Explorer issues & Windows update 80072efe error [Archive]

passlion

2010-10-21, 23:47

First off: I was a klutz, my computer was infected and I blindly ran combofix without knowing that I shouldn't without support.

I'm new to these Malware forums... So here's what's going on now.

On 10/16/10 I was infected by one Win32/Alureon.V which opened the doors to other trojans and crap (made my PC download a fake virus scan prgm called "ThinkPoint").

Browsers were redirecting, taskmgr and regedit were disabled and such, I believe that I fixed those problems.

At that point I ran AVG, then Windows Defender, then HJT and Combofix.
A few times I ran ComboFix (safe mode) and during Stage 2, windows pop-up saying "PEV.cfxxe" encountered a problem and had to close.

So now...
Sometimes explorer.exe would just hang or become very slow until when I try to restart Win7 would linger on the "Shutting down" screen.

When I run Windows Update it'll give the 80072EFE error.

Thank you so much in advance, I feel so stupid now :o

~~~~~~~~~~~~~~~~~~~~~
Attached is the attach.txt zipped and Gmer's Ark.log file, below's the DDS.txt
~~~~~~~~~~~~~~~~~~~~~

DDS (Ver_10-10-10.03) - NTFSx86 NETWORK
Run by passLion at 0:42:54.30 on Thu 10/21/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.990 [GMT -7:00]

AV: AVG Anti-Virus Network Edition *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Network Edition *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\explorer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\passLion\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local;<local>
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: ThunderAtOnce Class: {01443aec-0fd1-40fd-9c87-e93d1494c233} - c:\program files\thunder network\thunder\comdlls\TDAtOnce_Now.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - c:\program files\shareaza\RazaWebHook32.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.2.28.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Thunder Browser Helper: {889d2feb-5411-4565-8998-1dd2c5261283} - c:\program files\thunder network\thunder\comdlls\xunleiBHO_Now.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\google\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [ooVoo.exe] c:\program files\oovoo\oovoo.exe /minimized
uRun: [Google Update] "c:\users\passlion\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [ledpointer] CNYHKey.exe
mRun: [MoLed] ModLEDKey.exe
mRun: [Multi-function Keyboard] GWHotKey.exe
mRun: [mumservice] c:\program files\motorola\software update\mumservice.exe
mRun: [NMSSupport] "c:\program files\common files\intel\inteldh\nms\support\IntelHCTAgent.exe" /startup
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\ringz studio\storm codec\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
mRun: [Seagate Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
StartupFolder: c:\users\passlion\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Copy to Semagic - c:\program files\semagic\copy.htm
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Download with &Shareaza - c:\program files\shareaza\RazaWebHook32.dll/3000
IE: Semagic - c:\program files\semagic\link.htm
IE: Ê¹ÓÃÑ¸À×ÏÂÔØ - c:\users\passlion\desktop\desktop\thunder\program\geturl.htm
IE: Ê¹ÓÃÑ¸À×ÏÂÔØÈ«²¿Á´½Ó - c:\users\passlion\desktop\desktop\thunder\program\getallurl.htm
IE: ?????? - c:\users\passlion\desktop\desktop\thunder\program\geturl.htm
IE: ?????????? - c:\users\passlion\desktop\desktop\thunder\program\getallurl.htm
IE: ?????? - c:\program files\thunder network\thunder\program\GetUrl.htm
IE: ?????????? - c:\program files\thunder network\thunder\program\GetAllUrl.htm
IE: {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - c:\program files\thunder network\thunder\Thunder.exe
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.2.28.dll/206
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
IE: {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - c:\program files\hello\PicasaCapture.dll
Trusted Zone: bluecubesoft.com\chevron
Trusted Zone: chevron.com\businesspoint
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\users\passlion\appdata\roaming\mozilla\firefox\profiles\wv2v4u9h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.orbitdownloader.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.ftp - 218.84.186.230
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 218.84.186.230
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 218.84.186.230
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 218.84.186.230
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 218.84.186.230
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox 3 beta 5\plugins\npdeployJava1.dll
FF - plugin: c:\users\passlion\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\passlion\appdata\local\yahoo!\browserplus\2.4.17\plugins\npybrowserplus_2.4.17.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-6-2 12552]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-10-23 108552]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2010-6-24 28256]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2007-3-8 5504]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-2 335240]
S1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-6-2 27784]
S2 avg8emc;AVG8 E-mail Scanner;c:\program files\avg\avg8\avgemc.exe [2009-7-31 908056]
S2 avg8wd;AVG8 WatchDog;c:\program files\avg\avg8\avgwdsvc.exe [2009-7-31 297752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-10-29 208896]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-7 133104]
S2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\drivers\nmsgopro.sys [2006-9-27 28672]
S2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2006-10-19 7424]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2009-10-16 431456]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2010-6-24 28256]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 PPJoyBus;Parallel Port Joystick Bus Enumerator;c:\windows\system32\drivers\PPJoyBus.sys [2009-11-3 15936]
S3 PPortJoystick;Parallel Port Joystick Device Driver;c:\windows\system32\drivers\PPortJoy.sys [2009-11-3 31808]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-29 1343400]
S3 xcbdaNtscV;ViXS Tuner Card (NTSC) - V;c:\windows\system32\drivers\xcbdaV.sys [2009-6-10 157568]
S4 BOHCI;BOHCI;c:\windows\system32\drivers\bohci.sys [2008-2-7 105344]
S4 BUHCI;BUHCI;c:\windows\system32\drivers\buhci.sys [2008-2-7 99296]
S4 BUSBD;BUSBD;c:\windows\system32\drivers\busbd.sys [2008-2-7 35584]

=============== Created Last 30 ================

2010-10-21 04:27:35 -------- d-sh--w- C:\$RECYCLE.BIN
2010-10-21 04:25:49 -------- d-----w- c:\users\passlion\appdata\local\temp
2010-10-21 02:59:35 -------- d-----w- c:\users\passlion\appdata\local\ElevatedDiagnostics
2010-10-19 10:52:35 -------- d-----w- c:\program files\ESET
2010-10-19 03:21:20 77312 ----a-w- c:\windows\MBR.exe
2010-10-19 03:21:20 256512 ----a-w- c:\windows\PEV.exe
2010-10-18 22:31:09 -------- d-----w- c:\program files\CCleaner
2010-10-18 10:19:14 -------- d-----w- c:\users\passlion\appdata\roaming\NVIDIA
2010-10-17 11:35:27 -------- d-----w- c:\users\passlion\appdata\local\2K Games
2010-10-17 11:12:42 -------- d-----w- c:\users\passlion\appdata\roaming\Google Chrome Backup
2010-10-17 11:12:27 -------- d-----w- c:\program files\Google Chrome Backup
2010-10-17 11:10:22 388096 ----a-r- c:\users\passlion\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-10-16 21:50:53 -------- d-----w- c:\windows\system32\MpEngineStore
2010-10-16 11:24:43 70144 --sha-r- c:\windows\system32\jscriptd.dll
2010-10-16 11:24:04 -------- d-----w- c:\progra~2\Update
2010-10-16 11:23:20 -------- d-----w- c:\program files\2K Games
2010-10-16 01:10:53 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2010-10-16 01:10:53 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2010-10-16 01:10:52 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-10-16 00:57:42 6084944 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{fdf9fab8-c650-4b94-8477-c15f6ee4869c}\mpengine.dll
2010-10-16 00:44:48 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-10-16 00:43:27 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-16 00:43:12 224256 ----a-w- c:\windows\system32\schannel.dll
2010-10-16 00:43:09 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-16 00:43:09 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-16 00:39:28 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-10-16 00:38:17 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-10-16 00:38:13 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-10-15 06:10:10 -------- d-----w- c:\users\passlion\appdata\roaming\FreeArc
2010-10-15 06:09:19 -------- d-----w- c:\program files\FreeArc
2010-10-13 07:07:27 -------- d-----w- c:\users\passlion\appdata\local\Jaksta_Pty_Ltd
2010-10-13 07:03:40 -------- d-----w- c:\users\passlion\appdata\roaming\Replay Media Catcher 4
2010-10-13 07:02:54 -------- d-----w- c:\program files\Replay Media Catcher 4
2010-10-11 21:12:04 -------- d-----w- c:\progra~2\Seagate
2010-10-11 21:12:01 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2010-10-11 21:12:01 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-10-11 21:11:58 132224 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-10-11 21:11:52 368480 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2010-10-11 21:11:33 -------- d-----w- c:\program files\Seagate
2010-10-11 21:11:33 -------- d-----w- c:\program files\common files\Seagate
2010-10-07 03:15:01 -------- d-----w- c:\program files\iPod
2010-10-07 03:14:54 -------- d-----w- c:\program files\iTunes
2010-10-01 09:15:18 127058 ----a-w- c:\windows\system32\mncmpeg4.dll
2010-10-01 09:15:18 127044 ----a-w- c:\windows\system32\mnmpeg4.dll
2010-10-01 09:15:17 53248 ----a-w- c:\windows\system32\txsadp32.acm
2010-09-30 04:21:44 -------- d-----w- c:\users\passlion\appdata\roaming\ooVoo Details
2010-09-30 04:20:15 -------- d-----w- c:\program files\ooVoo
2010-09-23 21:42:24 95672 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

==================== Find3M ====================

2010-09-08 18:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 16:09:46 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-09-08 16:07:36 50688 ----a-w- c:\windows\system32\ff_acm.acm
2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-01 02:34:52 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-27 05:46:48 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-21 05:36:33 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-21 05:33:24 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-08-21 05:32:37 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-28 01:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-28 01:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-27 15:14:12 539232 ----a-w- c:\windows\system32\LVUI2RC.dll
2010-07-27 15:14:00 543328 ----a-w- c:\windows\system32\LVUI2.dll
2010-07-27 15:08:34 203360 ----a-w- c:\windows\system32\lvci1311021.dll
2010-07-27 15:07:56 416352 ----a-w- c:\windows\system32\lvcodec2.dll
2010-07-27 15:03:20 10829656 ----a-w- c:\windows\system32\LogiDPP.dll
2010-07-27 15:03:20 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2010-07-27 15:03:18 290648 ----a-w- c:\windows\system32\DevManagerCore.dll
2006-05-03 09:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2007-12-17 12:43:00 27648 --sha-w- c:\windows\system32\Smab0.dll

============= FINISH: 0:44:01.17 ===============