1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Slow and unusual. HJT log +

Discussion in 'Virus & Other Malware Removal' started by srjr, Nov 8, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. srjr

    srjr Thread Starter

    Joined:
    Nov 8, 2011
    Messages:
    15
    Hi, startup time is roughly the same but programs used to load instantly when clicked. Now it takes quite awhile for them to load. I have used the Startup tab in msconfig in the past. I have also used the usual utilities (disk cleanup, defrag, mbam, etc) and it has not made much of a difference. When the computer is powered on or rebooted and My documents is first opened, it freezes the whole computer for 10-45 seconds on some days. Many of the programs in Add/Remove Programs do not have a Remove option. Firefox also remains running in the background when closed sometimes, and I get the "Firefox is already running..." error and I have to end the process before being able to open it again. Any help is appreciated, thanks!

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:18:36 PM, on 11/8/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Razer\Copperhead\razerhid.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\ASUS\AI Gear\GearHelp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Razer\Copperhead\razerofa.exe
    C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
    O4 - HKCU\..\Run: [Ai Gear Help] C:\Program Files\ASUS\AI Gear\GearHelp.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
    O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    --
    End of file - 7388 bytes

    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
    Run by Administrator at 14:32:09 on 2011-11-08
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1218 [GMT -8:00]
    .
    AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    FW: COMODO Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Razer\Copperhead\razerhid.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\ASUS\AI Gear\GearHelp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Razer\Copperhead\razerofa.exe
    C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.ca/
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
    uRun: [Ai Gear Help] c:\program files\asus\ai gear\GearHelp.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
    mRun: [razer] c:\program files\razer\copperhead\razerhid.exe
    mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
    mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
    mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    TCP: DhcpNameServer = 64.59.144.16 64.59.144.17 64.59.150.132
    TCP: Interfaces\{12F9E9BB-5AEC-44B5-8AD9-D0E901EBB14C} : DhcpNameServer = 64.59.144.16 64.59.144.17 64.59.150.132
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\windows defender\MpShHook.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\gxsqwayw.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: browser.cache.memory.capacity - 16000
    FF - user.js: browser.chrome.favicons - fales
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: content.max.tokenizing.time - 3000000
    FF - user.js: content.maxtextrun - 4095
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 1000000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 1000000
    FF - user.js: dom.disable_window_status_change - true
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 16
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 8
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.firstrequest - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 1000
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-4-3 64512]
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-6-23 130936]
    R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2010-6-1 18056]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-6-4 492768]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-6-1 31704]
    R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/05/14 13:56:35];c:\program files\cyberlink\powerdvd9\000.fcl [2009-2-28 87536]
    R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-7-11 328536]
    R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-6-1 1883328]
    R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2010-5-26 100712]
    R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-6-3 27632]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-3-31 2152152]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-6-3 13224]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-3-31 15232]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [2007-1-14 19020]
    S3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\RegFilter.sys [2011-10-10 30368]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsauxs.exe --> c:\program files\spyware doctor\pctsAuxs.exe [?]
    S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctssvc.exe --> c:\program files\spyware doctor\pctsSvc.exe [?]
    S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\UrlFilter.sys [2011-10-10 16080]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-3 14336]
    S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2008-1-7 158720]
    S4 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2008-1-7 5248]
    S4 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\FileMonitor.sys [2011-10-10 239600]
    S4 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-10-10 820568]
    .
    =============== Created Last 30 ================
    .
    2011-11-05 19:23:57 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{0584772f-ae6b-417c-ac43-89618fe7f931}\offreg.dll
    2011-11-03 07:13:59 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{0584772f-ae6b-417c-ac43-89618fe7f931}\mpengine.dll
    2011-10-26 06:27:04 33984 ----a-w- c:\windows\system32\cmdcsr.dll
    2011-10-11 04:01:17 -------- d-----w- c:\documents and settings\all users\application data\IObit
    .
    ==================== Find3M ====================
    .
    2011-10-07 17:48:01 31704 -c--a-w- c:\windows\system32\drivers\cmdhlp.sys
    2011-10-07 17:48:00 492768 -c--a-w- c:\windows\system32\drivers\cmdGuard.sys
    2011-10-07 17:47:59 18056 -c--a-w- c:\windows\system32\drivers\cmderd.sys
    2011-10-07 17:47:10 300200 ----a-w- c:\windows\system32\guard32.dll
    2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-09-01 00:00:50 22216 -c--a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
    2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    2004-10-01 23:00:16 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
    .
    ============= FINISH: 14:34:53.06 ===============

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-11-08 17:55:10
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000076 ST3160811AS rev.3.AAE
    Running: vwud60xw.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kweirfow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xA9B7879A]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xA9B77D46]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xA9B78400]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xB7EB5514]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB7EA4282]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB7EA4474]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xA9B7AABC]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xA9B7AE3A]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xA9B77732]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xB7EB5D00]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xB7EB5FB8]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xA9B77538]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xA9B796C6]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xA9B7991C]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xA9B7A4EE]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xA9B7800E]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xA9B785DC]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xB7EB43FA]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xA9B77166]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xA9B782A8]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xA9B7736A]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xA9B79B2A]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xA9B79F7E]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryValueKey [0xA9B79D3C]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB7EB6422]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xA9B78DB6]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xA9B7A7DA]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xB7EB57D8]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xA9B77F78]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xA9B78194]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xB7EA3F32]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xA9B77936]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2CA0 8050453C 8 Bytes JMP EA4474B7
    .text ntkrnlpa.exe!ZwCallbackReturn + 2FE8 80504884 8 Bytes JMP B77936B7
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB55C03A0, 0x5CC259, 0xE8000020]
    init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xB518DA00]
    init C:\WINDOWS\System32\Drivers\sunkfilt.sys entry point in "init" section [0xB18C92E0]
    .text C:\Program Files\CyberLink\PowerDVD9\000.fcl section is writeable [0xA842B000, 0x2892, 0xE8000020]
    .vmp2 C:\Program Files\CyberLink\PowerDVD9\000.fcl entry point in ".vmp2" section [0xA844E050]
    ? C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[348] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 009FD060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[348] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [0F, 84]
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[348] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 00A0BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[348] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 00A0B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[348] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00A07DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[348] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 009FD180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[348] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A04F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[348] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A05AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[348] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00A03A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[348] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00A04370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[348] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00A08BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[348] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00A08970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[348] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00A09CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[348] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00A09BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerhid.exe[364] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerhid.exe[364] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\Program Files\Razer\Copperhead\razerhid.exe[364] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerhid.exe[364] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerhid.exe[364] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerhid.exe[364] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerhid.exe[364] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerhid.exe[364] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerhid.exe[364] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerhid.exe[364] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerhid.exe[364] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerhid.exe[364] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerhid.exe[364] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerhid.exe[364] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[372] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 00BDD060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[372] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [2D, 84]
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[372] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 00BEBB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[372] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 00BEB800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[372] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00BE7DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[372] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00BDD180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[372] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BE4F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[372] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BE5AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[372] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00BE3A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[372] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00BE4370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[372] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00BE8BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[372] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00BE8970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[372] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00BE9CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[372] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00BE9BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[388] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0076BD10 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\RUNDLL32.EXE[416] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\RUNDLL32.EXE[416] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\RUNDLL32.EXE[416] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\RUNDLL32.EXE[416] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\RUNDLL32.EXE[416] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\RUNDLL32.EXE[416] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\RUNDLL32.EXE[416] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\RUNDLL32.EXE[416] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\RUNDLL32.EXE[416] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\RUNDLL32.EXE[416] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\RUNDLL32.EXE[416] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\RUNDLL32.EXE[416] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\RUNDLL32.EXE[416] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\RUNDLL32.EXE[416] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ASUS\AI Gear\GearHelp.exe[464] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ASUS\AI Gear\GearHelp.exe[464] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\Program Files\ASUS\AI Gear\GearHelp.exe[464] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ASUS\AI Gear\GearHelp.exe[464] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ASUS\AI Gear\GearHelp.exe[464] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ASUS\AI Gear\GearHelp.exe[464] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ASUS\AI Gear\GearHelp.exe[464] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ASUS\AI Gear\GearHelp.exe[464] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ASUS\AI Gear\GearHelp.exe[464] ADVAPI32.DLL!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ASUS\AI Gear\GearHelp.exe[464] ADVAPI32.DLL!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ASUS\AI Gear\GearHelp.exe[464] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ASUS\AI Gear\GearHelp.exe[464] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ASUS\AI Gear\GearHelp.exe[464] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ASUS\AI Gear\GearHelp.exe[464] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[532] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[532] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\ctfmon.exe[532] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[532] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[532] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[532] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[532] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[532] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[532] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[532] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[532] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[532] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[532] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[532] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\csrss.exe[828] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 10001450 C:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\csrss.exe[828] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 100017F0 C:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[900] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[900] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\services.exe[900] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[900] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[900] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[900] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[900] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[900] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[900] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[900] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[900] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F040 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[900] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[900] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[900] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[900] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[912] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[912] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\lsass.exe[912] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[912] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[912] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[912] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[912] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[912] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[912] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[912] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[912] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[912] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[912] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[912] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[1072] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[1072] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\nvsvc32.exe[1072] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[1072] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[1072] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[1072] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[1072] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[1072] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[1072] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[1072] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[1072] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[1072] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[1072] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[1072] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[1112] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 0125D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[1112] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [95, 84]
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[1112] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 0126BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[1112] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 0126B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[1112] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01267DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[1112] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0125D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[1112] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01264F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[1112] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01265AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[1112] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 01263A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[1112] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 01264370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[1112] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 01268BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[1112] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 01268970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[1112] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 01269CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[1112] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 01269BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1156] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F040 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1156] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1156] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1156] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1156] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1208] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F040 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1208] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1208] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1208] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1208] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1208] rpcss.dll!WhichService 76A84234 8 Bytes JMP ED301001
    .text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[1264] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[1264] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[1264] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[1264] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[1264] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[1264] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[1264] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[1264] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[1264] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[1264] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[1264] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[1264] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[1264] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[1264] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1288] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1288] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1288] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1288] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1288] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1288] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1288] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1288] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1288] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1288] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1288] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1288] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1288] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1288] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1304] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00526240 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1304] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0053F8A0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1320] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1320] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1320] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1320] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1320] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1320] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1320] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1320] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1320] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1320] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1320] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1320] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1320] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1320] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1340] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F040 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1340] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1340] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1340] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1340] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Defender\MsMpEng.exe[1364] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Defender\MsMpEng.exe[1364] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\Program Files\Windows Defender\MsMpEng.exe[1364] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Defender\MsMpEng.exe[1364] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Defender\MsMpEng.exe[1364] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Defender\MsMpEng.exe[1364] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Defender\MsMpEng.exe[1364] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Defender\MsMpEng.exe[1364] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Defender\MsMpEng.exe[1364] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Defender\MsMpEng.exe[1364] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Defender\MsMpEng.exe[1364] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Defender\MsMpEng.exe[1364] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Defender\MsMpEng.exe[1364] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Defender\MsMpEng.exe[1364] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1436] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1436] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1436] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1436] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1436] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1436] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1436] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1436] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1436] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1436] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1436] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1436] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1436] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1436] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1444] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1444] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1444] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1444] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1444] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1444] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1444] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1444] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1444] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1444] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1444] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1444] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1444] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1444] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1508] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1508] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1508] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1508] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1508] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1508] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1508] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1508] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1508] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1508] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1508] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1508] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1508] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1508] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1888] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1888] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\spoolsv.exe[1888] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1888] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1888] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1888] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1888] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1888] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1888] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1888] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1888] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1888] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1888] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1888] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1940] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1940] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\WINDOWS\Explorer.EXE[1940] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1940] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1940] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1940] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1940] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1940] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1940] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1940] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1940] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1940] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1940] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1940] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2084] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2084] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\svchost.exe[2084] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2084] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2084] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2084] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2084] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2084] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2084] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2084] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2084] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2084] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2084] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2084] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Administrator\Desktop\vwud60xw.exe[2272] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Administrator\Desktop\vwud60xw.exe[2272] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\Documents and Settings\Administrator\Desktop\vwud60xw.exe[2272] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Administrator\Desktop\vwud60xw.exe[2272] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Administrator\Desktop\vwud60xw.exe[2272] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Administrator\Desktop\vwud60xw.exe[2272] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Administrator\Desktop\vwud60xw.exe[2272] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Administrator\Desktop\vwud60xw.exe[2272] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Administrator\Desktop\vwud60xw.exe[2272] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Administrator\Desktop\vwud60xw.exe[2272] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Administrator\Desktop\vwud60xw.exe[2272] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Administrator\Desktop\vwud60xw.exe[2272] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Administrator\Desktop\vwud60xw.exe[2272] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Administrator\Desktop\vwud60xw.exe[2272] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2308] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2308] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\wuauclt.exe[2308] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2308] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2308] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2308] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2308] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2308] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2308] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2308] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2308] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2308] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2308] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2308] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2680] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 00EAD060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2680] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [5A, 84]
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2680] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 00EBBB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2680] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 00EBB800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2680] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00EB7DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2680] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00EAD180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2680] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EB4F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2680] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EB5AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2680] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00EB3A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2680] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00EB4370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2680] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00EB8BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2680] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00EB8970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2680] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00EB9CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2680] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00EB9BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2680] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 1069E349 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2680] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 1069E2DB C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2680] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 104589A7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2680] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10458F65 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002AD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002AD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002ADC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002ADA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002AD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002A3D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002AD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002ACE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002A380 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002ACA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002ACC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002AD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 1002A690 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002A420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002AC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002ABC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002A960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002AC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002AC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002A9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002AC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002A9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002AA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002A9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002ABA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002AA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002AAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002ABE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002AB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002AB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002AB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002AA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002AA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002AAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002AB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002AA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002AAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002AB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002A980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002AC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerofa.exe[3252] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerofa.exe[3252] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\Program Files\Razer\Copperhead\razerofa.exe[3252] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerofa.exe[3252] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerofa.exe[3252] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerofa.exe[3252] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerofa.exe[3252] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerofa.exe[3252] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerofa.exe[3252] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerofa.exe[3252] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerofa.exe[3252] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerofa.exe[3252] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerofa.exe[3252] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerofa.exe[3252] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3392] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3392] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\WINDOWS\System32\alg.exe[3392] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3392] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3392] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3392] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3392] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3392] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3392] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3392] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS (InCD File System Recognizer/Nero AG)
    AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] 0xF5 0xD7 0x21 0x4B ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0xF5 0xD7 0x21 0x4B ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0xF5 0xD7 0x21 0x4B ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] 0xF5 0xD7 0x21 0x4B ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\1[email protected] 0
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet024\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet024\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet024\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet024\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet024\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet024\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet024\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet024\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet024\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet027\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet027\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet027\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet027\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet027\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet027\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet027\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet027\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet027\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet030\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet030\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet030\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet030\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet030\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet030\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet030\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet030\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet030\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet032\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet032\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet032\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet032\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet032\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet032\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet032\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet032\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet032\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 15
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] yes
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 90
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]_DLLs 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]_DLLs C:\WINDOWS\system32\guard32.dll

    ---- Files - GMER 1.0.15 ----

    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\51167523-63206e54.info 280 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\BF179D23-8264-4E77-8892-4CCDBD0ECED6.data 607260 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\BF179D23-8264-4E77-8892-4CCDBD0ECED6.data.info 210 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp 0 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\_avast_ 0 bytes

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  2. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,197
    Hiya and welcome to Tech Support Guy :)

    Firstly, can you go to AddRemove Programs via the Control Panel and uninstall these:

    Advanced SystemCare 4
    IObit Malware Fighter


    Reboot, then update MBAM and run a full scan, and post the results.

    Also, can you run this tool as well:

    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply.
    • Click Close to exit the program.

    Please include the MBAM log and, SUPERAntiSpyware Scan Log and a fresh HijackThis log in your next reply

    eddie
     
  3. srjr

    srjr Thread Starter

    Joined:
    Nov 8, 2011
    Messages:
    15
    thanks in advance for the help, Eddie.

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8178

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    11/16/2011 2:06:52 PM
    mbam-log-2011-11-16 (14-06-52).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 269803
    Time elapsed: 46 minute(s), 17 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/16/2011 at 03:41 PM

    Application Version : 5.0.1136

    Core Rules Database Version : 7950
    Trace Rules Database Version: 5762

    Scan type : Complete Scan
    Total Scan Time : 01:30:23

    Operating System Information
    Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
    Administrator

    Memory items scanned : 429
    Memory threats detected : 0
    Registry items scanned : 46068
    Registry threats detected : 0
    File items scanned : 122542
    File threats detected : 0

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:45:12 PM, on 11/16/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Razer\Copperhead\razerhid.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\ASUS\AI Gear\GearHelp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Razer\Copperhead\razerofa.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
    O4 - HKCU\..\Run: [Ai Gear Help] C:\Program Files\ASUS\AI Gear\GearHelp.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
    O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    --
    End of file - 7379 bytes
     
  4. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,197
    Thanks :)

    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

    eddie
     
  5. srjr

    srjr Thread Starter

    Joined:
    Nov 8, 2011
    Messages:
    15
    Hey Eddie, OTL produces OTL.txt, but Extras.txt doesn't show up. I tried running the scan a few times. Here's OTL.txt for now.

    OTL logfile created on: 11/18/2011 5:54:34 PM - Run 4
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 67.25% Memory free
    3.35 Gb Paging File | 2.81 Gb Available in Paging File | 83.88% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.04 Gb Total Space | 70.57 Gb Free Space | 47.35% Space Free | Partition Type: NTFS

    Computer Name: COMPUTER-52280B | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
    PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
    PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
    PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
    PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
    PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
    PRC - C:\Program Files\ASUS\AI Gear\GearHelp.exe ()
    PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
    PRC - C:\Program Files\Razer\Copperhead\razerhid.exe ()
    PRC - C:\Program Files\Razer\Copperhead\razerofa.exe (Razer Inc.)
    PRC - C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)


    ========== Modules (No Company Name) ==========

    MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll ()
    MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll ()
    MOD - C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav ()
    MOD - C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll ()
    MOD - C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll ()
    MOD - C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll ()
    MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw ()
    MOD - C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll ()
    MOD - C:\Program Files\WinRAR\RarExt.dll ()
    MOD - C:\Program Files\ASUS\AI Gear\GearHelp.exe ()
    MOD - C:\Program Files\Razer\Copperhead\razerhid.exe ()
    MOD - C:\Program Files\Razer\Copperhead\download.dll ()
    MOD - C:\WINDOWS\system32\LXPRMON.DLL ()
    MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\lxbyPP5C.DLL ()


    ========== Win32 Services (SafeList) ==========

    SRV - (sdCoreService) -- File not found
    SRV - (sdAuxService) -- File not found
    SRV - (HidServ) -- File not found
    SRV - (ForcewareWebInterface) -- File not found
    SRV - (aswUpdSv) -- File not found
    SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
    SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
    SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
    SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
    SRV - (ServiceLayer) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe (Nokia.)
    SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
    SRV - (InCDsrv) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
    SRV - (lxcc_device) -- C:\WINDOWS\System32\lxcccoms.exe (Lexmark International, Inc.)
    SRV - (lxby_device) -- C:\WINDOWS\System32\lxbycoms.exe (Lexmark International, Inc.)


    ========== Driver Services (SafeList) ==========

    DRV - (Inspect) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)
    DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)
    DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)
    DRV - (cmderd) -- C:\WINDOWS\system32\drivers\cmderd.sys (COMODO)
    DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
    DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
    DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
    DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
    DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
    DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
    DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
    DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Program Files\CyberLink\PowerDVD9\000.fcl (CyberLink Corp.)
    DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
    DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
    DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
    DRV - (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s125mgmt.sys (MCCI Corporation)
    DRV - (s125obex) -- C:\WINDOWS\system32\drivers\s125obex.sys (MCCI Corporation)
    DRV - (s125mdm) -- C:\WINDOWS\system32\drivers\s125mdm.sys (MCCI Corporation)
    DRV - (s125mdfl) -- C:\WINDOWS\system32\drivers\s125mdfl.sys (MCCI Corporation)
    DRV - (s125bus) Sony Ericsson Device 125 driver (WDM) -- C:\WINDOWS\system32\drivers\s125bus.sys (MCCI Corporation)
    DRV - (s616unic) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM) -- C:\WINDOWS\system32\drivers\s616unic.sys (MCCI Corporation)
    DRV - (s616obex) -- C:\WINDOWS\system32\drivers\s616obex.sys (MCCI Corporation)
    DRV - (s616nd5) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS) -- C:\WINDOWS\system32\drivers\s616nd5.sys (MCCI Corporation)
    DRV - (s616mgmt) Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s616mgmt.sys (MCCI Corporation)
    DRV - (s616mdm) -- C:\WINDOWS\system32\drivers\s616mdm.sys (MCCI Corporation)
    DRV - (s616mdfl) -- C:\WINDOWS\system32\drivers\s616mdfl.sys (MCCI Corporation)
    DRV - (s616bus) Sony Ericsson Device 616 driver (WDM) -- C:\WINDOWS\system32\drivers\s616bus.sys (MCCI Corporation)
    DRV - (AmdLLD) -- C:\WINDOWS\system32\drivers\AmdLLD.sys (AMD, Inc.)
    DRV - (incdrm) -- C:\WINDOWS\System32\drivers\InCDrm.sys (Nero AG)
    DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
    DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
    DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
    DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
    DRV - (Nokia USB Phone Parent) -- C:\WINDOWS\system32\drivers\nmwcd.sys (Nokia)
    DRV - (Nokia USB Port) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys (Nokia)
    DRV - (Nokia USB Modem) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys (Nokia)
    DRV - (Nokia USB Generic) -- C:\WINDOWS\system32\drivers\nmwcdc.sys (Nokia)
    DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
    DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()
    DRV - (SunkFilt) -- C:\WINDOWS\system32\drivers\Sunkfilt.sys (Alcor Micro Corp.)
    DRV - (Razerlow) -- C:\WINDOWS\system32\drivers\Razerlow.sys (Razer (Asia-Pacific) Pte Ltd)
    DRV - (InCDfs) -- C:\WINDOWS\System32\drivers\InCDfs.sys (Nero AG)
    DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDpass.sys (Nero AG)
    DRV - (a347bus) -- C:\WINDOWS\system32\drivers\a347bus.sys ( )
    DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
    DRV - (a347scsi) -- C:\WINDOWS\System32\Drivers\a347scsi.sys ( )


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-343818398-220523388-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    IE - HKU\S-1-5-21-343818398-220523388-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-343818398-220523388-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
    FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
    FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2768: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2826: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1578: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010/12/20 20:52:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010/12/20 20:52:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/08 20:29:30 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/22 14:46:47 | 000,000,000 | ---D | M]

    [2009/10/06 13:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
    [2009/10/06 13:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\[email protected]
    [2011/03/23 12:43:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gxsqwayw.default\extensions
    [2010/04/26 16:51:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gxsqwayw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/11/08 20:29:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/11/08 20:29:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2010/05/25 08:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
    [2011/08/29 12:44:46 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/11/08 20:29:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2010/09/01 11:01:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
    O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-343818398-220523388-839522115-500\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
    O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
    O4 - HKLM..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe ()
    O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
    O4 - HKU\S-1-5-21-343818398-220523388-839522115-500..\Run: [Ai Gear Help] C:\Program Files\ASUS\AI Gear\GearHelp.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-343818398-220523388-839522115-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-343818398-220523388-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-343818398-220523388-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O7 - HKU\S-1-5-21-343818398-220523388-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-343818398-220523388-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe (Reg Error: Value error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.144.16 64.59.144.17 64.59.150.132
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12F9E9BB-5AEC-44B5-8AD9-D0E901EBB14C}: DhcpNameServer = 64.59.144.16 64.59.144.17 64.59.150.132
    O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/01/14 06:48:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (lsdelete)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/11/18 16:47:04 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2011/11/16 12:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
    [2011/11/16 12:22:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    [2011/11/16 12:22:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2011/11/16 12:22:28 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2011/11/15 21:13:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\d3d9andOpenGL3.7
    [2011/11/14 02:18:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wondershare
    [2011/11/14 02:17:53 | 000,000,000 | ---D | C] -- C:\Program Files\Wondershare
    [2011/11/14 02:09:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\The Little App Factory, LLC
    [2011/11/14 02:08:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
    [2011/11/14 02:07:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iRip
    [2011/11/14 02:07:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\iRip
    [2011/11/14 02:04:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\__MACOSX
    [2011/11/08 14:05:45 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.com
    [2011/10/25 22:27:04 | 000,033,984 | ---- | C] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
    [2008/01/07 14:44:32 | 000,158,720 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys
    [2008/01/07 14:44:32 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys

    ========== Files - Modified Within 30 Days ==========

    [2011/11/18 17:34:16 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2011/11/18 17:31:27 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2011/11/18 17:31:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/11/18 17:31:05 | 2145,898,496 | -HS- | M] () -- C:\hiberfil.sys
    [2011/11/18 17:29:21 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2011/11/18 16:47:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2011/11/16 15:45:02 | 000,002,467 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
    [2011/11/16 12:27:21 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
    [2011/11/16 12:27:21 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
    [2011/11/16 12:22:31 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/11/15 12:55:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/11/14 16:07:15 | 000,058,368 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/11/14 09:41:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/11/14 02:18:03 | 000,000,868 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Wondershare iTransfer.lnk
    [2011/11/10 15:52:17 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/11/09 08:58:53 | 000,441,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/11/09 08:58:53 | 000,071,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/11/08 14:06:34 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\vwud60xw.exe
    [2011/11/08 14:05:55 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.com
    [2011/10/31 07:53:45 | 003,470,592 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/10/30 17:14:57 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
    [2011/10/22 14:46:47 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2011/10/21 00:07:07 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat

    ========== Files Created - No Company Name ==========

    [2011/11/16 12:22:31 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/11/14 02:18:03 | 000,000,868 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Wondershare iTransfer.lnk
    [2011/11/14 02:04:10 | 020,971,520 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\iPod Access v4.4.1.dmg
    [2011/11/08 14:06:34 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\vwud60xw.exe
    [2011/10/31 02:06:40 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2011/10/22 14:46:47 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2011/05/24 13:19:10 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
    [2010/12/29 15:03:17 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2010/12/29 15:03:14 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2010/12/29 15:03:14 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2010/12/16 02:18:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/08/29 16:26:20 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/08/29 16:26:20 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/08/29 16:26:20 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/08/29 16:26:20 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/08/29 16:26:20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/08/24 21:07:45 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
    [2010/06/02 22:57:52 | 000,000,324 | ---- | C] () -- C:\WINDOWS\game.ini
    [2010/02/01 00:01:40 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
    [2009/12/25 10:59:12 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
    [2009/11/13 21:14:33 | 000,117,425 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
    [2009/10/26 22:20:29 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
    [2009/10/26 22:20:29 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
    [2009/10/26 11:18:08 | 000,030,196 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2009/09/27 15:12:21 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
    [2009/09/08 13:38:44 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
    [2009/09/08 12:21:00 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
    [2009/08/11 00:17:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2009/03/09 15:56:53 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxccvs.dll
    [2008/10/09 10:03:43 | 000,000,043 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2008/08/17 10:44:31 | 000,000,434 | ---- | C] () -- C:\WINDOWS\Operation.ini
    [2008/08/17 10:37:57 | 000,000,273 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
    [2008/08/04 17:30:22 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
    [2008/05/24 19:41:33 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2008/03/16 16:52:14 | 000,000,474 | ---- | C] () -- C:\WINDOWS\eReg.dat
    [2008/02/13 12:06:35 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
    [2007/11/23 02:42:27 | 000,020,992 | ---- | C] () -- C:\WINDOWS\bw-uninstall.exe
    [2007/11/17 19:35:04 | 000,009,537 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\NMM-MetaData.db
    [2007/08/18 20:34:50 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
    [2007/06/06 10:25:17 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
    [2007/06/06 10:25:17 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
    [2007/06/06 10:22:59 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbyvs.dll
    [2007/04/19 15:14:31 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
    [2007/04/16 20:31:32 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
    [2007/02/28 20:59:35 | 000,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
    [2007/02/11 12:53:47 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2007/01/27 15:03:14 | 000,058,368 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/01/14 07:37:11 | 000,000,387 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
    [2007/01/14 07:32:09 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
    [2007/01/14 07:27:09 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
    [2007/01/14 07:27:09 | 000,005,685 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
    [2007/01/14 07:19:48 | 000,000,396 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
    [2007/01/14 07:19:47 | 000,000,804 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
    [2007/01/14 07:19:19 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
    [2007/01/14 07:19:13 | 000,024,978 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
    [2007/01/14 07:19:05 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
    [2007/01/14 07:10:41 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2007/01/14 07:10:39 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2007/01/14 06:50:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2007/01/14 06:46:19 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2007/01/13 22:41:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2007/01/13 22:40:44 | 003,470,592 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2005/12/07 12:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
    [2004/08/03 23:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/08/02 12:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2001/08/23 04:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2001/08/23 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2001/08/23 04:00:00 | 000,441,552 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2001/08/23 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2001/08/23 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2001/08/23 04:00:00 | 000,071,488 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2001/08/23 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2001/08/23 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2001/08/23 04:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2001/08/23 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

    ========== LOP Check ==========

    [2009/10/18 13:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Auslogics
    [2011/11/14 17:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Azureus
    [2008/06/30 17:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Datalayer
    [2010/05/30 13:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HorizonWimba
    [2008/11/09 12:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn
    [2011/10/10 21:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IObit
    [2010/12/20 20:52:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Local
    [2007/11/17 19:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia
    [2008/04/20 12:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia Multimedia Player
    [2007/11/17 19:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite
    [2007/10/25 08:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Teleca
    [2010/08/24 19:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
    [2010/08/19 15:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinPatrol
    [2011/07/12 08:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2007/07/29 14:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
    [2010/05/30 16:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
    [2007/11/17 19:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
    [2010/08/24 19:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
    [2011/10/10 20:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
    [2008/06/10 18:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar2
    [2007/11/17 19:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
    [2011/02/22 12:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
    [2011/11/17 20:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/08/24 19:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2011/02/04 13:53:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2011/04/03 12:21:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{6A395471-4AA3-4072-AE1B-9B69A97AD164}
    [2009/10/25 02:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2011/11/18 17:31:27 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
    [2011/11/18 17:34:16 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F69BB936
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:76650B61
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

    < End of report >
     
  6. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,197
    That's okay, we can run a different program for that :)

    P2P Warning!

    • IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

      Azureus

      Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
      Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

      I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

      Please read these short reports on the dangers of peer-2-peer programs and file sharing.

      I would recommend that you uninstall the above, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

      If you decide to keep the program in spite of the risks involved, do not use it until I have finished cleaning your computer and have given you the all clear.

    ----------------------------
    Now that's out of the way, lets get started :)


    ===========

    Please download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Now, go here and download the latest Java Version.


    -------------

    • Download random's system information tool (RSIT) by random/random from here.
    • It is important that is saved to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


    eddie
     
  7. srjr

    srjr Thread Starter

    Joined:
    Nov 8, 2011
    Messages:
    15
    Hi Eddie. I have tried to remove Azureus in the past, but it is one of the programs in Add/Remove Programs that does not have a remove/uninstall option. RSIT again only produced 1 log (log.txt)

    Logfile of random's system information tool 1.09 (written by random/random)
    Run by Administrator at 2011-11-21 14:19:42
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 72 GB (47%) free of 153 GB
    Total RAM: 2046 MB (59% free)

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:19:47 PM, on 11/21/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Razer\Copperhead\razerhid.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\ASUS\AI Gear\GearHelp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Razer\Copperhead\razerofa.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Administrator\Desktop\RSIT.exe
    C:\Program Files\trend micro\Administrator.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
    O4 - HKCU\..\Run: [Ai Gear Help] C:\Program Files\ASUS\AI Gear\GearHelp.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
    O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    --
    End of file - 7640 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\MP Scheduled Scan.job

    =========Mozilla firefox=========

    ProfilePath - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gxsqwayw.default

    prefs.js - "browser.startup.homepage" - "http://www.google.ca/"
    prefs.js - "extensions.enabledItems" - "{6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900, {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900, {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, [email protected]:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.18"

    "{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    "{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
    "{6904342A-8307-11DF-A508-4AE2DFD72085}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
    "[email protected]"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
    "Description"=Adobe® Flash® Player 10.1 Plugin
    "Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
    "Description"=iTunes Detector Plug-in
    "Path"=

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
    "Description"=
    "Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
    "Description"=DivX Plus Web Player
    "Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0]
    "Description"=DivX® Content Upload Plugin
    "Path"=

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0]
    "Description"=DivX OVS Helper Plug-in
    "Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0]
    "Description"=DivX® Player Plugin for VOD Content
    "Path"=C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
    "Description"=Oracle® Next Generation Java™ Plug-In
    "Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
    "Description"=Ag Player Plugin
    "Path"=c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3]
    "Description"=Office Live Update v1.3
    "Path"=C:\Program Files\Microsoft\Office Live\npOLW.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416]
    "Description"=WLPG Install MIME type
    "Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
    "Description"=Windows Presentation Foundation plug-in for Mozilla browsers
    "Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2768]
    "Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
    "Path"=C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2826]
    "Description"=RealJukebox Netscape Plugin
    "Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1578]
    "Description"=6.0.12.1578
    "Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
    "Description"=
    "Path"=

    [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
    "Description"=Handles PDFs in-place in Firefox
    "Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

    C:\Program Files\Mozilla Firefox\extensions\
    {972ce4c6-7e08-4474-a285-3208198ce6fd}
    {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

    C:\Program Files\Mozilla Firefox\components\
    binary.manifest
    browsercomps.dll
    nsIQTScriptablePlugin.xpt

    C:\Program Files\Mozilla Firefox\plugins\
    npdeployJava1.dll
    nppdf32.dll
    npqtplugin.dll
    npqtplugin2.dll
    npqtplugin3.dll
    npqtplugin4.dll
    npqtplugin5.dll
    npqtplugin6.dll
    npqtplugin7.dll
    npwachk.dll
    QuickTimePlugin.class
    REN5B.tmp

    C:\Program Files\Mozilla Firefox\searchplugins\
    amazondotcom.xml
    answers.xml
    bing.xml
    creativecommons.xml
    eBay.xml
    google.xml
    twitter.xml
    wikipedia.xml
    yahoo.xml

    C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gxsqwayw.default\extensions\
    {20a82645-c095-46ed-80e3-08825760534b}

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
    DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2010-12-08 3123072]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}]
    DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2010-12-08 3123072]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}]
    WOT Helper - C:\Program Files\WOT\WOT.dll [2009-04-15 1290912]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-21 42272]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-11-21 79648]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {71576546-354D-41c9-AAE8-31F2EC22BF0D} - WOT - C:\Program Files\WOT\WOT.dll [2009-04-15 1290912]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-04-30 843776]
    "amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2006-11-17 77824]
    "razer"=C:\Program Files\Razer\Copperhead\razerhid.exe [2005-09-06 155648]
    "type32"=C:\Program Files\Microsoft IntelliType Pro\type32.exe [2004-06-03 172032]
    "WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2010-05-31 323976]
    "COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2011-10-20 2497352]
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-10-16 110696]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-10-16 13851752]
    "nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-08-26 1753192]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Ai Gear Help"=C:\Program Files\ASUS\AI Gear\GearHelp.exe [2006-07-27 415744]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2011-08-15 1191216]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-29 937920]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-07 37296]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
    C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\combofix]
    C:\ComboFix\CF11869.cfxxe /c C:\ComboFix\C.bat []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    C:\Program Files\DAEMON Tools\daemon.exe [2007-08-16 167368]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
    C:\Program Files\Lexmark P910 Series\ezprint.exe [2004-09-17 61440]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
    C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2005-01-19 299008]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2010-03-12 49208]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    C:\Program Files\Ahead\InCD\InCD.exe [2006-07-12 1397760]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe [2011-01-25 421160]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
    C:\Program Files\lg_fwupdate\fwupdate.exe [2007-04-10 249856]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbymon.exe]
    C:\Program Files\Lexmark P910 Series\lxbymon.exe [2005-01-18 196608]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe]
    C:\Program Files\Lexmark 3300 Series\lxccmon.exe [2005-02-21 192512]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2011-08-31 1047208]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe [2010-11-29 421888]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2004-11-02 32768]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ResChanger 2005]
    C:\Program Files\ResChanger 2005\ResChanger2005.exe [2005-05-26 885248]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre6\bin\jusched.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe [2005-10-27 139264]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
    C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-05-27 185896]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\PowerReg Scheduler.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    C:\PROGRA~1\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
    C:\PROGRA~1\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04 551296]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\Windows Defender\MpShHook.dll [2006-11-03 83224]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2011-07-18 113024]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoResolveSearch"=1
    "HonorAutoRunSetting"=1
    "NoDriveAutoRun"=67108863
    "NoDriveTypeAutoRun"=323
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
    "C:\UnrealTournament\System\UnrealTournament.exe"="C:\UnrealTournament\System\UnrealTournament.exe:*:Enabled:UnrealTournament"
    "C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
    "C:\WINDOWS\system32\lxcccoms.exe"="C:\WINDOWS\system32\lxcccoms.exe:*:Enabled:3300 Series Server"
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxccPSWX.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxccPSWX.EXE:*:Enabled:3300 Series Printer Status"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
    "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
    "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Sony Ericsson\Update Service\Update Service.exe"="C:\Program Files\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
    "midimapper"=midimap.dll
    "msacm.imaadpcm"=imaadp32.acm
    "msacm.msadpcm"=msadp32.acm
    "msacm.msg711"=msg711.acm
    "msacm.msgsm610"=msgsm32.acm
    "msacm.trspch"=tssoft32.acm
    "vidc.cvid"=iccvid.dll
    "vidc.I420"=msh263.drv
    "vidc.iv31"=ir32_32.dll
    "vidc.iv32"=ir32_32.dll
    "vidc.iv41"=ir41_32.ax
    "vidc.iyuv"=iyuv_32.dll
    "vidc.mrle"=msrle32.dll
    "vidc.msvc"=msvidc32.dll
    "vidc.uyvy"=msyuv.dll
    "vidc.yuy2"=msyuv.dll
    "vidc.yvu9"=tsbyuv.dll
    "vidc.yvyu"=msyuv.dll
    "wavemapper"=msacm32.drv
    "msacm.msg723"=msg723.acm
    "vidc.M263"=msh263.drv
    "vidc.M261"=msh261.drv
    "msacm.msaudio1"=msaud32.acm
    "msacm.sl_anet"=sl_anet.acm
    "msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
    "vidc.iv50"=ir50_32.dll
    "msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
    "wave"=wdmaud.drv
    "midi"=wdmaud.drv
    "mixer"=wdmaud.drv
    "aux"=wdmaud.drv
    "msacm.siren"=sirenacm.dll
    "vidc.VP60"=vp6vfw.dll
    "vidc.VP61"=vp6vfw.dll
    "vidc.VP62"=vp6vfw.dll
    "VIDC.MPG4"=mpg4c32.dll
    "VIDC.MP42"=mpg4c32.dll
    "msacm.vorbis"=vorbis.acm
    "vidc.LEAD"=LCODCCMP.DLL
    "vidc.DIVX"=DivX.dll
    "vidc.yv12"=DivX.dll
    "wave1"=wdmaud.drv
    "midi1"=wdmaud.drv
    "mixer1"=wdmaud.drv
    "wave2"=wdmaud.drv
    "midi2"=wdmaud.drv
    "mixer2"=wdmaud.drv
    "wave3"=wdmaud.drv
    "midi3"=wdmaud.drv
    "mixer3"=wdmaud.drv
    "wave4"=wdmaud.drv
    "midi4"=wdmaud.drv
    "mixer4"=wdmaud.drv

    ======List of files/folders created in the last 1 month======

    2011-11-21 14:11:29 ----A---- C:\WINDOWS\system32\javaws.exe
    2011-11-21 14:11:28 ----A---- C:\WINDOWS\system32\javaw.exe
    2011-11-21 14:11:28 ----A---- C:\WINDOWS\system32\java.exe
    2011-11-16 12:23:05 ----D---- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
    2011-11-16 12:22:28 ----D---- C:\Program Files\SUPERAntiSpyware
    2011-11-16 12:22:28 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2011-11-14 02:17:53 ----D---- C:\Program Files\Wondershare
    2011-11-11 02:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2641690$
    2011-11-10 15:52:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893-v2$
    2011-10-31 02:16:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2564958$
    2011-10-31 02:10:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2567053$
    2011-10-31 02:10:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2592799$
    2011-10-31 02:06:40 ----A---- C:\WINDOWS\imsins.BAK
    2011-10-25 22:27:04 ----A---- C:\WINDOWS\system32\cmdcsr.dll

    ======List of files/folders modified in the last 1 month======

    2011-11-21 14:19:45 ----D---- C:\Program Files\Trend Micro
    2011-11-21 14:19:44 ----D---- C:\WINDOWS\Temp
    2011-11-21 14:11:51 ----SHD---- C:\WINDOWS\Installer
    2011-11-21 14:11:51 ----D---- C:\Config.Msi
    2011-11-21 14:11:50 ----D---- C:\Program Files\Common Files\Java
    2011-11-21 14:11:30 ----D---- C:\WINDOWS\Prefetch
    2011-11-21 14:11:29 ----D---- C:\WINDOWS\system32
    2011-11-21 14:11:12 ----AC---- C:\WINDOWS\system32\deployJava1.dll
    2011-11-21 14:07:45 ----D---- C:\Program Files\Java
    2011-11-21 13:54:12 ----SD---- C:\WINDOWS\Tasks
    2011-11-21 13:52:50 ----D---- C:\WINDOWS\system32\CatRoot2
    2011-11-21 02:55:28 ----A---- C:\WINDOWS\SchedLgU.Txt
    2011-11-18 17:29:21 ----AC---- C:\WINDOWS\NeroDigital.ini
    2011-11-17 20:07:58 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
    2011-11-17 19:40:52 ----D---- C:\UnrealTournament
    2011-11-16 14:08:01 ----D---- C:\WINDOWS\system32\drivers
    2011-11-16 12:22:28 ----RD---- C:\Program Files
    2011-11-14 17:55:04 ----D---- C:\Documents and Settings\Administrator\Application Data\Azureus
    2011-11-14 02:08:18 ----HD---- C:\WINDOWS\inf
    2011-11-14 02:08:18 ----D---- C:\WINDOWS
    2011-11-14 02:07:32 ----D---- C:\Program Files\The Little App Factory
    2011-11-11 02:01:00 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2011-11-11 01:43:43 ----HD---- C:\WINDOWS\$hf_mig$
    2011-11-10 15:46:13 ----AC---- C:\WINDOWS\system32\MRT.exe
    2011-11-09 08:58:53 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
    2011-11-09 08:54:25 ----D---- C:\Program Files\Mozilla Firefox
    2011-11-01 12:10:33 ----D---- C:\WINDOWS\Microsoft.NET
    2011-11-01 11:59:30 ----RSD---- C:\WINDOWS\assembly
    2011-10-31 07:51:39 ----D---- C:\Program Files\Microsoft Silverlight
    2011-10-31 02:14:52 ----D---- C:\WINDOWS\WinSxS
    2011-10-31 02:11:00 ----D---- C:\WINDOWS\Debug
    2011-10-31 02:06:16 ----D---- C:\Program Files\Internet Explorer
    2011-10-31 02:05:59 ----D---- C:\WINDOWS\ie8updates
    2011-10-22 14:17:07 ----HDC---- C:\WINDOWS\$NtUninstallKB971029$

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2011-10-07 97760]
    R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2011-03-31 64512]
    R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2006-05-01 100736]
    R0 PCTCore;PCTools KDS; C:\WINDOWS\system32\drivers\PCTCore.sys [2009-04-03 130936]
    R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-03-30 44944]
    R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-05-10 36864]
    R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2005-12-21 5685]
    R1 cmderd;COMODO Internet Security Eradication Driver; C:\WINDOWS\System32\DRIVERS\cmderd.sys [2011-10-07 18056]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2011-10-07 492768]
    R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2011-10-07 31704]
    R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]
    R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2006-07-12 28672]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
    R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
    R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
    R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-06 33052]
    R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
    R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/05/14 13:56:35]; \??\C:\Program Files\CyberLink\PowerDVD9\000.fcl []
    R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-05-02 229376]
    R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-04-26 93824]
    R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2006-11-01 33280]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
    R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-10-16 9623680]
    R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-05-16 52736]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda32.sys [2010-09-07 100712]
    R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-05-16 18944]
    R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2010-06-03 27632]
    R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
    R3 SunkFilt;Alcor Micro Corp Reader; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
    R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-08 99584]
    S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
    S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2010-06-03 13224]
    S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2010-06-03 25512]
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys []
    S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
    S3 Nokia USB Generic;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2006-03-24 8704]
    S3 Nokia USB Modem;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2006-03-24 13312]
    S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2006-03-24 127488]
    S3 Nokia USB Port;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2006-03-24 13312]
    S3 Razerlow;Razer Copperhead Driver; C:\WINDOWS\System32\Drivers\Razerlow.sys [2005-08-12 19020]
    S3 s125bus;Sony Ericsson Device 125 driver (WDM); C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 83336]
    S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 15112]
    S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 108680]
    S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 100488]
    S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 98696]
    S3 s616bus;Sony Ericsson Device 616 driver (WDM); C:\WINDOWS\system32\DRIVERS\s616bus.sys [2007-04-03 83208]
    S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s616mdfl.sys [2007-04-03 15112]
    S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s616mdm.sys [2007-04-03 108680]
    S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s616mgmt.sys [2007-04-03 100360]
    S3 s616nd5;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS); C:\WINDOWS\system32\DRIVERS\s616nd5.sys [2007-04-03 23176]
    S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s616obex.sys [2007-04-03 98568]
    S3 s616unic;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM); C:\WINDOWS\system32\DRIVERS\s616unic.sys [2007-04-03 99080]
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-12-14 41984]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 a347bus;a347bus; C:\WINDOWS\system32\DRIVERS\a347bus.sys [2004-08-23 158720]
    S4 a347scsi;a347scsi; C:\WINDOWS\System32\Drivers\a347scsi.sys [2004-04-30 5248]
    S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2007-08-20 685816]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-01-05 37664]
    R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-10-07 345376]
    R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2011-10-07 1883328]
    R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-08 871424]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-11-21 153376]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]
    R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-10-16 156776]
    R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
    R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe []
    S2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -k runservice []
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
    S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-01-25 820008]
    S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe []
    S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe []
    S3 ServiceLayer;ServiceLayer; C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [2006-04-12 176640]
    S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    S4 lxby_device;lxby_device; C:\WINDOWS\system32\lxbycoms.exe [2005-01-06 462848]
    S4 lxcc_device;lxcc_device; C:\WINDOWS\system32\lxcccoms.exe [2005-02-25 466944]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

    -----------------EOF-----------------
     
  8. srjr

    srjr Thread Starter

    Joined:
    Nov 8, 2011
    Messages:
    15
    I also forgot to mention that I get the blue screen of death sometimes. I apologize in advance if you needed to know earlier.
     
  9. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,197
    For the Extra's log, as it's just my luck I needed either from either program, can you look in the same place where OTL is run from (looks like the desktop) and see if its there. Have a feeling its not, as its the desktop.

    Can you try this with OTL, and if no joy, we'll just work with what we have for now, and sort it out later :)

    Open OTL, and under the section Extra Registry, put this to Use SafeList and run it again.

    If still no joy, like I said, we'll try something later.

    As for the blue screens, can you possibly tell me what they say, and when it happens (as in what program is being used, etc).


    Looking at the logs now :)
     
  10. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,197
    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
      Code:
      :OTL
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: File not found
      FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe (Reg Error: Value error.)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Value error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
      [2011/10/10 21:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IObit
      [2011/10/10 20:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
      [2010/08/24 19:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
      @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F69BB936
      @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
      @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:76650B61
      @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
      :Files
      ipconfig /flushdns /c 
      :Commands 
      [purity] 
      [resethosts] 
      [emptytemp] 
      [EMPTYFLASH] 
      [CREATERESTOREPOINT] 
      [Reboot]
    • Then click the Run Fix button at the top
    • Click OK.
    • OTL may ask to reboot the machine. Please do so if asked.
    • The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply
     
  11. srjr

    srjr Thread Starter

    Joined:
    Nov 8, 2011
    Messages:
    15
    OTL still only produced the one log. As for the blue screen, the last time it happened was 2 days ago. I was watching sports highlights online and the video got choppy for a second and was fine. It then got choppy again for a few seconds but this time it looped twice and the blue screen popped up for about 2 seconds and the machine restarted automatically. Usually i take a picture of the blue screen with my phone on other machines, but this one doesn't give me a chance. Here is the other OTL log:

    All processes killed
    ========== OTL ==========
    Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
    Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Starting removal of ActiveX control {41F17733-B041-4099-A042-B518BB6A408C}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{41F17733-B041-4099-A042-B518BB6A408C}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{41F17733-B041-4099-A042-B518BB6A408C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41F17733-B041-4099-A042-B518BB6A408C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{41F17733-B041-4099-A042-B518BB6A408C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41F17733-B041-4099-A042-B518BB6A408C}\ not found.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    C:\Documents and Settings\Administrator\Application Data\IObit\SmartRAM folder moved successfully.
    C:\Documents and Settings\Administrator\Application Data\IObit\IObit Uninstaller folder moved successfully.
    C:\Documents and Settings\Administrator\Application Data\IObit\IObit Malware Fighter folder moved successfully.
    C:\Documents and Settings\Administrator\Application Data\IObit\InternetBooster folder moved successfully.
    C:\Documents and Settings\Administrator\Application Data\IObit\FirefoxTCP folder moved successfully.
    C:\Documents and Settings\Administrator\Application Data\IObit\Advanced SystemCare V4\Toolbox folder moved successfully.
    C:\Documents and Settings\Administrator\Application Data\IObit\Advanced SystemCare V4\SmartRAM folder moved successfully.
    C:\Documents and Settings\Administrator\Application Data\IObit\Advanced SystemCare V4\Smart RAM folder moved successfully.
    C:\Documents and Settings\Administrator\Application Data\IObit\Advanced SystemCare V4\PMonitor folder moved successfully.
    C:\Documents and Settings\Administrator\Application Data\IObit\Advanced SystemCare V4\Log folder moved successfully.
    C:\Documents and Settings\Administrator\Application Data\IObit\Advanced SystemCare V4\EmptyFolder folder moved successfully.
    C:\Documents and Settings\Administrator\Application Data\IObit\Advanced SystemCare V4\Backup folder moved successfully.
    C:\Documents and Settings\Administrator\Application Data\IObit\Advanced SystemCare V4 folder moved successfully.
    C:\Documents and Settings\Administrator\Application Data\IObit\Advanced SystemCare\Backup\Registry folder moved successfully.
    C:\Documents and Settings\Administrator\Application Data\IObit\Advanced SystemCare\Backup folder moved successfully.
    C:\Documents and Settings\Administrator\Application Data\IObit\Advanced SystemCare folder moved successfully.
    C:\Documents and Settings\Administrator\Application Data\IObit folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IObit\Game Booster\Opt folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IObit\Game Booster\Essentials folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IObit\Game Booster\BackLnk folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IObit\Game Booster folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\IObit folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:F69BB936 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:76650B61 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Could not flush the DNS Resolver Cache: Function failed during execution.
    C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 76596356 bytes
    ->Temporary Internet Files folder emptied: 6663645 bytes
    ->Java cache emptied: 89183 bytes
    ->FireFox cache emptied: 42602449 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 470 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 41620 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33234 bytes

    User: NetworkService
    ->Temp folder emptied: 377362 bytes
    ->Temporary Internet Files folder emptied: 33033 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 7137097 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 53144348 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 1577936 bytes

    Total Files Cleaned = 180.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point (0)

    OTL by OldTimer - Version 3.2.31.0 log created on 11222011_140547

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  12. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,197
    We'll remove the entries for Azureus in a bit :)

    BSOD's are usually created by hardware fault, mostly the ram. However, if its just viewing clips online, it may be down to the things running behind the scenes, so lets try and clear all the malware out and the remaining files it can leave behind, then we'll look at the blue screens :)


    --

    Can you delete any copies of ComboFix that you have, and download and run a fresh one as follows:

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      • Remember to re-enable the protection again afterwards before connecting to the Internet.
    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


    ========

    Also, lets see an uninstall list:

    Open HijackThis, click Config, click Misc Tools
    Click "Open Uninstall Manager"
    Click "Save List" (generates uninstall_list.txt)
    Click Save, copy and paste the results in your next post.


    eddie
     
  13. srjr

    srjr Thread Starter

    Joined:
    Nov 8, 2011
    Messages:
    15
    Ok Eddie, sounds good! Here are the logs:

    ComboFix 11-11-23.03 - Administrator 11/24/2011 3:57.8.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1288 [GMT -8:00]
    Running from: c:\documents and settings\Administrator\Desktop\username123.exe
    AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator\Application Data\Local
    c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\0.ddi
    c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\1.ddi
    c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\300.4391041.avi&b=121.ddr
    c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\fmujnxvkmruo.avi.ddr
    c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\settings.ddi
    c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\300.4391041.avi&b=121.ddp
    c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\fmujnxvkmruo.avi
    c:\documents and settings\Administrator\WINDOWS
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\Application Data\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
    c:\windows\CSC\d6
    c:\windows\iun6002.exe
    c:\windows\system32\CddbCdda.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-24 to 2011-11-24 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-23 20:13 . 2011-11-23 20:13 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{4752F6FE-840C-4A0A-BE22-6E15AA6DBB0B}\offreg.dll
    2011-11-22 22:05 . 2011-11-22 22:05 -------- d-----w- C:\_OTL
    2011-11-18 21:04 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{4752F6FE-840C-4A0A-BE22-6E15AA6DBB0B}\mpengine.dll
    2011-11-16 20:23 . 2011-11-16 20:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
    2011-11-16 20:22 . 2011-11-16 20:22 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-11-16 20:22 . 2011-11-16 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2011-11-14 10:17 . 2011-11-14 10:17 -------- d-----w- c:\program files\Wondershare
    2011-11-14 10:09 . 2011-11-14 10:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\The Little App Factory, LLC
    2011-11-14 10:08 . 2011-11-14 10:08 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
    2011-11-11 09:40 . 2011-11-11 09:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-26 06:27 . 2011-10-07 17:47 33984 ----a-w- c:\windows\system32\cmdcsr.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-21 22:11 . 2010-09-01 19:08 472808 -c--a-w- c:\windows\system32\deployJava1.dll
    2011-11-21 22:11 . 2007-11-06 04:21 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-10-10 14:22 . 2007-01-14 14:46 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-07 17:48 . 2010-06-02 02:00 97760 -c--a-w- c:\windows\system32\drivers\inspect.sys
    2011-10-07 17:48 . 2010-06-02 02:00 31704 -c--a-w- c:\windows\system32\drivers\cmdhlp.sys
    2011-10-07 17:48 . 2010-06-04 18:55 492768 -c--a-w- c:\windows\system32\drivers\cmdGuard.sys
    2011-10-07 17:47 . 2010-06-02 02:00 18056 -c--a-w- c:\windows\system32\drivers\cmderd.sys
    2011-10-07 17:47 . 2010-06-02 02:00 300200 ----a-w- c:\windows\system32\guard32.dll
    2011-10-07 03:48 . 2009-09-16 21:53 6668624 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2011-09-28 07:06 . 2004-08-04 06:56 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 18:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 18:41 . 2001-08-23 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 18:41 . 2001-08-23 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-06 13:20 . 2004-08-04 05:17 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-09-01 00:00 . 2009-10-01 02:54 22216 -c--a-w- c:\windows\system32\drivers\mbam.sys
    2004-10-01 23:00 . 2007-01-14 15:32 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
    2011-11-09 04:29 . 2011-03-23 21:39 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( [email protected]_00.39.41 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-04-19 05:51 . 2011-04-19 05:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll
    + 2011-01-11 17:59 . 2011-01-11 17:59 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_214ee422\vcomp90.dll
    + 2009-07-12 07:02 . 2009-07-12 07:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
    - 2009-07-12 08:02 . 2009-07-12 08:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
    + 2011-04-19 05:51 . 2011-04-19 05:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll
    + 2011-04-19 05:51 . 2011-04-19 05:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll
    + 2011-04-19 05:51 . 2011-04-19 05:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll
    + 2011-04-19 05:51 . 2011-04-19 05:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll
    + 2011-04-19 05:51 . 2011-04-19 05:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll
    + 2011-04-19 05:51 . 2011-04-19 05:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll
    + 2011-04-19 05:51 . 2011-04-19 05:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll
    + 2011-04-19 05:51 . 2011-04-19 05:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
    + 2011-04-19 05:51 . 2011-04-19 05:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll
    + 2011-04-19 05:51 . 2011-04-19 05:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll
    + 2011-04-19 05:51 . 2011-04-19 05:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll
    + 2011-01-11 17:59 . 2011-01-11 17:59 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90rus.dll
    + 2011-01-11 17:59 . 2011-01-11 17:59 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90kor.dll
    + 2011-01-11 17:59 . 2011-01-11 17:59 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90jpn.dll
    + 2011-01-11 17:59 . 2011-01-11 17:59 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90ita.dll
    + 2011-01-11 17:59 . 2011-01-11 17:59 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90fra.dll
    + 2011-01-11 17:59 . 2011-01-11 17:59 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90esp.dll
    + 2011-01-11 17:59 . 2011-01-11 17:59 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90esn.dll
    + 2011-01-11 17:59 . 2011-01-11 17:59 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90enu.dll
    + 2011-01-11 17:59 . 2011-01-11 17:59 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90deu.dll
    + 2011-01-11 17:59 . 2011-01-11 17:59 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90cht.dll
    + 2011-01-11 17:59 . 2011-01-11 17:59 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90chs.dll
    + 2009-07-12 07:02 . 2009-07-12 07:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
    - 2009-07-12 08:02 . 2009-07-12 08:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
    + 2009-07-12 07:02 . 2009-07-12 07:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
    - 2009-07-12 08:02 . 2009-07-12 08:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
    - 2009-07-12 08:02 . 2009-07-12 08:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
    + 2009-07-12 07:02 . 2009-07-12 07:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
    - 2009-07-12 08:02 . 2009-07-12 08:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
    + 2009-07-12 07:02 . 2009-07-12 07:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
    + 2009-07-12 07:02 . 2009-07-12 07:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
    - 2009-07-12 08:02 . 2009-07-12 08:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
    + 2009-07-12 07:02 . 2009-07-12 07:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
    - 2009-07-12 08:02 . 2009-07-12 08:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
    + 2009-07-12 07:02 . 2009-07-12 07:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
    - 2009-07-12 08:02 . 2009-07-12 08:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
    + 2009-07-12 07:02 . 2009-07-12 07:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
    - 2009-07-12 08:02 . 2009-07-12 08:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
    - 2009-07-12 08:02 . 2009-07-12 08:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
    + 2009-07-12 07:02 . 2009-07-12 07:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
    + 2009-07-12 07:02 . 2009-07-12 07:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
    - 2009-07-12 08:02 . 2009-07-12 08:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
    - 2009-07-12 08:02 . 2009-07-12 08:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
    + 2009-07-12 07:02 . 2009-07-12 07:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
    + 2011-04-19 05:51 . 2011-04-19 05:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll
    + 2011-04-19 05:51 . 2011-04-19 05:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll
    + 2011-01-11 17:59 . 2011-01-11 17:59 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfcm90u.dll
    + 2011-01-11 17:59 . 2011-01-11 17:59 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfcm90.dll
    + 2009-07-12 07:05 . 2009-07-12 07:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
    - 2009-07-12 08:05 . 2009-07-12 08:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
    - 2009-07-12 08:05 . 2009-07-12 08:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
    + 2009-07-12 07:05 . 2009-07-12 07:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
    + 2009-06-27 03:10 . 2009-06-27 03:10 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_a57b1f13\mfcm90u.dll
    + 2009-06-27 03:10 . 2009-06-27 03:10 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_a57b1f13\mfcm90.dll
    + 2011-05-14 03:17 . 2011-05-14 03:17 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920\vcomp.dll
    + 2011-05-14 02:45 . 2011-05-14 02:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll
    + 2011-05-14 02:45 . 2011-05-14 02:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll
    + 2011-05-14 02:45 . 2011-05-14 02:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll
    + 2011-05-14 02:45 . 2011-05-14 02:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll
    + 2011-05-14 02:45 . 2011-05-14 02:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll
    + 2011-05-14 02:45 . 2011-05-14 02:45 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
    + 2011-05-14 02:45 . 2011-05-14 02:45 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll
    + 2011-05-14 02:45 . 2011-05-14 02:45 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll
    + 2011-05-14 02:45 . 2011-05-14 02:45 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll
    + 2009-07-12 04:32 . 2009-07-12 04:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
    + 2009-07-12 04:32 . 2009-07-12 04:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
    + 2009-07-12 04:32 . 2009-07-12 04:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
    + 2009-07-12 04:32 . 2009-07-12 04:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
    + 2009-07-12 04:32 . 2009-07-12 04:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
    + 2009-07-12 04:32 . 2009-07-12 04:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
    + 2009-07-12 04:32 . 2009-07-12 04:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
    + 2009-07-12 04:32 . 2009-07-12 04:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
    + 2009-07-12 04:32 . 2009-07-12 04:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
    + 2011-05-14 08:06 . 2011-05-14 08:06 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll
    + 2011-05-14 08:23 . 2011-05-14 08:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll
    + 2009-07-12 09:07 . 2009-07-12 09:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
    + 2009-07-12 09:19 . 2009-07-12 09:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
    + 2011-05-14 01:37 . 2011-05-14 01:37 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll
    + 2011-11-23 20:13 . 2011-11-23 20:13 16384 c:\windows\Temp\Perflib_Perfdata_500.dat
    + 2009-10-09 21:56 . 2009-10-09 21:56 14848 c:\windows\system32\wsmprovhost.exe
    + 2009-10-09 21:56 . 2009-10-09 21:56 12288 c:\windows\system32\wsmplpxy.dll
    + 2009-10-09 21:56 . 2009-10-09 21:56 12288 c:\windows\system32\winrssrv.dll
    + 2009-10-09 21:56 . 2009-10-09 21:56 22528 c:\windows\system32\winrshost.exe
    + 2009-10-09 23:22 . 2009-10-09 23:22 69632 c:\windows\system32\winrs.exe
    + 2009-10-09 21:56 . 2009-10-09 21:56 25088 c:\windows\system32\winrmprov.dll
    + 2009-10-09 21:56 . 2009-10-09 21:56 24064 c:\windows\system32\WindowsPowerShell\v1.0\pwrshsip.dll
    + 2006-11-27 08:45 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe
    - 2006-11-27 08:45 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
    + 2004-08-04 06:56 . 2010-08-27 05:57 99840 c:\windows\system32\srvsvc.dll
    + 2004-08-04 06:56 . 2010-08-17 13:17 58880 c:\windows\system32\spoolsv.exe
    + 2010-06-04 01:52 . 2008-03-21 21:57 14640 c:\windows\system32\spmsgXP_2k3.dll
    - 2010-06-04 01:52 . 2008-03-21 20:57 14640 c:\windows\system32\spmsgXP_2k3.dll
    + 2011-02-04 21:49 . 2009-08-29 02:42 40448 c:\windows\system32\ReinstallBackups\0015\DriverFiles\usbaapl.sys
    + 2010-12-29 23:05 . 2010-09-07 20:09 26216 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nvhdap32.dll
    + 2010-12-29 23:05 . 2008-04-14 00:12 23552 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\wdmaud.drv
    + 2010-12-29 23:05 . 2008-04-13 19:45 49408 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\stream.sys
    + 2010-12-29 23:05 . 2008-04-13 19:45 60160 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\drmk.sys
    + 2010-12-29 23:04 . 2010-09-07 20:09 26216 c:\windows\system32\ReinstallBackups\0013\DriverFiles\nvhdap32.dll
    + 2010-12-29 23:04 . 2008-04-14 00:12 23552 c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\wdmaud.drv
    + 2010-12-29 23:04 . 2008-04-13 19:45 49408 c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\stream.sys
    + 2010-12-29 23:04 . 2008-04-13 19:45 60160 c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\drmk.sys
    + 2010-12-29 23:04 . 2010-09-07 20:09 26216 c:\windows\system32\ReinstallBackups\0012\DriverFiles\nvhdap32.dll
    + 2010-12-29 23:04 . 2008-04-14 00:12 23552 c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\wdmaud.drv
    + 2010-12-29 23:04 . 2008-04-13 19:45 49408 c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\stream.sys
    + 2010-12-29 23:04 . 2008-04-13 19:45 60160 c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\drmk.sys
    + 2010-12-29 23:04 . 2009-08-21 20:23 19456 c:\windows\system32\ReinstallBackups\0011\DriverFiles\nvhdap32.dll
    + 2010-12-29 23:04 . 2009-08-21 20:24 57248 c:\windows\system32\ReinstallBackups\0011\DriverFiles\nvhda32.sys
    + 2010-12-29 23:04 . 2008-04-14 00:12 23552 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\wdmaud.drv
    + 2010-12-29 23:04 . 2008-04-13 18:45 49408 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\stream.sys
    + 2010-12-29 23:04 . 2008-04-13 18:45 60160 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\drmk.sys
    + 2009-10-09 23:22 . 2009-10-09 23:22 42496 c:\windows\system32\pwrshplugin.dll
    + 2001-08-23 12:00 . 2011-11-09 16:58 71488 c:\windows\system32\perfc009.dat
    + 2010-12-29 23:02 . 2010-10-16 18:55 61440 c:\windows\system32\OpenCL.dll
    - 2009-09-28 01:20 . 2009-09-28 01:20 81920 c:\windows\system32\nvwddi.dll
    + 2010-10-16 20:04 . 2010-10-16 20:04 81920 c:\windows\system32\nvwddi.dll
    + 2010-05-27 07:44 . 2010-09-07 20:09 26216 c:\windows\system32\nvhdap32.dll
    + 2004-08-04 06:56 . 2011-08-22 23:48 66560 c:\windows\system32\mshtmled.dll
    - 2004-08-04 06:56 . 2009-03-08 11:31 66560 c:\windows\system32\mshtmled.dll
    - 2006-11-08 05:03 . 2010-06-24 12:21 55296 c:\windows\system32\msfeedsbs.dll
    + 2006-11-08 05:03 . 2011-08-22 23:48 55296 c:\windows\system32\msfeedsbs.dll
    + 2009-10-26 19:18 . 2011-06-20 05:49 30196 c:\windows\system32\mlfcache.dat
    - 2009-10-26 19:18 . 2009-10-26 19:18 30196 c:\windows\system32\mlfcache.dat
    + 2011-05-24 21:19 . 2011-04-18 10:23 16432 c:\windows\system32\lsdelete.exe
    + 2004-08-04 06:56 . 2011-08-22 23:48 43520 c:\windows\system32\licmgr10.dll
    - 2004-08-04 06:56 . 2010-06-24 12:21 25600 c:\windows\system32\jsproxy.dll
    + 2004-08-04 06:56 . 2011-08-22 23:48 25600 c:\windows\system32\jsproxy.dll
    + 2007-01-14 14:46 . 2010-11-18 18:12 81920 c:\windows\system32\isign32.dll
    - 2007-01-14 14:46 . 2008-04-14 00:11 81920 c:\windows\system32\isign32.dll
    + 2011-02-04 21:49 . 2010-12-15 02:51 41984 c:\windows\system32\DRVSTORE\usbaapl_A4C70B47551C2629A145AE032C4D1823570ADB7B\usbaapl.sys
    + 2011-02-04 21:49 . 2010-04-20 03:29 18432 c:\windows\system32\DRVSTORE\netaapl_8A27A03003759CB01567E831096473C330131D64\netaapl.sys
    + 2011-01-02 05:31 . 2007-06-18 22:18 23680 c:\windows\system32\DRVSTORE\motport_9A5A85088EA432AA30AB62E19BFD4CEC1FF62E6D\motport.sys
    + 2011-01-02 05:21 . 2007-11-02 22:41 22272 c:\windows\system32\DRVSTORE\motousbnet_F1F6B8D0B008E23D15C7FB6A13B8CAA12F1AA650\Motousbnet.sys
    + 2011-01-02 05:31 . 2007-10-11 00:41 42112 c:\windows\system32\DRVSTORE\motodrv_3F184E5829BCAF0569D41003B75A0ECD209143B9\motodrv.sys
    + 2011-01-02 05:31 . 2007-06-18 22:18 23680 c:\windows\system32\DRVSTORE\motmodem_77C6F3FBF2928E6DAC7B8A901D5589738CDDC62C\motmodem.sys
    + 2011-01-02 05:31 . 2007-11-02 22:36 18176 c:\windows\system32\DRVSTORE\motccgp_635EF2070D7E2D6CC6C1DFF95BA8C43191DD1F11\motccgp.sys
    + 2011-04-03 20:24 . 2011-04-01 07:22 64512 c:\windows\system32\DRVSTORE\lbd_69523D0F7F903BDB477CD80CFD35086362532B23\Lbd.sys
    + 2011-04-21 03:29 . 2011-04-21 03:29 25512 c:\windows\system32\DRVSTORE\ggsemc_662FCD02DE358D990BED9E80770DCDFAB166A2D8\x86\ggsemc.sys
    + 2011-04-21 03:29 . 2011-04-21 03:29 13224 c:\windows\system32\DRVSTORE\ggsemc_662FCD02DE358D990BED9E80770DCDFAB166A2D8\x86\ggflt.sys
    + 2008-03-22 20:00 . 2010-12-15 02:51 41984 c:\windows\system32\drivers\usbaapl.sys
    - 2004-08-03 23:08 . 2008-04-13 18:45 49408 c:\windows\system32\drivers\stream.sys
    + 2004-08-03 23:08 . 2008-04-13 19:45 49408 c:\windows\system32\drivers\stream.sys
    + 2001-08-23 12:00 . 2010-11-02 15:17 40960 c:\windows\system32\drivers\ndproxy.sys
    + 2001-08-23 12:00 . 2011-07-08 14:02 10496 c:\windows\system32\drivers\ndistapi.sys
    + 2011-01-02 05:31 . 2007-06-18 22:18 23680 c:\windows\system32\drivers\motmodem.sys
    + 2011-04-03 20:24 . 2011-04-01 07:22 64512 c:\windows\system32\drivers\Lbd.sys
    + 2007-01-14 15:25 . 2008-04-13 19:45 60160 c:\windows\system32\drivers\drmk.sys
    - 2007-01-14 15:25 . 2008-04-13 18:45 60160 c:\windows\system32\drivers\drmk.sys
    - 2010-03-10 19:29 . 2010-03-10 19:29 94208 c:\windows\system32\dpl100.dll
    + 2010-11-12 00:44 . 2010-11-12 00:44 94208 c:\windows\system32\dpl100.dll
    + 2010-10-07 20:23 . 2010-10-07 20:23 91424 c:\windows\system32\dnssd.dll
    + 2004-08-04 06:56 . 2009-04-20 17:17 45568 c:\windows\system32\dnsrslvr.dll
    - 2004-08-04 06:56 . 2008-04-14 00:11 45568 c:\windows\system32\dnsrslvr.dll
    - 2009-07-02 08:50 . 2010-06-24 12:22 12800 c:\windows\system32\dllcache\xpshims.dll
    + 2009-07-02 08:50 . 2011-08-22 23:48 12800 c:\windows\system32\dllcache\xpshims.dll
    + 2004-08-04 06:56 . 2008-04-14 00:12 68096 c:\windows\system32\dllcache\webclnt.dll
    + 2007-01-14 14:46 . 2010-10-11 14:59 45568 c:\windows\system32\dllcache\wab.exe
    - 2004-08-03 23:08 . 2008-04-13 18:45 49408 c:\windows\system32\dllcache\stream.sys
    + 2004-08-03 23:08 . 2008-04-13 19:45 49408 c:\windows\system32\dllcache\stream.sys
    + 2010-08-27 05:57 . 2010-08-27 05:57 99840 c:\windows\system32\dllcache\srvsvc.dll
    + 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
    + 2007-01-14 14:46 . 2008-04-14 00:12 38400 c:\windows\system32\dllcache\pchsvc.dll
    + 2001-08-23 12:00 . 2011-09-26 18:41 20480 c:\windows\system32\dllcache\oleaccrc.dll
    + 2001-08-23 12:00 . 2010-11-02 15:17 40960 c:\windows\system32\dllcache\ndproxy.sys
    + 2011-09-29 19:25 . 2011-07-08 14:02 10496 c:\windows\system32\dllcache\ndistapi.sys
    + 2004-08-04 06:56 . 2011-08-22 23:48 66560 c:\windows\system32\dllcache\mshtmled.dll
    - 2004-08-04 06:56 . 2009-03-08 11:31 66560 c:\windows\system32\dllcache\mshtmled.dll
    + 2009-04-05 21:40 . 2011-08-22 23:48 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    - 2009-04-05 21:40 . 2010-06-24 12:21 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    + 2004-08-04 06:56 . 2011-08-22 23:48 43520 c:\windows\system32\dllcache\licmgr10.dll
    - 2004-08-04 06:56 . 2010-06-24 12:21 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2004-08-04 06:56 . 2011-08-22 23:48 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2007-01-14 14:46 . 2010-11-18 18:12 81920 c:\windows\system32\dllcache\isign32.dll
    - 2007-01-14 15:25 . 2008-04-13 18:45 60160 c:\windows\system32\dllcache\drmk.sys
    + 2007-01-14 15:25 . 2008-04-13 19:45 60160 c:\windows\system32\dllcache\drmk.sys
    + 2009-04-20 17:17 . 2009-04-20 17:17 45568 c:\windows\system32\dllcache\dnsrslvr.dll
    + 2004-08-04 06:56 . 2008-04-14 00:11 23552 c:\windows\system32\dllcache\dmserver.dll
    + 2009-12-14 07:08 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll
    - 2009-12-14 07:08 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
    + 2004-08-04 06:56 . 2011-04-26 11:07 33280 c:\windows\system32\csrsrv.dll
    - 2004-08-04 06:56 . 2009-12-14 07:08 33280 c:\windows\system32\csrsrv.dll
    + 2008-09-30 23:45 . 2011-07-14 07:48 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2008-09-30 23:45 . 2010-02-01 01:59 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2010-12-18 19:56 . 2011-07-14 07:48 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2010-09-22 16:43 . 2010-09-22 16:43 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
    - 2010-03-23 12:31 . 2010-03-23 12:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
    - 2010-04-01 18:42 . 2010-04-01 18:42 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
    + 2011-07-08 21:00 . 2011-07-08 21:00 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
    - 2010-03-31 21:51 . 2010-03-31 21:51 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
    + 2011-07-07 19:04 . 2011-07-07 19:04 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
    - 2010-03-31 21:51 . 2010-03-31 21:51 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
    + 2011-07-07 19:04 . 2011-07-07 19:04 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
    + 2011-07-07 19:03 . 2011-07-07 19:03 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
    - 2010-03-31 21:51 . 2010-03-31 21:51 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
    + 2011-07-07 20:09 . 2011-07-07 20:09 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
    - 2010-03-31 22:32 . 2010-03-31 22:32 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
    + 2011-07-07 20:09 . 2011-07-07 20:09 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
    - 2010-03-31 22:32 . 2010-03-31 22:32 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
    + 2011-02-22 20:54 . 2011-02-22 20:54 22016 c:\windows\Installer\47966c.msi
    + 2011-02-22 20:52 . 2011-02-22 20:52 22528 c:\windows\Installer\479662.msi
    + 2011-02-22 20:52 . 2011-02-22 20:52 27648 c:\windows\Installer\47965d.msi
    + 2011-03-15 08:55 . 2011-03-15 08:55 83456 c:\windows\Installer\27c5c8.msi
    + 2011-02-22 20:50 . 2011-02-22 20:50 10134 c:\windows\Installer\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}\ARPPRODUCTICON.exe
    + 2011-02-22 20:51 . 2011-02-22 20:51 10134 c:\windows\Installer\{D1A19B02-817E-4296-A45B-07853FD74D57}\ARPPRODUCTICON.exe
    + 2011-02-22 20:50 . 2011-02-22 20:50 10134 c:\windows\Installer\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}\ARPPRODUCTICON.exe
    + 2008-05-25 03:41 . 2011-07-24 06:31 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
    - 2008-05-25 03:41 . 2010-08-19 09:40 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
    - 2008-05-25 03:41 . 2010-08-19 09:40 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
    + 2008-05-25 03:41 . 2011-07-24 06:31 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
    - 2008-05-25 03:41 . 2010-08-19 09:40 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
    + 2008-05-25 03:41 . 2011-07-24 06:31 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
    + 2008-05-25 03:41 . 2011-07-24 06:31 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
    - 2008-05-25 03:41 . 2010-08-19 09:40 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
    + 2008-05-25 03:41 . 2011-07-24 06:31 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
    - 2008-05-25 03:41 . 2010-08-19 09:40 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
    + 2008-05-25 03:41 . 2011-07-24 06:31 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
    - 2008-05-25 03:41 . 2010-08-19 09:40 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
    - 2008-05-25 03:41 . 2010-08-19 09:40 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
    + 2008-05-25 03:41 . 2011-07-24 06:31 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
    + 2011-09-30 08:04 . 2011-09-30 08:04 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
    - 2010-08-19 09:32 . 2010-08-19 09:32 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
    + 2010-06-03 21:03 . 2011-10-31 10:18 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
    - 2010-06-03 21:03 . 2010-06-03 21:03 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
    - 2010-08-10 19:39 . 2010-08-10 19:39 58945 c:\windows\Installer\{6412CECE-8172-4BE5-935B-6CECACD2CA87}\wlmail.exe
    + 2011-03-15 08:55 . 2011-03-15 08:55 58945 c:\windows\Installer\{6412CECE-8172-4BE5-935B-6CECACD2CA87}\wlmail.exe
    + 2011-02-22 20:51 . 2011-02-22 20:51 10134 c:\windows\Installer\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}\ARPPRODUCTICON.exe
    + 2011-02-22 20:53 . 2011-02-22 20:53 10134 c:\windows\Installer\{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}\ARPPRODUCTICON.exe
    + 2011-02-22 20:50 . 2011-02-22 20:50 10134 c:\windows\Installer\{08D2E121-7F6A-43EB-97FD-629B44903403}\ARPPRODUCTICON.exe
    + 2011-02-22 20:51 . 2011-02-22 20:51 10134 c:\windows\Installer\{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}\ARPPRODUCTICON.exe
    + 2010-09-23 11:47 . 2010-09-23 11:47 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\reader_sl.exe
    + 2010-09-23 10:03 . 2010-09-23 10:03 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\eula.exe
    + 2010-09-21 06:07 . 2010-09-21 06:07 70584 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\adobeextractfiles.dll
    + 2010-09-23 09:52 . 2010-09-23 09:52 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrotextextractor.exe
    + 2010-09-23 01:12 . 2010-09-23 01:12 15800 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32Info.exe
    + 2010-09-21 05:01 . 2009-05-26 11:40 17272 c:\windows\ie8updates\KB982664-IE8\spmsg.dll
    + 2010-09-21 05:01 . 2009-05-26 11:40 26488 c:\windows\ie8updates\KB982664-IE8\spcustom.dll
    + 2010-09-21 05:01 . 2009-03-08 11:33 12288 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
    + 2010-09-21 05:01 . 2008-07-08 13:02 17272 c:\windows\ie8updates\KB982381-IE8\spmsg.dll
    + 2010-09-21 05:01 . 2008-07-08 13:02 26488 c:\windows\ie8updates\KB982381-IE8\spcustom.dll
    + 2010-09-21 05:01 . 2009-03-08 11:31 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
    - 2010-06-10 21:54 . 2010-02-25 06:24 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
    + 2010-09-21 05:01 . 2009-03-08 11:33 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
    - 2010-06-10 21:54 . 2010-02-25 06:24 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
    + 2010-09-27 10:30 . 2009-05-26 11:40 17272 c:\windows\ie8updates\KB981332-IE8\spmsg.dll
    + 2010-09-27 10:30 . 2009-05-26 11:40 26488 c:\windows\ie8updates\KB981332-IE8\spcustom.dll
    + 2010-09-27 10:30 . 2008-07-08 13:02 17272 c:\windows\ie8updates\KB976662-IE8\spmsg.dll
    + 2010-09-27 10:30 . 2008-07-08 13:02 26488 c:\windows\ie8updates\KB976662-IE8\spcustom.dll
    + 2010-09-27 10:29 . 2008-07-08 13:02 17272 c:\windows\ie8updates\KB971961-IE8\spmsg.dll
    + 2010-09-27 10:29 . 2008-07-08 13:02 26488 c:\windows\ie8updates\KB971961-IE8\spcustom.dll
    + 2011-10-31 10:06 . 2011-06-23 18:36 12800 c:\windows\ie8updates\KB2586448-IE8\xpshims.dll
    + 2011-10-31 10:06 . 2011-06-23 18:36 66560 c:\windows\ie8updates\KB2586448-IE8\mshtmled.dll
    + 2011-10-31 10:06 . 2011-06-23 18:36 55296 c:\windows\ie8updates\KB2586448-IE8\msfeedsbs.dll
    + 2011-10-31 10:06 . 2011-06-23 18:36 43520 c:\windows\ie8updates\KB2586448-IE8\licmgr10.dll
    + 2011-10-31 10:06 . 2011-06-23 18:36 25600 c:\windows\ie8updates\KB2586448-IE8\jsproxy.dll
    + 2011-09-30 08:00 . 2011-04-25 16:11 12800 c:\windows\ie8updates\KB2559049-IE8\xpshims.dll
    + 2011-09-30 08:00 . 2011-04-25 16:11 66560 c:\windows\ie8updates\KB2559049-IE8\mshtmled.dll
    + 2011-09-30 08:00 . 2011-04-25 16:11 55296 c:\windows\ie8updates\KB2559049-IE8\msfeedsbs.dll
    + 2011-09-30 08:00 . 2011-04-25 16:11 43520 c:\windows\ie8updates\KB2559049-IE8\licmgr10.dll
    + 2011-09-30 08:00 . 2011-04-25 16:11 25600 c:\windows\ie8updates\KB2559049-IE8\jsproxy.dll
    + 2011-07-11 21:49 . 2011-02-22 23:06 12800 c:\windows\ie8updates\KB2530548-IE8\xpshims.dll
    + 2011-07-11 21:49 . 2011-02-22 23:06 66560 c:\windows\ie8updates\KB2530548-IE8\mshtmled.dll
    + 2011-07-11 21:49 . 2011-02-22 23:06 55296 c:\windows\ie8updates\KB2530548-IE8\msfeedsbs.dll
    + 2011-07-11 21:49 . 2011-02-22 23:06 43520 c:\windows\ie8updates\KB2530548-IE8\licmgr10.dll
    + 2011-07-11 21:49 . 2011-02-22 23:06 25600 c:\windows\ie8updates\KB2530548-IE8\jsproxy.dll
    + 2011-04-17 02:29 . 2010-12-20 23:59 12800 c:\windows\ie8updates\KB2497640-IE8\xpshims.dll
    + 2011-04-17 02:29 . 2010-12-20 23:59 66560 c:\windows\ie8updates\KB2497640-IE8\mshtmled.dll
    + 2011-04-17 02:29 . 2010-12-20 23:59 55296 c:\windows\ie8updates\KB2497640-IE8\msfeedsbs.dll
    + 2011-04-17 02:29 . 2010-12-20 23:59 43520 c:\windows\ie8updates\KB2497640-IE8\licmgr10.dll
    + 2011-04-17 02:29 . 2010-12-20 23:59 25600 c:\windows\ie8updates\KB2497640-IE8\jsproxy.dll
    + 2011-02-09 04:04 . 2010-11-06 00:26 12800 c:\windows\ie8updates\KB2482017-IE8\xpshims.dll
    + 2011-02-09 04:04 . 2010-11-06 00:26 66560 c:\windows\ie8updates\KB2482017-IE8\mshtmled.dll
    + 2011-02-09 04:04 . 2010-11-06 00:26 55296 c:\windows\ie8updates\KB2482017-IE8\msfeedsbs.dll
    + 2011-02-09 04:04 . 2010-11-06 00:26 43520 c:\windows\ie8updates\KB2482017-IE8\licmgr10.dll
    + 2011-02-09 04:04 . 2010-11-06 00:26 25600 c:\windows\ie8updates\KB2482017-IE8\jsproxy.dll
    + 2011-07-11 21:05 . 2010-06-18 11:39 16896 c:\windows\ie8updates\KB2447568-IE8\iecompat.dll
    + 2011-01-06 20:39 . 2010-06-24 12:22 12800 c:\windows\ie8updates\KB2416400-IE8\xpshims.dll
    + 2011-01-06 20:39 . 2009-03-08 11:31 66560 c:\windows\ie8updates\KB2416400-IE8\mshtmled.dll
    + 2011-01-06 20:39 . 2010-06-24 12:21 55296 c:\windows\ie8updates\KB2416400-IE8\msfeedsbs.dll
    + 2011-01-06 20:39 . 2009-03-08 11:34 43008 c:\windows\ie8updates\KB2416400-IE8\licmgr10.dll
    + 2011-01-06 20:39 . 2010-06-24 12:21 25600 c:\windows\ie8updates\KB2416400-IE8\jsproxy.dll
    + 2010-09-21 05:01 . 2010-05-06 10:41 12800 c:\windows\ie8updates\KB2183461-IE8\xpshims.dll
    - 2010-08-19 09:36 . 2010-05-06 10:41 12800 c:\windows\ie8updates\KB2183461-IE8\xpshims.dll
    + 2010-09-21 05:02 . 2009-05-26 09:01 17272 c:\windows\ie8updates\KB2183461-IE8\spmsg.dll
    + 2010-09-21 05:02 . 2009-05-26 09:01 26488 c:\windows\ie8updates\KB2183461-IE8\spcustom.dll
    - 2010-08-19 09:36 . 2010-05-06 10:41 55296 c:\windows\ie8updates\KB2183461-IE8\msfeedsbs.dll
    + 2010-09-21 05:01 . 2010-05-06 10:41 55296 c:\windows\ie8updates\KB2183461-IE8\msfeedsbs.dll
    - 2010-08-19 09:36 . 2010-05-06 10:41 25600 c:\windows\ie8updates\KB2183461-IE8\jsproxy.dll
    + 2010-09-21 05:01 . 2010-05-06 10:41 25600 c:\windows\ie8updates\KB2183461-IE8\jsproxy.dll
    - 2009-07-02 08:50 . 2009-03-08 21:23 58464 c:\windows\ie8\spuninst\iecustom.dll
    + 2010-09-21 05:00 . 2009-03-08 21:23 58464 c:\windows\ie8\spuninst\iecustom.dll
    + 2010-09-21 04:59 . 2009-04-29 04:56 44544 c:\windows\ie8\pngfilt.dll
    - 2009-07-02 08:49 . 2009-04-29 04:56 44544 c:\windows\ie8\pngfilt.dll
    - 2009-07-02 08:49 . 2006-10-17 19:28 48128 c:\windows\ie8\mshtmler.dll
    + 2010-09-21 04:59 . 2006-10-17 19:28 48128 c:\windows\ie8\mshtmler.dll
    + 2010-09-21 04:59 . 2006-10-17 19:56 45568 c:\windows\ie8\mshta.exe
    - 2009-07-02 08:49 . 2006-10-17 19:56 45568 c:\windows\ie8\mshta.exe
    - 2009-07-02 08:49 . 2006-10-17 19:58 12288 c:\windows\ie8\msfeedssync.exe
    + 2010-09-21 04:59 . 2006-10-17 19:58 12288 c:\windows\ie8\msfeedssync.exe
    + 2010-09-21 04:59 . 2009-04-29 04:55 52224 c:\windows\ie8\msfeedsbs.dll
    - 2009-07-02 08:49 . 2009-04-29 04:55 52224 c:\windows\ie8\msfeedsbs.dll
    + 2010-09-21 04:59 . 2006-10-17 20:05 40960 c:\windows\ie8\licmgr10.dll
    - 2009-07-02 08:49 . 2006-10-17 20:05 40960 c:\windows\ie8\licmgr10.dll
    - 2009-07-02 08:49 . 2009-04-29 04:55 27648 c:\windows\ie8\jsproxy.dll
    + 2010-09-21 04:59 . 2009-04-29 04:55 27648 c:\windows\ie8\jsproxy.dll
    - 2009-07-02 08:49 . 2006-11-07 11:26 92672 c:\windows\ie8\inseng.dll
    + 2010-09-21 04:59 . 2006-11-07 11:26 92672 c:\windows\ie8\inseng.dll
    - 2009-07-02 08:49 . 2006-10-17 19:57 36352 c:\windows\ie8\imgutil.dll
    + 2010-09-21 04:59 . 2006-10-17 19:57 36352 c:\windows\ie8\imgutil.dll
    - 2009-07-02 08:49 . 2006-11-07 11:26 55296 c:\windows\ie8\iesetup.dll
    + 2010-09-21 04:59 . 2006-11-07 11:26 55296 c:\windows\ie8\iesetup.dll
    - 2009-07-02 08:49 . 2009-04-29 04:55 44544 c:\windows\ie8\iernonce.dll
    + 2010-09-21 04:59 . 2009-04-29 04:55 44544 c:\windows\ie8\iernonce.dll
    + 2010-09-21 04:59 . 2009-04-29 04:55 78336 c:\windows\ie8\ieencode.dll
    - 2009-07-02 08:49 . 2009-04-29 04:55 78336 c:\windows\ie8\ieencode.dll
    + 2010-09-21 04:59 . 2009-04-28 09:05 70656 c:\windows\ie8\ie4uinit.exe
    - 2009-07-02 08:49 . 2009-04-28 09:05 70656 c:\windows\ie8\ie4uinit.exe
    + 2010-09-21 04:59 . 2009-04-29 04:55 63488 c:\windows\ie8\icardie.dll
    - 2009-07-02 08:49 . 2009-04-29 04:55 63488 c:\windows\ie8\icardie.dll
    + 2010-09-21 04:59 . 2006-10-17 19:44 60416 c:\windows\ie8\hmmapi.dll
    - 2009-07-02 08:49 . 2006-10-17 19:44 60416 c:\windows\ie8\hmmapi.dll
    + 2010-09-21 04:59 . 2008-04-14 00:11 35328 c:\windows\ie8\corpol.dll
    - 2009-07-02 08:49 . 2008-04-14 00:11 35328 c:\windows\ie8\corpol.dll
    - 2009-07-02 08:49 . 2006-11-07 11:26 71680 c:\windows\ie8\admparse.dll
    + 2010-09-21 04:59 . 2006-11-07 11:26 71680 c:\windows\ie8\admparse.dll
    + 2011-10-31 10:01 . 2011-10-31 10:01 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_7f2b8390\System.Drawing.Design.dll
    + 2011-10-31 10:00 . 2011-10-31 10:00 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_0fa86380\CustomMarshalers.dll
    + 2011-11-01 06:49 . 2011-11-01 06:49 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\1ee639a35730f580f0266d2466d3976d\WindowsLiveWriter.ni.exe
    + 2011-11-01 06:51 . 2011-11-01 06:51 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4490f2c7ba373caac054470763d7081d\WindowsLive.Writer.Api.ni.dll
    + 2011-10-31 15:55 . 2011-10-31 15:55 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll
    + 2011-11-01 19:58 . 2011-11-01 19:58 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\6c334564da041df8fb75415f2d503224\System.Windows.Presentation.ni.dll
    + 2011-11-01 19:58 . 2011-11-01 19:58 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a54a122f1070ab71931dd9679ddd8e90\System.Web.DynamicData.Design.ni.dll
    + 2011-11-01 06:53 . 2011-11-01 06:53 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ac92806d5bd508eb25f1b4b73a36b101\System.ComponentModel.DataAnnotations.ni.dll
    + 2011-11-01 06:53 . 2011-11-01 06:53 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\e6a9cd66d11a21776dbf425e8e28099c\System.AddIn.Contract.ni.dll
    + 2011-10-31 10:17 . 2011-10-31 10:17 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\66873b557d5c7013e4c630361473b0c2\PresentationFontCache.ni.exe
    + 2011-10-31 10:16 . 2011-10-31 10:16 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\5b30652a7b802199984f93b5e414260f\PresentationCFFRasterizer.ni.dll
    + 2011-11-01 06:53 . 2011-11-01 06:53 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\a615508098c5f4f5a34e89d22527c9de\Microsoft.WSMan.Runtime.ni.dll
    + 2011-11-01 06:53 . 2011-11-01 06:53 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\6fe0ec64be50db1d60d4b6f1ef914215\Microsoft.WSMan.Management.resources.ni.dll
    + 2011-11-01 19:58 . 2011-11-01 19:58 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\eaa8d72317e5b8047e413939cc71ffba\Microsoft.Vsa.ni.dll
    + 2011-11-01 06:50 . 2011-11-01 06:50 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\a140509b1342934fc5e58ae22ac9696c\Microsoft.VisualC.ni.dll
    + 2011-11-01 06:52 . 2011-11-01 06:52 18432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\f336ce6e2c551ae93c93f92cf60677bb\Microsoft.PowerShell.Commands.Diagnostics.resources.ni.dll
    + 2011-11-01 06:53 . 2011-11-01 06:53 36352 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\d66515e04af07be267ca1d1b2b9a1113\Microsoft.PowerShell.GPowerShell.resources.ni.dll
    + 2011-11-01 06:52 . 2011-11-01 06:52 45568 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\caec9a9b0ae96df2e324cde6ebcac3e7\Microsoft.PowerShell.Commands.Utility.resources.ni.dll
    + 2011-11-01 06:52 . 2011-11-01 06:52 67072 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\c44cda92e7a0bc4224cb54409aab05f1\Microsoft.PowerShell.Editor.resources.ni.dll
    + 2011-11-01 06:53 . 2011-11-01 06:53 16896 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7891b4f8446137c93298b36129ee43b4\Microsoft.PowerShell.Security.resources.ni.dll
    + 2011-11-01 06:52 . 2011-11-01 06:52 38912 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\73e9eadf2fc234ff59c7297a4a96982b\Microsoft.PowerShell.ConsoleHost.resources.ni.dll
    + 2011-11-01 06:53 . 2011-11-01 06:53 24576 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\65632f4fe9504960d242e8a7e88be8f5\Microsoft.PowerShell.GraphicalHost.resources.ni.dll
    + 2011-11-01 06:52 . 2011-11-01 06:52 31744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\384f30e8714277e4c61af987d2e2e017\Microsoft.PowerShell.Commands.Management.resources.ni.dll
    + 2011-11-01 06:51 . 2011-11-01 06:51 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\aefe683674c97a998f4e908c1a7ee7c6\Microsoft.Build.Framework.ni.dll
    + 2011-11-01 06:52 . 2011-11-01 06:52 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\845eef4d09f28da6ee05d99f93c90f6e\Microsoft.Build.Framework.ni.dll
    + 2011-11-01 06:52 . 2011-11-01 06:52 14848 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Backgroun#\f667da1d215cd7d804c2e57a16aeb5e1\Microsoft.BackgroundIntelligentTransfer.Management.resources.ni.dll
    + 2011-11-01 06:52 . 2011-11-01 06:52 91648 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Backgroun#\17fc30ccabf04ef1cf60a571067bc6dc\Microsoft.BackgroundIntelligentTransfer.Management.ni.dll
    + 2011-11-01 06:51 . 2011-11-01 06:51 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\ab7ce2d94ca725c3889a4e3c1ee88ece\dfsvc.ni.exe
    + 2011-10-31 16:04 . 2011-10-31 16:04 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2011-10-31 10:15 . 2011-10-31 10:15 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2011-07-11 21:00 . 2011-07-11 21:00 13824 c:\windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    + 2011-07-11 21:00 . 2011-07-11 21:00 69632 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
    + 2011-07-11 21:00 . 2011-07-11 21:00 16896 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.GraphicalHost.resources.dll
    + 2011-07-11 21:00 . 2011-07-11 21:00 40960 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.GPowerShell.resources.dll
    + 2011-07-11 21:00 . 2011-07-11 21:00 69632 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Editor.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Editor.resources.dll
    + 2011-07-11 21:00 . 2011-07-11 21:00 40960 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.resources.dll
    + 2011-07-11 21:00 . 2011-07-11 21:00 49152 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.resources.dll
    + 2011-07-11 21:00 . 2011-07-11 21:00 36864 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.resources.dll
    + 2011-07-11 21:00 . 2011-07-11 21:00 10752 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.resources.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2011-07-11 21:00 . 2011-07-11 21:00 57344 c:\windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2011-10-31 10:00 . 2011-10-31 10:00 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
    - 2010-06-10 21:56 . 2010-06-10 21:56 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
    + 2011-07-11 20:59 . 2001-08-23 12:00 16896 c:\windows\$NtUninstallKB971513$\oleaccrc.dll
    + 2011-09-30 08:08 . 2010-11-03 13:12 46080 c:\windows\$NtUninstallKB2570791$\tzchange.exe
    + 2011-09-30 08:08 . 2011-07-09 00:32 16896 c:\windows\$NtUninstallKB2570791$\spuninst\tzchange.dll
    + 2011-09-30 07:59 . 2008-04-13 18:57 10112 c:\windows\$NtUninstallKB2566454$\ndistapi.sys
    + 2011-04-17 02:08 . 2008-04-14 00:11 45568 c:\windows\$NtUninstallKB2509553$\dnsrslvr.dll
    + 2011-07-24 06:30 . 2010-12-09 14:30 33280 c:\windows\$NtUninstallKB2507938$\csrsrv.dll
    + 2011-02-09 04:03 . 2009-12-14 07:08 33280 c:\windows\$NtUninstallKB2476687$\csrsrv.dll
    + 2011-01-06 20:37 . 2010-06-21 14:46 46080 c:\windows\$NtUninstallKB2443685$\tzchange.exe
    + 2011-01-06 20:37 . 2010-11-05 05:57 16896 c:\windows\$NtUninstallKB2443685$\spuninst\tzchange.dll
    + 2011-01-06 20:40 . 2008-04-14 00:11 81920 c:\windows\$NtUninstallKB2443105$\isign32.dll
    + 2011-01-06 20:39 . 2008-04-13 18:57 40576 c:\windows\$NtUninstallKB2440591$\ndproxy.sys
    + 2011-01-06 20:33 . 2008-04-14 00:12 46080 c:\windows\$NtUninstallKB2423089$\wab.exe
    + 2010-09-20 07:18 . 2008-04-14 00:12 57856 c:\windows\$NtUninstallKB2347290$\spoolsv.exe
    + 2011-01-06 20:41 . 2008-04-14 00:12 96768 c:\windows\$NtUninstallKB2345886$\srvsvc.dll
    + 2010-10-08 02:03 . 2010-04-21 13:28 46080 c:\windows\$NtUninstallKB2158563$\tzchange.exe
    + 2010-10-08 02:03 . 2010-06-23 00:54 16896 c:\windows\$NtUninstallKB2158563$\spuninst\tzchange.dll
    + 2010-09-20 07:17 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB982802\update\spcustom.dll
    + 2010-09-20 07:17 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB982802\spmsg.dll
    + 2010-09-21 04:41 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB982664-IE8\update\spcustom.dll
    + 2010-09-21 04:41 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB982664-IE8\spmsg.dll
    + 2010-09-21 04:31 . 2010-06-18 11:05 16896 c:\windows\$hf_mig$\KB982664-IE8\SP3QFE\iecompat.dll
    + 2011-01-06 20:39 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB982132\update\spcustom.dll
    + 2011-01-06 20:39 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB982132\spmsg.dll
    + 2010-09-20 07:17 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB981322\update\spcustom.dll
    + 2010-09-20 07:17 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB981322\spmsg.dll
    + 2011-01-06 20:37 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB979687\update\spcustom.dll
    + 2011-01-06 20:37 . 2009-05-26 09:01 17272 c:\windows\$hf_mig$\KB979687\spmsg.dll
    + 2011-03-02 10:55 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971029\update\spcustom.dll
    + 2011-03-02 10:55 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971029\spmsg.dll
    + 2011-09-30 08:03 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2616676-v2\update\spcustom.dll
    + 2011-09-30 08:03 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2616676-v2\spmsg.dll
    + 2011-09-30 08:03 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2570947\update\spcustom.dll
    + 2011-09-30 08:03 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2570947\spmsg.dll
    + 2011-09-30 08:03 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2570222\update\spcustom.dll
    + 2011-09-30 08:03 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2570222\spmsg.dll
    + 2011-09-30 08:04 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2567680\update\spcustom.dll
    + 2011-09-30 08:04 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2567680\spmsg.dll
    + 2011-09-30 07:59 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2566454\update\spcustom.dll
    + 2011-09-30 07:59 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2566454\spmsg.dll
    + 2011-09-29 19:25 . 2011-07-08 13:51 10496 c:\windows\$hf_mig$\KB2566454\SP3QFE\ndistapi.sys
    + 2011-09-30 07:59 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2562937\update\spcustom.dll
    + 2011-09-30 07:59 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2562937\spmsg.dll
    + 2011-09-30 08:00 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2559049-IE8\update\spcustom.dll
    + 2011-09-30 08:00 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2559049-IE8\spmsg.dll
    + 2011-09-29 19:25 . 2011-06-23 18:33 12800 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\xpshims.dll
    + 2011-09-29 19:25 . 2011-06-23 18:33 66560 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mshtmled.dll
    + 2011-09-29 19:25 . 2011-06-23 18:33 55296 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\msfeedsbs.dll
    + 2011-09-29 19:25 . 2011-06-23 18:33 43520 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\licmgr10.dll
    + 2011-09-29 19:25 . 2011-06-23 18:33 25600 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\jsproxy.dll
    + 2011-07-24 06:28 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2555917\update\spcustom.dll
    + 2011-07-24 06:28 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2555917\spmsg.dll
    + 2011-07-11 21:15 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2544893\update\spcustom.dll
    + 2011-07-11 21:15 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2544893\spmsg.dll
    + 2011-07-11 21:44 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2544521-IE8\update\spcustom.dll
    + 2011-07-11 21:44 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2544521-IE8\spmsg.dll
    + 2011-07-11 22:09 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2541763\update\spcustom.dll
    + 2011-07-11 22:09 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2541763\spmsg.dll
    + 2011-07-11 21:24 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2536276\update\spcustom.dll
    + 2011-07-11 21:24 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2536276\spmsg.dll
    + 2011-09-30 08:04 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2536276-v2\update\spcustom.dll
    + 2011-09-30 08:04 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2536276-v2\spmsg.dll
    + 2011-07-11 21:19 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2535512\update\spcustom.dll
    + 2011-07-11 21:19 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2535512\spmsg.dll
    + 2011-07-11 21:49 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2530548-IE8\update\spcustom.dll
    + 2011-07-11 21:49 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2530548-IE8\spmsg.dll
    + 2011-07-11 21:44 . 2011-04-25 16:09 12800 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\xpshims.dll
    + 2011-07-11 21:44 . 2011-04-25 16:09 66560 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\mshtmled.dll
    + 2011-07-11 21:44 . 2011-04-25 16:09 55296 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\msfeedsbs.dll
    + 2011-07-11 21:44 . 2011-04-25 16:09 43520 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\licmgr10.dll
    + 2011-07-11 21:44 . 2011-04-25 16:09 25600 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\jsproxy.dll
    + 2011-04-02 00:26 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2524375\update\spcustom.dll
    + 2011-04-02 00:26 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2524375\spmsg.dll
    + 2011-04-17 02:16 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2511455\update\spcustom.dll
    + 2011-04-17 02:16 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2511455\spmsg.dll
    + 2011-04-17 02:08 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2510531-IE8\update\spcustom.dll
    + 2011-04-17 02:08 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2510531-IE8\spmsg.dll
    + 2011-04-17 02:08 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2509553\update\spcustom.dll
    + 2011-04-17 02:08 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2509553\spmsg.dll
    + 2009-04-20 17:06 . 2009-04-20 17:06 45568 c:\windows\$hf_mig$\KB2509553\SP3QFE\dnsrslvr.dll
    + 2011-04-17 02:18 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2508429\update\spcustom.dll
    + 2011-04-17 02:18 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2508429\spmsg.dll
    + 2011-04-17 02:19 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2508272\update\spcustom.dll
    + 2011-04-17 02:19 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2508272\spmsg.dll
    + 2011-07-24 06:31 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2507938\update\spcustom.dll
    + 2011-07-24 06:31 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2507938\spmsg.dll
    + 2011-04-26 11:02 . 2011-04-26 11:02 33280 c:\windows\$hf_mig$\KB2507938\SP3QFE\csrsrv.dll
    + 2011-04-17 02:19 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2507618\update\spcustom.dll
    + 2011-04-17 02:19 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2507618\spmsg.dll
    + 2011-04-17 02:33 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2506223\update\spcustom.dll
    + 2011-04-17 02:33 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2506223\spmsg.dll
    + 2011-04-17 02:16 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2506212\update\spcustom.dll
    + 2011-04-17 02:16 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2506212\spmsg.dll
    + 2011-07-11 21:39 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2503665\update\spcustom.dll
    + 2011-07-11 21:39 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2503665\spmsg.dll
    + 2011-04-17 02:19 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2503658\update\spcustom.dll
    + 2011-04-17 02:19 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2503658\spmsg.dll
    + 2011-04-17 02:29 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2497640-IE8\update\spcustom.dll
    + 2011-04-17 02:29 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2497640-IE8\spmsg.dll
    + 2011-04-15 19:03 . 2011-02-22 23:27 12800 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\xpshims.dll
    + 2011-04-15 19:03 . 2011-02-22 23:27 66560 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\mshtmled.dll
    + 2011-04-15 19:03 . 2011-02-22 23:27 55296 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\msfeedsbs.dll
    + 2011-04-15 19:03 . 2011-02-22 23:27 43520 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\licmgr10.dll
    + 2011-04-15 19:03 . 2011-02-22 23:27 25600 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\jsproxy.dll
    + 2011-07-11 21:10 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2492386\update\spcustom.dll
    + 2011-07-11 21:10 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2492386\spmsg.dll
    + 2011-04-17 02:37 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2491683\update\spcustom.dll
    + 2011-04-17 02:37 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2491683\spmsg.dll
    + 2011-04-17 02:35 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2485663\update\spcustom.dll
    + 2011-04-17 02:35 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2485663\spmsg.dll
    + 2011-02-09 04:07 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2485376\update\spcustom.dll
    + 2011-02-09 04:07 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2485376\spmsg.dll
    + 2011-02-09 04:07 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2483185\update\spcustom.dll
    + 2011-02-09 04:07 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2483185\spmsg.dll
    + 2011-02-09 04:04 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2482017-IE8\update\spcustom.dll
    + 2011-02-09 04:04 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2482017-IE8\spmsg.dll
    + 2011-02-09 03:58 . 2010-12-20 23:58 12800 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\xpshims.dll
    + 2011-02-09 03:58 . 2010-12-20 23:58 66560 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtmled.dll
    + 2011-02-09 03:58 . 2010-12-20 23:58 55296 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\msfeedsbs.dll
    + 2011-02-09 03:57 . 2010-12-20 23:58 43520 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\licmgr10.dll
    + 2011-02-09 03:58 . 2010-12-20 23:58 25600 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\jsproxy.dll
    + 2011-03-31 22:42 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2481109\update\spcustom.dll
    + 2011-03-31 22:42 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2481109\spmsg.dll
    + 2011-02-02 07:57 . 2011-02-02 07:57 53248 c:\windows\$hf_mig$\KB2481109\SP3QFE\tsgqec.dll
    + 2011-03-31 22:48 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2479943\update\spcustom.dll
    + 2011-03-31 22:48 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2479943\spmsg.dll
    + 2011-02-09 04:07 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2479628\update\spcustom.dll
    + 2011-02-09 04:07 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2479628\spmsg.dll
    + 2011-02-09 04:08 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2478971\update\spcustom.dll
    + 2011-02-09 04:08 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2478971\spmsg.dll
    + 2011-02-09 04:03 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2478960\update\spcustom.dll
    + 2011-02-09 04:03 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2478960\spmsg.dll
    + 2011-02-09 04:03 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2476687\update\spcustom.dll
    + 2011-02-09 04:03 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2476687\spmsg.dll
    + 2010-12-09 14:29 . 2010-12-09 14:29 33280 c:\windows\$hf_mig$\KB2476687\SP3QFE\csrsrv.dll
    + 2011-07-11 21:33 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2476490\update\spcustom.dll
    + 2011-07-11 21:33 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2476490\spmsg.dll
    + 2011-01-06 20:37 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2467659\update\spcustom.dll
    + 2011-01-06 20:37 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2467659\spmsg.dll
    + 2011-07-11 21:06 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2447568-IE8\update\spcustom.dll
    + 2011-07-11 21:06 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2447568-IE8\spmsg.dll
    + 2011-01-06 20:40 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2443105\update\spcustom.dll
    + 2011-01-06 20:40 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2443105\spmsg.dll
    + 2010-11-18 18:12 . 2010-11-18 18:12 81920 c:\windows\$hf_mig$\KB2443105\SP3QFE\isign32.dll
    + 2011-01-06 20:39 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2440591\update\spcustom.dll
    + 2011-01-06 20:39 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2440591\spmsg.dll
    + 2011-01-06 20:24 . 2010-11-03 05:55 40960 c:\windows\$hf_mig$\KB2440591\SP3QFE\ndproxy.sys
    + 2011-01-06 20:37 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2436673\update\spcustom.dll
    + 2011-01-06 20:37 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2436673\spmsg.dll
    + 2011-01-06 20:33 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2423089\update\spcustom.dll
    + 2011-01-06 20:33 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2423089\spmsg.dll
    + 2011-01-06 20:23 . 2010-10-11 14:55 45568 c:\windows\$hf_mig$\KB2423089\SP3QFE\wab.exe
    + 2011-01-12 10:40 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2419632\update\spcustom.dll
    + 2011-01-12 10:40 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2419632\spmsg.dll
    + 2011-01-06 20:39 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2416400-IE8\update\spcustom.dll
    + 2011-01-06 20:39 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2416400-IE8\spmsg.dll
    + 2011-01-06 20:25 . 2010-11-06 00:27 12800 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\xpshims.dll
    + 2011-01-06 20:25 . 2010-11-06 00:27 66560 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mshtmled.dll
    + 2011-01-06 20:25 . 2010-11-06 00:27 55296 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\msfeedsbs.dll
    + 2011-01-06 20:25 . 2010-11-06 00:27 43520 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\licmgr10.dll
    + 2011-01-06 20:25 . 2010-11-06 00:27 25600 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\jsproxy.dll
    + 2011-02-09 04:03 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2393802\update\spcustom.dll
    + 2011-02-09 03:55 . 2010-12-09 15:15 16896 c:\windows\$hf_mig$\KB2393802\update\mpsyschk.dll
    + 2011-02-09 04:03 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2393802\spmsg.dll
    + 2011-01-06 20:41 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2387149\update\spcustom.dll
    + 2011-01-06 20:41 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2387149\spmsg.dll
    + 2011-01-06 20:31 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2360937\update\spcustom.dll
    + 2011-01-06 20:31 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2360937\spmsg.dll
    + 2010-09-20 07:18 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2347290\update\spcustom.dll
    + 2010-09-20 07:18 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2347290\spmsg.dll
    + 2010-08-17 13:19 . 2010-08-17 13:19 58880 c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
    + 2011-01-06 20:41 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2345886\update\spcustom.dll
    + 2011-01-06 20:41 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2345886\spmsg.dll
    + 2010-08-27 06:05 . 2010-08-27 06:05 99840 c:\windows\$hf_mig$\KB2345886\SP3QFE\srvsvc.dll
    + 2011-01-06 20:41 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2296199\update\spcustom.dll
    + 2011-01-06 20:41 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2296199\spmsg.dll
    + 2010-09-20 07:19 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB2259922\update\spcustom.dll
    + 2010-09-20 07:19 . 2009-05-26 09:01 17272 c:\windows\$hf_mig$\KB2259922\spmsg.dll
    + 2010-09-20 07:14 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2141007\update\spcustom.dll
    + 2010-09-20 07:14 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2141007\spmsg.dll
    + 2010-09-20 07:18 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2121546\update\spcustom.dll
    + 2010-09-20 07:18 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2121546\spmsg.dll
    + 2009-10-09 21:57 . 2009-10-09 21:57 20480 c:\windows\$968930Uinstall_KB968930$\PSCustomSetupUtil.exe
    + 2011-10-31 10:14 . 2011-10-31 10:14 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    + 2009-04-16 05:23 . 2011-02-17 12:32 5120 c:\windows\system32\xpsp4res.dll
    + 2009-10-09 21:56 . 2009-10-09 21:56 2048 c:\windows\system32\winrsmgr.dll
    + 2009-10-09 23:23 . 2009-10-09 23:23 4608 c:\windows\system32\WindowsPowerShell\v1.0\pwrshmsg.dll
    + 2009-10-09 23:23 . 2009-10-09 23:23 4096 c:\windows\system32\WindowsPowerShell\v1.0\powershell_ise.resources.dll
    + 2010-12-29 23:05 . 2008-04-14 00:11 4096 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\ksuser.dll
    + 2010-12-29 23:04 . 2008-04-14 00:11 4096 c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\ksuser.dll
    + 2010-12-29 23:04 . 2008-04-14 00:11 4096 c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\ksuser.dll
    + 2010-12-29 23:04 . 2008-04-14 00:11 4096 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\ksuser.dll
    + 2011-01-02 05:21 . 2007-11-02 22:51 6400 c:\windows\system32\DRVSTORE\motousbnet_F1F6B8D0B008E23D15C7FB6A13B8CAA12F1AA650\motswch.sys
    + 2011-01-02 05:21 . 2007-01-24 05:36 6016 c:\windows\system32\DRVSTORE\motousbnet_F1F6B8D0B008E23D15C7FB6A13B8CAA12F1AA650\motfilt.sys
    + 2011-01-02 05:31 . 2006-07-28 15:10 6144 c:\windows\system32\DRVSTORE\motodrv_3F184E5829BCAF0569D41003B75A0ECD209143B9\mot_ci.dll
    + 2011-01-02 05:31 . 2007-11-02 22:51 6400 c:\windows\system32\DRVSTORE\motccgp_635EF2070D7E2D6CC6C1DFF95BA8C43191DD1F11\motswch.sys
    + 2011-01-02 05:31 . 2007-01-23 02:33 7680 c:\windows\system32\DRVSTORE\motccgp_635EF2070D7E2D6CC6C1DFF95BA8C43191DD1F11\motccgpfl.sys
    + 2009-07-02 08:51 . 2010-10-18 11:10 7680 c:\windows\system32\dllcache\iecompat.dll
    - 2008-05-25 03:41 . 2010-08-19 09:40 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
    + 2008-05-25 03:41 . 2011-07-24 06:31 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
    + 2008-05-25 03:41 . 2011-07-24 06:31 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
    - 2008-05-25 03:41 . 2010-08-19 09:40 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
    - 2008-05-25 03:41 . 2010-08-19 09:40 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
    + 2008-05-25 03:41 . 2011-07-24 06:31 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
    + 2010-09-21 05:01 . 2009-03-08 11:35 2048 c:\windows\ie8updates\KB982664-IE8\iecompat.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    + 2011-07-11 21:00 . 2011-07-11 21:00 7168 c:\windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2011-10-31 10:15 . 2011-10-31 10:15 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2011-07-11 21:00 . 2011-07-11 21:00 9216 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Security.resources.dll
    + 2011-07-11 21:00 . 2011-07-11 21:00 7168 c:\windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.resources.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    + 2010-09-20 07:17 . 2008-05-03 11:55 2560 c:\windows\$NtUninstallKB982802$\xpsp4res.dll
    + 2011-04-17 02:18 . 2010-08-26 12:52 5120 c:\windows\$NtUninstallKB2508429$\xpsp4res.dll
    + 2011-01-06 20:31 . 2010-07-22 05:57 5120 c:\windows\$NtUninstallKB2360937$\xpsp4res.dll
    + 2011-01-06 20:41 . 2010-08-13 12:53 5120 c:\windows\$NtUninstallKB2345886$\xpsp4res.dll
    + 2010-07-22 05:57 . 2010-07-22 05:57 5120 c:\windows\$hf_mig$\KB982802\SP3QFE\xpsp4res.dll
    + 2010-07-12 12:53 . 2010-07-12 12:53 5120 c:\windows\$hf_mig$\KB979687\SP3QFE\xpsp4res.dll
    + 2011-02-17 12:32 . 2011-02-17 12:32 5120 c:\windows\$hf_mig$\KB2508429\SP3QFE\xpsp4res.dll
    + 2011-07-11 21:00 . 2010-10-18 10:39 7680 c:\windows\$hf_mig$\KB2447568-IE8\SP3QFE\iecompat.dll
    + 2011-01-06 20:23 . 2010-08-13 12:53 5120 c:\windows\$hf_mig$\KB2360937\SP3QFE\xpsp4res.dll
    + 2010-08-26 12:52 . 2010-08-26 12:52 5120 c:\windows\$hf_mig$\KB2345886\SP3QFE\xpsp4res.dll
    + 2009-10-09 21:56 . 2009-10-09 21:56 9216 c:\windows\$968930Uinstall_KB968930$\PSSetupNativeUtils.exe
    - 2010-08-19 09:38 . 2010-08-19 09:38 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2011-04-19 05:51 . 2011-04-19 05:51 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
    + 2011-04-19 05:51 . 2011-04-19 05:51 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
    + 2011-04-19 05:51 . 2011-04-19 05:51 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll
    + 2011-01-11 17:59 . 2011-01-11 17:59 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcr90.dll
    + 2011-01-11 17:59 . 2011-01-11 17:59 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcp90.dll
    + 2011-01-11 17:59 . 2011-01-11 17:59 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcm90.dll
    + 2009-07-12 07:02 . 2009-07-12 07:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
    - 2009-07-12 08:02 . 2009-07-12 08:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
    - 2009-07-12 08:02 . 2009-07-12 08:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
    + 2009-07-12 07:02 . 2009-07-12 07:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
    + 2009-07-12 07:05 . 2009-07-12 07:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
    - 2009-07-12 08:05 . 2009-07-12 08:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
    + 2009-06-27 03:07 . 2009-06-27 03:07 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_d494ac0e\msvcr90.dll
    + 2009-06-27 03:07 . 2009-06-27 03:07 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_d494ac0e\msvcp90.dll
    + 2009-06-27 03:10 . 2009-06-27 03:10 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_d494ac0e\msvcm90.dll
    + 2011-04-19 05:51 . 2011-04-19 05:51 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll
    + 2011-01-11 17:59 . 2011-01-11 17:59 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_65b7a93a\atl90.dll
    - 2009-07-12 08:02 . 2009-07-12 08:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
    + 2009-07-12 07:02 . 2009-07-12 07:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
    + 2009-06-27 03:07 . 2009-06-27 03:07 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_35349982\atl90.dll
    + 2011-05-14 08:17 . 2011-05-14 08:17 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
    + 2011-05-14 08:12 . 2011-05-14 08:12 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
    + 2011-05-14 08:11 . 2011-05-14 08:11 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll
    + 2009-10-09 21:56 . 2009-10-09 21:56 209408 c:\windows\system32\WsmWmiPl.dll
    + 2009-10-09 23:22 . 2009-10-09 23:22 368640 c:\windows\system32\WsmRes.dll
    + 2009-10-09 21:56 . 2009-10-09 21:56 139776 c:\windows\system32\WsmAuto.dll
    + 2009-10-09 21:56 . 2009-10-09 21:56 225280 c:\windows\system32\wsmanhttpconfig.exe
    - 2004-08-04 06:56 . 2008-04-14 00:12 293376 c:\windows\system32\winsrv.dll
    + 2004-08-04 06:56 . 2011-06-20 17:44 293376 c:\windows\system32\winsrv.dll
    + 2009-10-09 21:56 . 2009-10-09 21:56 233984 c:\windows\system32\winrscmd.dll
    + 2009-08-01 06:27 . 2009-08-01 06:27 201184 c:\windows\system32\winrm.vbs
    + 2004-08-04 06:56 . 2011-08-22 23:48 916480 c:\windows\system32\wininet.dll
    - 2004-08-04 06:56 . 2010-06-24 12:22 916480 c:\windows\system32\wininet.dll
    + 2009-10-09 23:23 . 2009-10-09 23:23 148480 c:\windows\system32\WindowsPowerShell\v1.0\pspluginwkr.dll
    + 2009-10-09 21:57 . 2009-10-09 21:57 204800 c:\windows\system32\WindowsPowerShell\v1.0\powershell_ise.exe
    + 2009-10-09 21:56 . 2009-10-09 21:56 448000 c:\windows\system32\WindowsPowerShell\v1.0\powershell.exe
    + 2009-10-09 21:57 . 2009-10-09 21:57 112640 c:\windows\system32\WindowsPowerShell\v1.0\Modules\BitsTransfer\microsoft.backgroundintelligenttransfer.management.interop.dll
    + 2009-07-16 17:22 . 2009-07-16 17:22 126976 c:\windows\system32\WindowsPowerShell\v1.0\CompiledComposition.Microsoft.PowerShell.GPowerShell.dll
    + 2009-10-09 23:23 . 2009-10-09 23:23 178176 c:\windows\system32\wevtfwd.dll
    + 2004-08-04 06:56 . 2011-03-04 06:37 420864 c:\windows\system32\vbscript.dll
    - 2004-08-04 06:56 . 2008-04-14 00:12 406016 c:\windows\system32\usp10.dll
    + 2004-08-04 06:56 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll
    + 2004-08-04 06:56 . 2011-08-22 23:48 105984 c:\windows\system32\url.dll
    - 2004-08-04 06:56 . 2009-03-08 11:34 105984 c:\windows\system32\url.dll
    + 2004-08-04 06:56 . 2010-08-27 08:02 119808 c:\windows\system32\t2embed.dll
    - 2004-08-04 06:56 . 2009-10-15 16:28 119808 c:\windows\system32\t2embed.dll
    - 2004-08-04 06:56 . 2008-04-14 00:12 135168 c:\windows\system32\shsvcs.dll
    + 2004-08-04 06:56 . 2009-07-27 23:17 135168 c:\windows\system32\shsvcs.dll
    + 2004-08-04 06:56 . 2011-01-21 14:44 439296 c:\windows\system32\shimgvw.dll
    + 2004-08-04 06:56 . 2011-04-29 17:25 151552 c:\windows\system32\schannel.dll
    + 2004-08-04 06:56 . 2011-02-09 13:53 270848 c:\windows\system32\sbe.dll
    - 2004-08-04 06:56 . 2008-04-14 00:12 270848 c:\windows\system32\sbe.dll
    + 2004-08-04 06:56 . 2010-08-16 08:45 590848 c:\windows\system32\rpcrt4.dll
    + 2010-12-29 23:05 . 2009-08-20 19:18 485920 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nvuhda.exe
    + 2010-12-29 23:05 . 2010-09-07 20:08 100712 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nvhda32.sys
    + 2010-12-29 23:05 . 2009-08-20 19:18 155648 c:\windows\system32\ReinstallBackups\0014\DriverFiles\nvcohda.dll
    + 2010-12-29 23:05 . 2008-04-13 20:19 146048 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\portcls.sys
    + 2010-12-29 23:05 . 2008-04-13 20:16 141056 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\ks.sys
    + 2010-12-29 23:04 . 2009-08-20 19:18 485920 c:\windows\system32\ReinstallBackups\0013\DriverFiles\nvuhda.exe
    + 2010-12-29 23:04 . 2010-09-07 20:08 100712 c:\windows\system32\ReinstallBackups\0013\DriverFiles\nvhda32.sys
    + 2010-12-29 23:04 . 2009-08-20 19:18 155648 c:\windows\system32\ReinstallBackups\0013\DriverFiles\nvcohda.dll
    + 2010-12-29 23:04 . 2008-04-13 20:19 146048 c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\portcls.sys
    + 2010-12-29 23:04 . 2008-04-13 20:16 141056 c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\ks.sys
    + 2010-12-29 23:04 . 2009-08-20 19:18 485920 c:\windows\system32\ReinstallBackups\0012\DriverFiles\nvuhda.exe
    + 2010-12-29 23:04 . 2010-09-07 20:08 100712 c:\windows\system32\ReinstallBackups\0012\DriverFiles\nvhda32.sys
    + 2010-12-29 23:04 . 2009-08-20 19:18 155648 c:\windows\system32\ReinstallBackups\0012\DriverFiles\nvcohda.dll
    + 2010-12-29 23:04 . 2008-04-13 20:19 146048 c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\portcls.sys
    + 2010-12-29 23:04 . 2008-04-13 20:16 141056 c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\ks.sys
    + 2010-12-29 23:04 . 2009-08-20 19:18 485920 c:\windows\system32\ReinstallBackups\0011\DriverFiles\nvuhda.exe
    + 2010-12-29 23:04 . 2009-08-20 19:18 155648 c:\windows\system32\ReinstallBackups\0011\DriverFiles\nvcohda.dll
    + 2010-12-29 23:04 . 2008-04-13 19:19 146048 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\portcls.sys
    + 2010-12-29 23:04 . 2008-04-13 19:16 141056 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\ks.sys
    + 2010-12-29 23:02 . 2009-09-27 23:12 170600 c:\windows\system32\ReinstallBackups\0010\DriverFiles\nvcod.dll
    + 2010-12-29 23:02 . 2009-09-27 23:12 888832 c:\windows\system32\ReinstallBackups\0010\DriverFiles\nvapi.dll
    + 2001-08-23 12:00 . 2011-11-09 16:58 441552 c:\windows\system32\perfh009.dat
    - 2004-08-04 06:56 . 2008-04-14 00:12 551936 c:\windows\system32\oleaut32.dll
    + 2004-08-04 06:56 . 2010-12-20 17:32 551936 c:\windows\system32\oleaut32.dll
    + 2004-08-04 06:56 . 2010-11-09 14:52 249856 c:\windows\system32\odbc32.dll
    - 2004-08-04 06:56 . 2008-04-14 00:12 249856 c:\windows\system32\odbc32.dll
    + 2004-08-04 06:56 . 2011-08-22 23:48 206848 c:\windows\system32\occache.dll
    - 2004-08-04 06:56 . 2010-06-24 12:22 206848 c:\windows\system32\occache.dll
    + 2010-10-16 20:04 . 2010-10-16 20:04 156776 c:\windows\system32\nvsvc32.exe
    + 2010-10-16 20:04 . 2010-10-16 20:04 110696 c:\windows\system32\nvmctray.dll
    + 2010-10-16 20:04 . 2010-10-16 20:04 277608 c:\windows\system32\nvmccs.dll
    + 2010-12-29 23:02 . 2010-09-07 20:08 813672 c:\windows\system32\nvgenco32.dll
    + 2010-12-29 23:03 . 2010-12-29 23:03 240592 c:\windows\system32\nvdrsdb1.bin
    + 2010-12-29 23:03 . 2010-12-29 23:03 240592 c:\windows\system32\nvdrsdb0.bin
    + 2010-12-29 23:02 . 2010-10-16 18:55 888424 c:\windows\system32\nvdispco32.dll
    + 2010-10-16 20:04 . 2010-10-16 20:04 145000 c:\windows\system32\nvcolor.exe
    + 2004-08-04 06:56 . 2010-12-09 15:15 718336 c:\windows\system32\ntdll.dll
    - 2004-08-04 06:56 . 2008-06-20 17:46 245248 c:\windows\system32\mswsock.dll
    + 2004-08-04 06:56 . 2008-06-20 16:02 245248 c:\windows\system32\mswsock.dll
    - 2007-01-14 14:45 . 2008-04-14 00:12 677888 c:\windows\system32\mstsc.exe
    + 2007-01-14 14:45 . 2011-01-27 11:57 677888 c:\windows\system32\mstsc.exe
    - 2004-08-04 06:56 . 2010-06-24 12:22 611840 c:\windows\system32\mstime.dll
    + 2004-08-04 06:56 . 2011-08-22 23:48 611840 c:\windows\system32\mstime.dll
    + 2010-03-05 18:13 . 2010-03-05 18:13 947472 c:\windows\system32\msjava.dll
    + 2006-11-08 05:03 . 2011-08-22 23:48 602112 c:\windows\system32\msfeeds.dll
    + 2009-10-03 06:53 . 2011-05-25 02:14 222080 c:\windows\system32\MpSigStub.exe
    + 2006-10-19 05:47 . 2010-03-30 19:24 317440 c:\windows\system32\mp4sdecd.dll
    - 2006-10-19 05:47 . 2006-10-19 05:47 317440 c:\windows\system32\MP4SDECD.dll
    + 2004-08-04 06:56 . 2011-02-08 13:33 974848 c:\windows\system32\mfc42u.dll
    + 2004-08-04 06:56 . 2011-02-08 13:33 978944 c:\windows\system32\mfc42.dll
    + 2001-08-23 12:00 . 2010-09-18 06:53 953856 c:\windows\system32\mfc40u.dll
    + 2001-08-23 12:00 . 2010-09-18 06:53 954368 c:\windows\system32\mfc40.dll
    + 2011-11-11 09:40 . 2011-11-11 09:40 247968 c:\windows\system32\Macromed\Flash\FlashUtil11e_Plugin.exe
    - 2004-08-04 06:56 . 2009-06-25 08:25 730112 c:\windows\system32\lsasrv.dll
    + 2004-08-04 06:56 . 2010-12-20 17:26 730112 c:\windows\system32\lsasrv.dll
    - 2004-08-04 06:56 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll
    + 2004-08-04 06:56 . 2010-12-22 12:34 301568 c:\windows\system32\kerberos.dll
    - 2004-08-04 06:56 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll
    + 2004-08-04 06:56 . 2011-03-04 06:37 726528 c:\windows\system32\jscript.dll
    + 2011-11-21 22:11 . 2011-11-21 22:11 157472 c:\windows\system32\javaws.exe
    - 2009-10-06 20:42 . 2009-10-06 20:42 145184 c:\windows\system32\javaw.exe
    + 2011-11-21 22:11 . 2011-11-21 22:11 145184 c:\windows\system32\javaw.exe
    - 2009-10-06 20:42 . 2009-10-06 20:42 145184 c:\windows\system32\java.exe
    + 2011-11-21 22:11 . 2011-11-21 22:11 145184 c:\windows\system32\java.exe
    - 2004-08-04 06:56 . 2010-06-24 12:21 184320 c:\windows\system32\iepeers.dll
    + 2004-08-04 06:56 . 2011-08-22 23:48 184320 c:\windows\system32\iepeers.dll
    - 2004-08-04 06:56 . 2010-06-24 12:21 387584 c:\windows\system32\iedkcs32.dll
    + 2004-08-04 06:56 . 2011-08-22 23:48 387584 c:\windows\system32\iedkcs32.dll
    + 2004-08-04 06:56 . 2011-08-22 11:56 174080 c:\windows\system32\ie4uinit.exe
    + 2008-09-24 05:05 . 2011-02-11 13:25 229888 c:\windows\system32\fxscover.exe
    - 2004-08-04 06:56 . 2008-04-14 00:11 186880 c:\windows\system32\encdec.dll
    + 2004-08-04 06:56 . 2011-02-09 13:53 186880 c:\windows\system32\encdec.dll
    + 2006-11-02 15:22 . 2008-03-28 00:27 503008 c:\windows\system32\drivers\wdf01000.sys
    - 2006-11-02 14:22 . 2008-03-27 23:27 503008 c:\windows\system32\drivers\wdf01000.sys
    + 2004-08-04 05:14 . 2011-02-17 13:18 357888 c:\windows\system32\drivers\srv.sys
    + 2009-11-03 07:59 . 2011-06-29 20:26 101720 c:\windows\system32\drivers\SBREDrv.sys
    - 2007-01-14 14:45 . 2008-04-14 00:13 139656 c:\windows\system32\drivers\rdpwd.sys
    + 2007-01-14 14:45 . 2011-06-24 14:10 139656 c:\windows\system32\drivers\rdpwd.sys
    + 2007-01-14 15:25 . 2008-04-13 20:19 146048 c:\windows\system32\drivers\portcls.sys
    - 2007-01-14 15:25 . 2008-04-13 19:19 146048 c:\windows\system32\drivers\portcls.sys
    + 2010-05-27 07:44 . 2010-09-07 20:08 100712 c:\windows\system32\drivers\nvhda32.sys
    + 2004-08-04 05:15 . 2011-04-21 13:37 105472 c:\windows\system32\drivers\mup.sys
    + 2004-08-04 05:15 . 2011-07-15 13:29 456320 c:\windows\system32\drivers\mrxsmb.sys
    - 2004-08-03 23:15 . 2008-04-13 19:16 141056 c:\windows\system32\drivers\ks.sys
    + 2004-08-03 23:15 . 2008-04-13 20:16 141056 c:\windows\system32\drivers\ks.sys
    - 2004-08-04 05:14 . 2008-08-14 10:04 138496 c:\windows\system32\drivers\afd.sys
    + 2004-08-04 05:14 . 2011-08-17 13:49 138496 c:\windows\system32\drivers\afd.sys
    + 2010-10-07 20:23 . 2010-10-07 20:23 197920 c:\windows\system32\dnssdX.dll
    + 2004-08-04 06:56 . 2011-03-03 06:55 149504 c:\windows\system32\dnsapi.dll
    + 2010-10-07 20:23 . 2010-10-07 20:23 107808 c:\windows\system32\dns-sd.exe
    + 2007-01-14 14:45 . 2010-07-12 12:55 218112 c:\windows\system32\dllcache\wordpad.exe
    + 2010-06-18 17:45 . 2011-06-20 17:44 293376 c:\windows\system32\dllcache\winsrv.dll
    - 2009-04-05 21:40 . 2010-06-24 12:22 916480 c:\windows\system32\dllcache\wininet.dll
    + 2009-04-05 21:40 . 2011-08-22 23:48 916480 c:\windows\system32\dllcache\wininet.dll
    + 2007-01-14 14:47 . 2011-04-30 03:01 758784 c:\windows\system32\dllcache\vgx.dll
    + 2004-08-04 06:56 . 2011-03-04 06:37 420864 c:\windows\system32\dllcache\vbscript.dll
    + 2004-08-04 06:56 . 2010-04-16 15:36 406016 c:\windows\system32\dllcache\usp10.dll
    + 2009-04-05 21:40 . 2011-08-22 23:48 105984 c:\windows\system32\dllcache\url.dll
    - 2009-04-05 21:40 . 2009-03-08 11:34 105984 c:\windows\system32\dllcache\url.dll
    + 2011-04-15 19:04 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\tcpip.sys
    - 2004-08-04 06:56 . 2009-10-15 16:28 119808 c:\windows\system32\dllcache\t2embed.dll
    + 2004-08-04 06:56 . 2010-08-27 08:02 119808 c:\windows\system32\dllcache\t2embed.dll
    + 2004-08-04 05:14 . 2011-02-17 13:18 357888 c:\windows\system32\dllcache\srv.sys
    + 2009-07-27 23:17 . 2009-07-27 23:17 135168 c:\windows\system32\dllcache\shsvcs.dll
    - 2009-01-08 01:20 . 2009-12-08 09:23 474112 c:\windows\system32\dllcache\shlwapi.dll
    + 2009-01-08 01:20 . 2009-01-08 01:20 474112 c:\windows\system32\dllcache\shlwapi.dll
    + 2004-08-04 06:56 . 2011-01-21 14:44 439296 c:\windows\system32\dllcache\shimgvw.dll
    + 2009-06-25 08:25 . 2011-04-29 17:25 151552 c:\windows\system32\dllcache\schannel.dll
    + 2004-08-04 06:56 . 2011-02-09 13:53 270848 c:\windows\system32\dllcache\sbe.dll
    + 2009-04-15 14:51 . 2010-08-16 08:45 590848 c:\windows\system32\dllcache\rpcrt4.dll
    + 2011-09-29 19:26 . 2011-06-24 14:10 139656 c:\windows\system32\dllcache\rdpwd.sys
    - 2007-01-14 15:25 . 2008-04-13 19:19 146048 c:\windows\system32\dllcache\portcls.sys
    + 2007-01-14 15:25 . 2008-04-13 20:19 146048 c:\windows\system32\dllcache\portcls.sys
    + 2011-07-11 21:28 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll
    + 2009-10-08 21:57 . 2011-09-26 18:41 220160 c:\windows\system32\dllcache\oleacc.dll
    + 2010-11-09 14:52 . 2010-11-09 14:52 249856 c:\windows\system32\dllcache\odbc32.dll
    - 2009-04-05 21:40 . 2010-06-24 12:22 206848 c:\windows\system32\dllcache\occache.dll
    + 2009-04-05 21:40 . 2011-08-22 23:48 206848 c:\windows\system32\dllcache\occache.dll
    + 2009-04-16 05:24 . 2010-12-09 15:15 718336 c:\windows\system32\dllcache\ntdll.dll
    + 2004-08-04 05:15 . 2011-04-21 13:37 105472 c:\windows\system32\dllcache\mup.sys
    + 2008-06-20 16:02 . 2008-06-20 16:02 245248 c:\windows\system32\dllcache\mswsock.dll
    + 2004-08-04 06:56 . 2011-08-22 23:48 611840 c:\windows\system32\dllcache\mstime.dll
    - 2004-08-04 06:56 . 2010-06-24 12:22 611840 c:\windows\system32\dllcache\mstime.dll
    + 2007-01-14 14:46 . 2010-11-09 14:52 102400 c:\windows\system32\dllcache\msjro.dll
    + 2009-04-05 21:40 . 2011-08-22 23:48 602112 c:\windows\system32\dllcache\msfeeds.dll
    + 2007-01-14 14:46 . 2010-11-09 14:52 200704 c:\windows\system32\dllcache\msadox.dll
    + 2007-01-14 14:46 . 2010-11-09 14:52 180224 c:\windows\system32\dllcache\msadomd.dll
    + 2007-01-14 14:46 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll
    + 2007-01-14 14:46 . 2010-11-09 14:52 143360 c:\windows\system32\dllcache\msadco.dll
    + 2004-08-04 05:15 . 2011-07-15 13:29 456320 c:\windows\system32\dllcache\mrxsmb.sys
    + 2010-03-30 19:24 . 2010-03-30 19:24 317440 c:\windows\system32\dllcache\mp4sdecd.dll
    + 2004-08-04 06:56 . 2011-02-08 13:33 974848 c:\windows\system32\dllcache\mfc42u.dll
    + 2011-01-06 20:25 . 2011-02-08 13:33 978944 c:\windows\system32\dllcache\mfc42.dll
    + 2001-08-23 12:00 . 2010-09-18 06:53 953856 c:\windows\system32\dllcache\mfc40u.dll
    + 2001-08-23 12:00 . 2010-09-18 06:53 954368 c:\windows\system32\dllcache\mfc40.dll
    - 2009-04-16 05:24 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
    + 2009-04-16 05:24 . 2010-12-20 17:26 730112 c:\windows\system32\dllcache\lsasrv.dll
    + 2007-01-14 14:45 . 2011-01-27 11:57 677888 c:\windows\system32\dllcache\lhmstsc.exe
    - 2004-08-03 23:15 . 2008-04-13 19:16 141056 c:\windows\system32\dllcache\ks.sys
    + 2004-08-03 23:15 . 2008-04-13 20:16 141056 c:\windows\system32\dllcache\ks.sys
    + 2009-06-25 08:25 . 2010-12-22 12:34 301568 c:\windows\system32\dllcache\kerberos.dll
    - 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
    - 2004-08-04 06:56 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll
    + 2004-08-04 06:56 . 2011-03-04 06:37 726528 c:\windows\system32\dllcache\jscript.dll
    + 2007-01-14 14:46 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll
    + 2009-07-02 08:50 . 2011-08-22 23:48 247808 c:\windows\system32\dllcache\ieproxy.dll
    - 2009-07-02 08:50 . 2010-06-24 12:21 247808 c:\windows\system32\dllcache\ieproxy.dll
    - 2004-08-04 06:56 . 2010-06-24 12:21 184320 c:\windows\system32\dllcache\iepeers.dll
    + 2004-08-04 06:56 . 2011-08-22 23:48 184320 c:\windows\system32\dllcache\iepeers.dll
    - 2010-06-10 01:38 . 2010-06-24 12:21 743424 c:\windows\system32\dllcache\iedvtool.dll
    + 2010-06-10 01:38 . 2011-08-22 23:48 743424 c:\windows\system32\dllcache\iedvtool.dll
    + 2004-08-04 06:56 . 2011-08-22 23:48 387584 c:\windows\system32\dllcache\iedkcs32.dll
    - 2004-08-04 06:56 . 2010-06-24 12:21 387584 c:\windows\system32\dllcache\iedkcs32.dll
    + 2004-08-04 06:56 . 2011-08-22 11:56 174080 c:\windows\system32\dllcache\ie4uinit.exe
    - 2010-07-18 21:36 . 2010-06-14 14:31 744448 c:\windows\system32\dllcache\helpsvc.exe
    + 2007-01-14 14:46 . 2010-06-14 14:31 744448 c:\windows\system32\dllcache\helpsvc.exe
    + 2008-09-24 05:05 . 2011-02-11 13:25 229888 c:\windows\system32\dllcache\fxscover.exe
    + 2004-08-04 06:56 . 2011-02-09 13:53 186880 c:\windows\system32\dllcache\encdec.dll
    + 2011-03-03 06:55 . 2011-03-03 06:55 149504 c:\windows\system32\dllcache\dnsapi.dll
    + 2011-09-09 09:12 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll
    + 2011-01-06 20:25 . 2010-08-23 16:12 617472 c:\windows\system32\dllcache\comctl32.dll
    + 2010-04-20 05:30 . 2011-02-15 12:56 290432 c:\windows\system32\dllcache\atmfd.dll
    + 2004-08-04 05:14 . 2011-08-17 13:49 138496 c:\windows\system32\dllcache\afd.sys
    + 2004-08-04 06:56 . 2011-03-11 14:10 471552 c:\windows\system32\dllcache\aclayers.dll
    - 2004-08-04 06:56 . 2009-11-21 15:51 471552 c:\windows\system32\dllcache\aclayers.dll
    + 2004-08-04 06:56 . 2010-08-23 16:12 617472 c:\windows\system32\comctl32.dll
    - 2004-08-04 06:56 . 2008-04-14 00:11 617472 c:\windows\system32\comctl32.dll
    + 2004-08-04 06:56 . 2011-02-15 12:56 290432 c:\windows\system32\atmfd.dll
    + 2011-02-11 13:25 . 2011-02-11 13:25 229888 c:\windows\ServicePackFiles\ServicePackCache\i386\fxscover.exe
    + 2010-09-22 16:43 . 2010-09-22 16:43 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
    - 2010-03-23 12:31 . 2010-03-23 12:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
    - 2010-05-11 13:40 . 2010-05-11 13:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
    + 2011-07-07 12:18 . 2011-07-07 12:18 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
    + 2011-03-25 13:15 . 2011-03-25 13:15 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
    - 2010-05-11 13:40 . 2010-05-11 13:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
    + 2011-07-07 12:18 . 2011-07-07 12:18 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
    - 2010-03-31 21:51 . 2010-03-31 21:51 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
    + 2011-07-07 19:04 . 2011-07-07 19:04 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
    + 2011-07-07 19:01 . 2011-07-07 19:01 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
    - 2010-03-31 21:49 . 2010-03-31 21:49 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
    + 2011-07-07 20:09 . 2011-07-07 20:09 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
    - 2010-03-31 22:32 . 2010-03-31 22:32 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
    + 2011-07-11 21:59 . 2011-07-11 21:59 467456 c:\windows\Installer\e4e126.msi
    + 2010-11-16 20:54 . 2010-11-16 20:54 906240 c:\windows\Installer\beecc.msp
    + 2011-04-17 02:09 . 2011-04-17 02:09 223232 c:\windows\Installer\6afa1ff.msi
    + 2011-02-22 20:53 . 2011-02-22 20:53 356352 c:\windows\Installer\479667.msi
    + 2011-02-22 20:51 . 2011-02-22 20:51 316928 c:\windows\Installer\479658.msi
    + 2011-02-22 20:51 . 2011-02-22 20:51 315392 c:\windows\Installer\479653.msi
    + 2011-02-22 20:51 . 2011-02-22 20:51 356864 c:\windows\Installer\47964e.msi
    + 2011-02-22 20:50 . 2011-02-22 20:50 359424 c:\windows\Installer\479649.msi
    + 2011-02-22 20:50 . 2011-02-22 20:50 316416 c:\windows\Installer\479644.msi
    + 2011-02-22 20:50 . 2011-02-22 20:50 356352 c:\windows\Installer\47963f.msi
    + 2011-02-04 21:46 . 2011-02-04 21:46 811008 c:\windows\Installer\37fe00.msi
    + 2011-03-15 08:56 . 2011-03-15 08:56 569344 c:\windows\Installer\27c611.msi
    + 2011-03-15 08:55 . 2011-03-15 08:55 735744 c:\windows\Installer\27c5f2.msi
    + 2011-07-24 06:31 . 2011-07-24 06:31 223744 c:\windows\Installer\25a877c.msi
    + 2011-01-02 05:32 . 2011-01-02 05:32 279040 c:\windows\Installer\1609306.msi
    + 2011-01-02 05:31 . 2011-01-02 05:31 118784 c:\windows\Installer\1609301.msi
    + 2010-09-24 04:02 . 2010-09-24 04:02 798208 c:\windows\Installer\13c65dd.msp
    + 2011-11-21 22:11 . 2011-11-21 22:11 203776 c:\windows\Installer\11ffe4.msi
    + 2011-11-21 22:11 . 2011-11-21 22:11 901120 c:\windows\Installer\11ffd6.msi
    + 2011-02-04 21:53 . 2011-02-04 21:53 380928 c:\windows\Installer\{AAD47011-8518-4608-9656-951DA35B587B}\iTunesIco.exe
    + 2011-11-14 10:07 . 2011-11-14 10:07 367958 c:\windows\Installer\{98FA0A89-358D-4D39-A666-D4D321A44971}\_A6C7A9421F64EE48E8FBD5.exe
    + 2011-11-14 10:07 . 2011-11-14 10:07 367958 c:\windows\Installer\{98FA0A89-358D-4D39-A666-D4D321A44971}\_853F67D554F05449430E7E.exe
    - 2008-05-25 03:41 . 2010-08-19 09:40 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
    + 2008-05-25 03:41 . 2011-07-24 06:31 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
    + 2008-05-25 03:41 . 2011-07-24 06:31 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
    - 2008-05-25 03:41 . 2010-08-19 09:40 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
    + 2010-09-21 06:07 . 2010-09-21 06:07 338856 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\readerupdater.exe
    + 2010-09-23 01:10 . 2010-09-23 01:10 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\nppdf32.dll
    + 2010-09-11 01:17 . 2010-09-11 01:17 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\JP2KLib.dll
    + 2010-09-23 03:41 . 2010-09-23 03:41 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AdobeCollabSync.exe
    + 2010-09-21 06:07 . 2010-09-21 06:07 932288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\adobearm.exe
    + 2010-09-23 11:47 . 2010-09-23 11:47 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32.exe
    + 2010-09-23 01:04 . 2010-09-23 01:04 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroPDF.dll
    + 2010-09-23 02:39 . 2010-09-23 02:39 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrobroker.exe
    + 2010-09-21 06:07 . 2010-09-21 06:07 338856 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrobatupdater.exe
    + 2010-09-23 01:50 . 2010-09-23 01:50 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\a3dutility.exe
    + 2010-09-21 05:01 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB982664-IE8\updspapi.dll
    + 2010-09-21 05:01 . 2009-05-26 11:40 755576 c:\windows\ie8updates\KB982664-IE8\update.exe
    + 2010-09-21 05:01 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB982664-IE8\spuninst\updspapi.dll
    + 2010-09-21 05:01 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB982664-IE8\spuninst\spuninst.exe
    + 2010-09-21 05:01 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB982664-IE8\spuninst.exe
    + 2010-09-21 05:01 . 2009-03-08 11:34 914944 c:\windows\ie8updates\KB982381-IE8\wininet.dll
    + 2010-09-21 05:01 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\updspapi.dll
    + 2010-09-21 05:01 . 2008-07-08 13:02 755576 c:\windows\ie8updates\KB982381-IE8\update.exe
    - 2010-06-10 21:54 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
    + 2010-09-21 05:01 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
    - 2010-06-10 21:54 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
    + 2010-09-21 05:01 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
    + 2010-09-21 05:01 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst.exe
    + 2010-09-21 05:01 . 2009-03-08 11:34 109568 c:\windows\ie8updates\KB982381-IE8\occache.dll
    + 2010-09-21 05:01 . 2009-03-08 11:32 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
    - 2010-06-10 21:54 . 2010-02-25 06:24 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
    + 2010-09-21 05:01 . 2009-03-08 11:32 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
    - 2010-06-10 21:54 . 2010-02-25 06:24 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
    + 2010-09-21 05:01 . 2009-03-08 11:33 246784 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
    + 2010-09-21 05:01 . 2009-03-08 11:31 183808 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
    + 2010-09-21 05:01 . 2009-03-08 11:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
    - 2010-06-10 21:54 . 2009-03-08 11:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
    + 2010-09-21 05:01 . 2009-03-08 21:09 391536 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
    - 2010-06-10 21:54 . 2010-02-24 09:54 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
    + 2010-09-21 05:01 . 2009-03-08 11:32 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
    + 2010-09-27 10:30 . 2009-03-08 11:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll
    - 2010-04-15 12:11 . 2009-03-08 11:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll
    + 2010-09-27 10:30 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\updspapi.dll
    + 2010-09-27 10:30 . 2009-05-26 11:40 755576 c:\windows\ie8updates\KB981332-IE8\update.exe
    + 2010-09-27 10:30 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll
    - 2010-04-15 12:11 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll
    - 2010-04-15 12:11 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe
    + 2010-09-27 10:30 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe
    + 2010-09-27 10:30 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst.exe
    + 2010-09-27 10:30 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\updspapi.dll
    + 2010-09-27 10:30 . 2008-07-08 13:02 755576 c:\windows\ie8updates\KB976662-IE8\update.exe
    - 2010-02-25 18:39 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
    + 2010-09-27 10:30 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
    - 2010-02-25 18:39 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
    + 2010-09-27 10:30 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
    + 2010-09-27 10:30 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst.exe
    + 2010-09-27 10:30 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
    - 2010-02-25 18:39 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
    + 2010-09-27 10:29 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\updspapi.dll
    + 2010-09-27 10:29 . 2008-07-08 13:02 755576 c:\windows\ie8updates\KB971961-IE8\update.exe
    - 2009-09-10 08:51 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
    + 2010-09-27 10:29 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
    + 2010-09-27 10:29 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
    - 2009-09-10 08:51 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
    + 2010-09-27 10:29 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst.exe
    - 2009-09-10 08:51 . 2009-03-08 11:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
    + 2010-09-27 10:29 . 2009-03-08 11:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
    + 2011-10-31 10:06 . 2011-06-23 18:36 916480 c:\windows\ie8updates\KB2586448-IE8\wininet.dll
    + 2011-10-31 10:06 . 2011-06-23 18:36 105984 c:\windows\ie8updates\KB2586448-IE8\url.dll
    + 2011-10-31 10:06 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2586448-IE8\spuninst\updspapi.dll
    + 2011-10-31 10:06 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2586448-IE8\spuninst\spuninst.exe
    + 2011-10-31 10:06 . 2011-06-23 18:36 206848 c:\windows\ie8updates\KB2586448-IE8\occache.dll
    + 2011-10-31 10:06 . 2011-06-23 18:36 611840 c:\windows\ie8updates\KB2586448-IE8\mstime.dll
    + 2011-10-31 10:06 . 2011-06-23 18:36 602112 c:\windows\ie8updates\KB2586448-IE8\msfeeds.dll
    + 2011-10-31 10:06 . 2011-06-23 18:36 247808 c:\windows\ie8updates\KB2586448-IE8\ieproxy.dll
    + 2011-10-31 10:06 . 2011-06-23 18:36 184320 c:\windows\ie8updates\KB2586448-IE8\iepeers.dll
    + 2011-10-31 10:06 . 2011-06-23 18:36 743424 c:\windows\ie8updates\KB2586448-IE8\iedvtool.dll
    + 2011-10-31 10:06 . 2011-06-23 18:36 387584 c:\windows\ie8updates\KB2586448-IE8\iedkcs32.dll
    + 2011-10-31 10:06 . 2011-06-23 12:05 173568 c:\windows\ie8updates\KB2586448-IE8\ie4uinit.exe
    + 2011-09-30 08:00 . 2011-04-25 16:11 916480 c:\windows\ie8updates\KB2559049-IE8\wininet.dll
    + 2011-09-30 08:00 . 2009-03-08 11:34 105984 c:\windows\ie8updates\KB2559049-IE8\url.dll
    + 2011-09-30 08:00 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2559049-IE8\spuninst\updspapi.dll
    + 2011-09-30 08:00 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2559049-IE8\spuninst\spuninst.exe
    + 2011-09-30 08:00 . 2011-04-25 16:11 206848 c:\windows\ie8updates\KB2559049-IE8\occache.dll
    + 2011-09-30 08:00 . 2011-04-25 16:11 611840 c:\windows\ie8updates\KB2559049-IE8\mstime.dll
    + 2011-09-30 08:00 . 2011-04-25 16:11 602112 c:\windows\ie8updates\KB2559049-IE8\msfeeds.dll
    + 2011-09-30 08:00 . 2011-04-25 16:11 247808 c:\windows\ie8updates\KB2559049-IE8\ieproxy.dll
    + 2011-09-30 08:00 . 2011-04-25 16:11 184320 c:\windows\ie8updates\KB2559049-IE8\iepeers.dll
    + 2011-09-30 08:00 . 2011-04-25 16:11 743424 c:\windows\ie8updates\KB2559049-IE8\iedvtool.dll
    + 2011-09-30 08:00 . 2011-04-25 16:11 387584 c:\windows\ie8updates\KB2559049-IE8\iedkcs32.dll
    + 2011-09-30 08:00 . 2011-04-25 12:01 173568 c:\windows\ie8updates\KB2559049-IE8\ie4uinit.exe
    + 2011-07-11 21:43 . 2009-03-08 11:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll
    + 2011-07-11 21:43 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll
    + 2011-07-11 21:43 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
    + 2011-07-11 21:49 . 2011-02-22 23:06 916480 c:\windows\ie8updates\KB2530548-IE8\wininet.dll
    + 2011-07-11 21:49 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2530548-IE8\spuninst\updspapi.dll
    + 2011-07-11 21:49 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2530548-IE8\spuninst\spuninst.exe
    + 2011-07-11 21:49 . 2011-02-22 23:06 206848 c:\windows\ie8updates\KB2530548-IE8\occache.dll
    + 2011-07-11 21:49 . 2011-02-22 23:06 611840 c:\windows\ie8updates\KB2530548-IE8\mstime.dll
    + 2011-07-11 21:49 . 2011-02-22 23:06 602112 c:\windows\ie8updates\KB2530548-IE8\msfeeds.dll
    + 2011-07-11 21:49 . 2011-02-22 23:06 247808 c:\windows\ie8updates\KB2530548-IE8\ieproxy.dll
    + 2011-07-11 21:49 . 2011-02-22 23:06 184320 c:\windows\ie8updates\KB2530548-IE8\iepeers.dll
    + 2011-07-11 21:49 . 2011-02-22 23:06 743424 c:\windows\ie8updates\KB2530548-IE8\iedvtool.dll
    + 2011-07-11 21:49 . 2011-02-22 23:06 387584 c:\windows\ie8updates\KB2530548-IE8\iedkcs32.dll
    + 2011-07-11 21:49 . 2011-02-18 11:49 173568 c:\windows\ie8updates\KB2530548-IE8\ie4uinit.exe
    + 2011-04-17 02:08 . 2010-03-10 06:15 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
    + 2011-04-17 02:08 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
    + 2011-04-17 02:08 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
    + 2011-04-17 02:08 . 2009-12-09 05:53 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll
    + 2011-04-17 02:29 . 2010-12-20 23:59 916480 c:\windows\ie8updates\KB2497640-IE8\wininet.dll
    + 2011-04-17 02:29 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2497640-IE8\spuninst\updspapi.dll
    + 2011-04-17 02:29 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2497640-IE8\spuninst\spuninst.exe
    + 2011-04-17 02:29 . 2010-12-20 23:59 206848 c:\windows\ie8updates\KB2497640-IE8\occache.dll
    + 2011-04-17 02:29 . 2010-12-20 23:59 611840 c:\windows\ie8updates\KB2497640-IE8\mstime.dll
    + 2011-04-17 02:29 . 2010-12-20 23:59 602112 c:\windows\ie8updates\KB2497640-IE8\msfeeds.dll
    + 2011-04-17 02:29 . 2010-12-20 23:59 247808 c:\windows\ie8updates\KB2497640-IE8\ieproxy.dll
    + 2011-04-17 02:29 . 2010-12-20 23:59 184320 c:\windows\ie8updates\KB2497640-IE8\iepeers.dll
    + 2011-04-17 02:29 . 2010-12-20 23:59 743424 c:\windows\ie8updates\KB2497640-IE8\iedvtool.dll
    + 2011-04-17 02:29 . 2010-12-20 23:59 387584 c:\windows\ie8updates\KB2497640-IE8\iedkcs32.dll
    + 2011-04-17 02:29 . 2010-12-20 12:55 173568 c:\windows\ie8updates\KB2497640-IE8\ie4uinit.exe
    + 2011-02-09 04:04 . 2010-11-06 00:26 916480 c:\windows\ie8updates\KB2482017-IE8\wininet.dll
    + 2011-02-09 04:04 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2482017-IE8\spuninst\updspapi.dll
    + 2011-02-09 04:04 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2482017-IE8\spuninst\spuninst.exe
    + 2011-02-09 04:04 . 2010-11-06 00:26 206848 c:\windows\ie8updates\KB2482017-IE8\occache.dll
    + 2011-02-09 04:04 . 2010-11-06 00:26 611840 c:\windows\ie8updates\KB2482017-IE8\mstime.dll
    + 2011-02-09 04:04 . 2010-11-06 00:26 602112 c:\windows\ie8updates\KB2482017-IE8\msfeeds.dll
    + 2011-02-09 04:04 . 2010-11-06 00:26 247808 c:\windows\ie8updates\KB2482017-IE8\ieproxy.dll
    + 2011-02-09 04:04 . 2010-11-06 00:26 184320 c:\windows\ie8updates\KB2482017-IE8\iepeers.dll
    + 2011-02-09 04:04 . 2010-11-06 00:26 743424 c:\windows\ie8updates\KB2482017-IE8\iedvtool.dll
    + 2011-02-09 04:04 . 2010-11-06 00:26 387584 c:\windows\ie8updates\KB2482017-IE8\iedkcs32.dll
    + 2011-02-09 04:04 . 2010-11-03 12:26 173568 c:\windows\ie8updates\KB2482017-IE8\ie4uinit.exe
    + 2011-07-11 21:05 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB2447568-IE8\spuninst\updspapi.dll
    + 2011-07-11 21:05 . 2010-02-22 14:23 231288 c:\windows\ie8updates\KB2447568-IE8\spuninst\spuninst.exe
    + 2011-01-06 20:39 . 2010-06-24 12:22 916480 c:\windows\ie8updates\KB2416400-IE8\wininet.dll
    + 2011-01-06 20:39 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2416400-IE8\spuninst\updspapi.dll
    + 2011-01-06 20:39 . 2010-02-22 14:23 231288 c:\windows\ie8updates\KB2416400-IE8\spuninst\spuninst.exe
    + 2011-01-06 20:39 . 2010-06-24 12:22 206848 c:\windows\ie8updates\KB2416400-IE8\occache.dll
    + 2011-01-06 20:39 . 2010-06-24 12:22 611840 c:\windows\ie8updates\KB2416400-IE8\mstime.dll
    + 2011-01-06 20:39 . 2010-06-24 12:21 599040 c:\windows\ie8updates\KB2416400-IE8\msfeeds.dll
    + 2011-01-06 20:39 . 2010-06-24 12:21 247808 c:\windows\ie8updates\KB2416400-IE8\ieproxy.dll
    + 2011-01-06 20:39 . 2010-06-24 12:21 184320 c:\windows\ie8updates\KB2416400-IE8\iepeers.dll
    + 2011-01-06 20:39 . 2010-06-24 12:21 743424 c:\windows\ie8updates\KB2416400-IE8\iedvtool.dll
    + 2011-01-06 20:39 . 2010-06-24 12:21 387584 c:\windows\ie8updates\KB2416400-IE8\iedkcs32.dll
    + 2011-01-06 20:39 . 2010-06-23 12:08 173056 c:\windows\ie8updates\KB2416400-IE8\ie4uinit.exe
    + 2010-09-21 05:01 . 2010-05-06 10:41 916480 c:\windows\ie8updates\KB2183461-IE8\wininet.dll
    - 2010-08-19 09:36 . 2010-05-06 10:41 916480 c:\windows\ie8updates\KB2183461-IE8\wininet.dll
    + 2010-09-21 05:02 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB2183461-IE8\updspapi.dll
    + 2010-09-21 05:02 . 2009-05-26 09:01 755576 c:\windows\ie8updates\KB2183461-IE8\update.exe
    + 2010-09-21 05:02 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB2183461-IE8\spuninst\updspapi.dll
    - 2010-08-19 09:36 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB2183461-IE8\spuninst\updspapi.dll
    - 2010-08-19 09:36 . 2009-05-26 09:01 231288 c:\windows\ie8updates\KB2183461-IE8\spuninst\spuninst.exe
    + 2010-09-21 05:02 . 2009-05-26 09:01 231288 c:\windows\ie8updates\KB2183461-IE8\spuninst\spuninst.exe
    + 2010-09-21 05:02 . 2009-05-26 09:01 231288 c:\windows\ie8updates\KB2183461-IE8\spuninst.exe
    + 2010-09-21 05:01 . 2010-05-06 10:41 206848 c:\windows\ie8updates\KB2183461-IE8\occache.dll
    - 2010-08-19 09:36 . 2010-05-06 10:41 206848 c:\windows\ie8updates\KB2183461-IE8\occache.dll
    + 2010-09-21 05:01 . 2010-05-06 10:41 611840 c:\windows\ie8updates\KB2183461-IE8\mstime.dll
    - 2010-08-19 09:36 . 2010-05-06 10:41 611840 c:\windows\ie8updates\KB2183461-IE8\mstime.dll
    + 2010-09-21 05:01 . 2010-05-06 10:41 599040 c:\windows\ie8updates\KB2183461-IE8\msfeeds.dll
    - 2010-08-19 09:36 . 2010-05-06 10:41 599040 c:\windows\ie8updates\KB2183461-IE8\msfeeds.dll
    + 2010-09-21 05:01 . 2010-05-06 10:41 247808 c:\windows\ie8updates\KB2183461-IE8\ieproxy.dll
    - 2010-08-19 09:36 . 2010-05-06 10:41 247808 c:\windows\ie8updates\KB2183461-IE8\ieproxy.dll
    + 2010-09-21 05:01 . 2010-05-06 10:41 184320 c:\windows\ie8updates\KB2183461-IE8\iepeers.dll
    - 2010-08-19 09:36 . 2010-05-06 10:41 184320 c:\windows\ie8updates\KB2183461-IE8\iepeers.dll
    + 2010-09-21 05:01 . 2010-05-06 10:41 743424 c:\windows\ie8updates\KB2183461-IE8\iedvtool.dll
    - 2010-08-19 09:36 . 2010-05-06 10:41 743424 c:\windows\ie8updates\KB2183461-IE8\iedvtool.dll
    + 2010-09-21 05:01 . 2010-05-06 10:41 387584 c:\windows\ie8updates\KB2183461-IE8\iedkcs32.dll
    - 2010-08-19 09:36 . 2010-05-06 10:41 387584 c:\windows\ie8updates\KB2183461-IE8\iedkcs32.dll
    - 2010-08-19 09:36 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2183461-IE8\ie4uinit.exe
    + 2010-09-21 05:01 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2183461-IE8\ie4uinit.exe
    + 2010-09-21 04:59 . 2009-04-29 04:56 827392 c:\windows\ie8\wininet.dll
    - 2009-07-02 08:49 . 2009-04-29 04:56 827392 c:\windows\ie8\wininet.dll
    - 2009-07-02 08:49 . 2006-10-17 20:05 206336 c:\windows\ie8\winfxdocobj.exe
    + 2010-09-21 04:59 . 2006-10-17 20:05 206336 c:\windows\ie8\winfxdocobj.exe
    - 2009-07-02 08:49 . 2009-04-29 04:56 233472 c:\windows\ie8\webcheck.dll
    + 2010-09-21 04:59 . 2009-04-29 04:56 233472 c:\windows\ie8\webcheck.dll
    + 2010-09-21 04:59 . 2007-07-12 23:31 765952 c:\windows\ie8\vgx.dll
    - 2009-07-02 08:49 . 2007-07-12 23:31 765952 c:\windows\ie8\vgx.dll
    + 2010-09-21 04:59 . 2008-05-09 10:53 430080 c:\windows\ie8\vbscript.dll
    - 2009-07-02 08:49 . 2008-05-09 10:53 430080 c:\windows\ie8\vbscript.dll
    - 2009-07-02 08:49 . 2009-04-29 04:56 105984 c:\windows\ie8\url.dll
    + 2010-09-21 04:59 . 2009-04-29 04:56 105984 c:\windows\ie8\url.dll
    + 2010-09-21 05:00 . 2009-01-08 01:21 382496 c:\windows\ie8\spuninst\updspapi.dll
    - 2009-07-02 08:50 . 2009-01-08 01:21 382496 c:\windows\ie8\spuninst\updspapi.dll
    + 2010-09-21 05:00 . 2009-01-08 01:20 231456 c:\windows\ie8\spuninst\spuninst.exe
    - 2009-07-02 08:50 . 2009-01-08 01:20 231456 c:\windows\ie8\spuninst\spuninst.exe
    - 2009-07-02 08:49 . 2006-09-07 00:43 213216 c:\windows\ie8\spuninst.exe
    + 2010-09-21 04:59 . 2006-09-07 00:43 213216 c:\windows\ie8\spuninst.exe
    + 2010-09-21 04:59 . 2009-04-29 04:56 102912 c:\windows\ie8\occache.dll
    - 2009-07-02 08:49 . 2009-04-29 04:56 102912 c:\windows\ie8\occache.dll
    - 2009-07-02 08:49 . 2009-04-29 04:56 671232 c:\windows\ie8\mstime.dll
    + 2010-09-21 04:59 . 2009-04-29 04:56 671232 c:\windows\ie8\mstime.dll
    - 2009-07-02 08:49 . 2009-04-29 04:56 193024 c:\windows\ie8\msrating.dll
    + 2010-09-21 04:59 . 2009-04-29 04:56 193024 c:\windows\ie8\msrating.dll
    - 2009-07-02 08:49 . 2006-11-08 05:03 156160 c:\windows\ie8\msls31.dll
    + 2010-09-21 04:59 . 2006-11-08 05:03 156160 c:\windows\ie8\msls31.dll
    - 2009-07-02 08:49 . 2009-04-29 04:56 477696 c:\windows\ie8\mshtmled.dll
    + 2010-09-21 04:59 . 2009-04-29 04:56 477696 c:\windows\ie8\mshtmled.dll
    + 2010-09-21 04:59 . 2009-04-29 04:55 459264 c:\windows\ie8\msfeeds.dll
    - 2009-07-02 08:49 . 2009-04-29 04:55 459264 c:\windows\ie8\msfeeds.dll
    + 2010-09-21 04:59 . 2008-05-09 10:53 512000 c:\windows\ie8\jscript.dll
    - 2009-07-02 08:49 . 2008-05-09 10:53 512000 c:\windows\ie8\jscript.dll
    + 2010-09-21 04:59 . 2009-04-25 05:27 636088 c:\windows\ie8\iexplore.exe
    - 2009-07-02 08:49 . 2009-04-25 05:27 636088 c:\windows\ie8\iexplore.exe
    - 2009-07-02 08:49 . 2006-11-08 05:03 180736 c:\windows\ie8\ieui.dll
    + 2010-09-21 04:59 . 2006-11-08 05:03 180736 c:\windows\ie8\ieui.dll
    + 2010-09-21 04:59 . 2009-04-29 04:55 268288 c:\windows\ie8\iertutil.dll
    - 2009-07-02 08:49 . 2009-04-29 04:55 268288 c:\windows\ie8\iertutil.dll
    + 2010-09-21 04:59 . 2006-11-08 05:03 287744 c:\windows\ie8\ieproxy.dll
    - 2009-07-02 08:49 . 2006-11-08 05:03 287744 c:\windows\ie8\ieproxy.dll
    + 2010-09-21 04:59 . 2006-11-08 05:03 191488 c:\windows\ie8\iepeers.dll
    - 2009-07-02 08:49 . 2006-11-08 05:03 191488 c:\windows\ie8\iepeers.dll
    + 2010-09-21 04:59 . 2009-04-29 04:55 385024 c:\windows\ie8\iedkcs32.dll
    - 2009-07-02 08:49 . 2009-04-29 04:55 385024 c:\windows\ie8\iedkcs32.dll
    + 2010-09-21 04:59 . 2009-04-29 04:55 383488 c:\windows\ie8\ieapfltr.dll
    - 2009-07-02 08:49 . 2009-04-29 04:55 383488 c:\windows\ie8\ieapfltr.dll
    - 2009-07-02 08:49 . 2009-04-25 05:26 161792 c:\windows\ie8\ieakui.dll
    + 2010-09-21 04:59 . 2009-04-25 05:26 161792 c:\windows\ie8\ieakui.dll
    + 2010-09-21 04:59 . 2009-04-29 04:55 230400 c:\windows\ie8\ieaksie.dll
    - 2009-07-02 08:49 . 2009-04-29 04:55 230400 c:\windows\ie8\ieaksie.dll
    - 2009-07-02 08:49 . 2009-04-29 04:55 153088 c:\windows\ie8\ieakeng.dll
    + 2010-09-21 04:59 . 2009-04-29 04:55 153088 c:\windows\ie8\ieakeng.dll
    - 2009-07-02 08:49 . 2009-04-29 04:55 214528 c:\windows\ie8\dxtrans.dll
    + 2010-09-21 04:59 . 2009-04-29 04:55 214528 c:\windows\ie8\dxtrans.dll
    + 2010-09-21 04:59 . 2009-04-29 04:55 347136 c:\windows\ie8\dxtmsft.dll
    - 2009-07-02 08:49 . 2009-04-29 04:55 347136 c:\windows\ie8\dxtmsft.dll
    - 2009-07-02 08:49 . 2009-04-29 04:55 124928 c:\windows\ie8\advpack.dll
    + 2010-09-21 04:59 . 2009-04-29 04:55 124928 c:\windows\ie8\advpack.dll
    + 2008-11-11 20:48 . 2011-07-15 13:29 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
    + 2011-10-31 10:01 . 2011-10-31 10:01 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_1b249293\System.Drawing.dll
    + 2011-10-31 10:01 . 2011-10-31 10:01 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_c32b9817\System.Drawing.Design.dll
    + 2011-10-31 10:01 . 2011-10-31 10:01 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_43199da1\CustomMarshalers.dll
    + 2011-11-01 06:51 . 2011-11-01 06:51 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\c8627df7adb416722d8e0f05c57fef6b\WsatConfig.ni.exe
    + 2011-11-01 06:51 . 2011-11-01 06:51 626688 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\8d9744364ead927be159ddaca5c73b6a\WindowsLiveLocal.WriterPlugin.ni.dll
    + 2011-11-01 06:50 . 2011-11-01 06:50 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f3247ee4c8974dcb21978a283ca5dd37\WindowsLive.Writer.Interop.ni.dll
    + 2011-11-01 06:50 . 2011-11-01 06:50 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\de41662d8b5a65327eb32e4601b29734\WindowsLive.Writer.Interop.Mshtml.ni.dll
    + 2011-11-01 06:51 . 2011-11-01 06:51 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c3eeef28ef5d1fe19442fb127106e180\WindowsLive.Writer.HtmlEditor.ni.dll
    + 2011-11-01 06:50 . 2011-11-01 06:50 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bb87acb24dd38a2a35c460e960909f26\WindowsLive.Writer.Passport.ni.dll
    + 2011-11-01 06:51 . 2011-11-01 06:51 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b9c42f04581b04b23db07d4d29e47a1d\WindowsLive.Writer.SpellChecker.ni.dll
    + 2011-11-01 06:50 . 2011-11-01 06:50 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\71caec3c513d97567d5196a72ee57ef0\WindowsLive.Writer.BrowserControl.ni.dll
    + 2011-11-01 06:50 . 2011-11-01 06:50 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6adb0eaf9a145a2ba81619e49b1c4480\WindowsLive.Writer.Extensibility.ni.dll
    + 2011-11-01 06:51 . 2011-11-01 06:51 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\599239bb43737ad8063b7e9620a4c16e\WindowsLive.Writer.FileDestinations.ni.dll
    + 2011-11-01 06:50 . 2011-11-01 06:50 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\49ab3a63512d9d028cc4fa800c1c3d2f\WindowsLive.Writer.Localization.ni.dll
    + 2011-11-01 06:50 . 2011-11-01 06:50 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3ae7eae306c355e1efb728fac33b3965\WindowsLive.Writer.Interop.SHDocVw.ni.dll
    + 2011-11-01 06:51 . 2011-11-01 06:51 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1fbb3941992cd85018b7c64a68dce3f8\WindowsLive.Writer.BlogClient.ni.dll
    + 2011-11-01 06:51 . 2011-11-01 06:51 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\14ddbf463c0b9b17f98d8f048777784a\WindowsLive.Writer.Instrumentation.ni.dll
    + 2011-11-01 06:50 . 2011-11-01 06:50 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0c0afa682f30eb3e75011f1c92b04129\WindowsLive.Writer.Controls.ni.dll
    + 2011-11-01 06:50 . 2011-11-01 06:50 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\097baf70e23eed55818deec43d26c44a\WindowsLive.Writer.Mshtml.ni.dll
    + 2011-11-01 06:50 . 2011-11-01 06:50 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\04473507f11eea12b260ab8b2707d423\WindowsLive.Writer.HtmlParser.ni.dll
    + 2011-11-01 06:51 . 2011-11-01 06:51 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\a295b8cfd7c63e29f4972592e2b7ef4b\WindowsLive.Client.ni.dll
    + 2011-10-31 15:55 . 2011-10-31 15:55 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a2c1bb3c5b1447b398e72c56091ca571\WindowsFormsIntegration.ni.dll
    + 2011-10-31 15:55 . 2011-10-31 15:55 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f102afdffdbe2565bcedb7fa0626b865\UIAutomationTypes.ni.dll
    + 2011-10-31 15:55 . 2011-10-31 15:55 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\ba55240b7753047f8d1b03ef473bf74e\UIAutomationClient.ni.dll
    + 2011-11-01 19:59 . 2011-11-01 19:59 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\566b2e11e7f3f6d973b17b86cf42f9bc\System.Xml.Linq.ni.dll
    + 2011-11-01 19:58 . 2011-11-01 19:58 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\3533d614ebecd4344efbee619dd11a74\System.Web.Routing.ni.dll
    + 2011-11-01 06:50 . 2011-11-01 06:50 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\018b6e48c32d5b5d78086998e3505f1c\System.Web.RegularExpressions.ni.dll
    + 2011-11-01 19:58 . 2011-11-01 19:58 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\d93514a764a83b18f6f3547b59cc8ae9\System.Web.Extensions.Design.ni.dll
    + 2011-11-01 19:58 . 2011-11-01 19:58 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\93b5d1b77a74b76ac73cbf51ec871c01\System.Web.Entity.ni.dll
    + 2011-11-01 19:58 . 2011-11-01 19:58 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d06a7d5872bbe85795f947f6c75d38c6\System.Web.Entity.Design.ni.dll
    + 2011-11-01 19:58 . 2011-11-01 19:58 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ad0851438a18bf730d974c9b2f5f776a\System.Web.DynamicData.ni.dll
    + 2011-11-01 19:58 . 2011-11-01 19:58 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\734ab0ea87d7dfd5c583eea535c05878\System.Web.Abstractions.ni.dll
    + 2011-11-01 06:50 . 2011-11-01 06:50 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll
    + 2011-11-01 06:50 . 2011-11-01 06:50 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
    + 2011-11-01 06:50 . 2011-11-01 06:50 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\36c12de583ee81e9c99acb72b09d77ac\System.Security.ni.dll
    + 2011-11-01 06:50 . 2011-11-01 06:50 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\81096bfe85eb0da5f05e8a127ffa43b2\System.Runtime.Serialization.Formatters.Soap.ni.dll
    + 2011-11-01 06:50 . 2011-11-01 06:50 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\36bf3d5f05a40c9e3cadca5789c8a469\System.Runtime.Remoting.ni.dll
    + 2011-11-01 19:58 . 2011-11-01 19:58 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\b2a84980f206431821d85d5155d5916f\System.Net.ni.dll
    + 2011-11-01 19:58 . 2011-11-01 19:58 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
    + 2011-11-01 19:58 . 2011-11-01 19:58 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\f36eded354122da9555a6c7cdbdb5431\System.Management.Instrumentation.ni.dll
    + 2011-11-01 19:58 . 2011-11-01 19:58 250368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\fff9ba9f177c193d8c5ac9bc74d1ff6e\System.Management.Automation.resources.ni.dll
    + 2011-11-01 00:29 . 2011-11-01 00:29 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\20a77c41ee12362d303fb2574fcd5a24\System.IO.Log.ni.dll
    + 2011-11-01 00:29 . 2011-11-01 00:29 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\41c3a2fcffc58b20023c7d54e57ea956\System.IdentityModel.Selectors.ni.dll
    + 2011-11-01 06:50 . 2011-11-01 06:50 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.Wrapper.dll
    + 2011-11-01 06:50 . 2011-11-01 06:50 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.ni.dll
    + 2011-10-31 15:55 . 2011-10-31 15:55 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\896eca06e2d9377b2dc4fad56ce49b07\System.Drawing.Design.ni.dll
    + 2011-11-01 06:50 . 2011-11-01 06:50 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\33e9b0c368c31ef37a2ec7b5a181044b\System.DirectoryServices.Protocols.ni.dll
    + 2011-11-01 19:57 . 2011-11-01 19:57 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\11cdd1c0d65428cd3505d3813d36638c\System.DirectoryServices.AccountManagement.ni.dll
    + 2011-11-01 19:57 . 2011-11-01 19:57 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e5ada332a9bc3c982e6aede6ba354196\System.Data.Services.Client.ni.dll
    + 2011-11-01 19:57 . 2011-11-01 19:57 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3f179f373f31817a914b639a56cc0497\System.Data.Services.Design.ni.dll
    + 2011-11-01 06:54 . 2011-11-01 06:54 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\fee1a48b769a8c4beb335ee5ce006091\System.Data.Entity.Design.ni.dll
    + 2011-11-01 06:53 . 2011-11-01 06:53 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\b9d9ff5d03e90ede1116794f2c7dd6da\System.Data.DataSetExtensions.ni.dll
    + 2011-11-01 06:50 . 2011-11-01 06:50 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
    + 2011-11-01 06:50 . 2011-11-01 06:50 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\29d7091f6eab0ec61c4eb625ed221b73\System.Configuration.Install.ni.dll
    + 2011-11-01 06:53 . 2011-11-01 06:53 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\3048737e9e3bf5173121a084337256bc\System.AddIn.ni.dll
    + 2011-11-01 06:51 . 2011-11-01 06:51 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6e45cf503f025c5fe814ea7e52f62a78\SMSvcHost.ni.exe
    + 2011-11-01 06:51 . 2011-11-01 06:51 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\474a341340f687bcbd7777f2820a8c7a\SMDiagnostics.ni.dll
    + 2011-11-01 06:51 . 2011-11-01 06:51 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\f2df1ca28301bfe7e1d52b86c8394217\ServiceModelReg.ni.exe
    + 2011-10-31 10:17 . 2011-10-31 10:17 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c2ebcc8d60422f224b4088f3d7a2ac1f\PresentationFramework.Luna.ni.dll
    + 2011-10-31 10:17 . 2011-10-31 10:17 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94cfc00ad448575bfb0e67c53b514cd5\PresentationFramework.Aero.ni.dll
    + 2011-10-31 10:17 . 2011-10-31 10:17 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\478d57d96f3d8d5fc15c7ac635a4a6a1\PresentationFramework.Classic.ni.dll
    + 2011-10-31 10:17 . 2011-10-31 10:17 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\23c5852ff8ed973ff9b63ce9ba7f91f0\PresentationFramework.Royale.ni.dll
    + 2011-11-01 06:51 . 2011-11-01 06:51 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\04595f414c49cf2a65b349648ba23e62\MSBuild.ni.exe
    + 2011-11-01 06:53 . 2011-11-01 06:53 508928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\a976a4b51c81150402b0abee38f41ab1\Microsoft.WSMan.Management.ni.dll
    + 2011-11-01 06:51 . 2011-11-01 06:51 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\4cbd7ed9fbf9f1b3cbdf23906cc0f5a3\Microsoft.Transactions.Bridge.Dtc.ni.dll
    + 2011-11-01 06:53 . 2011-11-01 06:53 156160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\df4a7b6bc850621fa2d38fb08f910ef7\Microsoft.PowerShell.Security.ni.dll
    + 2011-11-01 06:52 . 2011-11-01 06:52 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b3d3d76cfc8350587616860fb0f64ccc\Microsoft.PowerShell.ConsoleHost.ni.dll
    + 2011-11-01 06:53 . 2011-11-01 06:53 729600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\6f6b54b6cebab6867dafeb6db1b98ab1\Microsoft.PowerShell.GraphicalHost.ni.dll
    + 2011-11-01 06:52 . 2011-11-01 06:52 737792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\592e4b99037ec91cd4201d1ee28895b7\Microsoft.PowerShell.Commands.Management.ni.dll
    + 2011-11-01 06:52 . 2011-11-01 06:52 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\3a03ec48148fa16aa65fd9ba5df49cb8\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
    + 2011-11-01 06:52 . 2011-11-01 06:52 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\ff6d4892775fd1f9b137f7c92ea453f2\Microsoft.Build.Utilities.ni.dll
    + 2011-11-01 06:52 . 2011-11-01 06:52 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\47ff0720cb80a0fc0bbd15ddc3d12adc\Microsoft.Build.Utilities.v3.5.ni.dll
    + 2011-11-01 06:52 . 2011-11-01 06:52 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\da112c5757e3c68d6369b6aa46cc9682\Microsoft.Build.Engine.ni.dll
    + 2011-11-01 06:52 . 2011-11-01 06:52 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\dc278e1123086ae32fec8f7e9751db14\Microsoft.Build.Conversion.v3.5.ni.dll
    + 2011-11-01 06:51 . 2011-11-01 06:51 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll
    + 2011-11-01 06:51 . 2011-11-01 06:51 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\4e68d5df30b197ff72c75f1c3c24b949\ComSvcConfig.ni.exe
    + 2011-10-31 16:04 . 2011-10-31 16:04 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\e1bcee92f5af50d560d577c0a99ea3bd\AspNetMMCExt.ni.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2011-07-11 21:00 . 2011-07-11 21:00 253952 c:\windows\assembly\GAC_MSIL\System.Management.Automation.resources\1.0.0.0_en_31bf3856ad364e35\System.Management.Automation.resources.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2011-10-31 10:15 . 2011-10-31 10:15 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2011-10-31 10:15 . 2011-10-31 10:15 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2011-10-31 10:15 . 2011-10-31 10:15 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2011-10-31 10:15 . 2011-10-31 10:15 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2011-07-11 21:00 . 2011-07-11 21:00 274432 c:\windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2011-07-11 21:00 . 2011-07-11 21:00 278528 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.GraphicalHost.dll
    + 2011-07-11 21:00 . 2011-07-11 21:00 651264 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.GPowerShell.dll
    + 2011-07-11 21:00 . 2011-07-11 21:00 991232 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Editor\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Editor.dll
    + 2011-07-11 21:00 . 2011-07-11 21:00 200704 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
    + 2011-07-11 21:00 . 2011-07-11 21:00 618496 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
    + 2011-07-11 21:00 . 2011-07-11 21:00 262144 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
    + 2011-07-11 21:00 . 2011-07-11 21:00 102400 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    + 2011-10-31 10:15 . 2011-10-31 10:15 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    - 2004-08-04 06:56 . 2009-11-21 15:51 471552 c:\windows\AppPatch\aclayers.dll
    + 2004-08-04 06:56 . 2011-03-11 14:10 471552 c:\windows\AppPatch\aclayers.dll
    + 2010-09-20 07:17 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB982802$\spuninst\updspapi.dll
    + 2010-09-20 07:17 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB982802$\spuninst\spuninst.exe
    + 2010-09-20 07:17 . 2009-04-15 14:51 585216 c:\windows\$NtUninstallKB982802$\rpcrt4.dll
    + 2011-01-06 20:39 . 2009-10-15 16:28 119808 c:\windows\$NtUninstallKB982132$\t2embed.dll
    + 2011-01-06 20:39 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB982132$\spuninst\updspapi.dll
    + 2011-01-06 20:39 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB982132$\spuninst\spuninst.exe
    + 2010-09-20 07:17 . 2008-04-14 00:12 406016 c:\windows\$NtUninstallKB981322$\usp10.dll
    + 2010-09-20 07:17 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB981322$\spuninst\updspapi.dll
    + 2010-09-20 07:17 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB981322$\spuninst\spuninst.exe
    + 2011-01-06 20:37 . 2008-04-21 12:08 215552 c:\windows\$NtUninstallKB979687$\wordpad.exe
    + 2011-01-06 20:37 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979687$\spuninst\updspapi.dll
    + 2011-01-06 20:37 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB979687$\spuninst\spuninst.exe
    + 2010-09-20 07:19 . 2007-07-28 06:11 382840 c:\windows\$NtUninstallKB975558_WM8$\spuninst\updspapi.dll
    + 2010-09-20 07:19 . 2007-07-28 06:11 231288 c:\windows\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe
    + 2010-09-20 07:19 . 2006-10-19 05:47 317440 c:\windows\$NtUninstallKB975558_WM8$\mp4sdecd.dll
    + 2011-07-11 20:59 . 2008-07-30 02:59 161296 c:\windows\$NtUninstallKB971513$\uiautomationcore.dll
    + 2011-07-11 20:59 . 2009-03-23 17:50 382840 c:\windows\$NtUninstallKB971513$\spuninst\updspapi.dll
    + 2011-07-11 20:59 . 2009-03-23 17:50 231288 c:\windows\$NtUninstallKB971513$\spuninst\spuninst.exe
    + 2011-07-11 20:59 . 2001-08-23 12:00 163328 c:\windows\$NtUninstallKB971513$\oleacc.dll
    + 2011-03-02 10:55 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB971029$\spuninst\updspapi.dll
    + 2011-03-02 10:55 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB971029$\spuninst\spuninst.exe
    + 2011-03-02 10:55 . 2008-04-14 00:12 135168 c:\windows\$NtUninstallKB971029$\shsvcs.dll
    + 2011-09-30 08:03 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2616676-v2$\spuninst\updspapi.dll
    + 2011-09-30 08:03 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2616676-v2$\spuninst\spuninst.exe
    + 2011-09-30 08:03 . 2008-04-14 00:11 599040 c:\windows\$NtUninstallKB2616676-v2$\crypt32.dll
    + 2011-09-30 08:03 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2570947$\spuninst\updspapi.dll
    + 2011-09-30 08:03 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2570947$\spuninst\spuninst.exe
    + 2011-09-30 08:08 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2570791$\spuninst\updspapi.dll
    + 2011-09-30 08:08 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2570791$\spuninst\spuninst.exe
    + 2011-09-30 08:03 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2570222$\spuninst\updspapi.dll
    + 2011-09-30 08:03 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2570222$\spuninst\spuninst.exe
    + 2011-09-30 08:03 . 2008-04-14 00:13 139656 c:\windows\$NtUninstallKB2570222$\rdpwd.sys
    + 2011-09-30 08:04 . 2011-04-26 11:07 293376 c:\windows\$NtUninstallKB2567680$\winsrv.dll
    + 2011-09-30 08:04 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2567680$\spuninst\updspapi.dll
    + 2011-09-30 08:04 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2567680$\spuninst\spuninst.exe
    + 2011-09-30 07:59 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2566454$\spuninst\updspapi.dll
    + 2011-09-30 07:59 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2566454$\spuninst\spuninst.exe
    + 2011-09-30 07:59 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2562937$\spuninst\updspapi.dll
    + 2011-09-30 07:59 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2562937$\spuninst\spuninst.exe
    + 2011-07-24 06:28 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2555917$\spuninst\updspapi.dll
    + 2011-07-24 06:28 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2555917$\spuninst\spuninst.exe
    + 2011-07-11 21:14 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2544893$\spuninst\updspapi.dll
    + 2011-07-11 21:14 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2544893$\spuninst\spuninst.exe
    + 2011-07-11 21:14 . 2011-03-07 05:33 692736 c:\windows\$NtUninstallKB2544893$\inetcomm.dll
    + 2011-07-11 22:09 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2541763$\spuninst\updspapi.dll
    + 2011-07-11 22:09 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2541763$\spuninst\spuninst.exe
    + 2011-07-11 22:09 . 2010-06-30 12:31 149504 c:\windows\$NtUninstallKB2541763$\schannel.dll
    + 2011-07-11 21:23 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2536276$\spuninst\updspapi.dll
    + 2011-07-11 21:23 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2536276$\spuninst\spuninst.exe
    + 2011-07-11 21:23 . 2011-02-17 13:18 455936 c:\windows\$NtUninstallKB2536276$\mrxsmb.sys
    + 2011-09-30 08:04 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2536276-v2$\spuninst\updspapi.dll
    + 2011-09-30 08:04 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2536276-v2$\spuninst\spuninst.exe
    + 2011-09-30 08:04 . 2011-04-29 16:19 456320 c:\windows\$NtUninstallKB2536276-v2$\mrxsmb.sys
    + 2011-07-11 21:19 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2535512$\spuninst\updspapi.dll
    + 2011-07-11 21:19 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2535512$\spuninst\spuninst.exe
    + 2011-07-11 21:19 . 2008-04-13 19:17 105344 c:\windows\$NtUninstallKB2535512$\mup.sys
    + 2011-04-02 00:26 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2524375$\spuninst\updspapi.dll
    + 2011-04-02 00:26 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2524375$\spuninst\spuninst.exe
    + 2011-04-17 02:16 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2511455$\spuninst\updspapi.dll
    + 2011-04-17 02:16 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2511455$\spuninst\spuninst.exe
    + 2011-04-17 02:16 . 2010-02-24 13:11 455680 c:\windows\$NtUninstallKB2511455$\mrxsmb.sys
    + 2011-04-17 02:08 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2509553$\spuninst\updspapi.dll
    + 2011-04-17 02:08 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2509553$\spuninst\spuninst.exe
    + 2011-04-17 02:08 . 2008-06-20 17:46 245248 c:\windows\$NtUninstallKB2509553$\mswsock.dll
    + 2011-04-17 02:08 . 2008-06-20 17:46 147968 c:\windows\$NtUninstallKB2509553$\dnsapi.dll
    + 2011-04-17 02:08 . 2008-08-14 10:04 138496 c:\windows\$NtUninstallKB2509553$\afd.sys
    + 2011-04-17 02:18 . 2010-08-26 13:39 357248 c:\windows\$NtUninstallKB2508429$\srv.sys
    + 2011-04-17 02:18 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2508429$\spuninst\updspapi.dll
    + 2011-04-17 02:18 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2508429$\spuninst\spuninst.exe
    + 2011-04-17 02:19 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2508272$\spuninst\updspapi.dll
    + 2011-04-17 02:19 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2508272$\spuninst\spuninst.exe
    + 2011-07-24 06:30 . 2010-06-18 17:45 293376 c:\windows\$NtUninstallKB2507938$\winsrv.dll
    + 2011-07-24 06:30 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2507938$\spuninst\updspapi.dll
    + 2011-07-24 06:30 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2507938$\spuninst\spuninst.exe
    + 2011-04-17 02:19 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2507618$\spuninst\updspapi.dll
    + 2011-04-17 02:19 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2507618$\spuninst\spuninst.exe
    + 2011-04-17 02:19 . 2011-01-07 14:09 290048 c:\windows\$NtUninstallKB2507618$\atmfd.dll
    + 2011-04-17 02:33 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2506223$\spuninst\updspapi.dll
    + 2011-04-17 02:33 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2506223$\spuninst\spuninst.exe
    + 2011-04-17 02:16 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2506212$\spuninst\updspapi.dll
    + 2011-04-17 02:16 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2506212$\spuninst\spuninst.exe
    + 2011-04-17 02:15 . 2010-09-18 20:23 974848 c:\windows\$NtUninstallKB2506212$\mfc42u.dll
    + 2011-04-17 02:15 . 2010-09-18 06:53 974848 c:\windows\$NtUninstallKB2506212$\mfc42.dll
    + 2011-07-11 21:39 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2503665$\spuninst\updspapi.dll
    + 2011-07-11 21:39 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2503665$\spuninst\spuninst.exe
    + 2011-07-11 21:39 . 2008-10-16 14:43 138496 c:\windows\$NtUninstallKB2503665$\afd.sys
    + 2011-04-17 02:19 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2503658$\spuninst\updspapi.dll
    + 2011-04-17 02:19 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2503658$\spuninst\spuninst.exe
    + 2011-04-17 02:19 . 2010-06-09 07:43 692736 c:\windows\$NtUninstallKB2503658$\inetcomm.dll
    + 2011-07-11 21:10 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2492386$\spuninst\updspapi.dll
    + 2011-07-11 21:10 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2492386$\spuninst\spuninst.exe
    + 2011-07-11 21:10 . 2009-11-21 15:51 471552 c:\windows\$NtUninstallKB2492386$\aclayers.dll
    + 2011-04-17 02:37 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2491683$\spuninst\updspapi.dll
    + 2011-04-17 02:37 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2491683$\spuninst\spuninst.exe
    + 2011-04-17 02:37 . 2008-04-14 00:12 229376 c:\windows\$NtUninstallKB2491683$\fxscover.exe
    + 2011-04-17 02:35 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2485663$\spuninst\updspapi.dll
    + 2011-04-17 02:35 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2485663$\spuninst\spuninst.exe
    + 2011-02-09 04:07 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2485376$\spuninst\updspapi.dll
    + 2011-02-09 04:07 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2485376$\spuninst\spuninst.exe
    + 2011-02-09 04:07 . 2010-10-28 13:13 290048 c:\windows\$NtUninstallKB2485376$\atmfd.dll
    + 2011-02-09 04:07 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2483185$\spuninst\updspapi.dll
    + 2011-02-09 04:07 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2483185$\spuninst\spuninst.exe
    + 2011-02-09 04:07 . 2008-04-14 00:12 438272 c:\windows\$NtUninstallKB2483185$\shimgvw.dll
    + 2011-03-31 22:42 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2481109$\spuninst\updspapi.dll
    + 2011-03-31 22:42 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2481109$\spuninst\spuninst.exe
    + 2011-03-31 22:42 . 2008-04-14 00:12 677888 c:\windows\$NtUninstallKB2481109$\mstsc.exe
    + 2011-03-31 22:48 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2479943$\spuninst\updspapi.dll
    + 2011-03-31 22:48 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2479943$\spuninst\spuninst.exe
    + 2011-03-31 22:48 . 2008-04-14 00:12 270848 c:\windows\$NtUninstallKB2479943$\sbe.dll
    + 2011-03-31 22:48 . 2008-04-14 00:11 186880 c:\windows\$NtUninstallKB2479943$\encdec.dll
    + 2011-02-09 04:07 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2479628$\spuninst\updspapi.dll
    + 2011-02-09 04:07 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2479628$\spuninst\spuninst.exe
    + 2011-02-09 04:08 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2478971$\spuninst\updspapi.dll
    + 2011-02-09 04:08 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2478971$\spuninst\spuninst.exe
    + 2011-02-09 04:08 . 2009-06-25 08:25 301568 c:\windows\$NtUninstallKB2478971$\kerberos.dll
    + 2011-02-09 04:03 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2478960$\spuninst\updspapi.dll
    + 2011-02-09 04:03 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2478960$\spuninst\spuninst.exe
    + 2011-02-09 04:03 . 2009-06-25 08:25 730112 c:\windows\$NtUninstallKB2478960$\lsasrv.dll
    + 2011-02-09 04:03 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2476687$\spuninst\updspapi.dll
    + 2011-02-09 04:03 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2476687$\spuninst\spuninst.exe
    + 2011-07-11 21:33 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2476490$\spuninst\updspapi.dll
    + 2011-07-11 21:33 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2476490$\spuninst\spuninst.exe
    + 2011-07-11 21:33 . 2008-04-14 00:12 551936 c:\windows\$NtUninstallKB2476490$\oleaut32.dll
    + 2011-01-06 20:37 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2467659$\spuninst\updspapi.dll
    + 2011-01-06 20:37 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2467659$\spuninst\spuninst.exe
    + 2011-01-06 20:37 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2443685$\spuninst\updspapi.dll
    + 2011-01-06 20:37 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2443685$\spuninst\spuninst.exe
    + 2011-01-06 20:40 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2443105$\spuninst\updspapi.dll
    + 2011-01-06 20:40 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2443105$\spuninst\spuninst.exe
    + 2011-01-06 20:39 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2440591$\spuninst\updspapi.dll
    + 2011-01-06 20:39 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2440591$\spuninst\spuninst.exe
    + 2011-01-06 20:37 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2436673$\spuninst\updspapi.dll
    + 2011-01-06 20:37 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2436673$\spuninst\spuninst.exe
    + 2011-01-06 20:33 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2423089$\spuninst\updspapi.dll
    + 2011-01-06 20:33 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2423089$\spuninst\spuninst.exe
    + 2011-01-12 10:40 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2419632$\spuninst\updspapi.dll
    + 2011-01-12 10:40 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2419632$\spuninst\spuninst.exe
    + 2011-01-12 10:40 . 2008-04-14 00:12 249856 c:\windows\$NtUninstallKB2419632$\odbc32.dll
    + 2011-01-12 10:40 . 2008-04-14 00:12 102400 c:\windows\$NtUninstallKB2419632$\msjro.dll
    + 2011-01-12 10:40 . 2008-04-14 00:11 200704 c:\windows\$NtUninstallKB2419632$\msadox.dll
    + 2011-01-12 10:40 . 2008-04-14 00:11 180224 c:\windows\$NtUninstallKB2419632$\msadomd.dll
    + 2011-01-12 10:40 . 2008-04-14 00:11 536576 c:\windows\$NtUninstallKB2419632$\msado15.dll
    + 2011-01-12 10:40 . 2008-04-14 00:11 143360 c:\windows\$NtUninstallKB2419632$\msadco.dll
    + 2011-04-17 02:24 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2412687$\spuninst\updspapi.dll
    + 2011-04-17 02:24 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2412687$\spuninst\spuninst.exe
    + 2011-02-09 04:03 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2393802$\spuninst\updspapi.dll
    + 2011-02-09 04:03 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2393802$\spuninst\spuninst.exe
    + 2011-02-09 04:03 . 2009-02-09 12:10 714752 c:\windows\$NtUninstallKB2393802$\ntdll.dll
    + 2011-01-06 20:41 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2387149$\spuninst\updspapi.dll
    + 2011-01-06 20:41 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2387149$\spuninst\spuninst.exe
    + 2011-01-06 20:41 . 2006-10-14 08:13 981760 c:\windows\$NtUninstallKB2387149$\mfc42u.dll
    + 2011-01-06 20:41 . 2008-04-14 00:11 927504 c:\windows\$NtUninstallKB2387149$\mfc40u.dll
    + 2011-01-06 20:41 . 2001-08-23 12:00 924432 c:\windows\$NtUninstallKB2387149$\mfc40.dll
    + 2011-01-06 20:41 . 2007-07-28 07:11 382840 c:\windows\$NtUninstallKB2378111_WM9$\spuninst\updspapi.dll
    + 2011-01-06 20:41 . 2007-07-28 07:11 231288 c:\windows\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe
    + 2011-01-06 20:31 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2360937$\spuninst\updspapi.dll
    + 2011-01-06 20:31 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2360937$\spuninst\spuninst.exe
    + 2011-01-06 20:31 . 2010-07-22 15:49 590848 c:\windows\$NtUninstallKB2360937$\rpcrt4.dll
    + 2010-09-20 07:18 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2347290$\spuninst\updspapi.dll
    + 2010-09-20 07:18 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2347290$\spuninst\spuninst.exe
    + 2011-01-06 20:41 . 2010-06-21 15:27 354304 c:\windows\$NtUninstallKB2345886$\srv.sys
    + 2011-01-06 20:41 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2345886$\spuninst\updspapi.dll
    + 2011-01-06 20:41 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2345886$\spuninst\spuninst.exe
    + 2011-01-06 20:41 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2296199$\spuninst\updspapi.dll
    + 2011-01-06 20:41 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2296199$\spuninst\spuninst.exe
    + 2011-01-06 20:41 . 2010-04-20 05:30 285696 c:\windows\$NtUninstallKB2296199$\atmfd.dll
    + 2011-01-06 20:41 . 2009-05-26 09:01 382840 c:\windows\$NtUninstallKB2296011$\spuninst\updspapi.dll
    + 2011-01-06 20:41 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB2296011$\spuninst\spuninst.exe
    + 2011-01-06 20:41 . 2008-04-14 00:11 617472 c:\windows\$NtUninstallKB2296011$\comctl32.dll
    + 2010-09-20 07:19 . 2009-05-26 09:01 382840 c:\windows\$NtUninstallKB2259922$\spuninst\updspapi.dll
    + 2010-09-20 07:19 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB2259922$\spuninst\spuninst.exe
    + 2010-10-08 02:03 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2158563$\spuninst\updspapi.dll
    + 2010-10-08 02:03 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2158563$\spuninst\spuninst.exe
    + 2010-09-20 07:14 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2141007$\spuninst\updspapi.dll
    + 2010-09-20 07:14 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2141007$\spuninst\spuninst.exe
    + 2010-09-20 07:14 . 2010-01-29 15:01 691712 c:\windows\$NtUninstallKB2141007$\inetcomm.dll
    + 2010-09-20 07:18 . 2008-04-14 00:12 293376 c:\windows\$NtUninstallKB2121546$\winsrv.dll
    + 2010-09-20 07:18 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2121546$\spuninst\updspapi.dll
    + 2010-09-20 07:18 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2121546$\spuninst\spuninst.exe
    + 2010-09-20 07:17 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB982802\update\updspapi.dll
    + 2010-09-20 07:17 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB982802\update\update.exe
    + 2010-09-20 07:17 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB982802\spuninst.exe
    + 2010-07-23 06:13 . 2010-07-23 06:13 590848 c:\windows\$hf_mig$\KB982802\SP3QFE\rpcrt4.dll
    + 2010-09-21 04:41 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB982664-IE8\update\updspapi.dll
    + 2010-09-21 04:41 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB982664-IE8\update\update.exe
    + 2010-09-21 04:41 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB982664-IE8\spuninst.exe
    + 2011-01-06 20:39 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB982132\update\updspapi.dll
    + 2011-01-06 20:39 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB982132\update\update.exe
    + 2011-01-06 20:39 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB982132\spuninst.exe
    + 2010-08-27 08:01 . 2010-08-27 08:01 119808 c:\windows\$hf_mig$\KB982132\SP3QFE\t2embed.dll
    + 2010-09-20 07:17 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB981322\update\updspapi.dll
    + 2010-09-20 07:17 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB981322\update\update.exe
    + 2010-09-20 07:17 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB981322\spuninst.exe
    + 2010-04-16 15:29 . 2010-04-16 15:29 406016 c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
    + 2011-01-06 20:37 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB979687\update\updspapi.dll
    + 2011-01-06 20:37 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB979687\update\update.exe
    + 2011-01-06 20:37 . 2009-05-26 09:01 231288 c:\windows\$hf_mig$\KB979687\spuninst.exe
    + 2010-07-12 13:02 . 2010-07-12 13:02 218112 c:\windows\$hf_mig$\KB979687\SP3QFE\wordpad.exe
    + 2011-03-02 10:55 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB971029\update\updspapi.dll
    + 2011-03-02 10:55 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB971029\update\update.exe
    + 2011-03-02 10:55 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971029\spuninst.exe
    + 2009-07-27 22:13 . 2009-07-27 22:13 135168 c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
    + 2011-09-30 08:03 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2616676-v2\update\updspapi.dll
    + 2011-09-30 08:03 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2616676-v2\update\update.exe
    + 2011-09-30 08:03 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2616676-v2\spuninst.exe
    + 2011-09-09 09:11 . 2011-09-09 09:11 599552 c:\windows\$hf_mig$\KB2616676-v2\SP3QFE\crypt32.dll
    + 2011-09-30 08:03 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2570947\update\updspapi.dll
    + 2011-09-30 08:03 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2570947\update\update.exe
    + 2011-09-30 08:03 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2570947\spuninst.exe
    + 2011-09-30 08:03 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2570222\update\updspapi.dll
    + 2011-09-30 08:03 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2570222\update\update.exe
    + 2011-09-30 08:03 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2570222\spuninst.exe
    + 2011-09-29 19:26 . 2011-06-24 14:09 139656 c:\windows\$hf_mig$\KB2570222\SP3QFE\rdpwd.sys
    + 2011-09-30 08:04 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2567680\update\updspapi.dll
    + 2011-09-30 08:04 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2567680\update\update.exe
    + 2011-09-30 08:04 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2567680\spuninst.exe
    + 2011-06-20 17:43 . 2011-06-20 17:43 293376 c:\windows\$hf_mig$\KB2567680\SP3QFE\winsrv.dll
    + 2011-09-30 07:59 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2566454\update\updspapi.dll
    + 2011-09-30 07:59 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2566454\update\update.exe
    + 2011-09-30 07:59 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2566454\spuninst.exe
    + 2011-09-30 07:59 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2562937\update\updspapi.dll
    + 2011-09-30 07:59 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2562937\update\update.exe
    + 2011-09-30 07:59 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2562937\spuninst.exe
    + 2011-09-30 08:00 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2559049-IE8\update\updspapi.dll
    + 2011-09-30 08:00 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2559049-IE8\update\update.exe
    + 2011-09-30 08:00 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2559049-IE8\spuninst.exe
    + 2011-09-29 19:25 . 2011-06-23 18:33 919552 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\wininet.dll
    + 2011-09-29 19:25 . 2011-06-23 18:33 105984 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\url.dll
    + 2011-09-29 19:25 . 2011-06-23 18:33 206848 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\occache.dll
    + 2011-09-29 19:25 . 2011-06-23 18:33 611840 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mstime.dll
    + 2011-09-29 19:25 . 2011-06-23 18:33 602112 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\msfeeds.dll
    + 2011-09-29 19:25 . 2011-06-23 18:33 247808 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\ieproxy.dll
    + 2011-09-29 19:25 . 2011-06-23 18:33 184320 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\iepeers.dll
    + 2011-09-29 19:25 . 2011-06-23 18:33 743424 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\iedvtool.dll
    + 2011-09-29 19:25 . 2011-06-23 18:33 387584 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\iedkcs32.dll
    + 2011-09-29 19:25 . 2011-06-23 12:19 173568 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\ie4uinit.exe
    + 2011-07-24 06:28 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2555917\update\updspapi.dll
    + 2011-07-24 06:28 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2555917\update\update.exe
    + 2011-07-24 06:28 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2555917\spuninst.exe
    + 2011-07-11 21:15 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2544893\update\updspapi.dll
    + 2011-07-11 21:15 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2544893\update\update.exe
    + 2011-07-11 21:15 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2544893\spuninst.exe
    + 2011-07-11 21:11 . 2011-05-02 15:30 692736 c:\windows\$hf_mig$\KB2544893\SP3QFE\inetcomm.dll
    + 2011-07-11 21:44 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2544521-IE8\update\updspapi.dll
    + 2011-07-11 21:44 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2544521-IE8\update\update.exe
    + 2011-07-11 21:44 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2544521-IE8\spuninst.exe
    + 2011-07-11 21:39 . 2011-04-30 02:59 758784 c:\windows\$hf_mig$\KB2544521-IE8\SP3QFE\vgx.dll
    + 2011-07-11 22:09 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2541763\update\updspapi.dll
    + 2011-07-11 22:09 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2541763\update\update.exe
    + 2011-07-11 22:09 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2541763\spuninst.exe
    + 2011-07-11 22:05 . 2011-04-29 17:23 151552 c:\windows\$hf_mig$\KB2541763\SP3QFE\schannel.dll
    + 2011-07-11 21:24 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2536276\update\updspapi.dll
    + 2011-07-11 21:24 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2536276\update\update.exe
    + 2011-07-11 21:24 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2536276\spuninst.exe
    + 2011-07-11 21:19 . 2011-04-29 16:47 457856 c:\windows\$hf_mig$\KB2536276\SP3QFE\mrxsmb.sys
    + 2011-09-30 08:04 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2536276-v2\update\updspapi.dll
    + 2011-09-30 08:04 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2536276-v2\update\update.exe
    + 2011-09-30 08:04 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2536276-v2\spuninst.exe
    + 2011-09-29 19:26 . 2011-07-15 13:29 457856 c:\windows\$hf_mig$\KB2536276-v2\SP3QFE\mrxsmb.sys
    + 2011-07-11 21:19 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2535512\update\updspapi.dll
    + 2011-07-11 21:19 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2535512\update\update.exe
    + 2011-07-11 21:19 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2535512\spuninst.exe
    + 2011-07-11 21:15 . 2011-04-21 13:52 105472 c:\windows\$hf_mig$\KB2535512\SP3QFE\mup.sys
    + 2011-07-11 21:49 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2530548-IE8\update\updspapi.dll
    + 2011-07-11 21:49 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2530548-IE8\update\update.exe
    + 2011-07-11 21:49 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2530548-IE8\spuninst.exe
    + 2011-07-11 21:44 . 2011-04-25 16:09 919552 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\wininet.dll
    + 2011-07-11 21:44 . 2011-04-25 16:09 206848 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\occache.dll
    + 2011-07-11 21:44 . 2011-04-25 16:09 611840 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\mstime.dll
    + 2011-07-11 21:44 . 2011-04-25 16:09 602112 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\msfeeds.dll
    + 2011-07-11 21:44 . 2011-04-25 16:09 247808 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\ieproxy.dll
    + 2011-07-11 21:44 . 2011-04-25 16:09 184320 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\iepeers.dll
    + 2011-07-11 21:44 . 2011-04-25 16:09 743424 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\iedvtool.dll
    + 2011-07-11 21:44 . 2011-04-25 16:09 387584 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\iedkcs32.dll
    + 2011-07-11 21:44 . 2011-04-25 11:37 173568 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\ie4uinit.exe
    + 2011-04-02 00:26 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2524375\update\updspapi.dll
    + 2011-04-02 00:26 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2524375\update\update.exe
    + 2011-04-02 00:26 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2524375\spuninst.exe
    + 2011-04-17 02:16 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2511455\update\updspapi.dll
    + 2011-04-17 02:16 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2511455\update\update.exe
    + 2011-04-17 02:16 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2511455\spuninst.exe
    + 2011-04-15 19:03 . 2011-02-17 13:19 457472 c:\windows\$hf_mig$\KB2511455\SP3QFE\mrxsmb.sys
    + 2011-04-17 02:08 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2510531-IE8\update\updspapi.dll
    + 2011-04-17 02:08 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2510531-IE8\update\update.exe
    + 2011-04-17 02:08 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2510531-IE8\spuninst.exe
    + 2011-04-15 19:02 . 2011-03-04 06:35 420864 c:\windows\$hf_mig$\KB2510531-IE8\SP3QFE\vbscript.dll
    + 2011-04-15 19:02 . 2011-03-04 06:35 726528 c:\windows\$hf_mig$\KB2510531-IE8\SP3QFE\jscript.dll
    + 2011-04-17 02:08 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2509553\update\updspapi.dll
    + 2011-04-17 02:08 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2509553\update\update.exe
    + 2011-04-17 02:08 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2509553\spuninst.exe
    + 2008-06-20 11:16 . 2008-06-20 11:16 225856 c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip6.sys
    + 2008-06-20 11:59 . 2008-06-20 11:59 361600 c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
    + 2008-06-20 17:43 . 2008-06-20 17:43 245248 c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
    + 2011-03-03 06:53 . 2011-03-03 06:53 149504 c:\windows\$hf_mig$\KB2509553\SP3QFE\dnsapi.dll
    + 2008-10-16 15:07 . 2008-10-16 15:07 138496 c:\windows\$hf_mig$\KB2509553\SP3QFE\afd.sys
    + 2011-04-17 02:18 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2508429\update\updspapi.dll
    + 2011-04-17 02:18 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2508429\update\update.exe
    + 2011-04-17 02:18 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2508429\spuninst.exe
    + 2011-02-17 13:19 . 2011-02-17 13:19 357888 c:\windows\$hf_mig$\KB2508429\SP3QFE\srv.sys
    + 2011-04-17 02:19 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2508272\update\updspapi.dll
    + 2011-04-17 02:19 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2508272\update\update.exe
    + 2011-04-17 02:19 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2508272\spuninst.exe
    + 2011-07-24 06:31 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2507938\update\updspapi.dll
    + 2011-07-24 06:31 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2507938\update\update.exe
    + 2011-07-24 06:31 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2507938\spuninst.exe
    + 2011-04-26 11:02 . 2011-04-26 11:02 293376 c:\windows\$hf_mig$\KB2507938\SP3QFE\winsrv.dll
    + 2011-04-17 02:19 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2507618\update\updspapi.dll
    + 2011-04-17 02:19 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2507618\update\update.exe
    + 2011-04-17 02:19 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2507618\spuninst.exe
    + 2011-02-15 13:05 . 2011-02-15 13:05 290432 c:\windows\$hf_mig$\KB2507618\SP3QFE\atmfd.dll
    + 2011-04-17 02:33 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2506223\update\updspapi.dll
    + 2011-04-17 02:33 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2506223\update\update.exe
    + 2011-04-17 02:33 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2506223\spuninst.exe
    + 2011-04-17 02:16 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2506212\update\updspapi.dll
    + 2011-04-17 02:16 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2506212\update\update.exe
    + 2011-04-17 02:16 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2506212\spuninst.exe
    + 2011-02-08 13:32 . 2011-02-08 13:32 974848 c:\windows\$hf_mig$\KB2506212\SP3QFE\mfc42u.dll
    + 2011-02-08 13:32 . 2011-02-08 13:32 978944 c:\windows\$hf_mig$\KB2506212\SP3QFE\mfc42.dll
    + 2011-07-11 21:39 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2503665\update\updspapi.dll
    + 2011-07-11 21:39 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2503665\update\update.exe
    + 2011-07-11 21:39 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2503665\spuninst.exe
    + 2011-07-11 21:34 . 2011-02-16 13:25 138496 c:\windows\$hf_mig$\KB2503665\SP3QFE\afd.sys
    + 2011-04-17 02:19 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2503658\update\updspapi.dll
    + 2011-04-17 02:19 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2503658\update\update.exe
    + 2011-04-17 02:19 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2503658\spuninst.exe
    + 2011-03-07 05:31 . 2011-03-07 05:31 692736 c:\windows\$hf_mig$\KB2503658\SP3QFE\inetcomm.dll
    + 2011-04-17 02:29 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2497640-IE8\update\updspapi.dll
    + 2011-04-17 02:29 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2497640-IE8\update\update.exe
    + 2011-04-17 02:29 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2497640-IE8\spuninst.exe
    + 2011-04-15 19:03 . 2011-02-22 23:27 919552 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\wininet.dll
    + 2011-04-15 19:03 . 2011-02-22 23:27 206848 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\occache.dll
    + 2011-04-15 19:03 . 2011-02-22 23:27 611840 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\mstime.dll
    + 2011-04-15 19:03 . 2011-02-22 23:27 602112 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\msfeeds.dll
    + 2011-04-15 19:03 . 2011-02-22 23:27 247808 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\ieproxy.dll
    + 2011-04-15 19:03 . 2011-02-22 23:27 184320 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\iepeers.dll
    + 2011-04-15 19:03 . 2011-02-22 23:27 743424 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\iedvtool.dll
    + 2011-04-15 19:03 . 2011-02-22 23:27 387584 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\iedkcs32.dll
    + 2011-04-15 19:03 . 2011-02-22 12:08 173568 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\ie4uinit.exe
    + 2011-07-11 21:10 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2492386\update\updspapi.dll
    + 2011-07-11 21:10 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2492386\update\update.exe
    + 2011-07-11 21:10 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2492386\spuninst.exe
    + 2011-07-11 21:06 . 2011-03-11 14:09 471552 c:\windows\$hf_mig$\KB2492386\SP3QFE\aclayers.dll
    + 2011-04-17 02:37 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2491683\update\updspapi.dll
    + 2011-04-17 02:37 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2491683\update\update.exe
    + 2011-04-17 02:37 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2491683\spuninst.exe
    + 2011-02-11 13:22 . 2011-02-11 13:22 229888 c:\windows\$hf_mig$\KB2491683\SP3QFE\fxscover.exe
    + 2011-04-17 02:35 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2485663\update\updspapi.dll
    + 2011-04-17 02:35 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2485663\update\update.exe
    + 2011-04-17 02:35 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2485663\spuninst.exe
    + 2011-02-09 04:07 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2485376\update\updspapi.dll
    + 2011-02-09 04:07 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2485376\update\update.exe
    + 2011-02-09 04:07 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2485376\spuninst.exe
    + 2011-01-07 14:09 . 2011-01-07 14:09 290048 c:\windows\$hf_mig$\KB2485376\SP3QFE\atmfd.dll
    + 2011-02-09 04:07 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2483185\update\updspapi.dll
    + 2011-02-09 04:07 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2483185\update\update.exe
    + 2011-02-09 04:07 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2483185\spuninst.exe
    + 2011-01-21 14:42 . 2011-01-21 14:42 439808 c:\windows\$hf_mig$\KB2483185\SP3QFE\shimgvw.dll
    + 2011-02-09 04:04 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2482017-IE8\update\updspapi.dll
    + 2011-02-09 04:04 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2482017-IE8\update\update.exe
    + 2011-02-09 04:04 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2482017-IE8\spuninst.exe
    + 2011-02-09 03:57 . 2010-12-20 23:58 919552 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\wininet.dll
    + 2011-02-09 03:58 . 2010-12-20 23:58 206848 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\occache.dll
    + 2011-02-09 03:58 . 2010-12-20 23:58 611840 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mstime.dll
    + 2011-02-09 03:57 . 2010-12-20 23:58 602112 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\msfeeds.dll
    + 2011-02-09 03:58 . 2010-12-20 23:58 247808 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\ieproxy.dll
    + 2011-02-09 03:58 . 2010-12-20 23:58 184320 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iepeers.dll
    + 2011-02-09 03:57 . 2010-12-20 23:58 743424 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iedvtool.dll
    + 2011-02-09 03:57 . 2010-12-20 23:58 387584 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iedkcs32.dll
    + 2011-02-09 03:57 . 2010-12-20 12:48 173568 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\ie4uinit.exe
    + 2011-03-31 22:42 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2481109\update\updspapi.dll
    + 2011-03-31 22:42 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2481109\update\update.exe
    + 2011-03-31 22:42 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2481109\spuninst.exe
    + 2011-01-27 11:41 . 2011-01-27 11:41 677888 c:\windows\$hf_mig$\KB2481109\SP3QFE\lhmstsc.exe
    + 2011-02-02 07:57 . 2011-02-02 07:57 136192 c:\windows\$hf_mig$\KB2481109\SP3QFE\aaclient.dll
    + 2011-03-31 22:48 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2479943\update\updspapi.dll
    + 2011-03-31 22:48 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2479943\update\update.exe
    + 2011-03-31 22:48 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2479943\spuninst.exe
    + 2011-02-09 13:52 . 2011-02-09 13:52 270848 c:\windows\$hf_mig$\KB2479943\SP3QFE\sbe.dll
    + 2011-02-09 13:52 . 2011-02-09 13:52 186880 c:\windows\$hf_mig$\KB2479943\SP3QFE\encdec.dll
    + 2011-02-09 04:07 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2479628\update\updspapi.dll
    + 2011-02-09 04:07 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2479628\update\update.exe
    + 2011-02-09 04:07 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2479628\spuninst.exe
    + 2011-02-09 04:08 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2478971\update\updspapi.dll
    + 2011-02-09 04:08 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2478971\update\update.exe
    + 2011-02-09 04:08 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2478971\spuninst.exe
    + 2010-12-22 12:32 . 2010-12-22 12:32 301568 c:\windows\$hf_mig$\KB2478971\SP3QFE\kerberos.dll
    + 2011-02-09 04:03 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2478960\update\updspapi.dll
    + 2011-02-09 04:03 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2478960\update\update.exe
    + 2011-02-09 04:03 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2478960\spuninst.exe
    + 2010-12-20 17:24 . 2010-12-20 17:24 730112 c:\windows\$hf_mig$\KB2478960\SP3QFE\lsasrv.dll
    + 2011-02-09 04:03 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2476687\update\updspapi.dll
    + 2011-02-09 04:03 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2476687\update\update.exe
    + 2011-02-09 04:03 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2476687\spuninst.exe
    + 2011-07-11 21:33 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2476490\update\updspapi.dll
    + 2011-07-11 21:33 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2476490\update\update.exe
    + 2011-07-11 21:33 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2476490\spuninst.exe
    + 2011-07-11 21:28 . 2010-12-20 17:30 552448 c:\windows\$hf_mig$\KB2476490\SP3QFE\oleaut32.dll
    + 2011-01-06 20:37 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2467659\update\updspapi.dll
    + 2011-01-06 20:37 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2467659\update\update.exe
    + 2011-01-06 20:37 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2467659\spuninst.exe
    + 2011-07-11 21:06 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2447568-IE8\update\updspapi.dll
    + 2011-07-11 21:06 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2447568-IE8\update\update.exe
    + 2011-07-11 21:06 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2447568-IE8\spuninst.exe
    + 2011-01-06 20:40 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2443105\update\updspapi.dll
    + 2011-01-06 20:40 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2443105\update\update.exe
    + 2011-01-06 20:40 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2443105\spuninst.exe
    + 2011-01-06 20:39 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2440591\update\updspapi.dll
    + 2011-01-06 20:39 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2440591\update\update.exe
    + 2011-01-06 20:39 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2440591\spuninst.exe
    + 2011-01-06 20:37 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2436673\update\updspapi.dll
    + 2011-01-06 20:37 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2436673\update\update.exe
    + 2011-01-06 20:37 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2436673\spuninst.exe
    + 2011-01-06 20:33 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2423089\update\updspapi.dll
    + 2011-01-06 20:33 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2423089\update\update.exe
    + 2011-01-06 20:33 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2423089\spuninst.exe
    + 2011-01-12 10:40 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2419632\update\updspapi.dll
    + 2011-01-12 10:40 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2419632\update\update.exe
    + 2011-01-12 10:40 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2419632\spuninst.exe
    + 2010-11-09 14:50 . 2010-11-09 14:50 253952 c:\windows\$hf_mig$\KB2419632\SP3QFE\odbc32.dll
    + 2010-11-09 14:50 . 2010-11-09 14:50 102400 c:\windows\$hf_mig$\KB2419632\SP3QFE\msjro.dll
    + 2010-11-09 14:50 . 2010-11-09 14:50 200704 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadox.dll
    + 2010-11-09 14:50 . 2010-11-09 14:50 180224 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadomd.dll
    + 2010-11-09 14:50 . 2010-11-09 14:50 565248 c:\windows\$hf_mig$\KB2419632\SP3QFE\msado15.dll
    + 2010-11-09 14:50 . 2010-11-09 14:50 143360 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadco.dll
    + 2011-01-06 20:39 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2416400-IE8\update\updspapi.dll
    + 2011-01-06 20:39 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2416400-IE8\update\update.exe
    + 2011-01-06 20:39 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2416400-IE8\spuninst.exe
    + 2011-01-06 20:25 . 2010-11-06 00:27 919552 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\wininet.dll
    + 2011-01-06 20:25 . 2010-11-06 00:27 206848 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\occache.dll
    + 2011-01-06 20:25 . 2010-11-06 00:27 611840 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mstime.dll
    + 2011-01-06 20:25 . 2010-11-06 00:27 602112 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\msfeeds.dll
    + 2011-01-06 20:25 . 2010-11-06 00:27 247808 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\ieproxy.dll
    + 2011-01-06 20:25 . 2010-11-06 00:27 184320 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\iepeers.dll
    + 2011-01-06 20:25 . 2010-11-06 00:27 743424 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\iedvtool.dll
    + 2011-01-06 20:25 . 2010-11-06 00:27 387584 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\iedkcs32.dll
    + 2011-01-06 20:25 . 2010-11-03 12:01 173568 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\ie4uinit.exe
    + 2011-02-09 04:03 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2393802\update\updspapi.dll
    + 2011-02-09 04:03 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2393802\update\update.exe
    + 2011-02-09 04:03 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2393802\spuninst.exe
    + 2011-02-09 03:55 . 2010-12-09 15:15 718336 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
    + 2011-01-06 20:41 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2387149\update\updspapi.dll
    + 2011-01-06 20:41 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2387149\update\update.exe
    + 2011-01-06 20:41 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2387149\spuninst.exe
    + 2011-01-06 20:25 . 2010-09-18 07:18 974848 c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc42u.dll
    + 2011-01-06 20:25 . 2010-09-18 07:18 974848 c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc42.dll
    + 2011-01-06 20:25 . 2010-09-18 07:18 953856 c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
    + 2011-01-06 20:25 . 2010-09-18 07:18 954368 c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40.dll
    + 2011-01-06 20:31 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2360937\update\updspapi.dll
    + 2011-01-06 20:31 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2360937\update\update.exe
    + 2011-01-06 20:31 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2360937\spuninst.exe
    + 2011-01-06 20:23 . 2010-08-16 08:43 590848 c:\windows\$hf_mig$\KB2360937\SP3QFE\rpcrt4.dll
    + 2010-09-20 07:18 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2347290\update\updspapi.dll
    + 2010-09-20 07:18 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2347290\update\update.exe
    + 2010-09-20 07:18 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2347290\spuninst.exe
    + 2011-01-06 20:41 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2345886\update\updspapi.dll
    + 2011-01-06 20:41 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2345886\update\update.exe
    + 2011-01-06 20:41 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2345886\spuninst.exe
    + 2010-08-26 13:37 . 2010-08-26 13:37 357248 c:\windows\$hf_mig$\KB2345886\SP3QFE\srv.sys
    + 2011-01-06 20:41 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2296199\update\updspapi.dll
    + 2011-01-06 20:41 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2296199\update\update.exe
    + 2011-01-06 20:41 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2296199\spuninst.exe
    + 2010-10-28 13:08 . 2010-10-28 13:08 290048 c:\windows\$hf_mig$\KB2296199\SP3QFE\atmfd.dll
    + 2010-09-20 07:19 . 2009-05-26 09:01 382840 c:\windows\$hf_mig$\KB2259922\update\updspapi.dll
    + 2010-09-20 07:19 . 2009-05-26 09:01 755576 c:\windows\$hf_mig$\KB2259922\update\update.exe
    + 2010-09-20 07:19 . 2009-05-26 09:01 231288 c:\windows\$hf_mig$\KB2259922\spuninst.exe
    + 2010-09-20 07:14 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2141007\update\updspapi.dll
    + 2010-09-20 07:14 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2141007\update\update.exe
    + 2010-09-20 07:14 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2141007\spuninst.exe
    + 2010-06-09 07:41 . 2010-06-09 07:41 692736 c:\windows\$hf_mig$\KB2141007\SP3QFE\inetcomm.dll
    + 2010-09-20 07:18 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2121546\update\updspapi.dll
    + 2010-09-20 07:18 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2121546\update\update.exe
    + 2010-09-20 07:18 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2121546\spuninst.exe
    + 2010-06-18 17:43 . 2010-06-18 17:43 293376 c:\windows\$hf_mig$\KB2121546\SP3QFE\winsrv.dll
    + 2011-07-11 21:00 . 2009-06-18 01:59 379184 c:\windows\$968930Uinstall_KB968930$\spuninst\updspapi.dll
    + 2011-07-11 21:00 . 2009-06-18 01:59 221488 c:\windows\$968930Uinstall_KB968930$\spuninst\spuninst.exe
    + 2011-04-15 19:03 . 2010-10-23 00:51 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll
    + 2011-01-06 20:25 . 2010-08-23 16:12 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    + 2011-04-19 05:51 . 2011-04-19 05:51 3781960 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
    + 2011-04-19 05:51 . 2011-04-19 05:51 3766600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll
    + 2011-01-11 17:59 . 2011-01-11 17:59 3780936 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfc90u.dll
    + 2011-01-11 17:59 . 2011-01-11 17:59 3766088 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfc90.dll
    + 2009-07-12 07:02 . 2009-07-12 07:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
    - 2009-07-12 08:02 . 2009-07-12 08:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
    - 2009-07-12 08:02 . 2009-07-12 08:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
    + 2009-07-12 07:02 . 2009-07-12 07:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
    + 2009-06-27 03:07 . 2009-06-27 03:07 3780416 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_a57b1f13\mfc90u.dll
    + 2009-06-27 03:07 . 2009-06-27 03:07 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_a57b1f13\mfc90.dll
    + 2011-05-14 03:04 . 2011-05-14 03:04 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll
    + 2011-05-14 03:04 . 2011-05-14 03:04 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80.dll
    + 2009-07-12 04:46 . 2009-07-12 04:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
    + 2009-07-12 04:46 . 2009-07-12 04:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
    + 2009-10-09 23:23 . 2009-10-09 23:23 1107456 c:\windows\system32\WsmSvc.dll
    + 2009-10-25 10:14 . 2010-12-15 02:51 4184352 c:\windows\system32\usbaaplrc.dll
    + 2004-08-04 06:56 . 2011-08-22 23:48 1212416 c:\windows\system32\urlmon.dll
    + 2004-08-04 06:56 . 2011-01-21 14:44 8462336 c:\windows\system32\shell32.dll
    - 2004-08-04 06:56 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll
    + 2011-02-04 21:49 . 2009-08-29 02:42 2065696 c:\windows\system32\ReinstallBackups\0015\DriverFiles\usbaaplrc.dll
    + 2010-12-29 23:02 . 2009-09-27 23:12 1604482 c:\windows\system32\ReinstallBackups\0010\DriverFiles\nvdata.bin
    + 2010-12-29 23:02 . 2009-09-27 23:12 2194024 c:\windows\system32\ReinstallBackups\0010\DriverFiles\nvcuvid.dll
    + 2010-12-29 23:02 . 2009-09-27 23:12 1714792 c:\windows\system32\ReinstallBackups\0010\DriverFiles\nvcuvenc.dll
    + 2010-12-29 23:02 . 2009-09-27 23:12 2007040 c:\windows\system32\ReinstallBackups\0010\DriverFiles\nvcuda.dll
    + 2010-12-29 23:02 . 2009-09-27 23:12 7655872 c:\windows\system32\ReinstallBackups\0010\DriverFiles\nv4_mini.sys
    + 2010-12-29 23:02 . 2009-09-27 23:12 5900416 c:\windows\system32\ReinstallBackups\0010\DriverFiles\nv4_disp.dll
    + 2004-08-04 06:56 . 2010-07-16 12:05 1288192 c:\windows\system32\ole32.dll
    + 2009-09-27 23:12 . 2010-10-16 18:55 2293194 c:\windows\system32\nvdata.bin
    + 2009-09-27 23:12 . 2010-10-16 18:55 2932840 c:\windows\system32\nvcuvid.dll
    + 2009-09-27 23:12 . 2010-10-16 18:55 2666600 c:\windows\system32\nvcuvenc.dll
    + 2009-09-27 23:12 . 2010-10-16 18:55 4882432 c:\windows\system32\nvcuda.dll
    + 2007-01-14 15:10 . 2010-10-16 18:55 1462272 c:\windows\system32\nvapi.dll
    + 2007-01-14 15:10 . 2010-10-16 18:55 6359552 c:\windows\system32\nv4_disp.dll
    + 2004-08-04 05:18 . 2010-12-09 13:42 2148864 c:\windows\system32\ntoskrnl.exe
    + 2004-08-03 22:59 . 2010-12-09 13:07 2027008 c:\windows\system32\ntkrnlpa.exe
    + 2007-01-14 14:45 . 2011-02-02 07:58 2067456 c:\windows\system32\mstscax.dll
    + 2004-08-04 06:56 . 2011-10-03 08:35 5971456 c:\windows\system32\mshtml.dll
    + 2010-01-27 01:07 . 2011-11-11 09:40 8527008 c:\windows\system32\Macromed\Flash\NPSWF32.dll
    + 2006-05-17 19:23 . 2008-03-21 01:06 1480232 c:\windows\system32\LegitCheckControl.dll
    + 2006-10-17 19:57 . 2011-08-22 23:48 2000384 c:\windows\system32\iertutil.dll
    + 2007-01-14 06:40 . 2011-10-31 15:53 3470592 c:\windows\system32\FNTCACHE.DAT
    + 2011-02-04 21:49 . 2010-12-15 02:51 4184352 c:\windows\system32\DRVSTORE\usbaapl_A4C70B47551C2629A145AE032C4D1823570ADB7B\usbaaplrc.dll
    + 2011-02-04 21:49 . 2010-04-20 03:29 1461992 c:\windows\system32\DRVSTORE\netaapl_8A27A03003759CB01567E831096473C330131D64\wdfcoinstaller01009.dll
    + 2011-01-02 05:31 . 2006-11-13 22:45 1419232 c:\windows\system32\DRVSTORE\motport_9A5A85088EA432AA30AB62E19BFD4CEC1FF62E6D\wdfcoinstaller01005.dll
    + 2011-01-02 05:21 . 2006-11-13 22:45 1419232 c:\windows\system32\DRVSTORE\motousbnet_F1F6B8D0B008E23D15C7FB6A13B8CAA12F1AA650\wdfcoinstaller01005.dll
    + 2011-01-02 05:31 . 2006-11-13 22:45 1419232 c:\windows\system32\DRVSTORE\motmodem_77C6F3FBF2928E6DAC7B8A901D5589738CDDC62C\wdfcoinstaller01005.dll
    + 2011-01-02 05:31 . 2006-11-13 22:45 1419232 c:\windows\system32\DRVSTORE\motccgp_635EF2070D7E2D6CC6C1DFF95BA8C43191DD1F11\wdfcoinstaller01005.dll
    + 2011-04-21 03:29 . 2011-04-21 03:29 1112288 c:\windows\system32\DRVSTORE\ggsemc_662FCD02DE358D990BED9E80770DCDFAB166A2D8\x86\WdfCoInstaller01007.dll
    + 2010-08-25 05:07 . 2011-10-21 08:07 1474832 c:\windows\system32\drivers\sfi.dat
    + 2007-01-14 15:10 . 2010-10-16 18:55 9623680 c:\windows\system32\drivers\nv4_mini.sys
    + 2009-04-17 12:26 . 2011-09-06 13:20 1858944 c:\windows\system32\dllcache\win32k.sys
    + 2009-04-05 21:40 . 2011-08-22 23:48 1212416 c:\windows\system32\dllcache\urlmon.dll
    + 2010-07-27 06:30 . 2011-01-21 14:44 8462336 c:\windows\system32\dllcache\shell32.dll
    - 2010-07-27 06:30 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll
    + 2010-07-16 12:05 . 2010-07-16 12:05 1288192 c:\windows\system32\dllcache\ole32.dll
    + 2007-01-14 15:10 . 2010-10-16 18:55 9623680 c:\windows\system32\dllcache\nv4_mini.sys
    + 2009-04-16 05:24 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
    + 2004-08-03 22:59 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
    + 2009-02-08 02:02 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
    + 2004-08-04 05:18 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
    + 2004-08-04 06:56 . 2011-10-03 08:35 5971456 c:\windows\system32\dllcache\mshtml.dll
    + 2007-01-14 14:45 . 2011-02-02 07:58 2067456 c:\windows\system32\dllcache\lhmstscx.dll
    + 2009-04-05 21:40 . 2011-08-22 23:48 2000384 c:\windows\system32\dllcache\iertutil.dll
    - 2008-07-25 18:17 . 2008-07-25 18:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
    + 2011-03-25 13:15 . 2011-03-25 13:15 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
    + 2010-09-22 16:44 . 2010-09-22 16:44 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
    - 2010-03-23 12:32 . 2010-03-23 12:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
    + 2011-04-29 04:50 . 2011-04-29 04:50 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
    - 2010-03-23 12:32 . 2010-03-23 12:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
    + 2011-07-07 12:18 . 2011-07-07 12:18 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
    + 2011-07-07 12:18 . 2011-07-07 12:18 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    - 2010-05-11 13:40 . 2010-05-11 13:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    + 2011-07-08 20:59 . 2011-07-08 20:59 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
    - 2010-04-01 18:42 . 2010-04-01 18:42 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
    - 2010-04-01 18:42 . 2010-04-01 18:42 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
    + 2011-07-08 20:59 . 2011-07-08 20:59 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
    + 2011-07-07 19:02 . 2011-07-07 19:02 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
    - 2010-03-31 21:50 . 2010-03-31 21:50 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
    + 2011-07-07 19:02 . 2011-07-07 19:02 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
    - 2010-03-31 21:50 . 2010-03-31 21:50 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
    + 2011-07-08 20:59 . 2011-07-08 20:59 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
    - 2010-04-01 18:42 . 2010-04-01 18:42 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
    + 2011-01-19 06:36 . 2011-01-19 06:36 2687488 c:\windows\Installer\e4e119.msp
    + 2010-09-17 14:04 . 2010-09-17 14:04 9401856 c:\windows\Installer\bef3e.msp
    + 2010-10-05 00:00 . 2010-10-05 00:00 7973888 c:\windows\Installer\bef36.msp
    + 2010-08-14 01:59 . 2010-08-14 01:59 8182272 c:\windows\Installer\bef18.msp
    + 2010-08-14 02:02 . 2010-08-14 02:02 2545664 c:\windows\Installer\bef10.msp
    + 2010-10-04 21:59 . 2010-10-04 21:59 8300032 c:\windows\Installer\bef08.msp
    + 2010-10-04 21:55 . 2010-10-04 21:55 9629696 c:\windows\Installer\beef4.msp
    + 2010-08-18 18:19 . 2010-08-18 18:19 8400896 c:\windows\Installer\beee0.msp
    + 2011-11-14 10:07 . 2011-11-14 10:07 1184256 c:\windows\Installer\7940fc6.msi
    + 2010-11-21 06:34 . 2010-11-21 06:34 1198080 c:\windows\Installer\6afa23e.msp
    + 2011-03-18 03:01 . 2011-03-18 03:01 9563648 c:\windows\Installer\6afa236.msp
    + 2011-01-12 00:50 . 2011-01-12 00:50 8177152 c:\windows\Installer\6afa22e.msp
    + 2010-12-09 22:25 . 2010-12-09 22:25 9625088 c:\windows\Installer\6afa226.msp
    + 2011-02-25 21:25 . 2011-02-25 21:25 7968256 c:\windows\Installer\6afa212.msp
    + 2010-10-06 22:55 . 2010-10-06 22:55 3940864 c:\windows\Installer\4d044b.msi
    + 2011-04-03 20:21 . 2011-04-03 20:21 1864704 c:\windows\Installer\4b412.msi
    + 2011-02-22 20:54 . 2011-02-22 20:54 2096128 c:\windows\Installer\479671.msi
    + 2011-02-04 21:53 . 2011-02-04 21:53 6596096 c:\windows\Installer\380ad6.msi
    + 2011-02-04 21:49 . 2011-02-04 21:49 3085312 c:\windows\Installer\37fe67.msi
    + 2011-02-04 21:49 . 2011-02-04 21:49 1984000 c:\windows\Installer\37fe28.msi
    + 2011-02-04 21:45 . 2011-02-04 21:45 9472000 c:\windows\Installer\37fd9a.msi
    + 2011-05-02 07:06 . 2011-05-02 07:06 2705920 c:\windows\Installer\2b8237a.msp
    + 2011-08-11 00:43 . 2011-08-11 00:43 3795968 c:\windows\Installer\2b82373.msp
    + 2011-09-07 04:48 . 2011-09-07 04:48 8181248 c:\windows\Installer\2b8236b.msp
    + 2011-07-27 14:39 . 2011-07-27 14:39 9892352 c:\windows\Installer\2b82363.msp
    + 2011-04-28 19:23 . 2011-04-28 19:23 9607680 c:\windows\Installer\2b21a.msp
    + 2011-04-29 19:30 . 2011-04-29 19:30 1197056 c:\windows\Installer\2b206.msp
    + 2010-08-09 23:44 . 2010-08-09 23:44 3778048 c:\windows\Installer\285096e.msp
    + 2010-08-27 20:36 . 2010-08-27 20:36 2807296 c:\windows\Installer\285095a.msp
    + 2011-04-29 19:28 . 2011-04-29 19:28 1995264 c:\windows\Installer\25a8783.msp
    + 2011-04-29 19:33 . 2011-04-29 19:33 8173568 c:\windows\Installer\25a8775.msp
    + 2010-12-29 23:06 . 2010-12-29 23:06 1598464 c:\windows\Installer\21d03d.msi
    + 2011-09-07 23:36 . 2011-09-07 23:36 6069248 c:\windows\Installer\1a7173.msp
    + 2010-09-23 14:39 . 2010-09-23 14:39 4265472 c:\windows\Installer\13c65cc.msp
    + 2010-09-23 01:05 . 2010-09-23 01:05 2405784 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\rt3d.dll
    + 2010-09-16 10:08 . 2010-09-16 10:08 6210560 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\authplay.dll
    + 2010-06-20 00:51 . 2010-06-20 00:51 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AGM.dll
    + 2009-04-04 01:21 . 2009-04-04 01:21 8543096 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\OARTCONV.DLL
    + 2010-09-21 05:01 . 2009-03-08 11:34 1206784 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
    + 2010-09-21 05:01 . 2009-03-08 11:41 5937152 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
    + 2010-09-21 05:01 . 2009-03-08 11:32 1985024 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
    + 2011-10-31 10:06 . 2011-06-23 18:36 1212416 c:\windows\ie8updates\KB2586448-IE8\urlmon.dll
    + 2011-10-31 10:06 . 2011-07-25 15:17 5969920 c:\windows\ie8updates\KB2586448-IE8\mshtml.dll
    + 2011-10-31 10:06 . 2011-06-23 18:36 1991680 c:\windows\ie8updates\KB2586448-IE8\iertutil.dll
    + 2011-09-30 08:00 . 2011-04-25 16:11 1211904 c:\windows\ie8updates\KB2559049-IE8\urlmon.dll
    + 2011-09-30 08:00 . 2011-05-30 22:19 5964800 c:\windows\ie8updates\KB2559049-IE8\mshtml.dll
    + 2011-09-30 08:00 . 2011-04-25 16:11 1991680 c:\windows\ie8updates\KB2559049-IE8\iertutil.dll
    + 2011-07-11 21:49 . 2011-02-22 23:06 1210880 c:\windows\ie8updates\KB2530548-IE8\urlmon.dll
    + 2011-07-11 21:49 . 2011-02-22 23:06 5962240 c:\windows\ie8updates\KB2530548-IE8\mshtml.dll
    + 2011-07-11 21:49 . 2011-02-22 23:06 1991680 c:\windows\ie8updates\KB2530548-IE8\iertutil.dll
    + 2011-04-17 02:29 . 2010-12-20 23:59 1210880 c:\windows\ie8updates\KB2497640-IE8\urlmon.dll
    + 2011-04-17 02:29 . 2010-12-20 23:59 5961216 c:\windows\ie8updates\KB2497640-IE8\mshtml.dll
    + 2011-04-17 02:29 . 2010-12-20 23:59 1991680 c:\windows\ie8updates\KB2497640-IE8\iertutil.dll
    + 2011-02-09 04:04 . 2010-11-06 00:26 1210880 c:\windows\ie8updates\KB2482017-IE8\urlmon.dll
    + 2011-02-09 04:04 . 2010-11-06 00:26 5959168 c:\windows\ie8updates\KB2482017-IE8\mshtml.dll
    + 2011-02-09 04:04 . 2010-11-06 00:26 1991680 c:\windows\ie8updates\KB2482017-IE8\iertutil.dll
    + 2011-01-06 20:39 . 2010-06-24 12:22 1210368 c:\windows\ie8updates\KB2416400-IE8\urlmon.dll
    + 2011-01-06 20:39 . 2010-06-24 12:22 5951488 c:\windows\ie8updates\KB2416400-IE8\mshtml.dll
    + 2011-01-06 20:39 . 2010-06-24 12:21 1986560 c:\windows\ie8updates\KB2416400-IE8\iertutil.dll
    - 2010-08-19 09:36 . 2010-05-06 10:41 1209344 c:\windows\ie8updates\KB2183461-IE8\urlmon.dll
    + 2010-09-21 05:01 . 2010-05-06 10:41 1209344 c:\windows\ie8updates\KB2183461-IE8\urlmon.dll
    - 2010-08-19 09:36 . 2010-05-06 10:41 5950976 c:\windows\ie8updates\KB2183461-IE8\mshtml.dll
    + 2010-09-21 05:01 . 2010-05-06 10:41 5950976 c:\windows\ie8updates\KB2183461-IE8\mshtml.dll
    - 2010-08-19 09:36 . 2010-05-06 10:41 1985536 c:\windows\ie8updates\KB2183461-IE8\iertutil.dll
    + 2010-09-21 05:01 . 2010-05-06 10:41 1985536 c:\windows\ie8updates\KB2183461-IE8\iertutil.dll
    - 2009-07-02 08:49 . 2009-04-29 04:56 1159680 c:\windows\ie8\urlmon.dll
    + 2010-09-21 04:59 . 2009-04-29 04:56 1159680 c:\windows\ie8\urlmon.dll
    + 2010-09-21 04:59 . 2009-04-29 04:56 3596288 c:\windows\ie8\mshtml.dll
    - 2009-07-02 08:49 . 2009-04-29 04:56 3596288 c:\windows\ie8\mshtml.dll
    - 2009-07-02 08:49 . 2009-04-29 04:55 6066176 c:\windows\ie8\ieframe.dll
    + 2010-09-21 04:59 . 2009-04-29 04:55 6066176 c:\windows\ie8\ieframe.dll
    + 2010-09-21 04:59 . 2008-07-09 14:25 2455488 c:\windows\ie8\ieapfltr.dat
    - 2009-07-02 08:49 . 2008-07-09 14:25 2455488 c:\windows\ie8\ieapfltr.dat
    + 2008-10-14 18:45 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
    + 2008-10-14 18:45 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
    + 2008-10-14 18:45 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
    + 2008-10-14 18:45 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
    + 2011-10-31 10:00 . 2011-10-31 10:00 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_fb5f30eb\System.dll
    + 2011-10-31 10:01 . 2011-10-31 10:01 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_c17e764f\System.dll
    + 2011-10-31 10:01 . 2011-10-31 10:01 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_f8101029\System.Xml.dll
    + 2011-10-31 10:01 . 2011-10-31 10:01 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_a530cca3\System.Xml.dll
    + 2011-10-31 10:01 . 2011-10-31 10:01 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_cd1af96d\System.Windows.Forms.dll
    + 2011-10-31 10:01 . 2011-10-31 10:01 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_ca962f59\System.Windows.Forms.dll
    + 2011-10-31 10:01 . 2011-10-31 10:01 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_222b5a6d\System.Drawing.dll
    + 2011-10-31 10:01 . 2011-10-31 10:01 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_8030e71b\System.Design.dll
    + 2011-10-31 10:01 . 2011-10-31 10:01 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_1d938af7\System.Design.dll
    + 2011-10-31 10:01 . 2011-10-31 10:01 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_8d0b0757\mscorlib.dll
    + 2011-10-31 10:01 . 2011-10-31 10:01 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_70044e2f\mscorlib.dll
    + 2011-11-01 06:50 . 2011-11-01 06:50 2018816 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\dec788a098576594112a08bb0bf21d95\WindowsLive.Writer.CoreServices.ni.dll
    + 2011-11-01 06:50 . 2011-11-01 06:50 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6ea9639305271fc22aa925a7356d7db6\WindowsLive.Writer.ApplicationFramework.ni.dll
    + 2011-11-01 06:49 . 2011-11-01 06:50 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3203e91891cafbbb289bcde65e6a8389\WindowsLive.Writer.PostEditor.ni.dll
    + 2011-10-31 10:16 . 2011-10-31 10:16 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll
    + 2011-10-31 15:55 . 2011-10-31 15:55 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\55d4813580b1e5d268ff0564942cee9c\UIAutomationClientsideProviders.ni.dll
    + 2011-10-31 10:16 . 2011-10-31 10:16 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
    + 2011-10-31 15:55 . 2011-10-31 15:55 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
    + 2011-11-01 19:59 . 2011-11-01 19:59 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\17902fdb0e0d3bc8b49bce693415fe7e\System.WorkflowServices.ni.dll
    + 2011-11-01 19:59 . 2011-11-01 19:59 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\f72c5f649951b0403e62bfab6c453e6f\System.Workflow.Runtime.ni.dll
    + 2011-11-01 19:59 . 2011-11-01 19:59 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\0aa4f4174204c93cc5181df4a6b2fb09\System.Workflow.ComponentModel.ni.dll
    + 2011-11-01 19:59 . 2011-11-01 19:59 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\921629dc69a5a895101097c88ae67897\System.Workflow.Activities.ni.dll
    + 2011-11-01 06:50 . 2011-11-01 06:50 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\6303e256d2ac0843c3e4c24172c90544\System.Web.Services.ni.dll
    + 2011-11-01 19:58 . 2011-11-01 19:58 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\f5dac0448a1dbe2687a5df92904d6274\System.Web.Mobile.ni.dll
    + 2011-11-01 19:58 . 2011-11-01 19:58 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\ccaf6bdd256a9b5079fedadcc8993327\System.Web.Extensions.ni.dll
    + 2011-10-31 15:55 . 2011-10-31 15:55 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\10d7daa3d1e62a0e40587cdc707be93f\System.Speech.ni.dll
    + 2011-11-01 19:58 . 2011-11-01 19:58 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\9ec7da53380a754b4ad97709df0dd7e7\System.ServiceModel.Web.ni.dll
    + 2011-11-01 00:29 . 2011-11-01 00:29 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\afd6134c090faf8c29cd64d4835142b2\System.Runtime.Serialization.ni.dll
    + 2011-10-31 15:55 . 2011-10-31 15:55 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\0f8e14bfdb27645fb1a92ce26f9bf521\System.Printing.ni.dll
    + 2011-11-01 19:58 . 2011-11-01 19:58 8365056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\3959e9012ee532343861eb35c6c72b24\System.Management.Automation.ni.dll
    + 2011-11-01 00:29 . 2011-11-01 00:29 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\d14065ede44df8e9b5d6b60c5ddccc69\System.IdentityModel.ni.dll
    + 2011-10-31 15:55 . 2011-10-31 15:55 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
    + 2011-11-01 06:50 . 2011-11-01 06:50 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\91cd88a803768151c6262853d3454ba7\System.DirectoryServices.ni.dll
    + 2011-11-01 06:50 . 2011-11-01 06:50 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\cc5ac99e8af2738e85cda5525fdd944f\System.Deployment.ni.dll
    + 2011-10-31 15:53 . 2011-10-31 15:53 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll
    + 2011-11-01 06:50 . 2011-11-01 06:50 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ef748704f543a8791e23387652d34dfb\System.Data.SqlXml.ni.dll
    + 2011-11-01 19:57 . 2011-11-01 19:57 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\541142d8742e6e88f1e729fafee04e71\System.Data.Services.ni.dll
    + 2011-11-01 06:50 . 2011-11-01 06:50 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\5d5aa4b926ae422607ea833d934665c2\System.Data.OracleClient.ni.dll
    + 2011-10-31 15:53 . 2011-10-31 15:53 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\d96a94076acb8e0c5a96a1b2de4b3a7a\System.Data.Linq.ni.dll
    + 2011-11-01 06:54 . 2011-11-01 06:54 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\a3ce22c2a84fdcb008d72d230ee0b2c0\System.Data.Entity.ni.dll
    + 2011-10-31 15:52 . 2011-10-31 15:52 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\d507b9e0e50e453793ee5e01c07a5485\System.Core.ni.dll
    + 2011-10-31 10:18 . 2011-10-31 10:18 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\714e9504255565bd9076fe13628e104a\ReachFramework.ni.dll
    + 2011-10-31 10:17 . 2011-10-31 10:17 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\7dc6ee14234b0686182ced75f7dae990\PresentationUI.ni.dll
    + 2011-10-31 10:16 . 2011-10-31 10:16 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b42ad515bb20ec1f1250c040371c6730\PresentationBuildTasks.ni.dll
    + 2011-11-01 06:53 . 2011-11-01 06:53 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\24331b719aa25ac2b21099e32232840c\Microsoft.VisualBasic.ni.dll
    + 2011-11-01 06:51 . 2011-11-01 06:51 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\ce1ecd602ca089eb13a9b428dc7f0449\Microsoft.Transactions.Bridge.ni.dll
    + 2011-11-01 06:53 . 2011-11-01 06:53 1704448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\fba2661cffd923f17dbfa6662adf5ce3\Microsoft.PowerShell.GPowerShell.ni.dll
    + 2011-11-01 06:52 . 2011-11-01 06:52 3722752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\eb5b6ad2dc6e2ecbdbb1ce1bf754b32e\Microsoft.PowerShell.Editor.ni.dll
    + 2011-11-01 06:52 . 2011-11-01 06:52 1609728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7c0df343514ab15e0fe9b11e9b013b11\Microsoft.PowerShell.Commands.Utility.ni.dll
    + 2011-11-01 19:58 . 2011-11-01 19:58 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\8ad32b72258899177c07dc5912b5b748\Microsoft.JScript.ni.dll
    + 2011-11-01 06:52 . 2011-11-01 06:52 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\50e7c5eb58c982dba7b21cd10a69b095\Microsoft.Build.Tasks.ni.dll
    + 2011-11-01 06:52 . 2011-11-01 06:52 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\415cef6abab5bb959f200f6c537bc289\Microsoft.Build.Tasks.v3.5.ni.dll
    + 2011-11-01 06:51 . 2011-11-01 06:51 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\eea7bcc8d356e3f2dcb4f36dfc1c6bc0\Microsoft.Build.Engine.ni.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    + 2011-10-31 10:15 . 2011-10-31 10:15 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    + 2011-10-31 10:15 . 2011-10-31 10:15 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2010-10-08 02:09 . 2010-10-08 02:09 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
    - 2009-08-21 16:52 . 2009-08-21 16:52 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
    + 2011-07-11 21:00 . 2011-07-11 21:00 2682880 c:\windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    + 2011-10-31 10:15 . 2011-10-31 10:15 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    + 2011-10-31 10:14 . 2011-10-31 10:14 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    - 2010-08-19 09:38 . 2010-08-19 09:38 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2011-10-31 10:00 . 2011-10-31 10:00 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
    - 2010-06-10 21:56 . 2010-06-10 21:56 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
    + 2011-10-31 10:00 . 2011-10-31 10:00 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
    - 2010-06-10 21:56 . 2010-06-10 21:56 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
    + 2011-01-06 20:37 . 2008-04-14 00:12 1287168 c:\windows\$NtUninstallKB979687$\ole32.dll
    + 2011-07-24 06:28 . 2011-03-03 13:21 1857920 c:\windows\$NtUninstallKB2555917$\win32k.sys
    + 2011-04-17 02:33 . 2010-12-31 13:10 1854976 c:\windows\$NtUninstallKB2506223$\win32k.sys
    + 2011-02-09 04:07 . 2010-07-27 06:30 8462336 c:\windows\$NtUninstallKB2483185$\shell32.dll
    + 2011-03-31 22:42 . 2009-06-10 16:19 2066432 c:\windows\$NtUninstallKB2481109$\mstscax.dll
    + 2011-03-31 22:42 . 2009-06-10 16:19 2066432 c:\windows\$NtUninstallKB2481109$\lhmstscx.dll
    + 2011-02-09 04:07 . 2010-10-26 13:25 1853312 c:\windows\$NtUninstallKB2479628$\win32k.sys
    + 2011-01-06 20:37 . 2010-06-23 13:44 1851904 c:\windows\$NtUninstallKB2436673$\win32k.sys
    + 2011-02-09 04:03 . 2010-04-27 13:59 2146304 c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe
    + 2011-02-09 04:03 . 2010-04-27 13:05 2024448 c:\windows\$NtUninstallKB2393802$\ntkrpamp.exe
    + 2011-02-09 04:03 . 2010-04-27 13:05 2024448 c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe
    + 2011-02-09 04:03 . 2010-04-27 13:59 2146304 c:\windows\$NtUninstallKB2393802$\ntkrnlmp.exe
    + 2011-01-06 20:41 . 2008-04-14 00:11 1028096 c:\windows\$NtUninstallKB2387149$\mfc42.dll
    + 2010-07-16 12:04 . 2010-07-16 12:04 1289216 c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
    + 2009-07-27 22:13 . 2009-07-27 22:13 8462848 c:\windows\$hf_mig$\KB971029\SP3QFE\shell32.dll
    + 2011-09-29 19:25 . 2011-06-23 18:33 1214464 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\urlmon.dll
    + 2011-09-29 19:25 . 2011-07-25 15:15 5971456 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mshtml.dll
    + 2011-09-29 19:25 . 2011-06-23 18:33 1992192 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\iertutil.dll
    + 2011-06-02 14:07 . 2011-06-02 14:07 1867904 c:\windows\$hf_mig$\KB2555917\SP3QFE\win32k.sys
    + 2011-07-11 21:44 . 2011-04-25 16:09 1213952 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\urlmon.dll
    + 2011-07-11 21:44 . 2011-05-30 22:17 5967360 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\mshtml.dll
    + 2011-07-11 21:44 . 2011-04-25 16:09 1992192 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\iertutil.dll
    + 2011-03-03 13:27 . 2011-03-03 13:27 1866880 c:\windows\$hf_mig$\KB2506223\SP3QFE\win32k.sys
    + 2011-04-15 19:03 . 2011-02-22 23:27 1212928 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\urlmon.dll
    + 2011-04-15 19:03 . 2011-02-22 23:27 5964800 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\mshtml.dll
    + 2011-04-15 19:03 . 2011-02-22 23:27 1992192 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\iertutil.dll
    + 2011-01-21 14:42 . 2011-01-21 14:42 8463360 c:\windows\$hf_mig$\KB2483185\SP3QFE\shell32.dll
    + 2011-02-09 03:57 . 2010-12-20 23:58 1211904 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\urlmon.dll
    + 2011-02-09 03:57 . 2010-12-20 23:58 5962240 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtml.dll
    + 2011-02-09 03:57 . 2010-12-20 23:58 1992192 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iertutil.dll
    + 2011-02-02 07:57 . 2011-02-02 07:57 2069504 c:\windows\$hf_mig$\KB2481109\SP3QFE\lhmstscx.dll
    + 2010-12-31 13:14 . 2010-12-31 13:14 1864064 c:\windows\$hf_mig$\KB2479628\SP3QFE\win32k.sys
    + 2010-10-26 13:27 . 2010-10-26 13:27 1862272 c:\windows\$hf_mig$\KB2436673\SP3QFE\win32k.sys
    + 2011-01-06 20:25 . 2010-11-06 00:27 1211904 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\urlmon.dll
    + 2011-01-06 20:25 . 2010-11-06 00:27 5960704 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mshtml.dll
    + 2011-01-06 20:25 . 2010-11-06 00:27 1992192 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\iertutil.dll
    + 2011-02-09 03:55 . 2010-12-09 13:43 2192768 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
    + 2011-02-09 03:55 . 2010-12-09 13:09 2027008 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrpamp.exe
    + 2010-12-10 02:39 . 2010-12-10 02:39 2069376 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
    + 2011-02-09 03:55 . 2010-12-09 13:47 2148864 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlmp.exe
    - 2004-08-04 06:56 . 2009-07-14 06:43 10841088 c:\windows\system32\wmp.dll
    + 2004-08-04 06:56 . 2010-08-26 07:36 10841088 c:\windows\system32\wmp.dll
    + 2010-12-29 23:02 . 2009-09-27 23:12 10756096 c:\windows\system32\ReinstallBackups\0010\DriverFiles\nvoglnt.dll
    + 2007-01-14 15:10 . 2010-10-16 18:55 14532608 c:\windows\system32\nvoglnt.dll
    + 2010-10-16 20:04 . 2010-10-16 20:04 13851752 c:\windows\system32\nvcpl.dll
    + 2010-12-29 23:02 . 2010-10-16 18:55 13012992 c:\windows\system32\nvcompiler.dll
    + 2007-01-14 16:17 . 2011-11-10 23:46 50295240 c:\windows\system32\MRT.exe
    + 2006-11-08 05:03 . 2011-08-24 00:48 11081728 c:\windows\system32\ieframe.dll
    + 2009-07-14 06:43 . 2010-08-26 07:36 10841088 c:\windows\system32\dllcache\wmp.dll
    - 2009-07-14 06:43 . 2009-07-14 06:43 10841088 c:\windows\system32\dllcache\wmp.dll
    + 2009-04-05 21:40 . 2011-08-24 00:48 11081728 c:\windows\system32\dllcache\ieframe.dll
    + 2011-07-13 05:49 . 2011-07-13 05:49 11459584 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2572067\M2572067Uninstall.msp
    + 2011-07-11 22:03 . 2011-07-11 22:03 20333056 c:\windows\Installer\e4e133.msp
    + 2011-03-28 10:27 . 2011-03-28 10:27 15456256 c:\windows\Installer\cd6ff5.msp
    + 2011-01-31 10:45 . 2011-01-31 10:45 11135488 c:\windows\Installer\c845e.msp
    + 2011-01-06 20:38 . 2011-01-06 20:38 20304384 c:\windows\Installer\bef23.msp
    + 2010-08-18 18:12 . 2010-08-18 18:12 17516032 c:\windows\Installer\beeb2.msp
    + 2011-10-31 10:16 . 2011-10-31 10:16 20333568 c:\windows\Installer\bd7bea9.msp
    + 2011-07-12 03:43 . 2011-07-12 03:43 11641344 c:\windows\Installer\bd7be9e.msp
    + 2011-07-12 22:50 . 2011-07-12 22:50 17555968 c:\windows\Installer\bcc1dbe.msp
    + 2011-04-22 22:04 . 2011-04-22 22:04 20314624 c:\windows\Installer\82a0f.msp
    + 2011-01-18 04:36 . 2011-01-18 04:36 17520128 c:\windows\Installer\6c67cd1.msp
    + 2011-02-12 03:47 . 2011-02-12 03:47 12028928 c:\windows\Installer\6afa249.msp
    + 2011-03-13 01:02 . 2011-03-13 01:02 15139328 c:\windows\Installer\607b0d.msp
    + 2011-03-02 10:55 . 2011-03-02 10:55 20308992 c:\windows\Installer\2900040.msp
    + 2011-04-28 02:21 . 2011-04-28 02:21 17515520 c:\windows\Installer\25a8797.msp
    + 2011-06-08 04:39 . 2011-06-08 04:39 19798016 c:\windows\Installer\1a7174.msp
    + 2010-09-14 03:19 . 2010-09-14 03:19 20303872 c:\windows\Installer\1901de7.msp
    + 2010-10-08 02:08 . 2010-10-08 02:08 20303872 c:\windows\Installer\13c65d7.msp
    + 2010-09-24 14:08 . 2010-09-24 14:08 17518080 c:\windows\Installer\13c65c3.msp
    + 2010-09-23 10:03 . 2010-09-23 10:03 20460984 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32.dll
    + 2010-09-21 05:01 . 2009-03-08 11:39 11063808 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
    + 2011-10-31 10:06 . 2011-06-23 18:36 11081728 c:\windows\ie8updates\KB2586448-IE8\ieframe.dll
    + 2011-09-30 08:00 . 2011-04-26 17:11 11081728 c:\windows\ie8updates\KB2559049-IE8\ieframe.dll
    + 2011-07-11 21:49 . 2011-02-22 23:06 11080704 c:\windows\ie8updates\KB2530548-IE8\ieframe.dll
    + 2011-04-17 02:29 . 2010-12-21 13:29 11080704 c:\windows\ie8updates\KB2497640-IE8\ieframe.dll
    + 2011-02-09 04:04 . 2010-11-06 00:26 11080704 c:\windows\ie8updates\KB2482017-IE8\ieframe.dll
    + 2011-01-06 20:39 . 2010-06-25 00:51 11077120 c:\windows\ie8updates\KB2416400-IE8\ieframe.dll
    - 2010-08-19 09:36 . 2010-05-06 10:41 11076096 c:\windows\ie8updates\KB2183461-IE8\ieframe.dll
    + 2010-09-21 05:01 . 2010-05-06 10:41 11076096 c:\windows\ie8updates\KB2183461-IE8\ieframe.dll
    + 2011-07-12 15:46 . 2011-07-12 15:46 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP15.tmp\System.Web.dll
    + 2011-10-31 15:55 . 2011-10-31 15:55 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
    + 2011-11-01 06:50 . 2011-11-01 06:50 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll
    + 2011-11-01 06:49 . 2011-11-01 06:49 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\ceadaf3b3d017c7a1ef10a06f8009f6f\System.ServiceModel.ni.dll
    + 2011-10-31 15:54 . 2011-10-31 15:54 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\c6374d32e4af7b7e3e46b32176f76558\System.Design.ni.dll
    + 2011-10-31 10:17 . 2011-10-31 10:17 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\054488924fcc579cce9fa0209dafe28b\PresentationFramework.ni.dll
    + 2011-10-31 10:17 . 2011-10-31 10:17 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll
    + 2011-10-31 10:16 . 2011-10-31 10:16 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
    + 2011-01-06 20:41 . 2009-07-14 06:43 10841088 c:\windows\$NtUninstallKB2378111_WM9$\wmp.dll
    + 2011-06-25 08:03 . 2011-06-25 08:03 11083776 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\ieframe.dll
    + 2011-07-11 21:44 . 2011-04-25 16:09 11083776 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\ieframe.dll
    + 2011-02-23 11:57 . 2011-02-23 11:57 11082752 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\ieframe.dll
    + 2011-02-09 03:57 . 2010-12-20 23:58 11082752 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\ieframe.dll
    + 2010-11-06 13:57 . 2010-11-06 13:57 11082752 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\ieframe.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Ai Gear Help"="c:\program files\ASUS\AI Gear\GearHelp.exe" [2006-07-28 415744]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
    "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
    "razer"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-09-06 155648]
    "type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
    "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-31 323976]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 2497352]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\guard32.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
    path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\PowerReg Scheduler.exe
    backup=c:\windows\pss\PowerReg Scheduler.exeStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
    backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\combofix]
    c:\combofix\CF11869.cfxxe [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
    2011-08-15 13:49 1191216 -c--a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
    2010-03-06 11:44 500208 -c----w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    2007-08-16 11:24 167368 -c--a-w- c:\program files\DAEMON Tools\daemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
    2004-09-17 13:24 61440 -c--a-w- c:\program files\Lexmark P910 Series\ezprint.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
    2005-01-20 02:19 299008 -c--a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2010-03-12 20:08 49208 -c--a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    2006-07-12 09:58 1397760 -c----w- c:\program files\Ahead\InCD\InCD.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-01-25 23:08 421160 -c--a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
    2007-04-11 03:50 249856 -c--a-w- c:\program files\lg_fwupdate\fwupdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbymon.exe]
    2005-01-18 09:50 196608 -c--a-w- c:\program files\Lexmark P910 Series\lxbymon.exE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe]
    2005-02-21 11:21 192512 -c--a-w- c:\program files\Lexmark 3300 Series\lxccmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
    2011-09-01 00:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 -c----w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 19:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-30 01:38 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    2004-11-03 04:24 32768 -c--a-w- c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ResChanger 2005]
    2005-05-27 00:30 885248 -c--a-w- c:\program files\ResChanger 2005\ResChanger2005.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 23:07 2260480 -csha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
    2005-10-28 00:01 139264 -c--a-w- c:\program files\Multimedia Card Reader\shwicon2k.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
    2010-02-19 21:37 517096 -c--a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2007-05-27 23:41 185896 -c--a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2006-11-04 02:20 866584 -c--a-w- c:\program files\Windows Defender\MSASCui.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\UnrealTournament\\System\\UnrealTournament.exe"=
    "c:\\Program Files\\Azureus\\Azureus.exe"=
    "c:\\WINDOWS\\system32\\lxcccoms.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxccPSWX.EXE"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "135:TCP"= 135:TCP:TCP Port 135
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    .
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/3/2011 12:24 PM 64512]
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/23/2009 12:49 AM 130936]
    R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [6/1/2010 6:00 PM 18056]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [6/4/2010 10:55 AM 492768]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/1/2010 6:00 PM 31704]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 8:27 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 1:55 PM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 3:38 PM 116608]
    R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/05/14 13:56];c:\program files\CyberLink\PowerDVD9\000.fcl [2/28/2009 6:40 PM 87536]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [5/26/2010 11:44 PM 100712]
    R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [6/3/2010 5:47 PM 27632]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/31/2011 11:22 PM 2152152]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [6/3/2010 5:47 PM 13224]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [3/31/2011 11:22 PM 15232]
    S3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [1/14/2007 7:02 AM 19020]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe --> c:\program files\Spyware Doctor\pctsAuxs.exe [?]
    S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/3/2004 10:56 PM 14336]
    S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [1/7/2008 2:44 PM 158720]
    S4 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [1/7/2008 2:44 PM 5248]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/20/2007 11:22 PM 685816]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-01 07:40]
    .
    2011-11-22 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34]
    .
    2011-11-23 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.ca/
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gxsqwayw.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
    FF - user.js: browser.cache.memory.capacity - 16000
    FF - user.js: browser.chrome.favicons - fales
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: content.max.tokenizing.time - 3000000
    FF - user.js: content.maxtextrun - 4095
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 1000000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 1000000
    FF - user.js: dom.disable_window_status_change - true
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 16
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 8
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.firstrequest - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 1000
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-24 04:02
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    detected NTDLL code modification:
    ZwClose
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet031\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
    "ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-343818398-220523388-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3c,20,42,c9,f2,82,6b,40,bc,da,06,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3c,20,42,c9,f2,82,6b,40,bc,da,06,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(856)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'lsass.exe'(912)
    c:\windows\system32\guard32.dll
    .
    - - - - - - - > 'csrss.exe'(828)
    c:\windows\system32\cmdcsr.dll
    .
    Completion time: 2011-11-24 04:04:56
    ComboFix-quarantined-files.txt 2011-11-24 12:04
    ComboFix2.txt 2010-09-01 19:03
    ComboFix3.txt 2010-08-30 00:42
    ComboFix4.txt 2010-03-03 08:19
    .
    Pre-Run: 76,862,676,992 bytes free
    Post-Run: 76,797,648,896 bytes free
    .
    - - End Of File - - E69CC33EEA9038DFC87B4892F2B4329F


    Adobe Flash Player 11 Plugin
    Adobe Reader 9.4.6
    Compatibility Pack for the 2007 Office system
    Game Booster
    Hotfix for Windows XP (KB2570791)
    iRip
    Java(TM) 6 Update 29
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2572067)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft Office XP Professional with FrontPage
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 8.0 (x86 en-US)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    SUPERAntiSpyware
    Update for Microsoft Windows (KB971513)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows XP (KB2492386)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2616676-v2)
    Update for Windows XP (KB2641690)
    Windows Management Framework Core
    Wondershare iTransfer(Build 2.0.3.0)
     
  14. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,197
    Do you use Remote Management, because you have open ports on your machine by it. If you don't use it, let me know and we will close them:


    "5985:TCP"= 5985:TCP:*Disabled:Windows Remote Management

    Also, did you open this port:

    "135:TCP"= 135:TCP:TCP Port 135


    --------------------

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :file
      C:\WINDOWS\system32\DRIVERS\nvata.sys
      c:\program files\Uninstall_CDS.exe
      c:\windows\system32\drivers\ndproxy.sys
      c:\windows\system32\drivers\ndistapi.sys
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found at on your Desktop entitled SystemLook.txt


    ------------------

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the quotebox below into it:

    Save this as CFScript.txt, in the same location as ComboFix.exe


    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


    eddie
     
  15. srjr

    srjr Thread Starter

    Joined:
    Nov 8, 2011
    Messages:
    15
    no Eddie, I don't use Remote Management. I also did not open "135:TCP"= 135:TCP:TCP Port 135



    SystemLook 30.07.11 by jpshortstuff
    Log created at 17:14 on 26/11/2011 by Administrator
    Administrator - Elevation successful

    ========== file ==========

    C:\WINDOWS\system32\DRIVERS\nvata.sys - File found and opened.
    MD5: 49628180ADB2E043CE017D85014BB751
    Created at 15:21 on 14/01/2007
    Modified at 09:27 on 01/05/2006
    Size: 100736 bytes
    Attributes: -ra--c-
    FileDescription: NVIDIA® nForce(TM) IDE Performance Driver
    FileVersion: 5.10.2600.0667 built by: WinDDK
    ProductVersion: 5.10.2600.0667
    OriginalFilename: nvatabus.sys
    InternalName: NVIDIA nForce(TM) IDE Driver
    ProductName: NVIDIA nForce(TM) IDE Driver
    CompanyName: NVIDIA Corporation
    LegalCopyright: Copyright(C) 2001-2006 NVIDIA Corporation

    c:\program files\Uninstall_CDS.exe - File found and opened.
    MD5: 6ED26B4DD712DCC8456079DD15330F03
    Created at 15:32 on 14/01/2007
    Modified at 23:00 on 01/10/2004
    Size: 40960 bytes
    Attributes: --a--c-
    No version information available.

    c:\windows\system32\drivers\ndproxy.sys - File found and opened.
    MD5: 9282BD12DFB069D3889EB3FCC1000A9B
    Created at 12:00 on 23/08/2001
    Modified at 15:17 on 02/11/2010
    Size: 40960 bytes
    Attributes: --a--c-
    FileDescription: NDIS Proxy
    FileVersion: 5.1.2600.6048 (xpsp_sp3_gdr.101102-1900)
    ProductVersion: 5.1.2600.6048
    OriginalFilename: ndproxy.sys
    InternalName: ndproxy.sys
    ProductName: Microsoft® Windows® Operating System
    CompanyName: Microsoft Corporation
    LegalCopyright: © Microsoft Corporation. All rights reserved.

    c:\windows\system32\drivers\ndistapi.sys - File found and opened.
    MD5: 0109C4F3850DFBAB279542515386AE22
    Created at 12:00 on 23/08/2001
    Modified at 14:02 on 08/07/2011
    Size: 10496 bytes
    Attributes: --a----
    FileDescription: NDIS 3.0 connection wrapper driver
    FileVersion: 5.1.2600.6132 (xpsp_sp3_gdr.110708-1731)
    ProductVersion: 5.1.2600.6132
    OriginalFilename: NDISTAPI.SYS
    InternalName: NDISTAPI.SYS
    ProductName: Microsoft® Windows® Operating System
    CompanyName: Microsoft Corporation
    LegalCopyright: © Microsoft Corporation. All rights reserved.

    -= EOF =-

    ComboFix 11-11-23.03 - Administrator 11/26/2011 17:21:01.9.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1445 [GMT -8:00]
    Running from: c:\documents and settings\Administrator\Desktop\username123.exe
    Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
    AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\Azureus
    c:\program files\Azureus\.install4j\_shfoldr.dll
    c:\program files\Azureus\.install4j\autoUninstall.0
    c:\program files\Azureus\.install4j\autoUninstall.1
    c:\program files\Azureus\.install4j\autoUninstall.2
    c:\program files\Azureus\.install4j\files.log
    c:\program files\Azureus\.install4j\i4j_extf_0_5p83tu.utf8
    c:\program files\Azureus\.install4j\i4j_extf_1_5p83tu.properties
    c:\program files\Azureus\.install4j\i4j_extf_1_5p83tu_1q2vg51.png
    c:\program files\Azureus\.install4j\i4j_extf_1_5p83tu_jhp9vg.png
    c:\program files\Azureus\.install4j\i4j_extf_10_5p83tu.html
    c:\program files\Azureus\.install4j\i4j_extf_10_5p83tu.utf8
    c:\program files\Azureus\.install4j\i4j_extf_11_5p83tu.properties
    c:\program files\Azureus\.install4j\i4j_extf_11_5p83tu_1v7k2n1.png
    c:\program files\Azureus\.install4j\i4j_extf_12_5p83tu_1q2vg51.png
    c:\program files\Azureus\.install4j\i4j_extf_12_5p83tu_1rvmsbd.png
    c:\program files\Azureus\.install4j\i4j_extf_13_5p83tu_1rjd818.png
    c:\program files\Azureus\.install4j\i4j_extf_13_5p83tu_bm8amj.ico
    c:\program files\Azureus\.install4j\i4j_extf_14_5p83tu.dll
    c:\program files\Azureus\.install4j\i4j_extf_14_5p83tu_qin5kk.png
    c:\program files\Azureus\.install4j\i4j_extf_15_5p83tu.exe
    c:\program files\Azureus\.install4j\i4j_extf_15_5p83tu_117nkgl.png
    c:\program files\Azureus\.install4j\i4j_extf_16_5p83tu.exe
    c:\program files\Azureus\.install4j\i4j_extf_16_5p83tu_1efhqvy.png
    c:\program files\Azureus\.install4j\i4j_extf_17_5p83tu.exe
    c:\program files\Azureus\.install4j\i4j_extf_17_5p83tu_10qu06u.png
    c:\program files\Azureus\.install4j\i4j_extf_18_5p83tu.html
    c:\program files\Azureus\.install4j\i4j_extf_18_5p83tu_xza4ha.png
    c:\program files\Azureus\.install4j\i4j_extf_19_5p83tu_19c5po3.png
    c:\program files\Azureus\.install4j\i4j_extf_19_5p83tu_z1x7tn.png
    c:\program files\Azureus\.install4j\i4j_extf_2_5p83tu.txt
    c:\program files\Azureus\.install4j\i4j_extf_2_5p83tu.utf8
    c:\program files\Azureus\.install4j\i4j_extf_2_5p83tu_1rjd818.png
    c:\program files\Azureus\.install4j\i4j_extf_20_5p83tu.html
    c:\program files\Azureus\.install4j\i4j_extf_21_5p83tu.html
    c:\program files\Azureus\.install4j\i4j_extf_22_5p83tu_13ickx0.png
    c:\program files\Azureus\.install4j\i4j_extf_23_5p83tu_1rvmsbd.png
    c:\program files\Azureus\.install4j\i4j_extf_24_5p83tu_bm8amj.ico
    c:\program files\Azureus\.install4j\i4j_extf_25_5p83tu.DLL
    c:\program files\Azureus\.install4j\i4j_extf_26_5p83tu.exe
    c:\program files\Azureus\.install4j\i4j_extf_27_5p83tu.dll
    c:\program files\Azureus\.install4j\i4j_extf_28_5p83tu.dll
    c:\program files\Azureus\.install4j\i4j_extf_29_5p83tu_117nkgl.png
    c:\program files\Azureus\.install4j\i4j_extf_3_5p83tu.properties
    c:\program files\Azureus\.install4j\i4j_extf_3_5p83tu_1kde336.ico
    c:\program files\Azureus\.install4j\i4j_extf_3_5p83tu_qin5kk.png
    c:\program files\Azureus\.install4j\i4j_extf_30_5p83tu_1eannr4.png
    c:\program files\Azureus\.install4j\i4j_extf_31_5p83tu_1efhqvy.png
    c:\program files\Azureus\.install4j\i4j_extf_32_5p83tu_10qu06u.png
    c:\program files\Azureus\.install4j\i4j_extf_33_5p83tu.html
    c:\program files\Azureus\.install4j\i4j_extf_34_5p83tu_z1x7tn.png
    c:\program files\Azureus\.install4j\i4j_extf_4_5p83tu.exe
    c:\program files\Azureus\.install4j\i4j_extf_4_5p83tu.utf8
    c:\program files\Azureus\.install4j\i4j_extf_4_5p83tu_62t8mu.icns
    c:\program files\Azureus\.install4j\i4j_extf_5_5p83tu.exe
    c:\program files\Azureus\.install4j\i4j_extf_5_5p83tu.properties
    c:\program files\Azureus\.install4j\i4j_extf_6_5p83tu.exe
    c:\program files\Azureus\.install4j\i4j_extf_6_5p83tu.utf8
    c:\program files\Azureus\.install4j\i4j_extf_7_5p83tu.properties
    c:\program files\Azureus\.install4j\i4j_extf_7_5p83tu_xza4ha.png
    c:\program files\Azureus\.install4j\i4j_extf_8_5p83tu.utf8
    c:\program files\Azureus\.install4j\i4j_extf_8_5p83tu_19c5po3.png
    c:\program files\Azureus\.install4j\i4j_extf_9_5p83tu.html
    c:\program files\Azureus\.install4j\i4j_extf_9_5p83tu.properties
    c:\program files\Azureus\.install4j\i4jdel.exe
    c:\program files\Azureus\.install4j\i4jinst.dll
    c:\program files\Azureus\.install4j\i4jparams.conf
    c:\program files\Azureus\.install4j\i4jruntime.jar
    c:\program files\Azureus\.install4j\inst_jre.cfg
    c:\program files\Azureus\.install4j\install.prop
    c:\program files\Azureus\.install4j\installation.log
    c:\program files\Azureus\.install4j\installer.png
    c:\program files\Azureus\.install4j\installerHeader.png
    c:\program files\Azureus\.install4j\MessagesDefault
    c:\program files\Azureus\.install4j\response.varfile
    c:\program files\Azureus\.install4j\unicows.dll
    c:\program files\Azureus\.install4j\uninstallerHeader.png
    c:\program files\Azureus\.install4j\user.jar
    c:\program files\Azureus\aereg.dll
    c:\program files\Azureus\aereg64.dll
    c:\program files\Azureus\Azureus.exe
    c:\program files\Azureus\Azureus.exe.manifest
    c:\program files\Azureus\Azureus.exe.vmoptions
    c:\program files\Azureus\Azureus.properties
    c:\program files\Azureus\Azureus2.jar
    c:\program files\Azureus\AzureusUpdater.exe
    c:\program files\Azureus\GPL.txt
    c:\program files\Azureus\installer.log
    c:\program files\Azureus\License.txt
    c:\program files\Azureus\msvcr71.dll
    c:\program files\Azureus\plugins\azemp\azemp_2.1.02.jar
    c:\program files\Azureus\plugins\azemp\azemp_2.2.2.jar
    c:\program files\Azureus\plugins\azemp\azmplay.exe
    c:\program files\Azureus\plugins\azemp\azureus.sig
    c:\program files\Azureus\plugins\azemp\cp1250-a.raw
    c:\program files\Azureus\plugins\azemp\cp1250-b.raw
    c:\program files\Azureus\plugins\azemp\font.desc
    c:\program files\Azureus\plugins\azemp\osd-mplayer-a.raw
    c:\program files\Azureus\plugins\azemp\osd-mplayer-b.raw
    c:\program files\Azureus\plugins\azemp\plugin.properties
    c:\program files\Azureus\plugins\azplugins\azplugins_2.1.4.jar
    c:\program files\Azureus\plugins\azplugins\azplugins_2.1.6.jar
    c:\program files\Azureus\plugins\azrating\azrating_1.3.1.jar
    c:\program files\Azureus\plugins\azupdater\azupdater_1.8.10.zip
    c:\program files\Azureus\plugins\azupdater\azupdater_1.8.12.zip
    c:\program files\Azureus\plugins\azupdater\azupdater_1.8.16.zip
    c:\program files\Azureus\plugins\azupdater\azupdater_1.8.5.zip
    c:\program files\Azureus\plugins\azupdater\azupdater_1.8.8.zip
    c:\program files\Azureus\plugins\azupdater\azupdaterpatcher_1.8.10.jar
    c:\program files\Azureus\plugins\azupdater\azupdaterpatcher_1.8.12.jar
    c:\program files\Azureus\plugins\azupdater\azupdaterpatcher_1.8.13.jar
    c:\program files\Azureus\plugins\azupdater\azupdaterpatcher_1.8.16.jar
    c:\program files\Azureus\plugins\azupdater\azupdaterpatcher_1.8.4.jar
    c:\program files\Azureus\plugins\azupdater\azupdaterpatcher_1.8.5.jar
    c:\program files\Azureus\plugins\azupdater\azupdaterpatcher_1.8.8.jar
    c:\program files\Azureus\plugins\azupdater\azureus.sig
    c:\program files\Azureus\plugins\azupdater\Azureus2_4.2.0.4_P4.pax
    c:\program files\Azureus\plugins\azupdater\Azureus2_4.2.0.8_P4.pax
    c:\program files\Azureus\plugins\azupdater\plugin.properties
    c:\program files\Azureus\plugins\azupdater\plugin.properties_1.8.10
    c:\program files\Azureus\plugins\azupdater\plugin.properties_1.8.12
    c:\program files\Azureus\plugins\azupdater\plugin.properties_1.8.16
    c:\program files\Azureus\plugins\azupdater\plugin.properties_1.8.5
    c:\program files\Azureus\plugins\azupdater\plugin.properties_1.8.8
    c:\program files\Azureus\plugins\azupdater\Updater.jar
    c:\program files\Azureus\plugins\azupdater\Updater.jar.bak
    c:\program files\Azureus\plugins\azupnpav\azupnpav_0.1.2.jar
    c:\program files\Azureus\plugins\azupnpav\azupnpav_0.1.7.jar
    c:\program files\Azureus\plugins\azupnpav\azupnpav_0.1.7.zip
    c:\program files\Azureus\plugins\azupnpav\azupnpav_0.2.1.jar
    c:\program files\Azureus\plugins\azupnpav\azupnpav_0.2.1.zip
    c:\program files\Azureus\plugins\azupnpav\azupnpav_0.2.17.jar
    c:\program files\Azureus\plugins\azupnpav\azupnpav_0.2.17.zip
    c:\program files\Azureus\plugins\azupnpav\azupnpav_0.2.2.jar
    c:\program files\Azureus\plugins\azupnpav\azupnpav_0.2.2.zip
    c:\program files\Azureus\plugins\azupnpav\azupnpav_0.2.21.jar
    c:\program files\Azureus\plugins\azupnpav\azupnpav_0.2.21.zip
    c:\program files\Azureus\plugins\azupnpav\azupnpav_0.2.23.jar
    c:\program files\Azureus\plugins\azupnpav\azupnpav_0.2.29.2.jar
    c:\program files\Azureus\plugins\azupnpav\azupnpav_0.2.29.2.zip
    c:\program files\Azureus\plugins\azupnpav\azupnpav_0.2.5.jar
    c:\program files\Azureus\plugins\azupnpav\azupnpav_0.2.5.zip
    c:\program files\Azureus\plugins\azupnpav\azupnpav_0.3.6.jar
    c:\program files\Azureus\plugins\azupnpav\azupnpav_0.3.6.zip
    c:\program files\Azureus\plugins\azupnpav\azureus.sig
    c:\program files\Azureus\plugins\azupnpav\plugin.properties
    c:\program files\Azureus\plugins\azupnpav\plugin.properties_0.1.7
    c:\program files\Azureus\plugins\azupnpav\plugin.properties_0.2.1
    c:\program files\Azureus\plugins\azupnpav\plugin.properties_0.2.17
    c:\program files\Azureus\plugins\azupnpav\plugin.properties_0.2.2
    c:\program files\Azureus\plugins\azupnpav\plugin.properties_0.2.21
    c:\program files\Azureus\plugins\azupnpav\plugin.properties_0.2.29.2
    c:\program files\Azureus\plugins\azupnpav\plugin.properties_0.2.5
    c:\program files\Azureus\plugins\azupnpav\plugin.properties_0.3.6
    c:\program files\Azureus\swt.jar
    c:\program files\Azureus\uninstall.exe
    c:\program files\Azureus\Vuze.ico
    c:\program files\iobit
    c:\program files\iobit\Advanced SystemCare 3\Backup\RegistryBackup.cab
    c:\program files\iobit\Advanced SystemCare 3\License.dat
    c:\program files\iobit\Advanced SystemCare 3\Update\awc3check.upt
    c:\program files\iobit\Advanced SystemCare 3\updater.html
    c:\program files\iobit\Advanced SystemCare 4\checkinfo.txt
    c:\program files\iobit\Advanced SystemCare 4\DiskScan.log
    c:\program files\iobit\Advanced SystemCare 4\Freeware\FreeSoftwareDownload\GameBoosterSetup.exe
    c:\program files\iobit\Advanced SystemCare 4\Freeware\FreeSoftwareDownload\IObitMalwareFighterSetup.exe
    c:\program files\iobit\Advanced SystemCare 4\LatestNews\imagenews.png
    c:\program files\iobit\Advanced SystemCare 4\LatestNews\LatestNews.ini
    c:\program files\iobit\Advanced SystemCare 4\License.dat
    c:\program files\iobit\Advanced SystemCare 4\ScanCache.db
    c:\program files\iobit\Advanced SystemCare 4\SecurityHoles_Download\vcredist.exe
    c:\program files\iobit\Advanced SystemCare 4\shconfig.ini
    c:\program files\iobit\Advanced SystemCare 4\temp\ie8-windowsxp-kb2447568-x86-enu.exe
    c:\program files\iobit\Advanced SystemCare 4\temp\ie8-windowsxp-kb2530548-x86-enu.exe
    c:\program files\iobit\Advanced SystemCare 4\temp\ie8-windowsxp-kb2544521-x86-enu.exe
    c:\program files\iobit\Advanced SystemCare 4\temp\mpas-fe.exe
    c:\program files\iobit\Advanced SystemCare 4\temp\ndp20sp2-kb2478658-x86.exe
    c:\program files\iobit\Advanced SystemCare 4\temp\ndp20sp2-kb2518864-x86.exe
    c:\program files\iobit\Advanced SystemCare 4\temp\rootsupd.exe
    c:\program files\iobit\Advanced SystemCare 4\temp\silverlight.exe
    c:\program files\iobit\Advanced SystemCare 4\temp\vcredist.exe
    c:\program files\iobit\Advanced SystemCare 4\temp\windows-en-us-kb971513.exe
    c:\program files\iobit\Advanced SystemCare 4\temp\windowsxp-kb2476490-x86-enu.exe
    c:\program files\iobit\Advanced SystemCare 4\temp\windowsxp-kb2492386-x86-enu.exe
    c:\program files\iobit\Advanced SystemCare 4\temp\windowsxp-kb2503665-x86-enu.exe
    c:\program files\iobit\Advanced SystemCare 4\temp\windowsxp-kb2535512-x86-enu.exe
    c:\program files\iobit\Advanced SystemCare 4\temp\windowsxp-kb2536276-x86-enu.exe
    c:\program files\iobit\Advanced SystemCare 4\temp\windowsxp-kb2541763-x86-enu.exe
    c:\program files\iobit\Advanced SystemCare 4\temp\windowsxp-kb2544893-x86-enu.exe
    c:\program files\iobit\Advanced SystemCare 4\temp\windowsxp-kb968930-x86-eng.exe
    c:\program files\iobit\Advanced SystemCare 4\Test.log
    c:\program files\iobit\Advanced SystemCare 4\Update.dat
    c:\program files\iobit\Advanced SystemCare 4\Update\Update.Ini
    c:\program files\iobit\Advanced WindowsCare V2\Backup\alydwm.reg
    c:\program files\iobit\Advanced WindowsCare V2\Backup\Backup.ini
    c:\program files\iobit\Advanced WindowsCare V2\Backup\bkbtmk.reg
    c:\program files\iobit\Advanced WindowsCare V2\Backup\fggxmy.reg
    c:\program files\iobit\Advanced WindowsCare V2\Backup\IgnoreList.ini
    c:\program files\iobit\Advanced WindowsCare V2\Backup\javwrv.reg
    c:\program files\iobit\Advanced WindowsCare V2\Backup\nvjjwf.reg
    c:\program files\iobit\Advanced WindowsCare V2\Backup\ukycql.reg
    c:\program files\iobit\Advanced WindowsCare V2\Fav.ico
    c:\program files\iobit\Advanced WindowsCare V2\Main.ini
    c:\program files\iobit\Game Booster\AutoUpdate.exe
    c:\program files\iobit\Game Booster\Boost.exe
    c:\program files\iobit\Game Booster\GameBooster.exe
    c:\program files\iobit\Game Booster\gbinit.exe
    c:\program files\iobit\Game Booster\gbtray.exe
    c:\program files\iobit\Game Booster\Language\Arabic.lng
    c:\program files\iobit\Game Booster\Language\Catalan.lng
    c:\program files\iobit\Game Booster\Language\ChineseSimp.lng
    c:\program files\iobit\Game Booster\Language\ChineseTrad.lng
    c:\program files\iobit\Game Booster\Language\Croatian.lng
    c:\program files\iobit\Game Booster\Language\Czech.lng
    c:\program files\iobit\Game Booster\Language\Dansk.lng
    c:\program files\iobit\Game Booster\Language\Dutch.lng
    c:\program files\iobit\Game Booster\Language\English.lng
    c:\program files\iobit\Game Booster\Language\Finnish.lng
    c:\program files\iobit\Game Booster\Language\French.lng
    c:\program files\iobit\Game Booster\Language\German.lng
    c:\program files\iobit\Game Booster\Language\Hungarian.lng
    c:\program files\iobit\Game Booster\Language\Indonesian.lng
    c:\program files\iobit\Game Booster\Language\Italian.lng
    c:\program files\iobit\Game Booster\Language\Japanese.lng
    c:\program files\iobit\Game Booster\Language\Korean.lng
    c:\program files\iobit\Game Booster\Language\Polish.lng
    c:\program files\iobit\Game Booster\Language\Portuguese(BRAZIL).lng
    c:\program files\iobit\Game Booster\Language\Romanian.lng
    c:\program files\iobit\Game Booster\Language\Russian.lng
    c:\program files\iobit\Game Booster\Language\Slovenian.lng
    c:\program files\iobit\Game Booster\Language\Spanish.lng
    c:\program files\iobit\Game Booster\Language\Swedish.lng
    c:\program files\iobit\Game Booster\Language\Turkish.lng
    c:\program files\iobit\Game Booster\LatestNews\imagenews.png
    c:\program files\iobit\Game Booster\LatestNews\LatestNews.ini
    c:\program files\iobit\Game Booster\license.dat
    c:\program files\iobit\Game Booster\PowerConfig.dll
    c:\program files\iobit\Game Booster\rtl120.bpl
    c:\program files\iobit\Game Booster\sqlite3.dll
    c:\program files\iobit\Game Booster\taskMgr.dll
    c:\program files\iobit\Game Booster\TaskSchedule.exe
    c:\program files\iobit\Game Booster\unins000.dat
    c:\program files\iobit\Game Booster\unins000.exe
    c:\program files\iobit\Game Booster\unins000.msg
    c:\program files\iobit\Game Booster\Update\Update.Ini
    c:\program files\iobit\Game Booster\vcl120.bpl
    c:\program files\iobit\Game Booster\vclx120.bpl
    c:\program files\iobit\IObit Malware Fighter\license.dat
    c:\program files\iobit\IObit Malware Fighter\ProtectorLog.log
    c:\program files\iobit\IObit Malware Fighter\Quarantine Zone\info.db
    c:\program files\iobit\IObit Malware Fighter\Quarantine Zone\qbrnhqjp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-27 to 2011-11-27 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-26 18:01 . 2011-11-26 18:01 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{4752F6FE-840C-4A0A-BE22-6E15AA6DBB0B}\offreg.dll
    2011-11-22 22:05 . 2011-11-22 22:05 -------- d-----w- C:\_OTL
    2011-11-18 21:04 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{4752F6FE-840C-4A0A-BE22-6E15AA6DBB0B}\mpengine.dll
    2011-11-16 20:23 . 2011-11-16 20:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
    2011-11-16 20:22 . 2011-11-16 20:22 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-11-16 20:22 . 2011-11-16 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2011-11-14 10:17 . 2011-11-14 10:17 -------- d-----w- c:\program files\Wondershare
    2011-11-14 10:09 . 2011-11-14 10:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\The Little App Factory, LLC
    2011-11-14 10:08 . 2011-11-14 10:08 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
    2011-11-11 09:40 . 2011-11-11 09:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-21 22:11 . 2010-09-01 19:08 472808 -c--a-w- c:\windows\system32\deployJava1.dll
    2011-11-21 22:11 . 2007-11-06 04:21 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-10-10 14:22 . 2007-01-14 14:46 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-07 17:48 . 2010-06-02 02:00 97760 -c--a-w- c:\windows\system32\drivers\inspect.sys
    2011-10-07 17:48 . 2010-06-02 02:00 31704 -c--a-w- c:\windows\system32\drivers\cmdhlp.sys
    2011-10-07 17:48 . 2010-06-04 18:55 492768 -c--a-w- c:\windows\system32\drivers\cmdGuard.sys
    2011-10-07 17:47 . 2010-06-02 02:00 18056 -c--a-w- c:\windows\system32\drivers\cmderd.sys
    2011-10-07 17:47 . 2011-10-26 06:27 33984 ----a-w- c:\windows\system32\cmdcsr.dll
    2011-10-07 17:47 . 2010-06-02 02:00 300200 ----a-w- c:\windows\system32\guard32.dll
    2011-10-07 03:48 . 2009-09-16 21:53 6668624 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2011-09-28 07:06 . 2004-08-04 06:56 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 18:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 18:41 . 2001-08-23 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 18:41 . 2001-08-23 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-06 13:20 . 2004-08-04 05:17 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-09-01 00:00 . 2009-10-01 02:54 22216 -c--a-w- c:\windows\system32\drivers\mbam.sys
    2004-10-01 23:00 . 2007-01-14 15:32 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
    2011-11-09 04:29 . 2011-03-23 21:39 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot_2011-11-24_12.02.38 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-11-26 18:01 . 2011-11-26 18:01 16384 c:\windows\Temp\Perflib_Perfdata_504.dat
    + 2011-11-24 12:10 . 2011-11-24 12:24 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-09-30 23:45 . 2011-11-24 12:24 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2008-09-30 23:45 . 2011-07-14 07:48 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2011-11-24 12:10 . 2011-11-24 12:24 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2010-12-18 19:56 . 2011-07-14 07:48 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Ai Gear Help"="c:\program files\ASUS\AI Gear\GearHelp.exe" [2006-07-28 415744]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
    "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
    "razer"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-09-06 155648]
    "type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
    "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-31 323976]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 2497352]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\guard32.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
    path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\PowerReg Scheduler.exe
    backup=c:\windows\pss\PowerReg Scheduler.exeStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
    backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\combofix]
    c:\combofix\CF11869.cfxxe [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
    2011-08-15 13:49 1191216 -c--a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
    2010-03-06 11:44 500208 -c----w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    2007-08-16 11:24 167368 -c--a-w- c:\program files\DAEMON Tools\daemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
    2004-09-17 13:24 61440 -c--a-w- c:\program files\Lexmark P910 Series\ezprint.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
    2005-01-20 02:19 299008 -c--a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2010-03-12 20:08 49208 -c--a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    2006-07-12 09:58 1397760 -c----w- c:\program files\Ahead\InCD\InCD.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-01-25 23:08 421160 -c--a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
    2007-04-11 03:50 249856 -c--a-w- c:\program files\lg_fwupdate\fwupdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbymon.exe]
    2005-01-18 09:50 196608 -c--a-w- c:\program files\Lexmark P910 Series\lxbymon.exE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe]
    2005-02-21 11:21 192512 -c--a-w- c:\program files\Lexmark 3300 Series\lxccmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
    2011-09-01 00:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 -c----w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 19:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-30 01:38 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    2004-11-03 04:24 32768 -c--a-w- c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ResChanger 2005]
    2005-05-27 00:30 885248 -c--a-w- c:\program files\ResChanger 2005\ResChanger2005.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 23:07 2260480 -csha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
    2005-10-28 00:01 139264 -c--a-w- c:\program files\Multimedia Card Reader\shwicon2k.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
    2010-02-19 21:37 517096 -c--a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2007-05-27 23:41 185896 -c--a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2006-11-04 02:20 866584 -c--a-w- c:\program files\Windows Defender\MSASCui.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\UnrealTournament\\System\\UnrealTournament.exe"=
    "c:\\WINDOWS\\system32\\lxcccoms.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxccPSWX.EXE"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "135:TCP"= 135:TCP:TCP Port 135
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    .
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/3/2011 12:24 PM 64512]
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/23/2009 12:49 AM 130936]
    R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [6/1/2010 6:00 PM 18056]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [6/4/2010 10:55 AM 492768]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/1/2010 6:00 PM 31704]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 8:27 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 1:55 PM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 3:38 PM 116608]
    R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/05/14 13:56];c:\program files\CyberLink\PowerDVD9\000.fcl [2/28/2009 6:40 PM 87536]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [5/26/2010 11:44 PM 100712]
    R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [6/3/2010 5:47 PM 27632]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [6/3/2010 5:47 PM 13224]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/31/2011 11:22 PM 2152152]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [3/31/2011 11:22 PM 15232]
    S3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [1/14/2007 7:02 AM 19020]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe --> c:\program files\Spyware Doctor\pctsAuxs.exe [?]
    S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/3/2004 10:56 PM 14336]
    S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [1/7/2008 2:44 PM 158720]
    S4 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [1/7/2008 2:44 PM 5248]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/20/2007 11:22 PM 685816]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-01 07:40]
    .
    2011-11-22 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34]
    .
    2011-11-26 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.ca/
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gxsqwayw.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
    FF - user.js: browser.cache.memory.capacity - 16000
    FF - user.js: browser.chrome.favicons - fales
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: content.max.tokenizing.time - 3000000
    FF - user.js: content.maxtextrun - 4095
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 1000000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 1000000
    FF - user.js: dom.disable_window_status_change - true
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 16
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 8
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.firstrequest - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 1000
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-Game Booster_is1 - c:\program files\IObit\Game Booster\unins000.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-26 17:29
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    detected NTDLL code modification:
    ZwClose
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet031\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
    "ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-343818398-220523388-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3c,20,42,c9,f2,82,6b,40,bc,da,06,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3c,20,42,c9,f2,82,6b,40,bc,da,06,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(856)
    c:\windows\system32\guard32.dll
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'lsass.exe'(912)
    c:\windows\system32\guard32.dll
    .
    - - - - - - - > 'csrss.exe'(828)
    c:\windows\system32\cmdcsr.dll
    .
    Completion time: 2011-11-26 17:31:25
    ComboFix-quarantined-files.txt 2011-11-27 01:31
    ComboFix2.txt 2011-11-24 12:04
    ComboFix3.txt 2010-09-01 19:03
    ComboFix4.txt 2010-08-30 00:42
    ComboFix5.txt 2011-11-27 01:20
    .
    Pre-Run: 76,910,002,176 bytes free
    Post-Run: 76,775,260,160 bytes free
    .
    - - End Of File - - A5B6AD0369889F47C3C1B52593C8D7BD

     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1026059

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice