300 cvhsvc - ok
10:56:20.0681 0300 CWMonitor - ok
10:56:20.0780 0300 DcomLaunch (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
10:56:20.0798 0300 DcomLaunch - ok
10:56:20.0857 0300 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
10:56:20.0858 0300 DfsC - ok
10:56:21.0221 0300 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
10:56:21.0274 0300 DFSR - ok
10:56:21.0493 0300 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
10:56:21.0501 0300 Dhcp - ok
10:56:21.0548 0300 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
10:56:21.0550 0300 disk - ok
10:56:21.0610 0300 Dnscache (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll
10:56:21.0616 0300 Dnscache - ok
10:56:21.0669 0300 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
10:56:21.0677 0300 dot3svc - ok
10:56:21.0735 0300 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
10:56:21.0743 0300 DPS - ok
10:56:21.0786 0300 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
10:56:21.0788 0300 drmkaud - ok
10:56:21.0873 0300 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
10:56:21.0879 0300 DXGKrnl - ok
10:56:21.0937 0300 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
10:56:21.0941 0300 E1G60 - ok
10:56:22.0001 0300 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
10:56:22.0003 0300 EapHost - ok
10:56:22.0065 0300 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
10:56:22.0069 0300 Ecache - ok
10:56:22.0142 0300 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
10:56:22.0149 0300 ehRecvr - ok
10:56:22.0180 0300 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
10:56:22.0184 0300 ehSched - ok
10:56:22.0204 0300 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
10:56:22.0205 0300 ehstart - ok
10:56:22.0281 0300 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
10:56:22.0289 0300 elxstor - ok
10:56:22.0387 0300 EMDMgmt (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
10:56:22.0403 0300 EMDMgmt - ok
10:56:22.0503 0300 EventSystem (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
10:56:22.0513 0300 EventSystem - ok
10:56:22.0584 0300 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
10:56:22.0588 0300 exfat - ok
10:56:22.0627 0300 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
10:56:22.0632 0300 fastfat - ok
10:56:22.0683 0300 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
10:56:22.0685 0300 fdc - ok
10:56:22.0706 0300 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
10:56:22.0710 0300 fdPHost - ok
10:56:22.0739 0300 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
10:56:22.0743 0300 FDResPub - ok
10:56:22.0769 0300 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
10:56:22.0772 0300 FileInfo - ok
10:56:22.0801 0300 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
10:56:22.0803 0300 Filetrace - ok
10:56:22.0833 0300 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
10:56:22.0835 0300 flpydisk - ok
10:56:22.0875 0300 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
10:56:22.0881 0300 FltMgr - ok
10:56:22.0971 0300 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:56:22.0973 0300 FontCache3.0.0.0 - ok
10:56:23.0865 0300 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
10:56:23.0943 0300 Fs_Rec - ok
10:56:24.0143 0300 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
10:56:24.0145 0300 FwLnk - ok
10:56:24.0173 0300 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
10:56:24.0177 0300 gagp30kx - ok
10:56:24.0377 0300 GameConsoleService (01a5829dd261b4f3dd66d7e9f9b973f5) C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
10:56:24.0383 0300 GameConsoleService - ok
10:56:24.0678 0300 GoogleDesktopManager (c95c07ef63811d1fef85d0c584b1c6ad) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
10:56:24.0708 0300 GoogleDesktopManager - ok
10:56:24.0910 0300 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
10:56:24.0926 0300 gpsvc - ok
10:56:25.0019 0300 gupdate1caa3b3b7341e00 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
10:56:25.0020 0300 gupdate1caa3b3b7341e00 - ok
10:56:25.0027 0300 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
10:56:25.0029 0300 gupdatem - ok
10:56:25.0073 0300 gusvc (751c1d2ca2abf4a9f5a6b8d7d45b907c) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:56:25.0078 0300 gusvc - ok
10:56:25.0163 0300 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
10:56:25.0169 0300 HdAudAddService - ok
10:56:25.0194 0300 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:56:25.0196 0300 HDAudBus - ok
10:56:25.0237 0300 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
10:56:25.0239 0300 HidBth - ok
10:56:25.0282 0300 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
10:56:25.0285 0300 HidIr - ok
10:56:25.0335 0300 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\System32\hidserv.dll
10:56:25.0340 0300 hidserv - ok
10:56:25.0405 0300 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
10:56:25.0407 0300 HidUsb - ok
10:56:25.0449 0300 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
10:56:25.0456 0300 hkmsvc - ok
10:56:25.0501 0300 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
10:56:25.0504 0300 HpCISSs - ok
10:56:25.0575 0300 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
10:56:25.0580 0300 HTTP - ok
10:56:25.0631 0300 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
10:56:25.0633 0300 i2omp - ok
10:56:25.0703 0300 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
10:56:25.0704 0300 i8042prt - ok
10:56:25.0793 0300 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
10:56:25.0799 0300 iaStorV - ok
10:56:25.0863 0300 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
10:56:25.0868 0300 IDriverT - ok
10:56:26.0338 0300 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:56:26.0361 0300 idsvc - ok
10:56:26.0727 0300 igfx (038815297078d236d8cc064c295a74c6) C:\Windows\system32\DRIVERS\igdkmd32.sys
10:56:26.0758 0300 igfx - ok
10:56:26.0923 0300 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
10:56:26.0925 0300 iirsp - ok
10:56:27.0010 0300 IKEEXT (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll
10:56:27.0021 0300 IKEEXT - ok
10:56:27.0237 0300 IntcAzAudAddService (b84732d9f8459abf6323d28a3270dc19) C:\Windows\system32\drivers\RTKVHDA.sys
10:56:27.0277 0300 IntcAzAudAddService - ok
10:56:27.0465 0300 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
10:56:27.0467 0300 intelide - ok
10:56:27.0518 0300 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
10:56:27.0520 0300 intelppm - ok
10:56:27.0552 0300 IO_Memory - ok
10:56:27.0593 0300 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
10:56:27.0600 0300 IPBusEnum - ok
10:56:27.0647 0300 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:56:27.0650 0300 IpFilterDriver - ok
10:56:27.0737 0300 iphlpsvc (6a35d233693edc29a12742049bc5e37f) C:\Windows\System32\iphlpsvc.dll
10:56:27.0746 0300 iphlpsvc - ok
10:56:27.0758 0300 IpInIp - ok
10:56:27.0799 0300 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
10:56:27.0801 0300 IPMIDRV - ok
10:56:27.0834 0300 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
10:56:27.0836 0300 IPNAT - ok
10:56:27.0852 0300 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
10:56:27.0853 0300 IRENUM - ok
10:56:27.0878 0300 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
10:56:27.0881 0300 isapnp - ok
10:56:27.0949 0300 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
10:56:27.0952 0300 iScsiPrt - ok
10:56:27.0971 0300 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
10:56:27.0973 0300 iteatapi - ok
10:56:28.0004 0300 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
10:56:28.0006 0300 iteraid - ok
10:56:28.0044 0300 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:56:28.0045 0300 kbdclass - ok
10:56:28.0086 0300 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
10:56:28.0088 0300 kbdhid - ok
10:56:28.0123 0300 KeyIso (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
10:56:28.0126 0300 KeyIso - ok
10:56:28.0164 0300 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
10:56:28.0169 0300 KR10I - ok
10:56:28.0225 0300 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
10:56:28.0230 0300 KR10N - ok
10:56:28.0300 0300 KR3NPXP (485e005cd51ff502fb16483eb4b69c17) C:\Windows\system32\drivers\kr3npxp.sys
10:56:28.0311 0300 KR3NPXP - ok
10:56:28.0375 0300 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
10:56:28.0381 0300 KSecDD - ok
10:56:28.0467 0300 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
10:56:28.0475 0300 KtmRm - ok
10:56:28.0529 0300 LanmanServer (1925e63c91cf1610ae41bfd539062079) C:\Windows\System32\srvsvc.dll
10:56:28.0538 0300 LanmanServer - ok
10:56:28.0598 0300 LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll
10:56:28.0609 0300 LanmanWorkstation - ok
10:56:28.0651 0300 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
10:56:28.0654 0300 lltdio - ok
10:56:28.0696 0300 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
10:56:28.0705 0300 lltdsvc - ok
10:56:28.0745 0300 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
10:56:28.0757 0300 lmhosts - ok
10:56:28.0816 0300 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
10:56:28.0819 0300 LSI_FC - ok
10:56:28.0848 0300 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
10:56:28.0851 0300 LSI_SAS - ok
10:56:28.0878 0300 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
10:56:28.0882 0300 LSI_SCSI - ok
10:56:28.0940 0300 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
10:56:28.0943 0300 luafv - ok
10:56:28.0980 0300 lxdu_device - ok
10:56:29.0035 0300 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
10:56:29.0042 0300 Mcx2Svc - ok
10:56:29.0261 0300 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
10:56:29.0264 0300 megasas - ok
10:56:29.0298 0300 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
10:56:29.0307 0300 MMCSS - ok
10:56:29.0336 0300 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
10:56:29.0339 0300 Modem - ok
10:56:29.0374 0300 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
10:56:29.0376 0300 monitor - ok
10:56:29.0417 0300 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
10:56:29.0419 0300 mouclass - ok
10:56:29.0437 0300 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
10:56:29.0439 0300 mouhid - ok
10:56:29.0479 0300 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
10:56:29.0482 0300 MountMgr - ok
10:56:29.0543 0300 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
10:56:29.0546 0300 mpio - ok
10:56:29.0579 0300 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
10:56:29.0586 0300 mpsdrv - ok
10:56:29.0639 0300 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
10:56:29.0641 0300 Mraid35x - ok
10:56:29.0685 0300 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
10:56:29.0689 0300 MRxDAV - ok
10:56:29.0745 0300 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:56:29.0752 0300 mrxsmb - ok
10:56:29.0808 0300 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:56:29.0814 0300 mrxsmb10 - ok
10:56:29.0830 0300 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:56:29.0834 0300 mrxsmb20 - ok
10:56:29.0885 0300 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
10:56:29.0888 0300 msahci - ok
10:56:29.0931 0300 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
10:56:29.0933 0300 msdsm - ok
10:56:29.0972 0300 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
10:56:29.0978 0300 MSDTC - ok
10:56:30.0007 0300 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
10:56:30.0009 0300 Msfs - ok
10:56:30.0024 0300 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
10:56:30.0026 0300 msisadrv - ok
10:56:30.0061 0300 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
10:56:30.0066 0300 MSiSCSI - ok
10:56:30.0072 0300 msiserver - ok
10:56:30.0098 0300 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
10:56:30.0099 0300 MSKSSRV - ok
10:56:30.0156 0300 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
10:56:30.0158 0300 MSPCLOCK - ok
10:56:30.0165 0300 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
10:56:30.0167 0300 MSPQM - ok
10:56:30.0209 0300 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
10:56:30.0213 0300 MsRPC - ok
10:56:30.0251 0300 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
10:56:30.0253 0300 mssmbios - ok
10:56:30.0271 0300 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
10:56:30.0273 0300 MSTEE - ok
10:56:30.0299 0300 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
10:56:30.0301 0300 Mup - ok
10:56:30.0368 0300 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
10:56:30.0380 0300 napagent - ok
10:56:30.0453 0300 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
10:56:30.0458 0300 NativeWifiP - ok
10:56:30.0545 0300 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
10:56:30.0558 0300 NDIS - ok
10:56:30.0593 0300 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
10:56:30.0596 0300 NdisTapi - ok
10:56:30.0614 0300 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
10:56:30.0616 0300 Ndisuio - ok
10:56:30.0639 0300 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
10:56:30.0643 0300 NdisWan - ok
10:56:30.0665 0300 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
10:56:30.0668 0300 NDProxy - ok
10:56:30.0688 0300 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
10:56:30.0690 0300 NetBIOS - ok
10:56:30.0728 0300 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
10:56:30.0734 0300 netbt - ok
10:56:30.0767 0300 Netlogon (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
10:56:30.0772 0300 Netlogon - ok
10:56:30.0823 0300 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
10:56:30.0838 0300 Netman - ok
10:56:30.0897 0300 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
10:56:30.0909 0300 netprofm - ok
10:56:30.0980 0300 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:56:30.0985 0300 NetTcpPortSharing - ok
10:56:31.0028 0300 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
10:56:31.0031 0300 nfrd960 - ok
10:56:31.0068 0300 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
10:56:31.0077 0300 NlaSvc - ok
10:56:31.0105 0300 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
10:56:31.0108 0300 Npfs - ok
10:56:31.0137 0300 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
10:56:31.0144 0300 nsi - ok
10:56:31.0162 0300 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
10:56:31.0165 0300 nsiproxy - ok
10:56:31.0306 0300 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
10:56:31.0325 0300 Ntfs - ok
10:56:31.0358 0300 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
10:56:31.0360 0300 ntrigdigi - ok
10:56:31.0388 0300 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
10:56:31.0390 0300 Null - ok
10:56:31.0413 0300 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
10:56:31.0417 0300 nvraid - ok
10:56:31.0442 0300 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
10:56:31.0444 0300 nvstor - ok
10:56:31.0475 0300 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
10:56:31.0478 0300 nv_agp - ok
10:56:31.0485 0300 NwlnkFlt - ok
10:56:31.0495 0300 NwlnkFwd - ok
10:56:31.0651 0300 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:56:31.0661 0300 odserv - ok
10:56:31.0695 0300 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
10:56:31.0697 0300 ohci1394 - ok
10:56:31.0775 0300 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:56:31.0780 0300 ose - ok
10:56:32.0321 0300 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:56:32.0484 0300 osppsvc - ok
10:56:32.0690 0300 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
10:56:32.0709 0300 p2pimsvc - ok
10:56:32.0728 0300 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
10:56:32.0738 0300 p2psvc - ok
10:56:32.0781 0300 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
10:56:32.0784 0300 Parport - ok
10:56:32.0810 0300 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
10:56:32.0814 0300 partmgr - ok
10:56:32.0831 0300 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
10:56:32.0833 0300 Parvdm - ok
10:56:32.0852 0300 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
10:56:32.0858 0300 PcaSvc - ok
10:56:32.0906 0300 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
10:56:32.0909 0300 pci - ok
10:56:32.0939 0300 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
10:56:32.0941 0300 pciide - ok
10:56:32.0982 0300 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
10:56:32.0988 0300 pcmcia - ok
10:56:33.0122 0300 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
10:56:33.0137 0300 PEAUTH - ok
10:56:33.0270 0300 pinger (6dbf2ac2bdaff355995ab25eccc4cfe1) C:\TOSHIBA\IVP\ISM\pinger.exe
10:56:33.0275 0300 pinger - ok
10:56:33.0439 0300 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
10:56:33.0478 0300 pla - ok
10:56:33.0636 0300 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
10:56:33.0648 0300 PlugPlay - ok
10:56:33.0751 0300 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
10:56:33.0767 0300 PNRPAutoReg - ok
10:56:33.0798 0300 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
10:56:33.0814 0300 PNRPsvc - ok
10:56:33.0891 0300 PolicyAgent (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
10:56:33.0901 0300 PolicyAgent - ok
10:56:33.0970 0300 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
10:56:33.0973 0300 PptpMiniport - ok
10:56:34.0021 0300 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
10:56:34.0023 0300 Processor - ok
10:56:34.0079 0300 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
10:56:34.0088 0300 ProfSvc - ok
10:56:34.0123 0300 ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
10:56:34.0126 0300 ProtectedStorage - ok
10:56:34.0158 0300 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
10:56:34.0162 0300 PSched - ok
10:56:34.0179 0300 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\Windows\system32\Drivers\PxHelp20.sys
10:56:34.0181 0300 PxHelp20 - ok
10:56:34.0334 0300 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
10:56:34.0354 0300 ql2300 - ok
10:56:34.0387 0300 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
10:56:34.0390 0300 ql40xx - ok
10:56:34.0438 0300 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
10:56:34.0449 0300 QWAVE - ok
10:56:34.0469 0300 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
10:56:34.0472 0300 QWAVEdrv - ok
10:56:34.0502 0300 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
10:56:34.0504 0300 RasAcd - ok
10:56:34.0537 0300 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
10:56:34.0545 0300 RasAuto - ok
10:56:34.0569 0300 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:56:34.0573 0300 Rasl2tp - ok
10:56:34.0609 0300 RasMan (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll
10:56:34.0619 0300 RasMan - ok
10:56:34.0643 0300 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
10:56:34.0646 0300 RasPppoe - ok
10:56:34.0682 0300 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
10:56:34.0685 0300 RasSstp - ok
10:56:34.0720 0300 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
10:56:34.0726 0300 rdbss - ok
10:56:34.0738 0300 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:56:34.0740 0300 RDPCDD - ok
10:56:34.0795 0300 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
10:56:34.0803 0300 rdpdr - ok
10:56:34.0811 0300 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
10:56:34.0813 0300 RDPENCDD - ok
10:56:34.0856 0300 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
10:56:34.0861 0300 RDPWD - ok
10:56:34.0895 0300 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
10:56:34.0901 0300 RemoteAccess - ok
10:56:34.0940 0300 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
10:56:34.0947 0300 RemoteRegistry - ok
10:56:34.0974 0300 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
10:56:34.0978 0300 RpcLocator - ok
10:56:35.0088 0300 RpcSs (301ae00e12408650baddc04dbc832830) C:\Windows\System32\rpcss.dll
10:56:35.0098 0300 RpcSs - ok
10:56:35.0131 0300 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
10:56:35.0134 0300 rspndr - ok
10:56:35.0183 0300 RTL8187B (67e7822975985016fdce01635fbdbbf9) C:\Windows\system32\DRIVERS\RTL8187B.sys
10:56:35.0187 0300 RTL8187B - ok
10:56:35.0223 0300 SamSs (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
10:56:35.0226 0300 SamSs - ok
10:56:35.0256 0300 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
10:56:35.0259 0300 sbp2port - ok
10:56:35.0292 0300 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
10:56:35.0299 0300 SCardSvr - ok
10:56:35.0369 0300 Schedule (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll
10:56:35.0386 0300 Schedule - ok
10:56:35.0412 0300 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
10:56:35.0414 0300 SCPolicySvc - ok
10:56:35.0456 0300 sdbus (bcca63a3d143938273a3158757389dc7) C:\Windows\system32\DRIVERS\sdbus.sys
10:56:35.0459 0300 sdbus - ok
10:56:35.0509 0300 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
10:56:35.0519 0300 SDRSVC - ok
10:56:35.0723 0300 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
10:56:35.0729 0300 SeaPort - ok
10:56:35.0755 0300 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:56:35.0757 0300 secdrv - ok
10:56:35.0773 0300 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
10:56:35.0782 0300 seclogon - ok
10:56:35.0812 0300 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
10:56:35.0821 0300 SENS - ok
10:56:35.0848 0300 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
10:56:35.0851 0300 Serenum - ok
10:56:35.0894 0300 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
10:56:35.0898 0300 Serial - ok
10:56:35.0934 0300 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
10:56:35.0937 0300 sermouse - ok
10:56:36.0351 0300 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
10:56:36.0364 0300 SessionEnv - ok
10:56:36.0392 0300 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
10:56:36.0395 0300 sffdisk - ok
10:56:36.0420 0300 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
10:56:36.0423 0300 sffp_mmc - ok
10:56:36.0440 0300 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
10:56:36.0444 0300 sffp_sd - ok
10:56:36.0466 0300 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
10:56:36.0468 0300 sfloppy - ok
10:56:36.0547 0300 Sftfs (d9b734638dd8dba9d59aad3189cd0fad) C:\Windows\system32\DRIVERS\Sftfslh.sys
10:56:36.0560 0300 Sftfs - ok
10:56:36.0678 0300 sftlist (cb73bc422c07fb611f194da18d1e7f36) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
10:56:36.0690 0300 sftlist - ok
10:56:36.0729 0300 Sftplay (2f61bd46c0bff4eb36e1e359ca17bfc5) C:\Windows\system32\DRIVERS\Sftplaylh.sys
10:56:36.0734 0300 Sftplay - ok
10:56:36.0786 0300 Sftredir (518bac0179f94304f422696b47c0ec12) C:\Windows\system32\DRIVERS\Sftredirlh.sys
10:56:36.0788 0300 Sftredir - ok
10:56:36.0807 0300 Sftvol (747325236d88b3f05ffd27ff9ec711c5) C:\Windows\system32\DRIVERS\Sftvollh.sys
10:56:36.0809 0300 Sftvol - ok
10:56:36.0869 0300 sftvsa (a5812f0281ca5081bf696626f9bf324d) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
10:56:36.0874 0300 sftvsa - ok
10:56:36.0937 0300 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
10:56:36.0946 0300 SharedAccess - ok
10:56:36.0997 0300 ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll
10:56:37.0007 0300 ShellHWDetection - ok
10:56:37.0030 0300 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
10:56:37.0033 0300 sisagp - ok
10:56:37.0063 0300 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
10:56:37.0065 0300 SiSRaid2 - ok
10:56:37.0084 0300 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
10:56:37.0088 0300 SiSRaid4 - ok
10:56:37.0403 0300 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
10:56:37.0440 0300 slsvc - ok
10:56:37.0640 0300 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
10:56:37.0648 0300 SLUINotify - ok
10:56:37.0684 0300 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
10:56:37.0688 0300 Smb - ok
10:56:37.0740 0300 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
10:56:37.0748 0300 SNMPTRAP - ok
10:56:37.0784 0300 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
10:56:37.0787 0300 spldr - ok
10:56:37.0831 0300 Spooler (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe
10:56:37.0842 0300 Spooler - ok
10:56:37.0907 0300 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
10:56:37.0916 0300 srv - ok
10:56:37.0984 0300 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
10:56:37.0990 0300 srv2 - ok
10:56:38.0030 0300 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
10:56:38.0036 0300 srvnet - ok
10:56:38.0080 0300 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
10:56:38.0091 0300 SSDPSRV - ok
10:56:38.0127 0300 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
10:56:38.0130 0300 ssmdrv - ok
10:56:38.0180 0300 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
10:56:38.0189 0300 SstpSvc - ok
10:56:38.0282 0300 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
10:56:38.0298 0300 stisvc - ok
10:56:38.0329 0300 SVRPEDRV - ok
10:56:38.0361 0300 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
10:56:38.0363 0300 swenum - ok
10:56:38.0427 0300 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
10:56:38.0438 0300 swprv - ok
10:56:38.0492 0300 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
10:56:38.0494 0300 Symc8xx - ok
10:56:38.0522 0300 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
10:56:38.0524 0300 Sym_hi - ok
10:56:38.0556 0300 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
10:56:38.0558 0300 Sym_u3 - ok
10:56:38.0623 0300 SynTP (11f730bf0d0aa4fe7de7138a32a52422) C:\Windows\system32\DRIVERS\SynTP.sys
10:56:38.0628 0300 SynTP - ok
10:56:38.0716 0300 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
10:56:38.0736 0300 SysMain - ok
10:56:38.0788 0300 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
10:56:38.0798 0300 TabletInputService - ok
10:56:38.0846 0300 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
10:56:38.0860 0300 TapiSrv - ok
10:56:38.0890 0300 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
10:56:38.0900 0300 TBS - ok
10:56:39.0032 0300 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
10:56:39.0049 0300 Tcpip - ok
10:56:39.0070 0300 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
10:56:39.0079 0300 Tcpip6 - ok
10:56:39.0107 0300 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
10:56:39.0110 0300 tcpipreg - ok
10:56:39.0139 0300 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
10:56:39.0142 0300 tdcmdpst - ok
10:56:39.0162 0300 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
10:56:39.0165 0300 TDPIPE - ok
10:56:39.0188 0300 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
10:56:39.0191 0300 TDTCP - ok
10:56:39.0253 0300 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
10:56:39.0257 0300 tdx - ok
10:56:39.0296 0300 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
10:56:39.0299 0300 TermDD - ok
10:56:39.0371 0300 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
10:56:39.0388 0300 TermService - ok
10:56:39.0442 0300 Themes (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll
10:56:39.0451 0300 Themes - ok
10:56:39.0476 0300 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
10:56:39.0481 0300 THREADORDER - ok
10:56:39.0549 0300 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\Windows\system32\drivers\tifm21.sys
10:56:39.0556 0300 tifm21 - ok
10:56:39.0666 0300 TNaviSrv (b351aa72eae95c4447a3c5329977f064) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
10:56:39.0669 0300 TNaviSrv - ok
10:56:39.0722 0300 TODDSrv (d540858e65bfa6fded41ad2495ece344) C:\Windows\system32\TODDSrv.exe
10:56:39.0730 0300 TODDSrv - ok
10:56:39.0817 0300 TosCoSrv (6a54c28b53c6b50d333c8ee974c6b208) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
10:56:39.0826 0300 TosCoSrv - ok
10:56:39.0924 0300 TOSHIBA Bluetooth Service (87843b2da99051bc66e2d6c211e3d6a4) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
10:56:39.0930 0300 TOSHIBA Bluetooth Service - ok
10:56:39.0952 0300 Tosrfcom - ok
10:56:40.0019 0300 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
10:56:40.0027 0300 tos_sps32 - ok
10:56:40.0066 0300 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
10:56:40.0075 0300 TrkWks - ok
10:56:40.0123 0300 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
10:56:40.0124 0300 TrustedInstaller - ok
10:56:40.0154 0300 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:56:40.0156 0300 tssecsrv - ok
10:56:40.0211 0300 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
10:56:40.0213 0300 tunmp - ok
10:56:40.0242 0300 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
10:56:40.0245 0300 tunnel - ok
10:56:40.0267 0300 TVALZ (521c5f39829875adf5466dd94c6282c7) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
10:56:40.0270 0300 TVALZ - ok
10:56:40.0308 0300 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
10:56:40.0310 0300 uagp35 - ok
10:56:40.0371 0300 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
10:56:40.0376 0300 udfs - ok
10:56:40.0409 0300 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
10:56:40.0416 0300 UI0Detect - ok
10:56:40.0500 0300 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
10:56:40.0504 0300 UleadBurningHelper - ok
10:56:40.0535 0300 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
10:56:40.0538 0300 uliagpkx - ok
10:56:40.0596 0300 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
10:56:40.0602 0300 uliahci - ok
10:56:40.0635 0300 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
10:56:40.0639 0300 UlSata - ok
10:56:40.0671 0300 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
10:56:40.0675 0300 ulsata2 - ok
10:56:40.0708 0300 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
10:56:40.0710 0300 umbus - ok
10:56:40.0766 0300 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
10:56:40.0778 0300 upnphost - ok
10:56:40.0825 0300 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
10:56:40.0828 0300 usbccgp - ok
10:56:40.0851 0300 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
10:56:40.0854 0300 usbcir - ok
10:56:40.0909 0300 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
10:56:40.0914 0300 usbehci - ok
10:56:40.0946 0300 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
10:56:40.0949 0300 usbhub - ok
10:56:40.0969 0300 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
10:56:40.0971 0300 usbohci - ok
10:56:41.0007 0300 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
10:56:41.0009 0300 usbprint - ok
10:56:41.0067 0300 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
10:56:41.0070 0300 usbscan - ok
10:56:41.0088 0300 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:56:41.0090 0300 USBSTOR - ok
10:56:41.0124 0300 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
10:56:41.0126 0300 usbuhci - ok
10:56:41.0193 0300 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
10:56:41.0197 0300 usbvideo - ok
10:56:41.0235 0300 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
10:56:41.0242 0300 UxSms - ok
10:56:41.0308 0300 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
10:56:41.0325 0300 vds - ok
10:56:41.0352 0300 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
10:56:41.0355 0300 vga - ok
10:56:41.0394 0300 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
10:56:41.0396 0300 VgaSave - ok
10:56:41.0423 0300 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
10:56:41.0426 0300 viaagp - ok
10:56:41.0444 0300 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
10:56:41.0446 0300 ViaC7 - ok
10:56:41.0479 0300 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
10:56:41.0481 0300 viaide - ok
10:56:41.0520 0300 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
10:56:41.0522 0300 volmgr - ok
10:56:41.0580 0300 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
10:56:41.0585 0300 volmgrx - ok
10:56:41.0655 0300 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
10:56:41.0658 0300 volsnap - ok
10:56:41.0683 0300 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
10:56:41.0685 0300 vsmraid - ok
10:56:41.0820 0300 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
10:56:41.0852 0300 VSS - ok
10:56:41.0891 0300 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
10:56:41.0904 0300 W32Time - ok
10:56:41.0969 0300 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
10:56:41.0971 0300 WacomPen - ok
10:56:42.0015 0300 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:56:42.0019 0300 Wanarp - ok
10:56:42.0026 0300 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:56:42.0029 0300 Wanarpv6 - ok
10:56:42.0095 0300 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
10:56:42.0114 0300 wcncsvc - ok
10:56:42.0150 0300 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
10:56:42.0160 0300 WcsPlugInService - ok
10:56:42.0182 0300 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
10:56:42.0184 0300 Wd - ok
10:56:42.0261 0300 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
10:56:42.0269 0300 Wdf01000 - ok
10:56:42.0297 0300 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
10:56:42.0306 0300 WdiServiceHost - ok
10:56:42.0313 0300 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
10:56:42.0320 0300 WdiSystemHost - ok
10:56:42.0365 0300 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
10:56:42.0376 0300 WebClient - ok
10:56:42.0419 0300 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
10:56:42.0428 0300 Wecsvc - ok
10:56:42.0467 0300 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
10:56:42.0474 0300 wercplsupport - ok
10:56:42.0529 0300 WerSvc (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll
10:56:42.0538 0300 WerSvc - ok
10:56:42.0657 0300 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
10:56:42.0664 0300 WinDefend - ok
10:56:42.0673 0300 WinHttpAutoProxySvc - ok
10:56:42.0745 0300 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
10:56:42.0750 0300 Winmgmt - ok
10:56:42.0894 0300 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
10:56:42.0928 0300 WinRM - ok
10:56:43.0030 0300 Wlansvc (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll
10:56:43.0049 0300 Wlansvc - ok
10:56:43.0341 0300 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:56:43.0382 0300 wlidsvc - ok
10:56:43.0578 0300 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
10:56:43.0580 0300 WmiAcpi - ok
10:56:43.0667 0300 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
10:56:43.0673 0300 wmiApSrv - ok
10:56:43.0807 0300 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
10:56:43.0835 0300 WMPNetworkSvc - ok
10:56:43.0866 0300 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
10:56:43.0883 0300 WPCSvc - ok
10:56:43.0912 0300 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
10:56:43.0927 0300 WPDBusEnum - ok
10:56:43.0986 0300 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
10:56:43.0989 0300 WpdUsb - ok
10:56:44.0186 0300 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:56:44.0208 0300 WPFFontCache_v0400 - ok
10:56:44.0253 0300 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
10:56:44.0257 0300 ws2ifsl - ok
10:56:44.0303 0300 wscsvc (683dd16b590372f2c9661d277f35e49c) C:\Windows\system32\wscsvc.dll
10:56:44.0319 0300 wscsvc - ok
10:56:44.0330 0300 WSearch - ok
10:56:44.0636 0300 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
10:56:44.0704 0300 wuauserv - ok
10:56:44.0907 0300 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:56:44.0911 0300 WUDFRd - ok
10:56:44.0951 0300 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
10:56:44.0967 0300 wudfsvc - ok
10:56:45.0033 0300 yukonwlh (1dd951cf8a69fa2bea82f3e3a811fa95) C:\Windows\system32\DRIVERS\yk60x86.sys
10:56:45.0039 0300 yukonwlh - ok
10:56:45.0079 0300 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
10:56:45.0828 0300 \Device\Harddisk0\DR0 - ok
10:56:45.0868 0300 Boot (0x1200) (eee6fcaeea5a93985a7bb34281f84a63) \Device\Harddisk0\DR0\Partition0
10:56:45.0870 0300 \Device\Harddisk0\DR0\Partition0 - ok
10:56:45.0870 0300 ============================================================
10:56:45.0870 0300 Scan finished
10:56:45.0870 0300 ============================================================
10:56:45.0891 1656 Detected object count: 0
10:56:45.0891 1656 Actual detected object count: 0
10:57:06.0747 3312 Deinitialize success

JonEJet
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-07-16
OS OS : XP
Points Points : 30186
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Wed May 30, 2012 3:31 pm

Well, this next scan was interesting.

Ran it, only to get the dreaded blue screen letting me know the computer had to be shut down, and re started

Tried it again, and the same.

Restarted the computer under "safe" mode, and ran it.....and this is what I got

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-30 11:16:13
-----------------------------
11:16:13.539 OS Version: Windows 6.0.6001 Service Pack 1
11:16:13.539 Number of processors: 2 586 0xF0D
11:16:13.539 ComputerName: JONEJET-PC UserName: JonEJet
11:16:27.267 Initialize success
11:16:31.089 AVAST engine defs: 12053000
11:16:33.133 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
11:16:33.133 Disk 0 Vendor: TOSHIBA_MK1246GSX LB213M Size: 114473MB BusType: 3
11:16:33.148 Disk 0 MBR read successfully
11:16:33.164 Disk 0 MBR scan
11:16:34.802 Disk 0 Windows VISTA default MBR code
11:16:34.849 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
11:16:36.440 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 112969 MB offset 3074048
11:16:36.534 Disk 0 scanning sectors +234434560
11:16:37.672 Disk 0 scanning C:\Windows\system32\drivers
11:16:57.516 Service scanning
11:17:32.538 Modules scanning
11:17:36.953 Disk 0 trace - called modules:
11:17:37.000 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
11:17:37.499 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84fee440]
11:17:37.499 3 CLASSPNP.SYS[82b15745] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x84e738a8]
11:17:38.544 AVAST engine scan C:\Windows
11:17:42.600 AVAST engine scan C:\Windows\system32
11:20:08.633 AVAST engine scan C:\Windows\system32\drivers
11:20:20.598 AVAST engine scan C:\Users\JonEJet
11:22:24.119 Disk 0 MBR has been saved successfully to "C:\Users\JonEJet\Desktop\MBR.dat"
11:22:24.478 The log file has been saved successfully to "C:\Users\JonEJet\Desktop\aswMBR.txt"

JonEJet
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-07-16
OS OS : XP
Points Points : 30186
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by Gabethebabe on Wed May 30, 2012 8:34 pm

Well - those tools do not find anything.

Have you tried to run Combofix in safe mode?

====================

ESET also has a specialized tool for Zero Access. You can download it [You must be registered and logged in to see this link.]. Lets see if that has more success than the symantec tool. Please tell me what it reports, if possible, copy and paste it back here.

====================

If no result comes out of this, try GMER:

Download GMER Rootkit Scanner from [You must be registered and logged in to see this link.] and save it to your desktop.
Note that it will have a random name.

  • Double click the file to run the tool. It may take a while to load.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan, click No
  • In the right panel, you will see several boxes that have been checked
  • Make sure this is unchecked: Show All
  • Make sure only your system drive (usually C:\) is checked and uncheck all other drives you might have on your system
  • Click Scan to start the scan
  • When it has finished, click Save and save the log as gmer.txt on your desktop
  • If GMER reports any <--- ROOTKIT entries, don´t take any action. It could be a false positive.
  • Click OK to quit GMER.
  • Please post the contents of gmer.txt into your next reply.


====================

Hopefully we get some more data out of these scans.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Wed May 30, 2012 9:59 pm

GMER 1.0.15.15641 - [You must be registered and logged in to see this link.]
Rootkit scan 2012-05-30 17:52:34
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 TOSHIBA_MK1246GSX rev.LB213M
Running: 311zqyeh.exe; Driver: C:\Users\JonEJet\AppData\Local\Temp\kxlirfow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8C145DF8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8C70EA5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8C14685E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8C14B2E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8C14B330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8C14B422]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8C14B252]
SSDT 8A2105B6 ZwCreateSection
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8C14B29A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8C14B3DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8C145E44]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8C70EB34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8C145AD6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8C145E90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8C148D1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8C146B02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8C14B30E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8C14B352]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8C14B446]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8C14B278]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8C14B3AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8C14B2C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8C14B400]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8C70ECA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8C1469CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8C145EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8C145F28]
SSDT 8A2105BB ZwSetContextThread
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8C145B46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8C145CEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8C145C92]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8C145D5A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x8C70ED60]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8C145F74]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8C70EBE0]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8C724D92]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 340 81EBD964 4 Bytes [F8, 5D, 14, 8C] {CLC ; POP EBP; ADC AL, 0x8c}
.text ntkrnlpa.exe!KeSetTimerEx + 364 81EBD988 4 Bytes [5A, EA, 70, 8C]
.text ntkrnlpa.exe!KeSetTimerEx + 3C4 81EBD9E8 4 Bytes [5E, 68, 14, 8C]
.text ntkrnlpa.exe!KeSetTimerEx + 404 81EBDA28 8 Bytes [E4, B2, 14, 8C, 30, B3, 14, ...]
.text ntkrnlpa.exe!KeSetTimerEx + 410 81EBDA34 4 Bytes [22, B4, 14, 8C]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 81FE4D5E 5 Bytes JMP 8C721C8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82021666 4 Bytes CALL 8C1471B5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82030FC9 4 Bytes CALL 8C1471CB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 8204D872 5 Bytes JMP 8C72374C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82099776 7 Bytes JMP 8C724D96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x87F51000, 0x4036D, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x87F9A000, 0x510, 0x40000040]
.text win32k.sys!EngCreateRectRgn + 51BE 81464121 5 Bytes JMP 8C14967C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPaint + 2098 81477417 5 Bytes JMP 8C148E4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 3DF2 81482D87 5 Bytes JMP 8C14970C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + B50 8148ADFC 5 Bytes JMP 8C148D52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + F35 8148B1E1 5 Bytes JMP 8C14A0BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCombineRgn + 3A1 8148CD4F 5 Bytes JMP 8C1497E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCombineRgn + 3161 8148FB0F 5 Bytes JMP 8C149104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetRectRgn + 192F 814927DB 5 Bytes JMP 8C148F84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 65CF 8149C989 5 Bytes JMP 8C149536 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 8742 8149EAFC 5 Bytes JMP 8C14A450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + A398 814A0752 5 Bytes JMP 8C1497FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + C760 814BC173 5 Bytes JMP 8C149384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + C833 814BC246 5 Bytes JMP 8C149562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 3FBB 814DE250 5 Bytes JMP 8C149F8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 7DEF 814E2084 5 Bytes JMP 8C148FF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 9253 814EBA92 5 Bytes JMP 8C149724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 442A 814F45A4 5 Bytes JMP 8C148E66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 9061 814F91DB 5 Bytes JMP 8C14A232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 92BD 814F9437 5 Bytes JMP 8C14A2EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLpkInstalled + 17 814FD4C0 5 Bytes JMP 8C14A07C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 3838 8150D788 5 Bytes JMP 8C14A4F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 4D52 81515F06 5 Bytes JMP 8C14A036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 17BC 8151FA3E 5 Bytes JMP 8C14A180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!STROBJ_vEnumStart + 478A 815264CD 5 Bytes JMP 8C148F22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 40E 81542D0A 5 Bytes JMP 8C1491AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + CC9 8154CBE8 5 Bytes JMP 8C1490B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 26D9 81550720 5 Bytes JMP 8C14A3A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 45CE 81552615 5 Bytes JMP 8C14973C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 30D9 8156A971 5 Bytes JMP 8C1492E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 6CAF 8156E547 5 Bytes JMP 8C149248 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[124] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 001501F8
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[124] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[124] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[124] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 001D0804
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[124] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 001D01F8
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[124] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 001D03FC
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[124] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 001D0600
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[124] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 001D0A08
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[124] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 001E03FC
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[124] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 001E0600
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[124] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 001E1014
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[124] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 001E0804
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[124] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 001E0A08
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[124] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 001E0C0C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[124] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 001E0E10
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[124] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 001E01F8
.text C:\TOSHIBA\IVP\ISM\pinger.exe[260] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 001401F8
.text C:\TOSHIBA\IVP\ISM\pinger.exe[260] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 001403FC
.text C:\TOSHIBA\IVP\ISM\pinger.exe[260] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\TOSHIBA\IVP\ISM\pinger.exe[260] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 00160804
.text C:\TOSHIBA\IVP\ISM\pinger.exe[260] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 001601F8
.text C:\TOSHIBA\IVP\ISM\pinger.exe[260] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 001603FC
.text C:\TOSHIBA\IVP\ISM\pinger.exe[260] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 00160600
.text C:\TOSHIBA\IVP\ISM\pinger.exe[260] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 00160A08
.text C:\TOSHIBA\IVP\ISM\pinger.exe[260] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 001703FC
.text C:\TOSHIBA\IVP\ISM\pinger.exe[260] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 00170600
.text C:\TOSHIBA\IVP\ISM\pinger.exe[260] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 00171014
.text C:\TOSHIBA\IVP\ISM\pinger.exe[260] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 00170804
.text C:\TOSHIBA\IVP\ISM\pinger.exe[260] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 00170A08
.text C:\TOSHIBA\IVP\ISM\pinger.exe[260] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 00170C0C
.text C:\TOSHIBA\IVP\ISM\pinger.exe[260] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 00170E10
.text C:\TOSHIBA\IVP\ISM\pinger.exe[260] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 001701F8
.text C:\Windows\System32\igfxpers.exe[372] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 001501F8
.text C:\Windows\System32\igfxpers.exe[372] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 001503FC
.text C:\Windows\System32\igfxpers.exe[372] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Windows\System32\igfxpers.exe[372] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 00170804
.text C:\Windows\System32\igfxpers.exe[372] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 001701F8
.text C:\Windows\System32\igfxpers.exe[372] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 001703FC
.text C:\Windows\System32\igfxpers.exe[372] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 00170600
.text C:\Windows\System32\igfxpers.exe[372] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 00170A08
.text C:\Windows\System32\igfxpers.exe[372] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 001803FC
.text C:\Windows\System32\igfxpers.exe[372] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 00180600
.text C:\Windows\System32\igfxpers.exe[372] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 00181014
.text C:\Windows\System32\igfxpers.exe[372] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 00180804
.text C:\Windows\System32\igfxpers.exe[372] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 00180A08
.text C:\Windows\System32\igfxpers.exe[372] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 00180C0C
.text C:\Windows\System32\igfxpers.exe[372] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 00180E10
.text C:\Windows\System32\igfxpers.exe[372] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 001801F8
.text C:\Windows\RtHDVCpl.exe[472] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 001501F8
.text C:\Windows\RtHDVCpl.exe[472] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 001503FC
.text C:\Windows\RtHDVCpl.exe[472] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Windows\RtHDVCpl.exe[472] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 001703FC
.text C:\Windows\RtHDVCpl.exe[472] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 00170600
.text C:\Windows\RtHDVCpl.exe[472] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 00171014
.text C:\Windows\RtHDVCpl.exe[472] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 00170804
.text C:\Windows\RtHDVCpl.exe[472] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 00170A08
.text C:\Windows\RtHDVCpl.exe[472] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 00170C0C
.text C:\Windows\RtHDVCpl.exe[472] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 00170E10
.text C:\Windows\RtHDVCpl.exe[472] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 001701F8
.text C:\Windows\RtHDVCpl.exe[472] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 00180804
.text C:\Windows\RtHDVCpl.exe[472] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 001801F8
.text C:\Windows\RtHDVCpl.exe[472] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 001803FC
.text C:\Windows\RtHDVCpl.exe[472] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 00180600
.text C:\Windows\RtHDVCpl.exe[472] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 00180A08
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[484] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 001501F8
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[484] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[484] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[484] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 00270804
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[484] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 002701F8
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[484] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 002703FC
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[484] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 00270600
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[484] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 00270A08
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[484] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 002803FC
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[484] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 00280600
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[484] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 00281014
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[484] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 00280804
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[484] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 00280A08
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[484] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 00280C0C
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[484] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 00280E10
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[484] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 002801F8
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[500] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 001501F8
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[500] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[500] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[500] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 001703FC
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[500] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 00170600
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[500] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 00171014
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[500] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 00170804
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[500] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 00170A08
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[500] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 00170C0C
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[500] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 00170E10
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[500] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 001701F8
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[500] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 00180804
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[500] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 001801F8
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[500] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 001803FC
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[500] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 00180600
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[500] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 00180A08
.text C:\Windows\system32\csrss.exe[528] KERNEL32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Windows\system32\wininit.exe[572] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[572] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[572] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Windows\system32\wininit.exe[572] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 000903FC
.text C:\Windows\system32\wininit.exe[572] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 00090600
.text C:\Windows\system32\wininit.exe[572] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 00091014
.text C:\Windows\system32\wininit.exe[572] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 00090804
.text C:\Windows\system32\wininit.exe[572] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 00090A08
.text C:\Windows\system32\wininit.exe[572] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 00090C0C
.text C:\Windows\system32\wininit.exe[572] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 00090E10
.text C:\Windows\system32\wininit.exe[572] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 000901F8
.text C:\Windows\system32\wininit.exe[572] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 000A0804
.text C:\Windows\system32\wininit.exe[572] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 000A01F8
.text C:\Windows\system32\wininit.exe[572] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 000A03FC
.text C:\Windows\system32\wininit.exe[572] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 000A0600
.text C:\Windows\system32\wininit.exe[572] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 000A0A08
.text C:\Windows\system32\csrss.exe[580] KERNEL32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Windows\system32\services.exe[616] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\services.exe[616] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\services.exe[616] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Windows\system32\services.exe[616] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 000B03FC
.text C:\Windows\system32\services.exe[616] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 000B0600
.text C:\Windows\system32\services.exe[616] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 000B1014
.text C:\Windows\system32\services.exe[616] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 000B0804
.text C:\Windows\system32\services.exe[616] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 000B0A08
.text C:\Windows\system32\services.exe[616] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\services.exe[616] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\services.exe[616] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 000B01F8
.text C:\Windows\system32\services.exe[616] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 000C0804
.text C:\Windows\system32\services.exe[616] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 000C01F8
.text C:\Windows\system32\services.exe[616] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 000C03FC
.text C:\Windows\system32\services.exe[616] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 000C0600
.text C:\Windows\system32\services.exe[616] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 000C0A08
.text C:\Windows\system32\lsass.exe[628] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsass.exe[628] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsass.exe[628] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Windows\system32\lsass.exe[628] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsass.exe[628] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\lsass.exe[628] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsass.exe[628] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsass.exe[628] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsass.exe[628] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsass.exe[628] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsass.exe[628] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\lsass.exe[628] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 00080804
.text C:\Windows\system32\lsass.exe[628] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\lsass.exe[628] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsass.exe[628] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\lsass.exe[628] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 00080A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 00171014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 00170C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 00170E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 00280804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 002801F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 002803FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 00280600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 00280A08
.text C:\Windows\system32\lsm.exe[640] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 000901F8
.text C:\Windows\system32\lsm.exe[640] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 000903FC
.text C:\Windows\system32\lsm.exe[640] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Windows\system32\lsm.exe[640] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 000B03FC
.text C:\Windows\system32\lsm.exe[640] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 000B0600
.text C:\Windows\system32\lsm.exe[640] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 000B1014
.text C:\Windows\system32\lsm.exe[640] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 000B0804
.text C:\Windows\system32\lsm.exe[640] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 000B0A08
.text C:\Windows\system32\lsm.exe[640] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\lsm.exe[640] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\lsm.exe[640] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 000B01F8
.text C:\Windows\system32\winlogon.exe[684] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[684] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[684] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[684] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 000503FC
.text C:\Windows\system32\winlogon.exe[684] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 00050600
.text C:\Windows\system32\winlogon.exe[684] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 00051014
.text C:\Windows\system32\winlogon.exe[684] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 00050804
.text C:\Windows\system32\winlogon.exe[684] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 00050A08
.text C:\Windows\system32\winlogon.exe[684] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 00050C0C
.text C:\Windows\system32\winlogon.exe[684] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 00050E10
.text C:\Windows\system32\winlogon.exe[684] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 000501F8
.text C:\Windows\system32\winlogon.exe[684] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 00060804
.text C:\Windows\system32\winlogon.exe[684] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 000601F8
.text C:\Windows\system32\winlogon.exe[684] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 000603FC
.text C:\Windows\system32\winlogon.exe[684] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 00060600
.text C:\Windows\system32\winlogon.exe[684] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 00060A08
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[812] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[812] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[812] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[812] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 00260804
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[812] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 002601F8
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[812] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 002603FC
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[812] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 00260600
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[812] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 00260A08
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[812] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 002703FC
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[812] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 00270600
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[812] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 00271014
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[812] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 00270804
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[812] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 00270A08
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[812] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 00270C0C
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[812] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 00270E10
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[812] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 002701F8
.text C:\Windows\system32\svchost.exe[824] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[824] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[824] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[824] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[824] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[824] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[824] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[824] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[824] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[824] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[824] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 000701F8
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[888] KERNEL32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[932] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[932] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[932] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 000C0804
.text C:\Windows\system32\svchost.exe[932] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 000C01F8
.text C:\Windows\system32\svchost.exe[932] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 000C03FC
.text C:\Windows\system32\svchost.exe[932] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 000C0600
.text C:\Windows\system32\svchost.exe[932] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 000C0A08
.text C:\Windows\System32\svchost.exe[988] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[988] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[988] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Windows\System32\svchost.exe[988] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[988] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[988] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[988] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[988] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[988] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[988] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[988] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[988] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 001A0804
.text C:\Windows\System32\svchost.exe[988] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 001A01F8
.text C:\Windows\System32\svchost.exe[988] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 001A03FC
.text C:\Windows\System32\svchost.exe[988] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 001A0600
.text C:\Windows\System32\svchost.exe[988] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 001A0A08
.text C:\Windows\System32\svchost.exe[1060] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1060] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1060] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 003B0804
.text C:\Windows\System32\svchost.exe[1060] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 003B01F8
.text C:\Windows\System32\svchost.exe[1060] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 003B03FC
.text C:\Windows\System32\svchost.exe[1060] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 003B0600
.text C:\Windows\System32\svchost.exe[1060] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 003B0A08
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1072] kernel32.dll!GetBinaryTypeW + 70

JonEJet
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-07-16
OS OS : XP
Points Points : 30186
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Wed May 30, 2012 10:03 pm

775A1CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1076] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1076] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1076] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1076] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1076] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1076] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1076] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1076] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1076] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1076] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1076] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1076] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 00150804
.text C:\Windows\system32\svchost.exe[1076] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 001501F8
.text C:\Windows\system32\svchost.exe[1076] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 001503FC
.text C:\Windows\system32\svchost.exe[1076] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 00150600
.text C:\Windows\system32\svchost.exe[1076] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 00150A08
.text C:\Windows\system32\AUDIODG.EXE[1184] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1268] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1268] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1268] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 00C10804
.text C:\Windows\system32\svchost.exe[1268] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 00C101F8
.text C:\Windows\system32\svchost.exe[1268] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 00C103FC
.text C:\Windows\system32\svchost.exe[1268] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 00C10600
.text C:\Windows\system32\svchost.exe[1268] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 00C10A08
.text C:\Windows\System32\svchost.exe[1468] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1468] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1468] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1468] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1468] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1468] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1468] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1468] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1468] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1468] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1468] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1472] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1472] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1472] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1472] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1472] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1472] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1472] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1472] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1472] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1472] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 00130804
.text C:\Windows\system32\svchost.exe[1472] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 001301F8
.text C:\Windows\system32\svchost.exe[1472] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 001303FC
.text C:\Windows\system32\svchost.exe[1472] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 00130600
.text C:\Windows\system32\svchost.exe[1472] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 00130A08
.text C:\Windows\system32\agrsmsvc.exe[1592] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 000801F8
.text C:\Windows\system32\agrsmsvc.exe[1592] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 000803FC
.text C:\Windows\system32\agrsmsvc.exe[1592] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Windows\system32\agrsmsvc.exe[1592] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 000A03FC
.text C:\Windows\system32\agrsmsvc.exe[1592] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 000A0600
.text C:\Windows\system32\agrsmsvc.exe[1592] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 000A1014
.text C:\Windows\system32\agrsmsvc.exe[1592] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 000A0804
.text C:\Windows\system32\agrsmsvc.exe[1592] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 000A0A08
.text C:\Windows\system32\agrsmsvc.exe[1592] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 000A0C0C
.text C:\Windows\system32\agrsmsvc.exe[1592] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 000A0E10
.text C:\Windows\system32\agrsmsvc.exe[1592] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 000A01F8
.text C:\Windows\system32\agrsmsvc.exe[1592] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 000B0804
.text C:\Windows\system32\agrsmsvc.exe[1592] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 000B01F8
.text C:\Windows\system32\agrsmsvc.exe[1592] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 000B03FC
.text C:\Windows\system32\agrsmsvc.exe[1592] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 000B0600
.text C:\Windows\system32\agrsmsvc.exe[1592] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 000B0A08
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1668] kernel32.dll!SetUnhandledExceptionFilter 7757700D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1668] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[1676] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\Dwm.exe[1676] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\Dwm.exe[1676] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[1676] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\Dwm.exe[1676] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\Dwm.exe[1676] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 00071014
.text C:\Windows\system32\Dwm.exe[1676] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 00070804
.text C:\Windows\system32\Dwm.exe[1676] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 00070A08
.text C:\Windows\system32\Dwm.exe[1676] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\Dwm.exe[1676] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\Dwm.exe[1676] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\Dwm.exe[1676] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 00080804
.text C:\Windows\system32\Dwm.exe[1676] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\Dwm.exe[1676] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 000803FC
.text C:\Windows\system32\Dwm.exe[1676] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\Dwm.exe[1676] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 00080A08
.text C:\Windows\Explorer.EXE[1700] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 000501F8
.text C:\Windows\Explorer.EXE[1700] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 000503FC
.text C:\Windows\Explorer.EXE[1700] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Windows\Explorer.EXE[1700] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 000703FC
.text C:\Windows\Explorer.EXE[1700] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 00070600
.text C:\Windows\Explorer.EXE[1700] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 00071014
.text C:\Windows\Explorer.EXE[1700] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 00070804
.text C:\Windows\Explorer.EXE[1700] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 00070A08
.text C:\Windows\Explorer.EXE[1700] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 00070C0C
.text C:\Windows\Explorer.EXE[1700] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 00070E10
.text C:\Windows\Explorer.EXE[1700] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 000701F8
.text C:\Windows\Explorer.EXE[1700] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 00080804
.text C:\Windows\Explorer.EXE[1700] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 000801F8
.text C:\Windows\Explorer.EXE[1700] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 000803FC
.text C:\Windows\Explorer.EXE[1700] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 00080600
.text C:\Windows\Explorer.EXE[1700] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 00080A08
.text C:\Windows\System32\spoolsv.exe[1820] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 000501F8
.text C:\Windows\System32\spoolsv.exe[1820] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 000503FC
.text C:\Windows\System32\spoolsv.exe[1820] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1820] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 000703FC
.text C:\Windows\System32\spoolsv.exe[1820] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 00070600
.text C:\Windows\System32\spoolsv.exe[1820] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 00071014
.text C:\Windows\System32\spoolsv.exe[1820] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 00070804
.text C:\Windows\System32\spoolsv.exe[1820] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 00070A08
.text C:\Windows\System32\spoolsv.exe[1820] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 00070C0C
.text C:\Windows\System32\spoolsv.exe[1820] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 00070E10
.text C:\Windows\System32\spoolsv.exe[1820] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 000701F8
.text C:\Windows\System32\spoolsv.exe[1820] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 000D0804
.text C:\Windows\System32\spoolsv.exe[1820] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 000D01F8
.text C:\Windows\System32\spoolsv.exe[1820] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 000D03FC
.text C:\Windows\System32\spoolsv.exe[1820] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 000D0600
.text C:\Windows\System32\spoolsv.exe[1820] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 000D0A08
.text C:\Windows\system32\lxducoms.exe[1912] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 001501F8
.text C:\Windows\system32\lxducoms.exe[1912] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 001503FC
.text C:\Windows\system32\lxducoms.exe[1912] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Windows\system32\lxducoms.exe[1912] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 00170804
.text C:\Windows\system32\lxducoms.exe[1912] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 001701F8
.text C:\Windows\system32\lxducoms.exe[1912] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 001703FC
.text C:\Windows\system32\lxducoms.exe[1912] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 00170600
.text C:\Windows\system32\lxducoms.exe[1912] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 00170A08
.text C:\Windows\system32\lxducoms.exe[1912] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 001803FC
.text C:\Windows\system32\lxducoms.exe[1912] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 00180600
.text C:\Windows\system32\lxducoms.exe[1912] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 00181014
.text C:\Windows\system32\lxducoms.exe[1912] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 00180804
.text C:\Windows\system32\lxducoms.exe[1912] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 00180A08
.text C:\Windows\system32\lxducoms.exe[1912] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 00180C0C
.text C:\Windows\system32\lxducoms.exe[1912] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 00180E10
.text C:\Windows\system32\lxducoms.exe[1912] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 001801F8
.text C:\Windows\system32\taskeng.exe[1916] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[1916] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[1916] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[1916] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[1916] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[1916] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[1916] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[1916] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[1916] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[1916] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[1916] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[1916] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[1916] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[1916] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 000803FC
.text C:\Windows\system32\taskeng.exe[1916] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[1916] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[1948] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[1948] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[1948] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[1948] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[1948] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[1948] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[1948] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[1948] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[1948] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[1948] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[1948] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[1948] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[1948] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[1948] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 000803FC
.text C:\Windows\system32\taskeng.exe[1948] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[1948] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 00080A08
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2160] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 000501F8
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2160] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 000503FC
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2160] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2160] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 000B03FC
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2160] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 000B0600
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2160] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 000B1014
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2160] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 000B0804
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2160] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 000B0A08
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2160] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 000B0C0C
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2160] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 000B0E10
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2160] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 000B01F8
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2160] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 008C0804
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2160] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 008C01F8
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2160] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 008C03FC
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2160] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 008C0600
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2160] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 008C0A08
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2380] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 000501F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2380] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 000503FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2380] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2380] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 001803FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2380] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 00180600
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2380] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 00181014
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2380] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 00180804
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2380] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 00180A08
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2380] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 00180C0C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2380] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 00180E10
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2380] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 001801F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2380] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 00190804
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2380] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 001901F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2380] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 001903FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2380] USER32.dll!GetWindowInfo 77070560 5 Bytes JMP 68700924 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2380] USER32.dll!SetWindowLongA 77070736 5 Bytes JMP 689701A3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2380] USER32.dll!SetWindowLongW 77071F35 5 Bytes JMP 68970135 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2380] USER32.dll!TrackPopupMenu 77081417 5 Bytes JMP 68700ECF C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2380] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 00190600
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2380] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 00190A08
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2436] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 000501F8
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2436] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 000503FC
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2436] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2436] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 000703FC
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2436] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 00070600
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2436] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 00071014
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2436] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 00070804
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2436] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 00070A08
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2436] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 00070C0C
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2436] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 00070E10
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2436] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 000701F8
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2436] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 00080804
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2436] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 000801F8
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2436] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 000803FC
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2436] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 00080600
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2436] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[2456] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2456] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2456] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2456] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[2456] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[2456] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[2456] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[2456] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[2456] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[2456] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[2456] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 000B01F8
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2484] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 001501F8
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2484] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2484] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2484] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 00170804
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2484] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 001701F8
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2484] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 001703FC
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2484] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 00170600
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2484] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 00170A08
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2484] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 001803FC
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2484] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 00180600
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2484] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 00181014
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2484] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 00180804
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2484] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 00180A08
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2484] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 00180C0C
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2484] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 00180E10
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2484] ADVAPI32.dll!CreateServiceA

JonEJet
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-07-16
OS OS : XP
Points Points : 30186
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Wed May 30, 2012 10:03 pm

77936C71 5 Bytes JMP 001801F8
.text C:\Windows\system32\TODDSrv.exe[2524] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 001401F8
.text C:\Windows\system32\TODDSrv.exe[2524] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 001403FC
.text C:\Windows\system32\TODDSrv.exe[2524] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Windows\system32\TODDSrv.exe[2524] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 00160804
.text C:\Windows\system32\TODDSrv.exe[2524] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 001601F8
.text C:\Windows\system32\TODDSrv.exe[2524] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 001603FC
.text C:\Windows\system32\TODDSrv.exe[2524] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 00160600
.text C:\Windows\system32\TODDSrv.exe[2524] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 00160A08
.text C:\Windows\system32\TODDSrv.exe[2524] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 001703FC
.text C:\Windows\system32\TODDSrv.exe[2524] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 00170600
.text C:\Windows\system32\TODDSrv.exe[2524] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 00171014
.text C:\Windows\system32\TODDSrv.exe[2524] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 00170804
.text C:\Windows\system32\TODDSrv.exe[2524] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 00170A08
.text C:\Windows\system32\TODDSrv.exe[2524] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 00170C0C
.text C:\Windows\system32\TODDSrv.exe[2524] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 00170E10
.text C:\Windows\system32\TODDSrv.exe[2524] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 001701F8
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2556] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 001501F8
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2556] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2556] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2556] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 001A03FC
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2556] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 001A0600
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2556] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 001A1014
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2556] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 001A0804
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2556] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 001A0A08
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2556] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 001A0C0C
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2556] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 001A0E10
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2556] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 001A01F8
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2556] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 001B0804
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2556] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 001B01F8
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2556] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 001B03FC
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2556] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 001B0600
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2556] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 001B0A08
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2612] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 001501F8
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2612] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2612] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2612] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 001703FC
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2612] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 00170600
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2612] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 00171014
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2612] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 00170804
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2612] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 00170A08
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2612] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 00170C0C
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2612] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 00170E10
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2612] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 001701F8
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2612] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 00180804
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2612] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 001801F8
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2612] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 001803FC
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2612] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 00180600
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2612] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2628] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2628] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2628] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2628] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2628] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 00160600
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2628] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 00161014
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2628] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 00160804
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2628] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 00160A08
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2628] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 00160C0C
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2628] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 00160E10
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2628] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 001601F8
.text C:\Windows\System32\svchost.exe[2660] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[2660] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[2660] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2660] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[2660] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[2660] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[2660] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[2660] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[2660] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[2660] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[2660] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2692] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 000401F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2692] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 000403FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2692] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2692] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 000A03FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2692] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 000A0600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2692] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 000A1014
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2692] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 000A0804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2692] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 000A0A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2692] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 000A0C0C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2692] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 000A0E10
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2692] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 000A01F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2692] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 000B0804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2692] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 000B01F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2692] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 000B03FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2692] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 000B0600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2692] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 000B0A08
.text C:\Windows\system32\SearchIndexer.exe[2708] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\SearchIndexer.exe[2708] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\SearchIndexer.exe[2708] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[2708] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\SearchIndexer.exe[2708] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\SearchIndexer.exe[2708] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 00071014
.text C:\Windows\system32\SearchIndexer.exe[2708] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 00070804
.text C:\Windows\system32\SearchIndexer.exe[2708] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 00070A08
.text C:\Windows\system32\SearchIndexer.exe[2708] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\SearchIndexer.exe[2708] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\SearchIndexer.exe[2708] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[2708] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 00080804
.text C:\Windows\system32\SearchIndexer.exe[2708] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\SearchIndexer.exe[2708] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 000803FC
.text C:\Windows\system32\SearchIndexer.exe[2708] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\SearchIndexer.exe[2708] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 00080A08
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2844] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 000D01F8
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2844] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 000D03FC
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2844] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2844] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 001503FC
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2844] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 00150600
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2844] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 00151014
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2844] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 00150804
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2844] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 00150A08
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2844] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 00150C0C
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2844] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 00150E10
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2844] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 001501F8
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2844] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 00160804
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2844] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 001601F8
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2844] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 001603FC
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2844] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 00160600
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2844] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 00160A08
.text C:\Windows\System32\mobsync.exe[2952] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 000501F8
.text C:\Windows\System32\mobsync.exe[2952] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 000503FC
.text C:\Windows\System32\mobsync.exe[2952] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Windows\System32\mobsync.exe[2952] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 000703FC
.text C:\Windows\System32\mobsync.exe[2952] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 00070600
.text C:\Windows\System32\mobsync.exe[2952] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 00071014
.text C:\Windows\System32\mobsync.exe[2952] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 00070804
.text C:\Windows\System32\mobsync.exe[2952] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 00070A08
.text C:\Windows\System32\mobsync.exe[2952] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 00070C0C
.text C:\Windows\System32\mobsync.exe[2952] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 00070E10
.text C:\Windows\System32\mobsync.exe[2952] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 000701F8
.text C:\Windows\System32\mobsync.exe[2952] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 00080804
.text C:\Windows\System32\mobsync.exe[2952] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 000801F8
.text C:\Windows\System32\mobsync.exe[2952] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 000803FC
.text C:\Windows\System32\mobsync.exe[2952] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 00080600
.text C:\Windows\System32\mobsync.exe[2952] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 00080A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[3100] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 68585B60 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3100] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 000503FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3100] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3100] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 00170804
.text C:\Program Files\Mozilla Firefox\firefox.exe[3100] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 001701F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[3100] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 001703FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3100] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 00170600
.text C:\Program Files\Mozilla Firefox\firefox.exe[3100] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 00170A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[3100] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 001803FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3100] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 00180600
.text C:\Program Files\Mozilla Firefox\firefox.exe[3100] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 00181014
.text C:\Program Files\Mozilla Firefox\firefox.exe[3100] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 00180804
.text C:\Program Files\Mozilla Firefox\firefox.exe[3100] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 00180A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[3100] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 00180C0C
.text C:\Program Files\Mozilla Firefox\firefox.exe[3100] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 00180E10
.text C:\Program Files\Mozilla Firefox\firefox.exe[3100] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 001801F8
.text C:\Windows\system32\wuauclt.exe[3164] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 000A01F8
.text C:\Windows\system32\wuauclt.exe[3164] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 000A03FC
.text C:\Windows\system32\wuauclt.exe[3164] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Windows\system32\wuauclt.exe[3164] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 001B0804
.text C:\Windows\system32\wuauclt.exe[3164] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 001B01F8
.text C:\Windows\system32\wuauclt.exe[3164] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 001B03FC
.text C:\Windows\system32\wuauclt.exe[3164] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 001B0600
.text C:\Windows\system32\wuauclt.exe[3164] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 001B0A08
.text C:\Windows\system32\wuauclt.exe[3164] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 001C03FC
.text C:\Windows\system32\wuauclt.exe[3164] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 001C0600
.text C:\Windows\system32\wuauclt.exe[3164] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 3 Bytes JMP 001C1014
.text C:\Windows\system32\wuauclt.exe[3164] ADVAPI32.dll!SetServiceObjectSecurity + 4 779366AD 1 Byte [88]
.text C:\Windows\system32\wuauclt.exe[3164] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 001C0804
.text C:\Windows\system32\wuauclt.exe[3164] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 001C0A08
.text C:\Windows\system32\wuauclt.exe[3164] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 001C0C0C
.text C:\Windows\system32\wuauclt.exe[3164] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 001C0E10
.text C:\Windows\system32\wuauclt.exe[3164] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 001C01F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3216] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 000401F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3216] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 000403FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3216] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3216] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 000903FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3216] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 00090600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3216] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 00091014
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3216] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 00090804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3216] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 00090A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3216] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 00090C0C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3216] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 00090E10
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3216] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 000901F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3216] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 000A0804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3216] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 000A01F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3216] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 000A03FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3216] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 000A0600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3216] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 000A0A08
.text C:\Users\JonEJet\Desktop\311zqyeh.exe[3312] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 001501F8
.text C:\Users\JonEJet\Desktop\311zqyeh.exe[3312] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 001503FC
.text C:\Users\JonEJet\Desktop\311zqyeh.exe[3312] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Users\JonEJet\Desktop\311zqyeh.exe[3312] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 001903FC
.text C:\Users\JonEJet\Desktop\311zqyeh.exe[3312] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 00190600
.text C:\Users\JonEJet\Desktop\311zqyeh.exe[3312] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 00191014
.text C:\Users\JonEJet\Desktop\311zqyeh.exe[3312] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 00190804
.text C:\Users\JonEJet\Desktop\311zqyeh.exe[3312] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 00190A08
.text C:\Users\JonEJet\Desktop\311zqyeh.exe[3312] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 00190C0C
.text C:\Users\JonEJet\Desktop\311zqyeh.exe[3312] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 00190E10
.text C:\Users\JonEJet\Desktop\311zqyeh.exe[3312] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 001901F8
.text C:\Users\JonEJet\Desktop\311zqyeh.exe[3312] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 001A0804
.text C:\Users\JonEJet\Desktop\311zqyeh.exe[3312] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 001A01F8
.text C:\Users\JonEJet\Desktop\311zqyeh.exe[3312] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 001A03FC
.text C:\Users\JonEJet\Desktop\311zqyeh.exe[3312] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 001A0600
.text C:\Users\JonEJet\Desktop\311zqyeh.exe[3312] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 001A0A08
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3688] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 000501F8
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3688] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3688] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3688] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3688] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 00080600
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3688] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 00081014
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3688] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 00080804
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3688] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 00080A08
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3688] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 00080C0C
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3688] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 00080E10
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3688] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 000801F8
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3688] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 00090804
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3688] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 000901F8
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3688] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 000903FC
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3688] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 00090600
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3688] USER32.dll!UnhookWindowsHookEx 770908BE 3 Bytes JMP 00090A08
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3688] USER32.dll!UnhookWindowsHookEx + 4 770908C2 1 Byte [89]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3992] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 001501F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3992] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3992] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3992] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 00170804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3992] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 001701F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3992] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 001703FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3992] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 00170600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3992] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 00170A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3992] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 001803FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3992] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 00180600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3992] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 00181014
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3992] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 00180804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3992] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 00180A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3992] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 00180C0C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3992] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 00180E10
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3992] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 001801F8
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4064] ntdll.dll!LdrLoadDll 77AF79B3 5 Bytes JMP 001501F8
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4064] ntdll.dll!LdrUnloadDll 77B0E5AC 5 Bytes JMP 001503FC
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4064] kernel32.dll!GetBinaryTypeW + 70 775A1CE8 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4064] USER32.dll!SetWindowsHookExW 77067B69 5 Bytes JMP 00170804
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4064] USER32.dll!SetWinEventHook 7706915C 5 Bytes JMP 001701F8
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4064] USER32.dll!UnhookWinEvent 7706B702 5 Bytes JMP 001703FC
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4064] USER32.dll!SetWindowsHookExA 7708BB0E 5 Bytes JMP 00170600
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4064] USER32.dll!UnhookWindowsHookEx 770908BE 5 Bytes JMP 00170A08
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4064] ADVAPI32.dll!CreateServiceW 778F38FF 5 Bytes JMP 001803FC
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4064] ADVAPI32.dll!DeleteService 778F3BEE 5 Bytes JMP 00180600
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4064] ADVAPI32.dll!SetServiceObjectSecurity 779366A9 5 Bytes JMP 00181014
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4064] ADVAPI32.dll!ChangeServiceConfigA 779367A9 5 Bytes JMP 00180804
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4064] ADVAPI32.dll!ChangeServiceConfigW 77936951 5 Bytes JMP 00180A08
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4064] ADVAPI32.dll!ChangeServiceConfig2A 77936A69 5 Bytes JMP 00180C0C
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4064] ADVAPI32.dll!ChangeServiceConfig2W 77936BB1 5 Bytes JMP 00180E10
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4064] ADVAPI32.dll!CreateServiceA 77936C71 5 Bytes JMP 001801F8

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[616] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00100002
IAT C:\Windows\system32\services.exe[616] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00100000
IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[1072] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [71F2F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1668] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [71F2F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Files - GMER 1.0.15 ----

File C:\avast! sandbox 0 bytes
File C:\avast! sandbox\S-1-5-21-3334157229-1843940417-2705372315-1000 0 bytes
File C:\avast! sandbox\S-1-5-21-3334157229-1843940417-2705372315-1000\webStorage 0 bytes
File C:\avast! sandbox\S-1-5-21-3334157229-1843940417-2705372315-1000\webStorage\C 0 bytes
File C:\avast! sandbox\S-1-5-21-3334157229-1843940417-2705372315-1000\webStorage\snx_fs.dat 180 bytes
File C:\avast! sandbox\snx_rhive 262144 bytes
File C:\avast! sandbox\snx_rhive.LOG1 21504 bytes
File C:\avast! sandbox\snx_rhive.LOG2 0 bytes
File C:\avast! sandbox\snx_rhive{58f0e527-a8f7-11e1-a69c-00a0d19c578a}.TM.blf 65536 bytes
File C:\avast! sandbox\snx_rhive{58f0e527-a8f7-11e1-a69c-00a0d19c578a}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
File C:\avast! sandbox\snx_rhive{58f0e527-a8f7-11e1-a69c-00a0d19c578a}.TMContainer00000000000000000002.regtrans-ms 524288 bytes

---- EOF - GMER 1.0.15 ----

JonEJet
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-07-16
OS OS : XP
Points Points : 30186
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Wed May 30, 2012 10:06 pm

Ran the other program, and it says

Win32/Sirefef is not found


Something sure isn't right, and tried ComboFix in safe mode once again with no luck

JonEJet
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-07-16
OS OS : XP
Points Points : 30186
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by Gabethebabe on Thu May 31, 2012 1:01 pm

OK, I asked some of our staff to help me on this, it appears that we deal with a tough new variant.

Please delete combofix from your desktop. We´re going to download a new copy by the following instructions:

Please visit [You must be registered and logged in to see this link.] and proceed to download ComboFix, but rename it during the download, to make sure the malware does not interfere.

The easiest is to download using Internet Explorer. If you insist on using Mozilla Firefox, you have to make a change to its configuration:
Tools >> Options >> General >> Downloads >> select Always ask me where to save files.

Use one of the links in the guide to download ComboFix and when your browser asks you where to save it, change the name of the file to svchost.exe and save it to your desktop.



Doubleclick svchost.exe to run the tool. Please post its log back here.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Thu May 31, 2012 1:04 pm

I tried to delete the Combo fix using the tutorial, and I can't remove it....I tried yesterday, and will try again

JonEJet
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-07-16
OS OS : XP
Points Points : 30186
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Thu May 31, 2012 1:45 pm

I ran this, per the Combofix guide and tutorial

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_22
Run by JonEJet at 9:42:27 on 2012-05-31
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.836 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\lxducoms.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = http=127.0.0.1:54828
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\users\jonejet\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\users\jonejet\appdata\local\temp\quickstart.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
TCP: DhcpNameServer = 208.59.247.45 208.59.247.46
TCP: Interfaces\{3BCB3EAE-FB8F-4141-8934-8A0E11E5B570} : DhcpNameServer = 192.168.11.1
TCP: Interfaces\{DBCEC8C8-8DDA-4014-B428-FED0EEFC40F8} : DhcpNameServer = 208.59.247.45 208.59.247.46
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jonejet\appdata\roaming\mozilla\firefox\profiles\okcrvxtn.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 54828
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-2-8 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-2-9 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-2-9 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-2-8 57688]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-2-8 44768]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-6-17 66616]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2007-11-6 7168]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2007-12-11 252416]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-6-17 136360]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-6-17 269480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
S2 gupdate1caa3b3b7341e00;Google Update Service (gupdate1caa3b3b7341e00);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 133104]
S2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 133104]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-05-31 13:18:20 0 ----a-w- c:\windows\system32\sho5BF7.tmp
2012-05-31 13:10:08 -------- d-----w- C:\MyComboFix
2012-05-30 14:20:51 -------- d-----w- c:\users\jonejet\appdata\roaming\FixZeroAccess
2012-05-29 15:23:37 -------- d-----w- c:\program files\Free Download Manager
2012-05-29 15:22:36 -------- d-----w- c:\programdata\Babylon
2012-05-29 15:22:35 -------- d-----w- c:\users\jonejet\appdata\roaming\Babylon
2012-05-29 14:33:40 0 ----a-w- c:\windows\system32\shoD4F8.tmp
2012-05-29 13:26:58 6737808 ------w- c:\programdata\microsoft\windows defender\definition updates\updates\mpengine.dll
2012-05-28 20:49:55 -------- d-----w- c:\programdata\Sophos
2012-05-28 20:49:47 73728 ----a-r- c:\users\jonejet\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-05-28 20:49:47 73728 ----a-r- c:\users\jonejet\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-05-28 20:49:47 73728 ----a-r- c:\users\jonejet\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe
2012-05-28 20:49:08 -------- d-----w- c:\program files\Sophos
2012-05-28 19:04:44 -------- d-----w- c:\programdata\blekko toolbars
2012-05-28 19:04:14 -------- d-----w- c:\users\jonejet\appdata\local\blekkotb_031
.
==================== Find3M ====================
.
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 23:15:19 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:01:48 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
.
============= FINISH: 9:43:45.36 ===============

JonEJet
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-07-16
OS OS : XP
Points Points : 30186
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Thu May 31, 2012 2:16 pm

Wow, is this getting aggravating. I deleted Combofix from my desktop, and downloaded it per your instructions. I renamed it, as per your instructions. I ran the program from my desktop, and as I ran it, it automatically renamed it on my laptop to Combofix once again.

Still in the loop.

I even try to uninstall it, just to reinstall it. I can not uninstall.

Wow, what to do?

JonEJet
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-07-16
OS OS : XP
Points Points : 30186
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Thu May 31, 2012 3:26 pm

Is system restore an option? I'm losing it...took work off today....lol

JonEJet
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-07-16
OS OS : XP
Points Points : 30186
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Fri Jun 01, 2012 1:19 am

So, I was finally able to uninstall the Combofix.....went to Safe Mode to run it,and thought I had it,until it decided to reboot.

Also, even though I rename the file when I save it, when I run it, it changes back to combofix on my desktop.

Frustrated beyond belief at this point

JonEJet
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-07-16
OS OS : XP
Points Points : 30186
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by Gabethebabe on Fri Jun 01, 2012 8:38 am

I understand

I am currently awaiting some feedback from my colleagues, who are more up to date with this infection.

I have an idea of my own, but I first have to verify whether the procedure actually works.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by Gabethebabe on Fri Jun 01, 2012 9:59 am

OK, I haven´t heard yet from my colleagues, so we´re going with my plan.

The malware has a firm grip on your computer and our tools cannot penetrate its defenses. So we are going to approach your harddisk with a boot cd, because in that way the malware is not loaded and helpless.

====================

Please download SystemLook by jpshortstuff from one of the locations below and save it to the root directory of your system harddisk (C:\SystemLook.exe), so we can find it easily later.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

====================

This is where we create the boot CD.

  • You will need a blank CD to burn it.
  • Download OTLPEStd.exe by OldTimer from [You must be registered and logged in to see this link.] (a big download)
  • Double-click on OTLPEStd.exe to burn the boot CD
  • Print the instructions below, because you won't have internet access during the next steps.
  • Reboot your system using the boot CD you just created. If you don´t know how to boot from CD, check out [You must be registered and logged in to see this link.]
  • Booting will take quite some time, so please be patient
  • Finally you should see the REATOGO-X-PE desktop.
  • Browse to your system disk, run SystemLook.exe by double clicking it
  • In the text field write the following:
    :dir
    c:\windows\system32\drivers /n*.sys /md5
    c:\windows\system32 /n*.dll /md5
  • After that, click Look.
  • It will generate a report (SystemLook.txt). Please copy and paste that into your next post.




Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by Gabethebabe on Fri Jun 01, 2012 1:29 pm

Besides doing what I said in my previous post, please also do the following (without booting from CD):

Please download OTL by OldTimer from [You must be registered and logged in to see this link.] and save it to your desktop.
  • Close all windows and double click OTL.exe.
  • The Extra Registry setting should be Use Safelist
  • Copy and paste the following text into the Custom Scans/Fixes box:

Code:
%APPDATA%\Microsoft\*.*
%systemroot%\system32\config\systemprofile\*.dat /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\winn32\*.*
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%PROGRAMFILES%\Mozilla Firefox\*.exe
%ProgramFiles%\TinyProxy.
%systemroot%\system32\*.* /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.* /lockedfiles
%PROGRAMFILES%\*.
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
netlogon.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
disk.sys
explorer.exe
userinit.exe
winlogon.exe
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
  • Click the Run Scan button and allow it to run.
  • It will produce two logs for you, OTL.txt and Extras.txt. Please post both logs in this thread.
  • You may need multiple posts to get it all.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Fri Jun 01, 2012 4:35 pm

Okay, this is so much fun. Once again, thank you for your help.

So I tried to run my DVD/CD player. Sure enough it seems to be infused with this virus. It won't run.

Secondly, I copied and pasted the instructions in the Old Timer. Ran it,and once it scanned right to my firefox, it would stop the scan. So, I uninstalled my firefox, and tried it that way with no luck.

I will now try in safe mode, and will give you my results.

JonEJet
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-07-16
OS OS : XP
Points Points : 30186
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Fri Jun 01, 2012 4:55 pm

Once again, the scan will not finish even in safe mode once the scan reaches firefox.

Time for a new computer? lol

JonEJet
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-07-16
OS OS : XP
Points Points : 30186
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by Gabethebabe on Sat Jun 02, 2012 2:12 pm

You DVD/CD does not work at all, as in: it has a hardware problem? Because if it does not work at all, we cannot go the offline booting route, which is a pretty important route.

If the malware just disables the CD, maybe you can burn it on a clean computer?

If all fails, we can always go and take out the HD from your laptop, it will have a standard SATA connection and plug it into a working computer.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Sat Jun 02, 2012 2:17 pm

Ahhh....I can burn from another computer

Not sure what I was thinking...thought I had to burn from this computer


I can always do the hard drive thing....I have another working laptop close.

I don't think there is a hardware problem with my cd/dvd, rather it seems the virus disables it


Think I'll pull the hard drive and try to fix that way

JonEJet
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-07-16
OS OS : XP
Points Points : 30186
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Sat Jun 02, 2012 4:03 pm

Going to have to try another laptop to transfer hard drives.

Was not able to access the internet when I transferred the hard drive

JonEJet
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-07-16
OS OS : XP
Points Points : 30186
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Sun Jun 03, 2012 12:08 am

Okay, I did exactly what you told me,and came up with the following report

Not much here, so maybe I did something wrong?

SystemLook 30.07.11 by jpshortstuff
Log created at 20:43 on 02/06/2012 by %USERNAME%
Administrator - Elevation successful

No Context: ":dir

No Context: c:\windows\system32\drivers/n*.sys/md5

No Context: c:\windows\system32/n*.dll/md5

-= EOF =-

JonEJet
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-07-16
OS OS : XP
Points Points : 30186
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Sun Jun 03, 2012 12:15 am

Okay, tried it again ....maybe this is what we're looking for

SystemLook 30.07.11 by jpshortstuff
Log created at 21:11 on 02/06/2012 by JonEJet
Administrator - Elevation successful

========== dir ==========

c:\windows\system32\drivers - Parameters: "/n*.sys /md5"

---Files---
1394bus.sys --a---- 53376 bytes [08:55 02/11/2006] [08:55 02/11/2006] B46AA621E7BD4FE150BCC140DACEDA1B
acpi.sys --a---- 266808 bytes [19:42 28/01/2011] [04:43 19/01/2008] FCB8C7210F0135E24C6580F7F649C73C
adp94xx.sys --a---- 420968 bytes [07:36 02/11/2006] [09:51 02/11/2006] 2EDC5BBAC6C651ECE337BDE8ED97C9FB
adpahci.sys --a---- 297576 bytes [07:36 02/11/2006] [09:51 02/11/2006] B84088CA3CDCA97DA44A984C6CE1CCAD
adpu160m.sys --a---- 98408 bytes [07:36 02/11/2006] [09:50 02/11/2006] 7880C67BCCC27C86FD05AA2AFB5EA469
adpu320.sys --a---- 147048 bytes [07:36 02/11/2006] [09:51 02/11/2006] 9AE713F8E30EFC2ABCCD84904333DF4D
afd.sys --a---- 273408 bytes [19:45 14/06/2011] [13:16 21/04/2011] 48EB99503533C27AC6135648E5474457
AGP440.sys --a---- 53864 bytes [08:35 02/11/2006] [09:49 02/11/2006] EF23439CDD587F64C2C1B8825CEAD7D8
AGRSM.sys --a---- 1161888 bytes [23:11 28/11/2006] [23:11 28/11/2006] CE91B158FA490CF4C4D487A4130F4660
aliide.sys --a---- 14952 bytes [08:51 02/11/2006] [09:49 02/11/2006] 90395B64600EBB4552E26E178C94B2E4
AMDAGP.SYS --a---- 54888 bytes [08:35 02/11/2006] [09:49 02/11/2006] 2B13E304C9DFDFA5EB582F6A149FA2C7
amdide.sys --a---- 15464 bytes [08:51 02/11/2006] [09:49 02/11/2006] 0577DF1D323FE75A739C787893D300EA
amdk7.sys --a---- 38912 bytes [08:30 02/11/2006] [08:30 02/11/2006] DC487885BCEF9F28EECE6FAC0E5DDFC5
amdk8.sys --a---- 40960 bytes [08:30 02/11/2006] [08:30 02/11/2006] 0CA0071DA4315B00FC1328CA86B425DA
arc.sys --a---- 67688 bytes [07:36 02/11/2006] [09:50 02/11/2006] 5F673180268BB1FDB69C99B6619FE379
arcsas.sys --a---- 67688 bytes [07:36 02/11/2006] [09:50 02/11/2006] 957F7540B5E7F602E44648C7DE5A1C05
aswFsBlk.sys --a---- 20696 bytes [04:00 09/02/2012] [23:01 06/03/2012] 0AE43C6C411254049279C2EE55630F95
aswMonFlt.sys --a---- 57688 bytes [03:59 09/02/2012] [23:01 06/03/2012] 6693141560B1615D8DCCF0D8EB00087E
aswRdr.sys --a---- 35672 bytes [04:00 09/02/2012] [23:02 06/03/2012] DA12626FD9A67F4E917E2F2FBE1E1764
aswSnx.sys --a---- 612184 bytes [03:59 09/02/2012] [23:03 06/03/2012] DCB199B967375753B5019EC15F008F53
aswSP.sys --a---- 337880 bytes [04:00 09/02/2012] [23:03 06/03/2012] B32873E5A1443C0A1E322266E203BF10
aswTdi.sys --a---- 53848 bytes [04:00 09/02/2012] [23:01 06/03/2012] 6FF544175A9180C5D88534D3D9C9A9F7
asyncmac.sys --a---- 17408 bytes [19:42 28/01/2011] [02:56 19/01/2008] 53B202ABEE6455406254444303E87BE1
atapi.sys --a---- 21560 bytes [19:42 28/01/2011] [04:41 19/01/2008] 2D9C903DC76A66813D350A562DE40ED9
ataport.sys --a---- 110136 bytes [19:42 28/01/2011] [04:43 19/01/2008] D1C03AE69C29E239FC8000C5C0DEA709
avgntdd.sys --a---- 51992 bytes [15:51 17/06/2010] [16:49 11/05/2009] 323860EC84BB332B613530D904380A4D
avgntflt.sys --a---- 66616 bytes [15:51 17/06/2010] [17:20 30/06/2011] 1E4114685DE1FFA9675E09C6A1FB3F4B
avgntmgr.sys --a---- 17016 bytes [15:51 17/06/2010] [16:49 11/05/2009] 7F8283EA8284DFDE226E3262BED8C92A
avipbb.sys --a---- 138192 bytes [15:51 17/06/2010] [17:20 30/06/2011] 0F78D3DAE6DEDD99AE54C9491C62ADF2
battc.sys --a---- 28216 bytes [19:42 28/01/2011] [04:41 19/01/2008] 2B8A5A8879238C3BA9A89A8E3AC4E45D
bdasup.sys --a---- 12288 bytes [19:42 28/01/2011] [02:53 19/01/2008] 9F5F8F2318DFA3974A6F6A5602733929
beep.sys --a---- 6144 bytes [19:42 28/01/2011] [02:49 19/01/2008] 67E506B75BD5326A3EC7B70BD014DFB6
bowser.sys --a---- 69632 bytes [05:20 03/05/2011] [12:51 22/02/2011] 8153396D5551276227FA146900F734E6
BrFiltLo.sys --a---- 13568 bytes [09:38 02/11/2006] [08:24 02/11/2006] 9F9ACC7F7CCDE8A15C282D3F88B43309
BrFiltUp.sys --a---- 5248 bytes [09:37 02/11/2006] [08:24 02/11/2006] 56801AD62213A41F6497F96DEE83755A
bridge.sys --a---- 93696 bytes [19:42 28/01/2011] [03:58 19/01/2008] 72DF06D26AE4CED2E08F428B96302B0E
BrSerId.sys --a---- 71808 bytes [09:22 02/11/2006] [08:25 02/11/2006] B304E75CFF293029EDDF094246747113
BrSerWdm.sys --a---- 62336 bytes [09:36 02/11/2006] [08:24 02/11/2006] 203F0B1E73ADADBBB7B7B1FABD901F6B
BrUsbMdm.sys --a---- 12160 bytes [09:37 02/11/2006] [08:24 02/11/2006] BD456606156BA17E60A04E18016AE54B
BrUsbSer.sys --a---- 11904 bytes [09:38 02/11/2006] [08:24 02/11/2006] AF72ED54503F717A43268B3CC5FAEC2E
bthmodem.sys --a---- 39936 bytes [08:55 02/11/2006] [08:55 02/11/2006] AD07C1EC6665B8B35741AB91200C6B68
cdfs.sys --a---- 70144 bytes [19:42 28/01/2011] [02:28 19/01/2008] 7ADD03E75BEB9E6DD102C3081D29840A
cdr4_xp.sys --a---- 2432 bytes [22:48 06/11/2007] [02:42 05/10/2006] BF79E659C506674C0497CC9C61F1A165
cdralw2k.sys --a---- 2560 bytes [22:48 06/11/2007] [02:42 05/10/2006] 2C41CD49D82D5FD85C72D57B6CA25471
cdrom.sys --a---- 67072 bytes [19:42 28/01/2011] [02:49 19/01/2008] 1EC25CEA0DE6AC4718BF89F9E1778B57
circlass.sys --a---- 35328 bytes [08:55 02/11/2006] [08:55 02/11/2006] DA8E0AFC7BAA226C538EF53AC2F90897
Classpnp.sys --a---- 127544 bytes [19:43 28/01/2011] [04:43 19/01/2008] 4388CEBB2C6A7F484AC409A90A3C9FAE
CmBatt.sys --a---- 14208 bytes [19:43 28/01/2011] [02:32 19/01/2008] 99AFC3795B58CC478FBBBCDC658FCB56
cmdide.sys --a---- 16488 bytes [08:51 02/11/2006] [09:49 02/11/2006] 45201046C776FFDAF3FC8A0029C581C8
compbatt.sys --a---- 20792 bytes [19:43 28/01/2011] [04:41 19/01/2008] 6AFEF0B60FA25DE07C0968983EE4F60A
crashdmp.sys --a---- 36408 bytes [19:43 28/01/2011] [04:42 19/01/2008] E9ACAE97F17C99CB735A1E08859BF806
crcdisk.sys --a---- 22632 bytes [08:52 02/11/2006] [09:49 02/11/2006] 2A213AE086BBEC5E937553C7D9A2B22C
crusoe.sys --a---- 38912 bytes [08:30 02/11/2006] [08:30 02/11/2006] 22A7F883508176489F559EE745B5BF5D
dfsc.sys --a---- 75264 bytes [19:45 14/06/2011] [14:24 14/04/2011] A3E9FA213F443AC77C7746119D13FEEC
disk.sys --a---- 55352 bytes [19:43 28/01/2011] [04:42 19/01/2008] 64109E623ABD6955C8FB110B592E68B7
Diskdump.sys --a---- 19968 bytes [19:43 28/01/2011] [02:49 19/01/2008] 0183496303B4F8A5878D99A667F33170
djsvs.sys --a---- 71272 bytes [07:36 02/11/2006] [09:50 02/11/2006] AE1FDF7BF7BB6C6A70F67699D880592A
drmk.sys --a---- 130048 bytes [19:42 28/01/2011] [03:53 19/01/2008] 7BE5A3C671A2CB56E94403BFC2020A0D
drmkaud.sys --a---- 5632 bytes [19:42 28/01/2011] [02:53 19/01/2008] 97FEF831AB90BEE128C9AF390E243F80
Dumpata.sys --a---- 29240 bytes [19:42 28/01/2011] [04:41 19/01/2008] C078D2B163F090601200FA5A6FF3CE0A
dxapi.sys --a---- 13312 bytes [19:42 28/01/2011] [02:36 19/01/2008] EAAAFEF04FBB45665C9576E525D45A12
dxg.sys --a---- 76288 bytes [19:42 28/01/2011] [02:36 19/01/2008] 6D16255C9EB5683F83A472E1679ED2E4
dxgkrnl.sys --a---- 625152 bytes [21:18 29/01/2011] [01:01 02/08/2008] 85F33880B8CFB554BD3D9CCDB486845A
E1G60I32.sys --a---- 117760 bytes [10:25 02/11/2006] [07:30 02/11/2006] F88FB26547FD2CE6D0A5AF2985892C48
ecache.sys --a---- 143416 bytes [19:43 28/01/2011] [04:42 19/01/2008] DD2CD259D83D8B72C02C5F2331FF9D68
elxstor.sys --a---- 316520 bytes [07:36 02/11/2006] [09:51 02/11/2006] E8F3F21A71720C84BCF423B80028359F
exfat.sys --a---- 136192 bytes [19:43 28/01/2011] [02:28 19/01/2008] 0D858EB20589A34EFB25695ACAA6AA2D
fastfat.sys --a---- 143360 bytes [19:43 28/01/2011] [02:28 19/01/2008] 3C489390C2E2064563727752AF8EAB9E
fdc.sys --a---- 25088 bytes [08:51 02/11/2006] [08:51 02/11/2006] 63BDADA84951B9C03E641800E176898A
fileinfo.sys --a---- 58936 bytes [19:43 28/01/2011] [04:42 19/01/2008] A8C0139A884861E3AAE9CFE73B208A9F
filetrace.sys --a---- 27648 bytes [19:43 28/01/2011] [02:30 19/01/2008] 0AE429A696AECBC5970E3CF2C62635AE
flpydisk.sys --a---- 20480 bytes [08:51 02/11/2006] [08:51 02/11/2006] 6603957EFF5EC62D25075EA8AC27DE68
fltMgr.sys --a---- 192056 bytes [19:43 28/01/2011] [04:42 19/01/2008] 05EA53AFE985443011E36DAB07343B46
fs_rec.sys --a---- 12800 bytes [19:42 28/01/2011] [02:27 19/01/2008] 65EA8B77B5851854F0C55C43FA51A198
FwLnk.sys --a---- 7168 bytes [22:37 06/11/2007] [06:11 20/11/2006] CBC22823628544735625B280665E434E
FWPKCLNT.SYS --a---- 101432 bytes [19:42 28/01/2011] [04:43 19/01/2008] 495FA4351A96F228B4301D1E616DEFA0
GAGP30KX.SYS --a---- 58984 bytes [08:35 02/11/2006] [09:50 02/11/2006] 4E1CD0A45C50A8882616CAE5BF82F3C5
hdaudbus.sys --a---- 53760 bytes [19:42 28/01/2011] [01:30 19/01/2008] C87B1EE051C0464491C1A7B03FA0BC99
HdAudio.sys --a---- 235520 bytes [10:25 02/11/2006] [07:36 02/11/2006] CB04C744BE0A61B1D648FAED182C3B59
hidbth.sys --a---- 29184 bytes [08:55 02/11/2006] [08:55 02/11/2006] 1338520E78D90154ED6BE8F84DE5FCEB
hidclass.sys --a---- 38912 bytes [19:42 28/01/2011] [02:53 19/01/2008] 04F49DDD00A26C6CA984A9B480FDAA33
hidir.sys --a---- 21504 bytes [08:55 02/11/2006] [08:55 02/11/2006] FF3160C3A2445128C5A6D9B076DA519E
hidparse.sys --a---- 25472 bytes [19:42 28/01/2011] [02:53 19/01/2008] 175444D3A01CA45D0E1C5DC5F48DF7CD
hidusb.sys --a---- 12288 bytes [19:42 28/01/2011] [02:53 19/01/2008] 854CA287AB7FAF949617A788306D967E
HpCISSs.sys --a---- 37480 bytes [07:36 02/11/2006] [09:50 02/11/2006] DF353B401001246853763C4B7AAA6F50
http.sys --a---- 411136 bytes [07:04 22/03/2010] [21:18 20/02/2010] 96E241624C71211A79C84F50A8E71CAB
i2omgmt.sys --a---- 16488 bytes [08:52 02/11/2006] [09:49 02/11/2006] 8420BF9AD8AE0B4A96F30BD7C8FB9ADF
i2omp.sys --a---- 27752 bytes [08:51 02/11/2006] [09:49 02/11/2006] 324C2152FF2C61ABAE92D09F3CCA4D63
i8042prt.sys --a---- 54784 bytes [19:42 28/01/2011] [02:49 19/01/2008] 22D56C8184586B7A1F6FA60BE5F5A2BD
iaStorV.sys --a---- 232040 bytes [07:36 02/11/2006] [09:51 02/11/2006] C957BF4B5D80B46C5017BF0101E6C906
igdkmd32.sys --a---- 1925632 bytes [23:23 13/09/2007] [23:23 13/09/2007] 038815297078D236D8CC064C295A74C6
iirsp.sys --a---- 41576 bytes [07:36 02/11/2006] [09:50 02/11/2006] 2D077BF86E843F901D8DB709C95B49A5
intelide.sys --a---- 17976 bytes [19:44 28/01/2011] [04:41 19/01/2008] 83AA759F3189E6370C30DE5DC5590718
intelppm.sys --a---- 41472 bytes [19:44 28/01/2011] [02:27 19/01/2008] 224191001E78C89DFA78924C3EA595FF
ipfltdrv.sys --a---- 47616 bytes [19:44 28/01/2011] [02:56 19/01/2008] 62C265C38769B864CB25B4BCF62DF6C3
IPMIDrv.sys --a---- 65536 bytes [08:42 02/11/2006] [08:42 02/11/2006] 40F34F8ABA2A015D780E4B09138B6C17
ipnat.sys --a---- 100864 bytes [19:44 28/01/2011] [02:56 19/01/2008] 8793643A67B42CEC66490B2A0CF92D68
irda.sys --a---- 95744 bytes [19:44 28/01/2011] [02:55 19/01/2008] E50A95179211B12946F7E035D60AF560
irenum.sys --a---- 13312 bytes [19:44 28/01/2011] [02:55 19/01/2008] 109C0DFB82C3632FBD11949B73AEEAC9
isapnp.sys --a---- 47208 bytes [08:35 02/11/2006] [09:50 02/11/2006] 350FCA7E73CF65BCEF43FAE1E4E91293
iteatapi.sys --a---- 35944 bytes [07:36 02/11/2006] [09:50 02/11/2006] BCED60D16156E428F8DF8CF27B0DF150
iteraid.sys --a---- 35944 bytes [07:36 02/11/2006] [09:50 02/11/2006] 06FA654504A498C30ADCA8BEC4E87E7E
kbdclass.sys --a---- 35384 bytes [19:44 28/01/2011] [04:41 19/01/2008] 37605E0A8CF00CBBA538E753E4344C6E
kbdhid.sys --a---- 15872 bytes [19:44 28/01/2011] [02:49 19/01/2008] 18247836959BA67E3511B62846B9C2E0
KR10I.sys --a---- 219264 bytes [20:39 06/11/2007] [06:32 09/11/2006] E8CA038F51F7761BD6E3A3B0B8014263
KR10N.sys --a---- 211072 bytes [20:40 06/11/2007] [06:31 09/11/2006] 6A4ADB9186DD0E114E623DAF57E42B31
kr3npxp.sys --a---- 479488 bytes [20:40 06/11/2007] [12:06 27/09/2006] 485E005CD51FF502FB16483EB4B69C17
ks.sys --a---- 148992 bytes [19:44 28/01/2011] [02:49 19/01/2008] 47CB1CBB1D80517D7909D0860128E860
ksecdd.sys --a---- 439896 bytes [14:47 30/08/2009] [18:20 15/06/2009] 7A0CF7908B6824D6A2A1D313E5AE3DCA
lltdio.sys --a---- 47104 bytes [19:44 28/01/2011] [02:55 19/01/2008] D1C5883087A0C3F1344D9D55A44901F6
lsi_fc.sys --a---- 65640 bytes [07:36 02/11/2006] [09:50 02/11/2006] A2262FB9F28935E862B4DB46438C80D2
lsi_sas.sys --a---- 65640 bytes [07:36 02/11/2006] [09:50 02/11/2006] 30D73327D390F72A62F32C103DAF1D6D
lsi_scsi.sys --a---- 65640 bytes [07:36 02/11/2006] [09:50 02/11/2006] E1E36FEFD45849A95F1AB81DE0159FE3
luafv.sys --a---- 84480 bytes [19:44 28/01/2011] [02:30 19/01/2008] 8F5C7426567798E62A3B3614965D62CC
mbam.sys --a---- 22344 bytes [10:54 07/12/2010] [19:56 04/04/2012] FB097BBC1A18F044BD17BD2FCCF97865
mcd.sys --a---- 18944 bytes [19:44 28/01/2011] [02:50 19/01/2008] B271EC02E71271A2DA28B3B7BC4E4F15
megasas.sys --a---- 28776 bytes [07:36 02/11/2006] [09:49 02/11/2006] D153B14FC6598EAE8422A2037553ADCE
modem.sys --a---- 31744 bytes [19:44 28/01/2011] [02:57 19/01/2008] E13B5EA0F51BA5B1512EC671393D09BA
monitor.sys --a---- 41984 bytes [19:44 28/01/2011] [02:52 19/01/2008] 0A9BB33B56E294F686ABB7C1E4E2D8A8
mouclass.sys --a---- 34360 bytes [19:44 28/01/2011] [04:41 19/01/2008] 5BF6A1326A335C5298477754A506D263
mouhid.sys --a---- 15872 bytes [19:44 28/01/2011] [02:49 19/01/2008] 93B8D4869E12CFBE663915502900876F
mountmgr.sys --a---- 57400 bytes [19:44 28/01/2011] [04:42 19/01/2008] BDAFC88AA6B92F7842416EA6A48E1600
mpio.sys --a---- 78952 bytes [08:52 02/11/2006] [09:50 02/11/2006] 583A41F26278D9E0EA548163D6139397
mpsdrv.sys --a---- 64000 bytes [19:44 28/01/2011] [02:54 19/01/2008] 22241FEBA9B2DEFA669C8CB0A8DD7D2E
Mraid35x.sys --a---- 33384 bytes [07:36 02/11/2006] [09:49 02/11/2006] 4FBBB70D30FD20EC51F80061703B001E
mrxdav.sys --a---- 110080 bytes [19:44 28/01/2011] [02:28 19/01/2008] AE3DE84536B6799D2267443CEC8EDBB9
mrxsmb.sys --a---- 105984 bytes [19:45 14/06/2011] [12:49 29/04/2011] 5734A0F2BE7E495F7D3ED6EFD4B9F5A1
mrxsmb10.sys --a---- 213504 bytes [10:06 10/08/2011] [14:56 06/07/2011] 6B5FA5ADFACAC9DBBE0991F4566D7D55
mrxsmb20.sys --a---- 79360 bytes [19:45 14/06/2011] [12:49 29/04/2011] 5C80D8159181C7ABF1B14BA703B01E0B
msahci.sys --a---- 28728 bytes [19:44 28/01/2011] [04:41 19/01/2008] 28023E86F17001F7CD9B15A5BC9AE07D
msdsm.sys --a---- 80488 bytes [08:52 02/11/2006] [09:50 02/11/2006] 3FC82A2AE4CC149165A94699183D3028
msfs.sys --a---- 22528 bytes [19:45 28/01/2011] [02:28 19/01/2008] A9927F4A46B816C92F461ACB90CF8515
msisadrv.sys --a---- 16440 bytes [19:45 28/01/2011] [04:41 19/01/2008] 0F400E306F385C56317357D6DEA56F62
msiscsi.sys --a---- 181304 bytes [19:45 28/01/2011] [04:42 19/01/2008] F247EEC28317F6C739C16DE420097301
mskssrv.sys --a---- 8192 bytes [19:45 28/01/2011] [02:49 19/01/2008] D8C63D34D9C9E56C059E24EC7185CC07
mspclock.sys --a---- 5888 bytes [19:45 28/01/2011] [02:49 19/01/2008] 1D373C90D62DDB641D50E55B9E78D65E
mspqm.sys --a---- 5504 bytes [19:45 28/01/2011] [02:49 19/01/2008] B572DA05BF4E098D4BBA3A4734FB505B
msrpc.sys --a---- 163384 bytes [19:45 28/01/2011] [04:42 19/01/2008] B5614AECB05A9340AA0FB55BF561CC63
mssmbios.sys --a---- 31288 bytes [19:45 28/01/2011] [04:41 19/01/2008] E384487CB84BE41D09711C30CA79646C
mstee.sys --a---- 6016 bytes [19:45 28/01/2011] [02:49 19/01/2008] 7199C1EEC1E4993CAF96B8C0A26BD58A
mup.sys --a---- 49720 bytes [19:45 28/01/2011] [04:42 19/01/2008] 6DFD1D322DE55B0B7DB7D21B90BEC49C
ndis.sys --a---- 529464 bytes [19:44 28/01/2011] [04:43 19/01/2008] 9BDC71790FA08F0A0B5F10462B1BD0B1
ndistapi.sys --a---- 20992 bytes [19:44 28/01/2011] [02:56 19/01/2008] 0E186E90404980569FB449BA7519AE61
ndisuio.sys --a---- 16896 bytes [19:44 28/01/2011] [02:55 19/01/2008] D6973AA34C4D5D76C0430B181C3CD389
ndiswan.sys --a---- 121344 bytes [19:44 28/01/2011] [02:56 19/01/2008] 3D14C3B3496F88890D431E8AA022A411
ndproxy.sys --a---- 49664 bytes [19:44 28/01/2011] [02:56 19/01/2008] 71DAB552B41936358F3B541AE5997FB3
netbios.sys --a---- 35840 bytes [19:44 28/01/2011] [02:55 19/01/2008] BCD093A5A6777CF626434568DC7DBA78
netbt.sys --a---- 184320 bytes [19:44 28/01/2011] [02:55 19/01/2008] 7C5FEE5B1C5728507CD96FB4A13E7A02
netio.sys --a---- 223288 bytes [19:44 28/01/2011] [04:42 19/01/2008] CB57FEB3288CF6D5CADC6EF0E50718D9
nfrd960.sys --a---- 45160 bytes [07:36 02/11/2006] [09:50 02/11/2006] 2E7FB731D4790A1BC6270ACCEFACB36E
npfs.sys --a---- 34816 bytes [19:44 28/01/2011] [02:28 19/01/2008] ECB5003F484F9ED6C608D6D6C7886CBB
nsiproxy.sys --a---- 16384 bytes [19:44 28/01/2011] [02:55 19/01/2008] 609773E344A97410CE4EBF74A8914FCF
ntfs.sys --a---- 1081912 bytes [19:44 28/01/2011] [04:43 19/01/2008] B4EFFE29EB4F15538FD8A9681108492D
ntrigdigi.sys --a---- 20608 bytes [07:36 02/11/2006] [07:36 02/11/2006] E875C093AEC0C978A90F30C9E0DFBB72
null.sys --a---- 4608 bytes [19:44 28/01/2011] [02:49 19/01/2008] C5DBBCDA07D780BDA9B685DF333BB41E
nvraid.sys --a---- 88680 bytes [07:36 02/11/2006] [09:50 02/11/2006] E69E946F80C1C31C53003BFBF50CBB7C
nvstor.sys --a---- 40040 bytes [07:36 02/11/2006] [09:50 02/11/2006] 9E0BA19A28C498A6D323D065DB76DFFC
NV_AGP.SYS --a---- 106600 bytes [08:35 02/11/2006] [09:50 02/11/2006] 07C186427EB8FCC3D8D7927187F260F7
nwifi.sys --a---- 148480 bytes [21:18 29/01/2011] [02:07 20/05/2008] 3C21CE48FF529BB73DADB98770B54025
ohci1394.sys --a---- 62080 bytes [08:55 02/11/2006] [08:55 02/11/2006] BE32DA025A0BE1878F0EE8D6D9386CD5
pacer.sys --a---- 72192 bytes [21:20 29/01/2011] [01:21 05/04/2008] BFEF604508A0ED1EAE2A73E872555FFB
parport.sys --a---- 79360 bytes [08:51 02/11/2006] [08:51 02/11/2006] 0FA9B5055484649D63C303FE404E5F4D
partmgr.sys --a---- 56376 bytes [19:43 28/01/2011] [04:42 19/01/2008] 3B38467E7C3DAED009DFE359E17F139F
parvdm.sys --a---- 8704 bytes [08:51 02/11/2006] [08:51 02/11/2006] 4F9A6A8A31413180D0FCB279AD5D8112
pci.sys --a---- 151096 bytes [19:43 28/01/2011] [04:42 19/01/2008] 01B94418DEB235DFF777CC80076354B4
pciide.sys --a---- 13416 bytes [08:51 02/11/2006] [09:49 02/11/2006] 3B1901E401473E03EB8C874271E50C26
pciidex.sys --a---- 45112 bytes [19:43 28/01/2011] [04:42 19/01/2008] 46ED71AFE2C872931E87AB958BE133FA
pcmcia.sys --a---- 167528 bytes [08:35 02/11/2006] [09:51 02/11/2006] E6F3FB1B86AA519E7698AD05E58B04E5
PEAuth.sys --a---- 878080 bytes [09:04 02/11/2006] [09:04 02/11/2006] 6349F6ED9C623B44B52EA3C63C831A92
portcls.sys --a---- 167936 bytes [19:43 28/01/2011] [02:53 19/01/2008] 75DAD0E7F4CD3CB9455A76123AC16BF3
processr.sys --a---- 38400 bytes [08:30 02/11/2006] [08:30 02/11/2006] 0E3CEF5D28B40CF273281D620C50700A
pxhelp20.sys --a---- 36560 bytes [21:53 27/09/2006] [21:53 27/09/2006] F7BB4E7A7C02AB4A2672937E124E306E
ql2300.sys --a---- 900712 bytes [07:36 02/11/2006] [09:51 02/11/2006] CCDAC889326317792480C0A67156A1EC
ql40xx.sys --a---- 106088 bytes [07:36 02/11/2006] [09:50 02/11/2006] 81A7E5C076E59995D54BC1ED3A16E60B
qwavedrv.sys --a---- 31232 bytes [19:43 28/01/2011] [02:56 19/01/2008] 9F5E0E1926014D17486901C88ECA2DB7
rasacd.sys --a---- 11776 bytes [19:43 28/01/2011] [02:56 19/01/2008] 147D7F9C556D259924351FEB0DE606C3
rasl2tp.sys --a---- 76288 bytes [19:43 28/01/2011] [02:56 19/01/2008] A214ADBAF4CB47DD2728859EF31F26B0
raspppoe.sys --a---- 41472 bytes [19:43 28/01/2011] [02:56 19/01/2008] 3E9D9B048107B40D87B97DF2E48E0744
raspptp.sys --a---- 62976 bytes [19:43 28/01/2011] [02:56 19/01/2008] ECFFFAEC0C1ECD8DBC77F39070EA1DB1
rassstp.sys --a---- 69120 bytes [19:43 28/01/2011] [02:56 19/01/2008] A7D141684E9500AC928A772ED8E6B671
rdbss.sys --a---- 224768 bytes [19:43 28/01/2011] [02:28 19/01/2008] 6E1C5D0457622F9EE35F683110E93D14
RDPCDD.sys --a---- 6144 bytes [19:43 28/01/2011] [03:01 19/01/2008] 89E59BE9A564262A3FB6C4F4F1CD9899
rdpdr.sys --a---- 242688 bytes [09:03 02/11/2006] [09:03 02/11/2006] E8BD98D46F2ED77132BA927FCCB47D8B
RDPENCDD.sys --a---- 6144 bytes [19:43 28/01/2011] [03:01 19/01/2008] 9D91FE5286F748862ECFFA05F8A0710C
rdpwd.sys --a---- 181248 bytes [19:43 28/01/2011] [03:01 19/01/2008] E1C18F4097A5ABCEC941DC4B2F99DB7E
rmcast.sys --a---- 113664 bytes [20:24 13/06/2008] [01:33 10/05/2008] FDEB76BED9C0A75329CA426623297158
RNDISMP.sys --a---- 33280 bytes [19:43 28/01/2011] [02:56 19/01/2008] 8F5DB387FF2F57AD9107B7EB78A6D34B
rootmdm.sys --a---- 8192 bytes [19:43 28/01/2011] [02:57 19/01/2008] 75E8A6BFA7374ABA833AE92BF41AE4E6
rspndr.sys --a---- 60416 bytes [19:43 28/01/2011] [02:55 19/01/2008] 9C508F4074A39E8B4B31D27198146FAD
RTKVHDA.sys --a---- 1771944 bytes [22:27 06/11/2007] [01:03 26/04/2007] B84732D9F8459ABF6323D28A3270DC19
rtl8187B.sys --a---- 252416 bytes [21:38 11/12/2007] [21:07 01/06/2007] 67E7822975985016FDCE01635FBDBBF9
Rtlh86.sys --a---- 44544 bytes [10:25 02/11/2006] [07:30 02/11/2006] 283392AF1860ECDB5E0F8EBD7F3D72DF
sbp2port.sys --a---- 76392 bytes [08:51 02/11/2006] [09:50 02/11/2006] 3CE8F073A557E172B330109436984E30
scsiport.sys --a---- 142904 bytes [19:43 28/01/2011] [04:42 19/01/2008] 6F5CA34AE885645ACF8A20D564DB976C
sdbus.sys --a---- 82432 bytes [22:02 06/11/2007] [22:02 06/11/2007] BCCA63A3D143938273A3158757389DC7
secdrv.sys --a---- 20480 bytes [06:37 02/11/2006] [06:37 02/11/2006] 90A3935D05B494A5A39D37E71F09A677
serenum.sys --a---- 17920 bytes [08:51 02/11/2006] [08:51 02/11/2006] 68E44E331D46F0FB38F0863A84CD1A31
serial.sys --a---- 83456 bytes [08:51 02/11/2006] [08:51 02/11/2006] C70D69A918B178D3C3B06339B40C2E1B
sermouse.sys --a---- 19968 bytes [19:43 28/01/2011] [02:49 19/01/2008] 8AF3D28A879BF75DB53A0EE7A4289624
sffdisk.sys --a---- 13312 bytes [08:51 02/11/2006] [08:51 02/11/2006] 103B79418DA647736EE95645F305F68A
sffp_mmc.sys --a---- 12800 bytes [08:51 02/11/2006] [08:51 02/11/2006] 8FD08A310645FE872EEEC6E08C6BF3EE
sffp_sd.sys --a---- 12800 bytes [08:51 02/11/2006] [08:51 02/11/2006] 9CFA05FCFCB7124E69CFC812B72F9614
sfloppy.sys --a---- 13312 bytes [08:51 02/11/2006] [08:51 02/11/2006] 46ED8E91793B2E6F848015445A0AC188
Sftfslh.sys --a---- 579944 bytes [13:30 01/10/2011] [13:30 01/10/2011] D9B734638DD8DBA9D59AAD3189CD0FAD
Sftplaylh.sys --a---- 194408 bytes [13:30 01/10/2011] [13:30 01/10/2011] 2F61BD46C0BFF4EB36E1E359CA17BFC5
Sftredirlh.sys --a---- 21864 bytes [13:30 01/10/2011] [13:30 01/10/2011] 518BAC0179F94304F422696B47C0EC12
Sftvollh.sys --a---- 19304 bytes [13:30 01/10/2011] [13:30 01/10/2011] 747325236D88B3F05FFD27FF9EC711C5
SISAGP.SYS --a---- 53352 bytes [08:35 02/11/2006] [09:49 02/11/2006] D2A595D6EEBEEAF4334F8E50EFBC9931
sisraid2.sys --a---- 38504 bytes [07:36 02/11/2006] [09:50 02/11/2006] CEDD6F4E7D84E9F98B34B3FE988373AA
sisraid4.sys --a---- 71784 bytes [07:36 02/11/2006] [09:50 02/11/2006] DF843C528C4F69D12CE41CE462E973A7
smb.sys --a---- 66560 bytes [19:43 28/01/2011] [02:55 19/01/2008] 031E6BCD53C9B2B9ACE111EAFEC347B6
smclib.sys --a---- 17408 bytes [19:43 28/01/2011] [02:49 19/01/2008] A7D7EA1771D2ED6F39A8063E79B6C3E8
spldr.sys --a---- 21048 bytes [19:41 28/01/2011] [04:41 19/01/2008] 7AEBDEEF071FE28B0EEF2CDD69102BFF
spsys.sys --a---- 681984 bytes [19:41 28/01/2011] [01:10 19/01/2008] F713E67C329CE82FF1E1EBB497887427
srv.sys --a---- 304640 bytes [05:20 03/05/2011] [13:31 18/02/2011] 2252AEF839B1093D16761189F45AF885
srv2.sys --a---- 146432 bytes [19:45 14/06/2011] [12:49 29/04/2011] B7FF59408034119476B00A81BB53D5D1
srvnet.sys --a---- 102400 bytes [19:45 14/06/2011] [12:49 29/04/2011] 2ACCC9B12AF02030F531E6CCA6F8B76E
ssmdrv.sys --a---- 28520 bytes [15:51 17/06/2010] [14:12 11/05/2009] A36EE93698802CD899F98BFD553D8185
Storport.sys --a---- 123960 bytes [19:41 28/01/2011] [04:43 19/01/2008] 39AD2C7B9C05C1CCD12480890DBA4EB5
stream.sys --a---- 52992 bytes [19:41 28/01/2011] [02:53 19/01/2008] 264232EF4283F123438C60D49E52D596
swenum.sys --a---- 15288 bytes [19:41 28/01/2011] [04:41 19/01/2008] 7BA58ECF0C0A9A69D44B3DCA62BECF56
symc8xx.sys --a---- 35944 bytes [07:36 02/11/2006] [09:50 02/11/2006] 192AA3AC01DF071B541094F251DEED10
sym_hi.sys --a---- 31848 bytes [07:36 02/11/2006] [09:49 02/11/2006] 8C8EB8C76736EBAF3B13B633B2E64125
sym_u3.sys --a---- 34920 bytes [07:36 02/11/2006] [09:50 02/11/2006] 8072AF52B5FD103BBBA387A1E49F62CB
SynTP.sys --a---- 190384 bytes [01:03 16/08/2007] [01:03 16/08/2007] 11F730BF0D0AA4FE7DE7138A32A52422
taishop.sys -r-hs-- 4 bytes [19:55 31/03/2008] [19:55 31/03/2008] EFB3485A5B234353BFA64B591918F451
tape.sys --a---- 24576 bytes [19:41 28/01/2011] [02:49 19/01/2008] 1239FD18895040D97B7CDBC19BC2075E
tcpip.sys --a---- 898952 bytes [21:06 29/01/2011] [15:59 16/06/2010] 782568AB6A43160A159B6215B70BCCE9
tcpipreg.sys --a---- 30208 bytes [19:41 28/01/2011] [02:56 19/01/2008] D4A2E4A4B011F3A883AF77315A5AE76B
tdcmdpst.sys --a---- 16128 bytes [19:50 18/10/2006] [19:50 18/10/2006] 1825BCEB47BF41C5A9F0E44DE82FC27A
tdi.sys --a---- 20992 bytes [19:41 28/01/2011] [02:57 19/01/2008] 77937EFF009AC696B90E09F671F9D0A4
tdpipe.sys --a---- 17920 bytes [19:41 28/01/2011] [03:01 19/01/2008] 5DCF5E267BE67A1AE926F2DF77FBCC56
tdtcp.sys --a---- 29184 bytes [19:41 28/01/2011] [03:01 19/01/2008] 389C63E32B3CEFED425B61ED92D3F021
tdx.sys --a---- 71680 bytes [19:41 28/01/2011] [02:56 19/01/2008] D09276B1FAB033CE1D40DCBDF303D10F
termdd.sys --a---- 54328 bytes [19:40 28/01/2011] [04:42 19/01/2008] A048056F5E1A96A9BF3071B91741A5AA
tifm21.sys --a---- 290304 bytes [22:44 24/01/2007] [22:44 24/01/2007] E4C85C291DDB3DC5E4A2F227CA465BA6
tos_sps32.sys --a---- 285184 bytes [21:43 11/12/2007] [18:59 19/09/2007] 1EA5F27C29405BF49799FECA77186DA9
tssecsrv.sys --a---- 23552 bytes [19:40 28/01/2011] [03:01 19/01/2008] DCF0F056A2E4F52287264F5AB29CF206
TUNMP.SYS --a---- 15360 bytes [12:15 14/04/2010] [05:55 19/01/2008] CAECC0120AC49E3D2F758B9169872D38
tunnel.sys --a---- 25088 bytes [12:15 14/04/2010] [11:52 18/02/2010] 6042505FF6FA9AC1EF7684D0E03B6940
TVALZ_O.SYS --a---- 16768 bytes [06:22 06/10/2006] [06:22 06/10/2006] 521C5F39829875ADF5466DD94C6282C7
UAGP35.SYS --a---- 56936 bytes [08:35 02/11/2006] [09:49 02/11/2006] C3ADE15414120033A36C0F293D4A4121
udfs.sys --a---- 226816 bytes [19:40 28/01/2011] [02:28 19/01/2008] 8B5088058FA1D1CD897A2113CCFF6C58
ULIAGPKX.SYS --a---- 58472 bytes [08:35 02/11/2006] [09:50 02/11/2006] 75E6890EBFCE0841D3291B02E7A8BDB0
uliahci.sys --a---- 235112 bytes [07:36 02/11/2006] [09:51 02/11/2006] 3CD4EA35A6221B85DCC25DAA46313F8D
ulsata.sys --a---- 98408 bytes [07:36 02/11/2006] [09:50 02/11/2006] 8514D0E5CD0534467C5FC61BE94A569F
ulsata2.sys --a---- 115816 bytes [07:36 02/11/2006] [09:50 02/11/2006] 38C3C6E62B157A6BC46594FADA45C62B
umbus.sys --a---- 34816 bytes [19:40 28/01/2011] [02:53 19/01/2008] 32CFF9F809AE9AED85464492BF3E32D2
umpass.sys --a---- 7680 bytes [19:40 28/01/2011] [02:53 19/01/2008] 88BD96A1BAEED33EE8BDF9499C07A841
usb8023.sys --a---- 15872 bytes [19:40 28/01/2011] [02:56 19/01/2008] D173F7B936C8F579BCC4F78DA861929C
USBCAMD.sys --a---- 25728 bytes [19:40 28/01/2011] [02:53 19/01/2008] BF85EAAB7B889E4B621111E0372CB147
USBCAMD2.sys --a---- 25728 bytes [19:40 28/01/2011] [02:53 19/01/2008] B0B0C4970BD60E6E2B0FD33B2960490D
usbccgp.sys --a---- 73216 bytes [19:40 28/01/2011] [02:53 19/01/2008] CAF811AE4C147FFCD5B51750C7F09142
usbcir.sys --a---- 68608 bytes [08:55 02/11/2006] [08:55 02/11/2006] E9476E6C486E76BC4898074768FB7131
usbd.sys --a---- 5888 bytes [19:41 28/01/2011] [02:53 19/01/2008] 790FDAC6D0C762DF9047C3C625A6FF6C
usbehci.sys --a---- 39424 bytes [19:41 28/01/2011] [02:53 19/01/2008] CEBE90821810E76320155BEBA722FCF9
usbhub.sys --a---- 194560 bytes [19:41 28/01/2011] [02:53 19/01/2008] CC6B28E4CE39951357963119CE47B143
usbohci.sys --a---- 19456 bytes [08:55 02/11/2006] [08:55 02/11/2006] 38DBC7DD6CC5A72011F187425384388B
usbport.sys --a---- 226304 bytes [19:41 28/01/2011] [02:53 19/01/2008] 65AD9C60DBFA2F0EA582E691CBA03F0C
usbprint.sys --a---- 18944 bytes [19:41 28/01/2011] [03:14 19/01/2008] E75C4B5269091D15A2E7DC0B6D35F2F5
usbscan.sys --a---- 35328 bytes [19:41 28/01/2011] [03:14 19/01/2008] A508C9BD8724980512136B039BBA65E9
USBSTOR.SYS --a---- 55296 bytes [19:41 28/01/2011] [02:53 19/01/2008] 87BA6B83C5D19B69160968D07D6E2982
usbuhci.sys --a---- 23552 bytes [19:41 28/01/2011] [02:53 19/01/2008] 814D653EFC4D48BE3B04A307ECEFF56F
usbvideo.sys --a---- 132352 bytes [10:25 02/11/2006] [08:55 02/11/2006] 0A6B81F01BC86399482E27E6FDA7B33B
vga.sys --a---- 25088 bytes [19:40 28/01/2011] [02:52 19/01/2008] 2E93AC0A1D8C79D019DB6C51F036636C
vgapnp.sys --a---- 26112 bytes [19:40 28/01/2011] [02:52 19/01/2008] 87B06E1F30B749A114F74622D013F8D4
VIAAGP.SYS --a---- 54376 bytes [08:35 02/11/2006] [09:49 02/11/2006] 045D9961E591CF0674A920B6BA3BA5CB
viac7.sys --a---- 39424 bytes [08:30 02/11/2006] [08:30 02/11/2006] 56A4DE5F02F2E88182B0981119B4DD98
viaide.sys --a---- 17512 bytes [08:51 02/11/2006] [09:49 02/11/2006] FD2E3175FCADA350C7AB4521DCA187EC
videoprt.sys --a---- 110080 bytes [19:40 28/01/2011] [02:52 19/01/2008] C048D2C33D27441A0CDCAAE2651EB03D
volmgr.sys --a---- 52792 bytes [19:40 28/01/2011] [04:42 19/01/2008] 69503668AC66C77C6CD7AF86FBDF8C43
volmgrx.sys --a---- 294456 bytes [19:40 28/01/2011] [04:43 19/01/2008] 98F5FFE6316BD74E9E2C97206C190196
volsnap.sys --a---- 227896 bytes [19:40 28/01/2011] [04:42 19/01/2008] D8B4A53DD2769F226B3EB374374987C9
vsmraid.sys --a---- 112232 bytes [07:36 02/11/2006] [09:50 02/11/2006] D984439746D42B30FC65A4C3546C6829
wacompen.sys --a---- 20608 bytes [08:52 02/11/2006] [08:52 02/11/2006] 48DFEE8F1AF7C8235D4E626F0C4FE031
wanarp.sys --a---- 62464 bytes [19:41 28/01/2011] [02:56 19/01/2008] 55201897378CCA7AF8B5EFD874374A26
watchdog.sys --a---- 32768 bytes [19:41 28/01/2011] [02:35 19/01/2008] 6C8B7DF75ECF4A7DD668BEC58E268329
wd.sys --a---- 19560 bytes [08:54 02/11/2006] [09:49 02/11/2006] AFC5AD65B991C1E205CF25CFDBF7A6F4
Wdf01000.sys --a---- 503864 bytes [19:41 28/01/2011] [04:43 19/01/2008] B6F0A7AD6D4BD325FBCD8BAC96CD8D96
WdfLdr.sys --a---- 35896 bytes [19:41 28/01/2011] [04:42 19/01/2008] B4FC6DD9167B058E6DBE6CB14ACFA2CB
wmiacpi.sys --a---- 11264 bytes [08:35 02/11/2006] [08:35 02/11/2006] 701A9F884A294327E9141D73746EE279
wmilib.sys --a---- 17976 bytes [19:41 28/01/2011] [04:41 19/01/2008] C546864EED786304762D030FEBF6B411
WpdUsb.sys --a---- 39936 bytes [19:41 28/01/2011] [03:04 19/01/2008] 0CEC23084B51B8288099EB710224E955
ws2ifsl.sys --a---- 15872 bytes [19:41 28/01/2011] [02:56 19/01/2008] E3A3CB253C0EC2494D4A61F5E43A389C
WUDFPf.sys --a---- 51200 bytes [19:41 28/01/2011] [02:52 19/01/2008] 13B5F255E90624A5BA0441D39CFB6BE2
WUDFRd.sys --a---- 83328 bytes [19:41 28/01/2011] [02:53 19/01/2008] AC13CB789D93412106B0FB6C7EB2BCB6
yk60x86.sys --a---- 221696 bytes [18:00 09/01/2007] [18:00 09/01/2007] 1DD951CF8A69FA2BEA82F3E3A811FA95

