1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Pop Up Window issue cannot be removed

Discussion in 'Virus & Other Malware Removal' started by pokeycows, Jan 14, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. pokeycows

    pokeycows Thread Starter

    Joined:
    Dec 30, 2007
    Messages:
    49
    Hello,

    NOTE: I am having to post several times to get all the information because the site will not finish processing...

    Thank you in advance for assisting me. I recently tried to install Google Chrome on my laptop and almost immediately began having troubles with pop up windows and sluggish processing.

    I have tried several times to post in here and the computer keeps telling me after I have added everything that the page is busy and cannot complete. I'm not sure if this has anything to do with a possible virus. Therefore, I had to try and post this from a different laptop.

    I am currently using Firefox on the infected laptop, but have been having issues with it crashing a lot, so I thought I would give Chrome a try. After starting to get the pop up window issues, I removed Chrome. I also ran Malwarebytes' Anti-Malware software to try and remove the problem. It found some issues and removed them. I then ran Spybot to remove more, it found more and I removed. I restarted my laptop, but the windows still pop up.

    Symptom: When I open a new page in Firefox, a new tab pops up about some work online and make lots of money deal. When I close this tab, another window pops up asking me if I'm sure I want to navigate. I just click the 'x' to close the window. The page remains open, and when I try to close it again, another different pop up appears...I click 'x' to close it and only then am I able to close that unwanted page.


    My laptop is a Gateway MX6959. Intel(R) Core(TM)2 CPU. 0.99 GB of RAM. Running Microsoft Windows XP Media Center Edition Version 2002 Service Pack 3.



    Hijack This log:
    ****************************************************************************************

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:17:53 AM, on 1/13/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
    C:\Program Files\BigFix\bigfix.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    C:\Program Files\Greetings Workshop\GWREMIND.EXE
    C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\McAfee\VirusScan\mcods.exe
    C:\Documents and Settings\Owner.MCNABB_LAPTOP\My Documents\Downloads\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6959
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111228220029.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Updater For Simppull Toolbar - {C4B8BAB4-1667-11DF-A242-BA9455D89593} - C:\Program Files\simppulltoolbar\auxi\simppulltoolbAu.dll (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: (no name) - {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - (no file)
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Power2GoExpress] NA
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
    O4 - HKUS\S-1-5-18\..\Run: [braviax] (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [braviax] (User 'Default user')
    O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
    O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
    O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Doyles Room - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\DoylesRoomMPP\MPPoker.exe (file missing) (HKCU)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll
    O18 - Filter hijack: text/html - {1cfdfd6b-d494-4648-9fe6-151b0bd28ebe} - C:\WINDOWS\system32\mst123.dll
    O20 - AppInit_DLLs: cru629.dat C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL c:\windows\system32\vajapaso.dll nipujija.dll c:\windows\system32\kehifiya.dll
    O21 - SSODL: SysNet - {9241381B-083A-48DD-B6ED-DB71E06DC0BF} - C:\Documents and Settings\All Users\Microsoft AData\sysnet.dll (file missing)
    O21 - SSODL: tapefasut - {bb0d6cf1-3f66-4489-b7d6-7ae8a9991d4c} - c:\windows\system32\vajapaso.dll (file missing)
    O21 - SSODL: sifibupin - {4c6d53b7-dfd8-4c22-8fb3-e83f5bee0b41} - c:\windows\system32\kehifiya.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: tokatiluy - {bb0d6cf1-3f66-4489-b7d6-7ae8a9991d4c} - c:\windows\system32\vajapaso.dll (file missing)
    O22 - SharedTaskScheduler: gahurihor - {4c6d53b7-dfd8-4c22-8fb3-e83f5bee0b41} - c:\windows\system32\kehifiya.dll (file missing)
    O23 - Service: McAfee Application Installer Cleanup (0168681326457336) (0168681326457336mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\016868~1.EXE
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

    --
    End of file - 13546 bytes
     
  2. pokeycows

    pokeycows Thread Starter

    Joined:
    Dec 30, 2007
    Messages:
    49
    DDS log:
    *************************************************************************************************

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
    Run by Owner at 15:27:05 on 2012-01-13
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.263 [GMT -6:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
    C:\Program Files\BigFix\bigfix.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    C:\Program Files\Greetings Workshop\GWREMIND.EXE
    C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\rundll32.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = hxxp://www.google.com/ie
    uStart Page = hxxp://www.google.com
    uSearch Page = hxxp://www.google.com
    mDefault_Search_URL = hxxp://www.google.com/ie
    mSearch Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6959
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111228220029.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Updater For Simppull Toolbar: {c4b8bab4-1667-11df-a242-ba9455d89593} - c:\program files\simppulltoolbar\auxi\simppulltoolbAu.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No File
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [Power2GoExpress] NA
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
    uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [Dell AIO Printer A940] "c:\program files\dell aio printer a940\dlbabmgr.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    dRun: [braviax]
    StartupFolder: c:\docume~1\owner~1.mcn\startm~1\programs\startup\greeti~1.lnk - c:\program files\greetings workshop\GWREMIND.EXE
    StartupFolder: c:\docume~1\owner~1.mcn\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    LSP: mswsock.dll
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
    DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 99.198.16.40 99.198.16.41
    TCP: Interfaces\{B42BBB2B-8703-4DBB-992D-EB72641FCE03} : DhcpNameServer = 99.198.16.40 99.198.16.41
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
    Filter: text/html - {1cfdfd6b-d494-4648-9fe6-151b0bd28ebe} -
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: cru629.dat c:\progra~1\google\google~1\goec62~1.dll c:\windows\system32\vajapaso.dll nipujija.dll c:\windows\system32\kehifiya.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SSODL: SysNet - {9241381B-083A-48DD-B6ED-DB71E06DC0BF} - c:\documents and settings\all users\microsoft adata\sysnet.dll
    SSODL: tapefasut - {bb0d6cf1-3f66-4489-b7d6-7ae8a9991d4c} - c:\windows\system32\vajapaso.dll
    SSODL: sifibupin - {4c6d53b7-dfd8-4c22-8fb3-e83f5bee0b41} - c:\windows\system32\kehifiya.dll
    STS: tokatiluy: {bb0d6cf1-3f66-4489-b7d6-7ae8a9991d4c} - c:\windows\system32\vajapaso.dll
    STS: gahurihor: {4c6d53b7-dfd8-4c22-8fb3-e83f5bee0b41} - c:\windows\system32\kehifiya.dll
    SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll
    LSA: Notification Packages = scecli ntzchb.dll pinadili.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\owner.mcnabb_laptop\application data\mozilla\firefox\profiles\e17k6qfe.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
    FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=62133&p=
    FF - plugin: c:\documents and settings\owner.mcnabb_laptop\application data\move networks\plugins\npqmp071503000010.dll
    FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: XULRunner: {AE18A4F2-F9A0-4337-A80D-FAB9D902C46B} - c:\documents and settings\owner.mcnabb_laptop\local settings\application data\{AE18A4F2-F9A0-4337-A80D-FAB9D902C46B}
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files\mcafee\SiteAdvisor
    FF - Ext: Move Media Player: [email protected] - c:\documents and settings\owner.mcnabb_laptop\application data\Move Networks
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: InboxDollars: {771f3037-9885-4423-b50f-a5ede4854e26} - %profile%\extensions\{771f3037-9885-4423-b50f-a5ede4854e26}
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-1-20 464176]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-5-9 89792]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-3 94880]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-5-9 214904]
    R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-5-9 214904]
    R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-5-9 214904]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-5-9 166288]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-5-9 160608]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-5-9 150856]
    R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064]
    R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-1-21 110592]
    R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-5-9 57600]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-1-20 180816]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-1-20 59456]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-5-9 338176]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-5-9 83856]
    S1 718c51b0;718c51b0;c:\windows\system32\drivers\718c51b0.sys [2009-9-18 0]
    S2 0168681326457336mcinstcleanup;McAfee Application Installer Cleanup (0168681326457336);c:\windows\temp\016868~1.exe -cleanup -nolog --> c:\windows\temp\016868~1.EXE -cleanup -nolog [?]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-5-9 83856]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-5-9 87656]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-1-20 34248]
    S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-1-20 40552]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-9-1 11520]
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2011-10-17 21:04:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2009-09-19 19:44:03 18630 ----a-w- c:\program files\common files\ciwagyzac.dll
    2009-09-19 19:44:01 12651 ----a-w- c:\program files\common files\ajukevel.exe
    2009-09-19 03:02:21 14506 ----a-w- c:\program files\common files\xane.bat
    2009-09-19 03:02:21 12148 ----a-w- c:\program files\common files\vepohy.bin
    2009-09-15 23:01:33 18161 ----a-w- c:\program files\common files\qyfarysefu.sys
    2009-09-15 23:01:33 17000 ----a-w- c:\program files\common files\kuvyso.com
    2009-09-15 23:01:33 15135 ----a-w- c:\program files\common files\imyqiqor.scr
    2009-09-15 23:01:33 13544 ----a-w- c:\program files\common files\docizituni.pif
    .
    ============= FINISH: 15:29:14.26 ===============







    ark.txt file contents:
    ******************************************************************************************

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-01-13 18:06:49
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 HTS72101 rev.MCZO
    Running: l7445057.exe; Driver: C:\DOCUME~1\OWNER~1.MCN\LOCALS~1\Temp\awlyakog.sys


    ---- System - GMER 1.0.15 ----

    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF716F4C0]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF716F4D4]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF716F500]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF716F556]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF716F4AC]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF716F484]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF716F498]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF716F4EA]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF716F52C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF716F516]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF716F580]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF716F56C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF716F540]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

    ---- Kernel code sections - GMER 1.0.15 ----

    init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF5901EBF]
    .text mrxsmb.sys 9CB93000 79 Bytes [06, 0F, 83, 2D, B5, 00, 00, ...]
    .text mrxsmb.sys 9CB93051 3 Bytes [84, F2, B4]
    .text mrxsmb.sys 9CB93057 11 Bytes [C0, 66, FF, 46, 04, 5F, 5B, ...]
    .text mrxsmb.sys 9CB93063 23 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
    .text mrxsmb.sys 9CB9307B 117 Bytes [8B, 40, 34, 83, C0, 40, 5D, ...]
    .text ...
    ? C:\WINDOWS\system32\DRIVERS\mrxsmb.sys suspicious PE modification
    ? C:\DOCUME~1\OWNER~1.MCN\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\Explorer.EXE[264] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01960FEF
    .text C:\WINDOWS\Explorer.EXE[264] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01960025
    .text C:\WINDOWS\Explorer.EXE[264] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01960014
    .text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 018E0FEF
    .text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 018E0078
    .text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 018E0067
    .text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 018E0F8D
    .text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 018E004A
    .text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 018E0FA8
    .text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 018E0F26
    .text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 018E0F4D
    .text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 018E0F0B
    .text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 018E00A4
    .text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 018E00BF
    .text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 018E002F
    .text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 018E000A
    .text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 018E0F5E
    .text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 018E0FC3
    .text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 018E0FDE
    .text C:\WINDOWS\Explorer.EXE[264] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 018E0093
    .text C:\WINDOWS\Explorer.EXE[264] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01CA001B
    .text C:\WINDOWS\Explorer.EXE[264] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01CA0051
    .text C:\WINDOWS\Explorer.EXE[264] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01CA0FCA
    .text C:\WINDOWS\Explorer.EXE[264] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01CA0FDB
    .text C:\WINDOWS\Explorer.EXE[264] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01CA002C
    .text C:\WINDOWS\Explorer.EXE[264] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01CA0000
    .text C:\WINDOWS\Explorer.EXE[264] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01CA0F94
    .text C:\WINDOWS\Explorer.EXE[264] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes JMP 50C03389
    .text C:\WINDOWS\Explorer.EXE[264] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01CA0FA5
    .text C:\WINDOWS\Explorer.EXE[264] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01C90053
    .text C:\WINDOWS\Explorer.EXE[264] msvcrt.dll!system 77C293C7 5 Bytes JMP 01C90FD2
    .text C:\WINDOWS\Explorer.EXE[264] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01C90038
    .text C:\WINDOWS\Explorer.EXE[264] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01C9000C
    .text C:\WINDOWS\Explorer.EXE[264] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01C90FE3
    .text C:\WINDOWS\Explorer.EXE[264] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01C9001D
    .text C:\WINDOWS\Explorer.EXE[264] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 01C80FEF
    .text C:\WINDOWS\Explorer.EXE[264] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 01C8000A
    .text C:\WINDOWS\Explorer.EXE[264] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 01C80025
    .text C:\WINDOWS\Explorer.EXE[264] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 01C80FD4
    .text C:\WINDOWS\Explorer.EXE[264] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01DE0FEF
    .text C:\WINDOWS\system32\svchost.exe[404] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00740FEF
    .text C:\WINDOWS\system32\svchost.exe[404] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00740FC3
    .text C:\WINDOWS\system32\svchost.exe[404] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00740FD4
    .text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00730FEF
    .text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0073006E
    .text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00730053
    .text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00730F79
    .text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00730F8A
    .text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00730025
    .text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00730F48
    .text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00730090
    .text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007300A1
    .text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00730F12
    .text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00730EED
    .text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00730036
    .text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0073000A
    .text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0073007F
    .text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00730FB9
    .text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00730FD4
    .text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00730F2D
    .text C:\WINDOWS\system32\svchost.exe[404] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00880FCD
    .text C:\WINDOWS\system32\svchost.exe[404] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00880065
    .text C:\WINDOWS\system32\svchost.exe[404] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00880FDE
    .text C:\WINDOWS\system32\svchost.exe[404] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0088000A
    .text C:\WINDOWS\system32\svchost.exe[404] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00880FA8
    .text C:\WINDOWS\system32\svchost.exe[404] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00880FEF
    .text C:\WINDOWS\system32\svchost.exe[404] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00880054
    .text C:\WINDOWS\system32\svchost.exe[404] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00880039
    .text C:\WINDOWS\system32\svchost.exe[404] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00760F9C
    .text C:\WINDOWS\system32\svchost.exe[404] msvcrt.dll!system 77C293C7 5 Bytes JMP 00760031
    .text C:\WINDOWS\system32\svchost.exe[404] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00760FC1
    .text C:\WINDOWS\system32\svchost.exe[404] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00760FEF
    .text C:\WINDOWS\system32\svchost.exe[404] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00760016
    .text C:\WINDOWS\system32\svchost.exe[404] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00760FDE
    .text C:\WINDOWS\system32\svchost.exe[404] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0075000A
    .text C:\WINDOWS\system32\svchost.exe[404] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 00FE0000
    .text C:\WINDOWS\system32\svchost.exe[404] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 00FE0FE5
    .text C:\WINDOWS\system32\svchost.exe[404] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 00FE0FCA
    .text C:\WINDOWS\system32\svchost.exe[404] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 00FE001B
    .text C:\WINDOWS\system32\svchost.exe[520] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00AE0FEF
    .text C:\WINDOWS\system32\svchost.exe[520] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00AE0FD4
    .text C:\WINDOWS\system32\svchost.exe[520] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00AE000A
    .text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AD0000
    .text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AD007F
    .text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AD0F94
    .text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AD0FA5
    .text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AD0FB6
    .text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AD0051
    .text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AD00BC
    .text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AD00AB
    .text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AD00E8
    .text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AD00CD
    .text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AD0F34
    .text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AD0062
    .text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AD0FE5
    .text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AD009A
    .text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AD0036
    .text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AD001B
    .text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AD0F59
    .text C:\WINDOWS\system32\svchost.exe[520] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B50047
    .text C:\WINDOWS\system32\svchost.exe[520] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B50073
    .text C:\WINDOWS\system32\svchost.exe[520] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B5002C
    .text C:\WINDOWS\system32\svchost.exe[520] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B50011
    .text C:\WINDOWS\system32\svchost.exe[520] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B50FC0
    .text C:\WINDOWS\system32\svchost.exe[520] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B50000
    .text C:\WINDOWS\system32\svchost.exe[520] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00B50FDB
    .text C:\WINDOWS\system32\svchost.exe[520] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D5, 88] {AAD 0x88}
    .text C:\WINDOWS\system32\svchost.exe[520] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B50058
    .text C:\WINDOWS\system32\svchost.exe[520] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B00F95
    .text C:\WINDOWS\system32\svchost.exe[520] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B00FB0
    .text C:\WINDOWS\system32\svchost.exe[520] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B00FD2
    .text C:\WINDOWS\system32\svchost.exe[520] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B00FEF
    .text C:\WINDOWS\system32\svchost.exe[520] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B00FC1
    .text C:\WINDOWS\system32\svchost.exe[520] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B0000C
    .text C:\WINDOWS\system32\svchost.exe[520] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AF000A
    .text C:\WINDOWS\system32\svchost.exe[928] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A10000
    .text C:\WINDOWS\system32\svchost.exe[928] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A10FDB
    .text C:\WINDOWS\system32\svchost.exe[928] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A10011
    .text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A00FEF
    .text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A00F57
    .text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A00F72
    .text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A00040
    .text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A00F83
    .text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A00FAF
    .text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A0008E
    .text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A00F46
    .text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A000BA
    .text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A00F2B
    .text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A000D5
    .text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A00F94
    .text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A00FD4
    .text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A00071
    .text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A0001B
    .text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A0000A
    .text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A0009F
    .text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D10040
    .text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D1006C
    .text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D10FEF
    .text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D10025
    .text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D10FAF
    .text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D10000
    .text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00D1005B
    .text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D10FD4
    .text C:\WINDOWS\system32\svchost.exe[928] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D00F8B
    .text C:\WINDOWS\system32\svchost.exe[928] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D00F9C
    .text C:\WINDOWS\system32\svchost.exe[928] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D00FB7
    .text C:\WINDOWS\system32\svchost.exe[928] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D00FEF
    .text C:\WINDOWS\system32\svchost.exe[928] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D0000C
    .text C:\WINDOWS\system32\svchost.exe[928] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D00FD2
    .text C:\WINDOWS\system32\svchost.exe[928] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 00A20000
    .text C:\WINDOWS\system32\svchost.exe[928] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 00A2001B
    .text C:\WINDOWS\system32\svchost.exe[928] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 00A2002C
    .text C:\WINDOWS\system32\svchost.exe[928] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 00A20FE5
    .text C:\WINDOWS\system32\svchost.exe[928] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A30FEF
    .text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1236] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 624199A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1236] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\WINDOWS\system32\lsass.exe[1452] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BA0000
    .text C:\WINDOWS\system32\lsass.exe[1452] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BA0FEF
    .text C:\WINDOWS\system32\lsass.exe[1452] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BA001B
    .text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FB000A
    .text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FB0F5F
    .text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FB0F7A
    .text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FB0F8B
    .text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FB0FA8
    .text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FB0FC3
    .text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FB00A0
    .text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FB0F4E
    .text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FB00CC
    .text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FB00B1
    .text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FB00DD
    .text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FB004A
    .text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FB0FE5
    .text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FB0079
    .text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FB0FD4
    .text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FB001B
    .text C:\WINDOWS\system32\lsass.exe[1452] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FB0F33
    .text C:\WINDOWS\system32\lsass.exe[1452] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FA0FC0
    .text C:\WINDOWS\system32\lsass.exe[1452] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FA0047
    .text C:\WINDOWS\system32\lsass.exe[1452] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FA001B
    .text C:\WINDOWS\system32\lsass.exe[1452] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FA0FE5
    .text C:\WINDOWS\system32\lsass.exe[1452] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FA002C
    .text C:\WINDOWS\system32\lsass.exe[1452] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FA000A
    .text C:\WINDOWS\system32\lsass.exe[1452] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00FA0F8A
    .text C:\WINDOWS\system32\lsass.exe[1452] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1A, 89]
    .text C:\WINDOWS\system32\lsass.exe[1452] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FA0FAF
    .text C:\WINDOWS\system32\lsass.exe[1452] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BD0FB2
    .text C:\WINDOWS\system32\lsass.exe[1452] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BD0FCD
    .text C:\WINDOWS\system32\lsass.exe[1452] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BD0022
    .text C:\WINDOWS\system32\lsass.exe[1452] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BD0000
    .text C:\WINDOWS\system32\lsass.exe[1452] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BD003D
    .text C:\WINDOWS\system32\lsass.exe[1452] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BD0011
    .text C:\WINDOWS\system32\lsass.exe[1452] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BC0000
    .text C:\WINDOWS\system32\lsass.exe[1452] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 00BB0000
    .text C:\WINDOWS\system32\lsass.exe[1452] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 00BB0FEF
    .text C:\WINDOWS\system32\lsass.exe[1452] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 00BB0025
    .text C:\WINDOWS\system32\lsass.exe[1452] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 00BB0036
    .text C:\WINDOWS\system32\svchost.exe[1624] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 02520FEF
    .text C:\WINDOWS\system32\svchost.exe[1624] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02520FDE
    .text C:\WINDOWS\system32\svchost.exe[1624] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02520014
    .text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02560FEF
    .text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02560F86
    .text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0256007B
    .text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02560F97
    .text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0256004A
    .text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0256002F
    .text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02560F44
    .text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0256008C
    .text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02560F07
    .text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02560F18
    .text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 025600B1
    .text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02560FA8
    .text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02560FD4
    .text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02560F6B
    .text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02560014
    .text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02560FC3
    .text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02560F29
    .text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02550000
    .text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02550F83
    .text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02550FB9
    .text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02550FCA
    .text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02550040
    .text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02550FEF
    .text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02550025
    .text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02550F9E
    .text C:\WINDOWS\system32\svchost.exe[1624] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02540042
    .text C:\WINDOWS\system32\svchost.exe[1624] msvcrt.dll!system 77C293C7 5 Bytes JMP 0254001D
    .text C:\WINDOWS\system32\svchost.exe[1624] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02540FC8
    .text C:\WINDOWS\system32\svchost.exe[1624] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02540FE3
    .text C:\WINDOWS\system32\svchost.exe[1624] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02540FAD
    .text C:\WINDOWS\system32\svchost.exe[1624] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0254000C
    .text C:\WINDOWS\system32\svchost.exe[1624] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0253000A
    .text C:\WINDOWS\system32\svchost.exe[1692] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00FF0000
    .text C:\WINDOWS\system32\svchost.exe[1692] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00FF0FCA
    .text C:\WINDOWS\system32\svchost.exe[1692] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FF0FE5
    .text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01150FEF
    .text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01150FAF
    .text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 011500A4
    .text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01150089
    .text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0115006C
    .text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01150036
    .text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 011500ED
    .text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 011500DC
    .text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01150134
    .text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01150123
    .text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0115014F
    .text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01150047
    .text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0115000A
    .text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 011500BF
    .text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01150FC0
    .text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0115001B
    .text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01150108
    .text C:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01140040
    .text C:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01140FC3
    .text C:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01140FEF
    .text C:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01140025
    .text C:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01140080
    .text C:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0114000A
    .text C:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01140065
    .text C:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01140FDE
    .text C:\WINDOWS\system32\svchost.exe[1692] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0113002E
    .text C:\WINDOWS\system32\svchost.exe[1692] msvcrt.dll!system 77C293C7 5 Bytes JMP 0113001D
    .text C:\WINDOWS\system32\svchost.exe[1692] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0113000C
    .text C:\WINDOWS\system32\svchost.exe[1692] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01130FEF
    .text C:\WINDOWS\system32\svchost.exe[1692] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01130FAD
    .text C:\WINDOWS\system32\svchost.exe[1692] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01130FDE
    .text C:\WINDOWS\system32\svchost.exe[1692] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01120000
    .text C:\WINDOWS\system32\svchost.exe[1692] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 01110000
    .text C:\WINDOWS\system32\svchost.exe[1692] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 01110FEF
    .text C:\WINDOWS\system32\svchost.exe[1692] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 01110025
    .text C:\WINDOWS\system32\svchost.exe[1692] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 01110036
    .text C:\WINDOWS\System32\svchost.exe[1724] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 02F30000
    .text C:\WINDOWS\System32\svchost.exe[1724] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02F30022
    .text C:\WINDOWS\System32\svchost.exe[1724] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02F30011
    .text C:\WINDOWS\System32\svchost.exe[1724] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00FA000A
    .text C:\WINDOWS\System32\svchost.exe[1724] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00F8000C
    .text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02F20000
    .text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02F200A1
    .text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02F20090
    .text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02F20075
    .text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02F20058
    .text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02F2002C
    .text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02F20F63
    .text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02F20F74
    .text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02F200C6
    .text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02F20F2D
    .text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02F20F12
    .text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02F20047
    .text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02F20FE5
    .text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02F20F91
    .text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02F20011
    .text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02F20FCA
    .text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02F20F52
    .text C:\WINDOWS\System32\svchost.exe[1724] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02FB001B
    .text C:\WINDOWS\System32\svchost.exe[1724] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02FB005B
    .text C:\WINDOWS\System32\svchost.exe[1724] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02FB0000
    .text C:\WINDOWS\System32\svchost.exe[1724] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02FB0FD4
    .text C:\WINDOWS\System32\svchost.exe[1724] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02FB0F94
    .text C:\WINDOWS\System32\svchost.exe[1724] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02FB0FE5
    .text C:\WINDOWS\System32\svchost.exe[1724] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02FB0036
    .text C:\WINDOWS\System32\svchost.exe[1724] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02FB0FA5
    .text C:\WINDOWS\System32\svchost.exe[1724] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02FA0F9F
    .text C:\WINDOWS\System32\svchost.exe[1724] msvcrt.dll!system 77C293C7 5 Bytes JMP 02FA0020
    .text C:\WINDOWS\System32\svchost.exe[1724] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02FA0FC1
    .text C:\WINDOWS\System32\svchost.exe[1724] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02FA0FEF
    .text C:\WINDOWS\System32\svchost.exe[1724] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02FA0FB0
    .text C:\WINDOWS\System32\svchost.exe[1724] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02FA0FDE
    .text C:\WINDOWS\System32\svchost.exe[1724] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02F90000
    .text C:\WINDOWS\System32\svchost.exe[1724] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 02F8000A
    .text C:\WINDOWS\System32\svchost.exe[1724] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 02F80025
    .text C:\WINDOWS\System32\svchost.exe[1724] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 02F80036
    .text C:\WINDOWS\System32\svchost.exe[1724] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 02F80047
    .text C:\WINDOWS\system32\svchost.exe[1980] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F00000
    .text C:\WINDOWS\system32\svchost.exe[1980] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F00022
    .text C:\WINDOWS\system32\svchost.exe[1980] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F00011
    .text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EF0FEF
    .text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00EF0082
    .text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EF0F8D
    .text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EF005B
    .text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00EF0F9E
    .text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EF0025
    .text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00EF00BA
    .text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EF0F72
    .text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EF00E6
    .text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EF0F4D
    .text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00EF0F32
    .text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00EF0040
    .text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00EF0FDE
    .text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00EF009D
    .text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00EF0014
    .text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00EF0FB9
    .text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00EF00D5
    .text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F40FB9
    .text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F40F6B
    .text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F40FD4
    .text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F40FE5
    .text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F40F86
    .text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F40000
    .text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F40F97
    .text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [14, 89] {ADC AL, 0x89}
    .text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F40FA8
    .text C:\WINDOWS\system32\svchost.exe[1980] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F30FD2
    .text C:\WINDOWS\system32\svchost.exe[1980] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F30053
    .text C:\WINDOWS\system32\svchost.exe[1980] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F30FE3
    .text C:\WINDOWS\system32\svchost.exe[1980] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F30000
    .text C:\WINDOWS\system32\svchost.exe[1980] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F30042
    .text C:\WINDOWS\system32\svchost.exe[1980] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F30011
    .text C:\WINDOWS\system32\svchost.exe[1980] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F20FEF
    .text C:\WINDOWS\system32\svchost.exe[1980] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 00F10FEF
    .text C:\WINDOWS\system32\svchost.exe[1980] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 00F1000A
    .text C:\WINDOWS\system32\svchost.exe[1980] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 00F1002F
    .text C:\WINDOWS\system32\svchost.exe[1980] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 00F10FDE
    .text C:\WINDOWS\system32\svchost.exe[2032] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C70000
    .text C:\WINDOWS\system32\svchost.exe[2032] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C70FE5
    .text C:\WINDOWS\system32\svchost.exe[2032] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C7001B
    .text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C60000
    .text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C60F4A
    .text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C60F6F
    .text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C60049
    .text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C60F80
    .text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C60FA5
    .text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C6006B
    .text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C6005A
    .text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C60EED
    .text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C60086
    .text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C60ED2
    .text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C6002C
    .text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C6001B
    .text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C60F39
    .text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C60FCA
    .text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C60FDB
    .text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C60F08
    .text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C9001B
    .text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C90054
    .text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C90FCA
    .text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C90FDB
    .text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C90F8D
    .text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C90000
    .text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C90FA8
    .text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes JMP C89FEDE5
    .text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C90FB9
    .text C:\WINDOWS\system32\svchost.exe[2032] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C80F9E
    .text C:\WINDOWS\system32\svchost.exe[2032] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C80FC3
    .text C:\WINDOWS\system32\svchost.exe[2032] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C80029
    .text C:\WINDOWS\system32\svchost.exe[2032] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C80FEF
    .text C:\WINDOWS\system32\svchost.exe[2032] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C80FD4
    .text C:\WINDOWS\system32\svchost.exe[2032] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C8000C
    .text C:\WINDOWS\System32\svchost.exe[2268] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090000
    .text C:\WINDOWS\System32\svchost.exe[2268] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00090036
    .text C:\WINDOWS\System32\svchost.exe[2268] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0009001B
    .text C:\WINDOWS\System32\svchost.exe[2268] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0000
    .text C:\WINDOWS\System32\svchost.exe[2268] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B00BD
    .text C:\WINDOWS\System32\svchost.exe[2268] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B00AC
    .text C:\WINDOWS\System32\svchost.exe[2268] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0091
    .text C:\WINDOWS\System32\svchost.exe[2268] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0080
    .text C:\WINDOWS\System32\svchost.exe[2268] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0FE5
    .text C:\WINDOWS\System32\svchost.exe[2268] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B0F90
    .text C:\WINDOWS\System32\svchost.exe[2268] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0FA1
    .text C:\WINDOWS\System32\svchost.exe[2268] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B010E
    .text C:\WINDOWS\System32\svchost.exe[2268] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B00FD
    .text C:\WINDOWS\System32\svchost.exe[2268] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B0F64
    .text C:\WINDOWS\System32\svchost.exe[2268] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B0FD4
    .text C:\WINDOWS\System32\svchost.exe[2268] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B001B
    .text C:\WINDOWS\System32\svchost.exe[2268] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B00CE
    .text C:\WINDOWS\System32\svchost.exe[2268] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0051
    .text C:\WINDOWS\System32\svchost.exe[2268] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B002C
    .text C:\WINDOWS\System32\svchost.exe[2268] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B0F7F
    .text C:\WINDOWS\System32\svchost.exe[2268] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002A0FB2
    .text C:\WINDOWS\System32\svchost.exe[2268] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002A0039
    .text C:\WINDOWS\System32\svchost.exe[2268] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002A0FC3
    .text C:\WINDOWS\System32\svchost.exe[2268] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002A0FD4
    .text C:\WINDOWS\System32\svchost.exe[2268] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002A0028
    .text C:\WINDOWS\System32\svchost.exe[2268] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002A0FEF
    .text C:\WINDOWS\System32\svchost.exe[2268] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002A0F86
    .text C:\WINDOWS\System32\svchost.exe[2268] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4A, 88]
    .text C:\WINDOWS\System32\svchost.exe[2268] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002A0F97
    .text C:\WINDOWS\System32\svchost.exe[2268] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003F0077
    .text C:\WINDOWS\System32\svchost.exe[2268] msvcrt.dll!system 77C293C7 5 Bytes JMP 003F0066
    .text C:\WINDOWS\System32\svchost.exe[2268] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003F003A
    .text C:\WINDOWS\System32\svchost.exe[2268] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003F0000
    .text C:\WINDOWS\System32\svchost.exe[2268] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003F004B
    .text C:\WINDOWS\System32\svchost.exe[2268] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003F0029
    .text C:\WINDOWS\System32\svchost.exe[2268] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AC000A
    .text C:\WINDOWS\system32\dllhost.exe[2752] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00E90000
    .text C:\WINDOWS\system32\dllhost.exe[2752] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E90011
    .text C:\WINDOWS\system32\dllhost.exe[2752] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E90FE5
    .text C:\WINDOWS\system32\dllhost.exe[2752] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E8000A
    .text C:\WINDOWS\system32\dllhost.exe[2752] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E80FB7
    .text C:\WINDOWS\system32\dllhost.exe[2752] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E80FC8
    .text C:\WINDOWS\system32\dllhost.exe[2752] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E800A2
    .text C:\WINDOWS\system32\dllhost.exe[2752] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E80087
    .text C:\WINDOWS\system32\dllhost.exe[2752] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E80062
    .text C:\WINDOWS\system32\dllhost.exe[2752] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E80F86
    .text C:\WINDOWS\system32\dllhost.exe[2752] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E800D8
    .text C:\WINDOWS\system32\dllhost.exe[2752] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E8011F
    .text C:\WINDOWS\system32\dllhost.exe[2752] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E80104
    .text C:\WINDOWS\system32\dllhost.exe[2752] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E80F75
    .text C:\WINDOWS\system32\dllhost.exe[2752] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E80FE5
    .text C:\WINDOWS\system32\dllhost.exe[2752] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E8001B
    .text C:\WINDOWS\system32\dllhost.exe[2752] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E800C7
    .text C:\WINDOWS\system32\dllhost.exe[2752] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E80047
    .text C:\WINDOWS\system32\dllhost.exe[2752] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E80036
    .text C:\WINDOWS\system32\dllhost.exe[2752] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E800E9
    .text C:\WINDOWS\system32\dllhost.exe[2752] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E60FA4
    .text C:\WINDOWS\system32\dllhost.exe[2752] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E6002F
    .text C:\WINDOWS\system32\dllhost.exe[2752] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E60FB5
    .text C:\WINDOWS\system32\dllhost.exe[2752] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E60FE3
    .text C:\WINDOWS\system32\dllhost.exe[2752] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E6000A
    .text C:\WINDOWS\system32\dllhost.exe[2752] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E60FC6
    .text C:\WINDOWS\system32\dllhost.exe[2752] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E70036
    .text C:\WINDOWS\system32\dllhost.exe[2752] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E70F8A
    .text C:\WINDOWS\system32\dllhost.exe[2752] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E70011
    .text C:\WINDOWS\system32\dllhost.exe[2752] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E70FE5
    .text C:\WINDOWS\system32\dllhost.exe[2752] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E70047
    .text C:\WINDOWS\system32\dllhost.exe[2752] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E70000
    .text C:\WINDOWS\system32\dllhost.exe[2752] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00E70FA5
    .text C:\WINDOWS\system32\dllhost.exe[2752] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [07, 89]
    .text C:\WINDOWS\system32\dllhost.exe[2752] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E70FC0
    .text C:\WINDOWS\system32\dllhost.exe[2752] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E50FEF
    .text C:\Program Files\Messenger\msmsgs.exe[3888] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090FEF
    .text C:\Program Files\Messenger\msmsgs.exe[3888] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00090011
    .text C:\Program Files\Messenger\msmsgs.exe[3888] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00090000
    .text C:\Program Files\Messenger\msmsgs.exe[3888] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001C0000
    .text C:\Program Files\Messenger\msmsgs.exe[3888] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001C0076
    .text C:\Program Files\Messenger\msmsgs.exe[3888] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001C0F81
    .text C:\Program Files\Messenger\msmsgs.exe[3888] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001C0F92
    .text C:\Program Files\Messenger\msmsgs.exe[3888] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001C0051
    .text C:\Program Files\Messenger\msmsgs.exe[3888] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001C0FC3
    .text C:\Program Files\Messenger\msmsgs.exe[3888] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001C0F4B
    .text C:\Program Files\Messenger\msmsgs.exe[3888] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001C0F5C
    .text C:\Program Files\Messenger\msmsgs.exe[3888] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001C00D3
    .text C:\Program Files\Messenger\msmsgs.exe[3888] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001C0F30
    .text C:\Program Files\Messenger\msmsgs.exe[3888] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001C0F1F
    .text C:\Program Files\Messenger\msmsgs.exe[3888] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001C0040
    .text C:\Program Files\Messenger\msmsgs.exe[3888] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001C0025
    .text C:\Program Files\Messenger\msmsgs.exe[3888] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001C0087
    .text C:\Program Files\Messenger\msmsgs.exe[3888] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001C0FD4
    .text C:\Program Files\Messenger\msmsgs.exe[3888] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001C0FEF
    .text C:\Program Files\Messenger\msmsgs.exe[3888] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001C00AE
    .text C:\Program Files\Messenger\msmsgs.exe[3888] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002B0055
    .text C:\Program Files\Messenger\msmsgs.exe[3888] msvcrt.dll!system 77C293C7 5 Bytes JMP 002B0044
    .text C:\Program Files\Messenger\msmsgs.exe[3888] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002B0FDE
    .text C:\Program Files\Messenger\msmsgs.exe[3888] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002B0FEF
    .text C:\Program Files\Messenger\msmsgs.exe[3888] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002B0029
    .text C:\Program Files\Messenger\msmsgs.exe[3888] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002B0018
    .text C:\Program Files\Messenger\msmsgs.exe[3888] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002C0FD4
    .text C:\Program Files\Messenger\msmsgs.exe[3888] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002C0087
    .text C:\Program Files\Messenger\msmsgs.exe[3888] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002C001B
    .text C:\Program Files\Messenger\msmsgs.exe[3888] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002C0000
    .text C:\Program Files\Messenger\msmsgs.exe[3888] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002C0076
    .text C:\Program Files\Messenger\msmsgs.exe[3888] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002C0FE5
    .text C:\Program Files\Messenger\msmsgs.exe[3888] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 002C005B
    .text C:\Program Files\Messenger\msmsgs.exe[3888] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002C0040
    .text C:\Program Files\Messenger\msmsgs.exe[3888] WS2_32.dll!socket 71AB4211 5 Bytes JMP 002D0000
    .text C:\Program Files\Messenger\msmsgs.exe[3888] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 002E0000
    .text C:\Program Files\Messenger\msmsgs.exe[3888] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 002E0FE5
    .text C:\Program Files\Messenger\msmsgs.exe[3888] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 002E0025
    .text C:\Program Files\Messenger\msmsgs.exe[3888] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 002E0FCA
    .text C:\WINDOWS\System32\ping.exe[5656] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BA000A
    .text C:\WINDOWS\System32\ping.exe[5656] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00BB000A
    .text C:\WINDOWS\System32\ping.exe[5656] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A5000A
    .text C:\WINDOWS\System32\ping.exe[5656] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A6000A
    .text C:\WINDOWS\System32\ping.exe[5656] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A4000C
    .text C:\WINDOWS\System32\ping.exe[5656] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00BE000A
    .text C:\WINDOWS\System32\ping.exe[5656] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 00BF000A
    .text C:\WINDOWS\System32\ping.exe[5656] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 00C0000A
    .text C:\WINDOWS\System32\ping.exe[5656] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00BD000A

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    ---- Modules - GMER 1.0.15 ----

    Module (noname) (*** hidden *** ) A68BD000-A68CF000 (73728 bytes)

    ---- Processes - GMER 1.0.15 ----

    Process C:\WINDOWS\System32\ping.exe (*** hidden *** ) 5656

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@start 1
    Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@type 1
    Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSpqlt.sys
    Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@group file system
    Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSserv
    Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSl
    Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssservers
    Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssmain
    Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSvkql.dll
    Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSxfum.dll
    Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssinit
    Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
    Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsahc.dll
    Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSpaxt.log
    Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSSofxh.log
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ???9?&??? ???????r???????????r???????????????????????????r???E??????????????0????????????????`???????????????????? ????????????????????? ???????????????????? ???????8?????r?????m??????????r???????????Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.?e???????????e??????? ???????=????????????? ?????????????????f???r???0?0?0?0?0?0?x???????????k?????s?l??USBSTOR??????????????l?????s?l?????s????? ???????r????????????? ????????????????????Dell A940???? ???????r???????????k????????????????????????r??r???C????????????????????????????????????????????????????????????????????E753???<?????r????255.255.255.0???s\???????????s?????s?u?????s????WD Drive Management devices?????? ???????????????????/?????????????D?????????r???????t???T??????su???r???????s???t???????\???r ?LegacyDriver????? ???????4????????????????????????R??????????????????k???????\??? ?????

    ---- Files - GMER 1.0.15 ----

    File C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt 0 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\5ZPU55K4\st[4] 0 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\5ZPU55K4\iframe3[1].htm 0 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EAZNPW5A\errorPageStrings[1] 0 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GB0F21AV\Lock[1].js 846 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GB0F21AV\background_gradient[1] 453 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GB0F21AV\logo[1].png 9633 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GB0F21AV\down[1] 3414 bytes
    File C:\WINDOWS\$NtUninstallKB8966$\234181493 0 bytes
    File C:\WINDOWS\$NtUninstallKB8966$\4141864409 0 bytes
    File C:\WINDOWS\$NtUninstallKB8966$\4141864409\@ 2048 bytes
    File C:\WINDOWS\$NtUninstallKB8966$\4141864409\bckfg.tmp 860 bytes
    File C:\WINDOWS\$NtUninstallKB8966$\4141864409\cfg.ini 198 bytes
    File C:\WINDOWS\$NtUninstallKB8966$\4141864409\Desktop.ini 4608 bytes
    File C:\WINDOWS\$NtUninstallKB8966$\4141864409\keywords 215 bytes
    File C:\WINDOWS\$NtUninstallKB8966$\4141864409\kwrd.dll 223744 bytes
    File C:\WINDOWS\$NtUninstallKB8966$\4141864409\L 0 bytes
    File C:\WINDOWS\$NtUninstallKB8966$\4141864409\L\ceucmxgq 455296 bytes
    File C:\WINDOWS\$NtUninstallKB8966$\4141864409\lsflt7.ver 5176 bytes
    File C:\WINDOWS\$NtUninstallKB8966$\4141864409\U 0 bytes
    File C:\WINDOWS\$NtUninstallKB8966$\4141864409\U\00000001.@ 2048 bytes
    File C:\WINDOWS\$NtUninstallKB8966$\4141864409\U\00000002.@ 224768 bytes
    File C:\WINDOWS\$NtUninstallKB8966$\4141864409\U\00000004.@ 1024 bytes
    File C:\WINDOWS\$NtUninstallKB8966$\4141864409\U\80000000.@ 11264 bytes
    File C:\WINDOWS\$NtUninstallKB8966$\4141864409\U\80000004.@ 12800 bytes
    File C:\WINDOWS\$NtUninstallKB8966$\4141864409\U\80000032.@ 77312 bytes

    ---- EOF - GMER 1.0.15 ----
     
  3. pokeycows

    pokeycows Thread Starter

    Joined:
    Dec 30, 2007
    Messages:
    49
    I am so sorry for the multiple posts...after I would 'submit post'...the page would tell me that it was busy...so I assumed the post did not submit. Thank you very much for deleting the duplicates! :) Please let me know if I missed adding any of the requested information.
     
  4. pokeycows

    pokeycows Thread Starter

    Joined:
    Dec 30, 2007
    Messages:
    49
    I am attaching the attach.txt log file that was attached to the other duplicated posts, but not to this one. I did not realize it was not attached to this post which is the open one.

    I really hope this helps to figure out the pop up malware issue. Thank you! :)
     

    Attached Files:

  5. pokeycows

    pokeycows Thread Starter

    Joined:
    Dec 30, 2007
    Messages:
    49
    My computer seems to keep getting worse.

    This morning I was not able to open any web browsers, could not get the task manager window to open and could not even get the computer to turn itself off. I had to manually cut the computer off. It did not seem to be locked up because I never lost control of the mouse and was able to keep telling the computer to turn off (or restart), neither of which happened as they should have.

    I have no idea what could be wrong with my computer. Please help.
     
  6. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,897
    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Here or Hereto your Desktop.
    As you download it rename it to username123.exe


    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on renamed combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues
     
  7. pokeycows

    pokeycows Thread Starter

    Joined:
    Dec 30, 2007
    Messages:
    49
    I thought I had disabled all the virus scans, but after starting ComboFix, one was still running. ComboFix told me to disable before hitting OK...so I did. Then I get a small blue screen with AutoScan as the title of the window. A message box pops up saying:

    Windows cannot find 'NIRKMD'. I've hit ok a few times and then it seems to continue scanning. The computer then told me it had to reboot...so it did. I had the firewall and virus scans set up to resume on reboot. The computer rebooted and that blue window with AutoScan said it was

    scanning for infected files...
    This typically doesn't take more than 10 minutes
    However...

    Completed Stage_1
    Completed Stage_2

    Then I got the NIRKMD missing window again. What should I do?
     
  8. pokeycows

    pokeycows Thread Starter

    Joined:
    Dec 30, 2007
    Messages:
    49
    I have just hit the OK button on the NIRKMD missing file window and it said it Completed Stage_3

    It seems to continue processing and then pops up the same NIRKMD window, so I just hit OK. So far it has completed down to Stage_32.

    Is this what ComboFix is supposed to do...or look like as it is scanning?
     
  9. pokeycows

    pokeycows Thread Starter

    Joined:
    Dec 30, 2007
    Messages:
    49
    Thank you very much dvk01 for helping me. :) It is much appreciated!

    Ok...the ComboFix finally finished and produced a log file. I started Firefox browser and the extra pop up window did not open as before.

    Should I be concerned that the ComboFix report said that Windows Recovery Console is not installed?

    Here is the ComboFix report:
    -----------------------------------------

    ComboFix 12-01-18.04 - Owner 01/19/2012 9:52.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.605 [GMT -6:00]
    Running from: c:\documents and settings\Owner.MCNABB_LAPTOP\Desktop\username123.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    * Resident AV is active
    .
    .
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator\WINDOWS
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\Microsoft AData
    c:\documents and settings\All Users\Microsoft AData\t.sid
    c:\documents and settings\Default User\WINDOWS
    c:\documents and settings\Owner.MCNABB_LAPTOP\My Documents\~WRL3143.tmp
    c:\documents and settings\Owner.MCNABB_LAPTOP\WINDOWS
    c:\program files\Common Files\ycitilu.db
    c:\program files\WinPCap
    c:\program files\WinPCap\rpcapd.exe
    c:\windows\$NtUninstallKB8966$\234181493
    c:\windows\$NtUninstallKB8966$\4141864409\@
    c:\windows\$NtUninstallKB8966$\4141864409\bckfg.tmp
    c:\windows\$NtUninstallKB8966$\4141864409\cfg.ini
    c:\windows\$NtUninstallKB8966$\4141864409\Desktop.ini
    c:\windows\$NtUninstallKB8966$\4141864409\keywords
    c:\windows\$NtUninstallKB8966$\4141864409\kwrd.dll
    c:\windows\$NtUninstallKB8966$\4141864409\L\ceucmxgq
    c:\windows\$NtUninstallKB8966$\4141864409\lsflt7.ver
    c:\windows\$NtUninstallKB8966$\4141864409\U\00000001.@
    c:\windows\$NtUninstallKB8966$\4141864409\U\00000002.@
    c:\windows\$NtUninstallKB8966$\4141864409\U\00000004.@
    c:\windows\$NtUninstallKB8966$\4141864409\U\80000000.@
    c:\windows\$NtUninstallKB8966$\4141864409\U\80000004.@
    c:\windows\$NtUninstallKB8966$\4141864409\U\80000032.@
    c:\windows\certsystem.exe
    c:\windows\digymawe.dll
    c:\windows\fewovozam.scr
    c:\windows\ivyz.exe
    c:\windows\kb913800.exe
    c:\windows\microsoftdef.dll
    c:\windows\regred.exe
    c:\windows\securits.com
    c:\windows\spoov.exe
    c:\windows\system32\CF20554.exe
    c:\windows\system32\config\systemprofile\WINDOWS
    c:\windows\system32\drivers\npf.sys
    c:\windows\system32\Packet.dll
    c:\windows\system32\pthreadVC.dll
    c:\windows\system32\SET4C6.tmp
    c:\windows\system32\WanPacket.dll
    c:\windows\system32\wpcap.dll
    c:\windows\usexplorer.exe
    c:\windows\wiaserviv.log
    c:\windows\yxowavum._sy
    D:\Autorun.inf
    c:\windows\$NtUninstallKB8966$ . . . . Failed to delete
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_NPF
    -------\Legacy_TDSSSERV.SYS
    -------\Service_npf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-19 to 2012-01-19 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-12 20:35 . 2012-01-12 23:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2012-01-12 20:35 . 2012-01-12 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-09-19 19:44 . 2009-09-19 19:44 18630 ----a-w- c:\program files\Common Files\ciwagyzac.dll
    2009-09-19 19:44 . 2009-09-19 19:44 12651 ----a-w- c:\program files\Common Files\ajukevel.exe
    2009-09-19 03:02 . 2009-09-19 03:02 14506 ----a-w- c:\program files\Common Files\xane.bat
    2009-09-19 03:02 . 2009-09-19 03:02 12148 ----a-w- c:\program files\Common Files\vepohy.bin
    2009-09-15 23:01 . 2009-09-15 23:01 18161 ----a-w- c:\program files\Common Files\qyfarysefu.sys
    2009-09-15 23:01 . 2009-09-15 23:01 17000 ----a-w- c:\program files\Common Files\kuvyso.com
    2009-09-15 23:01 . 2009-09-15 23:01 15135 ----a-w- c:\program files\Common Files\imyqiqor.scr
    2009-09-15 23:01 . 2009-09-15 23:01 13544 ----a-w- c:\program files\Common Files\docizituni.pif
    2011-04-14 19:01 . 2010-05-09 15:41 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Power2GoExpress"="NA" [X]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-12-27 413696]
    "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-05-24 573440]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-10 169984]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1318816]
    "Dell AIO Printer A940"="c:\program files\Dell AIO Printer A940\dlbabmgr.exe" [2003-06-25 294998]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
    .
    c:\documents and settings\Owner.MCNABB_LAPTOP\Start Menu\Programs\Startup\
    Greetings Workshop Reminders.lnk - c:\program files\Greetings Workshop\GWREMIND.EXE [1997-9-3 50688]
    Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-9-27 385024]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    BigFix.lnk - c:\program files\BigFix\bigfix.exe [2008-1-10 2168360]
    WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2057536]
    WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    .
    R1 718c51b0;718c51b0;c:\windows\System32\drivers\718c51b0.sys [2009-09-21 0]
    R3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\DRIVERS\mfendisk.sys [2011-10-15 83856]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-10-15 87656]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
    S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-10-15 89792]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2012-01-03 95200]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 214904]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 160608]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-10-18 150856]
    S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-01-21 110592]
    S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-10-15 57600]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-10-15 338176]
    S3 mfendiskmp;mfendiskmp;c:\windows\system32\DRIVERS\mfendisk.sys [2011-10-15 83856]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-18 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
    .
    2008-01-27 c:\windows\Tasks\ISP signup reminder 3.job
    - c:\windows\system32\OOBE\oobebaln.exe [2006-06-17 00:12]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6959
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 99.198.16.40 99.198.16.41
    FF - ProfilePath - c:\documents and settings\Owner.MCNABB_LAPTOP\Application Data\Mozilla\Firefox\Profiles\e17k6qfe.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
    FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=62133&p=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: XULRunner: {AE18A4F2-F9A0-4337-A80D-FAB9D902C46B} - c:\documents and settings\Owner.MCNABB_LAPTOP\Local Settings\Application Data\{AE18A4F2-F9A0-4337-A80D-FAB9D902C46B}
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files\McAfee\SiteAdvisor
    FF - Ext: Move Media Player: [email protected] - c:\documents and settings\Owner.MCNABB_LAPTOP\Application Data\Move Networks
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: InboxDollars: {771f3037-9885-4423-b50f-a5ede4854e26} - %profile%\extensions\{771f3037-9885-4423-b50f-a5ede4854e26}
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{C4B8BAB4-1667-11DF-A242-BA9455D89593} - c:\program files\simppulltoolbar\auxi\simppulltoolbAu.dll
    BHO-{E4E6BF2A-1667-11DF-A01F-1F9655D89593} - (no file)
    WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
    HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
    HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
    SharedTaskScheduler-{bb0d6cf1-3f66-4489-b7d6-7ae8a9991d4c} - c:\windows\system32\vajapaso.dll
    SharedTaskScheduler-{4c6d53b7-dfd8-4c22-8fb3-e83f5bee0b41} - c:\windows\system32\kehifiya.dll
    SSODL-SysNet-{9241381B-083A-48DD-B6ED-DB71E06DC0BF} - c:\documents and settings\All Users\Microsoft AData\sysnet.dll
    SSODL-tapefasut-{bb0d6cf1-3f66-4489-b7d6-7ae8a9991d4c} - c:\windows\system32\vajapaso.dll
    SSODL-sifibupin-{4c6d53b7-dfd8-4c22-8fb3-e83f5bee0b41} - c:\windows\system32\kehifiya.dll
    AddRemove-McAfee Uninstall Utility - c:\progra~1\McAfee.com\Shared\mcappins.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-01-19 10:25
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    .
    c:\documents and settings\Owner.MCNABB_LAPTOP\Application Data\Western Digital\WD SmartWare\instances\16EBCFF2-0F54-4E37-BF20-DBBDCE872BBB\16ebcff2-0f54-4e37-bf20-dbbdce872bbb-inq.db3-journal
    c:\documents and settings\Owner.MCNABB_LAPTOP\Application Data\Western Digital\WD SmartWare\instances\307FAB35-6134-408D-97EC-E4E0FE332463\307fab35-6134-408d-97ec-e4e0fe332463-preinq.db3-journal
    c:\documents and settings\Owner.MCNABB_LAPTOP\Application Data\Western Digital\WD SmartWare\sourceq.db3-journal
    .
    scan completed successfully
    hidden files: 3
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(804)
    c:\windows\system32\WININET.dll
    c:\progra~1\mcafee\SITEAD~1\saHook.dll
    c:\program files\Google\Google Desktop Search\GoogleDesktopHyper.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\IEFRAME.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\windows\system32\LEXBCES.EXE
    c:\windows\system32\LEXPPS.EXE
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
    c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
    c:\windows\system32\dllhost.exe
    c:\windows\system32\rundll32.exe
    c:\windows\eHome\ehmsas.exe
    c:\windows\stsystra.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    c:\program files\Dell AIO Printer A940\dlbabmon.exe
    c:\program files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
    c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Common Files\Java\Java Update\jucheck.exe
    .
    **************************************************************************
    .
    Completion time: 2012-01-19 10:40:00 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-01-19 16:39
    .
    Pre-Run: 63,442,747,392 bytes free
    Post-Run: 63,501,504,512 bytes free
    .
    - - End Of File - - 4E6EB2A0239514C8A7032E4B574798F9
     
  10. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,897
    delete the existing version of combofix from desktop & download a new version from same location. Just put it on desktop. Don't click it to run it at this stage
    Make sure Mcaffee is complete disabled as it seems to be interfering with teh fix

    Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)
    Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished
    Close any open browsers
    Then drag the CFScript.txt into the ComboFix.exe or renamed combofix icon as shown in the screenshot below.



    [​IMG]



    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply


    Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum

    This will create a zip file inside C:\QooBox\quarantine named something like [38][email protected]

    at the end it will pop up an alert & open your browser and ask you to send the zip file

    please follow those instructions. We need to see the zip file before we can carry on with the fix

    If there is no pop up alert or open browser then

    please go to http://www.thespykiller.co.uk/index.php?board=1.0 and upload these files so I can examine them and if needed distribute them to antivirus companies.
    Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, If there is more than 1 file then press the more attachments button for each extra file and browse and select etc and then when all the files are listed in the windows press send to upload the files ( do not post HJT logs there as they will not get dealt with)

    Files to submit:
    the zip file inside C:\QooBox\quarantine created by combofix named something like [38][email protected]

    or to
    http://www.bleepingcomputer.com/submit-malware.php?channel=38

    When Combofix starts to run, you should get a pop ask asking you to let it install the recovery console. please let it install
     

    Attached Files:

  11. pokeycows

    pokeycows Thread Starter

    Joined:
    Dec 30, 2007
    Messages:
    49
    Hi dvk01,

    I followed your instructions above. McAffee was disabled and ComboFix ran without interruption. The computer rebooted...I still had McAffee disabled. Once the scan was finished, I was asked to send the zip file to you electronically. It sent successfully. Here is the ComboFix report:

    ComboFix 12-01-19.02 - Owner 01/20/2012 7:51.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.461 [GMT -6:00]
    Running from: c:\documents and settings\Owner.MCNABB_LAPTOP\Desktop\Username123.exe
    Command switches used :: c:\documents and settings\Owner.MCNABB_LAPTOP\Desktop\CFScript.txt
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .
    file zipped: c:\program files\Common Files\ajukevel.exe
    file zipped: c:\program files\Common Files\ciwagyzac.dll
    file zipped: c:\program files\Common Files\docizituni.pif
    file zipped: c:\program files\Common Files\imyqiqor.scr
    file zipped: c:\program files\Common Files\kuvyso.com
    file zipped: c:\program files\Common Files\qyfarysefu.sys
    file zipped: c:\program files\Common Files\vepohy.bin
    file zipped: c:\program files\Common Files\xane.bat
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\Common Files\ajukevel.exe
    c:\program files\Common Files\ciwagyzac.dll
    c:\program files\Common Files\docizituni.pif
    c:\program files\Common Files\imyqiqor.scr
    c:\program files\Common Files\kuvyso.com
    c:\program files\Common Files\qyfarysefu.sys
    c:\program files\Common Files\vepohy.bin
    c:\program files\Common Files\xane.bat
    .
    Infected copy of c:\windows\system32\kernel32.dll was found and disinfected
    Restored copy from - c:\windows\ERDNT\cache\kernel32.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-20 to 2012-01-20 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-19 22:14 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2012-01-19 22:12 . 2011-11-04 19:20 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2012-01-19 21:51 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
    2012-01-12 20:35 . 2012-01-12 23:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2012-01-12 20:35 . 2012-01-12 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-25 21:57 . 2006-06-17 10:23 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:25 . 2006-06-17 10:23 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-18 12:35 . 2006-06-17 10:23 60416 ----a-w- c:\windows\system32\packager.exe
    2011-11-04 19:20 . 2006-06-17 10:23 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20 . 2006-06-17 10:23 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20 . 2006-06-17 10:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23 . 2006-06-17 10:23 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-03 15:28 . 2006-06-17 10:23 386048 ----a-w- c:\windows\system32\qdvd.dll
    2011-11-03 15:28 . 2006-06-17 10:23 1292288 ----a-w- c:\windows\system32\quartz.dll
    2011-11-01 16:07 . 2006-06-17 10:23 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31 . 2006-06-17 10:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:37 . 2006-06-17 10:23 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52 . 2004-08-04 06:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-04-14 19:01 . 2010-05-09 15:41 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-01-19_16.26.05 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-01-20 13:58 . 2012-01-20 13:58 16384 c:\windows\Temp\Perflib_Perfdata_404.dat
    + 2007-07-31 01:19 . 2009-08-07 01:24 44768 c:\windows\system32\wups2.dll
    + 2006-06-17 10:38 . 2009-08-07 01:24 35552 c:\windows\system32\wups.dll
    - 2007-11-13 11:31 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
    + 2007-11-13 11:31 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe
    + 2006-06-17 10:23 . 2009-10-21 05:38 75776 c:\windows\system32\strmfilt.dll
    - 2006-06-17 10:23 . 2008-04-14 00:12 75776 c:\windows\system32\strmfilt.dll
    + 2006-06-17 10:23 . 2010-08-27 05:57 99840 c:\windows\system32\srvsvc.dll
    + 2006-06-17 10:23 . 2010-08-17 13:17 58880 c:\windows\system32\spoolsv.exe
    - 2006-06-17 10:23 . 2008-04-14 00:12 79872 c:\windows\system32\raschap.dll
    + 2006-06-17 10:23 . 2009-10-12 13:38 79872 c:\windows\system32\raschap.dll
    + 2010-03-31 06:16 . 2010-03-31 06:16 99176 c:\windows\system32\PresentationHostProxy.dll
    + 2006-06-17 10:23 . 2012-01-20 12:27 72754 c:\windows\system32\perfc009.dat
    + 2006-06-17 10:23 . 2011-09-26 17:41 20480 c:\windows\system32\oleaccrc.dll
    + 2009-11-07 07:07 . 2009-11-07 07:07 49488 c:\windows\system32\netfxperf.dll
    + 2009-11-07 07:07 . 2009-11-07 07:07 11600 c:\windows\system32\mui\0409\mscorees.dll
    + 2004-08-04 08:56 . 2009-11-27 17:11 17920 c:\windows\system32\msyuv.dll
    + 2006-06-17 10:23 . 2009-11-27 16:07 28672 c:\windows\system32\msvidc32.dll
    + 2006-06-17 10:23 . 2009-11-27 16:07 11264 c:\windows\system32\msrle32.dll
    - 2006-06-17 10:23 . 2008-04-14 00:12 11264 c:\windows\system32\msrle32.dll
    - 2006-06-17 10:23 . 2009-03-08 09:31 66560 c:\windows\system32\mshtmled.dll
    + 2006-06-17 10:23 . 2011-11-04 19:20 66560 c:\windows\system32\mshtmled.dll
    - 2009-03-08 09:31 . 2009-07-03 17:09 55296 c:\windows\system32\msfeedsbs.dll
    + 2009-03-08 09:31 . 2011-11-04 19:20 55296 c:\windows\system32\msfeedsbs.dll
    + 2006-06-17 10:23 . 2009-09-04 21:03 58880 c:\windows\system32\msasn1.dll
    + 2006-06-17 10:23 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll
    - 2006-06-17 10:23 . 2008-04-14 00:11 23040 c:\windows\system32\mciseq.dll
    + 2006-06-17 10:23 . 2011-11-04 19:20 25600 c:\windows\system32\jsproxy.dll
    - 2006-06-17 10:23 . 2009-07-03 17:09 25600 c:\windows\system32\jsproxy.dll
    + 2004-08-04 08:56 . 2009-11-27 16:07 48128 c:\windows\system32\iyuv_32.dll
    - 2006-06-17 10:38 . 2008-04-14 00:11 81920 c:\windows\system32\isign32.dll
    + 2006-06-17 10:38 . 2010-11-18 18:12 81920 c:\windows\system32\isign32.dll
    - 2006-06-17 10:23 . 2008-04-14 00:11 80384 c:\windows\system32\iccvid.dll
    + 2006-06-17 10:23 . 2010-06-17 14:03 80384 c:\windows\system32\iccvid.dll
    + 2006-06-17 10:23 . 2009-10-21 05:38 25088 c:\windows\system32\httpapi.dll
    + 2006-06-17 10:23 . 2009-10-15 16:28 81920 c:\windows\system32\fontsub.dll
    - 2006-06-17 10:23 . 2009-07-29 04:37 81920 c:\windows\system32\fontsub.dll
    + 2006-06-17 10:23 . 2010-11-02 15:17 40960 c:\windows\system32\drivers\ndproxy.sys
    + 2006-06-17 10:23 . 2011-07-08 14:02 10496 c:\windows\system32\drivers\ndistapi.sys
    - 2006-06-17 10:23 . 2008-04-14 00:11 45568 c:\windows\system32\dnsrslvr.dll
    + 2006-06-17 10:23 . 2009-04-20 17:17 45568 c:\windows\system32\dnsrslvr.dll
    + 2009-08-30 01:17 . 2011-11-04 19:20 12800 c:\windows\system32\dllcache\xpshims.dll
    - 2009-08-30 01:17 . 2009-07-03 17:09 12800 c:\windows\system32\dllcache\xpshims.dll
    + 2006-06-17 10:38 . 2009-08-07 01:24 35552 c:\windows\system32\dllcache\wups.dll
    + 2006-06-17 10:38 . 2010-10-11 14:59 45568 c:\windows\system32\dllcache\wab.exe
    - 2006-06-17 10:23 . 2008-04-14 00:12 75776 c:\windows\system32\dllcache\strmfilt.dll
    + 2006-06-17 10:23 . 2009-10-21 05:38 75776 c:\windows\system32\dllcache\strmfilt.dll
    + 2006-06-17 10:23 . 2010-08-27 05:57 99840 c:\windows\system32\dllcache\srvsvc.dll
    + 2006-06-17 10:23 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
    - 2006-06-17 10:23 . 2008-04-14 00:12 79872 c:\windows\system32\dllcache\raschap.dll
    + 2006-06-17 10:23 . 2009-10-12 13:38 79872 c:\windows\system32\dllcache\raschap.dll
    + 2006-06-17 10:23 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe
    + 2006-06-17 10:23 . 2011-09-26 17:41 20480 c:\windows\system32\dllcache\oleaccrc.dll
    + 2006-06-17 10:23 . 2010-11-02 15:17 40960 c:\windows\system32\dllcache\ndproxy.sys
    + 2006-06-17 10:23 . 2011-07-08 14:02 10496 c:\windows\system32\dllcache\ndistapi.sys
    + 2004-08-04 08:56 . 2009-11-27 17:11 17920 c:\windows\system32\dllcache\msyuv.dll
    + 2006-06-17 10:23 . 2009-11-27 16:07 28672 c:\windows\system32\dllcache\msvidc32.dll
    + 2006-06-17 10:23 . 2009-11-27 16:07 11264 c:\windows\system32\dllcache\msrle32.dll
    - 2006-06-17 10:23 . 2008-04-14 00:12 11264 c:\windows\system32\dllcache\msrle32.dll
    + 2006-06-17 10:23 . 2011-11-04 19:20 66560 c:\windows\system32\dllcache\mshtmled.dll
    - 2006-06-17 10:23 . 2009-03-08 09:31 66560 c:\windows\system32\dllcache\mshtmled.dll
    + 2009-08-30 01:17 . 2011-11-04 19:20 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    - 2009-08-30 01:17 . 2009-07-03 17:09 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    + 2006-06-17 10:23 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll
    - 2006-06-17 10:23 . 2008-04-14 00:11 23040 c:\windows\system32\dllcache\mciseq.dll
    + 2006-06-17 10:23 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll
    + 2006-06-17 10:23 . 2011-11-04 19:20 43520 c:\windows\system32\dllcache\licmgr10.dll
    - 2006-06-17 10:23 . 2009-07-03 17:09 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2006-06-17 10:23 . 2011-11-04 19:20 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2004-08-04 08:56 . 2009-11-27 16:07 48128 c:\windows\system32\dllcache\iyuv_32.dll
    - 2006-06-17 10:38 . 2008-04-14 00:11 81920 c:\windows\system32\dllcache\isign32.dll
    + 2006-06-17 10:38 . 2010-11-18 18:12 81920 c:\windows\system32\dllcache\isign32.dll
    + 2006-06-17 10:23 . 2009-10-21 05:38 25088 c:\windows\system32\dllcache\httpapi.dll
    - 2006-06-17 10:23 . 2009-07-29 04:37 81920 c:\windows\system32\dllcache\fontsub.dll
    + 2006-06-17 10:23 . 2009-10-15 16:28 81920 c:\windows\system32\dllcache\fontsub.dll
    + 2006-06-17 10:23 . 2009-04-20 17:17 45568 c:\windows\system32\dllcache\dnsrslvr.dll
    - 2006-06-17 10:23 . 2008-04-14 00:11 45568 c:\windows\system32\dllcache\dnsrslvr.dll
    + 2006-06-17 10:23 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll
    + 2006-06-17 10:23 . 2010-01-13 14:01 86016 c:\windows\system32\dllcache\cabview.dll
    + 2006-06-17 10:23 . 2009-11-27 16:07 84992 c:\windows\system32\dllcache\avifil32.dll
    - 2006-06-17 10:23 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
    + 2006-06-17 10:23 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll
    + 2006-06-17 10:44 . 2012-01-20 13:01 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2006-06-17 10:44 . 2012-01-19 03:17 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2006-06-17 10:44 . 2012-01-19 03:17 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2006-06-17 10:44 . 2012-01-20 13:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2012-01-19 17:11 . 2012-01-20 13:01 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2006-06-17 10:23 . 2010-01-13 14:01 86016 c:\windows\system32\cabview.dll
    + 2006-06-17 10:23 . 2009-11-27 16:07 84992 c:\windows\system32\avifil32.dll
    - 2006-06-17 10:23 . 2009-06-10 14:13 84992 c:\windows\system32\avifil32.dll
    + 2006-06-17 10:23 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll
    - 2008-07-30 00:16 . 2008-07-30 00:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
    + 2010-04-08 05:48 . 2010-04-08 05:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
    + 2009-11-07 07:07 . 2009-11-07 07:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
    + 2011-12-25 09:49 . 2011-12-25 09:49 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
    + 2009-06-25 01:56 . 2009-06-25 01:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
    + 2011-12-25 17:07 . 2011-12-25 17:07 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
    + 2011-12-25 04:55 . 2011-12-25 04:55 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
    - 2007-04-14 02:58 . 2007-04-14 02:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
    + 2011-12-25 04:55 . 2011-12-25 04:55 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
    - 2007-04-14 02:57 . 2007-04-14 02:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
    - 2007-04-14 02:57 . 2007-04-14 02:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
    + 2011-12-25 04:55 . 2011-12-25 04:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
    + 2011-12-25 05:49 . 2011-12-25 05:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
    - 2007-04-14 03:30 . 2007-04-14 03:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
    + 2011-12-25 05:49 . 2011-12-25 05:49 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
    - 2003-02-21 10:19 . 2003-02-21 10:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
    + 2007-01-15 22:11 . 2009-06-24 18:56 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\ToGac.exe
    + 2006-06-17 10:36 . 2010-02-10 00:22 81920 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Security.dll
    + 2007-01-15 22:11 . 2009-06-24 18:56 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\SetRegNI.exe
    - 2006-06-17 10:36 . 2007-01-02 22:29 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
    + 2006-06-17 10:36 . 2011-07-05 21:46 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
    - 2006-06-17 10:36 . 2007-01-02 22:29 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
    + 2006-06-17 10:36 . 2011-07-05 21:46 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
    + 2006-06-17 10:36 . 2011-07-06 15:57 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
    - 2006-06-17 10:36 . 2008-04-13 16:10 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
    + 2006-06-17 10:36 . 2011-07-06 15:57 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
    - 2006-06-17 10:36 . 2008-04-13 16:10 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
    + 2009-11-07 07:07 . 2009-11-07 07:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
    + 2009-11-07 07:07 . 2009-11-07 07:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
    + 2009-11-07 07:07 . 2009-11-07 07:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
    + 2009-11-07 07:07 . 2009-11-07 07:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
    + 2009-11-07 07:07 . 2009-11-07 07:07 13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
    + 2009-11-07 07:07 . 2009-11-07 07:07 13688 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
    + 2009-11-07 07:07 . 2009-11-07 07:07 13664 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
    + 2009-11-07 07:07 . 2009-11-07 07:07 13696 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
    + 2009-11-07 07:07 . 2009-11-07 07:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
    + 2009-11-07 07:07 . 2009-11-07 07:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
    + 2009-11-07 07:07 . 2009-11-07 07:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
    + 2009-11-07 07:07 . 2009-11-07 07:07 13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
    + 2009-11-07 07:07 . 2009-11-07 07:07 13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
    + 2009-11-07 07:07 . 2009-11-07 07:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
    + 2012-01-20 04:08 . 2012-01-20 04:08 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
    + 2012-01-20 04:27 . 2009-07-03 17:09 12800 c:\windows\ie8updates\KB2618444-IE8\xpshims.dll
    + 2012-01-20 04:27 . 2009-03-08 09:31 66560 c:\windows\ie8updates\KB2618444-IE8\mshtmled.dll
    + 2012-01-20 04:27 . 2009-07-03 17:09 55296 c:\windows\ie8updates\KB2618444-IE8\msfeedsbs.dll
    + 2012-01-20 04:27 . 2009-03-08 09:34 43008 c:\windows\ie8updates\KB2618444-IE8\licmgr10.dll
    + 2012-01-20 04:27 . 2009-07-03 17:09 25600 c:\windows\ie8updates\KB2618444-IE8\jsproxy.dll
    + 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\Driver Cache\i386\msyuv.dll
    + 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
    + 2012-01-20 04:29 . 2012-01-20 04:29 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_fa06e547\System.Drawing.Design.dll
    + 2012-01-20 04:29 . 2012-01-20 04:29 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_bfd61b6c\CustomMarshalers.dll
    + 2012-01-20 04:08 . 2012-01-20 04:08 90112 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_7efc13ec\System.Drawing.Design.dll
    + 2012-01-20 04:08 . 2012-01-20 04:08 61440 c:\windows\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_2def2e26\CustomMarshalers.dll
    + 2012-01-20 12:30 . 2012-01-20 12:30 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll
    + 2012-01-20 04:47 . 2012-01-20 04:47 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\2cddd536dadeef050e4247682b0f6a04\UIAutomationProvider.ni.dll
    + 2012-01-20 12:48 . 2012-01-20 12:48 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\6c334564da041df8fb75415f2d503224\System.Windows.Presentation.ni.dll
    + 2012-01-20 12:48 . 2012-01-20 12:48 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\750de53f30e516eb2c62de9bab7954e9\System.Web.DynamicData.Design.ni.dll
    + 2012-01-20 12:46 . 2012-01-20 12:46 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ac92806d5bd508eb25f1b4b73a36b101\System.ComponentModel.DataAnnotations.ni.dll
    + 2012-01-20 12:46 . 2012-01-20 12:46 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\e6a9cd66d11a21776dbf425e8e28099c\System.AddIn.Contract.ni.dll
    + 2012-01-20 12:25 . 2012-01-20 12:25 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\66873b557d5c7013e4c630361473b0c2\PresentationFontCache.ni.exe
    + 2012-01-20 12:24 . 2012-01-20 12:24 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\5b30652a7b802199984f93b5e414260f\PresentationCFFRasterizer.ni.dll
    + 2012-01-20 12:48 . 2012-01-20 12:48 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\eaa8d72317e5b8047e413939cc71ffba\Microsoft.Vsa.ni.dll
    + 2012-01-20 12:46 . 2012-01-20 12:46 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\aefe683674c97a998f4e908c1a7ee7c6\Microsoft.Build.Framework.ni.dll
    + 2012-01-20 12:46 . 2012-01-20 12:46 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\845eef4d09f28da6ee05d99f93c90f6e\Microsoft.Build.Framework.ni.dll
    + 2012-01-20 12:46 . 2012-01-20 12:46 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\ab7ce2d94ca725c3889a4e3c1ee88ece\dfsvc.ni.exe
    + 2012-01-20 12:45 . 2012-01-20 12:45 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    - 2009-08-31 08:11 . 2009-08-31 08:11 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
    + 2012-01-20 04:14 . 2012-01-20 04:14 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2012-01-20 04:29 . 2012-01-20 04:29 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
    + 2012-01-20 04:41 . 2012-01-20 04:41 81920 c:\windows\assembly\GAC\System.Security\1.0.3300.0__b03f5f7f11d50a3a\System.Security.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    + 2009-08-30 01:11 . 2011-02-17 12:32 5120 c:\windows\system32\xpsp4res.dll
    + 2001-08-18 06:36 . 2009-11-27 16:07 8704 c:\windows\system32\tsbyuv.dll
    + 2001-08-18 06:36 . 2009-11-27 16:07 8704 c:\windows\system32\dllcache\tsbyuv.dll
    + 2006-06-17 10:36 . 2011-07-13 00:05 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
    - 2006-06-17 10:36 . 2007-01-02 22:29 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
    + 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2006-06-17 10:24 . 2009-04-02 05:02 604160 c:\windows\system32\wmspdmod.dll
    + 2006-06-17 10:23 . 2009-12-24 06:59 177664 c:\windows\system32\wintrust.dll
    + 2006-06-17 10:23 . 2011-10-14 14:47 176128 c:\windows\system32\winmm.dll
    - 2006-06-17 10:23 . 2008-04-14 00:12 176128 c:\windows\system32\winmm.dll
    + 2006-06-17 10:23 . 2009-08-25 09:17 354816 c:\windows\system32\winhttp.dll
    + 2006-06-17 10:23 . 2011-03-04 06:37 420864 c:\windows\system32\vbscript.dll
    + 2006-06-17 10:23 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll
    - 2006-06-17 10:23 . 2008-04-14 00:12 406016 c:\windows\system32\usp10.dll
    - 2006-06-17 10:23 . 2009-03-08 09:34 105984 c:\windows\system32\url.dll
    + 2006-06-17 10:23 . 2011-11-04 19:20 105984 c:\windows\system32\url.dll
    + 2008-07-30 00:59 . 2011-09-26 17:41 611328 c:\windows\system32\uiautomationcore.dll
    + 2006-06-17 10:23 . 2010-08-27 08:02 119808 c:\windows\system32\t2embed.dll
    - 2006-06-17 10:23 . 2009-07-29 04:37 119808 c:\windows\system32\t2embed.dll
    - 2006-06-17 10:24 . 2008-10-03 10:02 247326 c:\windows\system32\strmdll.dll
    + 2006-06-17 10:24 . 2009-08-26 08:00 247326 c:\windows\system32\strmdll.dll
    - 2006-06-17 10:23 . 2008-04-14 00:12 135168 c:\windows\system32\shsvcs.dll
    + 2006-06-17 10:23 . 2009-07-27 23:17 135168 c:\windows\system32\shsvcs.dll
    - 2006-06-17 10:23 . 2008-04-14 00:12 474112 c:\windows\system32\shlwapi.dll
    + 2006-06-17 10:23 . 2009-12-08 09:23 474112 c:\windows\system32\shlwapi.dll
    + 2006-06-17 10:23 . 2011-01-21 14:44 439296 c:\windows\system32\shimgvw.dll
    + 2006-06-17 10:23 . 2011-04-29 17:25 151552 c:\windows\system32\schannel.dll
    - 2006-06-17 10:23 . 2006-10-09 21:12 291840 c:\windows\system32\sbe.dll
    + 2006-06-17 10:23 . 2011-02-04 23:48 291840 c:\windows\system32\sbe.dll
    + 2006-06-17 10:23 . 2010-08-16 08:45 590848 c:\windows\system32\rpcrt4.dll
    + 2006-06-17 10:23 . 2009-10-12 13:38 149504 c:\windows\system32\rastls.dll
    + 2010-03-31 06:10 . 2010-03-31 06:10 295264 c:\windows\system32\PresentationHost.exe
    + 2006-06-17 10:23 . 2012-01-20 12:27 445044 c:\windows\system32\perfh009.dat
    + 2006-06-17 10:23 . 2010-12-20 17:32 551936 c:\windows\system32\oleaut32.dll
    - 2006-06-17 10:23 . 2008-04-14 00:12 551936 c:\windows\system32\oleaut32.dll
    + 2006-06-17 10:23 . 2011-09-26 17:41 220160 c:\windows\system32\oleacc.dll
    - 2006-06-17 10:23 . 2008-04-14 00:12 249856 c:\windows\system32\odbc32.dll
    + 2006-06-17 10:23 . 2010-11-09 14:52 249856 c:\windows\system32\odbc32.dll
    - 2006-06-17 10:23 . 2009-07-03 17:09 206848 c:\windows\system32\occache.dll
    + 2006-06-17 10:23 . 2011-11-04 19:20 206848 c:\windows\system32\occache.dll
    + 2006-06-17 10:23 . 2009-10-13 10:30 270336 c:\windows\system32\oakley.dll
    - 2006-06-17 10:23 . 2008-04-14 00:12 270336 c:\windows\system32\oakley.dll
    + 2006-06-17 10:23 . 2010-12-09 15:15 718336 c:\windows\system32\ntdll.dll
    + 2006-06-17 10:23 . 2008-06-20 16:02 245248 c:\windows\system32\mswsock.dll
    - 2006-06-17 10:23 . 2008-06-20 17:46 245248 c:\windows\system32\mswsock.dll
    + 2006-06-17 10:23 . 2009-09-11 14:18 136192 c:\windows\system32\msv1_0.dll
    - 2006-06-17 10:23 . 2009-06-25 08:25 136192 c:\windows\system32\msv1_0.dll
    + 2006-06-17 10:35 . 2011-01-27 11:57 677888 c:\windows\system32\mstsc.exe
    - 2006-06-17 10:35 . 2008-04-14 00:12 677888 c:\windows\system32\mstsc.exe
    + 2006-06-17 10:23 . 2011-11-04 19:20 611840 c:\windows\system32\mstime.dll
    - 2006-06-17 10:23 . 2009-03-08 09:32 611840 c:\windows\system32\mstime.dll
    + 2006-06-17 10:35 . 2009-12-16 18:43 343040 c:\windows\system32\mspaint.exe
    - 2006-06-17 10:35 . 2008-04-14 00:12 343040 c:\windows\system32\mspaint.exe
    + 2009-03-08 09:32 . 2011-11-04 19:20 602112 c:\windows\system32\msfeeds.dll
    + 2009-11-06 03:17 . 2009-11-06 03:17 297808 c:\windows\system32\mscoree.dll
    - 2006-10-19 02:47 . 2006-10-19 02:47 317440 c:\windows\system32\MP4SDECD.dll
    + 2006-10-19 02:47 . 2010-03-30 18:24 317440 c:\windows\system32\mp4sdecd.dll
    + 2006-06-17 10:23 . 2011-02-08 13:33 974848 c:\windows\system32\mfc42u.dll
    + 2006-06-17 10:23 . 2011-02-08 13:33 978944 c:\windows\system32\mfc42.dll
    + 2006-06-17 10:23 . 2010-09-18 06:53 953856 c:\windows\system32\mfc40u.dll
    + 2006-06-17 10:23 . 2010-09-18 06:53 954368 c:\windows\system32\mfc40.dll
    - 2006-06-17 10:23 . 2009-06-25 08:25 730112 c:\windows\system32\lsasrv.dll
    + 2006-06-17 10:23 . 2010-12-20 17:26 730112 c:\windows\system32\lsasrv.dll
    + 2006-06-17 10:23 . 2010-12-22 12:34 301568 c:\windows\system32\kerberos.dll
    - 2006-06-17 10:23 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll
    + 2006-06-17 10:23 . 2011-03-04 06:37 726528 c:\windows\system32\jscript.dll
    - 2006-06-17 10:23 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll
    + 2006-06-17 10:38 . 2011-10-10 14:22 692736 c:\windows\system32\inetcomm.dll
    + 2006-06-17 10:23 . 2011-11-04 19:20 184320 c:\windows\system32\iepeers.dll
    - 2006-06-17 10:23 . 2009-07-03 17:09 184320 c:\windows\system32\iepeers.dll
    + 2006-06-17 10:23 . 2011-11-04 19:20 387584 c:\windows\system32\iedkcs32.dll
    + 2006-06-17 10:23 . 2011-11-04 11:24 174080 c:\windows\system32\ie4uinit.exe
    + 2006-06-17 03:30 . 2012-01-20 12:22 229592 c:\windows\system32\FNTCACHE.DAT
    - 2006-06-17 03:30 . 2011-05-04 23:04 229592 c:\windows\system32\FNTCACHE.DAT
    - 2006-06-17 10:23 . 2006-10-09 21:12 456192 c:\windows\system32\encdec.dll
    + 2006-06-17 10:23 . 2011-10-14 23:38 456192 c:\windows\system32\encdec.dll
    + 2006-06-17 10:23 . 2010-02-11 12:02 226880 c:\windows\system32\drivers\tcpip6.sys
    + 2006-06-17 10:23 . 2011-02-17 13:18 357888 c:\windows\system32\drivers\srv.sys
    - 2006-06-17 10:35 . 2008-04-14 00:13 139656 c:\windows\system32\drivers\rdpwd.sys
    + 2006-06-17 10:35 . 2011-06-24 14:10 139656 c:\windows\system32\drivers\rdpwd.sys
    + 2006-06-17 10:23 . 2011-04-21 13:37 105472 c:\windows\system32\drivers\mup.sys
    + 2006-06-17 10:23 . 2011-07-15 13:29 456320 c:\windows\system32\drivers\mrxsmb.sys
    + 2004-08-04 07:00 . 2009-10-20 16:20 265728 c:\windows\system32\drivers\http.sys
    - 2006-06-17 10:23 . 2008-08-14 10:04 138496 c:\windows\system32\drivers\afd.sys
    + 2006-06-17 10:23 . 2011-08-17 13:49 138496 c:\windows\system32\drivers\afd.sys
    + 2006-06-17 10:23 . 2011-03-03 06:55 149504 c:\windows\system32\dnsapi.dll
    + 2006-06-17 10:35 . 2010-07-12 12:55 218112 c:\windows\system32\dllcache\wordpad.exe
    + 2006-06-17 10:24 . 2009-04-02 05:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
    + 2006-06-17 10:23 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
    - 2006-06-17 10:23 . 2008-04-14 00:12 293376 c:\windows\system32\dllcache\winsrv.dll
    + 2006-06-17 10:23 . 2011-11-25 21:57 293376 c:\windows\system32\dllcache\winsrv.dll
    - 2006-06-17 10:23 . 2008-04-14 00:12 176128 c:\windows\system32\dllcache\winmm.dll
    + 2006-06-17 10:23 . 2011-10-14 14:47 176128 c:\windows\system32\dllcache\winmm.dll
    + 2006-06-17 10:23 . 2011-11-04 19:20 916992 c:\windows\system32\dllcache\wininet.dll
    + 2006-06-17 10:23 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
    + 2009-03-08 09:33 . 2011-04-30 03:01 758784 c:\windows\system32\dllcache\vgx.dll
    + 2006-06-17 10:23 . 2011-03-04 06:37 420864 c:\windows\system32\dllcache\vbscript.dll
    - 2006-06-17 10:23 . 2008-04-14 00:12 406016 c:\windows\system32\dllcache\usp10.dll
    + 2006-06-17 10:23 . 2010-04-16 15:36 406016 c:\windows\system32\dllcache\usp10.dll
    - 2006-06-17 10:23 . 2009-03-08 09:34 105984 c:\windows\system32\dllcache\url.dll
    + 2006-06-17 10:23 . 2011-11-04 19:20 105984 c:\windows\system32\dllcache\url.dll
    + 2006-06-17 10:23 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys
    + 2006-06-17 10:23 . 2010-08-27 08:02 119808 c:\windows\system32\dllcache\t2embed.dll
    - 2006-06-17 10:23 . 2009-07-29 04:37 119808 c:\windows\system32\dllcache\t2embed.dll
    - 2006-06-17 10:24 . 2008-10-03 10:02 247326 c:\windows\system32\dllcache\strmdll.dll
    + 2006-06-17 10:24 . 2009-08-26 08:00 247326 c:\windows\system32\dllcache\strmdll.dll
    + 2006-06-17 10:23 . 2011-02-17 13:18 357888 c:\windows\system32\dllcache\srv.sys
    + 2006-06-17 10:23 . 2009-07-27 23:17 135168 c:\windows\system32\dllcache\shsvcs.dll
    - 2006-06-17 10:23 . 2008-04-14 00:12 135168 c:\windows\system32\dllcache\shsvcs.dll
    - 2006-06-17 10:23 . 2008-04-14 00:12 474112 c:\windows\system32\dllcache\shlwapi.dll
    + 2006-06-17 10:23 . 2009-12-08 09:23 474112 c:\windows\system32\dllcache\shlwapi.dll
    + 2006-06-17 10:23 . 2011-01-21 14:44 439296 c:\windows\system32\dllcache\shimgvw.dll
    + 2006-06-17 10:23 . 2011-04-29 17:25 151552 c:\windows\system32\dllcache\schannel.dll
    + 2006-06-17 10:23 . 2011-02-04 23:48 291840 c:\windows\system32\dllcache\sbe.dll
    - 2006-06-17 10:23 . 2006-10-09 21:12 291840 c:\windows\system32\dllcache\sbe.dll
    + 2006-06-17 10:23 . 2010-08-16 08:45 590848 c:\windows\system32\dllcache\rpcrt4.dll
    - 2006-06-17 10:35 . 2008-04-14 00:13 139656 c:\windows\system32\dllcache\rdpwd.sys
    + 2006-06-17 10:35 . 2011-06-24 14:10 139656 c:\windows\system32\dllcache\rdpwd.sys
    + 2006-06-17 10:23 . 2009-10-12 13:38 149504 c:\windows\system32\dllcache\rastls.dll
    + 2006-06-17 10:23 . 2011-11-03 15:28 386048 c:\windows\system32\dllcache\qdvd.dll
    - 2006-06-17 10:23 . 2008-04-14 00:12 386048 c:\windows\system32\dllcache\qdvd.dll
    + 2006-06-17 10:23 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll
    - 2006-06-17 10:23 . 2008-04-14 00:12 551936 c:\windows\system32\dllcache\oleaut32.dll
    + 2006-06-17 10:23 . 2011-09-26 17:41 220160 c:\windows\system32\dllcache\oleacc.dll
    + 2006-06-17 10:23 . 2010-11-09 14:52 249856 c:\windows\system32\dllcache\odbc32.dll
    - 2006-06-17 10:23 . 2008-04-14 00:12 249856 c:\windows\system32\dllcache\odbc32.dll
    - 2006-06-17 10:23 . 2009-07-03 17:09 206848 c:\windows\system32\dllcache\occache.dll
    + 2006-06-17 10:23 . 2011-11-04 19:20 206848 c:\windows\system32\dllcache\occache.dll
    - 2006-06-17 10:23 . 2008-04-14 00:12 270336 c:\windows\system32\dllcache\oakley.dll
    + 2006-06-17 10:23 . 2009-10-13 10:30 270336 c:\windows\system32\dllcache\oakley.dll
    + 2006-06-17 10:23 . 2010-12-09 15:15 718336 c:\windows\system32\dllcache\ntdll.dll
    + 2006-06-17 10:23 . 2011-04-21 13:37 105472 c:\windows\system32\dllcache\mup.sys
    - 2006-06-17 10:23 . 2008-06-20 17:46 245248 c:\windows\system32\dllcache\mswsock.dll
    + 2006-06-17 10:23 . 2008-06-20 16:02 245248 c:\windows\system32\dllcache\mswsock.dll
    - 2006-06-17 10:23 . 2009-06-25 08:25 136192 c:\windows\system32\dllcache\msv1_0.dll
    + 2006-06-17 10:23 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll
    + 2006-06-17 10:23 . 2011-11-04 19:20 611840 c:\windows\system32\dllcache\mstime.dll
    - 2006-06-17 10:23 . 2009-03-08 09:32 611840 c:\windows\system32\dllcache\mstime.dll
    - 2006-06-17 10:35 . 2008-04-14 00:12 343040 c:\windows\system32\dllcache\mspaint.exe
    + 2006-06-17 10:35 . 2009-12-16 18:43 343040 c:\windows\system32\dllcache\mspaint.exe
    + 2010-11-09 14:52 . 2010-11-09 14:52 102400 c:\windows\system32\dllcache\msjro.dll
    + 2009-08-30 01:17 . 2011-11-04 19:20 602112 c:\windows\system32\dllcache\msfeeds.dll
    + 2006-06-17 10:38 . 2010-11-09 14:52 200704 c:\windows\system32\dllcache\msadox.dll
    - 2006-06-17 10:38 . 2008-04-14 00:11 200704 c:\windows\system32\dllcache\msadox.dll
    + 2010-11-09 14:52 . 2010-11-09 14:52 180224 c:\windows\system32\dllcache\msadomd.dll
    - 2006-06-17 10:38 . 2008-04-14 00:11 536576 c:\windows\system32\dllcache\msado15.dll
    + 2006-06-17 10:38 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll
    + 2010-11-09 14:52 . 2010-11-09 14:52 143360 c:\windows\system32\dllcache\msadco.dll
    + 2006-06-17 10:23 . 2011-07-15 13:29 456320 c:\windows\system32\dllcache\mrxsmb.sys
    + 2010-03-30 18:24 . 2010-03-30 18:24 317440 c:\windows\system32\dllcache\mp4sdecd.dll
    + 2006-06-17 10:23 . 2011-02-08 13:33 974848 c:\windows\system32\dllcache\mfc42u.dll
    + 2006-06-17 10:23 . 2011-02-08 13:33 978944 c:\windows\system32\dllcache\mfc42.dll
    + 2006-06-17 10:23 . 2010-09-18 06:53 953856 c:\windows\system32\dllcache\mfc40u.dll
    + 2006-06-17 10:23 . 2010-09-18 06:53 954368 c:\windows\system32\dllcache\mfc40.dll
    - 2006-06-17 10:23 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
    + 2006-06-17 10:23 . 2010-12-20 17:26 730112 c:\windows\system32\dllcache\lsasrv.dll
    + 2006-06-17 10:35 . 2011-01-27 11:57 677888 c:\windows\system32\dllcache\lhmstsc.exe
    - 2006-06-17 10:35 . 2008-04-14 00:12 677888 c:\windows\system32\dllcache\lhmstsc.exe
    + 2006-06-17 10:23 . 2010-12-22 12:34 301568 c:\windows\system32\dllcache\kerberos.dll
    - 2006-06-17 10:23 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
    - 2006-06-17 10:23 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll
    + 2006-06-17 10:23 . 2011-03-04 06:37 726528 c:\windows\system32\dllcache\jscript.dll
    + 2006-06-17 10:38 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll
    + 2009-08-30 01:17 . 2011-11-04 19:20 247808 c:\windows\system32\dllcache\ieproxy.dll
    - 2006-06-17 10:23 . 2009-07-03 17:09 184320 c:\windows\system32\dllcache\iepeers.dll
    + 2006-06-17 10:23 . 2011-11-04 19:20 184320 c:\windows\system32\dllcache\iepeers.dll
    + 2006-06-17 10:23 . 2011-11-04 19:20 387584 c:\windows\system32\dllcache\iedkcs32.dll
    + 2006-06-17 10:23 . 2011-11-04 11:24 174080 c:\windows\system32\dllcache\ie4uinit.exe
    + 2004-08-04 07:00 . 2009-10-20 16:20 265728 c:\windows\system32\dllcache\http.sys
    - 2006-06-17 10:38 . 2008-04-14 00:12 744448 c:\windows\system32\dllcache\helpsvc.exe
    + 2006-06-17 10:38 . 2010-06-14 14:31 744448 c:\windows\system32\dllcache\helpsvc.exe
    + 2006-06-17 10:23 . 2011-10-14 23:38 456192 c:\windows\system32\dllcache\encdec.dll
    - 2006-06-17 10:23 . 2006-10-09 21:12 456192 c:\windows\system32\dllcache\encdec.dll
    + 2006-06-17 10:23 . 2011-03-03 06:55 149504 c:\windows\system32\dllcache\dnsapi.dll
    - 2006-06-17 10:23 . 2008-04-14 00:11 599040 c:\windows\system32\dllcache\crypt32.dll
    + 2006-06-17 10:23 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll
    - 2006-06-17 10:23 . 2008-04-14 00:11 617472 c:\windows\system32\dllcache\comctl32.dll
    + 2006-06-17 10:23 . 2010-08-23 16:12 617472 c:\windows\system32\dllcache\comctl32.dll
    + 2006-06-17 10:23 . 2011-02-15 12:56 290432 c:\windows\system32\dllcache\atmfd.dll
    - 2006-06-17 10:23 . 2008-08-14 10:04 138496 c:\windows\system32\dllcache\afd.sys
    + 2006-06-17 10:23 . 2011-08-17 13:49 138496 c:\windows\system32\dllcache\afd.sys
    + 2006-06-17 10:23 . 2010-02-12 04:33 100864 c:\windows\system32\dllcache\6to4svc.dll
    + 2006-06-17 10:23 . 2011-09-28 07:06 599040 c:\windows\system32\crypt32.dll
    - 2006-06-17 10:23 . 2008-04-14 00:11 599040 c:\windows\system32\crypt32.dll
    + 2009-07-28 21:52 . 2012-01-20 13:01 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
    - 2009-07-28 21:52 . 2012-01-19 03:17 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
    + 2006-06-17 10:23 . 2010-08-23 16:12 617472 c:\windows\system32\comctl32.dll
    - 2006-06-17 10:23 . 2008-04-14 00:11 617472 c:\windows\system32\comctl32.dll
    + 2006-06-17 10:23 . 2011-02-15 12:56 290432 c:\windows\system32\atmfd.dll
    + 2006-06-17 10:23 . 2010-02-12 04:33 100864 c:\windows\system32\6to4svc.dll
    - 2006-06-17 10:38 . 2008-04-14 00:12 744448 c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    + 2006-06-17 10:38 . 2010-06-14 14:31 744448 c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    + 2010-03-31 06:16 . 2010-03-31 06:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
    + 2010-04-08 05:48 . 2010-04-08 05:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
    - 2008-07-30 00:16 . 2008-07-30 00:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
    + 2010-04-08 05:48 . 2010-04-08 05:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
    + 2011-12-25 09:49 . 2011-12-25 09:49 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
    + 2010-02-09 18:22 . 2010-02-09 18:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
    - 2008-07-25 16:17 . 2008-07-25 16:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
    + 2011-07-07 11:18 . 2011-07-07 11:18 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
    + 2011-03-25 12:15 . 2011-03-25 12:15 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
    + 2011-07-07 11:18 . 2011-07-07 11:18 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
    - 2007-04-14 02:58 . 2007-04-14 02:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
    + 2011-12-25 04:55 . 2011-12-25 04:55 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
    - 2007-04-14 02:56 . 2007-04-14 02:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
    + 2011-12-25 04:53 . 2011-12-25 04:53 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
    - 2007-04-14 03:30 . 2007-04-14 03:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
    + 2011-12-25 05:49 . 2011-12-25 05:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
    + 2006-06-17 10:36 . 2011-07-05 21:44 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
    - 2006-06-17 10:36 . 2004-07-20 09:54 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
    - 2006-06-17 10:36 . 2008-04-13 16:09 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
    + 2006-06-17 10:36 . 2011-07-06 15:57 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
    + 2011-12-25 11:40 . 2011-12-25 11:40 819200 c:\windows\Installer\283effa.msp
    + 2010-02-25 06:14 . 2010-02-25 06:14 543232 c:\windows\Installer\283ef88.msp
    + 2012-01-20 04:08 . 2012-01-20 04:08 429568 c:\windows\Installer\283ef81.msi
    + 2012-01-20 04:27 . 2009-07-03 17:09 915456 c:\windows\ie8updates\KB2618444-IE8\wininet.dll
    + 2012-01-20 04:27 . 2009-03-08 09:34 105984 c:\windows\ie8updates\KB2618444-IE8\url.dll
    + 2012-01-20 04:27 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2618444-IE8\spuninst\updspapi.dll
    + 2012-01-20 04:27 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2618444-IE8\spuninst\spuninst.exe
    + 2012-01-20 04:27 . 2009-07-03 17:09 206848 c:\windows\ie8updates\KB2618444-IE8\occache.dll
    + 2012-01-20 04:27 . 2009-03-08 09:32 611840 c:\windows\ie8updates\KB2618444-IE8\mstime.dll
    + 2012-01-20 04:27 . 2009-07-03 17:09 594432 c:\windows\ie8updates\KB2618444-IE8\msfeeds.dll
    + 2012-01-20 04:27 . 2009-07-03 17:09 246272 c:\windows\ie8updates\KB2618444-IE8\ieproxy.dll
    + 2012-01-20 04:27 . 2009-07-03 17:09 184320 c:\windows\ie8updates\KB2618444-IE8\iepeers.dll
    + 2012-01-20 04:27 . 2009-03-08 09:35 742912 c:\windows\ie8updates\KB2618444-IE8\iedvtool.dll
    + 2012-01-20 04:27 . 2009-07-03 17:09 386048 c:\windows\ie8updates\KB2618444-IE8\iedkcs32.dll
    + 2012-01-20 04:27 . 2009-07-03 11:01 173056 c:\windows\ie8updates\KB2618444-IE8\ie4uinit.exe
    + 2012-01-20 04:07 . 2009-03-08 09:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll
    + 2012-01-20 04:07 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll
    + 2012-01-20 04:07 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
    + 2012-01-20 04:08 . 2009-03-08 09:33 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
    + 2012-01-20 04:08 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
    + 2012-01-20 04:08 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
    + 2012-01-20 04:08 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll
    - 2005-08-06 04:06 . 2006-10-09 21:12 107008 c:\windows\ehome\mstvcapn.dll
    + 2005-08-06 04:06 . 2011-11-02 15:25 107008 c:\windows\ehome\mstvcapn.dll
    + 2008-11-12 16:26 . 2011-07-15 13:29 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
    + 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\Driver Cache\i386\http.sys
    + 2009-08-31 08:15 . 2009-08-31 08:15 303104 c:\windows\assembly\temp\3CKS08GOW4\System.Runtime.Remoting.dll
    + 2012-01-20 04:30 . 2012-01-20 04:30 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_950eb0ba\System.Drawing.dll
    + 2012-01-20 04:30 . 2012-01-20 04:30 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_c8695e65\System.Drawing.Design.dll
    + 2012-01-20 04:30 . 2012-01-20 04:30 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_d5564b27\CustomMarshalers.dll
    + 2012-01-20 04:08 . 2012-01-20 04:08 847872 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_780a5660\System.Drawing.dll
    + 2012-01-20 12:46 . 2012-01-20 12:46 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\c8627df7adb416722d8e0f05c57fef6b\WsatConfig.ni.exe
    + 2012-01-20 12:31 . 2012-01-20 12:31 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a2c1bb3c5b1447b398e72c56091ca571\WindowsFormsIntegration.ni.dll
    + 2012-01-20 12:30 . 2012-01-20 12:30 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f102afdffdbe2565bcedb7fa0626b865\UIAutomationTypes.ni.dll
    + 2012-01-20 04:47 . 2012-01-20 04:47 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\1d1a920a8e798c76879d56b151789d3e\UIAutomationTypes.ni.dll
    + 2012-01-20 12:30 . 2012-01-20 12:30 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\ba55240b7753047f8d1b03ef473bf74e\UIAutomationClient.ni.dll
    + 2012-01-20 12:49 . 2012-01-20 12:49 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\566b2e11e7f3f6d973b17b86cf42f9bc\System.Xml.Linq.ni.dll
    + 2012-01-20 12:48 . 2012-01-20 12:48 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\0bda7bdfaf440d5dd4bc6a1dea7ffa39\System.Web.Routing.ni.dll
    + 2012-01-20 12:48 . 2012-01-20 12:48 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\018b6e48c32d5b5d78086998e3505f1c\System.Web.RegularExpressions.ni.dll
    + 2012-01-20 12:48 . 2012-01-20 12:48 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6e29f9faa74a48b83a13a3413b826295\System.Web.Extensions.Design.ni.dll
    + 2012-01-20 12:48 . 2012-01-20 12:48 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\be8965fe859bc53dff61579bf626858b\System.Web.Entity.ni.dll
    + 2012-01-20 12:48 . 2012-01-20 12:48 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\8441b3eb247e0344fede848337ee911c\System.Web.Entity.Design.ni.dll
    + 2012-01-20 12:48 . 2012-01-20 12:48 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\09c6a41f187ba483486cdb92dad714a1\System.Web.DynamicData.ni.dll
    + 2012-01-20 12:48 . 2012-01-20 12:48 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\5efb726d424b9712632eff749411fa89\System.Web.Abstractions.ni.dll
    + 2012-01-20 12:48 . 2012-01-20 12:48 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll
    + 2012-01-20 12:48 . 2012-01-20 12:48 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
    + 2012-01-20 12:46 . 2012-01-20 12:46 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\36c12de583ee81e9c99acb72b09d77ac\System.Security.ni.dll
    + 2012-01-20 12:48 . 2012-01-20 12:48 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\81096bfe85eb0da5f05e8a127ffa43b2\System.Runtime.Serialization.Formatters.Soap.ni.dll
    + 2012-01-20 12:48 . 2012-01-20 12:48 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\b2a84980f206431821d85d5155d5916f\System.Net.ni.dll
    + 2012-01-20 12:48 . 2012-01-20 12:48 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
    + 2012-01-20 12:48 . 2012-01-20 12:48 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\f36eded354122da9555a6c7cdbdb5431\System.Management.Instrumentation.ni.dll
    + 2012-01-20 12:45 . 2012-01-20 12:45 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\20a77c41ee12362d303fb2574fcd5a24\System.IO.Log.ni.dll
    + 2012-01-20 12:45 . 2012-01-20 12:45 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\41c3a2fcffc58b20023c7d54e57ea956\System.IdentityModel.Selectors.ni.dll
    + 2012-01-20 12:48 . 2012-01-20 12:48 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.Wrapper.dll
    + 2012-01-20 12:48 . 2012-01-20 12:48 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.ni.dll
    + 2012-01-20 12:28 . 2012-01-20 12:28 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\896eca06e2d9377b2dc4fad56ce49b07\System.Drawing.Design.ni.dll
    + 2012-01-20 12:48 . 2012-01-20 12:48 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\33e9b0c368c31ef37a2ec7b5a181044b\System.DirectoryServices.Protocols.ni.dll
    + 2012-01-20 12:47 . 2012-01-20 12:47 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\11cdd1c0d65428cd3505d3813d36638c\System.DirectoryServices.AccountManagement.ni.dll
    + 2012-01-20 12:47 . 2012-01-20 12:47 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e5ada332a9bc3c982e6aede6ba354196\System.Data.Services.Client.ni.dll
    + 2012-01-20 12:47 . 2012-01-20 12:47 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3f179f373f31817a914b639a56cc0497\System.Data.Services.Design.ni.dll
    + 2012-01-20 12:47 . 2012-01-20 12:47 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\f374e8e7849a72d1470b4a6a0771a137\System.Data.Entity.Design.ni.dll
    + 2012-01-20 12:47 . 2012-01-20 12:47 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\b9d9ff5d03e90ede1116794f2c7dd6da\System.Data.DataSetExtensions.ni.dll
    + 2012-01-20 12:46 . 2012-01-20 12:46 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
    + 2012-01-20 12:48 . 2012-01-20 12:48 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\29d7091f6eab0ec61c4eb625ed221b73\System.Configuration.Install.ni.dll
    + 2012-01-20 12:46 . 2012-01-20 12:46 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\3048737e9e3bf5173121a084337256bc\System.AddIn.ni.dll
    + 2012-01-20 12:46 . 2012-01-20 12:46 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6e45cf503f025c5fe814ea7e52f62a78\SMSvcHost.ni.exe
    + 2012-01-20 12:46 . 2012-01-20 12:46 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\474a341340f687bcbd7777f2820a8c7a\SMDiagnostics.ni.dll
    + 2012-01-20 12:46 . 2012-01-20 12:46 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\439732479756e0f6df88d29e50a402bf\ServiceModelReg.ni.exe
    + 2012-01-20 04:50 . 2012-01-20 04:50 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d548bacfbb5e860debf12027d4b753ae\PresentationFramework.Classic.ni.dll
    + 2012-01-20 12:26 . 2012-01-20 12:26 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c2ebcc8d60422f224b4088f3d7a2ac1f\PresentationFramework.Luna.ni.dll
    + 2012-01-20 12:26 . 2012-01-20 12:26 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94cfc00ad448575bfb0e67c53b514cd5\PresentationFramework.Aero.ni.dll
    + 2012-01-20 12:26 . 2012-01-20 12:26 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\478d57d96f3d8d5fc15c7ac635a4a6a1\PresentationFramework.Classic.ni.dll
    + 2012-01-20 04:50 . 2012-01-20 04:50 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\24b04dd14603fb47394499ecfedc4afb\PresentationFramework.Royale.ni.dll
    + 2012-01-20 12:26 . 2012-01-20 12:26 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\23c5852ff8ed973ff9b63ce9ba7f91f0\PresentationFramework.Royale.ni.dll
    + 2012-01-20 04:50 . 2012-01-20 04:50 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0a1dbf17855d43bdf5c904709fdfe1cd\PresentationFramework.Aero.ni.dll
    + 2012-01-20 04:50 . 2012-01-20 04:50 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\088d16321ba4b13795060bb8b9bc4d09\PresentationFramework.Luna.ni.dll
    + 2012-01-20 12:46 . 2012-01-20 12:46 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\04595f414c49cf2a65b349648ba23e62\MSBuild.ni.exe
    + 2012-01-20 12:46 . 2012-01-20 12:46 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\4cbd7ed9fbf9f1b3cbdf23906cc0f5a3\Microsoft.Transactions.Bridge.Dtc.ni.dll
    + 2012-01-20 12:46 . 2012-01-20 12:46 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\ff6d4892775fd1f9b137f7c92ea453f2\Microsoft.Build.Utilities.ni.dll
    + 2012-01-20 12:46 . 2012-01-20 12:46 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\47ff0720cb80a0fc0bbd15ddc3d12adc\Microsoft.Build.Utilities.v3.5.ni.dll
    + 2012-01-20 12:46 . 2012-01-20 12:46 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\da112c5757e3c68d6369b6aa46cc9682\Microsoft.Build.Engine.ni.dll
    + 2012-01-20 12:46 . 2012-01-20 12:46 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\dc278e1123086ae32fec8f7e9751db14\Microsoft.Build.Conversion.v3.5.ni.dll
    + 2012-01-20 12:46 . 2012-01-20 12:46 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll
    + 2012-01-20 12:46 . 2012-01-20 12:46 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\4e68d5df30b197ff72c75f1c3c24b949\ComSvcConfig.ni.exe
    + 2012-01-20 12:45 . 2012-01-20 12:45 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\bfcea15c95909860c4f4ac19bd7a2d6c\AspNetMMCExt.ni.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2012-01-20 04:14 . 2012-01-20 04:14 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2012-01-20 04:14 . 2012-01-20 04:14 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    - 2009-08-31 08:11 . 2009-08-31 08:11 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
    + 2012-01-20 04:14 . 2012-01-20 04:14 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2006-06-17 10:23 . 2009-11-21 15:51 471552 c:\windows\AppPatch\aclayers.dll
    + 2012-01-19 21:54 . 2010-10-23 00:51 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll
    + 2012-01-19 22:18 . 2010-08-23 16:12 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    + 2009-07-21 06:03 . 2009-07-21 06:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
    + 2006-06-17 10:24 . 2010-04-06 10:52 2462720 c:\windows\system32\WMVCore.dll
    + 2006-06-17 10:23 . 2011-11-04 19:20 1212416 c:\windows\system32\urlmon.dll
    + 2006-06-17 10:23 . 2011-01-21 14:44 8462336 c:\windows\system32\shell32.dll
    - 2006-06-17 10:23 . 2008-04-14 00:12 1435648 c:\windows\system32\query.dll
    + 2006-06-17 10:23 . 2009-07-17 16:22 1435648 c:\windows\system32\query.dll
    + 2008-08-30 13:43 . 2009-07-31 16:05 1372672 c:\windows\system32\msxml6.dll
    + 2009-07-21 06:05 . 2009-07-21 06:05 1348432 c:\windows\system32\msxml4.dll
    + 2006-06-17 10:23 . 2010-06-14 07:41 1172480 c:\windows\system32\msxml3.dll
    + 2006-06-17 10:35 . 2011-02-02 07:58 2067456 c:\windows\system32\mstscax.dll
    + 2006-06-17 10:23 . 2011-11-04 19:20 5978112 c:\windows\system32\mshtml.dll
    + 2009-03-08 09:32 . 2011-11-04 19:20 2000384 c:\windows\system32\iertutil.dll
    + 2006-06-17 10:24 . 2010-04-06 10:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
    + 2006-06-17 10:23 . 2011-11-23 13:25 1859584 c:\windows\system32\dllcache\win32k.sys
    + 2006-06-17 10:23 . 2011-11-04 19:20 1212416 c:\windows\system32\dllcache\urlmon.dll
    + 2006-06-17 10:23 . 2011-01-21 14:44 8462336 c:\windows\system32\dllcache\shell32.dll
    + 2006-06-17 10:23 . 2009-07-17 16:22 1435648 c:\windows\system32\dllcache\query.dll
    - 2006-06-17 10:23 . 2008-04-14 00:12 1435648 c:\windows\system32\dllcache\query.dll
    + 2006-06-17 10:23 . 2011-11-03 15:28 1292288 c:\windows\system32\dllcache\quartz.dll
    + 2006-06-17 10:23 . 2011-11-01 16:07 1288704 c:\windows\system32\dllcache\ole32.dll
    + 2008-10-15 10:29 . 2011-10-25 13:33 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
    + 2004-08-04 06:59 . 2011-10-25 12:52 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
    + 2008-10-15 10:29 . 2011-10-25 12:52 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
    + 2006-06-17 10:23 . 2011-10-25 13:37 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
    + 2008-08-30 13:43 . 2009-07-31 16:05 1372672 c:\windows\system32\dllcache\msxml6.dll
    + 2006-06-17 10:23 . 2010-06-14 07:41 1172480 c:\windows\system32\dllcache\msxml3.dll
    + 2006-06-17 10:38 . 2010-01-29 15:01 1315328 c:\windows\system32\dllcache\msoe.dll
    - 2006-06-17 10:38 . 2009-07-10 13:27 1315328 c:\windows\system32\dllcache\msoe.dll
    + 2006-06-17 10:23 . 2011-11-04 19:20 5978112 c:\windows\system32\dllcache\mshtml.dll
    + 2006-06-17 10:35 . 2011-02-02 07:58 2067456 c:\windows\system32\dllcache\lhmstscx.dll
    + 2009-08-30 01:17 . 2011-11-04 19:20 2000384 c:\windows\system32\dllcache\iertutil.dll
    + 2009-11-07 07:06 . 2009-11-07 07:06 1130824 c:\windows\system32\dfshim.dll
    + 2010-04-08 05:48 . 2010-04-08 05:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
    + 2011-03-25 12:15 . 2011-03-25 12:15 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
    - 2008-07-25 16:17 . 2008-07-25 16:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
    + 2011-12-25 09:50 . 2011-12-25 09:50 5246976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
    + 2011-04-29 03:50 . 2011-04-29 03:50 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
    + 2011-07-07 11:18 . 2011-07-07 11:18 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
    + 2011-07-07 11:18 . 2011-07-07 11:18 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    + 2011-12-25 17:07 . 2011-12-25 17:07 2064384 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
    + 2011-12-25 17:06 . 2011-12-25 17:06 1269760 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
    - 2007-04-14 03:35 . 2007-04-14 03:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
    + 2011-12-25 17:06 . 2011-12-25 17:06 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
    + 2011-12-25 04:54 . 2011-12-25 04:54 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
    - 2007-04-14 02:57 . 2007-04-14 02:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
    + 2011-12-25 04:53 . 2011-12-25 04:53 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
    - 2007-04-14 02:50 . 2007-04-14 02:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
    + 2011-12-25 17:06 . 2011-12-25 17:06 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
    + 2006-06-17 10:36 . 2011-07-13 00:04 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
    - 2006-06-17 10:36 . 2007-01-02 22:40 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
    + 2006-06-17 10:36 . 2011-07-05 21:45 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
    - 2006-06-17 10:36 . 2007-12-17 11:59 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
    + 2006-06-17 10:36 . 2011-07-05 21:46 2408448 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
    + 2006-06-17 10:36 . 2011-07-13 00:05 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
    - 2006-06-17 10:36 . 2007-01-02 22:21 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
    + 2011-05-02 06:06 . 2011-05-02 06:06 2705920 c:\windows\Installer\2a32345.msp
    + 2009-11-09 06:25 . 2009-11-09 06:25 1935360 c:\windows\Installer\283efca.msp
    + 2011-12-26 15:59 . 2011-12-26 15:59 4368896 c:\windows\Installer\283efaf.msp
    + 2010-04-12 04:17 . 2010-04-12 04:17 2607104 c:\windows\Installer\283ef95.msp
    + 2010-04-12 04:17 . 2010-04-12 04:17 4210688 c:\windows\Installer\283ef94.msp
    + 2012-01-20 04:27 . 2009-07-03 17:09 1208832 c:\windows\ie8updates\KB2618444-IE8\urlmon.dll
    + 2012-01-20 04:27 . 2009-07-19 13:18 5937152 c:\windows\ie8updates\KB2618444-IE8\mshtml.dll
    + 2012-01-20 04:27 . 2009-07-03 17:09 1985536 c:\windows\ie8updates\KB2618444-IE8\iertutil.dll
    + 2008-10-15 10:29 . 2011-10-25 13:33 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
    + 2008-10-15 10:29 . 2011-10-25 12:52 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
    + 2008-10-15 10:29 . 2011-10-25 12:52 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
    + 2008-10-15 10:29 . 2011-10-25 13:37 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
    + 2012-01-20 04:29 . 2012-01-20 04:29 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_b7c3a088\System.dll
    + 2012-01-20 04:30 . 2012-01-20 04:30 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_a48fc1af\System.dll
    + 2012-01-20 04:30 . 2012-01-20 04:30 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_77f51477\System.Xml.dll
    + 2012-01-20 04:29 . 2012-01-20 04:29 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_1d34a9e4\System.Xml.dll
    + 2012-01-20 04:29 . 2012-01-20 04:29 3035136 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_f2820eb0\System.Windows.Forms.dll
    + 2012-01-20 04:30 . 2012-01-20 04:30 7917568 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_6dca7e06\System.Windows.Forms.dll
    + 2012-01-20 04:30 . 2012-01-20 04:30 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_ef491a37\System.Drawing.dll
    + 2012-01-20 04:30 . 2012-01-20 04:30 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_ed9cf86e\System.Design.dll
    + 2012-01-20 04:30 . 2012-01-20 04:30 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_70933dff\System.Design.dll
    + 2012-01-20 04:30 . 2012-01-20 04:30 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e0d4e501\mscorlib.dll
    + 2012-01-20 04:30 . 2012-01-20 04:30 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_0c0ba2cb\mscorlib.dll
    + 2012-01-20 04:08 . 2012-01-20 04:08 1855488 c:\windows\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_319514f6\System.dll
    + 2012-01-20 04:08 . 2012-01-20 04:08 2027520 c:\windows\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_f4712f6a\System.Xml.dll
    + 2012-01-20 04:08 . 2012-01-20 04:08 2953216 c:\windows\assembly\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_88366fc9\System.Windows.Forms.dll
    + 2012-01-20 04:08 . 2012-01-20 04:08 1454080 c:\windows\assembly\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_9ca7e77e\System.Design.dll
    + 2012-01-20 04:08 . 2012-01-20 04:08 3301376 c:\windows\assembly\NativeImages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_59d0e211\mscorlib.dll
    + 2012-01-20 12:24 . 2012-01-20 12:24 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll
    + 2012-01-20 12:30 . 2012-01-20 12:30 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\55d4813580b1e5d268ff0564942cee9c\UIAutomationClientsideProviders.ni.dll
    + 2012-01-20 04:50 . 2012-01-20 04:50 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB0F.tmp\ReachFramework.dll
    + 2012-01-20 12:23 . 2012-01-20 12:23 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
    + 2012-01-20 12:30 . 2012-01-20 12:30 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
    + 2012-01-20 12:49 . 2012-01-20 12:49 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\05c29118462056cf810df0b6aa660d05\System.WorkflowServices.ni.dll
    + 2012-01-20 12:49 . 2012-01-20 12:49 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\26b3258c559dc0ab6bdce481ffd458b3\System.Workflow.Runtime.ni.dll
    + 2012-01-20 12:49 . 2012-01-20 12:49 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\1642d1b72cd84caf24cbe7c5e8fd8368\System.Workflow.ComponentModel.ni.dll
    + 2012-01-20 12:48 . 2012-01-20 12:49 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\32ce12c3c2049f2df94c44c94b052e16\System.Workflow.Activities.ni.dll
    + 2012-01-20 12:48 . 2012-01-20 12:48 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f63ae1310e004777e880f28377bcddd2\System.Web.Services.ni.dll
    + 2012-01-20 12:48 . 2012-01-20 12:48 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\c99b02434e71ca9898bebbc08d63e885\System.Web.Mobile.ni.dll
    + 2012-01-20 12:48 . 2012-01-20 12:48 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c8f78b9e94857fdf6c2a378dd1629ee0\System.Web.Extensions.ni.dll
    + 2012-01-20 12:29 . 2012-01-20 12:29 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\10d7daa3d1e62a0e40587cdc707be93f\System.Speech.ni.dll
    + 2012-01-20 12:48 . 2012-01-20 12:48 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ae749b024162e9ac79110c633b5ce6be\System.ServiceModel.Web.ni.dll
    + 2012-01-20 12:45 . 2012-01-20 12:45 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\afd6134c090faf8c29cd64d4835142b2\System.Runtime.Serialization.ni.dll
    + 2012-01-20 12:29 . 2012-01-20 12:29 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\0f8e14bfdb27645fb1a92ce26f9bf521\System.Printing.ni.dll
    + 2012-01-20 12:45 . 2012-01-20 12:45 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\23eb4618c9d171be9fb551a13a475a32\System.IdentityModel.ni.dll
    + 2012-01-20 12:27 . 2012-01-20 12:27 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
    + 2012-01-20 12:47 . 2012-01-20 12:47 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\91cd88a803768151c6262853d3454ba7\System.DirectoryServices.ni.dll
    + 2012-01-20 12:47 . 2012-01-20 12:47 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\cc5ac99e8af2738e85cda5525fdd944f\System.Deployment.ni.dll
    + 2012-01-20 12:27 . 2012-01-20 12:27 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll
    + 2012-01-20 12:46 . 2012-01-20 12:46 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ef748704f543a8791e23387652d34dfb\System.Data.SqlXml.ni.dll
    + 2012-01-20 12:47 . 2012-01-20 12:47 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\f35064c125799df650c1a959d8fa450b\System.Data.Services.ni.dll
    + 2012-01-20 12:27 . 2012-01-20 12:27 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\d96a94076acb8e0c5a96a1b2de4b3a7a\System.Data.Linq.ni.dll
    + 2012-01-20 12:47 . 2012-01-20 12:47 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\a3ce22c2a84fdcb008d72d230ee0b2c0\System.Data.Entity.ni.dll
    + 2012-01-20 12:27 . 2012-01-20 12:27 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\d507b9e0e50e453793ee5e01c07a5485\System.Core.ni.dll
    + 2012-01-20 12:27 . 2012-01-20 12:27 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\714e9504255565bd9076fe13628e104a\ReachFramework.ni.dll
    + 2012-01-20 12:27 . 2012-01-20 12:27 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\7dc6ee14234b0686182ced75f7dae990\PresentationUI.ni.dll
    + 2012-01-20 12:24 . 2012-01-20 12:24 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b42ad515bb20ec1f1250c040371c6730\PresentationBuildTasks.ni.dll
    + 2012-01-20 12:46 . 2012-01-20 12:46 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a86c12788293105a0d9fda1bc90c90bc\Microsoft.VisualBasic.ni.dll
    + 2012-01-20 12:46 . 2012-01-20 12:46 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\ce1ecd602ca089eb13a9b428dc7f0449\Microsoft.Transactions.Bridge.ni.dll
    + 2012-01-20 12:48 . 2012-01-20 12:48 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\8ad32b72258899177c07dc5912b5b748\Microsoft.JScript.ni.dll
    + 2012-01-20 12:46 . 2012-01-20 12:46 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\50e7c5eb58c982dba7b21cd10a69b095\Microsoft.Build.Tasks.ni.dll
    + 2012-01-20 12:46 . 2012-01-20 12:46 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\415cef6abab5bb959f200f6c537bc289\Microsoft.Build.Tasks.v3.5.ni.dll
    + 2012-01-20 12:46 . 2012-01-20 12:46 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\eea7bcc8d356e3f2dcb4f36dfc1c6bc0\Microsoft.Build.Engine.ni.dll
    + 2012-01-20 04:26 . 2012-01-20 04:26 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    - 2009-08-31 08:17 . 2009-08-31 08:17 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
    + 2012-01-20 04:31 . 2012-01-20 04:31 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
    + 2012-01-20 04:14 . 2012-01-20 04:14 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2012-01-20 04:26 . 2012-01-20 04:26 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    - 2009-08-31 08:15 . 2009-08-31 08:15 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    - 2009-08-31 08:11 . 2009-08-31 08:11 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
    + 2012-01-20 04:26 . 2012-01-20 04:26 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
    + 2012-01-20 04:51 . 2012-01-20 04:51 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    - 2008-01-14 04:09 . 2008-01-14 04:09 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
    + 2012-01-20 04:29 . 2012-01-20 04:29 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
    + 2012-01-20 04:29 . 2012-01-20 04:29 2064384 c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2012-01-20 04:29 . 2012-01-20 04:29 1269760 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
    + 2012-01-20 04:08 . 2012-01-20 04:08 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
    - 2008-11-02 19:34 . 2008-11-02 19:34 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
    - 2006-06-17 10:24 . 2009-07-14 04:43 10841088 c:\windows\system32\wmp.dll
    + 2006-06-17 10:24 . 2010-08-26 05:36 10841088 c:\windows\system32\wmp.dll
    + 2012-01-20 04:33 . 2012-01-04 23:15 52128560 c:\windows\system32\MRT.exe
    + 2009-03-08 09:39 . 2011-11-04 19:20 11081728 c:\windows\system32\ieframe.dll
    + 2006-06-17 10:24 . 2010-08-26 05:36 10841088 c:\windows\system32\dllcache\wmp.dll
    - 2006-06-17 10:24 . 2009-07-14 04:43 10841088 c:\windows\system32\dllcache\wmp.dll
    + 2009-07-19 23:48 . 2011-11-04 19:20 11081728 c:\windows\system32\dllcache\ieframe.dll
    + 2011-12-26 23:02 . 2011-12-26 23:02 12482048 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2656353\M2656353Uninstall.msp
    + 2011-03-28 09:27 . 2011-03-28 09:27 15456256 c:\windows\Installer\2a3234e.msp
    + 2011-07-12 02:43 . 2011-07-12 02:43 11641344 c:\windows\Installer\2a3233d.msp
    + 2011-12-26 15:02 . 2011-12-26 15:02 19677184 c:\windows\Installer\283eff3.msp
    + 2010-03-31 07:23 . 2010-03-31 07:23 15638528 c:\windows\Installer\283efd7.msp
    + 2010-04-12 04:17 . 2010-04-12 04:17 14599680 c:\windows\Installer\283efa4.msp
    + 2012-01-20 04:27 . 2009-07-19 23:48 11067392 c:\windows\ie8updates\KB2618444-IE8\ieframe.dll
    + 2012-01-20 12:30 . 2012-01-20 12:30 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
    + 2012-01-20 12:48 . 2012-01-20 12:48 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll
    + 2012-01-20 12:46 . 2012-01-20 12:46 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\2dac4fc006596760cd4988d0bfd52ff0\System.ServiceModel.ni.dll
    + 2012-01-20 12:27 . 2012-01-20 12:27 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\9e15d80ffb037e9171fa4bd2e0233497\System.Design.ni.dll
    + 2012-01-20 12:26 . 2012-01-20 12:26 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\054488924fcc579cce9fa0209dafe28b\PresentationFramework.ni.dll
    + 2012-01-20 12:25 . 2012-01-20 12:25 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll
    + 2012-01-20 12:23 . 2012-01-20 12:23 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
    + 2012-01-20 04:45 . 2012-01-20 04:45 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\44ecf972f11f3c238782da31f27df7e5\mscorlib.ni.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Power2GoExpress"="NA" [X]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-12-27 413696]
    "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-05-24 573440]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-10 169984]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1318816]
    "Dell AIO Printer A940"="c:\program files\Dell AIO Printer A940\dlbabmgr.exe" [2003-06-25 294998]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
    .
    c:\documents and settings\Owner.MCNABB_LAPTOP\Start Menu\Programs\Startup\
    Greetings Workshop Reminders.lnk - c:\program files\Greetings Workshop\GWREMIND.EXE [1997-9-3 50688]
    Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-9-27 385024]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    BigFix.lnk - c:\program files\BigFix\bigfix.exe [2008-1-10 2168360]
    WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2057536]
    WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    .
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [5/9/2010 9:41 AM 89792]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/3/2008 8:40 PM 95200]
    R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [5/9/2010 9:40 AM 214904]
    R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [5/9/2010 9:40 AM 214904]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [5/9/2010 9:41 AM 160608]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [5/9/2010 9:41 AM 150856]
    R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [1/21/2010 4:24 PM 110592]
    R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 8:58 AM 20480]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [5/9/2010 9:41 AM 57600]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [5/9/2010 9:41 AM 338176]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [5/9/2010 9:41 AM 83856]
    S1 718c51b0;718c51b0;c:\windows\system32\drivers\718c51b0.sys [9/18/2009 9:36 PM 0]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [5/9/2010 9:41 AM 83856]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [5/9/2010 9:41 AM 87656]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [9/1/2010 11:46 AM 11520]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - EHRECVR
    *Deregistered* - mfeavfk01
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-18 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
    .
    2008-01-27 c:\windows\Tasks\ISP signup reminder 3.job
    - c:\windows\system32\OOBE\oobebaln.exe [2006-06-17 00:12]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6959
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 99.198.16.40 99.198.16.41
    FF - ProfilePath - c:\documents and settings\Owner.MCNABB_LAPTOP\Application Data\Mozilla\Firefox\Profiles\e17k6qfe.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
    FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=62133&p=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: XULRunner: {AE18A4F2-F9A0-4337-A80D-FAB9D902C46B} - c:\documents and settings\Owner.MCNABB_LAPTOP\Local Settings\Application Data\{AE18A4F2-F9A0-4337-A80D-FAB9D902C46B}
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files\McAfee\SiteAdvisor
    FF - Ext: Move Media Player: [email protected] - c:\documents and settings\Owner.MCNABB_LAPTOP\Application Data\Move Networks
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: InboxDollars: {771f3037-9885-4423-b50f-a5ede4854e26} - %profile%\extensions\{771f3037-9885-4423-b50f-a5ede4854e26}
    FF - user.js: yahoo.homepage.dontask - true
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-01-20 07:59
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(5260)
    c:\windows\system32\WININET.dll
    c:\progra~1\mcafee\SITEAD~1\saHook.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\IEFRAME.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\windows\system32\LEXBCES.EXE
    c:\windows\system32\LEXPPS.EXE
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
    c:\windows\system32\dllhost.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\eHome\ehmsas.exe
    c:\windows\stsystra.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    c:\program files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
    c:\program files\Dell AIO Printer A940\dlbabmon.exe
    c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Common Files\Java\Java Update\jucheck.exe
    .
    **************************************************************************
    .
    Completion time: 2012-01-20 08:08:11 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-01-20 14:08
    ComboFix2.txt 2012-01-19 16:40
    .
    Pre-Run: 61,704,888,320 bytes free
    Post-Run: 61,761,794,048 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 0A0DBC160A0FE4940F3E03FBB8A089D4
    Upload was successful
     
  12. pokeycows

    pokeycows Thread Starter

    Joined:
    Dec 30, 2007
    Messages:
    49
    I am sorry for the duplicate post. I posted, then the site went to another page like it hadn't posted...so I posted again. Sorry.
     
  13. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,897
  14. pokeycows

    pokeycows Thread Starter

    Joined:
    Dec 30, 2007
    Messages:
    49
    Hi dvk01,

    I ran tdss killer from the site listed. It did not find anything. I rebooted my machine and enabled my virus scans...and ran tdss killer again. It did not find anything.
     
  15. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,897
    are you still having any problems
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1036194