Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Pop Up Window issue cannot be removed

(In Progress)
(!)

pokeycows's Avatar
pokeycows pokeycows is offline
Computer Specs
Member with 49 posts.
THREAD STARTER
 
Join Date: Dec 2007
Experience: Intermediate
14-Jan-2012, 12:10 PM #1
Pop Up Window issue cannot be removed
Hello,

NOTE: I am having to post several times to get all the information because the site will not finish processing...

Thank you in advance for assisting me. I recently tried to install Google Chrome on my laptop and almost immediately began having troubles with pop up windows and sluggish processing.

I have tried several times to post in here and the computer keeps telling me after I have added everything that the page is busy and cannot complete. I'm not sure if this has anything to do with a possible virus. Therefore, I had to try and post this from a different laptop.

I am currently using Firefox on the infected laptop, but have been having issues with it crashing a lot, so I thought I would give Chrome a try. After starting to get the pop up window issues, I removed Chrome. I also ran Malwarebytes' Anti-Malware software to try and remove the problem. It found some issues and removed them. I then ran Spybot to remove more, it found more and I removed. I restarted my laptop, but the windows still pop up.

Symptom: When I open a new page in Firefox, a new tab pops up about some work online and make lots of money deal. When I close this tab, another window pops up asking me if I'm sure I want to navigate. I just click the 'x' to close the window. The page remains open, and when I try to close it again, another different pop up appears...I click 'x' to close it and only then am I able to close that unwanted page.


My laptop is a Gateway MX6959. Intel(R) Core(TM)2 CPU. 0.99 GB of RAM. Running Microsoft Windows XP Media Center Edition Version 2002 Service Pack 3.



Hijack This log:
*************************************************************************** *************

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:17:53 AM, on 1/13/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Documents and Settings\Owner.MCNABB_LAPTOP\My Documents\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.h...s=PTB&M=MX6959
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111228220029.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Updater For Simppull Toolbar - {C4B8BAB4-1667-11DF-A242-BA9455D89593} - C:\Program Files\simppulltoolbar\auxi\simppulltoolbAu.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKUS\S-1-5-18\..\Run: [braviax] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [braviax] (User 'Default user')
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Doyles Room - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\DoylesRoomMPP\MPPoker.exe (file missing) (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll
O18 - Filter hijack: text/html - {1cfdfd6b-d494-4648-9fe6-151b0bd28ebe} - C:\WINDOWS\system32\mst123.dll
O20 - AppInit_DLLs: cru629.dat C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL c:\windows\system32\vajapaso.dll nipujija.dll c:\windows\system32\kehifiya.dll
O21 - SSODL: SysNet - {9241381B-083A-48DD-B6ED-DB71E06DC0BF} - C:\Documents and Settings\All Users\Microsoft AData\sysnet.dll (file missing)
O21 - SSODL: tapefasut - {bb0d6cf1-3f66-4489-b7d6-7ae8a9991d4c} - c:\windows\system32\vajapaso.dll (file missing)
O21 - SSODL: sifibupin - {4c6d53b7-dfd8-4c22-8fb3-e83f5bee0b41} - c:\windows\system32\kehifiya.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: tokatiluy - {bb0d6cf1-3f66-4489-b7d6-7ae8a9991d4c} - c:\windows\system32\vajapaso.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {4c6d53b7-dfd8-4c22-8fb3-e83f5bee0b41} - c:\windows\system32\kehifiya.dll (file missing)
O23 - Service: McAfee Application Installer Cleanup (0168681326457336) (0168681326457336mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\016868~1.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 13546 bytes
pokeycows's Avatar
pokeycows pokeycows is offline
Computer Specs
Member with 49 posts.
THREAD STARTER
 
Join Date: Dec 2007
Experience: Intermediate
14-Jan-2012, 12:16 PM #2
Pop Up Window issue cannot be removed part 2...
DDS log:
*************************************************************************** **********************

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Owner at 15:27:05 on 2012-01-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.263 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\rundll32.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6959
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111228220029.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Updater For Simppull Toolbar: {c4b8bab4-1667-11df-a242-ba9455d89593} - c:\program files\simppulltoolbar\auxi\simppulltoolbAu.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [Power2GoExpress] NA
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Dell AIO Printer A940] "c:\program files\dell aio printer a940\dlbabmgr.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [braviax]
StartupFolder: c:\docume~1\owner~1.mcn\startm~1\programs\startup\greeti~1.lnk - c:\program files\greetings workshop\GWREMIND.EXE
StartupFolder: c:\docume~1\owner~1.mcn\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: mswsock.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 99.198.16.40 99.198.16.41
TCP: Interfaces\{B42BBB2B-8703-4DBB-992D-EB72641FCE03} : DhcpNameServer = 99.198.16.40 99.198.16.41
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Filter: text/html - {1cfdfd6b-d494-4648-9fe6-151b0bd28ebe} -
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: cru629.dat c:\progra~1\google\google~1\goec62~1.dll c:\windows\system32\vajapaso.dll nipujija.dll c:\windows\system32\kehifiya.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SysNet - {9241381B-083A-48DD-B6ED-DB71E06DC0BF} - c:\documents and settings\all users\microsoft adata\sysnet.dll
SSODL: tapefasut - {bb0d6cf1-3f66-4489-b7d6-7ae8a9991d4c} - c:\windows\system32\vajapaso.dll
SSODL: sifibupin - {4c6d53b7-dfd8-4c22-8fb3-e83f5bee0b41} - c:\windows\system32\kehifiya.dll
STS: tokatiluy: {bb0d6cf1-3f66-4489-b7d6-7ae8a9991d4c} - c:\windows\system32\vajapaso.dll
STS: gahurihor: {4c6d53b7-dfd8-4c22-8fb3-e83f5bee0b41} - c:\windows\system32\kehifiya.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll
LSA: Notification Packages = scecli ntzchb.dll pinadili.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner.mcnabb_laptop\application data\mozilla\firefox\profiles\e17k6qfe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=62133&p=
FF - plugin: c:\documents and settings\owner.mcnabb_laptop\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {AE18A4F2-F9A0-4337-A80D-FAB9D902C46B} - c:\documents and settings\owner.mcnabb_laptop\local settings\application data\{AE18A4F2-F9A0-4337-A80D-FAB9D902C46B}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files\mcafee\SiteAdvisor
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\owner.mcnabb_laptop\application data\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: InboxDollars: {771f3037-9885-4423-b50f-a5ede4854e26} - %profile%\extensions\{771f3037-9885-4423-b50f-a5ede4854e26}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-1-20 464176]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-5-9 89792]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-3 94880]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-5-9 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-5-9 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-5-9 214904]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-5-9 166288]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-5-9 160608]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-5-9 150856]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-1-21 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-5-9 57600]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-1-20 180816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-1-20 59456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-5-9 338176]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-5-9 83856]
S1 718c51b0;718c51b0;c:\windows\system32\drivers\718c51b0.sys [2009-9-18 0]
S2 0168681326457336mcinstcleanup;McAfee Application Installer Cleanup (0168681326457336);c:\windows\temp\016868~1.exe -cleanup -nolog --> c:\windows\temp\016868~1.EXE -cleanup -nolog [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-5-9 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-5-9 87656]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-1-20 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-1-20 40552]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-9-1 11520]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2011-10-17 21:04:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2009-09-19 19:44:03 18630 ----a-w- c:\program files\common files\ciwagyzac.dll
2009-09-19 19:44:01 12651 ----a-w- c:\program files\common files\ajukevel.exe
2009-09-19 03:02:21 14506 ----a-w- c:\program files\common files\xane.bat
2009-09-19 03:02:21 12148 ----a-w- c:\program files\common files\vepohy.bin
2009-09-15 23:01:33 18161 ----a-w- c:\program files\common files\qyfarysefu.sys
2009-09-15 23:01:33 17000 ----a-w- c:\program files\common files\kuvyso.com
2009-09-15 23:01:33 15135 ----a-w- c:\program files\common files\imyqiqor.scr
2009-09-15 23:01:33 13544 ----a-w- c:\program files\common files\docizituni.pif
.
============= FINISH: 15:29:14.26 ===============







ark.txt file contents:
*************************************************************************** ***************

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-13 18:06:49
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 HTS72101 rev.MCZO
Running: l7445057.exe; Driver: C:\DOCUME~1\OWNER~1.MCN\LOCALS~1\Temp\awlyakog.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF716F4C0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF716F4D4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF716F500]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF716F556]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF716F4AC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF716F484]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF716F498]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF716F4EA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF716F52C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF716F516]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF716F580]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF716F56C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF716F540]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF5901EBF]
.text mrxsmb.sys 9CB93000 79 Bytes [06, 0F, 83, 2D, B5, 00, 00, ...]
.text mrxsmb.sys 9CB93051 3 Bytes [84, F2, B4]
.text mrxsmb.sys 9CB93057 11 Bytes [C0, 66, FF, 46, 04, 5F, 5B, ...]
.text mrxsmb.sys 9CB93063 23 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text mrxsmb.sys 9CB9307B 117 Bytes [8B, 40, 34, 83, C0, 40, 5D, ...]
.text ...
? C:\WINDOWS\system32\DRIVERS\mrxsmb.sys suspicious PE modification
? C:\DOCUME~1\OWNER~1.MCN\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[264] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01960FEF
.text C:\WINDOWS\Explorer.EXE[264] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01960025
.text C:\WINDOWS\Explorer.EXE[264] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01960014
.text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 018E0FEF
.text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 018E0078
.text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 018E0067
.text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 018E0F8D
.text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 018E004A
.text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 018E0FA8
.text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 018E0F26
.text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 018E0F4D
.text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 018E0F0B
.text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 018E00A4
.text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 018E00BF
.text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 018E002F
.text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 018E000A
.text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 018E0F5E
.text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 018E0FC3
.text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 018E0FDE
.text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 018E0093
.text C:\WINDOWS\Explorer.EXE[264] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01CA001B
.text C:\WINDOWS\Explorer.EXE[264] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01CA0051
.text C:\WINDOWS\Explorer.EXE[264] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01CA0FCA
.text C:\WINDOWS\Explorer.EXE[264] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01CA0FDB
.text C:\WINDOWS\Explorer.EXE[264] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01CA002C
.text C:\WINDOWS\Explorer.EXE[264] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01CA0000
.text C:\WINDOWS\Explorer.EXE[264] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01CA0F94
.text C:\WINDOWS\Explorer.EXE[264] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes JMP 50C03389
.text C:\WINDOWS\Explorer.EXE[264] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01CA0FA5
.text C:\WINDOWS\Explorer.EXE[264] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01C90053
.text C:\WINDOWS\Explorer.EXE[264] msvcrt.dll!system 77C293C7 5 Bytes JMP 01C90FD2
.text C:\WINDOWS\Explorer.EXE[264] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01C90038
.text C:\WINDOWS\Explorer.EXE[264] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01C9000C
.text C:\WINDOWS\Explorer.EXE[264] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01C90FE3
.text C:\WINDOWS\Explorer.EXE[264] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01C9001D
.text C:\WINDOWS\Explorer.EXE[264] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 01C80FEF
.text C:\WINDOWS\Explorer.EXE[264] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 01C8000A
.text C:\WINDOWS\Explorer.EXE[264] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 01C80025
.text C:\WINDOWS\Explorer.EXE[264] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 01C80FD4
.text C:\WINDOWS\Explorer.EXE[264] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01DE0FEF
.text C:\WINDOWS\system32\svchost.exe[404] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00740FEF
.text C:\WINDOWS\system32\svchost.exe[404] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00740FC3
.text C:\WINDOWS\system32\svchost.exe[404] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00740FD4
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00730FEF
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0073006E
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00730053
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00730F79
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00730F8A
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00730025
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00730F48
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00730090
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007300A1
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00730F12
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00730EED
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00730036
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0073000A
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0073007F
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00730FB9
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00730FD4
.text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00730F2D
.text C:\WINDOWS\system32\svchost.exe[404] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00880FCD
.text C:\WINDOWS\system32\svchost.exe[404] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00880065
.text C:\WINDOWS\system32\svchost.exe[404] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00880FDE
.text C:\WINDOWS\system32\svchost.exe[404] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0088000A
.text C:\WINDOWS\system32\svchost.exe[404] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00880FA8
.text C:\WINDOWS\system32\svchost.exe[404] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00880FEF
.text C:\WINDOWS\system32\svchost.exe[404] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00880054
.text C:\WINDOWS\system32\svchost.exe[404] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00880039
.text C:\WINDOWS\system32\svchost.exe[404] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00760F9C
.text C:\WINDOWS\system32\svchost.exe[404] msvcrt.dll!system 77C293C7 5 Bytes JMP 00760031
.text C:\WINDOWS\system32\svchost.exe[404] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00760FC1
.text C:\WINDOWS\system32\svchost.exe[404] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00760FEF
.text C:\WINDOWS\system32\svchost.exe[404] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00760016
.text C:\WINDOWS\system32\svchost.exe[404] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00760FDE
.text C:\WINDOWS\system32\svchost.exe[404] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0075000A
.text C:\WINDOWS\system32\svchost.exe[404] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 00FE0000
.text C:\WINDOWS\system32\svchost.exe[404] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 00FE0FE5
.text C:\WINDOWS\system32\svchost.exe[404] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 00FE0FCA
.text C:\WINDOWS\system32\svchost.exe[404] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 00FE001B
.text C:\WINDOWS\system32\svchost.exe[520] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00AE0FEF
.text C:\WINDOWS\system32\svchost.exe[520] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00AE0FD4
.text C:\WINDOWS\system32\svchost.exe[520] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00AE000A
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AD0000
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AD007F
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AD0F94
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AD0FA5
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AD0FB6
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AD0051
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AD00BC
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AD00AB
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AD00E8
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AD00CD
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AD0F34
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AD0062
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AD0FE5
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AD009A
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AD0036
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AD001B
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AD0F59
.text C:\WINDOWS\system32\svchost.exe[520] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B50047
.text C:\WINDOWS\system32\svchost.exe[520] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B50073
.text C:\WINDOWS\system32\svchost.exe[520] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B5002C
.text C:\WINDOWS\system32\svchost.exe[520] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B50011
.text C:\WINDOWS\system32\svchost.exe[520] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B50FC0
.text C:\WINDOWS\system32\svchost.exe[520] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B50000
.text C:\WINDOWS\system32\svchost.exe[520] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00B50FDB
.text C:\WINDOWS\system32\svchost.exe[520] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D5, 88] {AAD 0x88}
.text C:\WINDOWS\system32\svchost.exe[520] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B50058
.text C:\WINDOWS\system32\svchost.exe[520] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B00F95
.text C:\WINDOWS\system32\svchost.exe[520] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B00FB0
.text C:\WINDOWS\system32\svchost.exe[520] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B00FD2
.text C:\WINDOWS\system32\svchost.exe[520] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B00FEF
.text C:\WINDOWS\system32\svchost.exe[520] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B00FC1
.text C:\WINDOWS\system32\svchost.exe[520] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B0000C
.text C:\WINDOWS\system32\svchost.exe[520] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AF000A
.text C:\WINDOWS\system32\svchost.exe[928] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A10000
.text C:\WINDOWS\system32\svchost.exe[928] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A10FDB
.text C:\WINDOWS\system32\svchost.exe[928] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A10011
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A00FEF
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A00F57
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A00F72
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A00040
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A00F83
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A00FAF
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A0008E
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A00F46
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A000BA
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A00F2B
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A000D5
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A00F94
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A00FD4
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A00071
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A0001B
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A0000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A0009F
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D10040
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D1006C
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D10FEF
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D10025
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D10FAF
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D10000
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00D1005B
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D10FD4
.text C:\WINDOWS\system32\svchost.exe[928] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D00F8B
.text C:\WINDOWS\system32\svchost.exe[928] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D00F9C
.text C:\WINDOWS\system32\svchost.exe[928] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D00FB7
.text C:\WINDOWS\system32\svchost.exe[928] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D00FEF
.text C:\WINDOWS\system32\svchost.exe[928] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D0000C
.text C:\WINDOWS\system32\svchost.exe[928] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D00FD2
.text C:\WINDOWS\system32\svchost.exe[928] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 00A20000
.text C:\WINDOWS\system32\svchost.exe[928] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 00A2001B
.text C:\WINDOWS\system32\svchost.exe[928] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 00A2002C
.text C:\WINDOWS\system32\svchost.exe[928] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 00A20FE5
.text C:\WINDOWS\system32\svchost.exe[928] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A30FEF
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1236] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 624199A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1236] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\lsass.exe[1452] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BA0000
.text C:\WINDOWS\system32\lsass.exe[1452] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\system32\lsass.exe[1452] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BA001B
.text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FB000A
.text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FB0F5F
.text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FB0F7A
.text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FB0F8B
.text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FB0FA8
.text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FB0FC3
.text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FB00A0
.text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FB0F4E
.text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FB00CC
.text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FB00B1
.text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FB00DD
.text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FB004A
.text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FB0FE5
.text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FB0079
.text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FB0FD4
.text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FB001B
.text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FB0F33
.text C:\WINDOWS\system32\lsass.exe[1452] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FA0FC0
.text C:\WINDOWS\system32\lsass.exe[1452] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FA0047
.text C:\WINDOWS\system32\lsass.exe[1452] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FA001B
.text C:\WINDOWS\system32\lsass.exe[1452] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FA0FE5
.text C:\WINDOWS\system32\lsass.exe[1452] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FA002C
.text C:\WINDOWS\system32\lsass.exe[1452] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FA000A
.text C:\WINDOWS\system32\lsass.exe[1452] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00FA0F8A
.text C:\WINDOWS\system32\lsass.exe[1452] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1A, 89]
.text C:\WINDOWS\system32\lsass.exe[1452] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FA0FAF
.text C:\WINDOWS\system32\lsass.exe[1452] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BD0FB2
.text C:\WINDOWS\system32\lsass.exe[1452] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BD0FCD
.text C:\WINDOWS\system32\lsass.exe[1452] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BD0022
.text C:\WINDOWS\system32\lsass.exe[1452] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BD0000
.text C:\WINDOWS\system32\lsass.exe[1452] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BD003D
.text C:\WINDOWS\system32\lsass.exe[1452] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BD0011
.text C:\WINDOWS\system32\lsass.exe[1452] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BC0000
.text C:\WINDOWS\system32\lsass.exe[1452] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\lsass.exe[1452] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\system32\lsass.exe[1452] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 00BB0025
.text C:\WINDOWS\system32\lsass.exe[1452] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 00BB0036
.text C:\WINDOWS\system32\svchost.exe[1624] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 02520FEF
.text C:\WINDOWS\system32\svchost.exe[1624] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02520FDE
.text C:\WINDOWS\system32\svchost.exe[1624] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02520014
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02560FEF
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02560F86
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0256007B
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02560F97
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0256004A
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0256002F
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02560F44
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0256008C
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02560F07
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02560F18
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 025600B1
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02560FA8
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02560FD4
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02560F6B
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02560014
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02560FC3
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02560F29
.text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02550000
.text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02550F83
.text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02550FB9
.text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02550FCA
.text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02550040
.text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02550FEF
.text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02550025
.text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02550F9E
.text C:\WINDOWS\system32\svchost.exe[1624] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02540042
.text C:\WINDOWS\system32\svchost.exe[1624] msvcrt.dll!system 77C293C7 5 Bytes JMP 0254001D
.text C:\WINDOWS\system32\svchost.exe[1624] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02540FC8
.text C:\WINDOWS\system32\svchost.exe[1624] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02540FE3
.text C:\WINDOWS\system32\svchost.exe[1624] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02540FAD
.text C:\WINDOWS\system32\svchost.exe[1624] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0254000C
.text C:\WINDOWS\system32\svchost.exe[1624] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0253000A
.text C:\WINDOWS\system32\svchost.exe[1692] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\svchost.exe[1692] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00FF0FCA
.text C:\WINDOWS\system32\svchost.exe[1692] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FF0FE5
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01150FEF
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01150FAF
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 011500A4
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01150089
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0115006C
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01150036
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 011500ED
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 011500DC
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01150134
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01150123
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0115014F
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01150047
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0115000A
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 011500BF
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01150FC0
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0115001B
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01150108
.text C:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01140040
.text C:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01140FC3
.text C:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01140FEF
.text C:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01140025
.text C:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01140080
.text C:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0114000A
.text C:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01140065
.text C:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01140FDE
.text C:\WINDOWS\system32\svchost.exe[1692] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0113002E
.text C:\WINDOWS\system32\svchost.exe[1692] msvcrt.dll!system 77C293C7 5 Bytes JMP 0113001D
.text C:\WINDOWS\system32\svchost.exe[1692] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0113000C
.text C:\WINDOWS\system32\svchost.exe[1692] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01130FEF
.text C:\WINDOWS\system32\svchost.exe[1692] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01130FAD
.text C:\WINDOWS\system32\svchost.exe[1692] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01130FDE
.text C:\WINDOWS\system32\svchost.exe[1692] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01120000
.text C:\WINDOWS\system32\svchost.exe[1692] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 01110000
.text C:\WINDOWS\system32\svchost.exe[1692] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 01110FEF
.text C:\WINDOWS\system32\svchost.exe[1692] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 01110025
.text C:\WINDOWS\system32\svchost.exe[1692] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 01110036
.text C:\WINDOWS\System32\svchost.exe[1724] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 02F30000
.text C:\WINDOWS\System32\svchost.exe[1724] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02F30022
.text C:\WINDOWS\System32\svchost.exe[1724] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02F30011
.text C:\WINDOWS\System32\svchost.exe[1724] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00FA000A
.text C:\WINDOWS\System32\svchost.exe[1724] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00F8000C
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02F20000
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02F200A1
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02F20090
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02F20075
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02F20058
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02F2002C
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02F20F63
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02F20F74
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02F200C6
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02F20F2D
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02F20F12
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02F20047
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02F20FE5
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02F20F91
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02F20011
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02F20FCA
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02F20F52
.text C:\WINDOWS\System32\svchost.exe[1724] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02FB001B
.text C:\WINDOWS\System32\svchost.exe[1724] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02FB005B
.text C:\WINDOWS\System32\svchost.exe[1724] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02FB0000
.text C:\WINDOWS\System32\svchost.exe[1724] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02FB0FD4
.text C:\WINDOWS\System32\svchost.exe[1724] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02FB0F94
.text C:\WINDOWS\System32\svchost.exe[1724] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02FB0FE5
.text C:\WINDOWS\System32\svchost.exe[1724] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02FB0036
.text C:\WINDOWS\System32\svchost.exe[1724] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02FB0FA5
.text C:\WINDOWS\System32\svchost.exe[1724] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02FA0F9F
.text C:\WINDOWS\System32\svchost.exe[1724] msvcrt.dll!system 77C293C7 5 Bytes JMP 02FA0020
.text C:\WINDOWS\System32\svchost.exe[1724] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02FA0FC1
.text C:\WINDOWS\System32\svchost.exe[1724] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02FA0FEF
.text C:\WINDOWS\System32\svchost.exe[1724] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02FA0FB0
.text C:\WINDOWS\System32\svchost.exe[1724] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02FA0FDE
.text C:\WINDOWS\System32\svchost.exe[1724] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02F90000
.text C:\WINDOWS\System32\svchost.exe[1724] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 02F8000A
.text C:\WINDOWS\System32\svchost.exe[1724] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 02F80025
.text C:\WINDOWS\System32\svchost.exe[1724] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 02F80036
.text C:\WINDOWS\System32\svchost.exe[1724] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 02F80047
.text C:\WINDOWS\system32\svchost.exe[1980] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F00000
.text C:\WINDOWS\system32\svchost.exe[1980] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F00022
.text C:\WINDOWS\system32\svchost.exe[1980] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F00011
.text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EF0FEF
.text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00EF0082
.text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EF0F8D
.text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EF005B
.text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00EF0F9E
.text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EF0025
.text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00EF00BA
.text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EF0F72
.text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EF00E6
.text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EF0F4D
.text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00EF0F32
.text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00EF0040
.text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00EF0FDE
.text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00EF009D
.text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00EF0014
.text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00EF0FB9
.text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00EF00D5
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F40FB9
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F40F6B
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F40FD4
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F40FE5
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F40F86
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F40000
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F40F97
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [14, 89] {ADC AL, 0x89}
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F40FA8
.text C:\WINDOWS\system32\svchost.exe[1980] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F30FD2
.text C:\WINDOWS\system32\svchost.exe[1980] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F30053
.text C:\WINDOWS\system32\svchost.exe[1980] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F30FE3
.text C:\WINDOWS\system32\svchost.exe[1980] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F30000
.text C:\WINDOWS\system32\svchost.exe[1980] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F30042
.text C:\WINDOWS\system32\svchost.exe[1980] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F30011
.text C:\WINDOWS\system32\svchost.exe[1980] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F20FEF
.text C:\WINDOWS\system32\svchost.exe[1980] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 00F10FEF
.text C:\WINDOWS\system32\svchost.exe[1980] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 00F1000A
.text C:\WINDOWS\system32\svchost.exe[1980] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 00F1002F
.text C:\WINDOWS\system32\svchost.exe[1980] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 00F10FDE
.text C:\WINDOWS\system32\svchost.exe[2032] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C70000
.text C:\WINDOWS\system32\svchost.exe[2032] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C70FE5
.text C:\WINDOWS\system32\svchost.exe[2032] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C7001B
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C60000
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C60F4A
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C60F6F
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C60049
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C60F80
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C60FA5
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C6006B
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C6005A
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C60EED
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C60086
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C60ED2
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C6002C
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C6001B
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C60F39
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C60FCA
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C60FDB
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C60F08
.text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C9001B
.text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C90054
.text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C90FCA
.text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C90FDB
.text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C90F8D
.text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C90000
.text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C90FA8
.text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes JMP C89FEDE5
.text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C90FB9
.text C:\WINDOWS\system32\svchost.exe[2032] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C80F9E
.text C:\WINDOWS\system32\svchost.exe[2032] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C80FC3
.text C:\WINDOWS\system32\svchost.exe[2032] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C80029
.text C:\WINDOWS\system32\svchost.exe[2032] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C80FEF
.text C:\WINDOWS\system32\svchost.exe[2032] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C80FD4
.text C:\WINDOWS\system32\svchost.exe[2032] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C8000C
.text C:\WINDOWS\System32\svchost.exe[2268] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090000
.text C:\WINDOWS\System32\svchost.exe[2268] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00090036
.text C:\WINDOWS\System32\svchost.exe[2268] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0009001B
.text C:\WINDOWS\System32\svchost.exe[2268] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0000
.text C:\WINDOWS\System32\svchost.exe[2268] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B00BD
.text C:\WINDOWS\System32\svchost.exe[2268] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B00AC
.text C:\WINDOWS\System32\svchost.exe[2268] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0091
.text C:\WINDOWS\System32\svchost.exe[2268] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0080
.text C:\WINDOWS\System32\svchost.exe[2268] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0FE5
.text C:\WINDOWS\System32\svchost.exe[2268] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B0F90
.text C:\WINDOWS\System32\svchost.exe[2268] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0FA1
.text C:\WINDOWS\System32\svchost.exe[2268] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B010E
.text C:\WINDOWS\System32\svchost.exe[2268] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B00FD
.text C:\WINDOWS\System32\svchost.exe[2268] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B0F64
.text C:\WINDOWS\System32\svchost.exe[2268] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B0FD4
.text C:\WINDOWS\System32\svchost.exe[2268] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B001B
.text C:\WINDOWS\System32\svchost.exe[2268] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B00CE
.text C:\WINDOWS\System32\svchost.exe[2268] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0051
.text C:\WINDOWS\System32\svchost.exe[2268] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B002C
.text C:\WINDOWS\System32\svchost.exe[2268] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B0F7F
.text C:\WINDOWS\System32\svchost.exe[2268] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002A0FB2
.text C:\WINDOWS\System32\svchost.exe[2268] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002A0039
.text C:\WINDOWS\System32\svchost.exe[2268] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002A0FC3
.text C:\WINDOWS\System32\svchost.exe[2268] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002A0FD4
.text C:\WINDOWS\System32\svchost.exe[2268] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002A0028
.text C:\WINDOWS\System32\svchost.exe[2268] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\System32\svchost.exe[2268] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002A0F86
.text C:\WINDOWS\System32\svchost.exe[2268] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4A, 88]
.text C:\WINDOWS\System32\svchost.exe[2268] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002A0F97
.text C:\WINDOWS\System32\svchost.exe[2268] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003F0077
.text C:\WINDOWS\System32\svchost.exe[2268] msvcrt.dll!system 77C293C7 5 Bytes JMP 003F0066
.text C:\WINDOWS\System32\svchost.exe[2268] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003F003A
.text C:\WINDOWS\System32\svchost.exe[2268] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003F0000
.text C:\WINDOWS\System32\svchost.exe[2268] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003F004B
.text C:\WINDOWS\System32\svchost.exe[2268] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003F0029
.text C:\WINDOWS\System32\svchost.exe[2268] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AC000A
.text C:\WINDOWS\system32\dllhost.exe[2752] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00E90000
.text C:\WINDOWS\system32\dllhost.exe[2752] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E90011
.text C:\WINDOWS\system32\dllhost.exe[2752] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E90FE5
.text C:\WINDOWS\system32\dllhost.exe[2752] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E8000A
.text C:\WINDOWS\system32\dllhost.exe[2752] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E80FB7
.text C:\WINDOWS\system32\dllhost.exe[2752] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E80FC8
.text C:\WINDOWS\system32\dllhost.exe[2752] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E800A2
.text C:\WINDOWS\system32\dllhost.exe[2752] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E80087
.text C:\WINDOWS\system32\dllhost.exe[2752] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E80062
.text C:\WINDOWS\system32\dllhost.exe[2752] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E80F86
.text C:\WINDOWS\system32\dllhost.exe[2752] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E800D8
.text C:\WINDOWS\system32\dllhost.exe[2752] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E8011F
.text C:\WINDOWS\system32\dllhost.exe[2752] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E80104
.text C:\WINDOWS\system32\dllhost.exe[2752] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E80F75
.text C:\WINDOWS\system32\dllhost.exe[2752] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E80FE5
.text C:\WINDOWS\system32\dllhost.exe[2752] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E8001B
.text C:\WINDOWS\system32\dllhost.exe[2752] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E800C7
.text C:\WINDOWS\system32\dllhost.exe[2752] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E80047
.text C:\WINDOWS\system32\dllhost.exe[2752] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E80036
.text C:\WINDOWS\system32\dllhost.exe[2752] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E800E9
.text C:\WINDOWS\system32\dllhost.exe[2752] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E60FA4
.text C:\WINDOWS\system32\dllhost.exe[2752] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E6002F
.text C:\WINDOWS\system32\dllhost.exe[2752] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E60FB5
.text C:\WINDOWS\system32\dllhost.exe[2752] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E60FE3
.text C:\WINDOWS\system32\dllhost.exe[2752] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E6000A
.text C:\WINDOWS\system32\dllhost.exe[2752] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E60FC6
.text C:\WINDOWS\system32\dllhost.exe[2752] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E70036
.text C:\WINDOWS\system32\dllhost.exe[2752] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E70F8A
.text C:\WINDOWS\system32\dllhost.exe[2752] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E70011
.text C:\WINDOWS\system32\dllhost.exe[2752] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E70FE5
.text C:\WINDOWS\system32\dllhost.exe[2752] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E70047
.text C:\WINDOWS\system32\dllhost.exe[2752] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E70000
.text C:\WINDOWS\system32\dllhost.exe[2752] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00E70FA5
.text C:\WINDOWS\system32\dllhost.exe[2752] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [07, 89]
.text C:\WINDOWS\system32\dllhost.exe[2752] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E70FC0
.text C:\WINDOWS\system32\dllhost.exe[2752] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E50FEF
.text C:\Program Files\Messenger\msmsgs.exe[3888] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090FEF
.text C:\Program Files\Messenger\msmsgs.exe[3888] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00090011
.text C:\Program Files\Messenger\msmsgs.exe[3888] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00090000
.text C:\Program Files\Messenger\msmsgs.exe[3888] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001C0000
.text C:\Program Files\Messenger\msmsgs.exe[3888] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001C0076
.text C:\Program Files\Messenger\msmsgs.exe[3888] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001C0F81
.text C:\Program Files\Messenger\msmsgs.exe[3888] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001C0F92
.text C:\Program Files\Messenger\msmsgs.exe[3888] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001C0051
.text C:\Program Files\Messenger\msmsgs.exe[3888] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001C0FC3
.text C:\Program Files\Messenger\msmsgs.exe[3888] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001C0F4B
.text C:\Program Files\Messenger\msmsgs.exe[3888] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001C0F5C
.text C:\Program Files\Messenger\msmsgs.exe[3888] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001C00D3
.text C:\Program Files\Messenger\msmsgs.exe[3888] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001C0F30
.text C:\Program Files\Messenger\msmsgs.exe[3888] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001C0F1F
.text C:\Program Files\Messenger\msmsgs.exe[3888] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001C0040
.text C:\Program Files\Messenger\msmsgs.exe[3888] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001C0025
.text C:\Program Files\Messenger\msmsgs.exe[3888] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001C0087
.text C:\Program Files\Messenger\msmsgs.exe[3888] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001C0FD4
.text C:\Program Files\Messenger\msmsgs.exe[3888] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001C0FEF
.text C:\Program Files\Messenger\msmsgs.exe[3888] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001C00AE
.text C:\Program Files\Messenger\msmsgs.exe[3888] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002B0055
.text C:\Program Files\Messenger\msmsgs.exe[3888] msvcrt.dll!system 77C293C7 5 Bytes JMP 002B0044
.text C:\Program Files\Messenger\msmsgs.exe[3888] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002B0FDE
.text C:\Program Files\Messenger\msmsgs.exe[3888] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002B0FEF
.text C:\Program Files\Messenger\msmsgs.exe[3888] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002B0029
.text C:\Program Files\Messenger\msmsgs.exe[3888] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002B0018
.text C:\Program Files\Messenger\msmsgs.exe[3888] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002C0FD4
.text C:\Program Files\Messenger\msmsgs.exe[3888] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002C0087
.text C:\Program Files\Messenger\msmsgs.exe[3888] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002C001B
.text C:\Program Files\Messenger\msmsgs.exe[3888] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002C0000
.text C:\Program Files\Messenger\msmsgs.exe[3888] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002C0076
.text C:\Program Files\Messenger\msmsgs.exe[3888] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002C0FE5
.text C:\Program Files\Messenger\msmsgs.exe[3888] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 002C005B
.text C:\Program Files\Messenger\msmsgs.exe[3888] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002C0040
.text C:\Program Files\Messenger\msmsgs.exe[3888] WS2_32.dll!socket 71AB4211 5 Bytes JMP 002D0000
.text C:\Program Files\Messenger\msmsgs.exe[3888] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 002E0000
.text C:\Program Files\Messenger\msmsgs.exe[3888] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 002E0FE5
.text C:\Program Files\Messenger\msmsgs.exe[3888] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 002E0025
.text C:\Program Files\Messenger\msmsgs.exe[3888] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 002E0FCA
.text C:\WINDOWS\System32\ping.exe[5656] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BA000A
.text C:\WINDOWS\System32\ping.exe[5656] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00BB000A
.text C:\WINDOWS\System32\ping.exe[5656] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A5000A
.text C:\WINDOWS\System32\ping.exe[5656] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A6000A
.text C:\WINDOWS\System32\ping.exe[5656] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A4000C
.text C:\WINDOWS\System32\ping.exe[5656] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00BE000A
.text C:\WINDOWS\System32\ping.exe[5656] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 00BF000A
.text C:\WINDOWS\System32\ping.exe[5656] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 00C0000A
.text C:\WINDOWS\System32\ping.exe[5656] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00BD000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) A68BD000-A68CF000 (73728 bytes)

---- Processes - GMER 1.0.15 ----

Process C:\WINDOWS\System32\ping.exe (*** hidden *** ) 5656

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSpqlt.sys
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSserv
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSl
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssservers
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssmain
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSvkql.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSxfum.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssinit
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsahc.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSpaxt.log
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSSofxh.log
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ???9?&??? ???????r???????????r???????????????????????????r???E??????????????0???????? ????????`???????????????????? ????????????????????? ???????????????????? ???????8?????r?????m??????????r???????????Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.?e???????????e??????? ???????=????????????? ?????????????????f???r???0?0?0?0?0?0?x???????????k?????s?l??USBSTOR???????? ??????l?????s?l?????s????? ???????r????????????? ????????????????????Dell A940???? ???????r???????????k????????????????????????r??r???C??????????????????????? ?????????????????????????????????????????????E753???<?????r????255.255.255. 0???s\???????????s?????s?u?????s????WD Drive Management devices?????? ???????????????????/?????????????D?????????r???????t???T??????su???r???????s???t???????\???r ?LegacyDriver????? ???????4????????????????????????R??????????????????k???????\??? ?????

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\NetworkService\Cookies\system@95.215.2[3].txt 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\5ZPU55K4\st[4] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\5ZPU55K4\iframe3[1].htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EAZNPW5A\errorPageStrings[1] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GB0F21AV\Lock[1].js 846 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GB0F21AV\background_gradient[1] 453 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GB0F21AV\logo[1].png 9633 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GB0F21AV\down[1] 3414 bytes
File C:\WINDOWS\$NtUninstallKB8966$\234181493 0 bytes
File C:\WINDOWS\$NtUninstallKB8966$\4141864409 0 bytes
File C:\WINDOWS\$NtUninstallKB8966$\4141864409\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB8966$\4141864409\bckfg.tmp 860 bytes
File C:\WINDOWS\$NtUninstallKB8966$\4141864409\cfg.ini 198 bytes
File C:\WINDOWS\$NtUninstallKB8966$\4141864409\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB8966$\4141864409\keywords 215 bytes
File C:\WINDOWS\$NtUninstallKB8966$\4141864409\kwrd.dll 223744 bytes
File C:\WINDOWS\$NtUninstallKB8966$\4141864409\L 0 bytes
File C:\WINDOWS\$NtUninstallKB8966$\4141864409\L\ceucmxgq 455296 bytes
File C:\WINDOWS\$NtUninstallKB8966$\4141864409\lsflt7.ver 5176 bytes
File C:\WINDOWS\$NtUninstallKB8966$\4141864409\U 0 bytes
File C:\WINDOWS\$NtUninstallKB8966$\4141864409\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB8966$\4141864409\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB8966$\4141864409\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB8966$\4141864409\U\80000000.@ 11264 bytes
File C:\WINDOWS\$NtUninstallKB8966$\4141864409\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB8966$\4141864409\U\80000032.@ 77312 bytes

---- EOF - GMER 1.0.15 ----
pokeycows's Avatar
pokeycows pokeycows is offline
Computer Specs
Member with 49 posts.
THREAD STARTER
 
Join Date: Dec 2007
Experience: Intermediate
14-Jan-2012, 02:03 PM #3
I am so sorry for the multiple posts...after I would 'submit post'...the page would tell me that it was busy...so I assumed the post did not submit. Thank you very much for deleting the duplicates! Please let me know if I missed adding any of the requested information.
pokeycows's Avatar
pokeycows pokeycows is offline
Computer Specs
Member with 49 posts.
THREAD STARTER
 
Join Date: Dec 2007
Experience: Intermediate
17-Jan-2012, 10:28 PM #4
Pop Up Window issue cannot be removed attach file attachment
I am attaching the attach.txt log file that was attached to the other duplicated posts, but not to this one. I did not realize it was not attached to this post which is the open one.

I really hope this helps to figure out the pop up malware issue. Thank you!
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
pokeycows's Avatar
pokeycows pokeycows is offline
Computer Specs
Member with 49 posts.
THREAD STARTER
 
Join Date: Dec 2007
Experience: Intermediate
19-Jan-2012, 11:21 AM #5
My computer seems to keep getting worse.

This morning I was not able to open any web browsers, could not get the task manager window to open and could not even get the computer to turn itself off. I had to manually cut the computer off. It did not seem to be locked up because I never lost control of the mouse and was able to keep telling the computer to turn off (or restart), neither of which happened as they should have.

I have no idea what could be wrong with my computer. Please help.
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,302 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
19-Jan-2012, 11:23 AM #6
Delete any existing version of ComboFix you have sitting on your desktop
Please read and follow all these instructions very carefully
Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

Download ComboFix from Here or Hereto your Desktop.
As you download it rename it to username123.exe


**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on renamed combofix.exe & follow the prompts.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Please tell us if it has cured the problems or if there are any outstanding issues
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | How to protect yourself and other Security Advice
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
pokeycows's Avatar
pokeycows pokeycows is offline
Computer Specs
Member with 49 posts.
THREAD STARTER
 
Join Date: Dec 2007
Experience: Intermediate
19-Jan-2012, 11:56 AM #7
Windows cannot find 'NIRKMD'
I thought I had disabled all the virus scans, but after starting ComboFix, one was still running. ComboFix told me to disable before hitting OK...so I did. Then I get a small blue screen with AutoScan as the title of the window. A message box pops up saying:

Windows cannot find 'NIRKMD'. I've hit ok a few times and then it seems to continue scanning. The computer then told me it had to reboot...so it did. I had the firewall and virus scans set up to resume on reboot. The computer rebooted and that blue window with AutoScan said it was

scanning for infected files...
This typically doesn't take more than 10 minutes
However...

Completed Stage_1
Completed Stage_2

Then I got the NIRKMD missing window again. What should I do?
pokeycows's Avatar
pokeycows pokeycows is offline
Computer Specs
Member with 49 posts.
THREAD STARTER
 
Join Date: Dec 2007
Experience: Intermediate
19-Jan-2012, 12:11 PM #8
I have just hit the OK button on the NIRKMD missing file window and it said it Completed Stage_3

It seems to continue processing and then pops up the same NIRKMD window, so I just hit OK. So far it has completed down to Stage_32.

Is this what ComboFix is supposed to do...or look like as it is scanning?
pokeycows's Avatar
pokeycows pokeycows is offline
Computer Specs
Member with 49 posts.
THREAD STARTER
 
Join Date: Dec 2007
Experience: Intermediate
19-Jan-2012, 12:48 PM #9
Thank you very much dvk01 for helping me. It is much appreciated!

Ok...the ComboFix finally finished and produced a log file. I started Firefox browser and the extra pop up window did not open as before.

Should I be concerned that the ComboFix report said that Windows Recovery Console is not installed?

Here is the ComboFix report:
-----------------------------------------

ComboFix 12-01-18.04 - Owner 01/19/2012 9:52.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.605 [GMT -6:00]
Running from: c:\documents and settings\Owner.MCNABB_LAPTOP\Desktop\username123.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active
.
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Microsoft AData
c:\documents and settings\All Users\Microsoft AData\t.sid
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner.MCNABB_LAPTOP\My Documents\~WRL3143.tmp
c:\documents and settings\Owner.MCNABB_LAPTOP\WINDOWS
c:\program files\Common Files\ycitilu.db
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\windows\$NtUninstallKB8966$\234181493
c:\windows\$NtUninstallKB8966$\4141864409\@
c:\windows\$NtUninstallKB8966$\4141864409\bckfg.tmp
c:\windows\$NtUninstallKB8966$\4141864409\cfg.ini
c:\windows\$NtUninstallKB8966$\4141864409\Desktop.ini
c:\windows\$NtUninstallKB8966$\4141864409\keywords
c:\windows\$NtUninstallKB8966$\4141864409\kwrd.dll
c:\windows\$NtUninstallKB8966$\4141864409\L\ceucmxgq
c:\windows\$NtUninstallKB8966$\4141864409\lsflt7.ver
c:\windows\$NtUninstallKB8966$\4141864409\U\00000001.@
c:\windows\$NtUninstallKB8966$\4141864409\U\00000002.@
c:\windows\$NtUninstallKB8966$\4141864409\U\00000004.@
c:\windows\$NtUninstallKB8966$\4141864409\U\80000000.@
c:\windows\$NtUninstallKB8966$\4141864409\U\80000004.@
c:\windows\$NtUninstallKB8966$\4141864409\U\80000032.@
c:\windows\certsystem.exe
c:\windows\digymawe.dll
c:\windows\fewovozam.scr
c:\windows\ivyz.exe
c:\windows\kb913800.exe
c:\windows\microsoftdef.dll
c:\windows\regred.exe
c:\windows\securits.com
c:\windows\spoov.exe
c:\windows\system32\CF20554.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\SET4C6.tmp
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\usexplorer.exe
c:\windows\wiaserviv.log
c:\windows\yxowavum._sy
D:\Autorun.inf
c:\windows\$NtUninstallKB8966$ . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Legacy_TDSSSERV.SYS
-------\Service_npf
.
.
((((((((((((((((((((((((( Files Created from 2011-12-19 to 2012-01-19 )))))))))))))))))))))))))))))))
.
.
2012-01-12 20:35 . 2012-01-12 23:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-01-12 20:35 . 2012-01-12 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-19 19:44 . 2009-09-19 19:44 18630 ----a-w- c:\program files\Common Files\ciwagyzac.dll
2009-09-19 19:44 . 2009-09-19 19:44 12651 ----a-w- c:\program files\Common Files\ajukevel.exe
2009-09-19 03:02 . 2009-09-19 03:02 14506 ----a-w- c:\program files\Common Files\xane.bat
2009-09-19 03:02 . 2009-09-19 03:02 12148 ----a-w- c:\program files\Common Files\vepohy.bin
2009-09-15 23:01 . 2009-09-15 23:01 18161 ----a-w- c:\program files\Common Files\qyfarysefu.sys
2009-09-15 23:01 . 2009-09-15 23:01 17000 ----a-w- c:\program files\Common Files\kuvyso.com
2009-09-15 23:01 . 2009-09-15 23:01 15135 ----a-w- c:\program files\Common Files\imyqiqor.scr
2009-09-15 23:01 . 2009-09-15 23:01 13544 ----a-w- c:\program files\Common Files\docizituni.pif
2011-04-14 19:01 . 2010-05-09 15:41 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"SigmatelSysTrayApp"="stsystra.exe" [2005-12-27 413696]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-05-24 573440]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-10 169984]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1318816]
"Dell AIO Printer A940"="c:\program files\Dell AIO Printer A940\dlbabmgr.exe" [2003-06-25 294998]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
.
c:\documents and settings\Owner.MCNABB_LAPTOP\Start Menu\Programs\Startup\
Greetings Workshop Reminders.lnk - c:\program files\Greetings Workshop\GWREMIND.EXE [1997-9-3 50688]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-9-27 385024]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2008-1-10 2168360]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscs vc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
.
R1 718c51b0;718c51b0;c:\windows\System32\drivers\718c51b0.sys [2009-09-21 0]
R3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\DRIVERS\mfendisk.sys [2011-10-15 83856]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-10-15 87656]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-10-15 89792]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2012-01-03 95200]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 160608]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-10-18 150856]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-01-21 110592]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-10-15 57600]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-10-15 338176]
S3 mfendiskmp;mfendiskmp;c:\windows\system32\DRIVERS\mfendisk.sys [2011-10-15 83856]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2008-01-27 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-06-17 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6959
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 99.198.16.40 99.198.16.41
FF - ProfilePath - c:\documents and settings\Owner.MCNABB_LAPTOP\Application Data\Mozilla\Firefox\Profiles\e17k6qfe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=62133&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {AE18A4F2-F9A0-4337-A80D-FAB9D902C46B} - c:\documents and settings\Owner.MCNABB_LAPTOP\Local Settings\Application Data\{AE18A4F2-F9A0-4337-A80D-FAB9D902C46B}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Owner.MCNABB_LAPTOP\Application Data\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: InboxDollars: {771f3037-9885-4423-b50f-a5ede4854e26} - %profile%\extensions\{771f3037-9885-4423-b50f-a5ede4854e26}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{C4B8BAB4-1667-11DF-A242-BA9455D89593} - c:\program files\simppulltoolbar\auxi\simppulltoolbAu.dll
BHO-{E4E6BF2A-1667-11DF-A01F-1F9655D89593} - (no file)
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
SharedTaskScheduler-{bb0d6cf1-3f66-4489-b7d6-7ae8a9991d4c} - c:\windows\system32\vajapaso.dll
SharedTaskScheduler-{4c6d53b7-dfd8-4c22-8fb3-e83f5bee0b41} - c:\windows\system32\kehifiya.dll
SSODL-SysNet-{9241381B-083A-48DD-B6ED-DB71E06DC0BF} - c:\documents and settings\All Users\Microsoft AData\sysnet.dll
SSODL-tapefasut-{bb0d6cf1-3f66-4489-b7d6-7ae8a9991d4c} - c:\windows\system32\vajapaso.dll
SSODL-sifibupin-{4c6d53b7-dfd8-4c22-8fb3-e83f5bee0b41} - c:\windows\system32\kehifiya.dll
AddRemove-McAfee Uninstall Utility - c:\progra~1\McAfee.com\Shared\mcappins.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-19 10:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\documents and settings\Owner.MCNABB_LAPTOP\Application Data\Western Digital\WD SmartWare\instances\16EBCFF2-0F54-4E37-BF20-DBBDCE872BBB\16ebcff2-0f54-4e37-bf20-dbbdce872bbb-inq.db3-journal
c:\documents and settings\Owner.MCNABB_LAPTOP\Application Data\Western Digital\WD SmartWare\instances\307FAB35-6134-408D-97EC-E4E0FE332463\307fab35-6134-408d-97ec-e4e0fe332463-preinq.db3-journal
c:\documents and settings\Owner.MCNABB_LAPTOP\Application Data\Western Digital\WD SmartWare\sourceq.db3-journal
.
scan completed successfully
hidden files: 3
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(804)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\Google\Google Desktop Search\GoogleDesktopHyper.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\rundll32.exe
c:\windows\eHome\ehmsas.exe
c:\windows\stsystra.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\program files\Dell AIO Printer A940\dlbabmon.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2012-01-19 10:40:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-19 16:39
.
Pre-Run: 63,442,747,392 bytes free
Post-Run: 63,501,504,512 bytes free
.
- - End Of File - - 4E6EB2A0239514C8A7032E4B574798F9
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,302 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
19-Jan-2012, 01:55 PM #10
delete the existing version of combofix from desktop & download a new version from same location. Just put it on desktop. Don't click it to run it at this stage
Make sure Mcaffee is complete disabled as it seems to be interfering with teh fix

Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)
Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished
Close any open browsers
Then drag the CFScript.txt into the ComboFix.exe or renamed combofix icon as shown in the screenshot below.







This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply


Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum

This will create a zip file inside C:\QooBox\quarantine named something like [38]-Submit_2008-01-17@17.50.zip

at the end it will pop up an alert & open your browser and ask you to send the zip file

please follow those instructions. We need to see the zip file before we can carry on with the fix

If there is no pop up alert or open browser then

please go to http://www.thespykiller.co.uk/index.php?board=1.0 and upload these files so I can examine them and if needed distribute them to antivirus companies.
Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, If there is more than 1 file then press the more attachments button for each extra file and browse and select etc and then when all the files are listed in the windows press send to upload the files ( do not post HJT logs there as they will not get dealt with)

Files to submit:
the zip file inside C:\QooBox\quarantine created by combofix named something like [38]-Submit_2008-01-17@17.50.zip

or to
http://www.bleepingcomputer.com/subm...php?channel=38

When Combofix starts to run, you should get a pop ask asking you to let it install the recovery console. please let it install
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
pokeycows's Avatar
pokeycows pokeycows is offline
Computer Specs
Member with 49 posts.
THREAD STARTER
 
Join Date: Dec 2007
Experience: Intermediate
20-Jan-2012, 10:24 AM #11
Hi dvk01,

I followed your instructions above. McAffee was disabled and ComboFix ran without interruption. The computer rebooted...I still had McAffee disabled. Once the scan was finished, I was asked to send the zip file to you electronically. It sent successfully. Here is the ComboFix report:

ComboFix 12-01-19.02 - Owner 01/20/2012 7:51.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.461 [GMT -6:00]
Running from: c:\documents and settings\Owner.MCNABB_LAPTOP\Desktop\Username123.exe
Command switches used :: c:\documents and settings\Owner.MCNABB_LAPTOP\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
file zipped: c:\program files\Common Files\ajukevel.exe
file zipped: c:\program files\Common Files\ciwagyzac.dll
file zipped: c:\program files\Common Files\docizituni.pif
file zipped: c:\program files\Common Files\imyqiqor.scr
file zipped: c:\program files\Common Files\kuvyso.com
file zipped: c:\program files\Common Files\qyfarysefu.sys
file zipped: c:\program files\Common Files\vepohy.bin
file zipped: c:\program files\Common Files\xane.bat
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\ajukevel.exe
c:\program files\Common Files\ciwagyzac.dll
c:\program files\Common Files\docizituni.pif
c:\program files\Common Files\imyqiqor.scr
c:\program files\Common Files\kuvyso.com
c:\program files\Common Files\qyfarysefu.sys
c:\program files\Common Files\vepohy.bin
c:\program files\Common Files\xane.bat
.
Infected copy of c:\windows\system32\kernel32.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\kernel32.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-12-20 to 2012-01-20 )))))))))))))))))))))))))))))))
.
.
2012-01-19 22:14 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-01-19 22:12 . 2011-11-04 19:20 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-01-19 21:51 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2012-01-12 20:35 . 2012-01-12 23:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-01-12 20:35 . 2012-01-12 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2006-06-17 10:23 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2006-06-17 10:23 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2006-06-17 10:23 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-04 19:20 . 2006-06-17 10:23 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2006-06-17 10:23 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2006-06-17 10:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2006-06-17 10:23 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2006-06-17 10:23 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2006-06-17 10:23 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2006-06-17 10:23 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2006-06-17 10:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2006-06-17 10:23 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-04 06:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-14 19:01 . 2010-05-09 15:41 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-19_16.26.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-20 13:58 . 2012-01-20 13:58 16384 c:\windows\Temp\Perflib_Perfdata_404.dat
+ 2007-07-31 01:19 . 2009-08-07 01:24 44768 c:\windows\system32\wups2.dll
+ 2006-06-17 10:38 . 2009-08-07 01:24 35552 c:\windows\system32\wups.dll
- 2007-11-13 11:31 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2007-11-13 11:31 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe
+ 2006-06-17 10:23 . 2009-10-21 05:38 75776 c:\windows\system32\strmfilt.dll
- 2006-06-17 10:23 . 2008-04-14 00:12 75776 c:\windows\system32\strmfilt.dll
+ 2006-06-17 10:23 . 2010-08-27 05:57 99840 c:\windows\system32\srvsvc.dll
+ 2006-06-17 10:23 . 2010-08-17 13:17 58880 c:\windows\system32\spoolsv.exe
- 2006-06-17 10:23 . 2008-04-14 00:12 79872 c:\windows\system32\raschap.dll
+ 2006-06-17 10:23 . 2009-10-12 13:38 79872 c:\windows\system32\raschap.dll
+ 2010-03-31 06:16 . 2010-03-31 06:16 99176 c:\windows\system32\PresentationHostProxy.dll
+ 2006-06-17 10:23 . 2012-01-20 12:27 72754 c:\windows\system32\perfc009.dat
+ 2006-06-17 10:23 . 2011-09-26 17:41 20480 c:\windows\system32\oleaccrc.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 49488 c:\windows\system32\netfxperf.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 11600 c:\windows\system32\mui\0409\mscorees.dll
+ 2004-08-04 08:56 . 2009-11-27 17:11 17920 c:\windows\system32\msyuv.dll
+ 2006-06-17 10:23 . 2009-11-27 16:07 28672 c:\windows\system32\msvidc32.dll
+ 2006-06-17 10:23 . 2009-11-27 16:07 11264 c:\windows\system32\msrle32.dll
- 2006-06-17 10:23 . 2008-04-14 00:12 11264 c:\windows\system32\msrle32.dll
- 2006-06-17 10:23 . 2009-03-08 09:31 66560 c:\windows\system32\mshtmled.dll
+ 2006-06-17 10:23 . 2011-11-04 19:20 66560 c:\windows\system32\mshtmled.dll
- 2009-03-08 09:31 . 2009-07-03 17:09 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 09:31 . 2011-11-04 19:20 55296 c:\windows\system32\msfeedsbs.dll
+ 2006-06-17 10:23 . 2009-09-04 21:03 58880 c:\windows\system32\msasn1.dll
+ 2006-06-17 10:23 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll
- 2006-06-17 10:23 . 2008-04-14 00:11 23040 c:\windows\system32\mciseq.dll
+ 2006-06-17 10:23 . 2011-11-04 19:20 25600 c:\windows\system32\jsproxy.dll
- 2006-06-17 10:23 . 2009-07-03 17:09 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-04 08:56 . 2009-11-27 16:07 48128 c:\windows\system32\iyuv_32.dll
- 2006-06-17 10:38 . 2008-04-14 00:11 81920 c:\windows\system32\isign32.dll
+ 2006-06-17 10:38 . 2010-11-18 18:12 81920 c:\windows\system32\isign32.dll
- 2006-06-17 10:23 . 2008-04-14 00:11 80384 c:\windows\system32\iccvid.dll
+ 2006-06-17 10:23 . 2010-06-17 14:03 80384 c:\windows\system32\iccvid.dll
+ 2006-06-17 10:23 . 2009-10-21 05:38 25088 c:\windows\system32\httpapi.dll
+ 2006-06-17 10:23 . 2009-10-15 16:28 81920 c:\windows\system32\fontsub.dll
- 2006-06-17 10:23 . 2009-07-29 04:37 81920 c:\windows\system32\fontsub.dll
+ 2006-06-17 10:23 . 2010-11-02 15:17 40960 c:\windows\system32\drivers\ndproxy.sys
+ 2006-06-17 10:23 . 2011-07-08 14:02 10496 c:\windows\system32\drivers\ndistapi.sys
- 2006-06-17 10:23 . 2008-04-14 00:11 45568 c:\windows\system32\dnsrslvr.dll
+ 2006-06-17 10:23 . 2009-04-20 17:17 45568 c:\windows\system32\dnsrslvr.dll
+ 2009-08-30 01:17 . 2011-11-04 19:20 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-08-30 01:17 . 2009-07-03 17:09 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2006-06-17 10:38 . 2009-08-07 01:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2006-06-17 10:38 . 2010-10-11 14:59 45568 c:\windows\system32\dllcache\wab.exe
- 2006-06-17 10:23 . 2008-04-14 00:12 75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2006-06-17 10:23 . 2009-10-21 05:38 75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2006-06-17 10:23 . 2010-08-27 05:57 99840 c:\windows\system32\dllcache\srvsvc.dll
+ 2006-06-17 10:23 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
- 2006-06-17 10:23 . 2008-04-14 00:12 79872 c:\windows\system32\dllcache\raschap.dll
+ 2006-06-17 10:23 . 2009-10-12 13:38 79872 c:\windows\system32\dllcache\raschap.dll
+ 2006-06-17 10:23 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe
+ 2006-06-17 10:23 . 2011-09-26 17:41 20480 c:\windows\system32\dllcache\oleaccrc.dll
+ 2006-06-17 10:23 . 2010-11-02 15:17 40960 c:\windows\system32\dllcache\ndproxy.sys
+ 2006-06-17 10:23 . 2011-07-08 14:02 10496 c:\windows\system32\dllcache\ndistapi.sys
+ 2004-08-04 08:56 . 2009-11-27 17:11 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2006-06-17 10:23 . 2009-11-27 16:07 28672 c:\windows\system32\dllcache\msvidc32.dll
+ 2006-06-17 10:23 . 2009-11-27 16:07 11264 c:\windows\system32\dllcache\msrle32.dll
- 2006-06-17 10:23 . 2008-04-14 00:12 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2006-06-17 10:23 . 2011-11-04 19:20 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2006-06-17 10:23 . 2009-03-08 09:31 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-08-30 01:17 . 2011-11-04 19:20 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-08-30 01:17 . 2009-07-03 17:09 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2006-06-17 10:23 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll
- 2006-06-17 10:23 . 2008-04-14 00:11 23040 c:\windows\system32\dllcache\mciseq.dll
+ 2006-06-17 10:23 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll
+ 2006-06-17 10:23 . 2011-11-04 19:20 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2006-06-17 10:23 . 2009-07-03 17:09 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-06-17 10:23 . 2011-11-04 19:20 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 08:56 . 2009-11-27 16:07 48128 c:\windows\system32\dllcache\iyuv_32.dll
- 2006-06-17 10:38 . 2008-04-14 00:11 81920 c:\windows\system32\dllcache\isign32.dll
+ 2006-06-17 10:38 . 2010-11-18 18:12 81920 c:\windows\system32\dllcache\isign32.dll
+ 2006-06-17 10:23 . 2009-10-21 05:38 25088 c:\windows\system32\dllcache\httpapi.dll
- 2006-06-17 10:23 . 2009-07-29 04:37 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2006-06-17 10:23 . 2009-10-15 16:28 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2006-06-17 10:23 . 2009-04-20 17:17 45568 c:\windows\system32\dllcache\dnsrslvr.dll
- 2006-06-17 10:23 . 2008-04-14 00:11 45568 c:\windows\system32\dllcache\dnsrslvr.dll
+ 2006-06-17 10:23 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2006-06-17 10:23 . 2010-01-13 14:01 86016 c:\windows\system32\dllcache\cabview.dll
+ 2006-06-17 10:23 . 2009-11-27 16:07 84992 c:\windows\system32\dllcache\avifil32.dll
- 2006-06-17 10:23 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2006-06-17 10:23 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2006-06-17 10:44 . 2012-01-20 13:01 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-06-17 10:44 . 2012-01-19 03:17 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-06-17 10:44 . 2012-01-19 03:17 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-06-17 10:44 . 2012-01-20 13:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-01-19 17:11 . 2012-01-20 13:01 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-06-17 10:23 . 2010-01-13 14:01 86016 c:\windows\system32\cabview.dll
+ 2006-06-17 10:23 . 2009-11-27 16:07 84992 c:\windows\system32\avifil32.dll
- 2006-06-17 10:23 . 2009-06-10 14:13 84992 c:\windows\system32\avifil32.dll
+ 2006-06-17 10:23 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll
- 2008-07-30 00:16 . 2008-07-30 00:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2010-04-08 05:48 . 2010-04-08 05:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2011-12-25 09:49 . 2011-12-25 09:49 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2009-06-25 01:56 . 2009-06-25 01:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
+ 2011-12-25 17:07 . 2011-12-25 17:07 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2011-12-25 04:55 . 2011-12-25 04:55 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2007-04-14 02:58 . 2007-04-14 02:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2011-12-25 04:55 . 2011-12-25 04:55 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2007-04-14 02:57 . 2007-04-14 02:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2007-04-14 02:57 . 2007-04-14 02:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2011-12-25 04:55 . 2011-12-25 04:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2011-12-25 05:49 . 2011-12-25 05:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2007-04-14 03:30 . 2007-04-14 03:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2011-12-25 05:49 . 2011-12-25 05:49 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2003-02-21 10:19 . 2003-02-21 10:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2007-01-15 22:11 . 2009-06-24 18:56 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\ToGac.exe
+ 2006-06-17 10:36 . 2010-02-10 00:22 81920 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Security.dll
+ 2007-01-15 22:11 . 2009-06-24 18:56 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\SetRegNI.exe
- 2006-06-17 10:36 . 2007-01-02 22:29 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
+ 2006-06-17 10:36 . 2011-07-05 21:46 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
- 2006-06-17 10:36 . 2007-01-02 22:29 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
+ 2006-06-17 10:36 . 2011-07-05 21:46 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
+ 2006-06-17 10:36 . 2011-07-06 15:57 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
- 2006-06-17 10:36 . 2008-04-13 16:10 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
+ 2006-06-17 10:36 . 2011-07-06 15:57 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
- 2006-06-17 10:36 . 2008-04-13 16:10 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
+ 2009-11-07 07:07 . 2009-11-07 07:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 13688 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 13664 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 13696 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2009-11-07 07:07 . 2009-11-07 07:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2012-01-20 04:08 . 2012-01-20 04:08 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2012-01-20 04:27 . 2009-07-03 17:09 12800 c:\windows\ie8updates\KB2618444-IE8\xpshims.dll
+ 2012-01-20 04:27 . 2009-03-08 09:31 66560 c:\windows\ie8updates\KB2618444-IE8\mshtmled.dll
+ 2012-01-20 04:27 . 2009-07-03 17:09 55296 c:\windows\ie8updates\KB2618444-IE8\msfeedsbs.dll
+ 2012-01-20 04:27 . 2009-03-08 09:34 43008 c:\windows\ie8updates\KB2618444-IE8\licmgr10.dll
+ 2012-01-20 04:27 . 2009-07-03 17:09 25600 c:\windows\ie8updates\KB2618444-IE8\jsproxy.dll
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2012-01-20 04:29 . 2012-01-20 04:29 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000. 0__b03f5f7f11d50a3a_fa06e547\System.Drawing.Design.dll
+ 2012-01-20 04:29 . 2012-01-20 04:29 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b0 3f5f7f11d50a3a_bfd61b6c\CustomMarshalers.dll
+ 2012-01-20 04:08 . 2012-01-20 04:08 90112 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300. 0__b03f5f7f11d50a3a_7efc13ec\System.Drawing.Design.dll
+ 2012-01-20 04:08 . 2012-01-20 04:08 61440 c:\windows\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b0 3f5f7f11d50a3a_2def2e26\CustomMarshalers.dll
+ 2012-01-20 12:30 . 2012-01-20 12:30 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745 ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll
+ 2012-01-20 04:47 . 2012-01-20 04:47 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\2cddd53 6dadeef050e4247682b0f6a04\UIAutomationProvider.ni.dll
+ 2012-01-20 12:48 . 2012-01-20 12:48 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\6c33456 4da041df8fb75415f2d503224\System.Windows.Presentation.ni.dll
+ 2012-01-20 12:48 . 2012-01-20 12:48 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\750de53 f30e516eb2c62de9bab7954e9\System.Web.DynamicData.Design.ni.dll
+ 2012-01-20 12:46 . 2012-01-20 12:46 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ac92806 d5bd508eb25f1b4b73a36b101\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-01-20 12:46 . 2012-01-20 12:46 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\e6a9cd6 6d11a21776dbf425e8e28099c\System.AddIn.Contract.ni.dll
+ 2012-01-20 12:25 . 2012-01-20 12:25 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\66873b5 57d5c7013e4c630361473b0c2\PresentationFontCache.ni.exe
+ 2012-01-20 12:24 . 2012-01-20 12:24 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\5b30652 a7b802199984f93b5e414260f\PresentationCFFRasterizer.ni.dll
+ 2012-01-20 12:48 . 2012-01-20 12:48 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\eaa8d72317e5b8 047e413939cc71ffba\Microsoft.Vsa.ni.dll
+ 2012-01-20 12:46 . 2012-01-20 12:46 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\aefe683 674c97a998f4e908c1a7ee7c6\Microsoft.Build.Framework.ni.dll
+ 2012-01-20 12:46 . 2012-01-20 12:46 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\845eef4 d09f28da6ee05d99f93c90f6e\Microsoft.Build.Framework.ni.dll
+ 2012-01-20 12:46 . 2012-01-20 12:46 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\ab7ce2d94ca725c3889a4e 3c1ee88ece\dfsvc.ni.exe
+ 2012-01-20 12:45 . 2012-01-20 12:45 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90f f12d0df9d7726f3ece\Accessibility.ni.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7 f11d50a3a\System.Web.RegularExpressions.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7 f11d50a3a\System.Web.RegularExpressions.dll
- 2009-08-31 08:11 . 2009-08-31 08:11 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c 561934e089\System.ServiceModel.WasHosting.dll
+ 2012-01-20 04:14 . 2012-01-20 04:14 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c 561934e089\System.ServiceModel.WasHosting.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3 a\System.Drawing.Design.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3 a\System.Drawing.Design.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f 11d50a3a\System.Configuration.Install.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f 11d50a3a\System.Configuration.Install.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Micros oft.Vsa.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Micros oft.Vsa.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03 f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03 f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d 50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d 50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d 50a3a\Microsoft.Build.Utilities.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d 50a3a\Microsoft.Build.Utilities.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d 50a3a\Microsoft.Build.Framework.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d 50a3a\Microsoft.Build.Framework.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd. dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd. dll
- 2009-08-31 08:15 . 2009-08-31 08:15 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Access ibility.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Access ibility.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrappe r.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrappe r.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\Custo mMarshalers.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\Custo mMarshalers.dll
+ 2012-01-20 04:29 . 2012-01-20 04:29 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System .Security.dll
+ 2012-01-20 04:41 . 2012-01-20 04:41 81920 c:\windows\assembly\GAC\System.Security\1.0.3300.0__b03f5f7f11d50a3a\System .Security.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-08-30 01:11 . 2011-02-17 12:32 5120 c:\windows\system32\xpsp4res.dll
+ 2001-08-18 06:36 . 2009-11-27 16:07 8704 c:\windows\system32\tsbyuv.dll
+ 2001-08-18 06:36 . 2009-11-27 16:07 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2006-06-17 10:36 . 2011-07-13 00:05 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
- 2006-06-17 10:36 . 2007-01-02 22:29 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Micr osoft_VsaVb.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Micr osoft_VsaVb.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Mi crosoft.VisualC.Dll
- 2009-08-31 08:15 . 2009-08-31 08:15 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Mi crosoft.VisualC.Dll
- 2009-08-31 08:15 . 2009-08-31 08:15 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecR emote.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecR emote.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2006-06-17 10:24 . 2009-04-02 05:02 604160 c:\windows\system32\wmspdmod.dll
+ 2006-06-17 10:23 . 2009-12-24 06:59 177664 c:\windows\system32\wintrust.dll
+ 2006-06-17 10:23 . 2011-10-14 14:47 176128 c:\windows\system32\winmm.dll
- 2006-06-17 10:23 . 2008-04-14 00:12 176128 c:\windows\system32\winmm.dll
+ 2006-06-17 10:23 . 2009-08-25 09:17 354816 c:\windows\system32\winhttp.dll
+ 2006-06-17 10:23 . 2011-03-04 06:37 420864 c:\windows\system32\vbscript.dll
+ 2006-06-17 10:23 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll
- 2006-06-17 10:23 . 2008-04-14 00:12 406016 c:\windows\system32\usp10.dll
- 2006-06-17 10:23 . 2009-03-08 09:34 105984 c:\windows\system32\url.dll
+ 2006-06-17 10:23 . 2011-11-04 19:20 105984 c:\windows\system32\url.dll
+ 2008-07-30 00:59 . 2011-09-26 17:41 611328 c:\windows\system32\uiautomationcore.dll
+ 2006-06-17 10:23 . 2010-08-27 08:02 119808 c:\windows\system32\t2embed.dll
- 2006-06-17 10:23 . 2009-07-29 04:37 119808 c:\windows\system32\t2embed.dll
- 2006-06-17 10:24 . 2008-10-03 10:02 247326 c:\windows\system32\strmdll.dll
+ 2006-06-17 10:24 . 2009-08-26 08:00 247326 c:\windows\system32\strmdll.dll
- 2006-06-17 10:23 . 2008-04-14 00:12 135168 c:\windows\system32\shsvcs.dll
+ 2006-06-17 10:23 . 2009-07-27 23:17 135168 c:\windows\system32\shsvcs.dll
- 2006-06-17 10:23 . 2008-04-14 00:12 474112 c:\windows\system32\shlwapi.dll
+ 2006-06-17 10:23 . 2009-12-08 09:23 474112 c:\windows\system32\shlwapi.dll
+ 2006-06-17 10:23 . 2011-01-21 14:44 439296 c:\windows\system32\shimgvw.dll
+ 2006-06-17 10:23 . 2011-04-29 17:25 151552 c:\windows\system32\schannel.dll
- 2006-06-17 10:23 . 2006-10-09 21:12 291840 c:\windows\system32\sbe.dll
+ 2006-06-17 10:23 . 2011-02-04 23:48 291840 c:\windows\system32\sbe.dll
+ 2006-06-17 10:23 . 2010-08-16 08:45 590848 c:\windows\system32\rpcrt4.dll
+ 2006-06-17 10:23 . 2009-10-12 13:38 149504 c:\windows\system32\rastls.dll
+ 2010-03-31 06:10 . 2010-03-31 06:10 295264 c:\windows\system32\PresentationHost.exe
+ 2006-06-17 10:23 . 2012-01-20 12:27 445044 c:\windows\system32\perfh009.dat
+ 2006-06-17 10:23 . 2010-12-20 17:32 551936 c:\windows\system32\oleaut32.dll
- 2006-06-17 10:23 . 2008-04-14 00:12 551936 c:\windows\system32\oleaut32.dll
+ 2006-06-17 10:23 . 2011-09-26 17:41 220160 c:\windows\system32\oleacc.dll
- 2006-06-17 10:23 . 2008-04-14 00:12 249856 c:\windows\system32\odbc32.dll
+ 2006-06-17 10:23 . 2010-11-09 14:52 249856 c:\windows\system32\odbc32.dll
- 2006-06-17 10:23 . 2009-07-03 17:09 206848 c:\windows\system32\occache.dll
+ 2006-06-17 10:23 . 2011-11-04 19:20 206848 c:\windows\system32\occache.dll
+ 2006-06-17 10:23 . 2009-10-13 10:30 270336 c:\windows\system32\oakley.dll
- 2006-06-17 10:23 . 2008-04-14 00:12 270336 c:\windows\system32\oakley.dll
+ 2006-06-17 10:23 . 2010-12-09 15:15 718336 c:\windows\system32\ntdll.dll
+ 2006-06-17 10:23 . 2008-06-20 16:02 245248 c:\windows\system32\mswsock.dll
- 2006-06-17 10:23 . 2008-06-20 17:46 245248 c:\windows\system32\mswsock.dll
+ 2006-06-17 10:23 . 2009-09-11 14:18 136192 c:\windows\system32\msv1_0.dll
- 2006-06-17 10:23 . 2009-06-25 08:25 136192 c:\windows\system32\msv1_0.dll
+ 2006-06-17 10:35 . 2011-01-27 11:57 677888 c:\windows\system32\mstsc.exe
- 2006-06-17 10:35 . 2008-04-14 00:12 677888 c:\windows\system32\mstsc.exe
+ 2006-06-17 10:23 . 2011-11-04 19:20 611840 c:\windows\system32\mstime.dll
- 2006-06-17 10:23 . 2009-03-08 09:32 611840 c:\windows\system32\mstime.dll
+ 2006-06-17 10:35 . 2009-12-16 18:43 343040 c:\windows\system32\mspaint.exe
- 2006-06-17 10:35 . 2008-04-14 00:12 343040 c:\windows\system32\mspaint.exe
+ 2009-03-08 09:32 . 2011-11-04 19:20 602112 c:\windows\system32\msfeeds.dll
+ 2009-11-06 03:17 . 2009-11-06 03:17 297808 c:\windows\system32\mscoree.dll
- 2006-10-19 02:47 . 2006-10-19 02:47 317440 c:\windows\system32\MP4SDECD.dll
+ 2006-10-19 02:47 . 2010-03-30 18:24 317440 c:\windows\system32\mp4sdecd.dll
+ 2006-06-17 10:23 . 2011-02-08 13:33 974848 c:\windows\system32\mfc42u.dll
+ 2006-06-17 10:23 . 2011-02-08 13:33 978944 c:\windows\system32\mfc42.dll
+ 2006-06-17 10:23 . 2010-09-18 06:53 953856 c:\windows\system32\mfc40u.dll
+ 2006-06-17 10:23 . 2010-09-18 06:53 954368 c:\windows\system32\mfc40.dll
- 2006-06-17 10:23 . 2009-06-25 08:25 730112 c:\windows\system32\lsasrv.dll
+ 2006-06-17 10:23 . 2010-12-20 17:26 730112 c:\windows\system32\lsasrv.dll
+ 2006-06-17 10:23 . 2010-12-22 12:34 301568 c:\windows\system32\kerberos.dll
- 2006-06-17 10:23 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll
+ 2006-06-17 10:23 . 2011-03-04 06:37 726528 c:\windows\system32\jscript.dll
- 2006-06-17 10:23 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll
+ 2006-06-17 10:38 . 2011-10-10 14:22 692736 c:\windows\system32\inetcomm.dll
+ 2006-06-17 10:23 . 2011-11-04 19:20 184320 c:\windows\system32\iepeers.dll
- 2006-06-17 10:23 . 2009-07-03 17:09 184320 c:\windows\system32\iepeers.dll
+ 2006-06-17 10:23 . 2011-11-04 19:20 387584 c:\windows\system32\iedkcs32.dll
+ 2006-06-17 10:23 . 2011-11-04 11:24 174080 c:\windows\system32\ie4uinit.exe
+ 2006-06-17 03:30 . 2012-01-20 12:22 229592 c:\windows\system32\FNTCACHE.DAT
- 2006-06-17 03:30 . 2011-05-04 23:04 229592 c:\windows\system32\FNTCACHE.DAT
- 2006-06-17 10:23 . 2006-10-09 21:12 456192 c:\windows\system32\encdec.dll
+ 2006-06-17 10:23 . 2011-10-14 23:38 456192 c:\windows\system32\encdec.dll
+ 2006-06-17 10:23 . 2010-02-11 12:02 226880 c:\windows\system32\drivers\tcpip6.sys
+ 2006-06-17 10:23 . 2011-02-17 13:18 357888 c:\windows\system32\drivers\srv.sys
- 2006-06-17 10:35 . 2008-04-14 00:13 139656 c:\windows\system32\drivers\rdpwd.sys
+ 2006-06-17 10:35 . 2011-06-24 14:10 139656 c:\windows\system32\drivers\rdpwd.sys
+ 2006-06-17 10:23 . 2011-04-21 13:37 105472 c:\windows\system32\drivers\mup.sys
+ 2006-06-17 10:23 . 2011-07-15 13:29 456320 c:\windows\system32\drivers\mrxsmb.sys
+ 2004-08-04 07:00 . 2009-10-20 16:20 265728 c:\windows\system32\drivers\http.sys
- 2006-06-17 10:23 . 2008-08-14 10:04 138496 c:\windows\system32\drivers\afd.sys
+ 2006-06-17 10:23 . 2011-08-17 13:49 138496 c:\windows\system32\drivers\afd.sys
+ 2006-06-17 10:23 . 2011-03-03 06:55 149504 c:\windows\system32\dnsapi.dll
+ 2006-06-17 10:35 . 2010-07-12 12:55 218112 c:\windows\system32\dllcache\wordpad.exe
+ 2006-06-17 10:24 . 2009-04-02 05:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
+ 2006-06-17 10:23 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
- 2006-06-17 10:23 . 2008-04-14 00:12 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2006-06-17 10:23 . 2011-11-25 21:57 293376 c:\windows\system32\dllcache\winsrv.dll
- 2006-06-17 10:23 . 2008-04-14 00:12 176128 c:\windows\system32\dllcache\winmm.dll
+ 2006-06-17 10:23 . 2011-10-14 14:47 176128 c:\windows\system32\dllcache\winmm.dll
+ 2006-06-17 10:23 . 2011-11-04 19:20 916992 c:\windows\system32\dllcache\wininet.dll
+ 2006-06-17 10:23 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2009-03-08 09:33 . 2011-04-30 03:01 758784 c:\windows\system32\dllcache\vgx.dll
+ 2006-06-17 10:23 . 2011-03-04 06:37 420864 c:\windows\system32\dllcache\vbscript.dll
- 2006-06-17 10:23 . 2008-04-14 00:12 406016 c:\windows\system32\dllcache\usp10.dll
+ 2006-06-17 10:23 . 2010-04-16 15:36 406016 c:\windows\system32\dllcache\usp10.dll
- 2006-06-17 10:23 . 2009-03-08 09:34 105984 c:\windows\system32\dllcache\url.dll
+ 2006-06-17 10:23 . 2011-11-04 19:20 105984 c:\windows\system32\dllcache\url.dll
+ 2006-06-17 10:23 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2006-06-17 10:23 . 2010-08-27 08:02 119808 c:\windows\system32\dllcache\t2embed.dll
- 2006-06-17 10:23 . 2009-07-29 04:37 119808 c:\windows\system32\dllcache\t2embed.dll
- 2006-06-17 10:24 . 2008-10-03 10:02 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2006-06-17 10:24 . 2009-08-26 08:00 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2006-06-17 10:23 . 2011-02-17 13:18 357888 c:\windows\system32\dllcache\srv.sys
+ 2006-06-17 10:23 . 2009-07-27 23:17 135168 c:\windows\system32\dllcache\shsvcs.dll
- 2006-06-17 10:23 . 2008-04-14 00:12 135168 c:\windows\system32\dllcache\shsvcs.dll
- 2006-06-17 10:23 . 2008-04-14 00:12 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2006-06-17 10:23 . 2009-12-08 09:23 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2006-06-17 10:23 . 2011-01-21 14:44 439296 c:\windows\system32\dllcache\shimgvw.dll
+ 2006-06-17 10:23 . 2011-04-29 17:25 151552 c:\windows\system32\dllcache\schannel.dll
+ 2006-06-17 10:23 . 2011-02-04 23:48 291840 c:\windows\system32\dllcache\sbe.dll
- 2006-06-17 10:23 . 2006-10-09 21:12 291840 c:\windows\system32\dllcache\sbe.dll
+ 2006-06-17 10:23 . 2010-08-16 08:45 590848 c:\windows\system32\dllcache\rpcrt4.dll
- 2006-06-17 10:35 . 2008-04-14 00:13 139656 c:\windows\system32\dllcache\rdpwd.sys
+ 2006-06-17 10:35 . 2011-06-24 14:10 139656 c:\windows\system32\dllcache\rdpwd.sys
+ 2006-06-17 10:23 . 2009-10-12 13:38 149504 c:\windows\system32\dllcache\rastls.dll
+ 2006-06-17 10:23 . 2011-11-03 15:28 386048 c:\windows\system32\dllcache\qdvd.dll
- 2006-06-17 10:23 . 2008-04-14 00:12 386048 c:\windows\system32\dllcache\qdvd.dll
+ 2006-06-17 10:23 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll
- 2006-06-17 10:23 . 2008-04-14 00:12 551936 c:\windows\system32\dllcache\oleaut32.dll
+ 2006-06-17 10:23 . 2011-09-26 17:41 220160 c:\windows\system32\dllcache\oleacc.dll
+ 2006-06-17 10:23 . 2010-11-09 14:52 249856 c:\windows\system32\dllcache\odbc32.dll
- 2006-06-17 10:23 . 2008-04-14 00:12 249856 c:\windows\system32\dllcache\odbc32.dll
- 2006-06-17 10:23 . 2009-07-03 17:09 206848 c:\windows\system32\dllcache\occache.dll
+ 2006-06-17 10:23 . 2011-11-04 19:20 206848 c:\windows\system32\dllcache\occache.dll
- 2006-06-17 10:23 . 2008-04-14 00:12 270336 c:\windows\system32\dllcache\oakley.dll
+ 2006-06-17 10:23 . 2009-10-13 10:30 270336 c:\windows\system32\dllcache\oakley.dll
+ 2006-06-17 10:23 . 2010-12-09 15:15 718336 c:\windows\system32\dllcache\ntdll.dll
+ 2006-06-17 10:23 . 2011-04-21 13:37 105472 c:\windows\system32\dllcache\mup.sys
- 2006-06-17 10:23 . 2008-06-20 17:46 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2006-06-17 10:23 . 2008-06-20 16:02 245248 c:\windows\system32\dllcache\mswsock.dll
- 2006-06-17 10:23 . 2009-06-25 08:25 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2006-06-17 10:23 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2006-06-17 10:23 . 2011-11-04 19:20 611840 c:\windows\system32\dllcache\mstime.dll
- 2006-06-17 10:23 . 2009-03-08 09:32 611840 c:\windows\system32\dllcache\mstime.dll
- 2006-06-17 10:35 . 2008-04-14 00:12 343040 c:\windows\system32\dllcache\mspaint.exe
+ 2006-06-17 10:35 . 2009-12-16 18:43 343040 c:\windows\system32\dllcache\mspaint.exe
+ 2010-11-09 14:52 . 2010-11-09 14:52 102400 c:\windows\system32\dllcache\msjro.dll
+ 2009-08-30 01:17 . 2011-11-04 19:20 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2006-06-17 10:38 . 2010-11-09 14:52 200704 c:\windows\system32\dllcache\msadox.dll
- 2006-06-17 10:38 . 2008-04-14 00:11 200704 c:\windows\system32\dllcache\msadox.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 180224 c:\windows\system32\dllcache\msadomd.dll
- 2006-06-17 10:38 . 2008-04-14 00:11 536576 c:\windows\system32\dllcache\msado15.dll
+ 2006-06-17 10:38 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 143360 c:\windows\system32\dllcache\msadco.dll
+ 2006-06-17 10:23 . 2011-07-15 13:29 456320 c:\windows\system32\dllcache\mrxsmb.sys
+ 2010-03-30 18:24 . 2010-03-30 18:24 317440 c:\windows\system32\dllcache\mp4sdecd.dll
+ 2006-06-17 10:23 . 2011-02-08 13:33 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2006-06-17 10:23 . 2011-02-08 13:33 978944 c:\windows\system32\dllcache\mfc42.dll
+ 2006-06-17 10:23 . 2010-09-18 06:53 953856 c:\windows\system32\dllcache\mfc40u.dll
+ 2006-06-17 10:23 . 2010-09-18 06:53 954368 c:\windows\system32\dllcache\mfc40.dll
- 2006-06-17 10:23 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2006-06-17 10:23 . 2010-12-20 17:26 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2006-06-17 10:35 . 2011-01-27 11:57 677888 c:\windows\system32\dllcache\lhmstsc.exe
- 2006-06-17 10:35 . 2008-04-14 00:12 677888 c:\windows\system32\dllcache\lhmstsc.exe
+ 2006-06-17 10:23 . 2010-12-22 12:34 301568 c:\windows\system32\dllcache\kerberos.dll
- 2006-06-17 10:23 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
- 2006-06-17 10:23 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll
+ 2006-06-17 10:23 . 2011-03-04 06:37 726528 c:\windows\system32\dllcache\jscript.dll
+ 2006-06-17 10:38 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2009-08-30 01:17 . 2011-11-04 19:20 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2006-06-17 10:23 . 2009-07-03 17:09 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2006-06-17 10:23 . 2011-11-04 19:20 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2006-06-17 10:23 . 2011-11-04 19:20 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2006-06-17 10:23 . 2011-11-04 11:24 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-04 07:00 . 2009-10-20 16:20 265728 c:\windows\system32\dllcache\http.sys
- 2006-06-17 10:38 . 2008-04-14 00:12 744448 c:\windows\system32\dllcache\helpsvc.exe
+ 2006-06-17 10:38 . 2010-06-14 14:31 744448 c:\windows\system32\dllcache\helpsvc.exe
+ 2006-06-17 10:23 . 2011-10-14 23:38 456192 c:\windows\system32\dllcache\encdec.dll
- 2006-06-17 10:23 . 2006-10-09 21:12 456192 c:\windows\system32\dllcache\encdec.dll
+ 2006-06-17 10:23 . 2011-03-03 06:55 149504 c:\windows\system32\dllcache\dnsapi.dll
- 2006-06-17 10:23 . 2008-04-14 00:11 599040 c:\windows\system32\dllcache\crypt32.dll
+ 2006-06-17 10:23 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll
- 2006-06-17 10:23 . 2008-04-14 00:11 617472 c:\windows\system32\dllcache\comctl32.dll
+ 2006-06-17 10:23 . 2010-08-23 16:12 617472 c:\windows\system32\dllcache\comctl32.dll
+ 2006-06-17 10:23 . 2011-02-15 12:56 290432 c:\windows\system32\dllcache\atmfd.dll
- 2006-06-17 10:23 . 2008-08-14 10:04 138496 c:\windows\system32\dllcache\afd.sys
+ 2006-06-17 10:23 . 2011-08-17 13:49 138496 c:\windows\system32\dllcache\afd.sys
+ 2006-06-17 10:23 . 2010-02-12 04:33 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2006-06-17 10:23 . 2011-09-28 07:06 599040 c:\windows\system32\crypt32.dll
- 2006-06-17 10:23 . 2008-04-14 00:11 599040 c:\windows\system32\crypt32.dll
+ 2009-07-28 21:52 . 2012-01-20 13:01 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-07-28 21:52 . 2012-01-19 03:17 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2006-06-17 10:23 . 2010-08-23 16:12 617472 c:\windows\system32\comctl32.dll
- 2006-06-17 10:23 . 2008-04-14 00:11 617472 c:\windows\system32\comctl32.dll
+ 2006-06-17 10:23 . 2011-02-15 12:56 290432 c:\windows\system32\atmfd.dll
+ 2006-06-17 10:23 . 2010-02-12 04:33 100864 c:\windows\system32\6to4svc.dll
- 2006-06-17 10:38 . 2008-04-14 00:12 744448 c:\windows\pchealth\helpctr\binaries\helpsvc.exe
+ 2006-06-17 10:38 . 2010-06-14 14:31 744448 c:\windows\pchealth\helpctr\binaries\helpsvc.exe
+ 2010-03-31 06:16 . 2010-03-31 06:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2010-04-08 05:48 . 2010-04-08 05:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
- 2008-07-30 00:16 . 2008-07-30 00:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-04-08 05:48 . 2010-04-08 05:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2011-12-25 09:49 . 2011-12-25 09:49 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2010-02-09 18:22 . 2010-02-09 18:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2008-07-25 16:17 . 2008-07-25 16:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2011-07-07 11:18 . 2011-07-07 11:18 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-03-25 12:15 . 2011-03-25 12:15 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-07-07 11:18 . 2011-07-07 11:18 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2007-04-14 02:58 . 2007-04-14 02:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2011-12-25 04:55 . 2011-12-25 04:55 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-14 02:56 . 2007-04-14 02:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2011-12-25 04:53 . 2011-12-25 04:53 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2007-04-14 03:30 . 2007-04-14 03:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2011-12-25 05:49 . 2011-12-25 05:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2006-06-17 10:36 . 2011-07-05 21:44 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
- 2006-06-17 10:36 . 2004-07-20 09:54 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
- 2006-06-17 10:36 . 2008-04-13 16:09 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
+ 2006-06-17 10:36 . 2011-07-06 15:57 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
+ 2011-12-25 11:40 . 2011-12-25 11:40 819200 c:\windows\Installer\283effa.msp
+ 2010-02-25 06:14 . 2010-02-25 06:14 543232 c:\windows\Installer\283ef88.msp
+ 2012-01-20 04:08 . 2012-01-20 04:08 429568 c:\windows\Installer\283ef81.msi
+ 2012-01-20 04:27 . 2009-07-03 17:09 915456 c:\windows\ie8updates\KB2618444-IE8\wininet.dll
+ 2012-01-20 04:27 . 2009-03-08 09:34 105984 c:\windows\ie8updates\KB2618444-IE8\url.dll
+ 2012-01-20 04:27 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2618444-IE8\spuninst\updspapi.dll
+ 2012-01-20 04:27 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2618444-IE8\spuninst\spuninst.exe
+ 2012-01-20 04:27 . 2009-07-03 17:09 206848 c:\windows\ie8updates\KB2618444-IE8\occache.dll
+ 2012-01-20 04:27 . 2009-03-08 09:32 611840 c:\windows\ie8updates\KB2618444-IE8\mstime.dll
+ 2012-01-20 04:27 . 2009-07-03 17:09 594432 c:\windows\ie8updates\KB2618444-IE8\msfeeds.dll
+ 2012-01-20 04:27 . 2009-07-03 17:09 246272 c:\windows\ie8updates\KB2618444-IE8\ieproxy.dll
+ 2012-01-20 04:27 . 2009-07-03 17:09 184320 c:\windows\ie8updates\KB2618444-IE8\iepeers.dll
+ 2012-01-20 04:27 . 2009-03-08 09:35 742912 c:\windows\ie8updates\KB2618444-IE8\iedvtool.dll
+ 2012-01-20 04:27 . 2009-07-03 17:09 386048 c:\windows\ie8updates\KB2618444-IE8\iedkcs32.dll
+ 2012-01-20 04:27 . 2009-07-03 11:01 173056 c:\windows\ie8updates\KB2618444-IE8\ie4uinit.exe
+ 2012-01-20 04:07 . 2009-03-08 09:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll
+ 2012-01-20 04:07 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll
+ 2012-01-20 04:07 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
+ 2012-01-20 04:08 . 2009-03-08 09:33 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
+ 2012-01-20 04:08 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
+ 2012-01-20 04:08 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
+ 2012-01-20 04:08 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll
- 2005-08-06 04:06 . 2006-10-09 21:12 107008 c:\windows\ehome\mstvcapn.dll
+ 2005-08-06 04:06 . 2011-11-02 15:25 107008 c:\windows\ehome\mstvcapn.dll
+ 2008-11-12 16:26 . 2011-07-15 13:29 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\Driver Cache\i386\http.sys
+ 2009-08-31 08:15 . 2009-08-31 08:15 303104 c:\windows\assembly\temp\3CKS08GOW4\System.Runtime.Remoting.dll
+ 2012-01-20 04:30 . 2012-01-20 04:30 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f 5f7f11d50a3a_950eb0ba\System.Drawing.dll
+ 2012-01-20 04:30 . 2012-01-20 04:30 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000. 0__b03f5f7f11d50a3a_c8695e65\System.Drawing.Design.dll
+ 2012-01-20 04:30 . 2012-01-20 04:30 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b0 3f5f7f11d50a3a_d5564b27\CustomMarshalers.dll
+ 2012-01-20 04:08 . 2012-01-20 04:08 847872 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f 5f7f11d50a3a_780a5660\System.Drawing.dll
+ 2012-01-20 12:46 . 2012-01-20 12:46 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\c8627df7adb416722 d8e0f05c57fef6b\WsatConfig.ni.exe
+ 2012-01-20 12:31 . 2012-01-20 12:31 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a2c1bb3 c5b1447b398e72c56091ca571\WindowsFormsIntegration.ni.dll
+ 2012-01-20 12:30 . 2012-01-20 12:30 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f102afdffd be2565bcedb7fa0626b865\UIAutomationTypes.ni.dll
+ 2012-01-20 04:47 . 2012-01-20 04:47 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\1d1a920a8e 798c76879d56b151789d3e\UIAutomationTypes.ni.dll
+ 2012-01-20 12:30 . 2012-01-20 12:30 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\ba55240b7 753047f8d1b03ef473bf74e\UIAutomationClient.ni.dll
+ 2012-01-20 12:49 . 2012-01-20 12:49 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\566b2e11e7f3 f6d973b17b86cf42f9bc\System.Xml.Linq.ni.dll
+ 2012-01-20 12:48 . 2012-01-20 12:48 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\0bda7bdfa f440d5dd4bc6a1dea7ffa39\System.Web.Routing.ni.dll
+ 2012-01-20 12:48 . 2012-01-20 12:48 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\018b6e4 8c32d5b5d78086998e3505f1c\System.Web.RegularExpressions.ni.dll
+ 2012-01-20 12:48 . 2012-01-20 12:48 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6e29f9f aa74a48b83a13a3413b826295\System.Web.Extensions.Design.ni.dll
+ 2012-01-20 12:48 . 2012-01-20 12:48 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\be8965fe85 9bc53dff61579bf626858b\System.Web.Entity.ni.dll
+ 2012-01-20 12:48 . 2012-01-20 12:48 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\8441b3e b247e0344fede848337ee911c\System.Web.Entity.Design.ni.dll
+ 2012-01-20 12:48 . 2012-01-20 12:48 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\09c6a41 f187ba483486cdb92dad714a1\System.Web.DynamicData.ni.dll
+ 2012-01-20 12:48 . 2012-01-20 12:48 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\5efb726 d424b9712632eff749411fa89\System.Web.Abstractions.ni.dll
+ 2012-01-20 12:48 . 2012-01-20 12:48 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633 af87989355382b5039f1b7df\System.Transactions.ni.dll
+ 2012-01-20 12:48 . 2012-01-20 12:48 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f 2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
+ 2012-01-20 12:46 . 2012-01-20 12:46 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\36c12de583ee 81e9c99acb72b09d77ac\System.Security.ni.dll
+ 2012-01-20 12:48 . 2012-01-20 12:48 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\81096bf e85eb0da5f05e8a127ffa43b2\System.Runtime.Serialization.Formatters.Soap.ni.d ll
+ 2012-01-20 12:48 . 2012-01-20 12:48 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\b2a84980f20643182 1d85d5155d5916f\System.Net.ni.dll
+ 2012-01-20 12:48 . 2012-01-20 12:48 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e 59d73d6d692cf74e1ba16e\System.Management.ni.dll
+ 2012-01-20 12:48 . 2012-01-20 12:48 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\f36eded 354122da9555a6c7cdbdb5431\System.Management.Instrumentation.ni.dll
+ 2012-01-20 12:45 . 2012-01-20 12:45 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\20a77c41ee1236 2d303fb2574fcd5a24\System.IO.Log.ni.dll
+ 2012-01-20 12:45 . 2012-01-20 12:45 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\41c3a2f cffc58b20023c7d54e57ea956\System.IdentityModel.Selectors.ni.dll
+ 2012-01-20 12:48 . 2012-01-20 12:48 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792be f8a100a055db88848836a7d88\System.EnterpriseServices.Wrapper.dll
+ 2012-01-20 12:48 . 2012-01-20 12:48 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792be f8a100a055db88848836a7d88\System.EnterpriseServices.ni.dll
+ 2012-01-20 12:28 . 2012-01-20 12:28 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\896eca0 6e2d9377b2dc4fad56ce49b07\System.Drawing.Design.ni.dll
+ 2012-01-20 12:48 . 2012-01-20 12:48 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\33e9b0c 368c31ef37a2ec7b5a181044b\System.DirectoryServices.Protocols.ni.dll
+ 2012-01-20 12:47 . 2012-01-20 12:47 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\11cdd1c 0d65428cd3505d3813d36638c\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-01-20 12:47 . 2012-01-20 12:47 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e5ada33 2a9bc3c982e6aede6ba354196\System.Data.Services.Client.ni.dll
+ 2012-01-20 12:47 . 2012-01-20 12:47 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3f179f3 73f31817a914b639a56cc0497\System.Data.Services.Design.ni.dll
+ 2012-01-20 12:47 . 2012-01-20 12:47 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\f374e8e 7849a72d1470b4a6a0771a137\System.Data.Entity.Design.ni.dll
+ 2012-01-20 12:47 . 2012-01-20 12:47 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\b9d9ff5 d03e90ede1116794f2c7dd6da\System.Data.DataSetExtensions.ni.dll
+ 2012-01-20 12:46 . 2012-01-20 12:46 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720 436dc6cb76006377f295ea365\System.Configuration.ni.dll
+ 2012-01-20 12:48 . 2012-01-20 12:48 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\29d7091 f6eab0ec61c4eb625ed221b73\System.Configuration.Install.ni.dll
+ 2012-01-20 12:46 . 2012-01-20 12:46 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\3048737e9e3bf51 73121a084337256bc\System.AddIn.ni.dll
+ 2012-01-20 12:46 . 2012-01-20 12:46 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6e45cf503f025c5fe8 14ea7e52f62a78\SMSvcHost.ni.exe
+ 2012-01-20 12:46 . 2012-01-20 12:46 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\474a341340f687 bcbd7777f2820a8c7a\SMDiagnostics.ni.dll
+ 2012-01-20 12:46 . 2012-01-20 12:46 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\439732479756 e0f6df88d29e50a402bf\ServiceModelReg.ni.exe
+ 2012-01-20 04:50 . 2012-01-20 04:50 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d548bac fbb5e860debf12027d4b753ae\PresentationFramework.Classic.ni.dll
+ 2012-01-20 12:26 . 2012-01-20 12:26 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c2ebcc8 d60422f224b4088f3d7a2ac1f\PresentationFramework.Luna.ni.dll
+ 2012-01-20 12:26 . 2012-01-20 12:26 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94cfc00 ad448575bfb0e67c53b514cd5\PresentationFramework.Aero.ni.dll
+ 2012-01-20 12:26 . 2012-01-20 12:26 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\478d57d 96f3d8d5fc15c7ac635a4a6a1\PresentationFramework.Classic.ni.dll
+ 2012-01-20 04:50 . 2012-01-20 04:50 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\24b04dd 14603fb47394499ecfedc4afb\PresentationFramework.Royale.ni.dll
+ 2012-01-20 12:26 . 2012-01-20 12:26 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\23c5852 ff8ed973ff9b63ce9ba7f91f0\PresentationFramework.Royale.ni.dll
+ 2012-01-20 04:50 . 2012-01-20 04:50 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0a1dbf1 7855d43bdf5c904709fdfe1cd\PresentationFramework.Aero.ni.dll
+ 2012-01-20 04:50 . 2012-01-20 04:50 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\088d163 21ba4b13795060bb8b9bc4d09\PresentationFramework.Luna.ni.dll
+ 2012-01-20 12:46 . 2012-01-20 12:46 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\04595f414c49cf2a65b3 49648ba23e62\MSBuild.ni.exe
+ 2012-01-20 12:46 . 2012-01-20 12:46 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\4cbd7ed 9fbf9f1b3cbdf23906cc0f5a3\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-01-20 12:46 . 2012-01-20 12:46 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\ff6d489 2775fd1f9b137f7c92ea453f2\Microsoft.Build.Utilities.ni.dll
+ 2012-01-20 12:46 . 2012-01-20 12:46 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\47ff072 0cb80a0fc0bbd15ddc3d12adc\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-01-20 12:46 . 2012-01-20 12:46 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\da112c5 757e3c68d6369b6aa46cc9682\Microsoft.Build.Engine.ni.dll
+ 2012-01-20 12:46 . 2012-01-20 12:46 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\dc278e1 123086ae32fec8f7e9751db14\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-01-20 12:46 . 2012-01-20 12:46 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191 ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll
+ 2012-01-20 12:46 . 2012-01-20 12:46 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\4e68d5df30b197f f72c75f1c3c24b949\ComSvcConfig.ni.exe
+ 2012-01-20 12:45 . 2012-01-20 12:45 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\bfcea15c9590986 0c4f4ac19bd7a2d6c\AspNetMMCExt.ni.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\ System.Web.Services.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\ System.Web.Services.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\Sy stem.Web.Mobile.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\Sy stem.Web.Mobile.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3 a\System.ServiceProcess.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3 a\System.ServiceProcess.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\Syst em.Security.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\Syst em.Security.dll
+ 2012-01-20 04:14 . 2012-01-20 04:14 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c56 1934e089\System.Runtime.Serialization.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2 .0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2 .0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e 089\System.Runtime.Remoting.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e 089\System.Runtime.Remoting.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\Sys tem.Messaging.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\Sys tem.Messaging.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\Sy stem.Management.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\Sy stem.Management.dll
+ 2012-01-20 04:14 . 2012-01-20 04:14 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089 \System.IdentityModel.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\Syste m.Drawing.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\Syste m.Drawing.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d5 0a3a\System.DirectoryServices.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d5 0a3a\System.DirectoryServices.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b0 3f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b0 3f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\Sy stem.Deployment.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\Sy stem.Deployment.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\S ystem.Data.SqlXml.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\S ystem.Data.SqlXml.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a \System.configuration.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a \System.configuration.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dl l
- 2009-08-31 08:15 . 2009-08-31 08:15 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dl l
- 2009-08-31 08:11 . 2009-08-31 08:11 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiag nostics.dll
+ 2012-01-20 04:14 . 2012-01-20 04:14 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiag nostics.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3 a\Microsoft.VisualBasic.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3 a\Microsoft.VisualBasic.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b 03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b 03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0 .0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0 .0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Mi crosoft.JScript.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Mi crosoft.JScript.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3 a\Microsoft.Build.Tasks.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3 a\Microsoft.Build.Tasks.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a 3a\Microsoft.Build.Engine.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a 3a\Microsoft.Build.Engine.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetM MCExt.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetM MCExt.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\Sy stem.Transactions.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\Sy stem.Transactions.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50 a3a\System.EnterpriseServices.Wrapper.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50 a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50 a3a\System.EnterpriseServices.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50 a3a\System.EnterpriseServices.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e0 89\System.Data.OracleClient.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e0 89\System.Data.OracleClient.dll
+ 2006-06-17 10:23 . 2009-11-21 15:51 471552 c:\windows\AppPatch\aclayers.dll
+ 2012-01-19 21:54 . 2010-10-23 00:51 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.2 2509_x-ww_c7dad023\GdiPlus.dll
+ 2012-01-19 22:18 . 2010-08-23 16:12 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
+ 2009-07-21 06:03 . 2009-07-21 06:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2006-06-17 10:24 . 2010-04-06 10:52 2462720 c:\windows\system32\WMVCore.dll
+ 2006-06-17 10:23 . 2011-11-04 19:20 1212416 c:\windows\system32\urlmon.dll
+ 2006-06-17 10:23 . 2011-01-21 14:44 8462336 c:\windows\system32\shell32.dll
- 2006-06-17 10:23 . 2008-04-14 00:12 1435648 c:\windows\system32\query.dll
+ 2006-06-17 10:23 . 2009-07-17 16:22 1435648 c:\windows\system32\query.dll
+ 2008-08-30 13:43 . 2009-07-31 16:05 1372672 c:\windows\system32\msxml6.dll
+ 2009-07-21 06:05 . 2009-07-21 06:05 1348432 c:\windows\system32\msxml4.dll
+ 2006-06-17 10:23 . 2010-06-14 07:41 1172480 c:\windows\system32\msxml3.dll
+ 2006-06-17 10:35 . 2011-02-02 07:58 2067456 c:\windows\system32\mstscax.dll
+ 2006-06-17 10:23 . 2011-11-04 19:20 5978112 c:\windows\system32\mshtml.dll
+ 2009-03-08 09:32 . 2011-11-04 19:20 2000384 c:\windows\system32\iertutil.dll
+ 2006-06-17 10:24 . 2010-04-06 10:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
+ 2006-06-17 10:23 . 2011-11-23 13:25 1859584 c:\windows\system32\dllcache\win32k.sys
+ 2006-06-17 10:23 . 2011-11-04 19:20 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2006-06-17 10:23 . 2011-01-21 14:44 8462336 c:\windows\system32\dllcache\shell32.dll
+ 2006-06-17 10:23 . 2009-07-17 16:22 1435648 c:\windows\system32\dllcache\query.dll
- 2006-06-17 10:23 . 2008-04-14 00:12 1435648 c:\windows\system32\dllcache\query.dll
+ 2006-06-17 10:23 . 2011-11-03 15:28 1292288 c:\windows\system32\dllcache\quartz.dll
+ 2006-06-17 10:23 . 2011-11-01 16:07 1288704 c:\windows\system32\dllcache\ole32.dll
+ 2008-10-15 10:29 . 2011-10-25 13:33 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2004-08-04 06:59 . 2011-10-25 12:52 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-15 10:29 . 2011-10-25 12:52 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2006-06-17 10:23 . 2011-10-25 13:37 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-08-30 13:43 . 2009-07-31 16:05 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2006-06-17 10:23 . 2010-06-14 07:41 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2006-06-17 10:38 . 2010-01-29 15:01 1315328 c:\windows\system32\dllcache\msoe.dll
- 2006-06-17 10:38 . 2009-07-10 13:27 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2006-06-17 10:23 . 2011-11-04 19:20 5978112 c:\windows\system32\dllcache\mshtml.dll
+ 2006-06-17 10:35 . 2011-02-02 07:58 2067456 c:\windows\system32\dllcache\lhmstscx.dll
+ 2009-08-30 01:17 . 2011-11-04 19:20 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2009-11-07 07:06 . 2009-11-07 07:06 1130824 c:\windows\system32\dfshim.dll
+ 2010-04-08 05:48 . 2010-04-08 05:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2011-03-25 12:15 . 2011-03-25 12:15 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2008-07-25 16:17 . 2008-07-25 16:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2011-12-25 09:50 . 2011-12-25 09:50 5246976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2011-04-29 03:50 . 2011-04-29 03:50 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-07-07 11:18 . 2011-07-07 11:18 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2011-07-07 11:18 . 2011-07-07 11:18 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-12-25 17:07 . 2011-12-25 17:07 2064384 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2011-12-25 17:06 . 2011-12-25 17:06 1269760 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2007-04-14 03:35 . 2007-04-14 03:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2011-12-25 17:06 . 2011-12-25 17:06 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2011-12-25 04:54 . 2011-12-25 04:54 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2007-04-14 02:57 . 2007-04-14 02:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2011-12-25 04:53 . 2011-12-25 04:53 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2007-04-14 02:50 . 2007-04-14 02:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2011-12-25 17:06 . 2011-12-25 17:06 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2006-06-17 10:36 . 2011-07-13 00:04 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
- 2006-06-17 10:36 . 2007-01-02 22:40 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
+ 2006-06-17 10:36 . 2011-07-05 21:45 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
- 2006-06-17 10:36 . 2007-12-17 11:59 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
+ 2006-06-17 10:36 . 2011-07-05 21:46 2408448 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
+ 2006-06-17 10:36 . 2011-07-13 00:05 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
- 2006-06-17 10:36 . 2007-01-02 22:21 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
+ 2011-05-02 06:06 . 2011-05-02 06:06 2705920 c:\windows\Installer\2a32345.msp
+ 2009-11-09 06:25 . 2009-11-09 06:25 1935360 c:\windows\Installer\283efca.msp
+ 2011-12-26 15:59 . 2011-12-26 15:59 4368896 c:\windows\Installer\283efaf.msp
+ 2010-04-12 04:17 . 2010-04-12 04:17 2607104 c:\windows\Installer\283ef95.msp
+ 2010-04-12 04:17 . 2010-04-12 04:17 4210688 c:\windows\Installer\283ef94.msp
+ 2012-01-20 04:27 . 2009-07-03 17:09 1208832 c:\windows\ie8updates\KB2618444-IE8\urlmon.dll
+ 2012-01-20 04:27 . 2009-07-19 13:18 5937152 c:\windows\ie8updates\KB2618444-IE8\mshtml.dll
+ 2012-01-20 04:27 . 2009-07-03 17:09 1985536 c:\windows\ie8updates\KB2618444-IE8\iertutil.dll
+ 2008-10-15 10:29 . 2011-10-25 13:33 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-15 10:29 . 2011-10-25 12:52 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-15 10:29 . 2011-10-25 12:52 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-15 10:29 . 2011-10-25 13:37 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2012-01-20 04:29 . 2012-01-20 04:29 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934 e089_b7c3a088\System.dll
+ 2012-01-20 04:30 . 2012-01-20 04:30 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934 e089_a48fc1af\System.dll
+ 2012-01-20 04:30 . 2012-01-20 04:30 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c56 1934e089_77f51477\System.Xml.dll
+ 2012-01-20 04:29 . 2012-01-20 04:29 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c56 1934e089_1d34a9e4\System.Xml.dll
+ 2012-01-20 04:29 . 2012-01-20 04:29 3035136 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0 __b77a5c561934e089_f2820eb0\System.Windows.Forms.dll
+ 2012-01-20 04:30 . 2012-01-20 04:30 7917568 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0 __b77a5c561934e089_6dca7e06\System.Windows.Forms.dll
+ 2012-01-20 04:30 . 2012-01-20 04:30 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f 5f7f11d50a3a_ef491a37\System.Drawing.dll
+ 2012-01-20 04:30 . 2012-01-20 04:30 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5 f7f11d50a3a_ed9cf86e\System.Design.dll
+ 2012-01-20 04:30 . 2012-01-20 04:30 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5 f7f11d50a3a_70933dff\System.Design.dll
+ 2012-01-20 04:30 . 2012-01-20 04:30 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c5619 34e089_e0d4e501\mscorlib.dll
+ 2012-01-20 04:30 . 2012-01-20 04:30 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c5619 34e089_0c0ba2cb\mscorlib.dll
+ 2012-01-20 04:08 . 2012-01-20 04:08 1855488 c:\windows\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934 e089_319514f6\System.dll
+ 2012-01-20 04:08 . 2012-01-20 04:08 2027520 c:\windows\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c56 1934e089_f4712f6a\System.Xml.dll
+ 2012-01-20 04:08 . 2012-01-20 04:08 2953216 c:\windows\assembly\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0 __b77a5c561934e089_88366fc9\System.Windows.Forms.dll
+ 2012-01-20 04:08 . 2012-01-20 04:08 1454080 c:\windows\assembly\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5 f7f11d50a3a_9ca7e77e\System.Design.dll
+ 2012-01-20 04:08 . 2012-01-20 04:08 3301376 c:\windows\assembly\NativeImages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c5619 34e089_59d0e211\mscorlib.dll
+ 2012-01-20 12:24 . 2012-01-20 12:24 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e 896a1402749ca495\WindowsBase.ni.dll
+ 2012-01-20 12:30 . 2012-01-20 12:30 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\55d4813 580b1e5d268ff0564942cee9c\UIAutomationClientsideProviders.ni.dll
+ 2012-01-20 04:50 . 2012-01-20 04:50 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB0F.tmp\ReachFramewo rk.dll
+ 2012-01-20 12:23 . 2012-01-20 12:23 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9ba e319f2bfb13\System.ni.dll
+ 2012-01-20 12:30 . 2012-01-20 12:30 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6 037eda7a59a0aeb\System.Xml.ni.dll
+ 2012-01-20 12:49 . 2012-01-20 12:49 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\05c2911 8462056cf810df0b6aa660d05\System.WorkflowServices.ni.dll
+ 2012-01-20 12:49 . 2012-01-20 12:49 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\26b3258 c559dc0ab6bdce481ffd458b3\System.Workflow.Runtime.ni.dll
+ 2012-01-20 12:49 . 2012-01-20 12:49 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\1642d1b 72cd84caf24cbe7c5e8fd8368\System.Workflow.ComponentModel.ni.dll
+ 2012-01-20 12:48 . 2012-01-20 12:49 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\32ce12c 3c2049f2df94c44c94b052e16\System.Workflow.Activities.ni.dll
+ 2012-01-20 12:48 . 2012-01-20 12:48 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f63ae131 0e004777e880f28377bcddd2\System.Web.Services.ni.dll
+ 2012-01-20 12:48 . 2012-01-20 12:48 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\c99b02434e 71ca9898bebbc08d63e885\System.Web.Mobile.ni.dll
+ 2012-01-20 12:48 . 2012-01-20 12:48 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c8f78b9 e94857fdf6c2a378dd1629ee0\System.Web.Extensions.ni.dll
+ 2012-01-20 12:29 . 2012-01-20 12:29 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\10d7daa3d1e62a 0e40587cdc707be93f\System.Speech.ni.dll
+ 2012-01-20 12:48 . 2012-01-20 12:48 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ae749b0 24162e9ac79110c633b5ce6be\System.ServiceModel.Web.ni.dll
+ 2012-01-20 12:45 . 2012-01-20 12:45 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\afd6134 c090faf8c29cd64d4835142b2\System.Runtime.Serialization.ni.dll
+ 2012-01-20 12:29 . 2012-01-20 12:29 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\0f8e14bfdb27 645fb1a92ce26f9bf521\System.Printing.ni.dll
+ 2012-01-20 12:45 . 2012-01-20 12:45 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\23eb461 8c9d171be9fb551a13a475a32\System.IdentityModel.ni.dll
+ 2012-01-20 12:27 . 2012-01-20 12:27 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7e f654651141bf9419090\System.Drawing.ni.dll
+ 2012-01-20 12:47 . 2012-01-20 12:47 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\91cd88a 803768151c6262853d3454ba7\System.DirectoryServices.ni.dll
+ 2012-01-20 12:47 . 2012-01-20 12:47 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\cc5ac99e8a f2738e85cda5525fdd944f\System.Deployment.ni.dll
+ 2012-01-20 12:27 . 2012-01-20 12:27 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0 a45f67de685db90c\System.Data.ni.dll
+ 2012-01-20 12:46 . 2012-01-20 12:46 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ef748704f 543a8791e23387652d34dfb\System.Data.SqlXml.ni.dll
+ 2012-01-20 12:47 . 2012-01-20 12:47 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\f35064c 125799df650c1a959d8fa450b\System.Data.Services.ni.dll
+ 2012-01-20 12:27 . 2012-01-20 12:27 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\d96a94076ac b8e0c5a96a1b2de4b3a7a\System.Data.Linq.ni.dll
+ 2012-01-20 12:47 . 2012-01-20 12:47 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\a3ce22c2a 84fdcb008d72d230ee0b2c0\System.Data.Entity.ni.dll
+ 2012-01-20 12:27 . 2012-01-20 12:27 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\d507b9e0e50e4537 93ee5e01c07a5485\System.Core.ni.dll
+ 2012-01-20 12:27 . 2012-01-20 12:27 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\714e950425556 5bd9076fe13628e104a\ReachFramework.ni.dll
+ 2012-01-20 12:27 . 2012-01-20 12:27 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\7dc6ee14234b0 686182ced75f7dae990\PresentationUI.ni.dll
+ 2012-01-20 12:24 . 2012-01-20 12:24 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b42ad51 5bb20ec1f1250c040371c6730\PresentationBuildTasks.ni.dll
+ 2012-01-20 12:46 . 2012-01-20 12:46 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a86c127 88293105a0d9fda1bc90c90bc\Microsoft.VisualBasic.ni.dll
+ 2012-01-20 12:46 . 2012-01-20 12:46 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\ce1ecd6 02ca089eb13a9b428dc7f0449\Microsoft.Transactions.Bridge.ni.dll
+ 2012-01-20 12:48 . 2012-01-20 12:48 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\8ad32b7225 8899177c07dc5912b5b748\Microsoft.JScript.ni.dll
+ 2012-01-20 12:46 . 2012-01-20 12:46 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\50e7c5e b58c982dba7b21cd10a69b095\Microsoft.Build.Tasks.ni.dll
+ 2012-01-20 12:46 . 2012-01-20 12:46 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\415cef6 abab5bb959f200f6c537bc289\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-01-20 12:46 . 2012-01-20 12:46 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\eea7bcc 8d356e3f2dcb4f36dfc1c6bc0\Microsoft.Build.Engine.ni.dll
+ 2012-01-20 04:26 . 2012-01-20 04:26 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsB ase.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XM L.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XM L.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089 \System.Windows.Forms.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089 \System.Windows.Forms.dll
- 2009-08-31 08:17 . 2009-08-31 08:17 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e3 5\System.Web.Extensions.dll
+ 2012-01-20 04:31 . 2012-01-20 04:31 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e3 5\System.Web.Extensions.dll
+ 2012-01-20 04:14 . 2012-01-20 04:14 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\ System.ServiceModel.dll
- 2009-08-31 08:15 . 2009-08-31 08:15 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System .Design.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System .Design.dll
+ 2012-01-20 04:26 . 2012-01-20 04:26 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e3 5\PresentationFramework.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web. dll
- 2009-08-31 08:15 . 2009-08-31 08:15 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Dat a.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Dat a.dll
- 2009-08-31 08:11 . 2009-08-31 08:11 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\Prese ntationCore.dll
+ 2012-01-20 04:26 . 2012-01-20 04:26 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\Prese ntationCore.dll
+ 2012-01-20 04:51 . 2012-01-20 04:51 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2008-01-14 04:09 . 2008-01-14 04:09 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2012-01-20 04:29 . 2012-01-20 04:29 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2012-01-20 04:29 . 2012-01-20 04:29 2064384 c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\S ystem.Windows.Forms.dll
+ 2012-01-20 04:29 . 2012-01-20 04:29 1269760 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web. dll
+ 2012-01-20 04:08 . 2012-01-20 04:08 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web. dll
- 2008-11-02 19:34 . 2008-11-02 19:34 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web. dll
- 2006-06-17 10:24 . 2009-07-14 04:43 10841088 c:\windows\system32\wmp.dll
+ 2006-06-17 10:24 . 2010-08-26 05:36 10841088 c:\windows\system32\wmp.dll
+ 2012-01-20 04:33 . 2012-01-04 23:15 52128560 c:\windows\system32\MRT.exe
+ 2009-03-08 09:39 . 2011-11-04 19:20 11081728 c:\windows\system32\ieframe.dll
+ 2006-06-17 10:24 . 2010-08-26 05:36 10841088 c:\windows\system32\dllcache\wmp.dll
- 2006-06-17 10:24 . 2009-07-14 04:43 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2009-07-19 23:48 . 2011-11-04 19:20 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2011-12-26 23:02 . 2011-12-26 23:02 12482048 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2656353\M2656353Unins tall.msp
+ 2011-03-28 09:27 . 2011-03-28 09:27 15456256 c:\windows\Installer\2a3234e.msp
+ 2011-07-12 02:43 . 2011-07-12 02:43 11641344 c:\windows\Installer\2a3233d.msp
+ 2011-12-26 15:02 . 2011-12-26 15:02 19677184 c:\windows\Installer\283eff3.msp
+ 2010-03-31 07:23 . 2010-03-31 07:23 15638528 c:\windows\Installer\283efd7.msp
+ 2010-04-12 04:17 . 2010-04-12 04:17 14599680 c:\windows\Installer\283efa4.msp
+ 2012-01-20 04:27 . 2009-07-19 23:48 11067392 c:\windows\ie8updates\KB2618444-IE8\ieframe.dll
+ 2012-01-20 12:30 . 2012-01-20 12:30 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9 ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
+ 2012-01-20 12:48 . 2012-01-20 12:48 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b23366 7c7c5a47a32ad93\System.Web.ni.dll
+ 2012-01-20 12:46 . 2012-01-20 12:46 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\2dac4fc0 06596760cd4988d0bfd52ff0\System.ServiceModel.ni.dll
+ 2012-01-20 12:27 . 2012-01-20 12:27 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\9e15d80ffb037e 9171fa4bd2e0233497\System.Design.ni.dll
+ 2012-01-20 12:26 . 2012-01-20 12:26 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0544889 24fcc579cce9fa0209dafe28b\PresentationFramework.ni.dll
+ 2012-01-20 12:25 . 2012-01-20 12:25 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713e ca304eaa9d86fc17edb96\PresentationCore.ni.dll
+ 2012-01-20 12:23 . 2012-01-20 12:23 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839ab be7d4bc9c6721\mscorlib.ni.dll
+ 2012-01-20 04:45 . 2012-01-20 04:45 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\44ecf972f11f3c23878 2da31f27df7e5\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"SigmatelSysTrayApp"="stsystra.exe" [2005-12-27 413696]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-05-24 573440]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-10 169984]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1318816]
"Dell AIO Printer A940"="c:\program files\Dell AIO Printer A940\dlbabmgr.exe" [2003-06-25 294998]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
.
c:\documents and settings\Owner.MCNABB_LAPTOP\Start Menu\Programs\Startup\
Greetings Workshop Reminders.lnk - c:\program files\Greetings Workshop\GWREMIND.EXE [1997-9-3 50688]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-9-27 385024]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2008-1-10 2168360]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscs vc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [5/9/2010 9:41 AM 89792]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/3/2008 8:40 PM 95200]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [5/9/2010 9:40 AM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [5/9/2010 9:40 AM 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [5/9/2010 9:41 AM 160608]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [5/9/2010 9:41 AM 150856]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [1/21/2010 4:24 PM 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 8:58 AM 20480]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [5/9/2010 9:41 AM 57600]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [5/9/2010 9:41 AM 338176]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [5/9/2010 9:41 AM 83856]
S1 718c51b0;718c51b0;c:\windows\system32\drivers\718c51b0.sys [9/18/2009 9:36 PM 0]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [5/9/2010 9:41 AM 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [5/9/2010 9:41 AM 87656]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [9/1/2010 11:46 AM 11520]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - EHRECVR
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2008-01-27 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-06-17 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6959
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 99.198.16.40 99.198.16.41
FF - ProfilePath - c:\documents and settings\Owner.MCNABB_LAPTOP\Application Data\Mozilla\Firefox\Profiles\e17k6qfe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=62133&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {AE18A4F2-F9A0-4337-A80D-FAB9D902C46B} - c:\documents and settings\Owner.MCNABB_LAPTOP\Local Settings\Application Data\{AE18A4F2-F9A0-4337-A80D-FAB9D902C46B}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Owner.MCNABB_LAPTOP\Application Data\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: InboxDollars: {771f3037-9885-4423-b50f-a5ede4854e26} - %profile%\extensions\{771f3037-9885-4423-b50f-a5ede4854e26}
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-20 07:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(5260)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\windows\stsystra.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
c:\program files\Dell AIO Printer A940\dlbabmon.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2012-01-20 08:08:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-20 14:08
ComboFix2.txt 2012-01-19 16:40
.
Pre-Run: 61,704,888,320 bytes free
Post-Run: 61,761,794,048 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 0A0DBC160A0FE4940F3E03FBB8A089D4
Upload was successful
pokeycows's Avatar
pokeycows pokeycows is offline
Computer Specs
Member with 49 posts.
THREAD STARTER
 
Join Date: Dec 2007
Experience: Intermediate
20-Jan-2012, 10:30 AM #12
I am sorry for the duplicate post. I posted, then the site went to another page like it hadn't posted...so I posted again. Sorry.
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,302 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
20-Jan-2012, 10:31 AM #13
next
Run tdss killer from http://support.kaspersky.com/viruses...?qid=208280684

let it cure anything it fnds ( except SPTD.SYS, which should be ignored) & then reboot

post back with its log
pokeycows's Avatar
pokeycows pokeycows is offline
Computer Specs
Member with 49 posts.
THREAD STARTER
 
Join Date: Dec 2007
Experience: Intermediate
20-Jan-2012, 10:58 AM #14
Hi dvk01,

I ran tdss killer from the site listed. It did not find anything. I rebooted my machine and enabled my virus scans...and ran tdss killer again. It did not find anything.
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,302 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
20-Jan-2012, 01:56 PM #15
are you still having any problems
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