---Folders---
en-US d------ [12:42 02/11/2006]
etc d------ [11:18 02/11/2006]
UMDF d------ [11:18 02/11/2006]


JonEJet
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-07-16
OS OS : XP
Points Points : 30186
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Sun Jun 03, 2012 12:23 am

c:\windows\system32 - Parameters: "/n*.dll /md5"

---Files---
aaclient.dll --a---- 136192 bytes [01:52 29/08/2009] [07:33 19/01/2008] AD45DEDFDCF69A28CBAF6A2CA84B5F1E
accessibilitycpl.dll --a---- 2515968 bytes [19:42 28/01/2011] [04:33 19/01/2008] AC4CECC86EEB8E1CC2E9FE022CFF3AC1
ACCTRES.dll --a---- 39424 bytes [07:28 02/11/2006] [07:28 02/11/2006] 58F57F2F2133A2A77607C8CCC9A30F73
acledit.dll --a---- 7680 bytes [08:42 02/11/2006] [09:46 02/11/2006] 0BCEE3F36752213D1B09D18E69383898
aclui.dll --a---- 127488 bytes [19:42 28/01/2011] [04:33 19/01/2008] 09C91E1F199C53E1114396B59B3B4D9E
acppage.dll --a---- 38912 bytes [08:39 02/11/2006] [09:46 02/11/2006] 4B61E9C7CE66FDDB29CBBB01E1060649
acprgwiz.dll --a---- 2048 bytes [07:11 02/11/2006] [07:11 02/11/2006] 668C1A772324426F4DEAF20167595D57
ActionQueue.dll --a---- 167424 bytes [19:42 28/01/2011] [04:33 19/01/2008] CA47571D86040FF7CBF40A125759DAFB
ActiveContentWizard.dll --a---- 1405952 bytes [19:42 28/01/2011] [04:33 19/01/2008] 784D3FCC1AB109C69C88A20AB64438D4
activeds.dll --a---- 204800 bytes [19:42 28/01/2011] [04:33 19/01/2008] 6468C3FF6D0C7874FA8C619AF3E23B22
actxprxy.dll --a---- 326656 bytes [19:42 28/01/2011] [04:33 19/01/2008] 8D78BA30DB4AE040A52EDEE725782715
acXMLParser.dll --a---- 1064960 bytes [23:53 16/03/2009] [23:07 28/01/2008] 3399D9580BF55034E80F3C63593D3FBC
admparse.dll --a---- 72704 bytes [14:56 07/06/2009] [07:33 19/01/2008] D016A58A7ECA0A34647EDEC5113C8C7A
adsldp.dll --a---- 185856 bytes [19:42 28/01/2011] [04:33 19/01/2008] CE683F9B7482B31D0EC5D04FD7533F54
adsldpc.dll --a---- 198144 bytes [19:42 28/01/2011] [04:33 19/01/2008] E0761B16F3F6F7083C7EDA3EF59F13BA
adsmsext.dll --a---- 76288 bytes [19:42 28/01/2011] [04:33 19/01/2008] 766578AD187C1AFF2ADF7F0A0E0093A0
adsnt.dll --a---- 257024 bytes [19:42 28/01/2011] [04:33 19/01/2008] 3DB66361DDBB1A017EDE92A68F940DCB
adtschema.dll --a---- 605696 bytes [19:42 28/01/2011] [02:26 19/01/2008] 9B70EC8230DBC6BE9C0A54FCCA7BE841
advapi32.dll --a---- 798720 bytes [19:42 28/01/2011] [04:33 19/01/2008] C44A1766E93E506EE2102A305799E1A1
advpack.dll --a---- 128000 bytes [19:42 28/01/2011] [04:33 19/01/2008] C77F71AA825263541965846EDD9E8729
aecache.dll --a---- 6656 bytes [08:29 02/11/2006] [09:46 02/11/2006] 7D4002D9CA6DD29BAFFA665382B60406
aelupsvc.dll --a---- 24576 bytes [08:29 02/11/2006] [09:46 02/11/2006] 9D1FDA9E086BA64E3C93C9DE32461BCF
agrscoin.dll --a---- 13312 bytes [22:34 11/09/2006] [22:34 11/09/2006] EB5C488A3854C183DE9A72A3B9CCED02
AltTab.dll --a---- 43008 bytes [12:34 02/11/2006] [12:34 02/11/2006] 4A839160ED1963F9A1526DDA2D1233B2
amstream.dll --a---- 70144 bytes [19:42 28/01/2011] [04:33 19/01/2008] 570D1DA9BD508C518097F3E6AB13ADDB
amxread.dll --a---- 24064 bytes [14:57 07/06/2009] [03:38 17/03/2009] 4C589E943146BED7B53E89F171D4112C
apds.dll --a---- 1730560 bytes [19:42 28/01/2011] [04:33 19/01/2008] CF4D1FFDA55937D8CB09F594689F62CA
apilogen.dll --a---- 13824 bytes [14:57 07/06/2009] [03:38 17/03/2009] E1F50C032D70E9DE374DAD73C88CE7DF
apircl.dll --a---- 219648 bytes [19:42 28/01/2011] [04:33 19/01/2008] 6ED0090E409F635CE7203CA36D0B3C10
apphelp.dll --a---- 171008 bytes [19:42 28/01/2011] [04:33 19/01/2008] 53E09730CB6190F6FF7633B8B5B914EC
Apphlpdm.dll --a---- 28672 bytes [05:17 03/05/2011] [14:56 03/03/2011] 77DE4C45589BBDDEB108B215682EC333
appinfo.dll --a---- 33280 bytes [19:42 28/01/2011] [04:33 19/01/2008] C6D704C7F0434DC791AAC37CAC4B6E14
apss.dll --a---- 198656 bytes [19:42 28/01/2011] [04:33 19/01/2008] 6F4AF30005CF55F4B1DF8F4D603F7C4B
asferror.dll --a---- 2048 bytes [12:35 02/11/2006] [12:35 02/11/2006] FA11EA4ABBAE074A25CEDCF0B23D27F9
asycfilt.dll --a---- 67072 bytes [21:21 29/01/2011] [16:07 05/04/2010] C006588AA4814F367B6A1311D17BBE73
atl.dll --a---- 71680 bytes [01:52 29/08/2009] [14:35 17/07/2009] 35979494DABAF115F5FFA960830817DF
atl100.dll --a---- 138056 bytes [05:58 11/06/2011] [05:58 11/06/2011] C85670AB64068F8080998AEBA6C5019C
atl71.dll --a---- 89088 bytes [03:05 19/03/2003] [03:05 19/03/2003] 8F2097E8B174F38178570C611464935F
atmfd.dll --a---- 292864 bytes [05:20 03/05/2011] [13:24 16/02/2011] 0F21CE32F5F52E50BC6358BD46D0CFCA
atmlib.dll --a---- 34304 bytes [05:20 03/05/2011] [15:29 16/02/2011] A3B29010868195E0DEB45DB33C369DBB
audiodev.dll --a---- 244224 bytes [19:42 28/01/2011] [04:33 19/01/2008] 67C30FAFA58BD7E02A9DA8BE28512934
AudioEng.dll --a---- 397312 bytes [19:42 28/01/2011] [04:33 19/01/2008] DB7F4AB85298F3FE522C5512B8B0F56D
AUDIOKSE.dll --a---- 274944 bytes [19:42 28/01/2011] [04:36 19/01/2008] 296937202E4D930AAE98085B99D744D8
AudioSes.dll --a---- 116224 bytes [19:42 28/01/2011] [04:33 19/01/2008] 154E3891ED6D5520EDA5D87B4EC3F7C2
audiosrv.dll --a---- 314368 bytes [19:42 28/01/2011] [04:33 19/01/2008] 42076E29AAFA0830A2C5D4E310F58DD1
authfwcfg.dll --a---- 251904 bytes [19:42 28/01/2011] [04:33 19/01/2008] F35D79E64E1D38AFD0FF5C123B979F15
AuthFWGP.dll --a---- 509952 bytes [19:42 28/01/2011] [04:33 19/01/2008] 0ADED25D371AE14665CE514E413988E7
AuthFWSnapin.dll --a---- 4595712 bytes [19:42 28/01/2011] [04:38 19/01/2008] FC772BA174094D86AA73A65A8AD77047
AuthFWWizFwk.dll --a---- 274432 bytes [07:38 02/11/2006] [09:46 02/11/2006] 18B2E8FFB05BAD2E6ACEB2E38B02E3EE
authui.dll --a---- 1985024 bytes [19:42 28/01/2011] [04:33 19/01/2008] A9BF9F54B6FAC7C1839AA6C93C5664C5
authz.dll --a---- 79360 bytes [19:42 28/01/2011] [04:33 19/01/2008] 669388DB959F5B07AAAA43C796C7AA05
autoplay.dll --a---- 516608 bytes [19:42 28/01/2011] [04:33 19/01/2008] 25370458E6BE09E5F90403588B07CDED
AuxiliaryDisplayApi.dll --a---- 103936 bytes [19:42 28/01/2011] [04:33 19/01/2008] 322614D469D1B4268DBBE45DA13DBF05
AuxiliaryDisplayClassInstaller.dll --a---- 107520 bytes [08:51 02/11/2006] [09:46 02/11/2006] 936B624008922D13BDCC3C293FBC8DD8
AuxiliaryDisplayCpl.dll --a---- 1186304 bytes [19:42 28/01/2011] [04:36 19/01/2008] 2C67653D70262E975672D46F0E9FCF6B
AuxiliaryDisplayDriverLib.dll --a---- 174080 bytes [19:42 28/01/2011] [04:36 19/01/2008] 1DEEC0A75C2CD6F4EA0BE35455842E1D
AuxiliaryDisplayServices.dll --a---- 102912 bytes [19:42 28/01/2011] [04:36 19/01/2008] EE1005543567F4397426875BD0969F1E
avicap.dll --a---- 69584 bytes [12:34 02/11/2006] [12:34 02/11/2006] D05D2C408BBDD201E145F1202B2F13BD
avicap32.dll --a---- 65024 bytes [17:52 21/03/2010] [12:28 28/12/2009] 387EF0ACFF9F82015EF509F099C03999
avifil32.dll --a---- 91136 bytes [17:52 21/03/2010] [12:28 28/12/2009] 102E1942B0FF8708166E716A829C8AE8
avifile.dll --a---- 109456 bytes [12:34 02/11/2006] [12:34 02/11/2006] 1131CC48B374FBF92EBAF0821C228ACA
avrt.dll --a---- 12800 bytes [19:42 28/01/2011] [04:33 19/01/2008] C9244BCAC83B259B920BBEE18A97BFE1
axaltocm.dll --a---- 82432 bytes [10:32 02/11/2006] [20:31 28/01/2011] B00B85D60F8678F011F76943041B619B
azroles.dll --a---- 756736 bytes [19:42 28/01/2011] [04:33 19/01/2008] 19AD4770985B280EF767C5311AD5AA64
azroleui.dll --a---- 317440 bytes [19:42 28/01/2011] [04:33 19/01/2008] 9F95771A5E04C4A5E9BB2C128B1E2526
AzSqlExt.dll --a---- 28160 bytes [19:42 28/01/2011] [04:33 19/01/2008] D89FFFBE0379D5359F7E49E1155D83E6
basecsp.dll --a---- 131640 bytes [19:42 28/01/2011] [04:38 19/01/2008] 9FA33D638EF28750DCDC959BA9CECF17
basesrv.dll --a---- 68096 bytes [19:42 28/01/2011] [04:33 19/01/2008] F31EEBC1A1C81FD04005489CC3DCDFE7
batmeter.dll --a---- 737792 bytes [08:48 02/11/2006] [09:46 02/11/2006] EC69B16644C613F41A57169F8D068F1D
batt.dll --a---- 12800 bytes [19:42 28/01/2011] [04:33 19/01/2008] BF6FCD049C5FBB3FD967B27B6341E6E3
bcdprov.dll --a---- 48128 bytes [19:42 28/01/2011] [04:33 19/01/2008] 29D678CBCE9BEE878971ACE41E9EEE47
bcdsrv.dll --a---- 117760 bytes [19:42 28/01/2011] [04:33 19/01/2008] CCF1D8BB8FC6FE26BDCA234F3E28CE81
bcrypt.dll --a---- 274432 bytes [19:42 28/01/2011] [04:33 19/01/2008] F7FFB0F018DDC0A120A1133437C37AB0
BFE.DLL --a---- 328704 bytes [19:42 28/01/2011] [04:33 19/01/2008] 8582E233C346AEFE759833E8A30DD697
bidispl.dll --a---- 33792 bytes [09:15 02/11/2006] [09:46 02/11/2006] ABC374AA8131359FD2E47434CF4D41BA
bitsigd.dll --a---- 31744 bytes [19:42 28/01/2011] [04:33 19/01/2008] C1DB5285D572FFD741FDE14DF3E51F97
bitsperf.dll --a---- 17920 bytes [08:40 02/11/2006] [09:46 02/11/2006] F21F255B91CA4F04E4250DECD2067CBB
bitsprx2.dll --a---- 10752 bytes [08:40 02/11/2006] [09:46 02/11/2006] 3A0084039D1A845BE595E5AE62DB687A
bitsprx3.dll --a---- 9728 bytes [08:40 02/11/2006] [09:46 02/11/2006] 1D12C43D9CD27019939BFCCA82EF3A54
bitsprx4.dll --a---- 9216 bytes [08:40 02/11/2006] [09:46 02/11/2006] 9F8E9C1021FB88CDD057EFAD97F7FB58
bitsprx5.dll --a---- 17920 bytes [08:40 02/11/2006] [09:46 02/11/2006] F9997A74B445A6EAB6B3E7758C1DC51C
blackbox.dll --a---- 542720 bytes [19:42 28/01/2011] [04:33 19/01/2008] 38A97C3FC73B73EC03570DF771C4A641
bootstr.dll --a---- 2560 bytes [19:42 28/01/2011] [02:27 19/01/2008] 601A53B57FEC5AB4A2D9250BFE355FC8
BOOTVID.DLL --a---- 24120 bytes [19:42 28/01/2011] [04:41 19/01/2008] F0821E18CAFC7135CCF6DE3D306E97CD
brcoinst.dll --a---- 17408 bytes [09:36 02/11/2006] [09:46 02/11/2006] 48444A83492F6F93AA8239170BC6807B
brcpl.dll --a---- 1342464 bytes [19:42 28/01/2011] [04:33 19/01/2008] 340DFDAF9EA860E314A373E2DE309262
brcplsdw.dll --a---- 52736 bytes [19:42 28/01/2011] [04:33 19/01/2008] 4CE5B3256751B646EDF60C4893937304
brdgcfg.dll --a---- 24064 bytes [08:56 02/11/2006] [09:46 02/11/2006] 88944F547E938FF4859B3CE7F50A789A
bridgeres.dll --a---- 2048 bytes [07:38 02/11/2006] [07:38 02/11/2006] 8A103893077D370340EB77313C6AD621
browser.dll --a---- 81920 bytes [19:42 28/01/2011] [04:33 19/01/2008] A3629A0C4226F9E9C72FAAEEBC3AD33C
browseui.dll --a---- 1324032 bytes [19:42 28/01/2011] [04:33 19/01/2008] A3C1B75B0156D5B68B271C6FE0A5FDE7
bthci.dll --a---- 45568 bytes [19:42 28/01/2011] [04:33 19/01/2008] 03860D6AA278FAA69F1D257705C6A534
bthserv.dll --a---- 39936 bytes [08:55 02/11/2006] [09:46 02/11/2006] 58EE7F5E68310BC8D4E7CEBD8358C12E
btpanui.dll --a---- 91648 bytes [19:42 28/01/2011] [04:33 19/01/2008] 83C807E149FE18D1160B86C2A7D036A8
cabinet.dll --a---- 71680 bytes [19:42 28/01/2011] [04:33 19/01/2008] A99871BA522CB2539AE275AC18CACC8F
cabview.dll --a---- 98304 bytes [12:12 14/04/2010] [00:04 15/01/2010] 89DAF120115AA36C548FCB85E150E49F
capicom.dll --a---- 466944 bytes [23:03 06/11/2007] [21:11 31/01/2007] 1B6E2050ABBDA860F4F9F245D1E150A5
capisp.dll --a---- 17920 bytes [19:42 28/01/2011] [04:33 19/01/2008] C5546A8532BB62F20FC1744481B9CB5F
CardGames.dll --a---- 6213632 bytes [12:35 02/11/2006] [12:35 02/11/2006] BC6F5A366BA5479BABD79BBE778C7D27
catsrv.dll --a---- 451072 bytes [19:42 28/01/2011] [04:33 19/01/2008] 169F4763D943FB712948292066318635
catsrvps.dll --a---- 23552 bytes [08:50 02/11/2006] [09:46 02/11/2006] EF8BC79B8265306F7A0AF9D42F3C84E6
catsrvut.dll --a---- 487936 bytes [19:42 28/01/2011] [04:33 19/01/2008] A36E1A0CB17DDDF6E0BF3CEA4E7A52EC
cdd.dll --a---- 36864 bytes [21:18 29/01/2011] [03:26 02/08/2008] 99D8D5AF1826A4CB454B865223540449
CDDBControlRoxio.dll --a---- 598016 bytes [21:32 18/05/2006] [21:32 18/05/2006] BF8685C27ED2F5C39DB5E81BF6178C4D
CDDBUIRoxio.dll --a---- 761856 bytes [23:02 08/03/2004] [23:02 08/03/2004] 8DDDAFC9760623CFB8965F07284DF01D
cdintf300.dll --a---- 1064960 bytes [23:53 16/03/2009] [23:07 28/01/2008] 3399D9580BF55034E80F3C63593D3FBC
cdosys.dll --a---- 805888 bytes [19:42 28/01/2011] [04:33 19/01/2008] CDA90F015B5EDEF9463A672B7C10654E
cdral.dll --a---- 81920 bytes [21:38 07/09/2005] [21:38 07/09/2005] 66B11E9545AA71664E03297EF06DF554
cdrtc.dll --a---- 77824 bytes [21:38 07/09/2005] [21:38 07/09/2005] 8659C4EF513A6C7AB4230346CEAC427B
certcli.dll --a---- 323072 bytes [19:42 28/01/2011] [04:33 19/01/2008] 57F8E9FFE823CBC3EEE0A63451700B08
certenc.dll --a---- 41984 bytes [08:43 02/11/2006] [09:46 02/11/2006] BFD3F5EA39F67C0FD4CB87648EE09272
CertEnroll.dll --a---- 1111552 bytes [19:42 28/01/2011] [04:33 19/01/2008] D2E1A0A64A0748C6E6A4E3F93DB7A027
CertEnrollUI.dll --a---- 632832 bytes [19:42 28/01/2011] [04:33 19/01/2008] 1BB2543A84D362251B8EEC713BBB3023
certmgr.dll --a---- 1502720 bytes [19:42 28/01/2011] [04:33 19/01/2008] 61EA645043973E83F5E932482CC26C85
certprop.dll --a---- 40448 bytes [19:42 28/01/2011] [04:33 19/01/2008] 87C2D0377B23E2D8A41093C2F5FB1A5B
cewmdm.dll --a---- 225792 bytes [19:42 28/01/2011] [04:33 19/01/2008] 83ADC95272B048DFD1563E0EA0F269FB
cfgbkend.dll --a---- 47104 bytes [19:42 28/01/2011] [04:33 19/01/2008] 10211A7098EC0ABE137E9625E6B75434
cfgmgr32.dll --a---- 17408 bytes [19:42 28/01/2011] [04:33 19/01/2008] 1A09CB187440993FA5E24DE1EEB7B916
chsbrkr.dll --a---- 1671680 bytes [08:50 30/01/2011] [05:17 27/05/2008] E0AD35C7525ACB85E11ADB8FDBBED009
chtbrkr.dll --a---- 6103040 bytes [08:50 30/01/2011] [05:17 27/05/2008] 11207151949652C0A93CDA84D82DE303
CHxReadingStringIME.dll --a---- 10752 bytes [08:38 02/11/2006] [09:46 02/11/2006] 7657BDFE061B867A57D2CF3B3D6F901E
ci.dll --a---- 615992 bytes [22:01 16/05/2008] [05:05 22/02/2008] F935DF6F39BC274DEA31BA84071ED89D
cic.dll --a---- 171520 bytes [19:43 28/01/2011] [04:33 19/01/2008] 1FA026C5208D0568F0D069387222B058
CIRCoInst.dll --a---- 7680 bytes [08:55 02/11/2006] [09:46 02/11/2006] 242976D4AEE9EE2A783E2E123FBF8FEE
clb.dll --a---- 13824 bytes [08:32 02/11/2006] [09:46 02/11/2006] 91E6B2F642DC66C7519EF55C4BA5C9F1
clbcatq.dll --a---- 523776 bytes [19:43 28/01/2011] [04:33 19/01/2008] C394079EB162E812D682C73FA96AF6E4
clfsw32.dll --a---- 56832 bytes [19:43 28/01/2011] [04:33 19/01/2008] FC5282802468C396B696A6E07C549BAE
cliconfg.dll --a---- 86016 bytes [09:11 02/11/2006] [09:46 02/11/2006] 3D948C918FCD09DDCA1168A7A823575E
clusapi.dll --a---- 178176 bytes [19:43 28/01/2011] [04:33 19/01/2008] D333058925CE305E39DE8D5AD2B52A46
cmcfg32.dll --a---- 31232 bytes [19:43 28/01/2011] [04:33 19/01/2008] 3382A934DEEFD422CFAE0EDC1AD536A4
cmdial32.dll --a---- 481792 bytes [19:43 28/01/2011] [04:33 19/01/2008] 71DBFE410545CC27E07B5DEFC54063B6
cmicryptinstall.dll --a---- 64512 bytes [19:43 28/01/2011] [04:33 19/01/2008] 1EE1AB885DF48EE50D6F27866E0FC5B2
cmifw.dll --a---- 67584 bytes [19:43 28/01/2011] [04:33 19/01/2008] D59374AA78A8ADDB0EEEF800C40D0BD8
cmipnpinstall.dll --a---- 297472 bytes [19:43 28/01/2011] [04:33 19/01/2008] 31F244C7B382975E062674CCDE836702
cmlua.dll --a---- 32768 bytes [19:43 28/01/2011] [04:33 19/01/2008] D7D9019F5952731303A9FD44ACAA3B43
cmpbk32.dll --a---- 26112 bytes [19:43 28/01/2011] [04:33 19/01/2008] 3709EC685E0076CB20743096C9C7E587
cmstplua.dll --a---- 14336 bytes [19:43 28/01/2011] [04:33 19/01/2008] 73FE91ECFDE60D39DD08D45B1914087E
cmutil.dll --a---- 47616 bytes [19:43 28/01/2011] [04:33 19/01/2008] A38AD4A5F1D5BD5560CE5F0F0A208471
cngaudit.dll --a---- 11776 bytes [08:43 02/11/2006] [09:46 02/11/2006] 7F15B4953378C8B5161D65C26D5FED4D
cnvfat.dll --a---- 31232 bytes [08:31 02/11/2006] [09:46 02/11/2006] CADF54D0DFFBF4413C739BEFF3BCBE57
cofiredm.dll --a---- 26624 bytes [19:43 28/01/2011] [04:34 19/01/2008] EB5EC24F7CF1282D1275D864A5982C69
colbact.dll --a---- 62464 bytes [19:43 28/01/2011] [04:34 19/01/2008] E8DE40DE899656055A1691EE74F75841
COLORCNV.DLL --a---- 161280 bytes [19:43 28/01/2011] [04:34 19/01/2008] B150132B1C8CF562752D065F287D5D57
colorui.dll --a---- 686592 bytes [19:43 28/01/2011] [04:34 19/01/2008] B8124B934DF7B8D6EBD9152A8E0E926F
comcat.dll --a---- 7168 bytes [08:50 02/11/2006] [09:46 02/11/2006] E2F8E6A62013071B07AA8C5BBCF22A4E
comctl32.dll --a---- 531968 bytes [20:56 29/01/2011] [15:40 31/08/2010] 457366B876CEAB9E92DDF976B8520CB6
comdlg32.dll --a---- 450048 bytes [19:43 28/01/2011] [04:34 19/01/2008] D71266E0E06421E81CA85F2346B7EE9E
COMMDLG.DLL --a---- 32816 bytes [07:10 02/11/2006] [07:10 02/11/2006] FF924F8AD691F25E5772B6E1A635831A
CompatUI.dll --a---- 282624 bytes [19:43 28/01/2011] [04:34 19/01/2008] 18BC013FD5A9F5BA2068119C83D550D9
compobj.dll --a---- 27792 bytes [07:29 02/11/2006] [21:35 18/09/2006] CD91F7B8E44CF4FC5E61359FBC5118C6
compstui.dll --a---- 276480 bytes [19:43 28/01/2011] [04:34 19/01/2008] AF2CAAAF1E82C14F37F5BD7D1E6E18E1
comrepl.dll --a---- 91648 bytes [19:43 28/01/2011] [04:34 19/01/2008] D7BC0EB22AA1B64AFC6F92A7F15A6161
comres.dll --a---- 1291264 bytes [19:43 28/01/2011] [02:48 19/01/2008] 4211249955AF9133E2E357CC92B54DFD
comsnap.dll --a---- 220160 bytes [19:43 28/01/2011] [04:34 19/01/2008] 973642071FD324603235AFD9B1B199AA
comsvcs.dll --a---- 1208320 bytes [19:43 28/01/2011] [04:34 19/01/2008] EE11E4FE19D61275246E5772BC1EC795
comuid.dll --a---- 593408 bytes [19:43 28/01/2011] [04:34 19/01/2008] A4E094F0BA3E8F239304F08DECAB6482
connect.dll --a---- 1645568 bytes [20:55 21/02/2009] [05:25 21/10/2008] 1C560CA4FBE7675D044273C6B69F3DC1
console.dll --a---- 95744 bytes [08:48 02/11/2006] [09:46 02/11/2006] A1F0DD33896A32DEF25D4A66FCF18F4E
corpol.dll --a---- 17408 bytes [19:43 28/01/2011] [04:34 19/01/2008] BF6F0C2DF119F71C22C00525ADF2EE56
credssp.dll --a---- 15872 bytes [19:43 28/01/2011] [04:34 19/01/2008] 26F139DDEC6407508071930D3D07337E
credui.dll --a---- 178176 bytes [19:43 28/01/2011] [04:34 19/01/2008] 129A64901AAF7205F753090A779A4321
CRPPresentation.dll --a---- 51712 bytes [12:36 02/11/2006] [12:36 02/11/2006] 4768E2F15BB8344670F1A733B9A3FAA0
crtdll.dll --a---- 149019 bytes [06:49 02/11/2006] [09:46 02/11/2006] A6E127E241535C02DE9B9E5C25B70345
crypt32.dll --a---- 977408 bytes [19:43 28/01/2011] [04:34 19/01/2008] D4D86075510C02F887528207D8E0D713
cryptdlg.dll --a---- 24576 bytes [08:48 02/11/2006] [09:46 02/11/2006] 498961DEAAC558A5D85F7596CBCA6DC3
cryptdll.dll --a---- 57856 bytes [19:43 28/01/2011] [04:34 19/01/2008] 459B48188494490707DCA8BAA91AA185
cryptext.dll --a---- 54784 bytes [08:43 02/11/2006] [09:46 02/11/2006] 1175237933305964112F0860A0013E70
cryptnet.dll --a---- 97792 bytes [19:43 28/01/2011] [04:34 19/01/2008] FC4954D8CCDBE5C469F7737525B3300E
cryptsvc.dll --a---- 128000 bytes [19:43 28/01/2011] [04:34 19/01/2008] 6DE363F9F99334514C46AEC02D3E3678
cryptui.dll --a---- 970240 bytes [19:43 28/01/2011] [04:34 19/01/2008] 615A3B1CDA204E8123C5472540D229C0
cscapi.dll --a---- 31744 bytes [19:43 28/01/2011] [04:34 19/01/2008] 693DCDFFD4760CBA41D8D22D34E6911B
cscdll.dll --a---- 22016 bytes [19:43 28/01/2011] [04:34 19/01/2008] FDA6E7599A44BB555F6FA3EF808F3FA3
csellang.dll --a---- 45056 bytes [22:33 06/11/2007] [11:59 01/11/2003] C755C23A5DBDF96A8FE29D6DF3191D95
csrsrv.dll --a---- 49152 bytes [13:35 13/07/2011] [14:44 20/04/2011] A8838BAFFC18781990CF7D7BB9678715
ctl3d32.dll --a---- 27136 bytes [06:49 02/11/2006] [09:46 02/11/2006] 8DA162AA85AB429B015F50BF0A458A5E
ctl3dv2.dll --a---- 27200 bytes [06:25 02/11/2006] [21:43 18/09/2006] 637D88E7A1BEDC4457C80DBC8BA9F135
C_G18030.DLL --a---- 221696 bytes [08:33 02/11/2006] [09:46 02/11/2006] A6EC39D0F91CC9D39EB4D9A4DA703DC5
C_IS2022.DLL --a---- 10240 bytes [08:33 02/11/2006] [09:46 02/11/2006] 04DF4B247EE5179D87F7DC9AF62EE7F7
C_ISCII.DLL --a---- 10752 bytes [08:33 02/11/2006] [09:46 02/11/2006] 37F221A74ED4B656B95730E51B755FA2
d3d10.dll --a---- 1029120 bytes [19:43 28/01/2011] [04:34 19/01/2008] 2B5C45B57745C6B103CEEE40228EB475
d3d10core.dll --a---- 188416 bytes [19:43 28/01/2011] [04:34 19/01/2008] 8EB378F5AF47731B36DD1B4B79BC532D
d3d10_1.dll --a---- 159744 bytes [19:43 28/01/2011] [04:34 19/01/2008] 184233C079DC8477CEA87479491E1593
d3d10_1core.dll --a---- 208896 bytes [19:43 28/01/2011] [04:34 19/01/2008] DAE6F839F39C8D2FE3DBFE21D1C7BA9B
d3d8.dll --a---- 1039360 bytes [19:43 28/01/2011] [04:34 19/01/2008] B123B2E554AD31FC88A7447F551D9FEC
d3d8thk.dll --a---- 11264 bytes [09:03 02/11/2006] [09:46 02/11/2006] CD6DA5770CAE9D5E6E86722E17B442E0
d3d9.dll --a---- 1788928 bytes [19:43 28/01/2011] [04:34 19/01/2008] FAB8F08EC64A54917C07BDB6DC811C95
d3dim.dll --a---- 384512 bytes [19:43 28/01/2011] [04:34 19/01/2008] 15FEF0750BEF3E2DCC28BD4B3828263B
d3dim700.dll --a---- 816128 bytes [19:43 28/01/2011] [04:34 19/01/2008] C166EF14CBC85AC9747DDA3797F30A06
d3dramp.dll --a---- 593920 bytes [09:03 02/11/2006] [09:46 02/11/2006] 0FB3FC6257C60A7D8608F4AA275EE723
d3dxof.dll --a---- 53248 bytes [19:43 28/01/2011] [04:34 19/01/2008] 6C9FF16DA8BFDDA8A57DA0A6769AC8D5
dataclen.dll --a---- 45056 bytes [21:18 29/01/2011] [03:29 26/06/2008] E4C2A84BC3ED47DA2958614DD3E1D181
davclnt.dll --a---- 48640 bytes [12:34 02/11/2006] [12:34 02/11/2006] D306EA7436AC1587463A89BE29B456FB
dbgeng.dll --a---- 1855488 bytes [19:43 28/01/2011] [04:34 19/01/2008] 545EF3D85D22EED9C6CC48CC897ABE73
dbghelp.dll --a---- 798208 bytes [19:43 28/01/2011] [04:34 19/01/2008] 4934241CD20AC87D78121352E3BA8318
dbnetlib.dll --a---- 135168 bytes [19:43 28/01/2011] [04:34 19/01/2008] 0F3334E72FA397B9EE536E1FE6CED525
dbnmpntw.dll --a---- 32768 bytes [09:11 02/11/2006] [09:46 02/11/2006] B50EBE9B12B5DBF2EF2768AEAE4AE0DF
dciman32.dll --a---- 10240 bytes [14:55 19/07/2009] [15:20 15/06/2009] 5C570B80C8283AB9F866FCC61C8D1C13
DDACLSys.dll --a---- 15360 bytes [12:34 02/11/2006] [12:34 02/11/2006] 4168502DD2CD264DB32F62458E227CE4
DDEML.DLL --a---- 39424 bytes [07:10 02/11/2006] [07:10 02/11/2006] CC91779ED74FAE851CD3EA7541DDE488
ddraw.dll --a---- 522752 bytes [19:43 28/01/2011] [04:34 19/01/2008] FA2A3AFADC4FB47DBC234A4E57F92CDB
ddrawex.dll --a---- 30208 bytes [09:03 02/11/2006] [09:46 02/11/2006] 734DAA4FEAC6905BCFB30410D6C7E003
deployJava1.dll --a---- 472808 bytes [16:25 02/04/2011] [16:24 02/04/2011] 27CADAE7E69FEEE773EA55108A8F9F47
deskadp.dll --a---- 47616 bytes [08:47 02/11/2006] [09:46 02/11/2006] 331C2EE749F12F73E47B57B1745BA645
deskmon.dll --a---- 44544 bytes [08:47 02/11/2006] [09:46 02/11/2006] C7E7EA67FC93F1BE6A1C5C5428CC3E8F
deskperf.dll --a---- 39424 bytes [08:47 02/11/2006] [09:46 02/11/2006] 1E4DCCA01376183F96F131DFD90F0323
devenum.dll --a---- 64000 bytes [19:43 28/01/2011] [04:34 19/01/2008] 6950BBCEB21F9C3CB3B52E90960109C3
devmgr.dll --a---- 377344 bytes [19:43 28/01/2011] [04:34 19/01/2008] 9E6707CAC0A742A0B13C6D238532AD18
dfdts.dll --a---- 39936 bytes [19:43 28/01/2011] [04:34 19/01/2008] E496B0BACC7F9B4194FEC610198DA58E
dfrgifps.dll --a---- 10240 bytes [08:32 02/11/2006] [09:46 02/11/2006] D08BEE447883D3432705113D093992E2
DfrgRes.dll --a---- 31744 bytes [06:58 02/11/2006] [09:39 02/11/2006] 26A91CBD8C7C5EC94B819051291DE51F
dfshim.dll --a---- 1130824 bytes [08:11 30/01/2011] [15:55 08/11/2009] FA4B5940B31853ADE67A73026884C8C9
dfsrres.dll --a---- 2048 bytes [12:36 02/11/2006] [12:36 02/11/2006] 74F380C8EC8813626C670D46E8A714D1
DfsShlEx.dll --a---- 53760 bytes [19:43 28/01/2011] [04:34 19/01/2008] 25689B65734D65E4E73256B3D6842C1A
dhcpcmonitor.dll --a---- 10240 bytes [08:56 02/11/2006] [09:46 02/11/2006] 214ABDCD522ED606C63F13DD886D862A
dhcpcsvc.dll --a---- 204288 bytes [19:43 28/01/2011] [04:34 19/01/2008] 43A988A9C10333476CB5FB667CBD629D
dhcpcsvc6.dll --a---- 128000 bytes [19:43 28/01/2011] [04:34 19/01/2008] EEBC4C814729C50E7D21EF70CF3E2B4A
DHCPQEC.DLL --a---- 66048 bytes [19:43 28/01/2011] [04:34 19/01/2008] FAF3D589C7E28315EBFCDFA4EE9C610E
dhcpsapi.dll --a---- 61440 bytes [19:43 28/01/2011] [04:34 19/01/2008] 97872E5309026CFBB1AE89FB2FF0AE31
dhcpsoc.dll --a---- 23552 bytes [08:56 02/11/2006] [09:46 02/11/2006] 90A4C232475B0290D81002440D61901D
diagperf.dll --a---- 1078272 bytes [19:43 28/01/2011] [04:34 19/01/2008] 8ACD8E3EA303DA48DB223F4759CFB254
difxapi.dll --a---- 319456 bytes [21:27 11/12/2007] [17:25 10/11/2006] 1BD976DD77B31FE0F25708AD5C1351AE
dimsjob.dll --a---- 35328 bytes [19:43 28/01/2011] [04:34 19/01/2008] 70C6489D56008D75DEDF73226FA63C11
dimsroam.dll --a---- 54784 bytes [19:43 28/01/2011] [04:34 19/01/2008] 494473926B82F6BB550B5E5A29535D34
dinput.dll --a---- 136192 bytes [12:34 02/11/2006] [12:34 02/11/2006] E1D0C7866A544A1BA9CBEDFE7C35F085
dinput8.dll --a---- 159232 bytes [19:43 28/01/2011] [04:34 19/01/2008] 30A742FFCEA6661E501C44DC273C77B1
diskcopy.dll --a---- 1502720 bytes [08:46 02/11/2006] [09:46 02/11/2006] 393E4608AB2C126C73F36B568490C3F1
dispci.dll --a---- 35328 bytes [19:43 28/01/2011] [04:34 19/01/2008] A7D9D1A6C9BDFA4B0B5095A6E8837275
dispex.dll --a---- 32768 bytes [19:43 28/01/2011] [04:34 19/01/2008] CB1F79A5B3551273E55F69DDDCB919E3
dmband.dll --a---- 30208 bytes [12:34 02/11/2006] [12:34 02/11/2006] 63FF8532C5F0AEB4FBB59E201C62150F
dmcompos.dll --a---- 62976 bytes [12:34 02/11/2006] [12:34 02/11/2006] 4E7674D55AD0F4EC611CCCFC87EE8489
dmdlgs.dll --a---- 388096 bytes [19:42 28/01/2011] [04:34 19/01/2008] B4C4990BFA054DF52731300C911B47C6
dmdskmgr.dll --a---- 184320 bytes [19:42 28/01/2011] [04:34 19/01/2008] 8DAAEB693155EB610EAAD9477EEA1875
dmdskres.dll --a---- 536576 bytes [07:31 02/11/2006] [09:39 02/11/2006] E32F751B58E8AF341FAA596B872E7A6F
dmdskres2.dll --a---- 2048 bytes [19:42 28/01/2011] [02:49 19/01/2008] 16BDDB43FC365599A852CD254D0B08DA
dmime.dll --a---- 178688 bytes [19:42 28/01/2011] [04:34 19/01/2008] DA4F262D2C28C760409F161885C80D5C
dmintf.dll --a---- 23040 bytes [08:51 02/11/2006] [09:46 02/11/2006] D42A07C34AFC060CD9ED28010FD9D038
dmloader.dll --a---- 38400 bytes [19:42 28/01/2011] [04:34 19/01/2008] E921E752385C351E6506F5846A2F2E1A
dmocx.dll --a---- 42496 bytes [19:42 28/01/2011] [04:34 19/01/2008] 1D6B201D81CBA88CB4510B6BF96C5CE0
dmscript.dll --a---- 84480 bytes [19:42 28/01/2011] [04:34 19/01/2008] A31E818D43AB419CF2109F413874845C
dmstyle.dll --a---- 105472 bytes [12:34 02/11/2006] [12:34 02/11/2006] FFFF79504FF93FB8DCC5EFA729956AFC
dmsynth.dll --a---- 105472 bytes [19:42 28/01/2011] [04:34 19/01/2008] D9C082BE637BC117D138A5832E167784
dmusic.dll --a---- 101888 bytes [19:42 28/01/2011] [04:34 19/01/2008] 6703723213C2E8C6F2AB6B671DFBA06B
dmutil.dll --a---- 18944 bytes [19:42 28/01/2011] [04:34 19/01/2008] 17D68D0FF76BCDC0B0F851056259D32A
dmvdsitf.dll --a---- 131584 bytes [19:42 28/01/2011] [04:34 19/01/2008] DFB8564A8D01C19688C0A5CC50EF3397
dnsapi.dll --a---- 167936 bytes [05:20 03/05/2011] [14:49 02/03/2011] 5665120753FCE7123C4DEACE241EE715
dnshc.dll --a---- 48128 bytes [19:42 28/01/2011] [04:34 19/01/2008] 7E2849AF13D7133D58877516F58882E2
dnsrslvr.dll --a---- 86528 bytes [05:19 03/05/2011] [14:49 02/03/2011] 4805D9A6D281C7A7DEFD9094DEC6AF7D
docprop.dll --a---- 36864 bytes [08:46 02/11/2006] [09:46 02/11/2006] 47456BA1763E08AD1E939A4E08A60484
dot3api.dll --a---- 45056 bytes [19:42 28/01/2011] [04:34 19/01/2008] 898ABECCD5F0B9A8E8F1318DDB234685
dot3cfg.dll --a---- 49664 bytes [19:42 28/01/2011] [04:34 19/01/2008] B285D9B68B8E012DCDE74794A8097739
dot3dlg.dll --a---- 45568 bytes [19:42 28/01/2011] [04:34 19/01/2008] 26ED466B32392DF1568AF94F9C92E56C
dot3gpclnt.dll --a---- 43008 bytes [19:42 28/01/2011] [04:34 19/01/2008] FB5C247CDD2A333C183F20B345416E13
dot3gpui.dll --a---- 235520 bytes [19:42 28/01/2011] [04:34 19/01/2008] 72763FB32F75CA9E3C6FCBD764ADC80D
dot3msm.dll --a---- 74752 bytes [19:42 28/01/2011] [04:34 19/01/2008] 2C272DBD23AE23E5121F4B4C65FB66D5
dot3svc.dll --a---- 175104 bytes [19:43 28/01/2011] [04:34 19/01/2008] 5AF620A08C614E24206B79E8153CF1A8
dot3ui.dll --a---- 142848 bytes [19:43 28/01/2011] [04:34 19/01/2008] 8071C33E6508EE2A4BDBAB77CFAB807B
dplayx.dll --a---- 212992 bytes [09:03 02/11/2006] [09:46 02/11/2006] B37B6E58C9C466E80985E2FC64478A93
dpmodemx.dll --a---- 23040 bytes [09:03 02/11/2006] [09:46 02/11/2006] AB925FF69D45A174DB3746CB67456059
dpnaddr.dll --a---- 3072 bytes [09:03 02/11/2006] [09:03 02/11/2006] 360D8D66CD1DB48A43995200A0E05FFC
dpnathlp.dll --a---- 56832 bytes [09:03 02/11/2006] [09:46 02/11/2006] 61B994094B444B594A918C9B8B57E251
dpnet.dll --a---- 376320 bytes [19:42 28/01/2011] [04:34 19/01/2008] 8D27B8E9652B1BA65C03D05A816EA940
dpnhpast.dll --a---- 7168 bytes [09:03 02/11/2006] [09:46 02/11/2006] E868F59426C415909BAECA16EA004083
dpnhupnp.dll --a---- 7168 bytes [09:03 02/11/2006] [09:46 02/11/2006] E38069B444D7F3D867E187A40A92890D
dpnlobby.dll --a---- 3072 bytes [09:03 02/11/2006] [09:03 02/11/2006] 9DC63B27DDB6A1855761147E29AF2CF1
dps.dll --a---- 134656 bytes [19:42 28/01/2011] [04:34 19/01/2008] A622E888F8AA2F6B49E9BC466F0E5DEF
dpwsockx.dll --a---- 44032 bytes [09:03 02/11/2006] [09:46 02/11/2006] CEC94850617E2A22ECFD6A4857C2CA1C
dpx.dll --a---- 258560 bytes [19:42 28/01/2011] [04:34 19/01/2008] 4EBDD20AFC19AAECBA2893D128DD5ECD
drmmgrtn.dll --a---- 284672 bytes [19:42 28/01/2011] [04:34 19/01/2008] B2AE82D82C142EAB4A1C57438E1FF414
drmv2clt.dll --a---- 978432 bytes [19:42 28/01/2011] [04:34 19/01/2008] C671FD912E050D53E58AAF2E0A0D3418
drprov.dll --a---- 17920 bytes [09:02 02/11/2006] [09:46 02/11/2006] 582EFE56FC0858E58A6CEBA2A64B02C7
drvstore.dll --a---- 246784 bytes [19:42 28/01/2011] [04:34 19/01/2008] C5B8A25D36B961E20B0ABDEBD591D58A
ds16gt.dLL --a---- 4656 bytes [08:11 02/11/2006] [21:28 18/09/2006] 06D51EF74C4B9CE28B39F2D22D2A8608
ds32gt.dll --a---- 20480 bytes [09:10 02/11/2006] [09:46 02/11/2006] B0410170D43C03602B3EDA91A38E3F06
dsauth.dll --a---- 29696 bytes [19:42 28/01/2011] [04:34 19/01/2008] 474F35F4AA33C4E2F20CE28BB7C81C80
dsdmo.dll --a---- 173568 bytes [19:42 28/01/2011] [04:34 19/01/2008] C002F160632EC24BCC7BB3E5EB18E6DA
dskquota.dll --a---- 86528 bytes [19:42 28/01/2011] [04:34 19/01/2008] 721BAA64EF443D9033F2330F0FF8C70B
dskquoui.dll --a---- 190976 bytes [19:42 28/01/2011] [04:34 19/01/2008] 3E6B0F599CF73E00E018C9E1C0E83560
dsound.dll --a---- 444416 bytes [19:42 28/01/2011] [04:34 19/01/2008] 8A7B8DA5CA558D2DE47086BB23556543
dsprop.dll --a---- 137728 bytes [19:42 28/01/2011] [04:34 19/01/2008] 533A5740CDFB55DD227E8664911978EE
dsquery.dll --a---- 394240 bytes [19:42 28/01/2011] [04:34 19/01/2008] B2232AE63F84539B3416EDF1B4240A4A
dssec.dll --a---- 44032 bytes [19:42 28/01/2011] [04:34 19/01/2008] 4C7D8D9885ACD8E6E8349B14F008A21F
dssenh.dll --a---- 155704 bytes [19:42 28/01/2011] [04:38 19/01/2008] C8DBFEF835FF54467425C8F3ABCF7046
dsuiext.dll --a---- 616448 bytes [19:42 28/01/2011] [04:34 19/01/2008] 3EC9043C392B7A335AE4D79A2FF4FB38
dswave.dll --a---- 20992 bytes [12:34 02/11/2006] [12:34 02/11/2006] C16B856DD2635281ACB4B964EBA69328
dtsh.dll --a---- 28672 bytes [08:56 02/11/2006] [09:46 02/11/2006] 3E84D1C35E920DD699E299D2F91755A6
duser.dll --a---- 183808 bytes [19:42 28/01/2011] [04:34 19/01/2008] 75EB73E64F5B4655D9797D20F26DE320
dwmapi.dll --a---- 39936 bytes [19:42 28/01/2011] [04:34 19/01/2008] 9B96F6952186336CC6E3D4E08BE2E0AF
dwmredir.dll --a---- 81920 bytes [19:42 28/01/2011] [04:34 19/01/2008] D80C6539C00CB4F5D59066865479C308
dxdiagn.dll --a---- 195072 bytes [19:42 28/01/2011] [04:34 19/01/2008] 76D5F7FB4FBC83E88B8321226EF3055D
dxgi.dll --a---- 171520 bytes [19:42 28/01/2011] [04:34 19/01/2008] BA29E0F81A45A6DC0F0FDD1F11A7CB9C
dxmasf.dll --a---- 4096 bytes [01:51 29/08/2009] [12:59 14/07/2009] 646B31827D4593E8F1205AB5D77025FA
dxtmsft.dll --a---- 347136 bytes [19:42 28/01/2011] [04:34 19/01/2008] B68FCC1F8684AB3EC4BE4D0A2537D26D
dxtrans.dll --a---- 214528 bytes [19:42 28/01/2011] [04:34 19/01/2008] D12FEB0E3EA6063A65A5498ED90FD790
dxva2.dll --a---- 64512 bytes [19:42 28/01/2011] [04:34 19/01/2008] EFD278F8129EE12F1D4AE0250494B791
eapp3hst.dll --a---- 187904 bytes [19:42 28/01/2011] [04:34 19/01/2008] 135F88CA5CD7651AE812104D15A2959B
eappcfg.dll --a---- 135680 bytes [19:42 28/01/2011] [04:34 19/01/2008] 7AB5D82A29B778911445653058886D24
eappgnui.dll --a---- 93696 bytes [19:42 28/01/2011] [04:34 19/01/2008] 8C753B41D808870267CECF920903CA92
eapphost.dll --a---- 181760 bytes [19:42 28/01/2011] [04:34 19/01/2008] 0AF64A7B89F34A51FCF25E1F360CCA39
eappprxy.dll --a---- 41472 bytes [19:43 28/01/2011] [04:34 19/01/2008] 9D9FFC923FADBB575E0452EA0BBB15BD
EAPQEC.DLL --a---- 67584 bytes [19:43 28/01/2011] [04:34 19/01/2008] 7D7960C85E4259F3B90EB4B742616BFF
eapsvc.dll --a---- 57344 bytes [19:43 28/01/2011] [04:34 19/01/2008] C0B95E40D85CD807D614E264248A45B9
efsadu.dll --a---- 86528 bytes [19:43 28/01/2011] [04:34 19/01/2008] 00A737302C14977A7B3F49CD982C710D
els.dll --a---- 179200 bytes [19:43 28/01/2011] [04:34 19/01/2008] 3327D8A301A3FEC73B450C0BC130D616
emdmgmt.dll --a---- 565248 bytes [21:18 29/01/2011] [03:29 26/06/2008] 70B1A86DF0C8EAD17D2BC332EDAE2C7C
encapi.dll --a---- 20480 bytes [09:03 02/11/2006] [09:46 02/11/2006] 160BCCD17B361FDA8667F770C870EB4D
EncDec.dll --a---- 429056 bytes [14:14 20/03/2011] [17:41 29/12/2010] E80A99C3FD3FC7C7D967A3436D7541C2
EncDump.dll --a---- 169984 bytes [19:43 28/01/2011] [04:34 19/01/2008] E146357975D701F398D2D28EAEE6FE3B
eqossnap.dll --a---- 54784 bytes [08:57 02/11/2006] [09:46 02/11/2006] 523719F4E7786DF8F515DE7628E75A22
es.dll --a---- 269312 bytes [17:52 24/08/2008] [05:48 18/04/2008] 3CB3343D720168B575133A0A20DC2465
escli32.dll --a---- 135680 bytes [15:50 24/08/2007] [15:50 24/08/2007] 67FF6FC61409818272B12D134F705DE2
esent.dll --a---- 1452544 bytes [19:43 28/01/2011] [04:34 19/01/2008] 219F279E9A34C94538647191AB76C735
esentprf.dll --a---- 36352 bytes [19:43 28/01/2011] [04:34 19/01/2008] 2A238698EAF925970630CEEBAD0A6D35
eventcls.dll --a---- 19968 bytes [19:43 28/01/2011] [04:34 19/01/2008] 197FE5C1FEC75B1700ED92041707D5D1
evr.dll --a---- 485888 bytes [19:43 28/01/2011] [04:34 19/01/2008] F2B888A05576232F74A07A5724366B33
ExplorerFrame.dll --a---- 20992 bytes [19:43 28/01/2011] [04:34 19/01/2008] B43DC259D9D66075D0E1BCB8A235CBBD
expsrv.dll --a---- 380957 bytes [06:47 02/11/2006] [09:46 02/11/2006] 254C64B570A99F10952ACA71F24A2236
extmgr.dll --a---- 133120 bytes [19:43 28/01/2011] [04:34 19/01/2008] 60C542505373E68F33852AB852B948DF
f3ahvoas.dll --a---- 7168 bytes [19:43 28/01/2011] [04:28 19/01/2008] 3B19CA039CB839162CC41790C1AB0897
Faultrep.dll --a---- 147456 bytes [21:19 29/01/2011] [04:56 18/09/2008] C282D25118D0F0605CDA33A9173E1296
fde.dll --a---- 131072 bytes [19:43 28/01/2011] [04:34 19/01/2008] 564347E36A0C80CECC5312B3E55B6F79
fdeploy.dll --a---- 53760 bytes [19:43 28/01/2011] [04:34 19/01/2008] E9C0D05B5DFB271DA058513A354E30E5
fdPHost.dll --a---- 13312 bytes [19:43 28/01/2011] [04:34 19/01/2008] 6629B5F0E98151F4AFDD87567EA32BA3
fdProxy.dll --a---- 20992 bytes [08:37 02/11/2006] [09:46 02/11/2006] B7BF68E1FEE5FBC360FABDF8C4F4540A
FDResPub.dll --a---- 27648 bytes [08:37 02/11/2006] [09:46 02/11/2006] 89ED56DCE8E47AF40892778A5BD31FD2
fdSSDP.dll --a---- 68096 bytes [19:43 28/01/2011] [04:34 19/01/2008] 88940E369CE544704662621267C6615E
fdWCN.dll --a---- 69120 bytes [19:43 28/01/2011] [04:34 19/01/2008] 273BF07C25F53DE7F974818987A4D587
fdWNet.dll --a---- 24576 bytes [08:37 02/11/2006] [09:46 02/11/2006] B648523B2D8C5FCADE412B2ED4761239
fdWSD.dll --a---- 67072 bytes [19:43 28/01/2011] [04:34 19/01/2008] 3D1FB16287644240A6DAF3C7D80E6BB0
feclient.dll --a---- 54272 bytes [19:43 28/01/2011] [04:34 19/01/2008] 4FB37EC51BDB2A6543F1F712555B9579
filemgmt.dll --a---- 442368 bytes [19:43 28/01/2011] [04:34 19/01/2008] 90438B514A5AC6A23602484A907E20A7
findnetprinters.dll --a---- 64512 bytes [19:43 28/01/2011] [04:34 19/01/2008] 3133CA3734379D9C79868819DB7DA7BC
FirewallAPI.dll --a---- 403968 bytes [19:43 28/01/2011] [04:34 19/01/2008] 95F1EB99B81CFD6F581C85F0A0AA9B2B
fltLib.dll --a---- 14848 bytes [08:30 02/11/2006] [09:46 02/11/2006] A9542FF2E9A82CF100E5729EC79068F0
FM20.DLL --a---- 1193320 bytes [07:28 07/07/2011] [07:28 07/07/2011] 09B2ED06BB44815B2B5803F5C67E00E3
FM20ENU.DLL --a---- 33088 bytes [22:10 26/10/2006] [22:10 26/10/2006] F2CE3C8E63F770DB3E59D503CE4CC311
fmifs.dll --a---- 23040 bytes [19:43 28/01/2011] [04:34 19/01/2008] 68886FE98B9DAAD197828AB065AA8AE1
fontext.dll --a---- 142336 bytes [19:43 28/01/2011] [04:34 19/01/2008] 30E6F401DF9897B20006FE095B436FAE
fontsub.dll --a---- 72704 bytes [21:23 29/01/2011] [15:12 16/06/2010] AE1CE06514A11F92ED9AA3EE1361D00B
fphc.dll --a---- 50688 bytes [19:42 28/01/2011] [04:34 19/01/2008] 2D5DC9A16B7BEB3349B86C718D9DD28C
framebuf.dll --a---- 11776 bytes [19:42 28/01/2011] [02:52 19/01/2008] F78FDA952245ECBE6DC03CBEDD86C1CA
framedyn.dll --a---- 202240 bytes [19:42 28/01/2011] [04:34 19/01/2008] FC51A0C86E48EDEF589D0F882FA30FC6
framedynos.dll --a---- 204800 bytes [19:42 28/01/2011] [04:34 19/01/2008] 67BB7141F7F5F37411F796943B3418B6
fundisc.dll --a---- 146944 bytes [19:42 28/01/2011] [04:34 19/01/2008] D547391C463E4B329B597A3BC07EA29D
fwcfg.dll --a---- 54272 bytes [19:42 28/01/2011] [04:34 19/01/2008] 060D77BFD6076EFD7029DB2B3F63B202
FWPUCLNT.DLL --a---- 595456 bytes [19:42 28/01/2011] [04:34 19/01/2008] 20B7CE241E4AF5356D5A69ACF37B0038
FwRemoteSvr.dll --a---- 28672 bytes [17:52 24/08/2008] [07:34 19/01/2008] 988963E9E07787E1D8F99DC1F452213D
gacinstall.dll --a---- 50176 bytes [19:42 28/01/2011] [04:33 19/01/2008] 5DA8400A6310992A3DD57A6345FBBD39
gameux.dll --a---- 1695744 bytes [16:46 31/05/2008] [04:21 08/03/2008] 94A92ADE4BB64E24C668645F5B9A6FCA
GameUXLegacyGDFs.dll --a---- 4240384 bytes [05:17 03/05/2011] [13:01 03/03/2011] 4FB0D7237080269A903C4A17A369C1E9
gcdef.dll --a---- 120832 bytes [12:34 02/11/2006] [12:34 02/11/2006] 73CE486A17A861D017983488A57B3C49
gdi32.dll --a---- 296960 bytes [20:56 21/02/2009] [05:25 21/10/2008] 766DC8261DB0AC993B301DC29BD475DD
getuname.dll --a---- 7168 bytes [12:34 02/11/2006] [12:34 02/11/2006] B9DE3DE759449B04B62774B52A5FB39B
glmf32.dll --a---- 315392 bytes [09:04 02/11/2006] [09:46 02/11/2006] 537C0FA208B82CE83EF6E0506F67F919
glu32.dll --a---- 133632 bytes [09:04 02/11/2006] [09:46 02/11/2006] 7A137514F4E48ECDBDD1F29CF7E8D5A4
gpapi.dll --a---- 75264 bytes [19:42 28/01/2011] [04:34 19/01/2008] EC366A76243A6755146F802F7D60E4B6
gpedit.dll --a---- 936960 bytes [19:42 28/01/2011] [04:34 19/01/2008] E3DDEB38C6303086F79C6B7E83C372C8
gpsvc.dll --a---- 574464 bytes [19:42 28/01/2011] [04:34 19/01/2008] D9F1113D9401185245573350712F92FC
gptext.dll --a---- 16896 bytes [08:43 02/11/2006] [09:46 02/11/2006] 887B850931DA8743FB512453D35FC78D
GuidedHelp.dll --a---- 69120 bytes [19:42 28/01/2011] [04:34 19/01/2008] 187B1207C85298BA8A07E29746F6DB17
hal.dll --a---- 177208 bytes [10:25 02/11/2006] [04:42 19/01/2008] A00B0EDD048786E30EBB2DA65D9A8F74
halacpi.dll --a---- 141880 bytes [08:30 02/11/2006] [04:42 19/01/2008] 37397E3A201ED97976764ADC7C026D31
halmacpi.dll --a---- 177208 bytes [08:30 02/11/2006] [04:42 19/01/2008] A00B0EDD048786E30EBB2DA65D9A8F74
hbaapi.dll --a---- 40960 bytes [19:42 28/01/2011] [04:34 19/01/2008] 5B4E923CB8E5A9028372B7BC16D420CD
hccoin.dll --a---- 8704 bytes [21:54 06/11/2007] [06:46 02/11/2006] 0F6AA9781875A7822B6D82B920351349
hccutils.dll --a---- 102400 bytes [23:10 13/09/2007] [23:10 13/09/2007] A0266B3B37D78717C207715E681155E8
hcrstco.dll --a---- 15872 bytes [19:42 28/01/2011] [04:34 19/01/2008] 01CA5388F3991B9AF886FE5FBDCE4E5C
HelpPaneProxy.dll --a---- 67072 bytes [19:42 28/01/2011] [04:34 19/01/2008] 627AFB8E607DF6DE6E0D81FFDC5E4C4C
hhsetup.dll --a---- 43008 bytes [09:11 02/11/2006] [09:46 02/11/2006] 75C594669717137332364E44C38777E1
hid.dll --a---- 22016 bytes [08:55 02/11/2006] [09:46 02/11/2006] 8269CC01940A202BBB9FDF26705DBD67
hidserv.dll --a---- 25600 bytes [08:55 02/11/2006] [09:46 02/11/2006] 8FA640195279ACE21BEA91396A0054FC
hlink.dll --a---- 83968 bytes [19:42 28/01/2011] [04:34 19/01/2008] 70F60DE5F06CDF8E0B8B48E3BCE82987
hlp95en.dll -ra---- 41296 bytes [16:30 04/06/2007] [16:30 04/06/2007] 26D2DA28F951A7D34F88FAEBB8AFD764
hnetcfg.dll --a---- 289792 bytes [19:42 28/01/2011] [04:34 19/01/2008] A952D0DED445F26AEFCF593A935AB300
hnetmon.dll --a---- 14848 bytes [19:42 28/01/2011] [04:34 19/01/2008] 9D6196134EF28C11CA48FB06171BCFC3
hotplug.dll --a---- 53248 bytes [08:33 02/11/2006] [09:46 02/11/2006] CC35526DAFA17AD4BAC7D2F6A4B317D2
HotStartUserAgent.dll --a---- 21504 bytes [19:42 28/01/2011] [04:34 19/01/2008] 782C8019C89920A77B1907AD3B4C8FF9
httpapi.dll --a---- 31232 bytes [07:04 22/03/2010] [23:37 20/02/2010] A1AE533904205E4FAC30107D15A489D3
htui.dll --a---- 33792 bytes [08:38 02/11/2006] [09:46 02/11/2006] 34F56B362EB59EF75A47B8136DBD3A43

JonEJet
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-07-16
OS OS : XP
Points Points : 30186
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Sun Jun 03, 2012 12:25 am

ias.dll --a---- 18944 bytes [19:42 28/01/2011] [04:34 19/01/2008] 7A5F8218325F00396DAEA2F985FA0ECB
iasacct.dll --a---- 56832 bytes [19:42 28/01/2011] [04:34 19/01/2008] 2BC8EEBEA04923FAA8AA885FC9CC5203
iasads.dll --a---- 54784 bytes [14:57 07/06/2009] [04:37 03/03/2009] 5BF527FDED21C048DDBFF3CBB0162EB9
iasdatastore.dll --a---- 44032 bytes [14:57 07/06/2009] [04:37 03/03/2009] 3B1031992C86A5B2CC773C981347D88F
iashlpr.dll --a---- 69120 bytes [19:42 28/01/2011] [04:34 19/01/2008] 19D621721576EE5461D34C8D25A1312C
IasMigPlugin.dll --a---- 445952 bytes [19:42 28/01/2011] [04:36 19/01/2008] F5D2CAD4596E82008507C20610963AC7
iasnap.dll --a---- 147968 bytes [19:42 28/01/2011] [04:34 19/01/2008] 20A3CABD3AADB2C802EADDCE02663BFB
iaspolcy.dll --a---- 31744 bytes [19:42 28/01/2011] [04:34 19/01/2008] 6C3A636D2AB942C3DD5E44D986D5388F
iasrad.dll --a---- 156672 bytes [19:42 28/01/2011] [04:34 19/01/2008] C91CFEE130A7B73F34EF08BC60AC0B13
iasrecst.dll --a---- 98304 bytes [14:57 07/06/2009] [04:37 03/03/2009] 8AC833A318E5C7CAAFA07B48B71525D0
iassam.dll --a---- 180224 bytes [19:42 28/01/2011] [04:34 19/01/2008] E60EBACC9CF64FCF272BD36F1CF4AA2B
iassdo.dll --a---- 251392 bytes [19:42 28/01/2011] [04:34 19/01/2008] D0CFD9E20813131A07BE70F15C896B39
iassvcs.dll --a---- 74752 bytes [19:42 28/01/2011] [04:34 19/01/2008] 47DAC094BAD838A9301ED3F85F86B2E7
icaapi.dll --a---- 15872 bytes [19:42 28/01/2011] [04:34 19/01/2008] 0C84B6AFFA7486422235584110D7176F
icardie.dll --a---- 63488 bytes [19:42 28/01/2011] [04:34 19/01/2008] 1326580EB728C28DB5AF9F1F77609779
icardres.dll --a---- 11264 bytes [07:25 30/08/2009] [01:17 20/06/2008] A5B16E32FB4E800BAB31AFAD5E4297A0
iccvid.dll --a---- 81920 bytes [21:21 29/01/2011] [19:16 27/05/2010] 0BA29E7DAF836AB1D9AA69164DC78560
icfupgd.dll --a---- 87552 bytes [19:42 28/01/2011] [04:34 19/01/2008] 57326C19D26A51C15DC44D543893B70E
icm32.dll --a---- 215040 bytes [19:42 28/01/2011] [04:34 19/01/2008] 2C7B4E944A48B9A07B7BF2AB262F197E
icmp.dll --a---- 3072 bytes [08:58 02/11/2006] [09:39 02/11/2006] DCA3FA9F9DD103DC39C24C85EF073DB1
icmui.dll --a---- 21504 bytes [08:38 02/11/2006] [09:46 02/11/2006] 53758777EF2425CA0A29A255318081FE
IconCodecService.dll --a---- 9728 bytes [12:34 02/11/2006] [12:34 02/11/2006] 08578F3CA5365F896D90CE2BF97FD000
icsfiltr.dll --a---- 142336 bytes [19:42 28/01/2011] [04:34 19/01/2008] 7BFE0195B13260AC2C9E574F9CEC3DEA
icsigd.dll --a---- 195584 bytes [08:56 02/11/2006] [09:46 02/11/2006] BBC1428E855C94BB22D2F09742606A1D
idndl.dll --a---- 26112 bytes [19:42 28/01/2011] [04:34 19/01/2008] D1AA18D4C77734A04FF19C34CAD414B9
ieakeng.dll --a---- 153088 bytes [19:42 28/01/2011] [04:34 19/01/2008] 0C896EA5979BDA2D96244F0A683F806E
ieaksie.dll --a---- 230400 bytes [19:45 14/06/2011] [14:57 21/04/2011] 4E1538D0D4E50E740B7A1C6ADF36A6BD
ieakui.dll --a---- 161792 bytes [07:27 02/11/2006] [09:39 02/11/2006] 12AAC4E20477230F6F8F2D7148D8775C
ieapfltr.dll --a---- 380928 bytes [19:45 14/06/2011] [14:57 21/04/2011] D5E8F09E9DB9EB3A81925F7E634B95BE
iedkcs32.dll --a---- 389120 bytes [19:45 14/06/2011] [14:57 21/04/2011] CBB281A0F9CA0C6349243EBD14F0F09F
ieencode.dll --a---- 78336 bytes [19:45 14/06/2011] [14:57 21/04/2011] 72A30D23699C936CB69F4EA24103B409
ieframe.dll --a---- 6078976 bytes [19:46 14/06/2011] [14:57 21/04/2011] 92047ADE3FE9FF51132BC14FB8D77997
iepeers.dll --a---- 193024 bytes [19:45 14/06/2011] [14:57 21/04/2011] 43AB7846279A09104E5E04CCE8B241BE
iernonce.dll --a---- 44544 bytes [19:42 28/01/2011] [04:34 19/01/2008] 7FDD0F988ED5EE0940FD6B6935FDEEA8
iertutil.dll --a---- 270848 bytes [19:45 14/06/2011] [14:57 21/04/2011] 962ABFB0805210936F0C149F9154BEDF
iesetup.dll --a---- 69120 bytes [19:42 28/01/2011] [04:34 19/01/2008] 4546EAA7EBE7C035FED0FD9519C69A11
ieui.dll --a---- 180736 bytes [17:52 24/08/2008] [07:34 19/01/2008] F2F627E24FC6ADF67526840D68A3544D
ifmon.dll --a---- 29696 bytes [19:42 28/01/2011] [04:34 19/01/2008] CAA1B5B3F7A20C93EBF71879B2C92FA1
ifsutil.dll --a---- 123392 bytes [19:42 28/01/2011] [04:34 19/01/2008] EE3ECC1BC7CFE6B121291F85CA1831C4
ifsutilx.dll --a---- 8704 bytes [08:31 02/11/2006] [09:46 02/11/2006] 2D95611E5FB24A34CFC51E406F63CE55
ifxcardm.dll --a---- 101888 bytes [10:32 02/11/2006] [20:32 28/01/2011] 4709B08070AAD89BB6B40E4014321F59
ig4dev32.dll --a---- 1585152 bytes [23:18 13/09/2007] [23:18 13/09/2007] F1F3C5FD454BD5AC82DF1E2177E93F93
ig4icd32.dll --a---- 2408448 bytes [23:18 13/09/2007] [23:18 13/09/2007] E822BB6083F1E7143E6D14D37A14E677
igdumd32.dll --a---- 2498560 bytes [23:23 13/09/2007] [23:23 13/09/2007] 4E5464EC70A2BE2B250AEE6670CC326B
igfxCoIn_v1329.dll --a---- 147456 bytes [23:31 13/09/2007] [23:31 13/09/2007] 97439785D12250584BE34FC0B45BE419
igfxdev.dll --a---- 204800 bytes [23:10 13/09/2007] [23:10 13/09/2007] FD3D1416A3F877579395C750C4646DD2
igfxdo.dll --a---- 135168 bytes [23:10 13/09/2007] [23:10 13/09/2007] 5A9D42F04D3CA21CE9D48823236FECA3
igfxexps.dll --a---- 24576 bytes [23:10 13/09/2007] [23:10 13/09/2007] 626518672B4FAAD33FDA098CE3F67F47
igfxpph.dll --a---- 204800 bytes [23:10 13/09/2007] [23:10 13/09/2007] 5C95EC2EC78D58DF49386AF536A1AF6A
igfxres.dll --a---- 172032 bytes [21:42 11/12/2007] [23:09 13/09/2007] 302FA017F821568405DABB4DFC4C5F81
igfxress.dll --a---- 3293184 bytes [23:09 13/09/2007] [23:09 13/09/2007] 4BD93DC3E55A77808DF36AF322425DC3
igfxsrvc.dll --a---- 48128 bytes [23:10 13/09/2007] [23:10 13/09/2007] 792ABC1CB4E5BC538C0DAE212E005449
igfxTMM.dll --a---- 249856 bytes [23:11 13/09/2007] [23:11 13/09/2007] 5B636388F65B3D73A50BB397F275CF34
igmedcompkrn.dll --a---- 104636 bytes [23:22 13/09/2007] [23:22 13/09/2007] 0718DB2C7C5869962F0F0AEA98B369F2
igmedkrn.dll --a---- 1238832 bytes [23:22 13/09/2007] [23:22 13/09/2007] CFDDD62F58132DE4B6E9DBAE0DD719BA
IKEEXT.DLL --a---- 438272 bytes [19:42 28/01/2011] [04:34 19/01/2008] A3BC480A2BF8AA8E4DABD2D5DCE0AFAC
imagehlp.dll --a---- 153088 bytes [19:42 28/01/2011] [04:34 19/01/2008] 8C55A6333DAFAB88E44C040C55179274
imageres.dll --a---- 15821312 bytes [07:26 02/11/2006] [09:39 02/11/2006] 111C47816F39A91EAAA18DA0A54E8E63
imagesp1.dll --a---- 705536 bytes [19:42 28/01/2011] [04:29 19/01/2008] 8FC5891A577F4F125874A0179D1FA749
imapi.dll --a---- 105984 bytes [19:42 28/01/2011] [04:34 19/01/2008] 9B5DCC24BB742E8C0B2E32F9C1A6B500
imapi2.dll --a---- 320512 bytes [19:42 28/01/2011] [04:34 19/01/2008] A5BFB7EA350091649F7F1B2B6C2A67C2
imapi2fs.dll --a---- 496128 bytes [19:42 28/01/2011] [04:34 19/01/2008] 87732F039721E805CDD34D45238FEF80
IMGMAN32.DLL --a---- 339968 bytes [16:45 28/12/2010] [22:50 14/10/2010] 86C5AAC31EA7909121327701045F74BD
imgutil.dll --a---- 36352 bytes [19:42 28/01/2011] [04:34 19/01/2008] 5A005676A0252FBAFEC8F68162EB9F88
IMHOST32.DLL --a---- 98345 bytes [16:45 28/12/2010] [22:50 14/10/2010] 232565D4769CE44745A87CF466E91952
IMJP10K.DLL --a---- 729088 bytes [19:42 28/01/2011] [04:34 19/01/2008] 17AD940BB87CFC71F5F16884836759B0
imm32.dll --a---- 114688 bytes [19:42 28/01/2011] [04:34 19/01/2008] EC17194A193CD8E90D27CFB93DFA9A2E
inetcomm.dll --a---- 738816 bytes [19:45 14/06/2011] [15:58 02/05/2011] D4E26869D0BC72FB6C186926B899E3ED
inetmib1.dll --a---- 52736 bytes [19:42 28/01/2011] [04:34 19/01/2008] 12E8A79644955A6D1D371CBD7DA7C871
inetpp.dll --a---- 120832 bytes [19:42 28/01/2011] [04:34 19/01/2008] CDE0805636000414E22EB36FBAB61EEE
inetppui.dll --a---- 15360 bytes [19:42 28/01/2011] [04:34 19/01/2008] CC7288189C296473C7D8C8D98D1C94C9
INETRES.dll --a---- 84480 bytes [07:28 02/11/2006] [08:48 02/11/2006] 64B0D18454E65B61B39D3704A9C8EA4D
infocardapi.dll --a---- 97800 bytes [07:26 30/08/2009] [01:17 20/06/2008] BE862A0E29BC39863F5568FE83A8B8BA
InkEd.dll --a---- 217600 bytes [19:42 28/01/2011] [04:34 19/01/2008] 43861C174257DFCD85F65A7610CC7686
input.dll --a---- 200704 bytes [19:42 28/01/2011] [04:34 19/01/2008] 7E60A6CAF2FFFBAF1E2A6A88AF45B45C
inseng.dll --a---- 93696 bytes [19:44 28/01/2011] [04:34 19/01/2008] 4023E0174BE81A68D64F4E8F0B280849
iologmsg.dll --a---- 2048 bytes [07:30 02/11/2006] [09:39 02/11/2006] EF51752BA6A2E63ABE825B2D0B70D9E4
IPBusEnum.dll --a---- 74240 bytes [19:44 28/01/2011] [04:34 19/01/2008] 9AC218C6E6105477484C6FDBE7D409A4
IPBusEnumProxy.dll --a---- 10752 bytes [08:37 02/11/2006] [09:46 02/11/2006] BF730197C601FC79AF5B4819E2A3E5C5
IPHLPAPI.DLL --a---- 91648 bytes [19:44 28/01/2011] [04:34 19/01/2008] 3E7978C513204CAA21E455D0F31F7F61
iphlpsvc.dll --a---- 190464 bytes [12:15 14/04/2010] [14:11 18/02/2010] 6A35D233693EDC29A12742049BC5E37F
ipnathlp.dll --a---- 288256 bytes [19:44 28/01/2011] [04:34 19/01/2008] E1499BD0FF76B1B2FBBF1AF339D91165
iprop.dll --a---- 3072 bytes [08:50 02/11/2006] [09:39 02/11/2006] 2C1FAD993573A4F995A911C7D4F79C94
iprtprio.dll --a---- 8192 bytes [19:44 28/01/2011] [04:34 19/01/2008] B7027CF0CD31C820928950CBFE7E91EF
iprtrmgr.dll --a---- 252416 bytes [19:44 28/01/2011] [04:34 19/01/2008] 469C9DFA4A9E09B811324EEE91C71C5B
ipsecsnp.dll --a---- 758784 bytes [19:44 28/01/2011] [04:34 19/01/2008] 996FDFB624E045A321733698316A6AA3
IPSECSVC.DLL --a---- 361984 bytes [17:52 24/08/2008] [03:31 19/06/2008] 47B8F37AA18B74D8C2E1BC1A7A2C8F8A
ipsmsnap.dll --a---- 396288 bytes [19:44 28/01/2011] [04:34 19/01/2008] 9CA3FCB7269998FFA5FC9DBF39D1F444
ir32_32.dll --a---- 197632 bytes [12:34 02/11/2006] [12:34 02/11/2006] 6ED0E5F422B58F30E32F90D3F57AB1FD
ir41_qc.dll --a---- 120320 bytes [07:51 02/11/2006] [09:46 02/11/2006] 22C2554CBE87068A442BDE4398ECA4A3
ir41_qcx.dll --a---- 120320 bytes [07:51 02/11/2006] [09:46 02/11/2006] 22C2554CBE87068A442BDE4398ECA4A3
ir50_32.dll --a---- 746496 bytes [07:51 02/11/2006] [09:46 02/11/2006] BB4ACB7C13607AF48E8B8580ED6A09D8
ir50_qc.dll --a---- 200192 bytes [07:51 02/11/2006] [09:46 02/11/2006] 4AA42C2C4B4A23D706BFC842796617CB
ir50_qcx.dll --a---- 200192 bytes [07:51 02/11/2006] [09:46 02/11/2006] 4AA42C2C4B4A23D706BFC842796617CB
irclass.dll --a---- 15360 bytes [08:57 02/11/2006] [09:46 02/11/2006] 1F07CCA209BCC441075BCFE48576B82C
irmon.dll --a---- 17920 bytes [08:57 02/11/2006] [09:46 02/11/2006] CBB0D940221A281BCFEAEA695BD1CDA5
iscsicpl.dll --a---- 209920 bytes [08:52 02/11/2006] [09:46 02/11/2006] F84D0B1B90404D0A27E86F159FBDAC81
iscsidsc.dll --a---- 49152 bytes [08:52 02/11/2006] [09:46 02/11/2006] EA822412BBBA9B7D2B1A3748AD50EFB8
iscsied.dll --a---- 8192 bytes [19:44 28/01/2011] [04:34 19/01/2008] 61C5507090E036D647E4FAC1F5ACB1C6
iscsiexe.dll --a---- 111616 bytes [19:44 28/01/2011] [04:34 19/01/2008] 85466C0757A23D9A9AECDC0755203CB2
iscsilog.dll --a---- 14848 bytes [19:44 28/01/2011] [02:50 19/01/2008] 360D1E7269C6E44295CD4BEAB3892B5D
iscsium.dll --a---- 28160 bytes [19:44 28/01/2011] [04:34 19/01/2008] DD348DA5669282C80A3DE4D8991DB717
iscsiwmi.dll --a---- 64000 bytes [19:44 28/01/2011] [04:34 19/01/2008] 2C5EE59D59B9A62032368B78DF04509B
itircl.dll --a---- 158208 bytes [09:11 02/11/2006] [09:46 02/11/2006] 764BD26C29640336EBBFC2D121732203
itss.dll --a---- 141824 bytes [19:44 28/01/2011] [04:34 19/01/2008] 08886EFE112F7E5437711FCF6D8B04C1
IVIresize.dll --a---- 20480 bytes [23:13 06/11/2007] [10:57 22/11/2002] E1D4B1D3D1C634E0F5904666FE578E30
IVIresizeA6.dll --a---- 200704 bytes [23:13 06/11/2007] [10:57 22/11/2002] EB79A6540869FAB20201C6D5C02FC633
IVIresizeM6.dll --a---- 192512 bytes [23:13 06/11/2007] [10:57 22/11/2002] D91A2A349BB9E6552BB7361ACE05B174
IVIresizeP6.dll --a---- 192512 bytes [23:13 06/11/2007] [10:57 22/11/2002] F38D5F8C658FA33F907D508A569E1FA8
IVIresizePX.dll --a---- 188416 bytes [23:13 06/11/2007] [10:57 22/11/2002] 08F077F32332858DD274CB9BDEF0BCBC
IVIresizeW7.dll --a---- 204800 bytes [23:13 06/11/2007] [10:57 22/11/2002] 429C8B9FF69F06293B4D37F429F0C7B8
iyuv_32.dll --a---- 50176 bytes [17:52 21/03/2010] [12:31 28/12/2009] 5CFCF7F40BF5FEB82CF4385AC805D538
jnwmon.dll --a---- 19968 bytes [12:35 02/11/2006] [12:35 02/11/2006] B9183B17B4782173F1108192098BD82F
jscript.dll --a---- 512000 bytes [05:20 03/05/2011] [15:32 16/02/2011] DCB288183CF77605110944232C6A2665
jsproxy.dll --a---- 28160 bytes [19:45 14/06/2011] [14:58 21/04/2011] 3964C50F82DE8E833029D58F53B38721
kbd101.dll --a---- 6656 bytes [08:38 02/11/2006] [09:39 02/11/2006] 00B95FF7A132BA97B4EC6D1E686F679E
kbd101a.dll --a---- 6144 bytes [08:38 02/11/2006] [09:39 02/11/2006] 14B36BF11F7A283B73628DFF1DD5491E
kbd101b.dll --a---- 6144 bytes [08:38 02/11/2006] [09:39 02/11/2006] 3A8E039C477AA060BF026DA3C342561F
kbd101c.dll --a---- 6144 bytes [08:38 02/11/2006] [09:39 02/11/2006] DA7D58AB08BE8AF37C63772F65B788E9
kbd103.dll --a---- 6144 bytes [08:38 02/11/2006] [09:39 02/11/2006] 1FC523C84F0F77CA08FB249F2764DBE8
kbd106.dll --a---- 6656 bytes [08:38 02/11/2006] [09:39 02/11/2006] F9A37174F599BD76B71AA8E2C3D5DAE8
kbd106n.dll --a---- 6656 bytes [21:59 16/05/2008] [06:35 29/02/2008] A8E57A33670E127C7D9E6DAB9863A857
KBDA1.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] 41F9BD8CDCF42E2A0F4E01215B1DF0AD
KBDA2.DLL --a---- 5632 bytes [08:37 02/11/2006] [09:39 02/11/2006] EED92FC3505EEDB531CC1B1EB128898E
KBDA3.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] 58FC685021F0A774C297837E4903476E
KBDAL.DLL --a---- 6656 bytes [08:37 02/11/2006] [09:39 02/11/2006] 88D71F2266077F421FE0E6AEC13B1386
KBDARME.DLL --a---- 5632 bytes [08:37 02/11/2006] [09:39 02/11/2006] 12DEEC69EA09635420F8736D0CC7EE2F
KBDARMW.DLL --a---- 5632 bytes [08:37 02/11/2006] [09:39 02/11/2006] 17B788B3FF00139D9FC91C50EA81C439
kbdax2.dll --a---- 6656 bytes [08:38 02/11/2006] [09:39 02/11/2006] EE5A914C3ABF1335284369087C9607ED
KBDAZE.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] 0DA3BE5EA39A767511E82D0ADBF41BE4
KBDAZEL.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] 6C83AC8011B98629FFDF1EC235817286
KBDBASH.DLL --a---- 5632 bytes [08:37 02/11/2006] [09:39 02/11/2006] 12018BA8B6E1B494EFC6718AD783FEC4
KBDBE.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] 232E263BA71E5E6C26750C6F5262699D
KBDBENE.DLL --a---- 6656 bytes [08:37 02/11/2006] [09:39 02/11/2006] B10C6C135A9A9123D82703FF24DF62BE
KBDBGPH.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] 4813F44B931465F1FAF0907F9C87DD69
KBDBHC.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] 0421F5166A1CD2EF0A6F9E68090B362B
KBDBLR.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] D15BEACFF6C6A3C88E42C83A5B5A22C3
KBDBR.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] BCDE76E315B9B100BBAC4B0939E4BB27
KBDBU.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] 4B4AE61E198F6B413521D0A57C5EBCE7
KBDBULG.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] 3EF9AC5AD3C20BCCEF46796EF0914A89
KBDCA.DLL --a---- 6656 bytes [08:37 02/11/2006] [09:39 02/11/2006] 4F1718D06A6EE0CE40BAD958156097A0
KBDCAN.DLL --a---- 7680 bytes [08:37 02/11/2006] [09:39 02/11/2006] 9E7AADE8A00E260D143E744710942E6F
KBDCR.DLL --a---- 7168 bytes [08:37 02/11/2006] [09:39 02/11/2006] 7F2622E89703DD3C4DD75125E80D8636
KBDCZ.DLL --a---- 7168 bytes [08:37 02/11/2006] [09:39 02/11/2006] CE0AB1B4E91495E4E0480F573352DA48
KBDCZ1.DLL --a---- 6656 bytes [08:37 02/11/2006] [09:39 02/11/2006] 2E79AEFC5BE6C5292B0B569CCE418F2A
KBDCZ2.DLL --a---- 7168 bytes [08:37 02/11/2006] [09:39 02/11/2006] 7C0A99831DB058481B539F0CB2D717AC
KBDDA.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] 3929C704043DE6E1A68A3A2288A76814
KBDDIV1.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] B06F080BD352B952D5F3A391AB55A5B7
KBDDIV2.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] AF6E832D63B51B7BAA1DAFEDE9E82E26
KBDDV.DLL --a---- 5632 bytes [08:37 02/11/2006] [09:39 02/11/2006] 0D03C6EFCABEE621A428B22D47A6D51C
KBDES.DLL --a---- 6656 bytes [08:37 02/11/2006] [09:39 02/11/2006] 931E590359A103E500B0450740B1FBFE
KBDEST.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] D15BEC7C945CCFBDAC172976EC9E6841
KBDFA.DLL --a---- 5632 bytes [08:37 02/11/2006] [09:39 02/11/2006] E669AA27BC901231F2F4BD965BC4CF21
KBDFC.DLL --a---- 6656 bytes [08:37 02/11/2006] [09:39 02/11/2006] 1325271BD5B44B1EEC511C5933D27E27
KBDFI.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] 8786BCF60B24E59A94492A0DD4AC125C
KBDFI1.DLL --a---- 7168 bytes [08:37 02/11/2006] [09:39 02/11/2006] A98B763053CFF548CC86EFE1163463F8
KBDFO.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] F225D1151F67B16D223456C0BD160ADA
KBDFR.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] CC9A67E6AD8A0081BC709061F81DD992
KBDGAE.DLL --a---- 5632 bytes [08:37 02/11/2006] [09:39 02/11/2006] AB46317F619DD9B0DDE8BA8A1B13ACD7
KBDGEO.DLL --a---- 5120 bytes [08:37 02/11/2006] [09:39 02/11/2006] ECC2C1B5610D2B3C12D95753F4278AB9
kbdgeoer.dll --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] 89E9441C057FA0EB3764BB47D6D88384
kbdgeoqw.dll --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] F83D6113A27D7B6C3B58C2D641D76BA6
KBDGKL.DLL --a---- 6656 bytes [08:37 02/11/2006] [09:39 02/11/2006] 57861F764631205B4848423BF7A360ED
KBDGR.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] EA818A6DE0BD0A290D001FFABAFFF6EF
KBDGR1.DLL --a---- 6656 bytes [08:37 02/11/2006] [09:39 02/11/2006] DA7779552625559B091A4B11D9E71CBD
KBDGRLND.DLL --a---- 7168 bytes [08:37 02/11/2006] [09:39 02/11/2006] 1430FAD4A408A2453E3F196CC07B3BF2
KBDHE.DLL --a---- 5632 bytes [08:37 02/11/2006] [09:39 02/11/2006] EAD9E87DFAB1749B8BC2F77EA40E7C46
KBDHE220.DLL --a---- 6656 bytes [08:37 02/11/2006] [09:39 02/11/2006] 0B41A3D8EE50E0757FEE69737BD8901B
KBDHE319.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] 70EE480CA45560FCFFB9B7A7E1DB71CB
KBDHEB.DLL --a---- 5632 bytes [08:37 02/11/2006] [09:39 02/11/2006] 5554ABCAF2171FE485DA435C73B9A6B1
KBDHELA2.DLL --a---- 6656 bytes [08:37 02/11/2006] [09:39 02/11/2006] A27DC9F595B4F196C593105F80FE3037
KBDHELA3.DLL --a---- 6656 bytes [08:37 02/11/2006] [09:39 02/11/2006] 8C7C3D9A7C5E3491E32AE8CDC458CADC
KBDHEPT.DLL --a---- 8704 bytes [08:37 02/11/2006] [09:39 02/11/2006] A8D6C462D16BD9DDBDB3FE34BAE76425
KBDHU.DLL --a---- 6656 bytes [08:37 02/11/2006] [09:39 02/11/2006] E12239086BD01AA4968B81940E1A4ED7
KBDHU1.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] FDF5889B30E2F80CFBFE7347DF3BAAB1
kbdibm02.dll --a---- 7168 bytes [08:38 02/11/2006] [09:39 02/11/2006] 1FA4135465575EE7D409BFEB404192D9
KBDIC.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] 242FE2A9C3EAE718FAF1174F68C93947
KBDINASA.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] 8AEDAB0975C7A95B87B2F55BE5574D72
KBDINBE1.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] B1D4EFB2D885DFF3B5BD60F480DFA151
KBDINBE2.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] 894D16D105CC747D1B13303A67060183
KBDINBEN.DLL --a---- 6656 bytes [08:37 02/11/2006] [09:39 02/11/2006] 264521D265E095069AA95C78E477ABC9
KBDINDEV.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] FE73E0DD6FF05E2DFA22B06155474FE8
KBDINGUJ.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] 576F92360CA38385B5A4EF6D6B359BB2
KBDINHIN.DLL --a---- 5632 bytes [08:37 02/11/2006] [09:39 02/11/2006] DA8D3547FEECE52DF2A50740A28B587C
KBDINKAN.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] 2221D5C7736D908C88D08D982A54161B
KBDINMAL.DLL --a---- 6656 bytes [08:37 02/11/2006] [09:39 02/11/2006] 6012974580C1B81332A1D82AE0428C83
KBDINMAR.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] 2EEBC510DD430A1021C62CEE31A4E2E8
KBDINORI.DLL --a---- 5632 bytes [08:37 02/11/2006] [09:39 02/11/2006] 409D80B3F01DA953955B8FFC53A7CE3A
KBDINPUN.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] 09549A2048FABD4844295DBC4A49D881
KBDINTAM.DLL --a---- 5632 bytes [08:37 02/11/2006] [09:39 02/11/2006] C06A920A406C2F813BF2EE1880D45AD0
KBDINTEL.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] 0DFC4AE841CE0F2999DD5593D04D2832
KBDINUK2.DLL --a---- 7168 bytes [08:37 02/11/2006] [09:39 02/11/2006] C786892B305CAB4069EA62A1CC6D1204
KBDIR.DLL --a---- 5632 bytes [08:37 02/11/2006] [09:39 02/11/2006] 77F62F156207E11EC4C1FD03CDE47D6B
KBDIT.DLL --a---- 5632 bytes [08:37 02/11/2006] [09:39 02/11/2006] 55ADF40C19B6CAED691BC1FC92693415
KBDIT142.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] 41D292FB80A771B584A9EDD3BA8C3AAD
KBDIULAT.DLL --a---- 6656 bytes [08:37 02/11/2006] [09:39 02/11/2006] A83311562C09654455DA83A797F4C2EE
KBDJPN.DLL --a---- 10752 bytes [19:44 28/01/2011] [04:34 19/01/2008] 1A7C1B39DDF46B91748D710B97DAC962
KBDKAZ.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] 0CD63E8705D2FF1F37800F091B99D0F0
KBDKHMR.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] 8B1016EA878F7C197F0C6EA682DD8D04
KBDKOR.DLL --a---- 10240 bytes [19:44 28/01/2011] [04:34 19/01/2008] 82B0D62AE51A9086B38318BDE44CCB5E
KBDKYR.DLL --a---- 5632 bytes [08:37 02/11/2006] [09:39 02/11/2006] 86193793336E231CDFCECDA5E6CBE10A
KBDLA.DLL --a---- 6656 bytes [08:37 02/11/2006] [09:39 02/11/2006] 36E8B285A6497810143CCF16157973AA
KBDLAO.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] 935A6073841A7F599E4DEB35F96D2F74
kbdlk41a.dll --a---- 7168 bytes [08:38 02/11/2006] [09:39 02/11/2006] 045D63A27CE9716FD1F91B49F97DA3DB
KBDLT.DLL --a---- 5632 bytes [08:37 02/11/2006] [09:39 02/11/2006] 2B3210808FFF6F3F96016B6213E438F2
KBDLT1.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] BCF0E6C1DB3A9FBC8825DB2A15A8B1B5
KBDLT2.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] 6C4F7AE7130825DD13EB0B8B3EE96D66
KBDLV.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] F291E82A133199B607187453D9E2B097
KBDLV1.DLL --a---- 6656 bytes [08:37 02/11/2006] [09:39 02/11/2006] 023AD0797352F45BBAEAB97CE40CDCEE
KBDMAC.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] B968E5A95CA6AAB40A6C61C62CF26165
KBDMACST.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] 74F9F5F4EF99493405EC206E601DC3C2
KBDMAORI.DLL --a---- 5632 bytes [08:37 02/11/2006] [09:39 02/11/2006] E29AB180FC21343F992FFFFB9D522B11
KBDMLT47.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] E2DF8AF94B69697BBD0BD838CA2427F5
KBDMLT48.DLL --a---- 6144 bytes [08:38 02/11/2006] [09:39 02/11/2006] 81A9DB0A2D4C1BB4A63AFB93F18F2465
KBDMON.DLL --a---- 5632 bytes [08:38 02/11/2006] [09:39 02/11/2006] B7A4CAA7863BB4A08527474AC03BBCC4
KBDMONMO.DLL --a---- 6144 bytes [08:38 02/11/2006] [09:39 02/11/2006] C83C25007BD0F9D45F7CF1612B29C2D1
KBDNE.DLL --a---- 6144 bytes [08:38 02/11/2006] [09:39 02/11/2006] 575DA686EDB1B8C1516181ACFA1FAF7D
kbdnec.dll --a---- 7168 bytes [08:38 02/11/2006] [09:39 02/11/2006] 64566AE19E8656D3E6A526024381F05E
kbdnec95.dll --a---- 7168 bytes [08:38 02/11/2006] [09:39 02/11/2006] CE9916F9DD191361808C1E107C0F93BC
kbdnecat.dll --a---- 9216 bytes [08:38 02/11/2006] [09:39 02/11/2006] 207B9FA1B26DF2AE95AE02ED465E7D63
kbdnecnt.dll --a---- 7680 bytes [08:38 02/11/2006] [09:39 02/11/2006] EFE5D7B6B0D0A1AD301EA0E7B4164489
KBDNEPR.DLL --a---- 6144 bytes [08:38 02/11/2006] [09:39 02/11/2006] DF7FE02310DD16CFE26E6A707D04FD47
KBDNO.DLL --a---- 6144 bytes [08:38 02/11/2006] [09:39 02/11/2006] C8A46AA28BD201ED245914E9B62972E7
KBDNO1.DLL --a---- 7168 bytes [08:38 02/11/2006] [09:39 02/11/2006] E2434252F772A1EB247DBC73BC26E77E
KBDPASH.DLL --a---- 6144 bytes [08:38 02/11/2006] [09:39 02/11/2006] 2E96FF4E5F06AE4D41AD54667FEB4EC4
KBDPL.DLL --a---- 6656 bytes [08:38 02/11/2006] [09:39 02/11/2006] 162DBC9B3731C2E78B710AA8564E698B
KBDPL1.DLL --a---- 6144 bytes [08:38 02/11/2006] [09:39 02/11/2006] 0222F68624565E138C3551028CDEC9CC
KBDPO.DLL --a---- 6144 bytes [08:38 02/11/2006] [09:39 02/11/2006] 9D8BBE810F1CFD330318CAD63403EA49
KBDRO.DLL --a---- 7168 bytes [08:38 02/11/2006] [09:39 02/11/2006] 1A858CF5666BA6B90AD72BBAC57C15CA
KBDROPR.DLL --a---- 7680 bytes [08:38 02/11/2006] [09:39 02/11/2006] C0B14D207E542D047C53B31546CF1FAA
KBDROST.DLL --a---- 7680 bytes [08:38 02/11/2006] [09:39 02/11/2006] FF18851B3C2390D671413E154BFEFB30
KBDRU.DLL --a---- 5632 bytes [08:38 02/11/2006] [09:39 02/11/2006] B476286AABA94507D062757A862A516C
KBDRU1.DLL --a---- 6144 bytes [08:38 02/11/2006] [09:39 02/11/2006] 86A569168442AAE7EFCF94A4EE061B75
KBDSF.DLL --a---- 6656 bytes [08:38 02/11/2006] [09:39 02/11/2006] 5A545FB23C18759421D995CF1D2341CC
KBDSG.DLL --a---- 7168 bytes [08:38 02/11/2006] [09:39 02/11/2006] 8B1846022C53D46754D7E12D915A3131
KBDSL.DLL --a---- 6656 bytes [08:38 02/11/2006] [09:39 02/11/2006] 042295D01DE5E2F1976B55B8908AE44D
KBDSL1.DLL --a---- 7168 bytes [08:38 02/11/2006] [09:39 02/11/2006] 67637C0305D693C83A1793E27370FD82
KBDSMSFI.DLL --a---- 7680 bytes [08:38 02/11/2006] [09:39 02/11/2006] 278B1D2E3E17E5F0287E44A0B180DAE0
KBDSMSNO.DLL --a---- 7680 bytes [08:38 02/11/2006] [09:39 02/11/2006] CF3C3DB0AE3EA5B1576EA69FF8396A61
KBDSN1.DLL --a---- 5632 bytes [08:38 02/11/2006] [09:39 02/11/2006] DF58DB7B408108192EA7BEFD2BD2049D
KBDSOREX.DLL --a---- 7168 bytes [08:38 02/11/2006] [09:39 02/11/2006] B32A00E64AB532669790D43CF296F504
KBDSORST.DLL --a---- 7168 bytes [08:38 02/11/2006] [09:39 02/11/2006] 451AFCED98BB72A4CD67A4A97C8ABB12
KBDSP.DLL --a---- 6144 bytes [08:38 02/11/2006] [09:39 02/11/2006] 0393FC83ABF87AA42BC67BBA07C71C69
KBDSW.DLL --a---- 6144 bytes [08:38 02/11/2006] [09:39 02/11/2006] 38FF5D85E5F50050CD23D1144DD811C0
KBDSW09.DLL --a---- 6656 bytes [08:38 02/11/2006] [09:39 02/11/2006] 6BFF89BF9F8DB719706584CE566DEBEE
KBDSYR1.DLL --a---- 6144 bytes [08:38 02/11/2006] [09:39 02/11/2006] 3D431318EDA0A4B0D23EAAAE81AA9080
KBDSYR2.DLL --a---- 6144 bytes [08:38 02/11/2006] [09:39 02/11/2006] ADA3A2CE3CF972F3EAE8B7E15F8BCFD6
KBDTAJIK.DLL --a---- 5632 bytes [08:38 02/11/2006] [09:39 02/11/2006] F0037B3DC3B6888EDCC40B668BD14069
KBDTAT.DLL --a---- 6144 bytes [08:38 02/11/2006] [09:39 02/11/2006] 42CC106CF805AF2059956B1D6DEBFA3C
KBDTH0.DLL --a---- 6144 bytes [08:38 02/11/2006] [09:39 02/11/2006] 58B038A9F420C61EBA296BAE9CD6805A
KBDTH1.DLL --a---- 6144 bytes [08:38 02/11/2006] [09:39 02/11/2006] A1F80F439968F41A7785AC351E750F10
KBDTH2.DLL --a---- 6144 bytes [08:38 02/11/2006] [09:39 02/11/2006] BBBFF54F5FD0D133F2EA7979F71A41A9
KBDTH3.DLL --a---- 6144 bytes [08:38 02/11/2006] [09:39 02/11/2006] 1F6FEAE11404CFDF0C309776CE2F0D40
KBDTIPRC.DLL --a---- 6656 bytes [08:38 02/11/2006] [09:39 02/11/2006] 5E92B6CE1C186064590B70A2C0921A25
KBDTUF.DLL --a---- 6144 bytes [08:38 02/11/2006] [09:39 02/11/2006] B76C81BC12CB02308A17713E8365BAF1
KBDTUQ.DLL --a---- 6144 bytes [08:38 02/11/2006] [09:39 02/11/2006] 8A4840388A64E68E925263A5AB38158C
KBDTURME.DLL --a---- 6144 bytes [08:38 02/11/2006] [09:39 02/11/2006] BBC7096DE360C28DCD4026D7BB49F14B
KBDUGHR.DLL --a---- 6144 bytes [08:38 02/11/2006] [09:39 02/11/2006] F5AE80116FFF68B84EDB9ABCD5D465D5
KBDUK.DLL --a---- 6144 bytes [08:38 02/11/2006] [09:39 02/11/2006] C2383A7FA2608D384ACAE1CDDE19A9F2
KBDUKX.DLL --a---- 7168 bytes [08:38 02/11/2006] [09:39 02/11/2006] 5BBAF1B50B5BF00B17905BBA26B96D85
KBDUR.DLL --a---- 5632 bytes [08:38 02/11/2006] [09:39 02/11/2006] 5AC2959FE26E47AEDCA4B0E2075C6D4A
KBDUR1.DLL --a---- 6144 bytes [08:38 02/11/2006] [09:39 02/11/2006] 8833E6ECF544E37D4672BBBB826E2207
KBDURDU.DLL --a---- 5632 bytes [08:38 02/11/2006] [09:39 02/11/2006] BCB851AA332845B8C92FD21B5A9A7923
KBDUS.DLL --a---- 6144 bytes [08:37 02/11/2006] [09:39 02/11/2006] 12C8D6C564702B0776512932290A3F6B
KBDUSA.DLL --a---- 6144 bytes [08:38 02/11/2006] [09:39 02/11/2006] 38DAFDBCDBF8661B19D7713C9BD5A3B0
KBDUSL.DLL --a---- 6144 bytes [08:38 02/11/2006] [09:39 02/11/2006] 0E19BD4AD78277DB30BA6E317A48476B
KBDUSR.DLL --a---- 6144 bytes [08:38 02/11/2006] [09:39 02/11/2006] 2FAAADD5065CF031779B30210C16E5F5
KBDUSX.DLL --a---- 6656 bytes [08:38 02/11/2006] [09:39 02/11/2006] 44648ADBF7BB2D1D0F8EAE71A1E6DA71
KBDUZB.DLL --a---- 6144 bytes [08:38 02/11/2006] [09:39 02/11/2006] 9B19F42581883544449B6F3B1B3877ED
KBDVNTC.DLL --a---- 6144 bytes [08:38 02/11/2006] [09:39 02/11/2006] 1E6A84F3D6C4019667B1E3A05872A752
KBDYAK.DLL --a---- 6144 bytes [08:38 02/11/2006] [09:39 02/11/2006] 5536884D8A4E580BFE0591191F4F80F0
KBDYCC.DLL --a---- 6144 bytes [08:38 02/11/2006] [09:39 02/11/2006] 3EA1693BB48FC631F20EF57143D7C46C
KBDYCL.DLL --a---- 7680 bytes [08:38 02/11/2006] [09:39 02/11/2006] 7D18016F7FF61CBBD11E8F8461FD1DD2
kd1394.dll --a---- 19000 bytes [22:01 16/05/2008] [07:14 29/02/2008] 5EDD3BE18A80158E1CDD70E9721B614E
kdcom.dll --a---- 19512 bytes [19:44 28/01/2011] [04:41 19/01/2008] 12AC40A1E551A07A121551AA66B9E32E
kdusb.dll --a---- 21560 bytes [19:44 28/01/2011] [04:41 19/01/2008] F2425B21257F0968CA09DB79677E8B3E
kerberos.dll --a---- 499712 bytes [14:47 30/08/2009] [15:21 15/06/2009] 7D80A6E1FE4F3B40E5992EE8964A00F4
kernel32.dll --a---- 890368 bytes [13:39 13/07/2011] [14:53 12/04/2011] 306835D4E74E49A5D10F0FCA0B422EB1
keyiso.dll --a---- 18944 bytes [08:43 02/11/2006] [09:46 02/11/2006] 74C2F29CC612B2B34231BEBD824D2FB2
keymgr.dll --a---- 157696 bytes [19:44 28/01/2011] [04:34 19/01/2008] EADA658B40C187C162E8ECA311EB9572
KMSVC.DLL --a---- 68096 bytes [19:44 28/01/2011] [04:34 19/01/2008] D8AD255B37DA92434C26E4876DB7D418
korwbrkr.dll --a---- 143872 bytes [08:50 30/01/2011] [05:17 27/05/2008] 0744891152ADD1A1675DA31E248A91FE
ksuser.dll --a---- 4608 bytes [09:03 02/11/2006] [09:46 02/11/2006] 919CC2A0476D5A6A4C935D4B88E29912
ktmw32.dll --a---- 12288 bytes [19:44 28/01/2011] [04:34 19/01/2008] CA0B849566776A17F35F0339BE17DFD9
l2gpstore.dll --a---- 53760 bytes [19:44 28/01/2011] [04:34 19/01/2008] 19FFAD68A02AF1BF0BC336EE26CD6767
l2nacp.dll --a---- 47616 bytes [19:44 28/01/2011] [04:34 19/01/2008] 6BA681BAAF67FAC4432340F00DAB12EF
L2SecHC.dll --a---- 127488 bytes [15:09 13/09/2009] [19:29 11/07/2009] AC49768B69BCFC01278FDD2D89D17FF8
LangCleanupSysprepAction.dll --a---- 25600 bytes [19:44 28/01/2011] [04:34 19/01/2008] AC3F68966528AA14E02893405BE0D008
LAPRXY.DLL --a---- 9728 bytes [12:35 02/11/2006] [12:35 02/11/2006] C283BA2A8B3181B8031318520A570C1E
LCWizard.dll --a---- 282624 bytes [22:28 15/05/2007] [22:28 15/05/2007] 78D4336E2D3DC24911AA4105D836FE0D
licmgr10.dll --a---- 41984 bytes [19:44 28/01/2011] [04:34 19/01/2008] 0E650E554E29C29430350DF5A6ABA916
linkinfo.dll --a---- 22016 bytes [12:34 02/11/2006] [12:34 02/11/2006] 24F90AEFEBE601D427CB4511E74CDCB6
lltdapi.dll --a---- 31232 bytes [19:44 28/01/2011] [04:34 19/01/2008] C4143298689F85E86AF5E58AAFFDA820
lltdres.dll --a---- 2048 bytes [07:38 02/11/2006] [07:38 02/11/2006] FA0593D936C9B95FB6FAA32AD1595D49
lltdsvc.dll --a---- 188928 bytes [19:44 28/01/2011] [04:34 19/01/2008] 2D5A428872F1442631D0959A34ABFF63
lmhsvc.dll --a---- 18944 bytes [08:57 02/11/2006] [09:46 02/11/2006] 35D40113E4A5B961B6CE5C5857702518
loadperf.dll --a---- 113664 bytes [19:44 28/01/2011] [04:34 19/01/2008] 8B2D61CA83825CEAD423228ACD40CFBC
localsec.dll --a---- 429056 bytes [19:44 28/01/2011] [04:34 19/01/2008] 53964AC4646ACC32A689405312B10524
localspl.dll --a---- 636928 bytes [02:20 17/06/2009] [12:42 23/04/2009] A1779DC7C088582D68ACB963A562636F
localui.dll --a---- 13824 bytes [19:44 28/01/2011] [04:34 19/01/2008] 6A11BC4DD8C913723FF67D709E6BCADC
loghours.dll --a---- 69632 bytes [19:44 28/01/2011] [04:34 19/01/2008] 4128FD23014435681E65F414854190D5
lpk.dll --a---- 23552 bytes [14:55 19/07/2009] [07:34 19/01/2008] DD496299B7351E16E602FC4299345A33
lsasrv.dll --a---- 1256448 bytes [14:47 30/08/2009] [15:23 15/06/2009] DABF301FCC92C3E6D068B16C1949ECD7
lsmproxy.dll --a---- 19968 bytes [19:44 28/01/2011] [04:34 19/01/2008] BF2156D8D9866983B55D95382131DC4A
luainstall.dll --a---- 101376 bytes [19:44 28/01/2011] [04:34 19/01/2008] 6A59B1ACCD52DA23472830E65279DD13
lxducaps.dll --a---- 81920 bytes [16:22 28/12/2010] [01:49 20/08/2009] 916A84FB40A6AB0473F10FBDFB186B47
lxducfg.dll --a---- 77906 bytes [16:22 28/12/2010] [01:39 20/08/2009] AC95700CE2229D8D470E53CAEC79EEBD
lxducnv4.dll --a---- 69632 bytes [16:22 28/12/2010] [01:39 20/08/2009] EB0020CB1C74711E3428E3C89D3D1A6E
lxducoin.dll --a---- 409600 bytes [16:23 28/12/2010] [22:32 15/10/2009] 8E621CA6DC6953B7E287744AF96FD6B1
lxducomc.dll --a---- 761856 bytes [16:32 28/12/2010] [23:00 14/10/2010] 56A0C9B2A4DD9E1266A55AC806BCEEC9
lxducomm.dll --a---- 376832 bytes [16:48 28/12/2010] [23:00 14/10/2010] C9AF8C5EAA20A28834188C427421239D
lxducu.dll --a---- 77824 bytes [16:23 28/12/2010] [10:02 14/07/2009] 837E640D1D76DC13CF60D0496603958C
lxducub.dll --a---- 90112 bytes [16:23 28/12/2010] [10:04 14/07/2009] 261B30717B622930792D5A8976BCF581
lxducur.dll --a---- 36864 bytes [16:23 28/12/2010] [10:06 14/07/2009] 0A2AC3990626C96621ACD6879BBC3834
lxdudrs.dll --a---- 1036288 bytes [16:22 28/12/2010] [01:49 20/08/2009] 8484B47809E1E1D4BF9E637EB30FCFE5
LXDUFXPU.DLL --a---- 32768 bytes [16:45 28/12/2010] [22:50 14/10/2010] 45A0E54256449949F9DE2EF60FD2C983
lxdugf.dll --a---- 983121 bytes [16:23 28/12/2010] [06:56 06/03/2008] D859F38EA01C0AF55CDD4BA97CB1A8DB
lxdugrd.dll --a---- 208896 bytes [16:48 28/12/2010] [22:52 14/10/2010] 5B7309A2BF41473BB05AAAC32BDDA23A
lxduhbn3.dll --a---- 684032 bytes [16:48 28/12/2010] [23:00 14/10/2010] 8800A0B3746400FA41F9CF80F59D09A3
LXDUhcp.dll --a---- 446464 bytes [16:32 28/12/2010] [22:56 20/05/2009] A79AB15276146992C5B6B54E2FBF4831
lxduiesc.dll --a---- 339968 bytes [16:32 28/12/2010] [23:00 14/10/2010] 9C704D885ABE90230FD5BAD95792C331
lxduinpa.dll --a---- 364544 bytes [16:32 28/12/2010] [23:00 14/10/2010] CAAA182CE7909F8DAD9E94A4B7561481
lxduins.dll --a---- 176128 bytes [16:23 28/12/2010] [10:02 14/07/2009] 5B0DF28A36A15CA6281EBD97364D9666
lxduinsb.dll --a---- 200704 bytes [16:23 28/12/2010] [10:04 14/07/2009] 8916D6595AFD34A41F4D26E3FBE2B955
lxduinsr.dll --a---- 106496 bytes [16:23 28/12/2010] [10:06 14/07/2009] F0CAC644425E87D79F39CBF4DF7AE771
LXDUinst.dll --a---- 389120 bytes [16:32 28/12/2010] [20:57 20/05/2009] A32AEB1937CBA1F127166E682434A63F
lxdujswr.dll --a---- 147456 bytes [16:23 28/12/2010] [10:06 14/07/2009] 0676D41C971311A0CBE08955DFBF3504
lxdulmpm.dll --a---- 577536 bytes [16:32 28/12/2010] [23:00 14/10/2010] 3D86C0AEDCED3A3B81717D7AAC16A899
lxduoem.dll --a---- 86016 bytes [16:45 28/12/2010] [22:52 14/10/2010] 687615BEE816C0B5F37C3F3DF9A60FB7
LXDUPMON.DLL --a---- 45056 bytes [16:45 28/12/2010] [12:23 14/05/2009] 69A31A70F812D80DF1C8C6D9A976EF54
lxdupmui.dll --a---- 651264 bytes [16:48 28/12/2010] [23:00 14/10/2010] 369852FD9676BCEB0429DB93A0DAA8FC
lxduserv.dll --a---- 1069056 bytes [16:32 28/12/2010] [23:00 14/10/2010] C77C074BFEA5C32DC798B85DD3D0FE7A
lxduusb1.dll --a---- 860160 bytes [16:32 28/12/2010] [23:00 14/10/2010] 6448CAF8DDA823045D65D8739E71A599
lxduutil.dll --a---- 544768 bytes [16:23 28/12/2010] [09:59 14/07/2009] 077B52778DA35B6FC91E90281D002CFA
lxduvs.dll --a---- 40960 bytes [16:48 28/12/2010] [23:01 14/10/2010] C0CC3CADF562952665625FC11FBCBF1E
LXDUwupd.dll --a---- 352256 bytes [16:39 28/12/2010] [10:57 28/04/2009] CEFF8E9F899D7498ACBE43EFAAD96A06
lz32.dll --a---- 3072 bytes [08:33 02/11/2006] [08:33 02/11/2006] D9635F2FE09F9FA9EDB668E70CBE2BCB
lzexpand.dll --a---- 9936 bytes [06:25 02/11/2006] [21:43 18/09/2006] C7F038338BF55DE73B57C1FC7B23671A
Magnification.dll --a---- 38400 bytes [08:39 02/11/2006] [09:46 02/11/2006] 18AAB47E84ABDC8AEA129E76681FEC9F
mapi32.dll --a---- 66560 bytes [09:11 02/11/2006] [09:46 02/11/2006] 98C77FD99F3DB37B2C03F32B8F837B65
mapistub.dll --a---- 66560 bytes [09:11 02/11/2006] [09:46 02/11/2006] 98C77FD99F3DB37B2C03F32B8F837B65
mciavi32.dll --a---- 82944 bytes [17:52 21/03/2010] [12:31 28/12/2009] 1567C64BE8D4C8C0186A980492B15391
mcicda.dll --a---- 38912 bytes [09:03 02/11/2006] [09:46 02/11/2006] 487AF05283D53B8F29CA95CBC1A67D97
mciqtz32.dll --a---- 36352 bytes [09:04 02/11/2006] [09:46 02/11/2006] 0A4668663C7D79F1A7951906CA3AE09C
mciseq.dll --a---- 23552 bytes [09:03 02/11/2006] [09:46 02/11/2006] FD883798A8712EC984B5DAE0F06DFE48
mciwave.dll --a---- 23040 bytes [09:03 02/11/2006] [09:46 02/11/2006] D1487BD9F89D1836ECFFBAF62C0D70DA
mcmde.dll --a---- 852992 bytes [19:44 28/01/2011] [04:34 19/01/2008] 76EE67685DAEDC3599CE7A80B54774B7
mcupdate_GenuineIntel.dll --a---- 376376 bytes [19:44 28/01/2011] [04:43 19/01/2008] 09A71FA452E0121727CEE14DBF257E8E
Mcx2Svc.dll --a---- 53760 bytes [19:44 28/01/2011] [04:34 19/01/2008] AEF9BABB8A506BC4CE0451A64AADED46
McxDriv.dll --a---- 129024 bytes [19:44 28/01/2011] [04:34 19/01/2008] D18BBDFE4A35BA4C1F2A302E86975C40
mdminst.dll --a---- 205312 bytes [19:44 28/01/2011] [04:34 19/01/2008] 23615808AD84A96FE5D2301FDBE4CBFC
MediaMetadataHandler.dll --a---- 356864 bytes [19:44 28/01/2011] [04:34 19/01/2008] 3FB9E61107CCAC7B5368F2A022134FCF
mf.dll --a---- 2868224 bytes [15:07 13/09/2009] [12:11 10/06/2009] E9C360649AD4B2DDF744DB71A4A9F832
mf3216.dll --a---- 41984 bytes [08:38 02/11/2006] [09:46 02/11/2006] 9F8D1BC7F546AEBB30685382A8B3B8D7
mfc100.dll --a---- 4397384 bytes [05:58 11/06/2011] [05:58 11/06/2011] 493FC0F59054A6F4F3775655FB55295C
mfc100chs.dll --a---- 36176 bytes [05:58 11/06/2011] [05:58 11/06/2011] C086A0AA8C39CB2EA09EA967D433733E
mfc100cht.dll --a---- 36176 bytes [05:58 11/06/2011] [05:58 11/06/2011] 44EE19CB7DD5E5FD95C77FE9364DE004
mfc100deu.dll --a---- 64336 bytes [05:58 11/06/2011] [05:58 11/06/2011] ECA6624EFEBBE2C0C320AC942620C404
mfc100enu.dll --a---- 55120 bytes [05:58 11/06/2011] [05:58 11/06/2011] 2A2C442F00B45E01D4C882EEA69A01BC
mfc100esn.dll --a---- 63824 bytes [05:58 11/06/2011] [05:58 11/06/2011] B4E91C857C886C8731F7969D9A85665D
mfc100fra.dll --a---- 64336 bytes [05:58 11/06/2011] [05:58 11/06/2011] BB21453C6707A7B5DD9F727ED375F284
mfc100ita.dll --a---- 62288 bytes [05:58 11/06/2011] [05:58 11/06/2011] A99884AEAC9C704600C6F5A44B3F7694
mfc100jpn.dll --a---- 43856 bytes [05:58 11/06/2011] [05:58 11/06/2011] 76022ED341931C473D2DFB27D56E37FD
mfc100kor.dll --a---- 43344 bytes [05:58 11/06/2011] [05:58 11/06/2011] 222BE89E34F4BB9059B7587074C5F88B
mfc100rus.dll --a---- 60752 bytes [05:58 11/06/2011] [05:58 11/06/2011] 1655E43D3DBA000394CF208E95EA2B02
mfc100u.dll --a---- 4422992 bytes [05:58 11/06/2011] [05:58 11/06/2011] F3DE10AABD5C7A1A186C9966F037D0C0
mfc40.dll --a---- 954752 bytes [21:21 29/01/2011] [15:41 31/08/2010] E6B6C46C7A4139CA00B8968957569FC6
mfc40u.dll --a---- 954288 bytes [21:21 29/01/2011] [15:41 31/08/2010] 13D0F7769927B74782CB59D8CCEF9E10
mfc42.dll --a---- 1136640 bytes [05:20 03/05/2011] [16:12 10/03/2011] 6D564D355D1AB55E6C52D985ECD01C7B
mfc42u.dll --a---- 1161728 bytes [05:20 03/05/2011] [16:12 10/03/2011] F2DC1CE3A91C87E7995500E989A5D2F1
mfc71.dll --a---- 1060864 bytes [05:20 19/03/2003] [05:20 19/03/2003] F35A584E947A5B401FEB0FE01DB4A0D7
mfc71u.dll --a---- 1047552 bytes [05:12 19/03/2003] [05:12 19/03/2003] 7B93C623333F121DC9E689CCB1B7A733
mfcm100.dll --a---- 81744 bytes [05:58 11/06/2011] [05:58 11/06/2011] BE83B709811FBB18DCAA03412DA0BCEB
mfcm100u.dll --a---- 81744 bytes [05:58 11/06/2011] [05:58 11/06/2011] D23A577EB4829A9F1B1D4EA679E98B54
mfcsubs.dll --a---- 26624 bytes [19:44 28/01/2011] [04:34 19/01/2008] DE3021B382D37122850280B6392397CD
mferror.dll --a---- 2048 bytes [12:35 02/11/2006] [12:35 02/11/2006] AF7F2D5FD58D1711F125FC51025B2050
mfplat.dll --a---- 208896 bytes [19:44 28/01/2011] [04:34 19/01/2008] 6D92D25519EE321870998F265E86C954
mfps.dll --a---- 98816 bytes [20:55 21/02/2009] [07:34 19/01/2008] FDECAE7E394B56A6CB317B80BA0306CF
mfvdsp.dll --a---- 62464 bytes [19:44 28/01/2011] [04:34 19/01/2008] CB1B21D884C6F1AAAFB90F64BA5E184E
MFWMAAEC.DLL --a---- 614400 bytes [19:44 28/01/2011] [04:34 19/01/2008] 30C062B2D048EC6F9CB15189677B9E45
mgmtapi.dll --a---- 18944 bytes [08:58 02/11/2006] [09:46 02/11/2006] B4F5DE3DAD8E6B97272F45DB97674878
midimap.dll --a---- 17408 bytes [19:44 28/01/2011] [04:34 19/01/2008] D7F1F6C72276A15579D5761098018891
migisol.dll --a---- 95232 bytes [19:44 28/01/2011] [04:34 19/01/2008] F0C789FDF068163E037780FC7BE4522D
miguiresource.dll --a---- 181760 bytes [08:42 02/11/2006] [09:46 02/11/2006] B13A8D6F708AA2034A9DE0979F81D890
milcore.dll --a---- 2011648 bytes [19:44 28/01/2011] [04:34 19/01/2008] 1633289ED1E512D53B7D60FE806600D7
mimefilt.dll --a---- 40448 bytes [08:50 30/01/2011] [05:18 27/05/2008] 1647E2E832AFD0B20E2DE0F43A067ACB
mlang.dll --a---- 187904 bytes [19:44 28/01/2011] [04:34 19/01/2008] 3EB6D30D82F0E300FCFBAD0498F654FD
mmcbase.dll --a---- 301056 bytes [19:44 28/01/2011] [04:34 19/01/2008] 26D7F733F37E8E535DD106E5DE7DC3C6
mmci.dll --a---- 52224 bytes [09:03 02/11/2006] [09:46 02/11/2006] 573C62C9F371810EAD74E89991D80579
mmcico.dll --a---- 12800 bytes [09:03 02/11/2006] [09:46 02/11/2006] 8BAA00FF3D5077A3372A8A36B7D622AE
mmcndmgr.dll --a---- 2167808 bytes [19:44 28/01/2011] [04:34 19/01/2008] F628BDAE1A288E3BDBD2102081A6325B
mmcshext.dll --a---- 127488 bytes [19:44 28/01/2011] [04:34 19/01/2008] 7CF9DBE2D5D2CA53DD33B5C708CC9B7A
mmcss.dll --a---- 45056 bytes [19:44 28/01/2011] [04:34 19/01/2008] 1076FFCFFAAE8385FD62DFCB25AC4708
MMDevAPI.dll --a---- 149504 bytes [19:44 28/01/2011] [04:34 19/01/2008] 3040D9DF36AE94DB309726400582E02F
MMSYSTEM.DLL --a---- 68992 bytes [07:10 02/11/2006] [07:10 02/11/2006] F71B2CD664E53E6525AB636DB91320F6
modemui.dll --a---- 287744 bytes [19:44 28/01/2011] [04:34 19/01/2008] 5BBC45E19BCFB982C946429B9369DEE4
montr_ci.dll --a---- 15360 bytes [08:54 02/11/2006] [09:46 02/11/2006] 9E6FD86E50B4423D845C342B08033C23
moricons.dll --a---- 184832 bytes [12:34 02/11/2006] [12:34 02/11/2006] 6C8BF28FCAF3E258E2FA28582A1EE365
MP3DMOD.DLL --a---- 84480 bytes [19:44 28/01/2011] [04:34 19/01/2008] 4E7A0606FE8FFBEC76B4FD5528E7F2B0
MP43DECD.DLL --a---- 259584 bytes [19:44 28/01/2011] [04:34 19/01/2008] E4F82BDEE23EFD5633774762239717EF
MP4SDECD.DLL --a---- 317952 bytes [21:20 29/01/2011] [16:08 05/04/2010] B0419A01A95D3FACEBC4A30D42CF624A
MPG4DECD.DLL --a---- 259584 bytes [19:44 28/01/2011] [04:34 19/01/2008] D0A5DE2CAF73D9E5E951A876735B2C20
mpr.dll --a---- 68608 bytes [19:44 28/01/2011] [04:34 19/01/2008] C047F0EEB03D8513B90A6EA70416DC18
mprapi.dll --a---- 97792 bytes [19:44 28/01/2011] [04:34 19/01/2008] 3DBFEBE4DDF9CE3D647FAAFC1D15F3C6
mprddm.dll --a---- 104960 bytes [19:44 28/01/2011] [04:34 19/01/2008] 897FD279DDD2506FDC317C2FDAA2FEF6
mprdim.dll --a---- 68608 bytes [19:44 28/01/2011] [04:34 19/01/2008] BCDD6B4804D06B1F7EBF29E53A57ECE9
mprmsg.dll --a---- 124928 bytes [19:44 28/01/2011] [04:34 19/01/2008] F5BA409E27F4F4547E1324A870F6D66E
MPSSVC.dll --a---- 393216 bytes [19:44 28/01/2011] [04:34 19/01/2008] D1639BA315B0D79DEC49A4B0E1FB929B
msaatext.dll --a---- 120320 bytes [19:44 28/01/2011] [04:34 19/01/2008] 73E51462C42A241B4C8A1B6E53F5F86B
MSAC3ENC.DLL --a---- 160256 bytes [19:44 28/01/2011] [04:34 19/01/2008] 4F1174EC2FAB3F4AC05B0E8D72D7978A
msacm.dll --a---- 61168 bytes [12:34 02/11/2006] [12:34 02/11/2006] 8EE0B6EDCD5FE63BDEEEB82351B110EE
msacm32.dll --a---- 71680 bytes [19:44 28/01/2011] [04:34 19/01/2008] BDBB449425991154135E5ED1559927E6
msafd.dll --a---- 3072 bytes [08:58 02/11/2006] [09:40 02/11/2006] 7C17B136CEF59FB84F5E58F16D2DE812
msasn1.dll --a---- 61440 bytes [03:07 16/10/2009] [12:24 04/09/2009] BA577783E8B4E2F49ED859E01C77F47B
msaudite.dll --a---- 145920 bytes [06:52 02/11/2006] [09:40 02/11/2006] 576E0AAF57AA32F37040554E909C3D0B
mscandui.dll --a---- 218624 bytes [19:44 28/01/2011] [04:34 19/01/2008] D6D67613D639C732BC4297C0283B9C66
mscat32.dll --a---- 10240 bytes [08:43 02/11/2006] [09:46 02/11/2006] 9B0B3925007F94B768BE662831BE8DDB
mscms.dll --a---- 391168 bytes [19:44 28/01/2011] [04:34 19/01/2008] E20BEFE3A8DE4754EBA8C6F4E5CA3E2F
mscoree.dll --a---- 297808 bytes [08:11 30/01/2011] [15:55 08/11/2009] 128DD9AF8640DBCC711940903C8B554F
mscorier.dll --a---- 158720 bytes [07:02 30/08/2009] [18:00 27/07/2008] C8F8139722D2B68ED3894EA2649F7EDB
mscories.dll --a---- 83968 bytes [07:01 30/08/2009] [18:00 27/07/2008] 4EE2A4B37555865CA58011B83DF40245
mscpx32r.dLL --a---- 8192 bytes [08:11 02/11/2006] [08:11 02/11/2006] 1BA266A859D503258648CCB406DA9383
mscpxl32.dLL --a---- 28672 bytes [09:10 02/11/2006] [09:46 02/11/2006] 086DF8482ACA652737A991195C743AAF
msctf.dll --a---- 806912 bytes [19:44 28/01/2011] [04:34 19/01/2008] 030981927E732FD4013910B3B06BD45B
MsCtfMonitor.dll --a---- 19456 bytes [19:45 28/01/2011] [04:34 19/01/2008] 6B08495EA542B1DACB6B6A853FE21D44
msctfp.dll --a---- 83456 bytes [08:38 02/11/2006] [09:46 02/11/2006] 670DA541D495FCE96F6E6EF7B7AA9D25
msctfui.dll --a---- 84992 bytes [19:45 28/01/2011] [04:34 19/01/2008] 36124BC4B9ACE6CA0E3ABF4D78C1089F
msdadiag.dll --a---- 159744 bytes [19:45 28/01/2011] [04:34 19/01/2008] C1A9E513173FC152F8FCB289A2E38060
msdart.dll --a---- 126976 bytes [19:45 28/01/2011] [04:34 19/01/2008] 554ED6988E44FDF18941429E8B2CB652
msdelta.dll --a---- 305152 bytes [19:45 28/01/2011] [04:34 19/01/2008] DE174201436696B19775AE3338A96532
msdmo.dll --a---- 30720 bytes [19:45 28/01/2011] [04:34 19/01/2008] B8AEFF80ABD57E6ABC6A46EAC7F4515F
msdri.dll --a---- 415232 bytes [19:45 28/01/2011] [04:34 19/01/2008] 44B9C62C32CDA7A62BCFE65DDF4D92C4
msdrm.dll --a---- 329216 bytes [18:25 21/03/2010] [12:45 25/01/2010] 0353882F8DA3A50FA23107D6913BEAF4
msdt.dll --a---- 212992 bytes [19:45 28/01/2011] [04:34 19/01/2008] B77D398030439A60A2A2B1FE01788209
msdtckrm.dll --a---- 344576 bytes [19:45 28/01/2011] [04:34 19/01/2008] 8078F8F8F7A79E2E6B494523A828C585
msdtclog.dll --a---- 89088 bytes [19:45 28/01/2011] [04:34 19/01/2008] 093FE74148C4FC8AD536943B0BCF29B5
msdtcprx.dll --a---- 562176 bytes [14:57 07/06/2009] [03:27 06/06/2008] CB5F33C8225B865B3F6F7E8995E5273A
msdtctm.dll --a---- 1052160 bytes [19:45 28/01/2011] [04:34 19/01/2008] 35B9815382B95D2D4FFD19643BC4BFAA
msdtcuiu.dll --a---- 215040 bytes [19:45 28/01/2011] [04:34 19/01/2008] CEF9A047ACEBA7A431C72A7D3E798149
msdtcVSp1res.dll --a---- 20992 bytes [19:45 28/01/2011] [02:48 19/01/2008] 829C9FAABB399A0C7F80ED0C3592CE55
msexch40.dll --a---- 413696 bytes [06:47 02/11/2006] [09:46 02/11/2006] 2E38F7D0B17E89FA10B50B79007149EF
msexcl40.dll --a---- 344064 bytes [19:45 28/01/2011] [04:35 19/01/2008] 28D84E27B303F29623ADDDB34630083A
msfeeds.dll --a---- 467456 bytes [19:45 14/06/2011] [14:58 21/04/2011] EEA6F3CFC1F7E8709EBD8A78FBA1674A
msfeedsbs.dll --a---- 52224 bytes [19:45 28/01/2011] [04:35 19/01/2008] 27DC2E027EDCC0565CA559F4D3C2191D
msftedit.dll --a---- 564224 bytes [19:45 28/01/2011] [04:35 19/01/2008] 0E34CFF4B801CD104D3F35F8D992BF17
mshtml.dll --a---- 3593728 bytes [19:46 14/06/2011] [14:58 21/04/2011] D6C2CEACB1EE184EA0C1D6BD594B398F
mshtmled.dll --a---- 477184 bytes [19:45 14/06/2011] [14:58 21/04/2011] C5BBD8BDCF29C18E9646A2F7AF2A2A33
mshtmler.dll --a---- 48128 bytes [07:33 02/11/2006] [07:33 02/11/2006] E390BF47FC633651914E70DA720D1A79
msi.dll --a---- 2085888 bytes [19:45 28/01/2011] [04:35 19/01/2008] B19180F7C2363AF7E8C3C901D7A92FE1
msidcrl30.dll --a---- 475648 bytes [19:45 28/01/2011] [04:35 19/01/2008] 3F1C39C36588C8C23CF1C1E4F9F20AF2
msident.dll --a---- 53248 bytes [19:45 28/01/2011] [04:35 19/01/2008] 17A987B488F47783CBBF6A9BE2BAAD09
msidle.dll --a---- 8704 bytes [19:45 28/01/2011] [04:35 19/01/2008] AAB5FEAABF4CB6F76D794203831C8D94
msidntld.dll --a---- 4608 bytes [07:25 02/11/2006] [07:25 02/11/2006] 1A3B23133A72D1CA83DE041353D23FF0
msieftp.dll --a---- 296960 bytes [19:45 28/01/2011] [04:35 19/01/2008] E2037C8AB06198D912650894E0F80863
msihnd.dll --a---- 332288 bytes [19:45 28/01/2011] [04:35 19/01/2008] 871566D2B43710827031F8D7192C969B
msiltcfg.dll --a---- 15872 bytes [08:42 02/11/2006] [09:46 02/11/2006] DE7F813217EC88C0A6D4D8F2F39D7949
msimg32.dll --a---- 4608 bytes [08:38 02/11/2006] [09:46 02/11/2006] 2EC53B5A351C4D443896DBAD117F7E82
msimsg.dll --a---- 2560 bytes [07:15 02/11/2006] [07:15 02/11/2006] 200C81D5EB703CEF14C5A11D12E22396
msimtf.dll --a---- 31232 bytes [19:45 28/01/2011] [04:35 19/01/2008] 2FA6CB0AEFD7D659668BDBC65CA0780D
msisip.dll --a---- 19456 bytes [19:45 28/01/2011] [04:35 19/01/2008] C88CABFB5EFCA46B3B2B59D81B64D47D
msjet40.dll --a---- 1589248 bytes [19:45 28/01/2011] [04:35 19/01/2008] 42F99DDE2DD172CC68849C8ECDB86432
msjetoledb40.dll --a---- 368640 bytes [19:45 28/01/2011] [04:35 19/01/2008] 6B7A80DE3B6D9F691867388E3B33D404
msjint40.dll --a---- 167936 bytes [06:47 02/11/2006] [09:46 02/11/2006] 9C8A3598AD9385B518A0E817A74063E2
msjter40.dll --a---- 77824 bytes [06:47 02/11/2006] [09:46 02/11/2006] BDEBA5B8796180653C51DBFE465956CB
msjtes40.dll --a---- 299008 bytes [19:45 28/01/2011] [04:35 19/01/2008] FAD51C445664E16F49E2725BB0790A4E
msls31.dll --a---- 156160 bytes [19:45 28/01/2011] [04:35 19/01/2008] F3EBDA850CC141768498DECAAD513299
msltus40.dll --a---- 245760 bytes [19:45 28/01/2011] [04:35 19/01/2008] 0645C01ED834BEF53465EA4129EE5A4D
msmmsp.dll --a---- 10752 bytes [19:45 28/01/2011] [04:35 19/01/2008] 047BF8FD0BA43339D09DE4E9D6FC4713
MSMPEG2ADEC.DLL --a---- 391680 bytes [19:45 28/01/2011] [04:35 19/01/2008] 330E7E99A0911898CD1EF69384220032
MSMPEG2ENC.DLL --a---- 506880 bytes [19:45 28/01/2011] [04:35 19/01/2008] B6054F6BC33735C8E52EA1664C6FB1A0
MSMPEG2VDEC.DLL --a---- 588288 bytes [19:45 28/01/2011] [04:35 19/01/2008] C0E2DC06B66C2027ED5FB19FDB393B82
msnetobj.dll --a---- 179712 bytes [19:45 28/01/2011] [04:35 19/01/2008] CA042916CD699F143E59A2984B4D240E
msobjs.dll --a---- 58880 bytes [19:45 28/01/2011] [04:29 19/01/2008] 7CF057E653800615E047976E042E2579
msoeacct.dll --a---- 205824 bytes [19:45 28/01/2011] [04:35 19/01/2008] 1C72EB99C500BC527B009FFDCB7D5611
msoert2.dll --a---- 87552 bytes [19:45 28/01/2011] [04:35 19/01/2008] 214460565D2AC0BC124D14B785ADAE06
msonpmon.dll --a---- 31640 bytes [21:18 11/12/2007] [08:42 27/02/2009] C52CE534397E1D3A442FB4C88A3CBE42
msorc32r.dll --a---- 8192 bytes [08:11 02/11/2006] [08:11 02/11/2006] 9ADBC704C7F96B2FA30E412DCAFD3C1C
msorcl32.dll --a---- 180224 bytes [19:45 28/01/2011] [04:35 19/01/2008] 8A3ADDFFC21D53BFAC11A561727AA023
mspatcha.dll --a---- 35328 bytes [19:45 28/01/2011] [04:35 19/01/2008] 5E41139EC6EFBCAFFD96D46925E544AB
mspbde40.dll --a---- 376832 bytes [19:45 28/01/2011] [04:35 19/01/2008] 407B071B1D5DFCE1A2CDA8A095FA04DD
msports.dll --a---- 44032 bytes [08:48 02/11/2006] [09:46 02/11/2006] 86AE4B30DD326D05011EA151F07C5978
msprivs.dll --a---- 2048 bytes [07:18 02/11/2006] [07:18 02/11/2006] ABE9EEA1EABEA0711610A637A7B1C25D
msrating.dll --a---- 193024 bytes [19:45 28/01/2011] [04:35 19/01/2008] 5C4363A73ADF425D2A85258040414043
msrd2x40.dll --a---- 323584 bytes [06:47 02/11/2006] [09:46 02/11/2006] A57C3850044067FED7F3F4570A6433AF
msrd3x40.dll --a---- 344064 bytes [19:45 28/01/2011] [04:35 19/01/2008] 07DE6B297CDF8A60B4F72B96D338FC11
msrdc.dll --a---- 160256 bytes [19:45 28/01/2011] [04:35 19/01/2008] 2015BD64CC3EDCD6204FEC5700E40AFE
msrepl40.dll --a---- 647168 bytes [19:45 28/01/2011] [04:35 19/01/2008] EF4E54AD58933A11F4D3F119116486F4
msrle32.dll --a---- 13312 bytes [17:52 21/03/2010] [12:32 28/12/2009] 3ABB15BEBD3B61AC94D4C4FC8C3190CA
msscb.dll --a---- 34816 bytes [08:50 30/01/2011] [05:17 27/05/2008] 8F580BCC5296ECC9DC8A649D75BE6BA5
msscntrs.dll --a---- 60416 bytes [08:50 30/01/2011] [05:17 27/05/2008] F1AA467825079B05D590D475432B4066
msscp.dll --a---- 414208 bytes [19:45 28/01/2011] [04:35 19/01/2008] 4C5262E20D456EBF10AC96E6417E59AC
mssha.dll --a---- 169472 bytes [19:45 28/01/2011] [04:35 19/01/2008] 4CFDB5508EE90953926DA0BAA27F5640
msshavmsg.dll --a---- 268800 bytes [12:34 02/11/2006] [12:34 02/11/2006] D47A4587270AEB58F4BDDB35A3463D9E
msshooks.dll --a---- 11776 bytes [08:50 30/01/2011] [05:17 27/05/2008] 4774D83BE60B7F47C612E25D6FE0F010
msshsq.dll --a---- 231936 bytes [08:02 31/01/2011] [09:25 20/09/2010] 365FEF29B22F626C5756AC0DEE91C249
mssign32.dll --a---- 38912 bytes [08:43 02/11/2006] [09:46 02/11/2006] 0DD6FEEE59EAF17A52564ACA95205341
mssip32.dll --a---- 7680 bytes [08:43 02/11/2006] [09:46 02/11/2006] B928F72B051B7F2803717E75D258F087
mssitlb.dll --a---- 87552 bytes [08:50 30/01/2011] [05:17 27/05/2008] 8C0B9F7E85259315C5E193C6595E71CD
mssph.dll --a---- 350208 bytes [08:50 30/01/2011] [05:18 27/05/2008] CD5D53DFE552074D5553E1089961EA6F
mssphtb.dll --a---- 203776 bytes [08:50 30/01/2011] [05:18 27/05/2008] 444FCF9203D285ABEC4B6350704469A0
mssprxy.dll --a---- 32768 bytes [08:50 30/01/2011] [05:17 27/05/2008] 8BEAF2B4BCDE405AF7EC46A9E03B2D65
mssrch.dll --a---- 1418240 bytes [08:50 30/01/2011] [05:21 27/05/2008] E65C5F612400B39D7AA83E7057D798C2
MSSTDFMT.DLL --a---- 125744 bytes [18:50 24/07/2006] [18:50 24/07/2006] 2A41B7BE5E18E8E24783884199910EFA
msstrc.dll --a---- 44032 bytes [08:50 30/01/2011] [05:18 27/05/2008] FF424E08EEF0611BBEA407DE6D607EE5
mssvp.dll --a---- 670208 bytes [08:50 30/01/2011] [05:18 27/05/2008] AC32DC4D4552151D6842B678D52EB9B7
msswch.dll --a---- 16896 bytes [08:47 02/11/2006] [09:46 02/11/2006] AED37827E40AF692C85748395CA78D43
mstask.dll --a---- 206336 bytes [19:45 28/01/2011] [04:35 19/01/2008] 73FD66B14D3C4252F7A524B8836A4359
mstext40.dll --a---- 282624 bytes [19:45 28/01/2011] [04:35 19/01/2008] FA9428A69A3C3FFA11D5A5FF4F9473EA
mstime.dll --a---- 671232 bytes [19:45 14/06/2011] [14:58 21/04/2011] 0EB4CFBA4791966635DC38FA9241BB70
mstlsapi.dll --a---- 83968 bytes [19:45 28/01/2011] [04:35 19/01/2008] B605E755CD6DB2BEEFDE86A00B7819CE
mstscax.dll --a---- 2067456 bytes [14:14 20/03/2011] [16:43 17/12/2010] BD49A818455C1EA5448BDECAAD81886F
msutb.dll --a---- 163328 bytes [19:45 28/01/2011] [04:35 19/01/2008] 68A11EB85D8BEC7329FEF4C7F6612972
msv1_0.dll --a---- 213504 bytes [03:43 16/10/2009] [17:30 10/09/2009] FE1178E1D65E230721A1F9ADBEBD84CB
msvbvm60.dll --a---- 1386496 bytes [19:45 28/01/2011] [04:35 19/01/2008] 8D43735C8B4519CCC473D68E25F24C1D
msvcirt.dll --a---- 58368 bytes [08:29 02/11/2006] [09:46 02/11/2006] 992B1994668D8FB07EEBF610F41FEB0B
msvcp100.dll --a---- 421200 bytes [05:58 11/06/2011] [05:58 11/06/2011] BC83108B18756547013ED443B8CDB31B
msvcp60.dll --a---- 408576 bytes [08:30 02/11/2006] [09:46 02/11/2006] 6C94F54E3EC097702A8CE8F46D687959
msvcp70.dll --a---- 487424 bytes [12:40 05/01/2002] [12:40 05/01/2002] D04F7AACA2319A3BCDB2C5D5DD6F6026
msvcp71.dll --a---- 499712 bytes [04:14 19/03/2003] [04:14 19/03/2003] 561FA2ABB31DFA8FAB762145F81667C2
msvcr100.dll --a---- 773968 bytes [05:58 11/06/2011] [05:58 11/06/2011] 0E37FBFA79D349D672456923EC5FBBE3
msvcr100_clr0400.dll --a---- 771424 bytes [18:16 18/03/2010] [18:16 18/03/2010] E5F7C30EDF0892667933BE879F067D67
msvcr70.dll --a---- 344064 bytes [12:37 05/01/2002] [12:37 05/01/2002] 9972A6ED4F2388DBFA8E0A96F6F3FDF1
msvcr71.dll --a---- 348160 bytes [12:42 21/02/2003] [12:42 21/02/2003] 86F1895AE8C5E8B17D99ECE768A70732
msvcrt.dll --a---- 680448 bytes [19:45 28/01/2011] [04:35 19/01/2008] 04CBEAA089B6A752B3EB660BEE8C4964
msvcrt20.dll --a---- 253952 bytes [06:49 02/11/2006] [09:46 02/11/2006] EB729B71ACE89A1FD7851CA089D194E7
msvcrt40.dll --a---- 61440 bytes [08:29 02/11/2006] [09:41 02/11/2006] 1222CF294E252BA8F1B65579D4378286
msvfw32.dll --a---- 123904 bytes [17:52 21/03/2010] [12:32 28/12/2009] 4E6B2E600AEB7FB2668A41AC4AA5A536
msvidc32.dll --a---- 31744 bytes [17:52 21/03/2010] [12:32 28/12/2009] 2D002C07F0905B74381462E0EB926B82
MSVidCtl.dll --a---- 1544704 bytes [19:45 28/01/2011] [04:35 19/01/2008] 79848F91EA1F50ADDDE05C12A847C321
msvideo.dll --a---- 126912 bytes [12:34 02/11/2006] [12:34 02/11/2006] AD060CFCE701410D7FA4B3461AB83EF5
mswdat10.dll --a---- 856064 bytes [06:47 02/11/2006] [09:46 02/11/2006] 0D18C5C88F5AF46141F2760FC0CAA586
mswmdm.dll --a---- 312320 bytes [19:45 28/01/2011] [04:35 19/01/2008] 915D3430FE926376DD942AE45A9A1665
mswsock.dll --a---- 223232 bytes [19:45 28/01/2011] [04:35 19/01/2008] 89FD0595EEA4E505CABEFCF7008F2612
mswstr10.dll --a---- 622592 bytes [06:47 02/11/2006] [09:46 02/11/2006] DF3B640B8A2527F152E7F4CCAAC0FA38
msxbde40.dll --a---- 450560 bytes [19:45 28/01/2011] [04:35 19/01/2008] B28F35486C9A60108679B227A2167990
msxml3.dll --a---- 1257472 bytes [21:20 29/01/2011] [15:30 11/06/2010] 12A4E29C7F0C1B1E89541830FD0E52F1
msxml3r.dll --a---- 2048 bytes [08:26 02/11/2006] [09:41 02/11/2006] 8A324CC67F207E6BEE00ADA0A31B743D
msxml4.dll --a---- 1348432 bytes [05:05 21/07/2009] [05:05 21/07/2009] 09DEF3ABB6A196749299359AC5578DD8
msxml4r.dll --a---- 82432 bytes [22:10 04/11/2006] [22:10 04/11/2006] CF34EEC288A4C53E71602D5E0D65EF89
msxml6.dll --a---- 1399296 bytes [21:18 03/12/2009] [11:01 10/08/2009] FAED2BB920F8C729693A517394C87DD0
msxml6r.dll --a---- 2048 bytes [08:26 02/11/2006] [09:41 02/11/2006] 27871C737EA32408AF880842BF51E783
msyuv.dll --a---- 22528 bytes [17:52 21/03/2010] [12:32 28/12/2009] 2EA4F47CCF2E4F1E87363601090B3FF8
mtxclu.dll --a---- 307712 bytes [19:45 28/01/2011] [04:35 19/01/2008] E34481B17BE3043E81653659AF65C027
mtxdm.dll --a---- 22016 bytes [19:45 28/01/2011] [04:35 19/01/2008] 2DAB5E18E0366F411557E12CB3EB6258
mtxex.dll --a---- 7168 bytes [08:50 02/11/2006] [09:46 02/11/2006] 01069BC0B9A66FFEF38A020387B886DE
mtxlegih.dll --a---- 27136 bytes [19:45 28/01/2011] [04:35 19/01/2008] 77534C337B48041250404748531F6C9C
mtxoci.dll --a---- 105472 bytes [19:45 28/01/2011] [04:35 19/01/2008] 27E7C315861C59FA3C347046A6E39882
muifontsetup.dll --a---- 15360 bytes [08:38 02/11/2006] [09:46 02/11/2006] 7910AAC954BDBFEB83A1295ADA2DE639
MUILanguageCleanup.dll --a---- 10240 bytes [08:48 02/11/2006] [09:46 02/11/2006] 4D39F1E13A8F0AC20C3984C3AF455CC6
mycomput.dll --a---- 229888 bytes [19:45 28/01/2011] [04:35 19/01/2008] 2CB350B72FEA6FB5A010099A4444B636
mydocs.dll

JonEJet
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-07-16
OS OS : XP
Points Points : 30186
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Sun Jun 03, 2012 12:27 am

mydocs.dll --a---- 135680 bytes [19:45 28/01/2011] [04:35 19/01/2008] F30D5EE1426D519F0C6E41A24C51D7AD
NAPCRYPT.DLL --a---- 46080 bytes [19:45 28/01/2011] [04:38 19/01/2008] 18A24D038910FB55AC04EDC30B95BEC3
napdsnap.dll --a---- 67584 bytes [19:45 28/01/2011] [04:35 19/01/2008] 8BF64493F9E9BEBFE5BFD148CDD3B992
NAPHLPR.DLL --a---- 103936 bytes [19:45 28/01/2011] [04:38 19/01/2008] B621CEA9D376BB8E85D6F65807068281
NapiNSP.dll --a---- 50176 bytes [19:45 28/01/2011] [04:35 19/01/2008] FC62A635063B762E1C3C60EA77279378
napipsec.dll --a---- 34304 bytes [19:45 28/01/2011] [04:35 19/01/2008] CE5BA334A73B4529AFFD84DD0A12DB88
NAPMONTR.DLL --a---- 153600 bytes [19:45 28/01/2011] [04:35 19/01/2008] 8BAD86529889249CD4A7D5789BE9FE66
NativeHooks.dll --a---- 13312 bytes [08:39 02/11/2006] [09:46 02/11/2006] FB851240E01F528B7050BBC66487F4CF
NaturalLanguage6.dll --a---- 801280 bytes [15:17 30/08/2008] [03:29 26/06/2008] 0796CD68FFD919AEC03AE8F7F3FC538B
NcdProp.dll --a---- 19968 bytes [19:44 28/01/2011] [04:35 19/01/2008] FAC2D28000A685B43185F55BEB93AA0D
nci.dll --a---- 74240 bytes [19:44 28/01/2011] [04:35 19/01/2008] 1289C97AE8D5EEA1C197BED8F94B3C25
ncobjapi.dll --a---- 48128 bytes [19:44 28/01/2011] [04:35 19/01/2008] 2FA16465F64DB54B1F7F511395EB4FD7
ncrypt.dll --a---- 204288 bytes [19:44 28/01/2011] [04:35 19/01/2008] 5D0B2FF2BAA623FC833C06916CB3428E
ncryptui.dll --a---- 445952 bytes [19:44 28/01/2011] [04:35 19/01/2008] 92A3B1CCC82482E7C67BF4199C885470
ncsi.dll --a---- 93184 bytes [19:44 28/01/2011] [04:35 19/01/2008] F4D9ED6BD74AD7CC0BEC83C43A1CB76B
nddeapi.dll --a---- 8192 bytes [08:38 02/11/2006] [09:46 02/11/2006] 30A23ECADA8E9F58676F85B6A716CFFC
ndfapi.dll --a---- 135168 bytes [19:44 28/01/2011] [04:35 19/01/2008] 8CBE8BB8E439B8DCAA4978510619118C
ndfetw.dll --a---- 29184 bytes [19:44 28/01/2011] [04:35 19/01/2008] B79C844619AB577AD1A898DAF61D3EEF
ndishc.dll --a---- 42496 bytes [08:57 02/11/2006] [09:46 02/11/2006] 4DC349208B5B5123A376830D2D637A75
ndproxystub.dll --a---- 11776 bytes [08:56 02/11/2006] [09:46 02/11/2006] A715DB999AA30243BC92C484AADAB813
netapi.dll --a---- 108464 bytes [06:25 02/11/2006] [21:43 18/09/2006] D8F01AB82D5699A6A278651777D00B67
netapi32.dll --a---- 466944 bytes [21:13 25/10/2008] [04:47 16/10/2008] F1011BD3AAD22375F34CF48CACD483C1
netcenter.dll --a---- 2225664 bytes [19:44 28/01/2011] [04:35 19/01/2008] 4DD2FB7F2BE6FDBCFDD691C639B83A0C
netcfgx.dll --a---- 386560 bytes [19:44 28/01/2011] [04:35 19/01/2008] 6BC5FCEF351E4CB5A269C1E84B5A06DA
netcorehc.dll --a---- 112128 bytes [19:44 28/01/2011] [04:35 19/01/2008] AE56C2C244B525162C289466BB221883
netdiagfx.dll --a---- 112128 bytes [19:44 28/01/2011] [04:35 19/01/2008] E54401D57A395ECFFCF19B5C66BB0963
netevent.dll --a---- 17920 bytes [21:22 29/01/2011] [16:23 06/09/2010] 3D083BB9F3F1461B209AD26DC5255D77
netfxperf.dll --a---- 49472 bytes [08:11 30/01/2011] [15:55 08/11/2009] 15515AE1540B4EE2B75DF63FC15129DF
neth.dll --a---- 2048 bytes [07:21 02/11/2006] [09:41 02/11/2006] 3F38E56CACC280074028E538131F19D4
netid.dll --a---- 119808 bytes [19:44 28/01/2011] [04:35 19/01/2008] 56FAD7B432A158042F41E90A4E48BD39
netiohlp.dll --a---- 104960 bytes [15:09 13/09/2009] [16:29 14/08/2009] B66ED8A3D5F38BD4DCA5E76F69FBC9BD
netlogon.dll --a---- 592384 bytes [19:44 28/01/2011] [04:35 19/01/2008] A8EFC0B6E75B789F7FD3BA5025D4E37F
netman.dll --a---- 274432 bytes [19:44 28/01/2011] [04:35 19/01/2008] C8052711DAECC48B982434C5116CA401
netmsg.dll --a---- 2048 bytes [07:21 02/11/2006] [09:41 02/11/2006] A324D72A06C110152E7607745F39BFA1
netplwiz.dll --a---- 180736 bytes [19:44 28/01/2011] [04:35 19/01/2008] 7665C8F7D72267BF7128594EB6349F66
netprof.dll --a---- 669696 bytes [19:44 28/01/2011] [04:35 19/01/2008] ED640F4CE585058119B824CC76591D9C
netprofm.dll --a---- 237056 bytes [19:44 28/01/2011] [04:35 19/01/2008] 2EF3BBE22E5A5ACD1428EE387A0D0172
NetProjW.dll --a---- 1086464 bytes [19:44 28/01/2011] [04:36 19/01/2008] 588C50DE451F5FDFB2C86D1019E6821D
netrap.dll --a---- 14848 bytes [08:45 02/11/2006] [09:46 02/11/2006] 4BF053944E973C073339BE841C9ECF28
netshell.dll --a---- 3173376 bytes [19:44 28/01/2011] [04:35 19/01/2008] 5AA18E7840E880E10789DE414BF3131A
networkexplorer.dll --a---- 2226688 bytes [19:44 28/01/2011] [04:35 19/01/2008] E3C52CD56F4CB2D9736C75EFAA62A07F
networkitemfactory.dll --a---- 39936 bytes [19:44 28/01/2011] [04:35 19/01/2008] 9748CC1FC4614B312441108F9A80F3D0
networkmap.dll --a---- 3072000 bytes [19:44 28/01/2011] [04:35 19/01/2008] C0FC00E66FFB384B88B32B180CA6FF7A
newdev.dll --a---- 183808 bytes [19:44 28/01/2011] [04:35 19/01/2008] A06A7435622430BCF68F67338097D463
nlaapi.dll --a---- 48128 bytes [19:44 28/01/2011] [04:35 19/01/2008] D1A84F7D4CAFCFE2A32149FF418056E5
nlasvc.dll --a---- 168448 bytes [19:44 28/01/2011] [04:35 19/01/2008] 2997B15415F9BBE05B5A4C1C85E0C6A2
nlhtml.dll --a---- 136704 bytes [08:50 30/01/2011] [05:18 27/05/2008] E713A2BC4A348FF87A18BBEBE670B3CC
nlmgp.dll --a---- 154624 bytes [19:44 28/01/2011] [04:35 19/01/2008] 2C6A504736912FCE43636314ECDB64D6
nlmsprep.dll --a---- 11264 bytes [08:59 02/11/2006] [09:46 02/11/2006] EAE0C5C1D6EE70E565A30821FBEA8827
nlsbres.dll --a---- 57856 bytes [19:44 28/01/2011] [04:31 19/01/2008] 5BC982DFFBDB43E82330731BF35FB3D8
NlsData0000.dll --a---- 1523712 bytes [15:16 30/08/2008] [07:35 19/01/2008] 92175EF139BD8FB53BE879CA685445BD
NlsData0001.dll --a---- 2599936 bytes [15:17 30/08/2008] [07:35 19/01/2008] 2A62029133C7BF7384ECF285E4DC9E04
NlsData0002.dll --a---- 1965056 bytes [15:17 30/08/2008] [07:35 19/01/2008] 984A2B91E693E200634E957DAD0999C9
NlsData0003.dll --a---- 1965056 bytes [15:17 30/08/2008] [07:35 19/01/2008] 0F52B42785F568CAF890DBCC42F33F63
NlsData0007.dll --a---- 2243072 bytes [15:17 30/08/2008] [07:35 19/01/2008] 3BC9A79BCD7BD98A6F492BCF1B6177B9
NlsData0009.dll --a---- 4875776 bytes [15:17 30/08/2008] [07:35 19/01/2008] AA111488C03C58A2BF66509ABB4FDE60
NlsData000a.dll --a---- 9847296 bytes [15:17 30/08/2008] [07:35 19/01/2008] 4193FA0DEBDA9766956C4E95AE55B5BE
NlsData000c.dll --a---- 2643456 bytes [15:17 30/08/2008] [07:35 19/01/2008] 840935DA7EB259D4E870FDF1A6A73C91
NlsData000d.dll --a---- 2342912 bytes [15:17 30/08/2008] [07:35 19/01/2008] 8ECD68034E3839CBD898931F2D4EA58E
NlsData000f.dll --a---- 1965056 bytes [15:17 30/08/2008] [07:35 19/01/2008] 4338399905A452CA3C3AEC26AB869F01
NlsData0010.dll --a---- 4495360 bytes [15:17 30/08/2008] [07:35 19/01/2008] EE63EF08E8A3B87B207ECCA7BA29A33D
NlsData0011.dll --a---- 2657280 bytes [15:17 30/08/2008] [07:35 19/01/2008] 639426BADF39254D66AE4BB72BD9FD03
NlsData0013.dll --a---- 3466752 bytes [15:17 30/08/2008] [07:35 19/01/2008] AE93569C876F787925DCFF467E644312
NlsData0018.dll --a---- 1965056 bytes [15:17 30/08/2008] [07:35 19/01/2008] 4D746322509BB543AF113F668EC0A0F0
NlsData0019.dll --a---- 4497408 bytes [15:17 30/08/2008] [07:35 19/01/2008] 31F820370734AF640FB8E3E7A84297A8
NlsData001a.dll --a---- 1965056 bytes [15:17 30/08/2008] [07:35 19/01/2008] 3707674298597DBCF01A9F5FF9F0C1CA
NlsData001b.dll --a---- 1965056 bytes [15:17 30/08/2008] [07:35 19/01/2008] 9F86F0E41EF7AC5AC533E4477564A8C1
NlsData001d.dll --a---- 4495360 bytes [15:17 30/08/2008] [07:35 19/01/2008] A62D64472683AAE423D013A5DCE9D66E
NlsData0020.dll --a---- 3104768 bytes [15:17 30/08/2008] [07:35 19/01/2008] 776033D8A737612A6D936634F132B534
NlsData0021.dll --a---- 1801216 bytes [15:17 30/08/2008] [07:35 19/01/2008] 299C379C67BF7A71BB181D4A7DC8D50A
NlsData0022.dll --a---- 1801216 bytes [15:17 30/08/2008] [07:35 19/01/2008] 56CFEF7D5B8C60772D6581EA11C14BCE
NlsData0024.dll --a---- 1965056 bytes [15:17 30/08/2008] [07:35 19/01/2008] 6CB211DACD1517DDD07B973E198032A4
NlsData0026.dll --a---- 1965056 bytes [15:17 30/08/2008] [07:35 19/01/2008] F0DB8B4FAB8BA1FFF40592E7D6C82A74
NlsData0027.dll --a---- 1966592 bytes [15:17 30/08/2008] [07:35 19/01/2008] FDCD89854532B240C99F14EC815EA931
NlsData002a.dll --a---- 1801216 bytes [15:17 30/08/2008] [07:35 19/01/2008] 55409BDD2FAA3BFF8DE70D95ED17B843
NlsData0039.dll --a---- 3104768 bytes [15:17 30/08/2008] [07:35 19/01/2008] 44D54A8F54132E86F5EB1668AD8F53AD
NlsData003e.dll --a---- 1801216 bytes [15:17 30/08/2008] [07:35 19/01/2008] F33FCD17F450DE7788A5956B2D0B6927
NlsData0045.dll --a---- 3104768 bytes [15:17 30/08/2008] [07:35 19/01/2008] E7B8CAAEAF64FEBD48D9A3A307E763D9
NlsData0046.dll --a---- 3104768 bytes [15:17 30/08/2008] [07:35 19/01/2008] F702CAFF580A081F5A0F0AA16CD1D527
NlsData0047.dll --a---- 3104768 bytes [15:17 30/08/2008] [07:35 19/01/2008] 07EAED023D830960E21F239A12330C41
NlsData0049.dll --a---- 3104768 bytes [15:17 30/08/2008] [07:35 19/01/2008] 110DA1E2255627479851F153D4001FE1
NlsData004a.dll --a---- 3104768 bytes [15:17 30/08/2008] [07:35 19/01/2008] 879DD107E11855B3ECB4AE353084041C
NlsData004b.dll --a---- 3104768 bytes [15:17 30/08/2008] [07:35 19/01/2008] 52BC3E1F1CE4C9A7FC5726B112EE1029
NlsData004c.dll --a---- 3104768 bytes [15:17 30/08/2008] [07:35 19/01/2008] 512E17B78D9B9776127707273DB094B6
NlsData004e.dll --a---- 3104768 bytes [15:17 30/08/2008] [07:35 19/01/2008] 212A0561118C351B8C415ADA7AF5E5AC
NlsData0414.dll --a---- 4495360 bytes [15:17 30/08/2008] [07:35 19/01/2008] D28E2077A1CAECC601ADE4A4F0762154
NlsData0416.dll --a---- 4495360 bytes [15:17 30/08/2008] [07:35 19/01/2008] D2DA6E6D3ED245E09ECC04B6152690DB
NlsData0816.dll --a---- 4495360 bytes [15:17 30/08/2008] [07:35 19/01/2008] FA00ED7B25029DC85FF2358873C9EB3B
NlsData081a.dll --a---- 1965056 bytes [15:17 30/08/2008] [07:35 19/01/2008] C4527FD98460DEA9BC8895EDD55EA164
NlsData0c1a.dll --a---- 1965056 bytes [15:17 30/08/2008] [07:35 19/01/2008] 4B837E0BAC46DE7BCE39A06553C0E6A1
Nlsdl.dll --a---- 25088 bytes [19:44 28/01/2011] [04:35 19/01/2008] A32A618480E9C6A13A0C84D0C40C8111
NlsLexicons0001.dll --a---- 11722752 bytes [08:21 02/11/2006] [08:21 02/11/2006] 32FA9AF280FF110CC222E16E6AC6B7F7
NlsLexicons0002.dll --a---- 4164096 bytes [08:22 02/11/2006] [08:22 02/11/2006] 44E945658B5E1AD34C9F07BC730AB312
NlsLexicons0003.dll --a---- 1452544 bytes [08:22 02/11/2006] [08:22 02/11/2006] 872CBE5709C2966EFAC066895DBD301A
NlsLexicons0007.dll --a---- 12240896 bytes [15:17 30/08/2008] [01:45 26/06/2008] 139203091AF732EB05EB0B7911439323
NlsLexicons0009.dll --a---- 2644480 bytes [15:17 30/08/2008] [01:45 26/06/2008] 5A0B0235899EC846FC914458D5CB5332
NlsLexicons000a.dll --a---- 9892864 bytes [08:22 02/11/2006] [08:22 02/11/2006] 3328610FA4DE8AC8AB0A13020DDC5A13
NlsLexicons000c.dll --a---- 6237696 bytes [08:22 02/11/2006] [08:22 02/11/2006] 11A77885F55ACA1C4BB3B1AC1642CE60
NlsLexicons000d.dll --a---- 1722368 bytes [08:22 02/11/2006] [08:22 02/11/2006] E619F16B5F9DD17C60B30BA7DE66D321
NlsLexicons000f.dll --a---- 5654528 bytes [08:22 02/11/2006] [08:22 02/11/2006] 93300F70DEE4B44D917835B64C0FDCDD
NlsLexicons0010.dll --a---- 4175872 bytes [08:22 02/11/2006] [08:22 02/11/2006] BB638FE48EB12C86DEE4CAFC893199DF
NlsLexicons0011.dll --a---- 2466816 bytes [08:22 02/11/2006] [08:22 02/11/2006] E6653DAC142712C990119E460ACFC3A9
NlsLexicons0013.dll --a---- 4981248 bytes [08:21 02/11/2006] [08:21 02/11/2006] B8555E85CACF4F3F70C6462FD85DD884
NlsLexicons0018.dll --a---- 3331072 bytes [08:22 02/11/2006] [08:22 02/11/2006] 1B54CBB167D58A794D34C4CB0C034AE6
NlsLexicons0019.dll --a---- 6781440 bytes [08:22 02/11/2006] [08:22 02/11/2006] DBBEF9CD377267BC1A87D39EE7AFF1D4
NlsLexicons001a.dll --a---- 6014976 bytes [08:22 02/11/2006] [08:22 02/11/2006] D89BEACC690EFCA20F2A0321F061A2B6
NlsLexicons001b.dll --a---- 6585856 bytes [08:22 02/11/2006] [08:22 02/11/2006] 7BBD7C04E9C96641E0F5AB3C6EC1825D
NlsLexicons001d.dll --a---- 6346240 bytes [08:22 02/11/2006] [08:22 02/11/2006] 14D62FE8F9AFB41CDABDF1AFB2D2F416
NlsLexicons0020.dll --a---- 1236992 bytes [08:22 02/11/2006] [08:22 02/11/2006] 8F6C5703253569ACFB25FD8D5F5A5ABE
NlsLexicons0021.dll --a---- 2136064 bytes [08:22 02/11/2006] [08:22 02/11/2006] 67D6957B214B3195B86FBC6AA776A0B7
NlsLexicons0022.dll --a---- 5499904 bytes [08:22 02/11/2006] [08:22 02/11/2006] 8E8F9031458B4614A66DE2AA805BE1C3
NlsLexicons0024.dll --a---- 7964672 bytes [08:22 02/11/2006] [08:22 02/11/2006] FAD29942DB74C86DC3BF9F6AB697742B
NlsLexicons0026.dll --a---- 5791232 bytes [08:22 02/11/2006] [08:22 02/11/2006] 7CBADA047BD69FD498D3DCF6A0AA69B4
NlsLexicons0027.dll --a---- 6224896 bytes [08:22 02/11/2006] [08:22 02/11/2006] F8D48E29B0DECFC5C7DAC0CECCE95B5E
NlsLexicons002a.dll --a---- 4096 bytes [08:22 02/11/2006] [08:22 02/11/2006] F7C293E745CD523C7A01B8B89F42BE9C
NlsLexicons0039.dll --a---- 1782272 bytes [08:22 02/11/2006] [08:22 02/11/2006] C650CA744DF593B6A126B690577088B9
NlsLexicons003e.dll --a---- 4045824 bytes [08:22 02/11/2006] [08:22 02/11/2006] EBA5EC65CB39C53687EF2B59C5C27F79
NlsLexicons0045.dll --a---- 1793536 bytes [08:22 02/11/2006] [08:22 02/11/2006] 79659D766A8B3AE09CAA04E2B8A408EF
NlsLexicons0046.dll --a---- 1808896 bytes [08:22 02/11/2006] [08:22 02/11/2006] D940FB4E325ADAF2D3CDB27AB4CE27F5
NlsLexicons0047.dll --a---- 1411072 bytes [08:22 02/11/2006] [08:22 02/11/2006] 8962ABF8E9510A6995CD8B944733EA2D
NlsLexicons0049.dll --a---- 1558016 bytes [08:22 02/11/2006] [08:22 02/11/2006] 9DFDA1373EC35F603FE4E8794D15D602
NlsLexicons004a.dll --a---- 3419136 bytes [08:22 02/11/2006] [08:22 02/11/2006] 61FE7E797F35A328560F98D049FB2476
NlsLexicons004b.dll --a---- 1702912 bytes [08:22 02/11/2006] [08:22 02/11/2006] 317D430338DDFB6BB54E5687E9A3C671
NlsLexicons004c.dll --a---- 4093440 bytes [08:22 02/11/2006] [08:22 02/11/2006] E49CB297154DAAD867328DCA8AABB5FF
NlsLexicons004e.dll --a---- 1972736 bytes [08:22 02/11/2006] [08:22 02/11/2006] B257BFBC475D1224EDE03FF662ECA128
NlsLexicons0414.dll --a---- 4616192 bytes [08:22 02/11/2006] [08:22 02/11/2006] 0C81D4548B86830380871E934BCEE2F3
NlsLexicons0416.dll --a---- 5090816 bytes [08:22 02/11/2006] [08:22 02/11/2006] 2F1E30166F8EB066315E2D039A66EDA2
NlsLexicons0816.dll --a---- 5031936 bytes [08:22 02/11/2006] [08:22 02/11/2006] F3F5CEBFC856AE6F9723B8EAF94B765A
NlsLexicons081a.dll --a---- 7042560 bytes [08:22 02/11/2006] [08:22 02/11/2006] 6C60A7FA8E87EF7720692A1A52055360
NlsLexicons0c1a.dll --a---- 6917120 bytes [08:22 02/11/2006] [08:22 02/11/2006] 0D2D583A5A6B2419A4E232C76763B4EF
NlsModels0011.dll --a---- 5071872 bytes [08:21 02/11/2006] [08:21 02/11/2006] 62EB60A0D15553D6D963EE0C52200441
normaliz.dll --a---- 2560 bytes [08:33 02/11/2006] [08:33 02/11/2006] 6F29236AB5926100972924BD29D9D225
npmproxy.dll --a---- 16384 bytes [08:59 02/11/2006] [09:46 02/11/2006] DFCAB29E8FD38F95650CC1E203E8D318
nshhttp.dll --a---- 24064 bytes [07:04 22/03/2010] [23:39 20/02/2010] 0473716011756EC7467AF6342F29A8E7
nshipsec.dll --a---- 352256 bytes [19:44 28/01/2011] [04:35 19/01/2008] 8C5E15D746A51F52B9F0737F764C9506
nsi.dll --a---- 8192 bytes [19:44 28/01/2011] [04:35 19/01/2008] A64AEBC6C78B4CFD7F41A7277879DF8F
nsisvc.dll --a---- 18432 bytes [19:44 28/01/2011] [04:35 19/01/2008] 8BB86F0C7EEA2BDED6FE095D0B4CA9BD
ntdll.dll --a---- 1205080 bytes [20:03 25/02/2011] [13:48 15/10/2010] 89D0E06D6165C98E47065722CE703FAD
ntdsapi.dll --a---- 88576 bytes [19:44 28/01/2011] [04:36 19/01/2008] 7F0F1D4B0D847696F8E309423D227DCE
ntlanman.dll --a---- 63488 bytes [19:44 28/01/2011] [04:36 19/01/2008] 3A2EEE8444A8E5C1A454C57B2198F5FC
ntlanui2.dll --a---- 15872 bytes [08:48 02/11/2006] [09:46 02/11/2006] 1CD54E0C6F4D1415C3B1923BDCDA340E
ntmarta.dll --a---- 121344 bytes [19:44 28/01/2011] [04:36 19/01/2008] 6B9E1AC6EB04767DACE3B24C089A86D0
ntprint.dll --a---- 216064 bytes [19:44 28/01/2011] [04:36 19/01/2008] 85487B9E047F85D64D4758F6A46A1FD0
ntshrui.dll --a---- 296960 bytes [19:44 28/01/2011] [04:36 19/01/2008] BADC359C9A0D9C217B7E8DA17BF3F5BB
ntvdmd.dll --a---- 14848 bytes [08:35 02/11/2006] [09:46 02/11/2006] B864A17782B5C084E6F30CEF59551281
objsel.dll --a---- 531456 bytes [19:44 28/01/2011] [04:36 19/01/2008] CE2F98EB42D775644C8EBFD6F5EF2619
occache.dll --a---- 146432 bytes [19:45 14/06/2011] [14:59 21/04/2011] 320EAAC2C72F97E3B5131B6E60A2CD83
ocsetapi.dll --a---- 16384 bytes [08:37 02/11/2006] [09:46 02/11/2006] 1C71BAB76E7AD23E763A5251F752ADC5
odbc16gt.dll --a---- 26224 bytes [08:11 02/11/2006] [21:28 18/09/2006] 7FDC88E8511D8D53ED25CE1B814B917E
odbc32.dll --a---- 409600 bytes [21:20 29/01/2011] [14:57 28/12/2010] CABE68B4AD2FEC8C18E18F73303EB26F
odbc32gt.dll --a---- 24576 bytes [09:10 02/11/2006] [09:46 02/11/2006] 3154058322F7E2654254FC2F13449DA4
odbcbcp.dll --a---- 28672 bytes [19:44 28/01/2011] [04:36 19/01/2008] E58E486BB2A4CF5E31DE843F8875B3FD
odbcconf.dll --a---- 40960 bytes [19:44 28/01/2011] [04:36 19/01/2008] C8C3F7116EFF10CDD856D582EC82D6DC
odbccp32.dll --a---- 114688 bytes [19:44 28/01/2011] [04:36 19/01/2008] CA31BA25129963394DDF70C59A374BD1
odbccr32.dll --a---- 77824 bytes [19:44 28/01/2011] [04:36 19/01/2008] 50E604109DF8EA353A7030F91973A8D7
odbccu32.dll --a---- 77824 bytes [19:44 28/01/2011] [04:36 19/01/2008] 021524FBF44DA7F1A0D6E0D254A5B2F2
odbcint.dll --a---- 229376 bytes [08:11 02/11/2006] [09:42 02/11/2006] 0DAAF8032546D1B4543D7B101B53FD6C
odbcji32.dll --a---- 24576 bytes [09:11 02/11/2006] [09:46 02/11/2006] DA5599911D138F6A2B471B3A60478022
odbcjt32.dll --a---- 319488 bytes [19:44 28/01/2011] [04:36 19/01/2008] AA9AF23BD99F81784AF0C8F1EF4702AD
odbctrac.dll --a---- 159744 bytes [19:44 28/01/2011] [04:36 19/01/2008] B1B00554F3F58CE1BCDA4EBF7EAAAA88
oddbse32.dll --a---- 20480 bytes [09:11 02/11/2006] [09:46 02/11/2006] E1F1AE4C048BD43B84A48FD99E19FAA4
odexl32.dll --a---- 20480 bytes [09:11 02/11/2006] [09:46 02/11/2006] 4567BA1C48E74AA46F49A6E7EDD5F062
odfox32.dll --a---- 20480 bytes [09:11 02/11/2006] [09:46 02/11/2006] 0B31995458408F3F657C5CDAB29843D5
odpdx32.dll --a---- 20480 bytes [09:11 02/11/2006] [09:46 02/11/2006] 2D813BA1E360764447839B50F604E3A1
odtext32.dll --a---- 20480 bytes [09:11 02/11/2006] [09:46 02/11/2006] 795002E3E2040B2FC4B1C6B127317F1D
oemdspif.dll --a---- 69632 bytes [23:10 13/09/2007] [23:10 13/09/2007] 3CDAF4FF395A6A16C18AB704127039B5
offfilt.dll --a---- 194560 bytes [08:50 30/01/2011] [05:17 27/05/2008] 6FE7B01528C54CF06A5F706FBAA5E41F
ogldrv.dll --a---- 1107456 bytes [19:43 28/01/2011] [04:36 19/01/2008] 4657FE9CB40740B0C241E37019119EF7
ole2.dll --a---- 42592 bytes [07:29 02/11/2006] [21:35 18/09/2006] 87D4F4D78074C0CAC0EAC88ABCF87F7A
ole2disp.dll --a---- 169520 bytes [07:29 02/11/2006] [21:35 18/09/2006] EB38BE7D7CF9EC15442A9D24CB39A2AC
ole2nls.dll --a---- 153008 bytes [07:29 02/11/2006] [21:35 18/09/2006] 32CFCC848A57F87638E31E8735515F80
ole32.dll --a---- 1315840 bytes [21:21 29/01/2011] [16:15 28/06/2010] AA406846DD60E3A4536DBAAB4037B685
oleacc.dll --a---- 215040 bytes [19:43 28/01/2011] [04:36 19/01/2008] 97CA916976B4EAED3FD35C238F42BCD9
oleaccrc.dll --a---- 2048 bytes [07:08 02/11/2006] [07:08 02/11/2006] 72442157EAF84C806392EC99652BCDC2
oleaut32.dll --a---- 563200 bytes [19:45 14/06/2011] [15:39 20/12/2010] FA6BD25A5A65A6FF5BE4385098E3BDEF
olecli.dll --a---- 82944 bytes [06:25 02/11/2006] [21:43 18/09/2006] D475029D732983ED962A8FF61688C912
olecli32.dll --a---- 78848 bytes [19:43 28/01/2011] [04:36 19/01/2008] F8B84B9318AF1A1B279F60BCCDED0C2B
oledlg.dll --a---- 101888 bytes [19:43 28/01/2011] [04:36 19/01/2008] 80BD4B26E2CBC0D65445D0463DFF6FC2
oleprn.dll --a---- 96768 bytes [19:43 28/01/2011] [04:36 19/01/2008] 4162BB9EF08F8B2658DA85906CBB1D90
olepro32.dll --a---- 88576 bytes [19:43 28/01/2011] [04:36 19/01/2008] AE70AE6F0760793D4893C3735EEC7292
oleres.dll --a---- 22528 bytes [07:28 02/11/2006] [07:28 02/11/2006] 08D6D1692B62C9EE4062E1FA04D8FE2F
OLESVR.DLL --a---- 24064 bytes [07:10 02/11/2006] [07:10 02/11/2006] 16BF834A84A7DC0D24EDC8E924C90637
olesvr32.dll --a---- 27648 bytes [19:43 28/01/2011] [04:36 19/01/2008] 9D53EF042002B1B3E097FBC550E714CB
olethk32.dll --a---- 77824 bytes [19:43 28/01/2011] [04:36 19/01/2008] 7CB88499D136A8DAB7EEF3AE8479E314
onex.dll --a---- 1541120 bytes [19:43 28/01/2011] [04:36 19/01/2008] 1F232B3F8F93563015E01197B37EFA79
oobefldr.dll --a---- 2153472 bytes [19:43 28/01/2011] [04:36 19/01/2008] 83E4A5435B0FA6AD0166722621A04725
opengl32.dll --a---- 707584 bytes [09:04 02/11/2006] [09:46 02/11/2006] B55E77BB01E85D2CA2C4B8424E1DF345
osbaseln.dll --a---- 19968 bytes [19:43 28/01/2011] [04:36 19/01/2008] 4A1FEEBF039B283258B0E479FA135DBA
osblprov.dll --a---- 42496 bytes [19:43 28/01/2011] [04:36 19/01/2008] E58F6AF0B5D2D6DF4FB7F4C5C1B9D4F5
osuninst.dll --a---- 6656 bytes [08:34 02/11/2006] [09:46 02/11/2006] 304160DEB2D59721E38D807A99C74298
P2P.dll --a---- 202240 bytes [19:43 28/01/2011] [04:36 19/01/2008] 8F1B3B9D135E724B94922BF15B07102D
p2pcollab.dll --a---- 403968 bytes [19:43 28/01/2011] [04:36 19/01/2008] 5CAAE5333EF36DB4A8D294418AB37E80
P2PGraph.dll --a---- 336896 bytes [19:43 28/01/2011] [04:36 19/01/2008] AFD00AE0ED1697AF3955A3194FBA37CB
p2pnetsh.dll --a---- 134144 bytes [19:43 28/01/2011] [04:36 19/01/2008] D10945BEADD847DD760744478372CBCE
p2psvc.dll --a---- 658944 bytes [19:43 28/01/2011] [04:36 19/01/2008] 5DE1A3972FD3112C75EB17BDCF454169
pacerprf.dll --a---- 15360 bytes [21:20 29/01/2011] [03:34 05/04/2008] 3E4822FBFAFE39E0DDD47159AA0966B6
packager.dll --a---- 67584 bytes [08:47 02/11/2006] [09:46 02/11/2006] 00CCD063E8066BA97DED024824BF64FD
panmap.dll --a---- 10752 bytes [08:48 02/11/2006] [09:46 02/11/2006] 3F8AA449F745D5F3421DE994E95F3E5E
pautoenr.dll --a---- 43008 bytes [08:45 02/11/2006] [09:46 02/11/2006] 98638A4CA187245C469DA0DEC4F04A45
pcadm.dll --a---- 26624 bytes [19:43 28/01/2011] [04:36 19/01/2008] F0062778F50838145AC46B384FFB4FA3
pcasvc.dll --a---- 37888 bytes [19:43 28/01/2011] [04:36 19/01/2008] C6276AD11F4BB49B58AA1ED88537F14A
pcaui.dll --a---- 464384 bytes [19:43 28/01/2011] [04:36 19/01/2008] 023A2E3779BAF7C8000DE7880E88E64D
pdh.dll --a---- 242688 bytes [19:43 28/01/2011] [04:36 19/01/2008] F68E07F8AA19D60DF2E7467D75448B3D
pdhui.dll --a---- 46592 bytes [19:43 28/01/2011] [04:36 19/01/2008] 8FE6290D1B54A2CAD111DA87B4CD4C73
PerfCenterCPL.dll --a---- 1248768 bytes [19:43 28/01/2011] [04:36 19/01/2008] 0BEDA71192F09FD0DCFAF4ED7C42AFDD
perfctrs.dll --a---- 39424 bytes [08:35 02/11/2006] [09:46 02/11/2006] BA7C3E9DD6B1A632124C8659E8014028
perfdisk.dll --a---- 31744 bytes [08:35 02/11/2006] [09:46 02/11/2006] FDDCBD831B0BB80B6C80FA29B3839679
perfnet.dll --a---- 19968 bytes [19:43 28/01/2011] [04:36 19/01/2008] 5628BCD5EA866CFCBF2F022A758A8712
perfos.dll --a---- 28672 bytes [08:35 02/11/2006] [09:46 02/11/2006] 7D1A10A1F3562CCA1FD38E9BADA8FEC0
perfproc.dll --a---- 35840 bytes [08:35 02/11/2006] [09:46 02/11/2006] AF2F0222C114C1E917FD54B8EB40CE33
perfts.dll --a---- 17408 bytes [19:43 28/01/2011] [04:36 19/01/2008] 592B507781AF2A3845DDE7755821453E
PhotoMetadataHandler.dll --a---- 425472 bytes [20:56 21/02/2009] [03:40 28/08/2008] B1DD63E030763B63EE78E97054375F8E
photowiz.dll --a---- 291328 bytes [19:43 28/01/2011] [04:36 19/01/2008] 662BC66F7D3D9EB746246B59FE990D63
pid.dll --a---- 36352 bytes [12:34 02/11/2006] [12:34 02/11/2006] A6B2112F476AAD8BFC7D90292E4A4A03
pidgenx.dll --a---- 1107968 bytes [19:43 28/01/2011] [04:36 19/01/2008] E2BFD86C63D85704DCED7087568E4CD3
pifmgr.dll --a---- 35328 bytes [12:34 02/11/2006] [12:34 02/11/2006] AB564DA7566A6D4BE7A561B93E9050D3
pla.dll --a---- 1502208 bytes [19:43 28/01/2011] [04:36 19/01/2008] B1689DF169143F57053F795390C99DB3
PlaySndSrv.dll --a---- 17920 bytes [19:43 28/01/2011] [04:36 19/01/2008] 57125869A7B9638A5D11DD685AA65EB4
pmspl.dll --a---- 46592 bytes [06:25 02/11/2006] [21:43 18/09/2006] 57F8A50513E43AAF6A7B23389E389BBC
pncrt.dll --a---- 278528 bytes [03:02 02/02/2010] [03:02 02/02/2010] 13001EB0A58B4DE96126B16AB15FD8CC
pndx5016.dll --a---- 6656 bytes [03:03 02/02/2010] [03:03 02/02/2010] 33833B3EDA1B07EBD367FA9B38B23E60
pndx5032.dll --a---- 5632 bytes [03:03 02/02/2010] [03:03 02/02/2010] B74E422BC81236042529DC8A42A18423
pngfilt.dll --a---- 45056 bytes [19:43 28/01/2011] [04:36 19/01/2008] B8D3BF818DEFE1DA9A754F214E528221
pnidui.dll --a---- 1823232 bytes [19:43 28/01/2011] [04:36 19/01/2008] EC70A90028E4B9C33D47854DC219C0B8
pnpsetup.dll --a---- 180736 bytes [19:43 28/01/2011] [04:36 19/01/2008] D3B19C9FC82387163C96754C4142A1DF
pnpts.dll --a---- 10752 bytes [19:43 28/01/2011] [04:36 19/01/2008] 21322832C99E8DE85BD047689A2A69DB
pnpui.dll --a---- 542208 bytes [19:43 28/01/2011] [04:36 19/01/2008] C0CA35CC6B0ADB2CF1BB945FA1597A6F
PNPXAssoc.dll --a---- 69632 bytes [19:43 28/01/2011] [04:36 19/01/2008] 36C7DA8238F63C5D66E390FA6BC1C2BE
PNPXAssocPrx.dll --a---- 53248 bytes [19:43 28/01/2011] [04:36 19/01/2008] 18BC8830B85FCE9F0E3720D77DCDF0C7
pnrpnsp.dll --a---- 62464 bytes [19:43 28/01/2011] [04:36 19/01/2008] 690D41DF1D555F96D4898A0F54EBA065
pnrpperf.dll --a---- 18944 bytes [12:35 02/11/2006] [12:35 02/11/2006] 9796849AD5EB8C29F4E717C94462C2E1
polstore.dll --a---- 272896 bytes [17:52 24/08/2008] [07:36 19/01/2008] 64B28D672B5B6A01E87B0C3096B1E047
PortableDeviceApi.dll --a---- 241152 bytes [20:57 21/02/2009] [03:57 22/10/2008] 2722DF0EAA13B4B363DA9753D16D2106
PortableDeviceClassExtension.dll --a---- 94720 bytes [20:57 21/02/2009] [07:36 19/01/2008] 66352E5D288097BC8C44AF845BFFFBB1
PortableDeviceTypes.dll --a---- 160768 bytes [20:57 21/02/2009] [07:36 19/01/2008] 9FB61C3FFC2BD247DFFABAD9B4322609
PortableDeviceWiaCompat.dll --a---- 124928 bytes [19:43 28/01/2011] [04:36 19/01/2008] B288FF7C1987A736726E87C79148C360
PortableDeviceWMDRM.dll --a---- 196608 bytes [19:43 28/01/2011] [04:36 19/01/2008] D5EEDCA7095AA6916532E18EDC1AAA7B
pots.dll --a---- 16896 bytes [19:43 28/01/2011] [04:36 19/01/2008] DB551A68E81C9049AE050DC0729F3FED
powercpl.dll --a---- 723968 bytes [19:43 28/01/2011] [04:36 19/01/2008] 742234F4598E5D74CB24637F3A36C12F
powrprof.dll --a---- 97280 bytes [19:43 28/01/2011] [04:36 19/01/2008] 51832219A52C3535BF4771C375E63F9B
PresentationCFFRasterizerNative_v0300.dll --a---- 105016 bytes [07:25 30/08/2009] [01:18 20/06/2008] 4AACA47265FE8B13E7EE46C0BDB418D3
PresentationHostProxy.dll --a---- 99176 bytes [08:11 30/01/2011] [15:55 08/11/2009] DFF617498211FBB3D8D3FCC51A37B777
PresentationNative_v0300.dll --a---- 781344 bytes [07:25 30/08/2009] [01:18 20/06/2008] 313820E069B4932ADED1C5CD1677E5D3
prflbmsg.dll --a---- 17408 bytes [07:03 02/11/2006] [09:42 02/11/2006] 76716B880EBC218C0BD260099E7DA757
printcom.dll --a---- 37888 bytes [00:07 29/10/2008] [07:36 19/01/2008] E340845C8E96D107C36420065D7A5733
printfilterpipelineprxy.dll --a---- 26112 bytes [14:57 07/06/2009] [04:39 03/03/2009] D7B2F4017DA5F4DF449B6C4C5E327713
printui.dll --a---- 869888 bytes [19:43 28/01/2011] [04:36 19/01/2008] 739090AE2804E360BBDF582FBF781CE4
prnntfy.dll --a---- 551936 bytes [19:43 28/01/2011] [04:36 19/01/2008] 6F5912100890599EF28DCAC6857A8B72
prntvpt.dll --a---- 119296 bytes [19:43 28/01/2011] [04:36 19/01/2008] 714BBABD673A433805BB414F42FDB722
procinst.dll --a---- 7680 bytes [19:43 28/01/2011] [04:36 19/01/2008] AD15E75C628C261CE99E82D59448BB0C
profprov.dll --a---- 29184 bytes [19:43 28/01/2011] [04:36 19/01/2008] 52A7D9F429CF45D9906506312EA4F41A
profsvc.dll --a---- 153600 bytes [19:43 28/01/2011] [04:36 19/01/2008] B627E4FC8585E8843C5905D4D3587A90
propdefs.dll --a---- 71680 bytes [08:50 30/01/2011] [05:18 27/05/2008] 86A80569CA85612331755482D15BAEBA
propsys.dll --a---- 754176 bytes [08:50 30/01/2011] [05:17 27/05/2008] 89D74683C859B7982056D15938BACA3E
provthrd.dll --a---- 191488 bytes [19:43 28/01/2011] [04:36 19/01/2008] 82E96DB463FE876E663ACAE19F73F26C
psapi.dll --a---- 12288 bytes [09:00 02/11/2006] [09:46 02/11/2006] 93A1732F7F997E36A5C3893539E2FF02
psbase.dll --a---- 40448 bytes [19:43 28/01/2011] [04:36 19/01/2008] 08F9134A2215B7ED985409A4DF60AC60
PSHED.DLL --a---- 51768 bytes [19:43 28/01/2011] [04:42 19/01/2008] 479C0A2246C14F51171DD6B4333EA3A2
psisdecd.dll --a---- 293376 bytes [08:43 30/01/2011] [17:47 14/04/2010] A6E278C31CD0AFEAF22E1FA35472CD19
pstorec.dll --a---- 42496 bytes [08:43 02/11/2006] [09:46 02/11/2006] DAA1B96073C79C84F8D28FBF55580415
pstorsvc.dll --a---- 23040 bytes [08:43 02/11/2006] [09:46 02/11/2006] 6D01259214D1E815613ECA3CD81679EC
puiapi.dll --a---- 166400 bytes [19:43 28/01/2011] [04:36 19/01/2008] 88BA461266205B71EAAEEB54C4CFD14B
puiobj.dll --a---- 300032 bytes [19:43 28/01/2011] [04:36 19/01/2008] C55D27C5A6B99FC8C40FEB51B4DACD75
pwrshplugin.dll --a---- 41472 bytes [08:05 26/02/2011] [21:56 09/10/2009] 9E07A84FF9532B3DE8886A84F28EEB99
px.dll --a---- 514808 bytes [22:48 06/11/2007] [21:53 27/09/2006] 93546CAD64CDAFD6546F2100C9093FEA
pxdrv.dll --a---- 477944 bytes [22:48 06/11/2007] [21:53 27/09/2006] E76098CCDD108943919EC1D729256EEE
pxmas.dll --a---- 183032 bytes [22:48 06/11/2007] [21:53 27/09/2006] 05081579F9C1E2E20BAD48B5E26615AA
pxwave.dll --a---- 379640 bytes [22:48 06/11/2007] [21:53 27/09/2006] 7376FB198D82C5D7216EC7732FFC8030
QAGENT.DLL --a---- 172544 bytes [19:43 28/01/2011] [04:36 19/01/2008] BDE89AB6F15F0093A2A7861D1FC413ED
QAGENTRT.DLL --a---- 302080 bytes [19:43 28/01/2011] [04:36 19/01/2008] C43B25863FBD65B6D2A142AF3AE320CA
qasf.dll --a---- 208896 bytes [19:43 28/01/2011] [04:36 19/01/2008] AF322CBDEDAEA007676F1708CD6EA686
qcap.dll --a---- 192000 bytes [19:43 28/01/2011] [04:36 19/01/2008] A14F25F62E84C6B4A178A1CFD9B47222
QCLIPROV.DLL --a---- 69632 bytes [19:43 28/01/2011] [04:36 19/01/2008] 3CE573382C66D9FAEFE8F6DCC52FD4FD
qdv.dll --a---- 281600 bytes [19:43 28/01/2011] [04:36 19/01/2008] C91488873F6E9BE2E75FF66B8A12AC2E
qdvd.dll --a---- 497152 bytes [19:43 28/01/2011] [04:36 19/01/2008] 30422839FE4DD530196385A6856D69A7
qedit.dll --a---- 505344 bytes [19:43 28/01/2011] [04:36 19/01/2008] A8A79C6CD1DD6FDFF34D9520F2EC4666
qedwipes.dll --a---- 733184 bytes [12:34 02/11/2006] [12:34 02/11/2006] A1E8BD9221D8296CCCF6B9DF31F6EF31
qmgr.dll --a---- 758272 bytes [19:43 28/01/2011] [04:36 19/01/2008] 02ED7B4DBC2A3232A389106DA7515C3D
qmgrprxy.dll --a---- 20480 bytes [08:40 02/11/2006] [09:46 02/11/2006] 10F13FFF542FEC4A2C4FA734EEBE56B9
QSHVHOST.DLL --a---- 154112 bytes [19:43 28/01/2011] [04:36 19/01/2008] F6C21CF9F5DF14B311C6E3387A0E70E0
QSVRMGMT.DLL --a---- 81920 bytes [19:43 28/01/2011] [04:36 19/01/2008] 5B20F5E879F113C5818FAD23FE08A2BD
quartz.dll --a---- 1314816 bytes [21:23 29/01/2011] [16:10 16/04/2010] 7BEDF1C8A7A2ABB84B044134AAA0D1BB
Query.dll --a---- 1381376 bytes [19:43 28/01/2011] [04:36 19/01/2008] 60802D34ABEE835CE80CEA4CE04A2140
QUTIL.DLL --a---- 79360 bytes [19:43 28/01/2011] [04:36 19/01/2008] 769D027B977CED05658C85E698D3C5B1
qwave.dll --a---- 243712 bytes [19:43 28/01/2011] [04:36 19/01/2008] E9ECAE663F47E6CB43962D18AB18890F
RacEngn.dll --a---- 889344 bytes [19:43 28/01/2011] [04:36 19/01/2008] 6FC9423B3C2C6C155501A64C4DAE082A
racpldlg.dll --a---- 40960 bytes [12:35 02/11/2006] [12:35 02/11/2006] B002170C361FB39FF799330BB9619C4D
radardt.dll --a---- 71680 bytes [12:35 02/11/2006] [12:35 02/11/2006] 801F1E963F7EEFFDA3F9EF89DB3EF133
radarrs.dll --a---- 56320 bytes [12:35 02/11/2006] [12:35 02/11/2006] 7812ECFF8FE0ED653716570C157F7B7C
rasadhlp.dll --a---- 10240 bytes [08:58 02/11/2006] [09:46 02/11/2006] A7D525E5C0D91C8C1D84C6BCD25AD77D
rasapi32.dll --a---- 286720 bytes [19:43 28/01/2011] [04:36 19/01/2008] F9A9BFEBE2AEBA9071FA5CE5B426B4E6
rasauto.dll --a---- 90624 bytes [19:43 28/01/2011] [04:36 19/01/2008] F6A452EB4CEADBB51C9E0EE6B3ECEF0F
rascfg.dll --a---- 81408 bytes [19:43 28/01/2011] [04:36 19/01/2008] 3464DAE0E801F5A81A23C571D86F30B2
raschap.dll --a---- 281600 bytes [20:55 23/01/2010] [12:41 07/10/2009] 5EAAD3F8B0AFE4C5C1777DE18262FBD3
rasctrs.dll --a---- 15360 bytes [19:43 28/01/2011] [04:36 19/01/2008] CED4ED87ABCF93CB9ACCE0ECECBD633B
rasdiag.dll --a---- 52736 bytes [19:43 28/01/2011] [04:36 19/01/2008] C07DE6F3555429FE9355A4EB3CA24811
rasdlg.dll --a---- 825856 bytes [19:43 28/01/2011] [04:36 19/01/2008] 83A54618958DAA59F2F7312D6897D3E8
rasgcw.dll --a---- 642560 bytes [19:43 28/01/2011] [04:36 19/01/2008] 3BA96EDB7E97A2DA08250DA4D26864C6
rasman.dll --a---- 71168 bytes [19:43 28/01/2011] [04:36 19/01/2008] 3A1DDA77F331D107BA40DB06E4D666E9
rasmans.dll --a---- 260608 bytes [19:43 28/01/2011] [04:36 19/01/2008] 6E7C284FC5C4EC07AD164D93810385A6
RASMM.dll --a---- 975360 bytes [19:43 28/01/2011] [04:36 19/01/2008] 1017DC8EA498A5CDBBBBB482FBF36333
rasmontr.dll --a---- 155136 bytes [19:43 28/01/2011] [04:36 19/01/2008] AEBE03598B8E354235701FA881C63123
rasmxs.dll --a---- 32768 bytes [08:58 02/11/2006] [09:46 02/11/2006] 95F86150A4D88F311A551E338BC2DADB
rasplap.dll --a---- 376832 bytes [19:43 28/01/2011] [04:36 19/01/2008] AE73F26BF8FD9A080646BE897194DC8A
rasppp.dll --a---- 259584 bytes [19:43 28/01/2011] [04:36 19/01/2008] FF672EC108883FE90C8BEC3E8E1D503F
rasqec.dll --a---- 69632 bytes [19:43 28/01/2011] [04:36 19/01/2008] 88225070DD2F7B0B2ED51E7935078641
rasser.dll --a---- 22016 bytes [08:58 02/11/2006] [09:46 02/11/2006] E6469B561EF815F1D1454220EE6D3308
rastapi.dll --a---- 69632 bytes [19:43 28/01/2011] [04:36 19/01/2008] F3C74862035D9645E2C08731F43AEA3F
rastls.dll --a---- 244224 bytes [20:55 23/01/2010] [12:41 07/10/2009] 1C0E2529FED8862F08BE8B562CFC3C5C
rdpcfgex.dll --a---- 8704 bytes [19:43 28/01/2011] [04:36 19/01/2008] 4A62000E4D9D157994DA991147714107
rdpdd.dll --a---- 134656 bytes [19:43 28/01/2011] [03:01 19/01/2008] 9090A44920CC7F643CC32AF3C6940E5C
RDPENCDD.dll --a---- 118272 bytes [19:43 28/01/2011] [04:31 19/01/2008] 4707976BDBA8B5999A0006C7609505CB
rdpencom.dll --a---- 612864 bytes [19:43 28/01/2011] [04:36 19/01/2008] 18D0CB140C384B43C310F8792F17B4A1
rdpwsx.dll --a---- 107008 bytes [19:43 28/01/2011] [04:36 19/01/2008] 071E6CC74765B4258EE5249FAD5ACADE
regapi.dll --a---- 67584 bytes [19:43 28/01/2011] [04:36 19/01/2008] C4CB65A8E06F84F14D693B37BBA8745B
RegCtrl.dll --a---- 40960 bytes [19:43 28/01/2011] [04:36 19/01/2008] 355B623E5E870E2166AAF997DBAE9C89
regsvc.dll --a---- 106496 bytes [19:43 28/01/2011] [04:36 19/01/2008] CC4E32400F3C7253400CF8F3F3A0B676
RelMon.dll --a---- 340992 bytes [19:43 28/01/2011] [04:36 19/01/2008] 416399F0AFA09D703E6C9607F897E6F4
remotepg.dll --a---- 58368 bytes [19:43 28/01/2011] [04:36 19/01/2008] F45D2DF86CC7E5E63ECB9FA33D54601B
RESAMPLEDMO.DLL --a---- 216576 bytes [19:43 28/01/2011] [04:36 19/01/2008] 3BF82FA67C937692BFD8297100230DDE
resutils.dll --a---- 65536 bytes [19:43 28/01/2011] [04:36 19/01/2008] B9F3FF52B84FD9E3CAFB29B8EE385E5B
rgb9rast.dll --a---- 151552 bytes [19:43 28/01/2011] [04:36 19/01/2008] 1B9BFA9971A6F18F941009D930921A88
riched20.dll --a---- 456704 bytes [19:43 28/01/2011] [04:36 19/01/2008] 9A120D6EEB7FA55DABF7731DA892972C
riched32.dll --a---- 8192 bytes [19:43 28/01/2011] [04:36 19/01/2008] AB530FDD34C67B497A20171D1234CFE9
rmoc3260.dll --a---- 185920 bytes [03:03 02/02/2010] [03:03 02/02/2010] ADE9CF5CACD26425854C343997F021E4
rnr20.dll --a---- 2560 bytes [08:58 02/11/2006] [09:43 02/11/2006] 2A565B440CA3287F98F00B159BECBB0F
RpcDiag.dll --a---- 8192 bytes [08:50 02/11/2006] [09:46 02/11/2006] FC5334402815913243D033E907F73483
rpchttp.dll --a---- 127488 bytes [19:43 28/01/2011] [04:36 19/01/2008] B28F10DF146DD88A3F4CB1688D8261E5
RPCNDFP.dll --a---- 43520 bytes [08:50 02/11/2006] [09:46 02/11/2006] 731D02FFB1FACAC9E1353475758DC09C
RpcNs4.dll --a---- 8192 bytes [08:50 02/11/2006] [09:46 02/11/2006] ED806820DEE3AD03816B0B4C190F9092
rpcnsh.dll --a---- 27648 bytes [08:50 02/11/2006] [09:46 02/11/2006] 45BB1885C53833F7C462D6BB0F84582C
rpcrt4.dll --a---- 784896 bytes [02:20 17/06/2009] [12:43 23/04/2009] 9DE05CE950E4BC8820464F137029B358
rpcss.dll --a---- 551424 bytes [14:57 07/06/2009] [04:39 03/03/2009] 301AE00E12408650BADDC04DBC832830
rsaenh.dll --a---- 242744 bytes [19:43 28/01/2011] [04:38 19/01/2008] 5178D99B1CBD1C9D310904417E2C5A11
rshx32.dll --a---- 43520 bytes [19:43 28/01/2011] [04:36 19/01/2008] AE0E0A7814C858584BAF42781750898D
RstrtMgr.dll --a---- 146944 bytes [19:43 28/01/2011] [04:36 19/01/2008] 928060167F0EB1B4F605327DB66CB0C7
rtffilt.dll --a---- 38400 bytes [08:50 30/01/2011] [05:18 27/05/2008] 58FF5B0E7546E2D2334B5C2D29D1ACB4
RtkAPO.dll --a---- 1900032 bytes [22:27 06/11/2007] [02:32 25/04/2007] 2BFC6A86B47847865CE9BB62BAEF3D33
RtkApoApi.dll --a---- 266240 bytes [22:27 06/11/2007] [23:34 23/03/2007] 81FCABDF9A8610393F3585BA051841C4
RtkCoInst.dll --a---- 18432 bytes [22:27 06/11/2007] [21:55 04/04/2007] A646685D9B6357C8ADAADDFC06681FBA
RtkPgExt.dll --a---- 530432 bytes [22:27 06/11/2007] [05:04 20/04/2007] B09C5D9FC2CFDBC7A21332FF011AF61C
rtm.dll --a---- 114688 bytes [19:43 28/01/2011] [04:36 19/01/2008] 9DD63D7E6D0A5C19109324A22626592A
rtutils.dll --a---- 36352 bytes [21:20 29/01/2011] [16:43 18/06/2010] 5DEE866BB87A161C33B273408CCEDA93
s

JonEJet
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-07-16
OS OS : XP
Points Points : 30186
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Sun Jun 03, 2012 12:27 am

samlib.dll --a---- 57344 bytes [19:43 28/01/2011] [04:36 19/01/2008] 599826174ECA68388BD413C665753BF7
SampleRes.dll --a---- 2048 bytes [12:34 02/11/2006] [12:34 02/11/2006] C19CBC6C228B74EBF69B0CA1222EC8CE
samsrv.dll --a---- 478720 bytes [19:43 28/01/2011] [04:36 19/01/2008] 1EACFF296A418F23B38BBC02E337F38B
saxcom32.dll --a---- 91136 bytes [15:50 24/08/2007] [15:50 24/08/2007] 4D673140DE06D52A78A4BBF3A9B6A3A9
SAXFile.dll --a---- 172032 bytes [15:50 24/08/2007] [15:50 24/08/2007] 86EFF2D089ADBDFBA486C4719285EA95
saxxfr32.dll --a---- 45568 bytes [15:50 24/08/2007] [15:50 24/08/2007] 99341A9C5B365BA5018B4FDB44157008
sbe.dll --a---- 323072 bytes [14:14 20/03/2011] [17:41 29/12/2010] 6B146CD17160355F5F7DADAEF9ED1266
sbeio.dll --a---- 153088 bytes [14:14 20/03/2011] [17:41 29/12/2010] CE05C641CE38A64D3BBFD6D206A19B8A
scansetting.dll --a---- 245760 bytes [19:43 28/01/2011] [04:36 19/01/2008] EC96085DF2756BD98983380DBF392E28
SCardDlg.dll --a---- 66560 bytes [08:43 02/11/2006] [09:46 02/11/2006] E864F96CF5B12999E3B468D000181336
SCardSvr.dll --a---- 95232 bytes [19:43 28/01/2011] [04:36 19/01/2008] 11387E32642269C7E62E8B52C060B3C6
scecli.dll --a---- 177152 bytes [19:43 28/01/2011] [04:36 19/01/2008] 28B84EB538F7E8A0FE8B9299D591E0B9
scesrv.dll --a---- 306176 bytes [19:43 28/01/2011] [04:36 19/01/2008] EA5D4BFB6A9F6A659C3DDCE419D8217C
schannel.dll --a---- 276992 bytes [18:05 30/06/2011] [14:54 29/04/2011] 6528EE11EFA77F8C8B1C6EAD401F907F
schedsvc.dll --a---- 603648 bytes [21:20 29/01/2011] [11:09 06/11/2010] 7B587B8A6D4A99F79D2902D0385F29BD
scksp.dll --a---- 140288 bytes [19:43 28/01/2011] [04:36 19/01/2008] 3CCAE7C320505B12B1DAEDFAFC6BD2E9
SCP32.DLL --a---- 39728 bytes [18:50 24/07/2006] [18:50 24/07/2006] F0283069C1B8E0A65A97F08186BFC9B2
scripto.dll --a---- 57856 bytes [09:11 02/11/2006] [09:46 02/11/2006] 0CDC907CBC81B218035442CD81AFBE1D
scrobj.dll --a---- 180224 bytes [21:18 29/01/2011] [21:59 08/05/2008] C5DD137AA113619E69679385A43AE87D
scrrun.dll --a---- 172032 bytes [21:18 29/01/2011] [21:59 08/05/2008] 83433ECFB05E44AB1529004CCA561FE9
SDDEVMGR.dll --a---- 36864 bytes [19:41 02/02/2007] [19:41 02/02/2007] F3D8C7B0EFA313DAA9F7B2030652DA4B
sdengin2.dll --a---- 730624 bytes [19:43 28/01/2011] [04:36 19/01/2008] 572573590924B261A33BA2B7E9229968
sdhcinst.dll --a---- 32768 bytes [08:35 02/11/2006] [09:46 02/11/2006] 70755C8280F2D5C2AFA8FE0713DD6D67
sdohlp.dll --a---- 183296 bytes [14:57 07/06/2009] [04:39 03/03/2009] 037166F979E3ED06CFF99DFEDDDF755A
sdrsvc.dll --a---- 104960 bytes [19:44 28/01/2011] [04:36 19/01/2008] 716313D9F6B0529D03F726D5AAF6F191
sdshext.dll --a---- 98816 bytes [19:44 28/01/2011] [04:36 19/01/2008] 79F3F533713AC822AB9E4494787AC5F1
sdspres.dll --a---- 6656 bytes [19:46 28/01/2011] [04:36 19/01/2008] 1C199FD81016B0B872FACA850D7DCE24
seclogon.dll --a---- 19968 bytes [19:44 28/01/2011] [04:36 19/01/2008] FD5199D4D8A521005E4B5EE7FE00FA9B
secproc.dll --a---- 472064 bytes [18:25 21/03/2010] [12:48 25/01/2010] 44517A31BCDA33E751E94E5EE52D5551
secproc_isv.dll --a---- 472576 bytes [18:25 21/03/2010] [12:48 25/01/2010] CD7E6B1AA4572E727B10D8FA937B4325
secproc_ssp.dll --a---- 151040 bytes [18:25 21/03/2010] [12:48 25/01/2010] A9E8EAD82DBDDF5342E3E52035C78075
secproc_ssp_isv.dll --a---- 151040 bytes [18:25 21/03/2010] [12:48 25/01/2010] EFE24344FB122D2EE8BF7CE3928C022A
secur32.dll --a---- 72704 bytes [14:47 30/08/2009] [15:24 15/06/2009] 5CF121E62E74480E0F07D384FF7EB5B1
security.dll --a---- 5120 bytes [08:43 02/11/2006] [09:43 02/11/2006] 0A990AFB9F2726323D61C8ECB8B70B17
sendmail.dll --a---- 69632 bytes [19:43 28/01/2011] [04:36 19/01/2008] 0D836890C7AFB97E377E73870921F68F
Sens.dll --a---- 47104 bytes [19:43 28/01/2011] [04:36 19/01/2008] A9BBAB5759771E523F55563D6CBE140F
SensApi.dll --a---- 8704 bytes [08:50 02/11/2006] [09:46 02/11/2006] EC760B0B76A4353DE49D66520EB2141F
serialui.dll --a---- 15360 bytes [19:43 28/01/2011] [04:36 19/01/2008] 0F410596CA1DC0776345DC03442BD3AE
serwvdrv.dll --a---- 18432 bytes [08:58 02/11/2006] [09:46 02/11/2006] F29FD448FEE936FC3744A6CAA6A9C634
SessEnv.dll --a---- 84992 bytes [19:43 28/01/2011] [04:36 19/01/2008] D2193326F729B163125610DBF3E17D57
setbcdlocale.dll --a---- 46592 bytes [22:01 16/05/2008] [06:53 29/02/2008] 2EE52774610882DDA2F2DF63DB3CC4D0
setupapi.dll --a---- 1590272 bytes [19:43 28/01/2011] [04:36 19/01/2008] EC6F86F7718ABE932926DEED0B871D46
setupcln.dll --a---- 110592 bytes [19:43 28/01/2011] [04:36 19/01/2008] 0D4AC575EC0E85B1D13F3E631B1AAE6C
sfc.dll --a---- 4608 bytes [08:33 02/11/2006] [09:46 02/11/2006] F4E1AA5D59C849A4AB47E895DC76B9C8
sfc_os.dll --a---- 38912 bytes [19:43 28/01/2011] [04:36 19/01/2008] 12BCF4DAD8E5A1B3D5FA7AB4A79DA105
sftldr.dll --a---- 1075560 bytes [13:30 01/10/2011] [13:30 01/10/2011] 1157E5CFDBD3C7FF93BBBD46A2B17338
shacct.dll --a---- 81920 bytes [19:44 28/01/2011] [04:36 19/01/2008] 70932D6C3D59B416CBD2BE5A3B3D4BE6
shdocvw.dll --a---- 1067520 bytes [19:44 28/01/2011] [04:36 19/01/2008] 86B89709BDFC7A59D566590CC30CDBB1
SHELL.DLL --a---- 5120 bytes [07:10 02/11/2006] [07:10 02/11/2006] DC8A8C47542EDD026AD8F4AC3D6C2292
shell32.dll --a---- 11582464 bytes [20:02 25/02/2011] [15:46 21/01/2011] 048B65EC931A39A5F42016BE04775274
shellstyle.dll --a---- 582656 bytes [07:23 02/11/2006] [07:23 02/11/2006] 6A66AE2540F9742B2FC4FAEEA1C2D373
shfolder.dll --a---- 7168 bytes [08:47 02/11/2006] [09:46 02/11/2006] 3606CE1AC3D6A9A9CB7DB35D7F5C54EC
shgina.dll --a---- 68608 bytes [19:44 28/01/2011] [04:36 19/01/2008] 12A1DF1B84FB45A00D47B2CDE2CEEBBA
shimeng.dll --a---- 111104 bytes [08:29 02/11/2006] [09:46 02/11/2006] 1DACD1530C6E58AEAE9F6DE7DA851935
shimgvw.dll --a---- 128000 bytes [19:44 28/01/2011] [04:36 19/01/2008] 5285CFB0EF1CD609EC8F88305642880C
shlwapi.dll --a---- 351744 bytes [20:02 25/02/2011] [15:46 21/01/2011] 44338CAB70F1DB264D2F3F9F86A5D281
shpafact.dll --a---- 13824 bytes [08:47 02/11/2006] [09:46 02/11/2006] F1D98C147E8AA52F79B7BE97B47BA869
shrink.dll --a---- 105984 bytes [19:44 28/01/2011] [04:36 19/01/2008] 65FE3C2216E0A8746D6BEE8087905AE7
shsetup.dll --a---- 101376 bytes [19:44 28/01/2011] [04:36 19/01/2008] 7EB07B20E4CDBF3CD0D9634780BA6072
shsvcs.dll --a---- 247808 bytes [08:14 26/02/2011] [12:21 10/07/2009] 1E3FDB80E40A3CE645F229DFBDFB7694
shunimpl.dll --a---- 6656 bytes [08:46 02/11/2006] [09:46 02/11/2006] 9CF5848604DF8BFCEF1DC8E41A545DFB
shwebsvc.dll --a---- 425472 bytes [19:44 28/01/2011] [04:36 19/01/2008] 445248D52BF93D16AFB38928F70A63CD
signdrv.dll --a---- 41984 bytes [08:35 02/11/2006] [09:46 02/11/2006] 5FD551EAA4C60B1A601501279C7223AD
sisbkup.dll --a---- 20480 bytes [08:30 02/11/2006] [09:46 02/11/2006] 81ECDB33BDF16A8635F11B74752B7C4E
SLC.dll --a---- 225792 bytes [19:43 28/01/2011] [04:36 19/01/2008] C0D487FD64092792B47E80A0FF27E5C6
slcc.dll --a---- 777216 bytes [19:43 28/01/2011] [04:36 19/01/2008] B0C2E95B6A747E95DCC34962218B84FB
SLCExt.dll --a---- 137216 bytes [19:43 28/01/2011] [04:36 19/01/2008] C3B67925D8778BA5AB5DFA4C9A5301F4
slcinst.dll --a---- 42496 bytes [19:43 28/01/2011] [04:36 19/01/2008] D0C10ACC6D91024D0B38E11118DAF0C9
SLCommDlg.dll --a---- 573440 bytes [19:43 28/01/2011] [04:36 19/01/2008] 86A235767253B02092FB3D47D1044F75
SLUINotify.dll --a---- 57856 bytes [19:43 28/01/2011] [04:36 19/01/2008] 7C6DC44CA0BFA6291629AB764200D1D4
slwga.dll --a---- 12288 bytes [19:43 28/01/2011] [04:36 19/01/2008] 7269A928BC18DAFBDDCFFB96B6E987F1
slwmi.dll --a---- 35328 bytes [19:43 28/01/2011] [04:36 19/01/2008] 2D496BA5EC2FC0793D6000B7BEADCC59
SmartcardCredentialProvider.dll --a---- 134144 bytes [19:43 28/01/2011] [04:36 19/01/2008] DB689551B8BD6009308F30675F11AB2F
SMBHelperClass.dll --a---- 83456 bytes [19:43 28/01/2011] [04:36 19/01/2008] C8A5A2E035D6CEBC1171797CDE494F3A
SmiEngine.dll --a---- 704512 bytes [19:43 28/01/2011] [04:36 19/01/2008] 65D255ADDFA691567B1A4A0439BA7830
SmiInstaller.dll --a---- 139264 bytes [19:43 28/01/2011] [04:36 19/01/2008] 07AF7A63CF3E1BE4DDC809818BC4A63B
SndVolSSO.dll --a---- 185856 bytes [09:03 02/11/2006] [09:46 02/11/2006] 30F02D9C55053367E26A11482F51E255
snmpapi.dll --a---- 22528 bytes [08:58 02/11/2006] [09:46 02/11/2006] AF24A9DF84637BF9858EC6FB88EBA7B2
softkbd.dll --a---- 125440 bytes [19:43 28/01/2011] [04:36 19/01/2008] 2DC7C2572A6BB307A991DED8E261F9C2
softpub.dll --a---- 9216 bytes [08:43 02/11/2006] [09:46 02/11/2006] 06D2F8867F99BAD116FE3C6347B13EBE
spbcd.dll --a---- 64512 bytes [19:41 28/01/2011] [04:36 19/01/2008] 46E2193A8E72067EEEC807F4A487192E
spnet.dll --a---- 8192 bytes [08:34 02/11/2006] [09:46 02/11/2006] 9B3DB798BEED866BE5C9EBFA74079FC5
spoolss.dll --a---- 163840 bytes [19:41 28/01/2011] [04:36 19/01/2008] 76D54175BDE317E4F251028AFA117309
spopk.dll --a---- 15872 bytes [19:41 28/01/2011] [04:36 19/01/2008] C2276B4C3CF8D56C248AD9FAA3AFD175
spp.dll --a---- 142336 bytes [19:46 28/01/2011] [04:36 19/01/2008] 0C627994FA9A63FE9E2FD49A08E26044
sppnp.dll --a---- 44544 bytes [19:41 28/01/2011] [04:36 19/01/2008] 06EDE5B3A404C97F3806248F361C125B
spwinsat.dll --a---- 11264 bytes [12:34 02/11/2006] [12:34 02/11/2006] 8F577AE2988112AE3ACE13EA0F2C79DB
spwizeng.dll --a---- 348160 bytes [19:41 28/01/2011] [04:36 19/01/2008] 61803EBAA66E9CAFB0B6B0890956F4BE
spwizimg.dll --a---- 8322048 bytes [19:41 28/01/2011] [02:31 19/01/2008] CE310A10ECFEE414163BCC78B770B410
spwizres.dll --a---- 7680 bytes [19:41 28/01/2011] [04:31 19/01/2008] 21F5653F944C102DFECC39423C812C1F
SPWizUI.dll --a---- 152576 bytes [20:09 28/01/2011] [19:33 28/01/2011] 562F9C10ED7A3092E177DC936A5364E6
spwmp.dll --a---- 7680 bytes [01:51 29/08/2009] [12:58 14/07/2009] D54431128F7B833AB48F441CA96C4E8E
sqlceoledb30.dll --a---- 151040 bytes [09:05 02/11/2006] [09:46 02/11/2006] 3E00D032E2BEB9FB5439ABED0DD30A7B
sqlceqp30.dll --a---- 604160 bytes [19:41 28/01/2011] [04:36 19/01/2008] E565C65391CDABF0870E9640815C03FF
sqlcese30.dll --a---- 308224 bytes [19:41 28/01/2011] [04:36 19/01/2008] F0F5C6F147E1224CA4038D9C22147A5B
sqlsrv32.dll --a---- 520192 bytes [19:41 28/01/2011] [04:36 19/01/2008] A7EAFE5B91F0C242BB732C5BD9C4D438
sqlunirl.dll --a---- 180800 bytes [06:47 02/11/2006] [09:46 02/11/2006] A77B2CB87B528FAC88F74AB8D275AB65
sqlwid.dll --a---- 24603 bytes [06:47 02/11/2006] [09:46 02/11/2006] 07F52FCEE0FFC44BCCCCE59FA1F4F322
sqlwoa.dll --a---- 49179 bytes [06:47 02/11/2006] [06:47 02/11/2006] 350427E625989ABB1CC40A664FBF2FE7
sqmapi.dll --a---- 129536 bytes [19:41 28/01/2011] [04:36 19/01/2008] BF7E4D6F60A6D9E866432855C6F8C262
srchadmin.dll --a---- 301568 bytes [08:50 30/01/2011] [05:17 27/05/2008] 234CB691FBA69E8C1BE489A341586252
srclient.dll --a---- 40960 bytes [22:00 16/05/2008] [06:53 29/02/2008] 65CD4486413777AC55BE45E64CADD476
srcore.dll --a---- 378368 bytes [22:01 16/05/2008] [06:53 29/02/2008] 32C72F148883788C756DBCB38CB1FFE2
srrstr.dll --a---- 274944 bytes [19:41 28/01/2011] [04:36 19/01/2008] BFF675E2153002E5F361C01D97495173
SRSHP360.dll --a---- 98304 bytes [22:27 06/11/2007] [02:36 30/01/2007] 4527DBE66656CCB8C2242FA9F6EC82F5
SRSTSHD.dll --a---- 180224 bytes [22:27 06/11/2007] [22:24 25/01/2007] 422E22738D9721559CDC42C4F6C13A35
SRSTSXT.dll --a---- 339968 bytes [22:27 06/11/2007] [18:30 13/12/2006] E5639080A7FFA5F03642F4D4CDB1E9CE
SRSWOW.dll --a---- 135168 bytes [22:27 06/11/2007] [16:08 13/04/2007] 025BEE259EF4EBDCBB93523E2743C9A7
srvsvc.dll --a---- 125952 bytes [21:22 29/01/2011] [16:24 06/09/2010] 1925E63C91CF1610AE41BFD539062079
srwmi.dll --a---- 24064 bytes [19:41 28/01/2011] [04:36 19/01/2008] CA21FA27DF770C209F272B74B9C2B4C4
sscore.dll --a---- 9728 bytes [08:45 02/11/2006] [09:46 02/11/2006] 452341E471D2D961229DFE0842957272
ssdpapi.dll --a---- 37888 bytes [08:58 02/11/2006] [09:46 02/11/2006] 01BCD91CC2B0EFDA4890F547010750BD
ssdpsrv.dll --a---- 155648 bytes [19:41 28/01/2011] [04:36 19/01/2008] 03D50B37234967433A5EA5BA72BC0B62
SSShim.dll --a---- 109056 bytes [19:41 28/01/2011] [04:36 19/01/2008] 400785E27D21F6B46298D51E528B9442
sstpsvc.dll --a---- 116736 bytes [19:41 28/01/2011] [04:36 19/01/2008] 6F1A32E7B7B30F004D9A20AFADB14944
stclient.dll --a---- 63488 bytes [08:50 02/11/2006] [09:46 02/11/2006] BA65E6E525BEE55252AE2DA3CE07D9A6
sti.dll --a---- 198144 bytes [12:34 02/11/2006] [12:34 02/11/2006] 365828E555E9479246EFD9090C41C2D7
sti_ci.dll --a---- 251904 bytes [19:41 28/01/2011] [04:36 19/01/2008] 3495B8D2CA108894C5B8D53D2CA0D285
stobject.dll --a---- 586752 bytes [19:41 28/01/2011] [04:36 19/01/2008] 6CE4E67A31214337BB4381419228613B
storage.dll --a---- 4208 bytes [07:29 02/11/2006] [21:35 18/09/2006] 5C8CDB104C31D1624EDBEEF75C1506CF
Storprop.dll --a---- 55808 bytes [19:41 28/01/2011] [04:36 19/01/2008] 9C6A14893BFC5DA589EDA618AF238EF5
streamci.dll --a---- 22632 bytes [09:04 02/11/2006] [09:49 02/11/2006] E6E1613B3ADD6E68FF83CFAE864B095F
sud.dll --a---- 1224192 bytes [19:41 28/01/2011] [04:36 19/01/2008] 395EB15AB41B81B20BF21DB803ABF821
swprv.dll --a---- 310784 bytes [19:41 28/01/2011] [04:36 19/01/2008] B36C7CDB86F7F7A8E884479219766950
sxproxy.dll --a---- 28160 bytes [19:46 28/01/2011] [04:36 19/01/2008] 80C97417CCE0C1E1FBC09894C55CC231
sxs.dll --a---- 376832 bytes [19:41 28/01/2011] [04:36 19/01/2008] BE6FAC6F0745C67DAE7522C96406D083
sxsstore.dll --a---- 22016 bytes [19:41 28/01/2011] [04:36 19/01/2008] 9F433F65D10043295F42DD015B189426
SyncCenter.dll --a---- 2204672 bytes [19:41 28/01/2011] [04:36 19/01/2008] C8527AB1BC08E6BB57EA545DA8C6569F
synceng.dll --a---- 75776 bytes [19:41 28/01/2011] [04:36 19/01/2008] 8A0CF02E3DBC5C367A6A3B0C75D1374B
SynCOM.dll --a---- 163840 bytes [22:59 15/08/2007] [22:59 15/08/2007] 0E6C5B3E2ED4AD834CC0FF99DDC81D9F
SynCtrl.dll --a---- 196608 bytes [23:00 15/08/2007] [23:00 15/08/2007] 966F7FBBC51DF5833F0C9FC037318B10
syncui.dll --a---- 175616 bytes [19:41 28/01/2011] [04:36 19/01/2008] 6ECCE07B6A918E8A8639EA1178BDF32D
SynTPAPI.dll --a---- 147456 bytes [23:16 15/08/2007] [23:16 15/08/2007] E1DD757F095D8EC686A2F389DC27A471
SynTPCo4.dll --a---- 110592 bytes [00:01 16/08/2007] [00:01 16/08/2007] 8DAAA92106535C364C7A88D48129B157
sysclass.dll --a---- 103424 bytes [08:33 02/11/2006] [09:46 02/11/2006] E91005F378E8C72965364C9FE4EB4988
SysFxUI.dll --a---- 338944 bytes [19:41 28/01/2011] [04:36 19/01/2008] 1BAA26D1E827BF4E07D346DD9365DC2A
sysmain.dll --a---- 574976 bytes [19:41 28/01/2011] [04:36 19/01/2008] 8710A92D0024B03B5FB9540DF1F71F1D
sysntfy.dll --a---- 15360 bytes [08:44 02/11/2006] [09:46 02/11/2006] 71F5A7104FDF16C0AC5283A6CE666553
sysprepMCE.dll --a---- 5632 bytes [12:35 02/11/2006] [12:35 02/11/2006] 726D05DAC31FF05E45ABB6BE129CBBBF
syssetup.dll --a---- 47104 bytes [19:41 28/01/2011] [04:36 19/01/2008] 55CB0157393D81009C9040DD1D0AF9FE
systemcpl.dll --a---- 842752 bytes [19:41 28/01/2011] [04:36 19/01/2008] 412C70F1349298DBF1C65D0D45AB1FAB
t2embed.dll --a---- 157184 bytes [21:21 29/01/2011] [16:07 26/08/2010] ED0F7E497B69B6B0FB375C283E2B44BE
Tabbtn.dll --a---- 94208 bytes [19:41 28/01/2011] [04:36 19/01/2008] 77D2DA410460FEF5D1E8CCC7BEA0A75C
TabbtnEx.dll --a---- 52224 bytes [19:41 28/01/2011] [04:36 19/01/2008] ABAC43A2C3CB5E39AEE67769DB0D40A4
TabSvc.dll --a---- 68096 bytes [12:35 02/11/2006] [12:35 02/11/2006] 2DCA225EAE15F42C0933E998EE0231C3
tapi.dll --a---- 19216 bytes [06:50 02/11/2006] [21:49 18/09/2006] 77B9BDFFCE874766FE145C5CFD7AAC59
tapi3.dll --a---- 858112 bytes [09:16 02/11/2006] [09:46 02/11/2006] C289015F06B9D06269D8F13E920053AE
tapi32.dll --a---- 191488 bytes [09:16 02/11/2006] [09:46 02/11/2006] 70F08ECE7A30A639D3F0C8C433685C7D
tapilua.dll --a---- 28160 bytes [09:16 02/11/2006] [09:46 02/11/2006] A1350900D58CB1449045446A83FE7DD3
TapiMigPlugin.dll --a---- 98304 bytes [19:41 28/01/2011] [04:36 19/01/2008] C3AA265E9D8C0330AA663B0CA6CC8A79
tapiperf.dll --a---- 8704 bytes [09:16 02/11/2006] [09:46 02/11/2006] 24CDB68679A2A13359DE23AF7EFBFF0C
tapisrv.dll --a---- 242688 bytes [19:41 28/01/2011] [04:36 19/01/2008] 680916BB09EE0F3A6ACA7C274B0D633F
TapiSysprep.dll --a---- 9216 bytes [09:16 02/11/2006] [09:46 02/11/2006] E36DAEF5939CA3A03A6B4DA7E566C42F
tapiui.dll --a---- 108544 bytes [08:26 02/11/2006] [08:26 02/11/2006] 57EA46E9888DD1E8EBCDE48539AEF9E8
taskcomp.dll --a---- 270336 bytes [21:19 29/01/2011] [11:10 06/11/2010] E3923280E0D6E8A98925BA36E835CC73
taskschd.dll --a---- 357376 bytes [21:20 29/01/2011] [11:10 06/11/2010] F315E8A8517EBFA13ECD16011FB0A03B
TaskSchdPS.dll --a---- 73216 bytes [08:40 02/11/2006] [09:46 02/11/2006] CDE36A70A5280FC0696E6E4363C4C71D
tbs.dll --a---- 11776 bytes [19:41 28/01/2011] [04:36 19/01/2008] 60C600C19E81EAD67133DE2752839BAF
tbssvc.dll --a---- 56320 bytes [19:41 28/01/2011] [04:36 19/01/2008] CB05822CD9CC6C688168E113C603DBE7
TBTMon.dll --a---- 167936 bytes [19:05 08/12/2006] [19:05 08/12/2006] E662722D5C50AD1C0E201499E405FD73
tbtmon98Language.dll --a---- 94208 bytes [23:58 04/12/2006] [23:58 04/12/2006] 61FB95B6F2A8715282E05C92E4527C5A
TBTMonUI.dll --a---- 139264 bytes [23:00 10/08/2006] [23:00 10/08/2006] 2405FC87FE0299FF3EBAFF9644CF3293
TCMSVR.dll --a---- 9728 bytes [22:37 06/11/2007] [05:44 23/03/2006] A8172B5AFBB323A7530FACC6F7596CA3
tcpipcfg.dll --a---- 170496 bytes [19:41 28/01/2011] [04:36 19/01/2008] 2E4E9353D829636120CFDE95D60881BA
tcpmib.dll --a---- 28160 bytes [09:15 02/11/2006] [09:46 02/11/2006] 5091452DC719281CF1DD69367E13B494
tcpmon.dll --a---- 135168 bytes [19:41 28/01/2011] [04:36 19/01/2008] F9290D67C4B4B9B31CD3FC8BE73A4C9B
tcpmonui.dll --a---- 60928 bytes [09:15 02/11/2006] [09:46 02/11/2006] 844B11DB3A9E5B8A8260B9E8FD50823B
tdh.dll --a---- 431104 bytes [19:41 28/01/2011] [04:36 19/01/2008] 8A38B5E8493A9D103083B8620AC5F3A1
termmgr.dll --a---- 355328 bytes [19:40 28/01/2011] [04:36 19/01/2008] A9360CC957987A650AD58D49A550983D
termsrv.dll --a---- 448512 bytes [19:40 28/01/2011] [04:36 19/01/2008] D605031E225AACCBCEB5B76A4F1603A6
thawbrkr.dll --a---- 313344 bytes [08:50 30/01/2011] [05:17 27/05/2008] 7AA568ABE5EEFA5AE1BB43ECDD8D68AE
Thci.dll --a---- 24576 bytes [02:45 13/10/1999] [02:45 13/10/1999] 2BAB54632EAF98ED75D55E19C46955E4
themecpl.dll --a---- 1152000 bytes [19:40 28/01/2011] [04:36 19/01/2008] AE2D309FF06A20EEE51AC7037B474282
themeui.dll --a---- 615424 bytes [19:40 28/01/2011] [04:36 19/01/2008] 56BA1BD7176DBBFBD037275819DA4AE3
thumbcache.dll --a---- 80384 bytes [19:40 28/01/2011] [04:36 19/01/2008] 5016B8FC59AD616F03813FBE63295081
TimeDateMUICallback.dll --a---- 43008 bytes [19:40 28/01/2011] [04:36 19/01/2008] 11633B32B92953A6684FCAE4DDA09B56
TMM.dll --a---- 1298432 bytes [19:40 28/01/2011] [04:36 19/01/2008] 293C5CCD99D332ECC94637FEDA38D1F2
TOOLHELP.DLL --a---- 13888 bytes [07:10 02/11/2006] [07:10 02/11/2006] C86363C599E5D6836C21A3A3FD21C388
TosAcpiAPI.dll --a---- 61440 bytes [22:43 13/11/2003] [22:43 13/11/2003] 8BE770B9A06AF02FA6544B183FEBD53F
TosAvAPI.dll --a---- 53248 bytes [04:33 05/08/2006] [04:33 05/08/2006] 6A8A953F7EAB8A2D0603B029190C3609
TosAvctAPI.dll --a---- 90112 bytes [05:18 09/06/2006] [05:18 09/06/2006] 1157C82F041243BC0C3639D515CAEBE0
TosAvdtAPI.dll --a---- 131072 bytes [18:47 10/04/2007] [18:47 10/04/2007] 0BF3B9E43C0D1E1D308149746F5F8B24
TosBdAPI.dll --a---- 102400 bytes [19:52 12/04/2007] [19:52 12/04/2007] 24C78F9258B0052F7D0AA3ECA1FBD306
TosBtAcc.dll --a---- 114688 bytes [21:05 05/12/2006] [21:05 05/12/2006] E50D8ECB2814A1A69D99EE031BE8A988
TosBtAerialAPI.dll --a---- 73728 bytes [19:13 10/05/2006] [19:13 10/05/2006] 85CDC5BB79D67CE60BE3FF35F195CA70
TosBtAPI.dll --a---- 167936 bytes [00:46 23/05/2007] [00:46 23/05/2007] AB0AE298B34DC6A3C47ABC8036194CAA
TosBtCapApi.dll --a---- 106496 bytes [21:30 03/08/2006] [21:30 03/08/2006] 7E3FA5AB4D24496122C9822616C0BC49
TosBtECCAPI.dll --a---- 77824 bytes [19:05 10/05/2006] [19:05 10/05/2006] 558C7FE3994FD6269A9170B51D9AB985
TosBtExt.dll --a---- 1884160 bytes [02:08 30/03/2007] [02:08 30/03/2007] 132A8E6110E71B1561D90880B92B02C0
TosBtHcrpAPI.dll --a---- 94208 bytes [03:47 02/12/2006] [03:47 02/12/2006] DE955D6A5097DC306AF8C9F67E9A5F2D
TosBTHFPAPI.dll --a---- 53248 bytes [23:20 28/02/2007] [23:20 28/02/2007] 9FAEEF47687078505EC07DFAFD2E2FD0
TosBtHSPAPI.dll --a---- 49152 bytes [05:03 02/08/2006] [05:03 02/08/2006] 16F93C4F5FC8708B6BEF225C5D4BA261
TosBtObexApi.dll --a---- 151552 bytes [04:32 02/06/2006] [04:32 02/06/2006] F81E78412257C3C85B7A7C59E2D1A694
TosBtSDDB.dll --a---- 110592 bytes [22:58 15/05/2007] [22:58 15/05/2007] 8B98BA3FDE2B12E7D137DF45746D237F
tosBtShell.dll --a---- 569344 bytes [23:17 22/01/2007] [23:17 22/01/2007] DBC50749FC8B1364F3AF9CB1DE074FAB
ToscmddN.dll --a---- 40960 bytes [22:52 06/11/2007] [09:00 24/05/2007] B9FCE10A5F632D122642A14234BAA52E
TosCommAPI.dll --a---- 65536 bytes [05:30 23/07/2005] [05:30 23/07/2005] C427D04A9741B9E479E084AA1855F9F6
TosGnsAPI.dll --a---- 69632 bytes [21:09 10/08/2006] [21:09 10/08/2006] 865292EE1BCA080D86ED973A52C0D04F
TosHidAPI.dll --a---- 65536 bytes [04:07 09/11/2005] [04:07 09/11/2005] A31D75246BA79A89141316F31EB17B23
TosLaneAPI.dll --a---- 65536 bytes [23:15 26/09/2001] [23:15 26/09/2001] 9E165D07BF6C08CCEEE41CBC2D22427D
TosOlkN.dll --a---- 69632 bytes [22:52 06/11/2007] [09:00 24/05/2007] FB5E043AC9F118A5A323FA44AE8C5AE7
TosSndAPI.dll --a---- 61440 bytes [17:53 17/01/2007] [17:53 17/01/2007] E910EBBB4CC16E950E7F99A075663EE7
TosSndPlug.dll --a---- 491520 bytes [02:53 28/02/2007] [02:53 28/02/2007] CBA980E1B5489C92D727FA0E11D5EC5E
TosusrpN.dll --a---- 24576 bytes [22:52 06/11/2007] [09:00 24/05/2007] A6CCF629A1DB66BB70AA765B90CC10BC
TouchX.dll --a---- 2073600 bytes [12:35 02/11/2006] [12:35 02/11/2006] CF1E08120880E7F9F927754EF38FF72B
tpmcompc.dll --a---- 40960 bytes [08:30 02/11/2006] [09:46 02/11/2006] C2639565518CEC4CDC6A9A3036E44861
tquery.dll --a---- 1582592 bytes [08:50 30/01/2011] [05:21 27/05/2008] 0CBD1906F74BEB539FCEF6493095B933
traffic.dll --a---- 33280 bytes [08:57 02/11/2006] [09:46 02/11/2006] 980B20F5BC0629AA32FA4A62BF997A38
TRAPI.dll --a---- 18944 bytes [08:39 02/11/2006] [09:46 02/11/2006] A3F4A3BCA8C073BD089FB267218AFE82
trkwks.dll --a---- 75264 bytes [19:40 28/01/2011] [04:36 19/01/2008] EC74E77D0EB004BD3A809B5F8FB8C2CE
tsbyuv.dll --a---- 11776 bytes [17:52 21/03/2010] [12:35 28/12/2009] 643EA44BDDA0D52947D19DAE0BAB08DE
TSChannel.dll --a---- 16896 bytes [08:40 02/11/2006] [09:46 02/11/2006] B11FDCA4410D6252964EF97F9A47DE74
TSCI.DLL --a---- 24576 bytes [02:47 13/10/1999] [02:47 13/10/1999] 2611F58AEC4BB39387162F749FE8A558
tsddd.dll --a---- 14336 bytes [19:40 28/01/2011] [03:01 19/01/2008] CC21507D246861671A0BF97E75CE1B00
tsgqec.dll --a---- 53248 bytes [01:52 29/08/2009] [07:36 19/01/2008] 36D909A1AD98FFE32BB1CB6B6C6620E8
TSpkg.dll --a---- 62464 bytes [19:40 28/01/2011] [04:36 19/01/2008] F8873D15018F411588BEC02C1725BADA
tvratings.dll --a---- 26624 bytes [12:34 02/11/2006] [12:34 02/11/2006] 5AE3C16B30075D1BF22B010E3296EED2
txflog.dll --a---- 89088 bytes [19:40 28/01/2011] [04:36 19/01/2008] F5EEF736C8F69D0461D06054212F0307
txfw32.dll --a---- 10752 bytes [19:40 28/01/2011] [04:36 19/01/2008] 25B7CFA75A03A0FA19948FCDF21CF511
typelib.dll --a---- 177856 bytes [07:29 02/11/2006] [21:35 18/09/2006] 7161255DFA81E67B66B746D2504D2F2B
tzres.dll --a---- 2048 bytes [21:19 29/01/2011] [12:56 28/10/2010] 8256A6D9F7E25520C032227FCF88A4E3
udhisapi.dll --a---- 41472 bytes [08:58 02/11/2006] [09:46 02/11/2006] 01C5A928DE132CFDFD3B427472B7DA9D
uDWM.dll --a---- 208384 bytes [19:40 28/01/2011] [04:36 19/01/2008] 83E6F9D63CA13BFD70A91D4932D1BE1B
uexfat.dll --a---- 56320 bytes [19:40 28/01/2011] [04:36 19/01/2008] BB44CEE22800862E666974E7B14A1111
ufat.dll --a---- 92672 bytes [19:40 28/01/2011] [04:36 19/01/2008] 127AAAB0D465F5A4375E570750A5D562
UIAutomationCore.dll --a---- 152064 bytes [19:40 28/01/2011] [04:36 19/01/2008] 4E58242F363E84C31531B84C5EFA484A
uicom.dll --a---- 34816 bytes [08:58 02/11/2006] [09:46 02/11/2006] 8F483C5B871CD60CC7BA84AC9A6903A1
UIHub.dll --a---- 2588160 bytes [19:40 28/01/2011] [04:36 19/01/2008] DE8E22BC0268D81FF4FED229B0CB3293
ulib.dll --a---- 99840 bytes [19:40 28/01/2011] [04:36 19/01/2008] DC2C648F6A7CF165C4DA74B554377DF9
umb.dll --a---- 51712 bytes [19:40 28/01/2011] [04:36 19/01/2008] E45051C374F845EDF3DB02A35BA13193
umdmxfrm.dll --a---- 17408 bytes [08:58 02/11/2006] [09:46 02/11/2006] A48793D79D94F6E453B6B863BEC0279A
umpnpmgr.dll --a---- 221696 bytes [19:40 28/01/2011] [04:36 19/01/2008] 78F975CB6D18265BE6F492EDB2D7BC7B
unattend.dll --a---- 201216 bytes [19:40 28/01/2011] [04:36 19/01/2008] 229A772371FB5ABE27C18E5960BA3A65
unbcl.dll --a---- 736768 bytes [19:40 28/01/2011] [04:36 19/01/2008] 4C63A1B6CE2508C45E78B8FFD55F630D
unimdmat.dll --a---- 58880 bytes [08:58 02/11/2006] [09:46 02/11/2006] 0B71899E60D1265229BF3D080EAB573D
uniplat.dll --a---- 16384 bytes [08:58 02/11/2006] [09:46 02/11/2006] DFBAADF1B624DC71E88D34D86B3595BE
untfs.dll --a---- 322560 bytes [19:41 28/01/2011] [04:36 19/01/2008] AAC2B68228A3695A969C537EC318B4B8
upnp.dll --a---- 195584 bytes [19:41 28/01/2011] [04:36 19/01/2008] 3192ED5E2FFDF5B630541B9643AE1AA3
upnphost.dll --a---- 259072 bytes [19:41 28/01/2011] [04:36 19/01/2008] 68308183F4AE0BE7BF8ECD07CB297999
ureg.dll --a---- 23040 bytes [08:31 02/11/2006] [09:46 02/11/2006] DAE5F19812EBCEBC024EB7BE3EA28746
url.dll --a---- 105984 bytes [19:41 28/01/2011] [04:36 19/01/2008] 9A7498BD5BB37B20EA33BE45EAFF39D7
urlmon.dll --a---- 1174528 bytes [19:45 14/06/2011] [15:00 21/04/2011] FEDF099539E39797A58F136AC3144BE4
usbmon.dll --a---- 34304 bytes [19:41 28/01/2011] [04:36 19/01/2008] 0BF0BB276F17B6AD61A8694D2551EC28
usbperf.dll --a---- 11264 bytes [19:41 28/01/2011] [04:36 19/01/2008] DE5E219D1AADD476EED7D50AC42712F6
usbui.dll --a---- 83456 bytes [19:41 28/01/2011] [04:36 19/01/2008] C8B49DB7FEAF5864EF4A59A70064F8C9
user32.dll --a---- 627200 bytes [19:41 28/01/2011] [04:36 19/01/2008] B974D9F06DC7D1908E825DC201681269
usercpl.dll --a---- 1123840 bytes [19:41 28/01/2011] [04:36 19/01/2008] ABCA6466F1A17FE72D176201CE38AA5E
userenv.dll --a---- 108032 bytes [19:41 28/01/2011] [04:36 19/01/2008] DB5E62FABC9407756F35F5EFBB3E15E5
usp10.dll --a---- 501760 bytes [21:21 29/01/2011] [16:10 16/04/2010] A23E4692716C25E5AEA300ED74E73A1C
utildll.dll --a---- 29696 bytes [19:40 28/01/2011] [04:36 19/01/2008] 6491F188B51C7E3775B9F3F266EC9D6F
uudf.dll --a---- 130560 bytes [19:40 28/01/2011] [04:36 19/01/2008] 6E2C2D1A925AEFDA224534A96109DEED
uxsms.dll --a---- 28672 bytes [19:40 28/01/2011] [04:36 19/01/2008] 032A0ACC3909AE7215D524E29D536797
uxtheme.dll --a---- 240128 bytes [19:40 28/01/2011] [04:36 19/01/2008] 999D69DEB576C2C424294DF025891CC6
VAN.dll --a---- 257024 bytes [19:40 28/01/2011] [04:36 19/01/2008] 4C96E5B53EAF63BCBEA6FA79C9A0AE59
vbajet32.dll --a---- 30749 bytes [06:47 02/11/2006] [09:46 02/11/2006] 4995B131F6B4DA0F8F7D2191E37054BD
VBAME.DLL --a---- 47920 bytes [18:50 24/07/2006] [18:50 24/07/2006] 3F27A99C1415B86F6023D93465B2BD30
vbscript.dll --a---- 430080 bytes [05:20 03/05/2011] [15:35 16/02/2011] D5F28DF4C4100B233D7F5C708673696D
vcomp100.dll --a---- 51024 bytes [05:58 11/06/2011] [05:58 11/06/2011] 28D2B08D3D33670B0D010ED2BA2AB513
vdmdbg.dll --a---- 17408 bytes [19:40 28/01/2011] [04:36 19/01/2008] FBA97213A1223B9B38EA497FAB6ED050
vdmredir.dll --a---- 41984 bytes [19:40 28/01/2011] [04:36 19/01/2008] 8381D3333A896E253120D9C0FDE92498
vdsbas.dll --a---- 152064 bytes [19:40 28/01/2011] [04:36 19/01/2008] B5AF921AAFF91AE3A47AA58CD2E1439F
vdsdyn.dll --a---- 507904 bytes [19:40 28/01/2011] [04:36 19/01/2008] 1511F4013FF0B29EE3ACBE2B0960DCA9
vdsutil.dll --a---- 126976 bytes [19:40 28/01/2011] [04:36 19/01/2008] 10CA2DA2871B51A89BB424C11BBC683C
vds_ps.dll --a---- 37888 bytes [19:40 28/01/2011] [04:36 19/01/2008] 0A584EAAF70A171E919D8CE592407E94
ver.dll --a---- 9008 bytes [06:25 02/11/2006] [21:43 18/09/2006] D022D32A7BCB0B54C34BD687AC00564C
verifier.dll --a---- 157696 bytes [19:40 28/01/2011] [04:36 19/01/2008] 7EA4D54AAF5C0CE7865C494811515826
version.dll --a---- 20480 bytes [19:40 28/01/2011] [04:36 19/01/2008] 187D588F7A1A45DE48B8540401A90850
vfpodbc.dll --a---- 20535 bytes [10:24 02/11/2006] [09:46 02/11/2006] 7BF0CB472CF94227A4A75841352F23BF
vfwwdm32.dll --a---- 56832 bytes [19:40 28/01/2011] [04:36 19/01/2008] 65C092EF598DCCA1D665D52F06829512
vga.dll --a---- 10752 bytes [19:40 28/01/2011] [02:52 19/01/2008] 64B365FE354EDE2DF0FD12F6B87484FC
vga256.dll --a---- 56320 bytes [19:40 28/01/2011] [02:52 19/01/2008] D37B24B549421AB9D9F573B84EEFD60F
vga64k.dll --a---- 21504 bytes [19:40 28/01/2011] [02:52 19/01/2008] 9C733C88EB81CBA0C5A59E711B3078FC
VIDRESZR.DLL --a---- 246272 bytes [19:40 28/01/2011] [04:36 19/01/2008] E8CE716B23B75784C784E06478AD4248
vssapi.dll --a---- 1076224 bytes [19:41 28/01/2011] [04:36 19/01/2008] 00DE6E95C16103D25411789156C4928C
vsstrace.dll --a---- 69120 bytes [19:41 28/01/2011] [04:36 19/01/2008] DC3AE9F1554DCD97F90983DDBDACD83D
vss_ps.dll --a---- 26112 bytes [19:41 28/01/2011] [04:36 19/01/2008] AF25ECAA3D7F85DC13E348A6F79AD40D
vxblock.dll --a---- 39672 bytes [22:48 06/11/2007] [21:53 27/09/2006] D6898382E591DD85EB7AF5B269736CC5
w32time.dll --a---- 282624 bytes [19:42 28/01/2011] [04:36 19/01/2008] 1CF9206966A8458CDA9A8B20DF8AB7D3
w32topl.dll --a---- 26624 bytes [08:45 02/11/2006] [09:46 02/11/2006] 091D2012DF6E474283F84880F4DDA51A
WavDest.dll --a---- 46592 bytes [19:41 28/01/2011] [04:36 19/01/2008] 446ABD45606524FC3EF8C347503179D5
wavemsp.dll --a---- 222720 bytes [19:41 28/01/2011] [04:36 19/01/2008] 7BC0D791F3BB6AA4FA1DD9E0E7D4C744
wbemcomn.dll --a---- 357888 bytes [19:41 28/01/2011] [04:36 19/01/2008] 74B8C2EA72D43727142D12397D5A49F9
wcncsvc.dll --a---- 412672 bytes [19:41 28/01/2011] [04:36 19/01/2008] F3A5C2E1A6533192B070D06ECF6BE796
wcnwiz.dll --a---- 1532416 bytes [19:41 28/01/2011] [04:36 19/01/2008] 4EA1E896DE183A0576055914B9976399
WcsPlugInService.dll --a---- 32256 bytes [08:38 02/11/2006] [09:46 02/11/2006] 11BCB7AFCDD7AADACB5746F544D3A9C7
wdc.dll --a---- 1020928 bytes [19:41 28/01/2011] [04:36 19/01/2008] 8BE922327C9E9D7D1A23B3E323DE05BA
WdfCoInstaller01000.dll --a---- 1060424 bytes [18:58 09/03/2006] [18:58 09/03/2006] 106DB5E36DBB3E0A29D7D25275A7EF18
wdi.dll --a---- 73728 bytes [19:41 28/01/2011] [04:36 19/01/2008] ABFC76B48BB6C96E3338D8943C5D93B5
wdigest.dll --a---- 175104 bytes [14:47 30/08/2009] [15:24 15/06/2009] 29EC7259E8196D9F90A3D59B3D546FAF
wdscore.dll --a---- 218624 bytes [19:41 28/01/2011] [04:36 19/01/2008] C99A99CDF3F073F9BCA69B77D60B37FB
webcheck.dll --a---- 233984 bytes [19:41 28/01/2011] [04:36 19/01/2008] 4F4889A9D680714BE11B31BD01A0411A
WebClnt.dll --a---- 196608 bytes [19:41 28/01/2011] [04:36 19/01/2008] CF9A5F41789B642DB967021DE06A2713
wecapi.dll --a---- 56320 bytes [08:05 26/02/2011] [21:55 09/10/2009] F7D20026623E7136730FC42E25CBD2E6
wecsvc.dll --a---- 146944 bytes [08:05 26/02/2011] [21:55 09/10/2009] AE3736E7E8892241C23E4EBBB7453B60
wer.dll --a---- 876032 bytes [19:41 28/01/2011] [04:36 19/01/2008] EEF8941ABBD675AE84D016B4BDF9A6B4
wercplsupport.dll --a---- 62976 bytes [19:41 28/01/2011] [04:36 19/01/2008] 670FF720071ED741206D69BD995EA453
werdiagcontroller.dll --a---- 30208 bytes [19:41 28/01/2011] [04:36 19/01/2008] 103BBFCC2DBBE5D436F7985EAB8DACB8
wersvc.dll --a---- 125952 bytes [21:19 29/01/2011] [04:56 18/09/2008] FD1965AAA112C6818A30AB02742D0461
wevtapi.dll --a---- 250368 bytes [19:41 28/01/2011] [04:36 19/01/2008] E83DD205830F7FAEDA91E8E8D5C15ECC
wevtfwd.dll --a---- 81408 bytes [08:05 26/02/2011] [21:55 09/10/2009] D595A88D377366F93AFAEA20B8764A50
wevtsvc.dll --a---- 1013760 bytes [19:42 28/01/2011] [04:36 19/01/2008] 3ABDB4BEAE7CF1187109756D5F3A9BC0
wfapigp.dll --a---- 17920 bytes [19:42 28/01/2011] [04:36 19/01/2008] 0745D6EAD386710110817FBEC03F5161
whealogr.dll --a---- 31232 bytes [19:42 28/01/2011] [04:36 19/01/2008] 810FDC65624A3BC7EB48F5702FBB55AD
whhelper.dll --a---- 15360 bytes [08:49 02/11/2006] [09:46 02/11/2006] 978ABB8547246E1963708EEA895FB502
wiaaut.dll --a---- 547840 bytes [19:42 28/01/2011] [04:36 19/01/2008] 4078CA63B864B0FB1A0EB1E0262672EA
wiadefui.dll --a---- 415744 bytes [19:42 28/01/2011] [04:36 19/01/2008] CD2E884D7C54D7F6357676C085576852
wiadss.dll --a---- 112640 bytes [19:42 28/01/2011] [04:36 19/01/2008] 65283279D4EDE387C988F8B753C8F7E5
wiafbdrv.dll --a---- 89088 bytes [10:25 02/11/2006] [09:46 02/11/2006] 570DDCF8D16B39F46A440C2817C52E21
wiarpc.dll --a---- 32768 bytes [19:42 28/01/2011] [04:36 19/01/2008] 73FE2E5FA55088A241AA2732F5D387D6
wiascanprofiles.dll --a---- 88064 bytes [19:42 28/01/2011] [04:36 19/01/2008] 1DA930E7D613E7D426492C3B48D92EC8
wiaservc.dll --a---- 452608 bytes [19:42 28/01/2011] [04:36 19/01/2008] 7DD08A597BC56051F320DA0BAF69E389
wiashext.dll --a---- 443904 bytes [19:42 28/01/2011] [04:36 19/01/2008] E23DD885F5C1F6D2F0563878E570C922
wiatrace.dll --a---- 12800 bytes [12:34 02/11/2006] [12:34 02/11/2006] 428FF21418ADCD6FAD6189CD9520A67B
wiavideo.dll --a---- 109568 bytes [12:34 02/11/2006] [12:34 02/11/2006] 572798DB25CB98145D7441453A8FD514
WIFEMAN.DLL --a---- 9216 bytes [07:10 02/11/2006] [07:10 02/11/2006] 51331D29F13FDA16832DC5EE8FF9B781
win32spl.dll --a---- 443392 bytes [00:07 29/10/2008] [03:39 12/08/2008] 60CFFD3FA1179EA8C40671604071DA06
win87em.dll --a---- 13312 bytes [06:25 02/11/2006] [21:43 18/09/2006] C980C971AD4FF3CA5CEFDEF40932D3A1
winbrand.dll --a---- 869376 bytes [08:34 02/11/2006] [09:46 02/11/2006] 72910BC4A218C49EA8E43D1FAEC403A5
WindowsAnytimeUpgradeCPL.dll --a---- 1524736 bytes [19:42 28/01/2011] [04:34 19/01/2008] 5BDAA4C2ACA8BFCFBF65F8A7FEEDF46E
WindowsCodecs.dll --a---- 712704 bytes [20:56 21/02/2009] [03:40 28/08/2008] A5A3089763FE03C88C20B7C26CE15DD3
WindowsCodecsExt.dll --a---- 347136 bytes [20:56 21/02/2009] [03:40 28/08/2008] 4870F4E0080FD6625B1CA3BA24894597
winethc.dll --a---- 62464 bytes [19:42 28/01/2011] [04:36 19/01/2008] 0194725B40270F88A4F67E223B9F690B
winhttp.dll --a---- 378368 bytes [20:57 23/01/2010] [12:16 24/08/2009] CE412DEE2B485C11BA1802A64473E9BA
wininet.dll --a---- 833024 bytes [19:45 14/06/2011] [15:00 21/04/2011] DA5A72211661C7F162B332FEA4F09A69
winipsec.dll --a---- 61440 bytes [17:52 24/08/2008] [07:36 19/01/2008] 1F65F79C66D3F7172AA9C9D5FA8D1635
winmm.dll --a---- 189952 bytes [19:42 28/01/2011] [04:36 19/01/2008] EEFE4228157CE404F4A69DA90F288ECA
WINNLS.DLL --a---- 5120 bytes [07:10 02/11/2006] [07:10 02/11/2006] 37F4D55260E037EE9862D0AF93348755
winnsi.dll --a---- 14848 bytes [19:42 28/01/2011] [04:36 19/01/2008] 6B09105742C75DF80CEF21700F20F55A
winrnr.dll --a---- 19968 bytes [08:45 02/11/2006] [09:46 02/11/2006] FF78B8E67EDCE9FEED651D7858D77A04
winrscmd.dll --a---- 241152 bytes [08:04 26/02/2011] [21:56 09/10/2009] D1C18ACA47C53DA18FAD42C8FB9D6BE3
winrsmgr.dll --a---- 2048 bytes [08:06 26/02/2011] [21:56 09/10/2009] 3FA837E3C30334BA8CA5EEB2B375D50C
winrssrv.dll --a---- 10240 bytes [08:05 26/02/2011] [21:56 09/10/2009] 19CFA2BAEE7FA471786897A0113B52D9
WinSATAPI.dll --a---- 383488 bytes [19:42 28/01/2011] [04:36 19/01/2008] 3FCB7347D2DE38488C85A31EA7838A3C
WinSCard.dll --a---- 115200 bytes [19:42 28/01/2011] [04:36 19/01/2008] 6F12098823894C744F45D632CB45BD18
winshfhc.dll --a---- 8192 bytes [08:44 02/11/2006] [09:46 02/11/2006] 3D611073EA61C8370C5F126BDCDAB28E
WINSOCK.DLL --a---- 2864 bytes [07:10 02/11/2006] [07:10 02/11/2006] 68485C5EF0E2EFCEBF21BBB1042B823B
winsockhc.dll --a---- 48640 bytes [08:58 02/11/2006] [09:46 02/11/2006] D6533DD879F0A95F42CFE4450201B60D
WINSRPC.DLL --a---- 16896 bytes [19:42 28/01/2011] [04:36 19/01/2008] 01410489BE96973092492CE2FCB12833
winsrv.dll --a---- 375808 bytes [13:35 13/07/2011] [14:47 20/04/2011] F42F8855CB5C22E203C6672B124F17FD
winsta.dll --a---- 140800 bytes [19:42 28/01/2011] [04:36 19/01/2008] 4AAFC7461633848AA87A363B2CBEC522
wintrust.dll --a---- 171520 bytes [12:12 14/04/2010] [12:43 23/12/2009] 6E012DA20D59C3991751CA6E8C71EB06
winusb.dll --a---- 16384 bytes [19:42 28/01/2011] [04:36 19/01/2008] E5A905BDD0007868FB87007C13324479
wkssvc.dll --a---- 160256 bytes [01:52 29/08/2009] [12:12 10/06/2009] 2AE2E1628C5D3F1C0A46A67C9FA1DF15
wlanapi.dll --a---- 64512 bytes [15:09 13/09/2009] [07:36 19/01/2008] F28F5E62EEA67807AD4D4449F29BE2BD
wlancfg.dll --a---- 92160 bytes [19:42 28/01/2011] [04:36 19/01/2008] D8D98FF46419DD13C83F657FBF03B9A8
WLanConn.dll --a---- 628224 bytes [19:42 28/01/2011] [04:36 19/01/2008] 6D48C42BF2DC4225353B86F2E2B90CFA
wlandlg.dll --a---- 498688 bytes [19:41 28/01/2011] [04:36 19/01/2008] 46590FAE32B3A4DCDFCEA9996DDEF18D
wlangpui.dll --a---- 399360 bytes [19:41 28/01/2011] [04:36 19/01/2008] 0E0CB123DF7E39A6EDF562E2270265E9
WLanHC.dll --a---- 120832 bytes [19:41 28/01/2011] [04:36 19/01/2008] 420725F9BA3C008446D3849E0099B34D
wlanhlp.dll --a---- 68096 bytes [15:09 13/09/2009] [07:36 19/01/2008] 4B8BE68C1F19509BC62E6A2846D429C1
wlaninst.dll --a---- 14848 bytes [08:55 02/11/2006] [09:46 02/11/2006] C7FCB0BE2F96883D4E520E89C1E65851
WlanMM.dll --a---- 913408 bytes [19:41 28/01/2011] [04:36 19/01/2008] 63E3520ADC155653CB86E5FC37EB32DD
WlanMmHC.dll --a---- 41472 bytes [19:41 28/01/2011] [04:36 19/01/2008] 409CAF2DEE948DFF5ECB8ACC1EA7ABAC
wlanmsm.dll --a---- 293376 bytes [15:09 13/09/2009] [19:32 11/07/2009] ABE9DEC1E78226F70F5A6D18F701AFF2
wlanpref.dll --a---- 1671680 bytes [19:41 28/01/2011] [04:36 19/01/2008] CFB1737C17BA3172D490F26A4CD17781
wlansec.dll --a---- 302592 bytes [15:09 13/09/2009] [19:32 11/07/2009] 2938E3B155C2647137A1910F534E66BE
wlansvc.dll --a---- 513024 bytes [15:09 13/09/2009] [19:32 11/07/2009] 275F4346E569DF56CFB95243BD6F6FF0
wlanui.dll --a---- 202752 bytes [19:41 28/01/2011] [04:36 19/01/2008] FDE26DC12682D5D5F7A6A84EC82936DA
wlanutil.dll --a---- 8192 bytes [08:55 02/11/2006] [09:46 02/11/2006] EB2170D0DDF3B2A92506AE16BC524B0B
Wldap32.dll --a---- 289280 bytes [19:41 28/01/2011] [04:36 19/01/2008] 44638B7584A362E7B50B1EDD859FACAD
wlgpclnt.dll --a---- 83456 bytes [19:41 28/01/2011] [04:36 19/01/2008] 0636D4FE43C198C289F37BE4083204D0
WlS0WndH.dll --a---- 8192 bytes [08:44 02/11/2006] [09:46 02/11/2006] 92283D9E33EC5F41ECC0B430B7459241
WMADMOD.DLL --a---- 758784 bytes [19:41 28/01/2011] [04:36 19/01/2008] 0ABCCD4A0BD110B49B1523FF9C0F1A53
WMADMOE.DLL --a---- 1118720 bytes [19:41 28/01/2011] [04:36 19/01/2008] 6C4D28E993A5885DAC7C63E1F30FCA4E
WMALFXGFXDSP.dll --a---- 1312256 bytes [19:41 28/01/2011] [04:37 19/01/2008] 0727200F10320A6BA7E59433094FBBA7
WMASF.DLL --a---- 223232 bytes [19:41 28/01/2011] [04:37 19/01/2008] 36CCD8A79539C4ACE3BABE09C2CFBA16
wmdmlog.dll --a---- 31744 bytes [12:35 02/11/2006] [12:35 02/11/2006] 10F1107338B2DDDFFCE33EBAC630901D
wmdmps.dll --a---- 36864 bytes [12:35 02/11/2006] [12:35 02/11/2006] 9F1FAC04A274ADF9F65F9E1B851BDB1E
wmdrmdev.dll --a---- 418304 bytes [19:41 28/01/2011] [04:37 19/01/2008] F1ECEC53B9FFC30E123D14E087C49111
wmdrmnet.dll --a---- 347648 bytes [19:41 28/01/2011] [04:37 19/01/2008] D571295B71C60A67F6F2EA987E5CC3B0
wmdrmsdk.dll --a---- 533504 bytes [19:41 28/01/2011] [04:37 19/01/2008] C05605F34B72E17F99175B335491E190
wmerror.dll --a---- 2048 bytes [12:35 02/11/2006] [12:35 02/11/2006] D35B934A5101034057C71FB80B6FA6C3
wmi.dll --a---- 5120 bytes [09:16 02/11/2006] [09:44 02/11/2006] BFE74095684093F14D24801C8C0D16E3
wmicmiplugin.dll --a---- 345088 bytes [21:20 29/01/2011] [11:10 06/11/2010] B8F5F3C5D15D62943414AA6BF5E7B781
wmidx.dll --a---- 154624 bytes [19:41 28/01/2011] [04:37 19/01/2008] 1A85426DD61606F318CAB5D4C96749D7
wmiprop.dll --a---- 23040 bytes [19:41 28/01/2011] [04:37 19/01/2008] 1210E91D16E67065CBF5B164D99A36EC
WMNetMgr.dll --a---- 996352 bytes [20:55 21/02/2009] [01:59 23/06/2008] AAAEC76D0A5FD68FA625BCFE41DEAC82
wmp.dll --a---- 10626560 bytes [21:22 29/01/2011] [18:18 10/09/2010] 801027F97983D22AB6F177C658F70C02
wmpcm.dll --a---- 22016 bytes [19:41 28/01/2011] [04:37 19/01/2008] 00FF632D7E614BDABAFDF4DA44E72A75
wmpdxm.dll --a---- 313344 bytes [01:51 29/08/2009] [13:00 14/07/2009] 914776E7D5DD07AAA6F228BB36BD6D2E
wmpeffects.dll --a---- 303616 bytes [03:16 13/09/2008] [03:29 26/06/2008] 6BAE5BBABA7DB190EDB51C946C0F7351
WMPEncEn.dll --a---- 1642496 bytes [19:41 28/01/2011] [04:37 19/01/2008] D150E03EE910DCE326EE21BCF430CBA0
WMPhoto.dll --a---- 276992 bytes [19:41 28/01/2011] [04:37 19/01/2008] 93EDDF0105F0E6D9170F0F06594F5A2E
wmploc.DLL --a---- 8147456 bytes [21:22 29/01/2011] [16:37 10/09/2010] 0C47181269A2E16AEDD0FF4B6DBCFBA9
wmpmde.dll --a---- 866816 bytes [21:20 29/01/2011] [15:21 20/08/2010] 6544320E7BABB601E9D95A1FEFE7FC49
wmpps.dll --a---- 131072 bytes [12:35 02/11/2006] [12:35 02/11/2006] 617F9A5813E69F6E9ED94B811EC75396
wmpshell.dll --a---- 101376 bytes [19:41 28/01/2011] [04:37 19/01/2008] 0143E15F94FD523C588EDD47609F905F
wmpsrcwp.dll --a---- 184320 bytes [19:41 28/01/2011] [04:37 19/01/2008] D9FE5A3637ED2FB8659735B6D89681B4
wmsgapi.dll --a---- 10752 bytes [08:44 02/11/2006] [09:46 02/11/2006] F0321DA5203F1E71917F3B7A13DC4912
WMSPDMOD.DLL --a---- 604672 bytes [03:00 16/10/2009] [12:37 02/04/2009] 43A448FE59022D77A2535A6FC2D825B9
WMSPDMOE.DLL --a---- 1329152 bytes [19:41 28/01/2011] [04:37 19/01/2008] FD5A586242139DA8277963ED6C3EEA9E
WMVCORE.DLL --a---- 2386944 bytes [15:07 13/09/2009] [12:11 10/06/2009] 92D6ECFBCAACD81F33FF2ED748A50C2A
WMVDECOD.DLL --a---- 1548288 bytes [19:41 28/01/2011] [04:37 19/01/2008] 4C89D745968897ED3DA855834CABC73B
wmvdspa.dll --a---- 153600 bytes [19:41 28/01/2011] [04:37 19/01/2008] 71DC4E0D713D113A260A83646EA7E8F9
WMVENCOD.DLL --a---- 1575424 bytes [19:41 28/01/2011] [04:37 19/01/2008] 7DCE1C9C5A0587A3A8C6D0F855B13D2C
WMVSDECD.DLL --a---- 1382912 bytes [19:41 28/01/2011] [04:37 19/01/2008] 6B7D14E296E0C5E23EC1F5D6F1DDBF61
WMVSENCD.DLL --a---- 767488 bytes [19:41 28/01/2011] [04:37 19/01/2008] E6B2D16067C5EFFC8A50958B91C0E8B2
WMVXENCD.DLL --a---- 657408 bytes [19:41 28/01/2011] [04:37 19/01/2008] 3E21A5DEBB236BCF591058AC99875851
wow32.dll --a---- 273920 bytes [19:41 28/01/2011] [04:37 19/01/2008] 5DD74D2DDADDC3B4366AF7C52F9B5CFF
Wpc.dll --a---- 296960 bytes [19:41 28/01/2011] [04:37 19/01/2008] A9662BCF218BC76869A8D91635D5F93A
wpcao.dll --a---- 532992 bytes [19:41 28/01/2011] [04:37 19/01/2008] 71A69423264EF646B8437E1F40B43666
wpccpl.dll --a---- 1580544 bytes [19:41 28/01/2011] [04:37 19/01/2008] 2CCE6A45391E4B67EED1B712693DBD4F
wpclsp.dll --a---- 72192 bytes [19:41 28/01/2011] [04:37 19/01/2008] DD1D685D387A8AC666BA3B7539C774E8
wpcsvc.dll --a---- 140288 bytes [19:41 28/01/2011] [04:37 19/01/2008] 5D94CD167751294962BA238D82DD1BB8
wpdbusenum.dll --a---- 70144 bytes [19:41 28/01/2011] [04:37 19/01/2008] 396D406292B0CD26E3504FFE82784702
WpdConns.dll --a---- 33280 bytes [19:41 28/01/2011] [04:37 19/01/2008] F9149F00D3DCD47C11B842A2B42E1E36
WpdMtp.dll --a---- 151552 bytes [10:25 02/11/2006] [09:46 02/11/2006] 0290A9782395937F41D80A1D56A1DE91
WpdMtpUS.dll --a---- 60928 bytes [19:41 28/01/2011] [04:37 19/01/2008] 872ABDB47733CFA919F4CB5009E8BE25
wpdshext.dll --a---- 2537472 bytes [19:41 28/01/2011] [04:37 19/01/2008] 689C2A3B8C6CBC64E6959C7C858B742C
WPDShServiceObj.dll --a---- 131584 bytes [19:41 28/01/2011] [04:37 19/01/2008] A216F1C708CA4CBB7E1EB096C3A7EC5F
WPDSp.dll --a---- 349184 bytes [19:41 28/01/2011] [04:37 19/01/2008] F9A1336E8AAB8B90E86C43C292B38D72
wpdwcn.dll --a---- 203776 bytes [19:41 28/01/2011] [04:37 19/01/2008] CCFF5EF17E0139D832BBCE449086BDD9
wpd_ci.dll --a---- 613888 bytes [19:41 28/01/2011] [04:37 19/01/2008] 766D7BA4A77149A25CDABE1B484BE8DB
ws2help.dll --a---- 4608 bytes [08:58 02/11/2006] [09:44 02/11/2006] 17C0671BF57057108A6D949510EE42C8
ws2_32.dll --a---- 179200 bytes [19:41 28/01/2011] [04:37 19/01/2008] B304D47D5744BA20FCB99FB8B2C07B0B
wscapi.dll --a---- 33792 bytes [19:41 28/01/2011] [04:37 19/01/2008] F297A62208FEE458552EB7FBD2444012
wscisvif.dll --a---- 17408 bytes [19:41 28/01/2011] [04:37 19/01/2008] D02675B1C7F1EE276248C7EE039F1D63
wscmisetup.dll --a---- 56320 bytes [19:41 28/01/2011] [04:37 19/01/2008] D8C268C29655FB27F9FBE2F79662D531
wscntfy.dll --a---- 224768 bytes [19:41 28/01/2011] [04:37 19/01/2008] C6061829D943C9579BD620464ACEFE1F
wscproxystub.dll --a---- 9728 bytes [19:41 28/01/2011] [04:37 19/01/2008] FE3702015BE4D214808A2FBC07B8E5FF
wscsvc.dll --a---- 61440 bytes [19:41 28/01/2011] [04:37 19/01/2008] 683DD16B590372F2C9661D277F35E49C
WSDApi.dll --a---- 351232 bytes [16:58 15/11/2009] [13:05 10/08/2009] D7F8D560FF816126F4DB520D1BDC3281
wsdchngr.dll --a---- 20992 bytes [09:16 02/11/2006] [09:46 02/11/2006] CCAF246004F719F858E841A2BA12C308
WSDMon.dll --a---- 177664 bytes [19:41 28/01/2011] [04:37 19/01/2008] 47C4359FA1E1460F16CEBD1A2BCA73BE
wsecedit.dll --a---- 1295360 bytes [19:41 28/01/2011] [04:37 19/01/2008] 210FFD034BDB5108B55B6EC23CD4CE6E
wsepno.dll --a---- 29184 bytes [08:50 30/01/2011] [05:18 27/05/2008] 41A100BD1E2D6A4BE838CB97C833A024
wshbth.dll --a---- 34304 bytes [08:55 02/11/2006] [09:46 02/11/2006] 4431834E287DE5AE715D964215014048
wshcon.dll --a---- 36864 bytes [19:41 28/01/2011] [04:37 19/01/2008] B4C7D1C851E3DB5CA9D10386403A186D
wshelper.dll --a---- 14336 bytes [08:58 02/11/2006] [09:46 02/11/2006] 20614C9F12A3A09A5015C9EBBD4419D2
wshext.dll --a---- 90112 bytes [21:18 29/01/2011] [21:59 08/05/2008] F825B8CEC8523C7542C2E397D31DB292
wship6.dll --a---- 9216 bytes [19:41 28/01/2011] [04:37 19/01/2008] 9E80FF0752E365F97FD2D1D68C2AFDA1
wshirda.dll --a---- 10752 bytes [08:57 02/11/2006] [09:46 02/11/2006] E9D1EF681E0F3B95C9B5FD648FA95371
wshnetbs.dll --a---- 11264 bytes [08:57 02/11/2006] [09:46 02/11/2006] DCB19845AAB3C0C958DF4340B36586DF
wshqos.dll --a---- 13824 bytes [08:57 02/11/2006] [09:46 02/11/2006] 05C3B38DB95BA5585817A4F898EE5581
wshrm.dll --a---- 14848 bytes [08:57 02/11/2006] [09:46 02/11/2006] 0BBA784F01BF8F78FF8237C598A9CE53
WSHTCPIP.DLL --a---- 9216 bytes [19:41 28/01/2011] [04:37 19/01/2008] 22CFAEB9172F5F198048401485CD0571
WSManMigrationPlugin.dll --a---- 252416 bytes [08:04 26/02/2011] [21:55 09/10/2009] 6B57C7A878B176E6D95200CEF19DDEEC
WsmAuto.dll --a---- 145408 bytes [08:04 26/02/2011] [21:56 09/10/2009] DE21E8012F3946A647C9B38A636EE9EC
wsmplpxy.dll --a---- 10240 bytes [08:05 26/02/2011] [21:56 09/10/2009] D80AAE1CDAFAC1E0ADEDC7D312EF61D0
WsmRes.dll --a---- 54272 bytes [08:05 26/02/2011] [21:55 09/10/2009] 1311171CF8F6D2954441EF2A42693035
WsmSvc.dll --a---- 1181696 bytes [08:04 26/02/2011] [21:56 09/10/2009] 7CFE68BDC065E55AA5E8421607037511
WsmWmiPl.dll --a---- 214016 bytes [08:04 26/02/2011] [21:56 09/10/2009] 148DB2E11E0A44FEB053250303BA02DD
wsnmp32.dll --a---- 50688 bytes [19:41 28/01/2011] [04:37 19/01/2008] 1367EF1C1BA82E4A559FEDA1F0D8383C
wsock32.dll --a---- 15360 bytes [19:41 28/01/2011] [04:37 19/01/2008] E582816A4855914DEFFC212E12B3B744
wtsapi32.dll --a---- 26624 bytes [19:41 28/01/2011] [04:37 19/01/2008] F42483814FC39170B3982A184EC5AAA2
wuapi.dll --a---- 575704 bytes [16:32 15/11/2009] [02:23 07/08/2009] 009758CC06B7F55B4A4D16A66E243C24
wuaueng.dll --a---- 1929952 bytes [16:33 15/11/2009] [02:23 07/08/2009] 6298277B73C77FA99106B271A7525163
wucltux.dll --a---- 2421760 bytes [16:33 15/11/2009] [01:45 07/08/2009] 5B56A7A5AE0C118CF6413A6E99170BF8
WUDFCoinstaller.dll --a---- 87552 bytes [19:41 28/01/2011] [04:37 19/01/2008] C5537911533608EB6FF2FEBC028B0B57
WUDFPlatform.dll --a---- 181248 bytes [19:41 28/01/2011] [04:37 19/01/2008] 399BB52AD0668472717498E97CF28341
WUDFSvc.dll --a---- 55296 bytes [19:41 28/01/2011] [04:37 19/01/2008] 575A4190D989F64732119E4114045A4F
WUDFx.dll --a---- 305152 bytes [19:41 28/01/2011] [04:37 19/01/2008] 4B72B5B342ADA4DE8DEEA39CCE465B58
wudriver.dll --a---- 87552 bytes [16:32 15/11/2009] [01:44 07/08/2009] 6022D8D461C04593BD87DFAA9444D797
wups.dll --a---- 35552 bytes [16:32 15/11/2009] [02:24 07/08/2009] 1D326842006C4BE77ECD848CF89F01AB
wups2.dll --a---- 44768 bytes [16:33 15/11/2009] [02:24 07/08/2009] 5BD1234E11B39C63BBA87022AF6D43C2
wuwebv.dll --a---- 171608 bytes [16:31 15/11/2009] [00:23 07/08/2009] BE2DE642AA0D55CB644D87C97A2C01AE
wvc.dll --a---- 456704 bytes [19:41 28/01/2011] [04:37 19/01/2008] 0C623EE72C9B28BF6AF81DB08C5B6CB7
wzcdlg.dll --a---- 70144 bytes [19:41 28/01/2011] [04:37 19/01/2008] 35CB76C87FFEC62CA59ACDC94FA8845D
xactsrv.dll --a---- 95232 bytes [19:41 28/01/2011] [04:37 19/01/2008] CC8DE25AD6CBA4416BA9E309CC3C1DD2
XInput9_1_0.dll --a---- 26112 bytes [12:34 02/11/2006] [12:34 02/11/2006] 1105F267E9A50528EBC88A000652F2A3
xmlfilter.dll --a---- 56320 bytes [08:50 30/01/2011] [05:18 27/05/2008] 439F040603EC7E07ED47C1C37FEC4FCE
xmllite.dll --a---- 183296 bytes [19:41 28/01/2011] [04:37 19/01/2008] 84ABB260A81130D39126EF79F2624E15
xmlprovi.dll --a---- 16384 bytes [19:41 28/01/2011] [04:37 19/01/2008] EE62862E6CA53940951CA2B9AA1456C6
xolehlp.dll --a---- 38912 bytes [14:57 07/06/2009] [03:27 06/06/2008] 81269DEBF9341E7E402A0373ECC288E2
XPSSHHDR.dll --a---- 574976 bytes [19:41 28/01/2011] [04:37 19/01/2008] 4A149599A7336DF7ED588761F4A8CFA8
xpssvcs.dll --a---- 1675264 bytes [19:41 28/01/2011] [04:37 19/01/2008] 3F729AE2C1900E0FF2514BD095D426D1
xwizards.dll --a---- 296448 bytes [19:41 28/01/2011] [04:37 19/01/2008] 4EC8572B3E74DB47F45A1BC9750950EF
xwreg.dll --a---- 79360 bytes [08:55 02/11/2006] [09:46 02/11/2006] 3A8474F34B1380F7CA426FFAC0F923F8
xwtpw32.dll --a---- 95744 bytes [19:41 28/01/2011] [04:37 19/01/2008] D1B995DD331CC987CF5AF255DFC4D417
zipfldr.dll --a---- 342016 bytes [19:41 28/01/2011] [04:37 19/01/2008] F41857E440A9DF3FD5A543C8B2A53048

---Folders---
0409 d------ [12:42 02/11/2006]
AdvancedInstallers d------ [11:18 02/11/2006]
ar-SA d------ [11:18 02/11/2006]
bg-BG d------ [11:18 02/11/2006]
Boot d------ [11:18 02/11/2006]
Branding d------ [12:42 02/11/2006]
catroot d------ [11:18 02/11/2006]
catroot2 d------ [11:18 02/11/2006]
CodeIntegrity d------ [11:18 02/11/2006]
com d------ [11:18 02/11/2006]
config d------ [11:18 02/11/2006]
cs-CZ d------ [11:18 02/11/2006]
da-DK d------ [11:18 02/11/2006]
de-DE d------ [11:18 02/11/2006]
drivers d------ [11:18 02/11/2006]
DriverStore d------ [11:18 02/11/2006]
el-GR d------ [11:18 02/11/2006]
en d------ [12:42 02/11/2006]
en-US d------ [11:18 02/11/2006]
es-ES d------ [11:18 02/11/2006]
et-EE d------ [11:18 02/11/2006]
fi-FI d------ [11:18 02/11/2006]
fr-FR d------ [11:18 02/11/2006]
GroupPolicy d------ [11:18 02/11/2006]
GroupPolicyUsers d------ [11:18 02/11/2006]
he-IL d------ [11:18 02/11/2006]
hr-HR d------ [11:18 02/11/2006]
hu-HU d------ [11:18 02/11/2006]
ias d------ [11:18 02/11/2006]
icsxml d------ [11:18 02/11/2006]
IME d------ [11:18 02/11/2006]
inetsrv d------ [11:18 02/11/2006]
it-IT d------ [11:18 02/11/2006]
ja-JP d------ [11:18 02/11/2006]
ko-KR d------ [11:18 02/11/2006]
Lang d------ [21:27 11/12/2007]
licensing d------ [11:18 02/11/2006]
LogFiles d------ [11:18 02/11/2006]
lt-LT d------ [11:18 02/11/2006]
lv-LV d------ [11:18 02/11/2006]
Macromed d------ [23:13 06/11/2007]
manifeststore d------ [11:18 02/11/2006]
Microsoft d---s-- [12:47 02/11/2006]
migration d------ [11:18 02/11/2006]
migwiz d------ [11:18 02/11/2006]
Msdtc d------ [11:18 02/11/2006]
MUI d------ [11:18 02/11/2006]
nb-NO d------ [11:18 02/11/2006]
NDF d------ [11:18 02/11/2006]
networklist d------ [11:18 02/11/2006]
nl-NL d------ [11:18 02/11/2006]
oobe d-a---- [11:18 02/11/2006]
pl-PL d------ [11:18 02/11/2006]
Printing_Admin_Scripts d------ [12:42 02/11/2006]
pt-BR d------ [11:18 02/11/2006]
pt-PT d------ [11:18 02/11/2006]
ras d------ [11:18 02/11/2006]
RemInst d------ [11:18 02/11/2006]
restore d------ [12:37 02/11/2006]
ro-RO d------ [11:18 02/11/2006]
RTCOM d------ [22:28 06/11/2007]
ru-RU d------ [11:18 02/11/2006]
SDA d------ [22:50 06/11/2007]
setup d------ [11:18 02/11/2006]
sk-SK d------ [11:18 02/11/2006]
sl-SI d------ [11:18 02/11/2006]
slmgr d------ [12:42 02/11/2006]
SLUI d------ [11:18 02/11/2006]
SMI d------ [11:18 02/11/2006]
Speech d------ [11:18 02/11/2006]
spool d------ [11:18 02/11/2006]
sr-Latn-CS d------ [11:18 02/11/2006]
sv-SE d------ [11:18 02/11/2006]
sysprep d-a---- [11:18 02/11/2006]
Tasks d------ [11:18 02/11/2006]
th-TH d------ [11:18 02/11/2006]
tr-TR d------ [11:18 02/11/2006]
uk-UA d------ [11:18 02/11/2006]
wbem d------ [11:18 02/11/2006]
WCN d------ [12:42 02/11/2006]
WDI d------ [11:18 02/11/2006]
wfp d------ [11:18 02/11/2006]
WindowsPowerShell d------ [08:11 26/02/2011]
winevt d------ [11:18 02/11/2006]
winrm d------ [12:42 02/11/2006]
XPSViewer d------ [12:37 02/11/2006]
zh-CN d------ [11:18 02/11/2006]
zh-HK d------ [11:18 02/11/2006]
zh-TW d------ [11:18 02/11/2006]

-= EOF =-

JonEJet
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-07-16
OS OS : XP
Points Points : 30186
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by Gabethebabe on Sun Jun 03, 2012 9:07 am

This is what I needed.

Just to confirm: you ran systemlook from a boot disk, right?
if you ran it booting normally from your infected computer, this report will be useless.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by Gabethebabe on Sun Jun 03, 2012 10:02 am

Ok, I have found a suspect.

Let's hope we are lucky here. First we need to isolate the file.
Boot from your precious boot cd

find this file:
c:\windows\system32\drivers\vgapnp.sys

Make a copy of it, for example copy it to your root (C:\vgapnp.sys), but making a copy in the same directory is also fine. Copying it to a USB drive is also fine.

Submit the file you copied for analysis to [You must be registered and logged in to see this link.]. A report will follow. Please copy the URL of that report into your next reply (will look something like [You must be registered and logged in to see this link.]

Cross fingers Big Grin

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Sun Jun 03, 2012 12:03 pm

is this what you're looking for

[You must be registered and logged in to see this link.]

it said it analyzed the file in the past.and this is the it here

[You must be registered and logged in to see this link.]

this is all very confusing.....hahahaha

JonEJet
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-07-16
OS OS : XP
Points Points : 30186
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by Gabethebabe on Sun Jun 03, 2012 4:19 pm

so that's not our culprit Sad tearing

*sigh*

We're going to need a break, because I am running out of ideas.

  • Boot your system with the OTLPE boot disk.
  • Find the OTLPE icon and double click it to run OTLPE
  • Answer Yes and OK to all prompts
  • Ensure the option Automatically Load All Remaining Users is checked
  • OTL should now start. Set the option Drivers to Non-Microsoft
  • Copy and paste the following text into the Custom Scans/Fixes field:
    %APPDATA%\Microsoft\*.*
    %systemroot%\system32\config\systemprofile\*.dat /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\winn32\*.*
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %PROGRAMFILES%\Mozilla Firefox\*.exe
    %ProgramFiles%\TinyProxy.
    %systemroot%\system32\*.* /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.* /lockedfiles
    %PROGRAMFILES%\*.
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
  • Click Run Scan to start the scan
  • When finished, a log file C:\OTL.txt will be created
  • Please post the contents of the file in your next reply



Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Mon Jun 04, 2012 12:47 am

Okay, I have tried 3 times after I booted up

It completes the scan, but it will not give me a log. No where, not on C: it just says scan complete

So I try and run under regular start up, and once again it stops at firefox settings, and will not complete scan.

This stinks, and thanks for your help thusfar

JonEJet
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-07-16
OS OS : XP
Points Points : 30186
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by Gabethebabe on Mon Jun 04, 2012 9:31 am

Yes it stinks. My tools are usually loyal to me and they all fail to be very helpful
Evil or enraged

We try one more offline tool and see what that brings. After that I think we're going to try an AV rescue disk and do a dumb scan.

Please download the Recovery Scan Tool by Farbar from [You must be registered and logged in to see this link.] and save it to the root of your harddisk (C:\FSRT.exe).
  • Boot with the OTLPE boot disk
  • Browse to c:\FRST.exe and run it.
  • Run the scan without changing any of the options
  • A log will be created (FRST.txt), please post that here.


EDIT:
Also in OTLPE boot mode, run systemlook.exe and copy the following script:

:filefind
services.exe

Click Look and post the systemlook.txt back here.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Mon Jun 04, 2012 4:29 pm

Okay, got the FSRT log, but the systemlook didn't do much when i added the script

here is FSRT

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 03-06-2012
Ran by SYSTEM at 04-06-2012 13:05:50
Running from C:\Users\JonEJet\Downloads
Windows Vista (TM) Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2007-09-20] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [129560 2007-09-20] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-08-15] (Synaptics, Inc.)
HKLM\...\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [1862144 2007-11-06] (Google)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [413696 2009-05-26] (Apple Inc.)
HKLM\...\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [198160 2010-02-01] (RealNetworks, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40368 2011-08-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4241512 2012-03-06] (AVAST Software)
HKU\Default\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2007-05-18] (TOSHIBA)
HKU\Default User\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2007-05-18] (TOSHIBA)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 208.59.247.45 208.59.247.46
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
Startup: C:\Users\JonEJet\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\JonEJet\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> (No File)

================================ Services (Whitelisted) ==================

2 AgereModemAudio; C:\Windows\system32\agrsmsvc.exe [9216 2006-10-05] (Agere Systems)
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44768 2012-03-06] (AVAST Software)
2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2006-11-15] (TOSHIBA CORPORATION)
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-19] (Microsoft Corporation)
3 GameConsoleService; "C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe" [181784 2007-09-24] (WildTangent, Inc.)
3 GoogleDesktopManager; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [1862144 2007-11-06] (Google)
2 gupdate1caa3b3b7341e00; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [133104 2010-02-01] (Google Inc.)
2 lxdu_device; C:\Windows\system32\lxducoms.exe -service [589824 2010-10-14] ( )
3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice_tmp.exe [129976 2012-04-20] (Mozilla Foundation)
2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] ()
2 TNaviSrv; C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [77824 2007-09-19] (TOSHIBA Corporation)
2 TODDSrv; C:\Windows\system32\TODDSrv.exe [114688 2006-05-25] (TOSHIBA Corporation)
2 TosCoSrv; "C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe" [427576 2007-03-29] (TOSHIBA Corporation)
2 TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [125048 2007-02-26] (TOSHIBA CORPORATION)
2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
2 AntiVirSchedulerService; "C:\Program Files\Avira\AntiVir Desktop\sched.exe" [x]
2 AntiVirService; "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" [x]

========================== Drivers (Whitelisted) =============

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [20696 2012-03-06] (AVAST Software)
2 aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [57688 2012-03-06] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [35672 2012-03-06] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [612184 2012-03-06] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337880 2012-03-06] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [53848 2012-03-06] (AVAST Software)
4 KR10I; C:\Windows\System32\drivers\kr10i.sys [219264 2006-11-09] (TOSHIBA CORPORATION)
4 KR10N; C:\Windows\System32\drivers\kr10n.sys [211072 2006-11-09] (TOSHIBA CORPORATION)
4 KR3NPXP; C:\Windows\System32\drivers\kr3npxp.sys [479488 2006-09-27] (TOSHIBA CORPORATION)
3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2012-06-03] (Malwarebytes Corporation)
4 Processor; C:\Windows\System32\drivers\processr.sys [38400 2006-11-02] (Microsoft Corporation)
0 ACPI; system32\drivers\acpi.sys [x]
3 AgereSoftModem; system32\DRIVERS\AGRSM.sys [x]
3 AsyncMac; system32\DRIVERS\asyncmac.sys [x]
0 atapi; system32\drivers\atapi.sys [x]
2 avgntflt; system32\DRIVERS\avgntflt.sys [x]
1 avipbb; system32\DRIVERS\avipbb.sys [x]
4 blbdrive; C:\Windows\System32\drivers\blbdrive.sys [x]
3 bowser; system32\DRIVERS\bowser.sys [x]
3 catchme; \??\C:\Users\JonEJet\AppData\Local\Temp\catchme.sys [x]
4 cdfs; system32\DRIVERS\cdfs.sys [x]
1 cdrom; system32\DRIVERS\cdrom.sys [x]
0 CLFS; System32\CLFS.sys [x]
3 CmBatt; system32\DRIVERS\CmBatt.sys [x]
0 Compbatt; system32\DRIVERS\compbatt.sys [x]
0 crcdisk; system32\drivers\crcdisk.sys [x]
2 CWMonitor; \??\C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.5\CO_Mon.sys [x]
1 DfsC; System32\Drivers\dfsc.sys [x]
0 disk; system32\drivers\disk.sys [x]
3 drmkaud; system32\drivers\drmkaud.sys [x]
3 E1G60; system32\DRIVERS\E1G60I32.sys [x]
0 Ecache; System32\drivers\ecache.sys [x]
4 fdc; system32\DRIVERS\fdc.sys [x]
0 FileInfo; system32\drivers\fileinfo.sys [x]
3 Filetrace; system32\drivers\filetrace.sys [x]
4 flpydisk; system32\DRIVERS\flpydisk.sys [x]
0 FltMgr; system32\drivers\fltmgr.sys [x]
3 FwLnk; system32\DRIVERS\FwLnk.sys [x]
3 HdAudAddService; system32\drivers\HdAudio.sys [x]
3 HDAudBus; system32\DRIVERS\HDAudBus.sys [x]
3 HidUsb; system32\DRIVERS\hidusb.sys [x]
3 HTTP; system32\drivers\HTTP.sys [x]
1 i8042prt; system32\DRIVERS\i8042prt.sys [x]
3 igfx; system32\DRIVERS\igdkmd32.sys [x]
3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [x]
0 intelide; system32\drivers\intelide.sys [x]
3 intelppm; system32\DRIVERS\intelppm.sys [x]
3 IO_Memory; \??\C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
3 IpFilterDriver; system32\DRIVERS\ipfltdrv.sys [x]
3 IpInIp; system32\DRIVERS\ipinip.sys [x]
3 IPNAT; system32\DRIVERS\ipnat.sys [x]
3 IRENUM; system32\drivers\irenum.sys [x]
3 iScsiPrt; system32\DRIVERS\msiscsi.sys [x]
1 kbdclass; system32\DRIVERS\kbdclass.sys [x]
1 kbdhid; system32\DRIVERS\kbdhid.sys [x]
0 KSecDD; System32\Drivers\ksecdd.sys [x]
2 lltdio; system32\DRIVERS\lltdio.sys [x]
3 Modem; system32\drivers\modem.sys [x]
3 monitor; system32\DRIVERS\monitor.sys [x]
1 mouclass; system32\DRIVERS\mouclass.sys [x]
3 mouhid; system32\DRIVERS\mouhid.sys [x]
0 MountMgr; System32\drivers\mountmgr.sys [x]
3 mpsdrv; System32\drivers\mpsdrv.sys [x]
3 mrxsmb; system32\DRIVERS\mrxsmb.sys [x]
3 mrxsmb10; system32\DRIVERS\mrxsmb10.sys [x]
3 mrxsmb20; system32\DRIVERS\mrxsmb20.sys [x]
0 msahci; system32\drivers\msahci.sys [x]
0 msisadrv; system32\drivers\msisadrv.sys [x]
3 MSKSSRV; system32\drivers\MSKSSRV.sys [x]
3 MSPCLOCK; system32\drivers\MSPCLOCK.sys [x]
3 MSPQM; system32\drivers\MSPQM.sys [x]
3 mssmbios; system32\DRIVERS\mssmbios.sys [x]
3 MSTEE; system32\drivers\MSTEE.sys [x]
0 Mup; System32\Drivers\mup.sys [x]
3 NativeWifiP; system32\DRIVERS\nwifi.sys [x]
0 NDIS; system32\drivers\ndis.sys [x]
3 NdisTapi; system32\DRIVERS\ndistapi.sys [x]
3 Ndisuio; system32\DRIVERS\ndisuio.sys [x]
3 NdisWan; system32\DRIVERS\ndiswan.sys [x]
1 NetBIOS; system32\DRIVERS\netbios.sys [x]
1 netbt; System32\DRIVERS\netbt.sys [x]
1 nsiproxy; system32\drivers\nsiproxy.sys [x]
3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
3 ohci1394; system32\DRIVERS\ohci1394.sys [x]
0 partmgr; System32\drivers\partmgr.sys [x]
0 pci; system32\drivers\pci.sys [x]
0 pcmcia; system32\DRIVERS\pcmcia.sys [x]
2 PEAUTH; system32\drivers\peauth.sys [x]
3 PptpMiniport; system32\DRIVERS\raspptp.sys [x]
1 PSched; system32\DRIVERS\pacer.sys [x]
0 PxHelp20; System32\Drivers\PxHelp20.sys [x]
1 RasAcd; System32\DRIVERS\rasacd.sys [x]
3 Rasl2tp; system32\DRIVERS\rasl2tp.sys [x]
3 RasPppoe; system32\DRIVERS\raspppoe.sys [x]
3 RasSstp; system32\DRIVERS\rassstp.sys [x]
1 rdbss; system32\DRIVERS\rdbss.sys [x]
1 RDPCDD; System32\DRIVERS\RDPCDD.sys [x]
1 RDPENCDD; system32\drivers\rdpencdd.sys [x]
2 rspndr; system32\DRIVERS\rspndr.sys [x]
3 RTL8169; system32\DRIVERS\Rtlh86.sys [x]
3 RTL8187B; system32\DRIVERS\RTL8187B.sys [x]
3 sdbus; system32\DRIVERS\sdbus.sys [x]
3 Sftfs; system32\DRIVERS\Sftfslh.sys [x]
3 Sftplay; system32\DRIVERS\Sftplaylh.sys [x]
3 Sftredir; system32\DRIVERS\Sftredirlh.sys [x]
3 Sftvol; system32\DRIVERS\Sftvollh.sys [x]
1 Smb; system32\DRIVERS\smb.sys [x]
3 srv; System32\DRIVERS\srv.sys [x]
3 srv2; System32\DRIVERS\srv2.sys [x]
3 srvnet; System32\DRIVERS\srvnet.sys [x]
1 ssmdrv; system32\DRIVERS\ssmdrv.sys [x]
3 SVRPEDRV; \??\C:\Windows\System32\sysprep\UP_date\PEDrv.sys [x]
3 swenum; system32\DRIVERS\swenum.sys [x]
3 SynTP; system32\DRIVERS\SynTP.sys [x]
0 Tcpip; System32\drivers\tcpip.sys [x]
3 Tcpip6; system32\DRIVERS\tcpip.sys [x]
2 tcpipreg; System32\drivers\tcpipreg.sys [x]
3 tdcmdpst; system32\DRIVERS\tdcmdpst.sys [x]
3 TDPIPE; system32\drivers\tdpipe.sys [x]
3 TDTCP; system32\drivers\tdtcp.sys [x]
1 tdx; system32\DRIVERS\tdx.sys [x]
1 TermDD; system32\DRIVERS\termdd.sys [x]
3 tifm21; system32\drivers\tifm21.sys [x]
3 Tosrfcom; [x]
0 tos_sps32; system32\DRIVERS\tos_sps32.sys [x]
3 tssecsrv; System32\DRIVERS\tssecsrv.sys [x]
3 tunmp; system32\DRIVERS\tunmp.sys [x]
3 tunnel; system32\DRIVERS\tunnel.sys [x]
0 TVALZ; system32\DRIVERS\TVALZ_O.SYS [x]
4 udfs; system32\DRIVERS\udfs.sys [x]
3 umbus; system32\DRIVERS\umbus.sys [x]
3 usbccgp; system32\DRIVERS\usbccgp.sys [x]
3 usbehci; system32\DRIVERS\usbehci.sys [x]
3 usbhub; system32\DRIVERS\usbhub.sys [x]
3 usbprint; system32\DRIVERS\usbprint.sys [x]
3 usbscan; system32\DRIVERS\usbscan.sys [x]
3 USBSTOR; system32\DRIVERS\USBSTOR.SYS [x]
3 usbuhci; system32\DRIVERS\usbuhci.sys [x]
3 usbvideo; System32\Drivers\usbvideo.sys [x]
3 vga; system32\DRIVERS\vgapnp.sys [x]
0 volmgr; system32\drivers\volmgr.sys [x]
0 volmgrx; System32\drivers\volmgrx.sys [x]
0 volsnap; system32\drivers\volsnap.sys [x]
3 Wanarp; system32\DRIVERS\wanarp.sys [x]
1 Wanarpv6; system32\DRIVERS\wanarp.sys [x]
0 Wdf01000; system32\drivers\Wdf01000.sys [x]
3 WpdUsb; system32\DRIVERS\wpdusb.sys [x]
3 WUDFRd; system32\DRIVERS\WUDFRd.sys [x]
3 yukonwlh; system32\DRIVERS\yk60x86.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-04 12:53 - 2012-06-04 12:56 - 0000000 ____D C:\FRST
2012-06-04 11:32 - 2012-06-04 11:34 - 0000821 ____A C:\Users\JonEJet\Documents\directionsIII.txt
2012-06-04 11:30 - 2012-06-04 11:30 - 0868860 ____A C:\Users\JonEJet\Downloads\FSRT.exe
2012-06-03 12:29 - 2012-06-01 10:16 - 0595968 ____A (OldTimer Tools) C:\Users\JonEJet\Documents\OTL.exe
2012-06-03 12:24 - 2012-06-03 12:24 - 0001528 ____A C:\Users\JonEJet\Documents\directionsII.txt
2012-06-03 12:16 - 2012-06-03 12:16 - 0040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-06-03 07:30 - 2012-06-03 07:30 - 0000771 ____A C:\Users\JonEJet\Documents\directions.txt
2012-06-03 07:27 - 2012-06-03 07:28 - 0000771 ____A C:\Users\JonEJet\Desktop\directions.txt
2012-06-02 23:46 - 2012-06-03 16:19 - 2137415680 __ASH C:\hiberfil.sys
2012-06-02 23:39 - 2012-06-02 23:39 - 0432370 ____A C:\Users\JonEJet\Desktop\SystemLook.txt
2012-06-02 20:39 - 2012-06-02 21:11 - 0432368 ____A C:\Users\JonEJet\Downloads\SystemLook.txt
2012-06-02 14:55 - 2012-06-02 14:55 - 98077435 ____A (Igor Pavlov) C:\Users\JonEJet\Desktop\OTLPEStd.exe
2012-06-01 12:59 - 2012-06-01 12:59 - 0000000 ____D C:\Users\JonEJet\AppData\Local\Seven Zip
2012-06-01 12:26 - 2012-06-01 12:26 - 16339280 ____A (Mozilla) C:\Users\JonEJet\Desktop\Firefox Setup 12.0.exe
2012-06-01 12:24 - 2012-06-01 12:27 - 0000857 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-06-01 10:16 - 2012-06-01 10:16 - 0595968 ____A (OldTimer Tools) C:\Users\JonEJet\Desktop\OTL.exe
2012-06-01 10:02 - 2012-06-01 10:03 - 0139264 ____A C:\Users\JonEJet\Downloads\SystemLook.exe
2012-05-31 21:23 - 2012-05-31 21:23 - 0000000 ____A C:\temp.txt
2012-05-31 21:01 - 2012-05-31 21:01 - 0000000 ____D C:\Program Files\Amazon
2012-05-31 21:00 - 2012-06-01 11:45 - 0000000 ____D C:\Program Files\Amazon Browser Bar
2012-05-31 21:00 - 2012-05-31 21:00 - 0090624 ____A C:\Users\Public\AlexaNSISPlugin.5340.dll
2012-05-31 11:30 - 2012-05-31 11:31 - 0116094 ____A C:\TDSSKiller.2.7.38.0_31.05.2012_11.30.13_log.txt
2012-05-31 10:23 - 2012-05-31 10:23 - 0000000 ____D C:\Users\JonEJet\Documents\OneNote Notebooks
2012-05-31 10:01 - 2012-06-01 12:27 - 0000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-05-31 09:41 - 2012-05-31 09:41 - 0607260 ____R (Swearware) C:\Users\JonEJet\Desktop\dds.scr
2012-05-31 09:34 - 2012-05-31 09:34 - 0302592 ____A C:\Users\JonEJet\Desktop\gmer.exe
2012-05-31 09:27 - 2012-05-31 09:27 - 0201728 ____A (OldTimer Tools) C:\Users\JonEJet\Desktop\OTC.exe
2012-05-31 09:18 - 2012-05-31 09:18 - 0000000 ____A C:\Windows\System32\sho5BF7.tmp
2012-05-30 17:53 - 2012-05-30 17:53 - 0138120 ____A (ESET) C:\Users\JonEJet\Desktop\ESETSirefefRemover.exe
2012-05-30 17:52 - 2012-05-30 17:52 - 0154916 ____A C:\Users\JonEJet\gmer.txt
2012-05-30 17:52 - 2012-05-30 17:52 - 0000495 ____A C:\Users\JonEJet\Desktop\gmer - Shortcut.lnk
2012-05-30 17:00 - 2012-05-30 17:00 - 0302592 ____A C:\Users\JonEJet\Desktop\311zqyeh.exe
2012-05-30 11:22 - 2012-05-30 11:22 - 0001788 ____A C:\Users\JonEJet\Desktop\aswMBR.txt
2012-05-30 11:22 - 2012-05-30 11:22 - 0000512 ____A C:\Users\JonEJet\Desktop\MBR.dat
2012-05-30 11:14 - 2012-05-30 11:14 - 0138472 ____A C:\Windows\Minidump\Mini053012-02.dmp
2012-05-30 11:09 - 2012-05-30 11:09 - 0138472 ____A C:\Windows\Minidump\Mini053012-01.dmp
2012-05-30 11:04 - 2012-05-30 11:05 - 4731392 ____A (AVAST Software) C:\Users\JonEJet\Desktop\aswMBR.exe
2012-05-30 10:20 - 2012-05-30 10:20 - 0000000 ____D C:\Users\JonEJet\AppData\Roaming\FixZeroAccess
2012-05-30 09:45 - 2012-05-30 09:46 - 1805736 ____A (Symantec Corporation) C:\Users\JonEJet\Desktop\FixZeroAccess.exe
2012-05-29 12:27 - 2012-05-29 12:27 - 0047616 ____A C:\Users\JonEJet\Downloads\Win32kDiag.exe
2012-05-29 11:34 - 2012-05-29 11:34 - 0302592 ____A C:\Users\JonEJet\Downloads\uyougp9z.exe
2012-05-29 11:23 - 2012-05-29 11:27 - 0000000 ____D C:\Program Files\Free Download Manager
2012-05-29 11:22 - 2012-05-29 11:22 - 0000000 ____D C:\Users\JonEJet\AppData\Roaming\Babylon
2012-05-29 11:19 - 2012-05-29 11:19 - 0809328 ____A (AirInstaller Inc.) C:\Users\JonEJet\Downloads\setup.exe
2012-05-29 11:02 - 2012-05-29 11:02 - 0000268 ____A C:\Users\JonEJet\Documents\CFScript.txt
2012-05-29 10:55 - 2012-05-29 10:55 - 0000314 ____A C:\Users\JonEJet\Documents\Note pad.txt
2012-05-29 10:52 - 2012-05-29 10:52 - 0595968 ____A (OldTimer Tools) C:\Users\JonEJet\Downloads\OTL.com
2012-05-29 10:46 - 2012-05-29 10:46 - 0080384 ____A C:\Users\JonEJet\Downloads\MBRCheck.exe
2012-05-29 10:33 - 2012-05-29 10:33 - 0000000 ____A C:\Windows\System32\shoD4F8.tmp
2012-05-28 16:49 - 2012-05-28 16:49 - 0002042 ____A C:\Users\JonEJet\Desktop\Sophos Virus Removal Tool.lnk
2012-05-28 16:49 - 2012-05-28 16:49 - 0000000 ____D C:\Program Files\Sophos
2012-05-28 16:45 - 2012-05-28 16:46 - 82493320 ____A (Sophos Limited) C:\Users\JonEJet\Downloads\Sophos Virus Removal Tool.exe
2012-05-28 15:46 - 2012-05-28 15:46 - 2127448 ____A (Kaspersky Lab ZAO) C:\Users\JonEJet\Downloads\tdsskiller(1).exe
2012-05-28 15:04 - 2012-05-28 15:46 - 0000000 ____D C:\Users\JonEJet\AppData\Local\blekkotb_031
2012-05-28 15:04 - 2012-05-28 15:04 - 0000000 ____D C:\avast! sandbox

============ 3 Months Modified Files and Folders ===============

2012-06-04 12:56 - 2012-06-04 12:53 - 0000000 ____D C:\FRST
2012-06-04 12:54 - 2008-03-31 15:54 - 0000000 ____D C:\users\JonEJet
2012-06-04 12:54 - 2006-11-02 07:18 - 0000000 ___RD C:\users\Public
2012-06-04 11:34 - 2012-06-04 11:32 - 0000821 ____A C:\Users\JonEJet\Documents\directionsIII.txt
2012-06-04 11:34 - 2007-12-11 17:06 - 1897908 ____A C:\Windows\WindowsUpdate.log
2012-06-04 11:30 - 2012-06-04 11:30 - 0868860 ____A C:\Users\JonEJet\Downloads\FSRT.exe
2012-06-04 11:28 - 2006-11-02 08:47 - 0003568 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-04 11:28 - 2006-11-02 08:47 - 0003568 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-04 00:55 - 2010-02-01 23:10 - 0000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-03 20:31 - 2006-11-02 06:33 - 0704254 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-03 16:19 - 2012-06-02 23:46 - 2137415680 __ASH C:\hiberfil.sys
2012-06-03 16:19 - 2006-11-02 09:01 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-03 15:15 - 2006-11-02 09:01 - 0032574 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-03 12:29 - 2011-01-28 15:33 - 0000000 ____D C:\7d1574fde4d4f62857c0d08caf69
2012-06-03 12:29 - 2007-11-11 11:18 - 0000000 ____D C:\DOCS
2012-06-03 12:24 - 2012-06-03 12:24 - 0001528 ____A C:\Users\JonEJet\Documents\directionsII.txt
2012-06-03 12:16 - 2012-06-03 12:16 - 0040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-06-03 07:30 - 2012-06-03 07:30 - 0000771 ____A C:\Users\JonEJet\Documents\directions.txt
2012-06-03 07:28 - 2012-06-03 07:27 - 0000771 ____A C:\Users\JonEJet\Desktop\directions.txt
2012-06-02 23:51 - 2011-04-05 21:05 - 0000000 ____D C:\Windows\ERDNT
2012-06-02 23:46 - 2007-11-06 19:27 - 0507752 ____A C:\Windows\PFRO.log
2012-06-02 23:44 - 2011-12-18 20:31 - 2675270 ____A C:\Windows\ntbtlog.txt
2012-06-02 23:39 - 2012-06-02 23:39 - 0432370 ____A C:\Users\JonEJet\Desktop\SystemLook.txt
2012-06-02 21:11 - 2012-06-02 20:39 - 0432368 ____A C:\Users\JonEJet\Downloads\SystemLook.txt
2012-06-02 14:55 - 2012-06-02 14:55 - 98077435 ____A (Igor Pavlov) C:\Users\JonEJet\Desktop\OTLPEStd.exe
2012-06-02 11:34 - 2011-05-18 16:44 - 0001356 ____A C:\Users\JonEJet\AppData\Local\d3d9caps.dat
2012-06-02 11:10 - 2006-11-02 08:52 - 0024781 ____A C:\Windows\setupact.log
2012-06-02 11:05 - 2007-11-06 18:28 - 0000000 ____D C:\Windows\System32\RTCOM
2012-06-01 12:59 - 2012-06-01 12:59 - 0000000 ____D C:\Users\JonEJet\AppData\Local\Seven Zip
2012-06-01 12:27 - 2012-06-01 12:24 - 0000857 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-06-01 12:27 - 2012-05-31 10:01 - 0000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-06-01 12:27 - 2009-07-24 21:11 - 0000000 ____D C:\Program Files\Mozilla Firefox
2012-06-01 12:26 - 2012-06-01 12:26 - 16339280 ____A (Mozilla) C:\Users\JonEJet\Desktop\Firefox Setup 12.0.exe
2012-06-01 11:45 - 2012-05-31 21:00 - 0000000 ____D C:\Program Files\Amazon Browser Bar
2012-06-01 11:35 - 2011-01-28 17:33 - 0000000 ____D C:\Users\JonEJet\AppData\Roaming\SoftGrid Client
2012-06-01 10:16 - 2012-06-03 12:29 - 0595968 ____A (OldTimer Tools) C:\Users\JonEJet\Documents\OTL.exe
2012-06-01 10:16 - 2012-06-01 10:16 - 0595968 ____A (OldTimer Tools) C:\Users\JonEJet\Desktop\OTL.exe
2012-06-01 10:03 - 2012-06-01 10:02 - 0139264 ____A C:\Users\JonEJet\Downloads\SystemLook.exe
2012-05-31 21:23 - 2012-05-31 21:23 - 0000000 ____A C:\temp.txt
2012-05-31 21:01 - 2012-05-31 21:01 - 0000000 ____D C:\Program Files\Amazon
2012-05-31 21:00 - 2012-05-31 21:00 - 0090624 ____A C:\Users\Public\AlexaNSISPlugin.5340.dll
2012-05-31 13:41 - 2008-03-31 15:57 - 0089424 ____A C:\Users\JonEJet\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-31 11:31 - 2012-05-31 11:30 - 0116094 ____A C:\TDSSKiller.2.7.38.0_31.05.2012_11.30.13_log.txt
2012-05-31 10:23 - 2012-05-31 10:23 - 0000000 ____D C:\Users\JonEJet\Documents\OneNote Notebooks
2012-05-31 09:41 - 2012-05-31 09:41 - 0607260 ____R (Swearware) C:\Users\JonEJet\Desktop\dds.scr
2012-05-31 09:34 - 2012-05-31 09:34 - 0302592 ____A C:\Users\JonEJet\Desktop\gmer.exe
2012-05-31 09:27 - 2012-05-31 09:27 - 0201728 ____A (OldTimer Tools) C:\Users\JonEJet\Desktop\OTC.exe
2012-05-31 09:19 - 2006-11-02 08:47 - 0349920 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-31 09:18 - 2012-05-31 09:18 - 0000000 ____A C:\Windows\System32\sho5BF7.tmp
2012-05-30 17:53 - 2012-05-30 17:53 - 0138120 ____A (ESET) C:\Users\JonEJet\Desktop\ESETSirefefRemover.exe
2012-05-30 17:52 - 2012-05-30 17:52 - 0154916 ____A C:\Users\JonEJet\gmer.txt
2012-05-30 17:52 - 2012-05-30 17:52 - 0000495 ____A C:\Users\JonEJet\Desktop\gmer - Shortcut.lnk
2012-05-30 17:00 - 2012-05-30 17:00 - 0302592 ____A C:\Users\JonEJet\Desktop\311zqyeh.exe
2012-05-30 11:22 - 2012-05-30 11:22 - 0001788 ____A C:\Users\JonEJet\Desktop\aswMBR.txt
2012-05-30 11:22 - 2012-05-30 11:22 - 0000512 ____A C:\Users\JonEJet\Desktop\MBR.dat
2012-05-30 11:14 - 2012-05-30 11:14 - 0138472 ____A C:\Windows\Minidump\Mini053012-02.dmp
2012-05-30 11:14 - 2011-12-24 16:50 - 194156225 ____A C:\Windows\MEMORY.DMP
2012-05-30 11:14 - 2011-12-24 16:50 - 0000000 ____D C:\Windows\Minidump
2012-05-30 11:09 - 2012-05-30 11:09 - 0138472 ____A C:\Windows\Minidump\Mini053012-01.dmp
2012-05-30 11:05 - 2012-05-30 11:04 - 4731392 ____A (AVAST Software) C:\Users\JonEJet\Desktop\aswMBR.exe
2012-05-30 10:20 - 2012-05-30 10:20 - 0000000 ____D C:\Users\JonEJet\AppData\Roaming\FixZeroAccess
2012-05-30 09:46 - 2012-05-30 09:45 - 1805736 ____A (Symantec Corporation) C:\Users\JonEJet\Desktop\FixZeroAccess.exe
2012-05-29 21:41 - 2011-04-08 13:49 - 0000000 ____D C:\Users\JonEJet\Desktop\Scapes New
2012-05-29 12:27 - 2012-05-29 12:27 - 0047616 ____A C:\Users\JonEJet\Downloads\Win32kDiag.exe
2012-05-29 11:34 - 2012-05-29 11:34 - 0302592 ____A C:\Users\JonEJet\Downloads\uyougp9z.exe
2012-05-29 11:28 - 2008-03-31 15:56 - 0000000 ____D C:\Users\JonEJet\AppData\LocalLow
2012-05-29 11:27 - 2012-05-29 11:23 - 0000000 ____D C:\Program Files\Free Download Manager
2012-05-29 11:22 - 2012-05-29 11:22 - 0000000 ____D C:\Users\JonEJet\AppData\Roaming\Babylon
2012-05-29 11:19 - 2012-05-29 11:19 - 0809328 ____A (AirInstaller Inc.) C:\Users\JonEJet\Downloads\setup.exe
2012-05-29 11:02 - 2012-05-29 11:02 - 0000268 ____A C:\Users\JonEJet\Documents\CFScript.txt
2012-05-29 10:55 - 2012-05-29 10:55 - 0000314 ____A C:\Users\JonEJet\Documents\Note pad.txt
2012-05-29 10:52 - 2012-05-29 10:52 - 0595968 ____A (OldTimer Tools) C:\Users\JonEJet\Downloads\OTL.com
2012-05-29 10:46 - 2012-05-29 10:46 - 0080384 ____A C:\Users\JonEJet\Downloads\MBRCheck.exe
2012-05-29 10:33 - 2012-05-29 10:33 - 0000000 ____A C:\Windows\System32\shoD4F8.tmp
2012-05-28 16:49 - 2012-05-28 16:49 - 0002042 ____A C:\Users\JonEJet\Desktop\Sophos Virus Removal Tool.lnk
2012-05-28 16:49 - 2012-05-28 16:49 - 0000000 ____D C:\Program Files\Sophos
2012-05-28 16:46 - 2012-05-28 16:45 - 82493320 ____A (Sophos Limited) C:\Users\JonEJet\Downloads\Sophos Virus Removal Tool.exe
2012-05-28 15:46 - 2012-05-28 15:46 - 2127448 ____A (Kaspersky Lab ZAO) C:\Users\JonEJet\Downloads\tdsskiller(1).exe
2012-05-28 15:46 - 2012-05-28 15:04 - 0000000 ____D C:\Users\JonEJet\AppData\Local\blekkotb_031
2012-05-28 15:11 - 2006-11-02 07:18 - 0000000 _SHDC C:\Windows\$NtUninstallKB46020$
2012-05-28 15:04 - 2012-05-28 15:04 - 0000000 ____D C:\avast! sandbox
2012-05-28 12:15 - 2009-07-26 00:35 - 0005120 ____A C:\Users\JonEJet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-27 10:19 - 2006-11-02 07:18 - 0000000 ____D C:\Windows\SchCache
2012-05-27 10:01 - 2012-01-01 16:22 - 0000917 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-27 10:01 - 2010-12-07 06:54 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-05-23 21:04 - 2010-02-01 23:00 - 0001982 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-05-15 12:02 - 2011-01-28 18:43 - 0000000 ____D C:\Users\JonEJet\Desktop\Scapes Old
2012-05-14 16:22 - 2011-01-28 15:06 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-10 03:09 - 2006-11-02 06:24 - 55656824 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-05-07 13:16 - 2006-11-02 06:23 - 0002577 ____A C:\Windows\System32\config.nt
2012-04-04 15:56 - 2010-12-07 06:54 - 0022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-26 08:56 - 2012-03-26 08:56 - 0000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cd0b4fdb4952f0.job
2012-03-12 20:07 - 2008-05-03 23:31 - 0000000 ____D C:\Users\JonEJet\AppData\Roaming\Adobe
2012-03-11 16:52 - 2012-03-11 16:52 - 0037623 ____A C:\Users\JonEJet\Downloads\van-halen-tour-dates-2012.jpg
2012-03-08 23:29 - 2006-11-02 07:18 - 0000000 ___SD C:\Windows\Downloaded Program Files
2012-03-08 22:57 - 2012-03-08 22:57 - 0000000 ____D C:\Users\JonEJet\Downloads\New Folder


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe
[2009-02-21 16:56] - [2008-10-29 02:29] - 2927104 ____A (Microsoft Corporation) 4F554999D7D5F05DAAEBBA7B5BA1089D

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\User32.dll
[2011-01-28 15:41] - [2008-01-19 00:36] - 0627200 ____A (Microsoft Corporation) B974D9F06DC7D1908E825DC201681269

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys
[2011-01-28 15:40] - [2008-01-19 00:42] - 0227896 ____A (Microsoft Corporation) D8B4A53DD2769F226B3EB374374987C9


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================


========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 2038.33 MB
Available physical RAM: 1664.66 MB
Total Pagefile: 1869.04 MB
Available Pagefile: 1793.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.39 MB

======================= Partitions =========================

1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: (SQ004585V03) (Fixed) (Total:110.32 GB) (Free:69.94 GB) NTFS
3 Drive x: (ReatogoPE) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 112 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Unknown 1500 MB 1024 KB
Partition 2 Primary 110 GB 1501 MB
======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 TOSHIBA SYS NTFS Partition 1500 MB Healthy
======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C SQ004585V03 NTFS Partition 110 GB Healthy
======================================================================================================

==========================================================

Last Boot:

======================= End Of Log ==========================

JonEJet
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-07-16
OS OS : XP
Points Points : 30186
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Mon Jun 04, 2012 4:39 pm

Here is systemlook under regular boot

SystemLook 30.07.11 by jpshortstuff
Log created at 13:36 on 04/06/2012 by JonEJet
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\ERDNT\cache\services.exe --a---- 279040 bytes [03:11 06/04/2011] [04:33 19/01/2008] 2B336AB6286D6C81FA02CBAB914E3C6C
C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe --a---- 279040 bytes [23:52 12/10/2008] [07:33 19/01/2008] 2B336AB6286D6C81FA02CBAB914E3C6C
C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe --a---- 279552 bytes [22:00 29/01/2011] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B
C:\Windows\System32\services.exe --a---- 279040 bytes [19:43 28/01/2011] [04:33 19/01/2008] 2B336AB6286D6C81FA02CBAB914E3C6C
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe --a---- 279552 bytes [08:35 02/11/2006] [09:45 02/11/2006] 329CF3C97CE4C19375C8ABCABAE258B0
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe --a---- 279040 bytes [19:43 28/01/2011] [04:33 19/01/2008] 2B336AB6286D6C81FA02CBAB914E3C6C

-= EOF =-

JonEJet
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-07-16
OS OS : XP
Points Points : 30186
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by Gabethebabe on Tue Jun 05, 2012 6:04 am

Hi Jon

Are you tired yet? Heh. The two scans came up with nothing. However the good news is that now more than one eye is on this topic and I got some more tips of how to deal with this nasty piece of work.

First, I see that you have malwarebytes installed. Please open Malwarebytes' Anti-Malware, click the Update tab and click Check for Updates. It is very important that you update to the latest signatures.
Then, click the Scanner tab, select Perform Quick Scan and click Scan. Please post the resulting log in your next reply.

====================

  • Please download HitMan Pro 3.6 by Surfright from [You must be registered and logged in to see this link.] and save it to your desktop.
  • Double click HitmanPro36.exe to run the scanner
  • Click Next
  • Accept the license conditions and click Next
  • Choose to do only a single scan. Do not enter any e-mail address and click Next
  • Hitman Pro will now scan your computer
  • After the scan, choose to ignore all threats - I want to have a look first, before deciding what to do
  • Click Next
  • You will now find an option to export the results of the scan to an XML file (log.xml). Please do so. Close Hitman Pro.
  • Please copy and paste the contents of log.xml into your next reply (You can open XML files with notepad)


Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Tue Jun 05, 2012 1:34 pm

I'm not tired, just hope you're not tired of me yet. You have been awesome, so once again I thank you for all your efforts.

Malwarebytes.....I tend to run that frequently, so nothing to report

Malwarebytes Anti-Malware 1.61.0.1400
[You must be registered and logged in to see this link.]

Database version: v2012.06.05.04

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
JonEJet :: JONEJET-PC [administrator]

6/5/2012 9:15:20 AM
mbam-log-2012-06-05 (09-15-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201531
Time elapsed: 16 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

JonEJet
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-07-16
OS OS : XP
Points Points : 30186
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Tue Jun 05, 2012 1:56 pm

Hitman Pro......ran it, when finished I think it may have repaired system on its own. Nevertheless, here is the log. I think we may have a winner with this hitman scan Thank You!

I don't get it, when I copy and paste it, it shows as a preview post. But once I post the scan, it goes away? Am I losing it?

Tried to even upload it, and it won't let me.

I can email it to you? I don't get it.

Saved it to notepad, and when I paste it, it doesn't show up in the post

See below


Last edited by JonEJet on Tue Jun 05, 2012 2:24 pm; edited 2 times in total

JonEJet
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-07-16
OS OS : XP
Points Points : 30186
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Tue Jun 05, 2012 2:19 pm

~[Filtered]~


Last edited by JonEJet on Tue Jun 05, 2012 2:28 pm; edited 1 time in total

JonEJet
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-07-16
OS OS : XP
Points Points : 30186
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by Gabethebabe on Tue Jun 05, 2012 2:28 pm

Two malware files were deleted, besides a bunch of cookies, but I would be highly surprised if these were our (your) main problem.

It reports a suspicious file however, and that might be interesting.

C:\Windows\system32\SearchFilterHost.exe

That is a standard windows system file and hitman pro should not find it suspicious, unless it maybe found that it has been modified.

So, just for fun, try and run combofix. I bet you will enter the same reboot loop. If it does, try and reboot into OTLPE and run systemlook with this script:

:filefind
SearchFilterHost.exe

Post the log back here. That should tell us if this is our bad guy.
glglglglglgl


Last edited by Gabethebabe on Tue Jun 05, 2012 2:30 pm; edited 1 time in total

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by Gabethebabe on Tue Jun 05, 2012 2:29 pm

I have seen the hitman pro log. Some bug in the forum software makes a mess of it, but if you quote the post, you will see it correctly.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Tue Jun 05, 2012 2:33 pm

Gotcha, thanks

JonEJet
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-07-16
OS OS : XP
Points Points : 30186
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Tue Jun 05, 2012 2:57 pm

Well, no luck with either Combofix, once again the same loop, and System look. Wow, this thing stinks

SystemLook 30.07.11 by jpshortstuff
Log created at 10:45 on 05/06/2012 by JonEJet
Administrator - Elevation successful

========== filefind ==========

Searching for " SearchFilterHost.exe"
No files found.

-= EOF =-

JonEJet
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-07-16
OS OS : XP
Points Points : 30186
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by Gabethebabe on Tue Jun 05, 2012 3:09 pm

I think I see a space before " SearchFilterHost.exe"

Can you try again, without the space? Make sure you do it in REATOGO environment, so the malware can not falsify the data.

Making a copy of the file c:\windows\system32\SearchFilterHost.exe in REATOGO environment, rebooting to normal and submitting the copy to virustotal would be a decent idea as well.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38198
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Tue Jun 05, 2012 3:41 pm

Okay, there was a space, and it made a difference

SystemLook 30.07.11 by jpshortstuff
Log created at 12:37 on 05/06/2012 by JonEJet
Administrator - Elevation successful

========== filefind ==========

Searching for "SearchFilterHost.exe"
C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_windowssearchengine_31bf3856ad364e35_6.0.6001.18000_none_4a1873b72f5a2088\SearchFilterHost.exe --a---- 76800 bytes [23:50 12/10/2008] [07:33 19/01/2008] A9092E71A164A3AE1ACC517809AFEB27
C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_windowssearchengine_31bf3856ad364e35_7.0.6002.18005_none_3d746908b76294a3\SearchFilterHost.exe --a---- 87552 bytes [22:01 29/01/2011] [06:27 11/04/2009] C9EE7FF225EAC1CB9C78C413667CDB80
C:\Windows\System32\SearchFilterHost.exe --a---- 87552 bytes [08:50 30/01/2011] [05:17 27/05/2008] 87889A983C015080FA813D7E32910D1E
C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_6.0.6000.16386_none_47e1b1bb326f0fb4\SearchFilterHost.exe --a---- 76288 bytes [12:34 02/11/2006] [12:34 02/11/2006] 78B5AE488DCD24556CF976BE0BBA82BE
C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_6.0.6001.18000_none_4a1873b72f5a2088\SearchFilterHost.exe --a---- 76800 bytes [19:44 28/01/2011] [04:33 19/01/2008] A9092E71A164A3AE1ACC517809AFEB27
C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\SearchFilterHost.exe --a---- 87552 bytes [08:50 30/01/2011] [05:17 27/05/2008] 87889A983C015080FA813D7E32910D1E

-= EOF =-

JonEJet
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-07-16
OS OS : XP
Points Points : 30186
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Tue Jun 05, 2012 3:54 pm

Virus scan

[You must be registered and logged in to see this link.]

JonEJet
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-07-16
OS OS : XP
Points Points : 30186
# Likes # Likes : 0

View user profile

Back to top Go down

Page 1 of 6 1, 2, 3, 4, 5, 6  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum