Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TrojanDownloader - DDS + GMER Logs


  • This topic is locked This topic is locked
55 replies to this topic

#1 lazydude

lazydude

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 27 August 2011 - 09:25 AM

I was told to post results from this thread Trojan Downloader
I'll also post what I posted in that thread with a quote, so you don't have to click ;)

I think I have a trojan problem and really need help. I'll keep things in order as they happened. A few months ago everytime I googled something on firefox I got redirected. I don't recall going into shady websites before this. And everytime I would end task explorer.exe it would stop. And someone on starcraft 2 told me about combofix. Next I found a virus(trojan) called TrojanDownloader:Win32/Tracur.B(and Y). I deleted it as many times so Microsoft Security Essentials(MSE) found it. Next when I got home one day, I saw my computer was 'frozen-like' but disregarded it because sometimes my computer does a diagnostic scan of my hardware and slows it down extremely. Later I found out that it was doing it more than once, for no reason. I can't do anything; no alt tab no windows key, nothing except pull my plug on my computer. But I get to see what time it froze and everytime I play iTunes or play my games(starcraft 2) it doesn't do it. Next; yesterday when I tried turning my computer back on, it shut off a few seconds later like my hardware was overheating which is impossible. It did it about 3 times before it actually turns on.


MSE hasn't brought to my attention the virus again, but I had blocked IPs associated with the virus(from MSE's site)

******gmer.exe found nothing******
But my comp keeps freezing :(


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 7/6/2009 1:21:48 AM
System Uptime: 8/24/2011 2:49:10 PM (66 hours ago)
.
Motherboard: PEGATRON CORPORATION |  | VIOLET
Processor: AMD Phenom(tm) 9750 Quad-Core Processor | CPU 1 | 2400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 685 GiB total, 482.809 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.96 GiB free.
E: is CDROM (UDF)
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1360: 8/11/2011 1:37:41 AM - Scheduled Checkpoint
RP1361: 8/11/2011 3:00:11 AM - Windows Update
RP1362: 8/11/2011 7:30:08 AM - Windows Update
RP1363: 8/12/2011 12:00:02 AM - Scheduled Checkpoint
RP1364: 8/12/2011 3:00:10 AM - Windows Update
RP1365: 8/12/2011 7:24:18 AM - Windows Update
RP1366: 8/13/2011 - Scheduled Checkpoint
RP1367: 8/13/2011 3:00:11 AM - Windows Update
RP1368: 8/13/2011 7:24:34 AM - Windows Update
RP1370: 8/13/2011 1:56:43 PM - Microsoft Antimalware Checkpoint
RP1371: 8/14/2011 3:00:11 AM - Windows Update
RP1372: 8/14/2011 4:38:52 AM - Windows Update
RP1373: 8/15/2011 3:00:11 AM - Windows Update
RP1374: 8/15/2011 7:24:53 AM - Windows Update
RP1375: 8/16/2011 3:00:11 AM - Windows Update
RP1376: 8/16/2011 7:24:52 AM - Windows Update
RP1377: 8/17/2011 3:00:10 AM - Windows Update
RP1378: 8/17/2011 7:24:25 AM - Windows Update
RP1379: 8/18/2011 3:00:10 AM - Windows Update
RP1380: 8/18/2011 7:24:22 AM - Windows Update
RP1381: 8/19/2011 12:19:00 AM - Scheduled Checkpoint
RP1382: 8/19/2011 3:00:11 AM - Windows Update
RP1383: 8/19/2011 4:08:25 PM - Windows Update
RP1384: 8/20/2011 3:00:11 AM - Windows Update
RP1385: 8/20/2011 6:21:07 PM - Scheduled Checkpoint
RP1386: 8/21/2011 3:00:11 AM - Windows Update
RP1387: 8/21/2011 4:38:40 AM - Windows Update
RP1388: 8/21/2011 3:13:04 PM - Windows Update
RP1389: 8/22/2011 3:00:11 AM - Windows Update
RP1391: 8/22/2011 3:41:36 PM - Microsoft Antimalware Checkpoint
RP1392: 8/22/2011 3:50:32 PM - Windows Update
RP1393: 8/23/2011 3:00:10 AM - Windows Update
RP1394: 8/23/2011 8:11:20 PM - Windows Update
RP1395: 8/24/2011 3:00:11 AM - Windows Update
RP1396: 8/24/2011 4:14:26 PM - Scheduled Checkpoint
RP1397: 8/25/2011 2:56:25 PM - Windows Update
RP1398: 8/26/2011 2:55:14 PM - Windows Update
.
==== Installed Programs ======================
.
.
 Update for Microsoft Office 2007 (KB2508958)
3D Sound Back Beta0.1
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.2
Adobe Shockwave Player 11.5
AIM 7
AMD VISION Engine Control Center
Apple Application Support
Apple Software Update
Audacity 1.3.11 (Unicode)
AutoUpdate
Bandisoft MPEG-1 Decoder
BitTorrent
BlackBerry Device Software Updater
Blaze Media Pro
Build-a-lot 4 Power Source
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
CCC Help English
Cheat Engine 5.5
Compatibility Pack for the 2007 Office system
Creeper World
Creeper World 2 Demo
Creeper World Map Editor
CyberLink DVD Suite Deluxe
D3DX10
Default Manager
Diablo II
DirectX for Managed Code Update (Summer 2004)
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
Download Updater (AOL LLC)
Enigmo Download
EpicBot
ESET Online Scanner v3
GIMP 2.6.11
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP Memories Disc
HP Odometer
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
HP Picasso Media Center Add-In
HP Print Diagnostic Utility
HP Product Detection
hp psc 1200 series
HP Recovery Manager RSS
HP Support Information
HP Total Care Setup
HP Update
HPAsset component for HP Active Support Library
HydraVision
InstallIQ Updater
iPhoneModem
iTunesControl 0.58
J2SE Runtime Environment 5.0 Update 12
Java Auto Updater
Java(TM) 6 Update 23
Junk Mail filter update
LabelPrint
LAME v3.98.2 for Audacity
LightScribe System Software
Magicka
Mesh Runtime
Messenger Companion
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Live Search Toolbar
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft XNA Framework Redistributable 3.1
Mozilla Firefox 6.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nexon Game Manager
Notepad++
NVIDIA nTune
NVIDIA Stereoscopic 3D Driver
Pando Media Booster
Pcsx2 0.9.1 Watermoose
PF Auto-Typer 4.0
PictureMover
Power2Go
PowerDirector
Project64 1.6
Python 2.6 pywin32-212
Python 2.6.1
QuickTime
Realtek AC'97 Audio
Realtek High Definition Audio Driver
Safari
SCAR Divi CDE 3.12c
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Skype Toolbars
Skype™ 5.3
sp44626
Starcraft
StarCraft II
StealthBot 2.7
Steam
System Requirements Lab
TextPad 5
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2586924)
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
Vindictus
Vizzed Retro Game Room
Warcraft III
Warcraft III: All Products
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinPcap 4.0.2
Xfire (remove only)
Xvid 1.2.1 final uninstall
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
8/26/2011 4:11:54 PM, Error: Application Popup [1060]  - \??\C:\Users\Jordan\AppData\Local\Temp\mbr.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
8/24/2011 6:41:34 AM, Error: EventLog [6008]  - The previous system shutdown at 6:33:15 AM on 8/24/2011 was unexpected.
8/24/2011 6:05:15 AM, Error: EventLog [6008]  - The previous system shutdown at 3:49:02 AM on 8/24/2011 was unexpected.
8/24/2011 3:22:29 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  	Feature: Behavior Monitoring  	Error Code: 0x80004005  	Error description: Unspecified error   	Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
8/24/2011 2:51:10 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/24/2011 2:51:10 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFS Beep i8042prt
8/24/2011 2:51:10 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
8/24/2011 2:51:10 PM, Error: Service Control Manager [7000]  - The uvnc_service service failed to start due to the following error:  The system cannot find the path specified.
8/24/2011 2:50:17 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004]  - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
8/24/2011 2:49:34 PM, Error: EventLog [6008]  - The previous system shutdown at 6:50:34 AM on 8/24/2011 was unexpected.
8/24/2011 2:49:25 PM, Error: volmgr [49]  - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
8/23/2011 9:51:51 PM, Error: EventLog [6008]  - The previous system shutdown at 9:49:09 PM on 8/23/2011 was unexpected.
8/23/2011 9:42:49 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  	Feature: Behavior Monitoring  	Error Code: 0x80004005  	Error description: Unspecified error   	Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
8/23/2011 9:42:07 PM, Error: EventLog [6008]  - The previous system shutdown at 9:25:29 PM on 8/23/2011 was unexpected.
8/23/2011 8:48:28 PM, Error: EventLog [6008]  - The previous system shutdown at 8:19:14 PM on 8/23/2011 was unexpected.
8/23/2011 8:00:13 PM, Error: EventLog [6008]  - The previous system shutdown at 7:51:07 PM on 8/23/2011 was unexpected.
8/23/2011 3:01:38 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows Vista for x64-based Systems (KB2556532).
8/23/2011 2:51:58 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  	Feature: Behavior Monitoring  	Error Code: 0x80004005  	Error description: Unspecified error   	Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
8/23/2011 2:51:15 PM, Error: Microsoft-Windows-PrintSpooler [19]  - The print spooler failed to share printer hp psc 1200 series with shared resource name hp psc 1200 series. Error 2114. The printer cannot be used by others on the network.
8/23/2011 2:51:07 PM, Error: EventLog [6008]  - The previous system shutdown at 8:53:37 AM on 8/23/2011 was unexpected.
8/22/2011 8:47:08 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  	Feature: Behavior Monitoring  	Error Code: 0x80004005  	Error description: Unspecified error   	Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
8/22/2011 8:46:31 PM, Error: EventLog [6008]  - The previous system shutdown at 7:46:17 PM on 8/22/2011 was unexpected.
8/22/2011 7:11:57 AM, Error: Microsoft-Windows-SharedAccess_NAT [34001]  - The ICS_IPV6 failed to configure IPv6 stack.
8/22/2011 6:33:05 PM, Error: Service Control Manager [7034]  - The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
8/22/2011 4:50:55 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  	Feature: Behavior Monitoring  	Error Code: 0x80004005  	Error description: Unspecified error   	Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
8/22/2011 4:50:17 PM, Error: EventLog [6008]  - The previous system shutdown at 4:48:05 PM on 8/22/2011 was unexpected.
8/22/2011 4:27:49 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  	Feature: Behavior Monitoring  	Error Code: 0x80004005  	Error description: Unspecified error   	Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
8/22/2011 4:27:04 PM, Error: EventLog [6008]  - The previous system shutdown at 4:25:25 PM on 8/22/2011 was unexpected.
8/22/2011 3:42:07 PM, Error: Service Control Manager [7034]  - The Windows Image Acquisition (WIA)  service terminated unexpectedly.  It has done this 1 time(s).
8/22/2011 3:39:59 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  	Feature: Behavior Monitoring  	Error Code: 0x80004005  	Error description: Unspecified error   	Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
8/22/2011 3:39:25 PM, Error: EventLog [6008]  - The previous system shutdown at 7:13:51 AM on 8/22/2011 was unexpected.
8/22/2011 3:01:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2539636).
8/20/2011 3:08:22 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  	Feature: Behavior Monitoring  	Error Code: 0x80004005  	Error description: Unspecified error   	Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
8/20/2011 3:07:47 PM, Error: EventLog [6008]  - The previous system shutdown at 3:05:02 PM on 8/20/2011 was unexpected.
.
==== End Of File ===========================

Attached Files



BC AdBot (Login to Remove)

 


#2 lazydude

lazydude
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 29 August 2011 - 10:25 PM

I don't want to 'bump' but I cannot edit; I'd like to add that my computer just froze over 10 times today. When I go to reliability and performance my harddrive keeps 'reading' a file. A starcraft II file. I don't know why, and I'm not uploading anything. Its svchost. I am also not playing the game.
It reads over 1,000,000,000 B/min. I've tried endtasking the svchost with lots of memory usage, and all the files being 'read' stop. And then it stopped reading files. But eventually it stats again.

Edited by lazydude, 30 August 2011 - 06:08 AM.


#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,729 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:38 PM

Posted 01 September 2011 - 09:30 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/416279 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 lazydude

lazydude
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 01 September 2011 - 03:59 PM

1. I've posted whats wrong, basically now its my computer that keeps freezing :/
2. DDS, I also have Windows Vista 64-bit.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 8.0.6001.19120  BrowserJavaVersion: 1.6.0_23
Run by Jordan at 15:49:22 on 2011-09-01
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.8190.5996 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\conime.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://g.live.com/1rewlive4startup/home
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
uInternet Settings,ProxyServer = http=;ftp=;https=;
uSearchURL,(Default) = hxxp://my.juno.com/s/search?r=minisearch
uURLSearchHooks: URLSearchHook Class: {37d2cdbf-2af4-44aa-8113-bd0d2da3c2b8} - C:\Program Files (x86)\Juno\SearchEnh1.dll
BHO: {0170104e-fa8a-4130-a625-1420ad5f97ef} - C:\Windows\SysWow64\atidxx3232.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Pop-up Blocker: {52706ef7-d7a2-49ad-a615-e903858cf284} - C:\Program Files (x86)\Juno\qsacc\X1IEBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: JunoBar: {5854fac4-5bf0-47dd-b5a9-a5ea8cff3cf4} - C:\Program Files (x86)\Juno\Toolbar.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
uRun: [InstallIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_Plugin.exe -update plugin
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Display All Images with Full Quality - "C:\Program Files (x86)\Juno\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "C:\Program Files (x86)\Juno\qsacc\appres.dll/227"
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
Trusted Zone: juno.com
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: Interfaces\{091B5538-26DA-4A4D-8B1A-D21F84E31ECD} : NameServer = 68.105.28.11,68.105.29.11
TCP: Interfaces\{B355D998-8E7B-48F0-BE3C-83B230E45711} : DhcpNameServer = 172.18.206.215 172.18.206.215 8.8.8.8
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
C:\Windows\SysWow64\atidxx3232.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 	0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: 	AcroIEHelperStub - No File
BHO-X64: Pop-up Blocker: {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files (x86)\Juno\qsacc\X1IEBHO.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: 	SkypeIEPluginBHO - No File
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
BHO-X64: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: JunoBar: {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files (x86)\Juno\Toolbar.dll
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\68g3zchw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.homepage.dontask, true
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-7-7 365568]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-4-3 240232]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2009-2-2 23536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 uvnc_service;uvnc_service;"C:\Program Files (x86)\UltraVNC\winvnc.exe" -service --> C:\Program Files (x86)\UltraVNC\winvnc.exe [?]
S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 TeamViewer6;TeamViewer 6;C:\Users\Jordan\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Service.exe --> C:\Users\Jordan\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Service.exe [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-10-20 89920]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-09-01 03:22:23	8862544	----a-w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0E6AD4DF-0E36-4E36-B330-AF0CEECC7645}\mpengine.dll
2011-08-27 19:11:20	2048	----a-w-	C:\Windows\SysWow64\tzres.dll
2011-08-27 19:11:20	2048	----a-w-	C:\Windows\System32\tzres.dll
2011-08-27 19:11:16	4699536	----a-w-	C:\Windows\System32\ntoskrnl.exe
2011-08-23 11:15:25	--------	d-----w-	C:\Program Files (x86)\ESET
2011-08-21 19:30:03	89048	----a-w-	C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2011-08-21 19:30:03	785368	----a-w-	C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-08-21 19:30:03	478168	----a-w-	C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2011-08-21 19:30:03	2106216	----a-w-	C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-08-21 19:30:03	1998168	----a-w-	C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-08-21 19:30:03	1846232	----a-w-	C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-08-21 19:30:03	15832	----a-w-	C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
2011-08-21 19:30:03	134104	----a-w-	C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-08-19 20:51:20	--------	d-sh--w-	C:\$RECYCLE.BIN
2011-08-11 12:31:11	601424	------w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-08-11 12:31:03	601424	------w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{35A7E855-2DB3-42BE-BE69-12F9B1E03C2A}\gapaengine.dll
2011-08-10 02:55:59	743424	----a-w-	C:\Program Files (x86)\Internet Explorer\iedvtool.dll
.
==================== Find3M  ====================
.
2011-07-23 11:31:32	1147904	----a-w-	C:\Windows\System32\wininet.dll
2011-07-23 11:24:17	56832	----a-w-	C:\Windows\System32\licmgr10.dll
2011-07-23 11:23:51	1538560	----a-w-	C:\Windows\System32\inetcpl.cpl
2011-07-23 11:23:30	132096	----a-w-	C:\Windows\System32\iesysprep.dll
2011-07-23 11:23:29	77312	----a-w-	C:\Windows\System32\iesetup.dll
2011-07-23 11:04:29	916480	----a-w-	C:\Windows\SysWow64\wininet.dll
2011-07-23 11:00:05	43520	----a-w-	C:\Windows\SysWow64\licmgr10.dll
2011-07-23 10:59:52	1469440	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2011-07-23 10:59:34	71680	----a-w-	C:\Windows\SysWow64\iesetup.dll
2011-07-23 10:59:34	109056	----a-w-	C:\Windows\SysWow64\iesysprep.dll
2011-07-23 10:31:39	479232	----a-w-	C:\Windows\System32\html.iec
2011-07-23 10:03:47	385024	----a-w-	C:\Windows\SysWow64\html.iec
2011-07-23 09:50:14	162816	----a-w-	C:\Windows\System32\ieUnatt.exe
2011-07-23 09:48:56	1638912	----a-w-	C:\Windows\System32\mshtml.tlb
2011-07-23 09:27:04	133632	----a-w-	C:\Windows\SysWow64\ieUnatt.exe
2011-07-23 09:25:38	1638912	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2011-07-08 04:37:30	60416	----a-w-	C:\Windows\System32\OVDecode64.dll
2011-07-08 04:37:10	51200	----a-w-	C:\Windows\System32\OpenCL.dll
2011-07-08 04:36:58	16907776	----a-w-	C:\Windows\System32\amdocl64.dll
2011-07-08 04:15:50	9884672	----a-w-	C:\Windows\System32\drivers\atikmdag.sys
2011-07-08 03:54:26	23385600	----a-w-	C:\Windows\System32\atio6axx.dll
2011-07-08 03:33:28	17940992	----a-w-	C:\Windows\SysWow64\atioglxx.dll
2011-07-08 03:29:54	151552	----a-w-	C:\Windows\System32\atiapfxx.exe
2011-07-08 03:29:44	689152	----a-w-	C:\Windows\SysWow64\aticfx32.dll
2011-07-08 03:28:26	814592	----a-w-	C:\Windows\System32\aticfx64.dll
2011-07-08 03:25:48	462848	----a-w-	C:\Windows\System32\ATIDEMGX.dll
2011-07-08 03:25:38	485376	----a-w-	C:\Windows\System32\atieclxx.exe
2011-07-08 03:25:02	204288	----a-w-	C:\Windows\System32\atiesrxx.exe
2011-07-08 03:23:48	120320	----a-w-	C:\Windows\System32\atitmm64.dll
2011-07-08 03:23:32	423424	----a-w-	C:\Windows\System32\atipdl64.dll
2011-07-08 03:23:26	356352	----a-w-	C:\Windows\SysWow64\atipdlxx.dll
2011-07-08 03:23:14	278528	----a-w-	C:\Windows\SysWow64\Oemdspif.dll
2011-07-08 03:23:08	16384	----a-w-	C:\Windows\System32\atimuixx.dll
2011-07-08 03:23:04	59392	----a-w-	C:\Windows\System32\atiedu64.dll
2011-07-08 03:22:58	43520	----a-w-	C:\Windows\SysWow64\ati2edxx.dll
2011-07-08 03:19:50	4275712	----a-w-	C:\Windows\SysWow64\atidxx32.dll
2011-07-08 03:10:38	5072896	----a-w-	C:\Windows\System32\atidxx64.dll
2011-07-08 03:06:10	1113088	----a-w-	C:\Windows\System32\atiumd6v.dll
2011-07-08 03:05:46	1828864	----a-w-	C:\Windows\SysWow64\atiumdmv.dll
2011-07-08 03:05:34	3848704	----a-w-	C:\Windows\System32\atiumd6a.dll
2011-07-08 03:02:08	51200	----a-w-	C:\Windows\System32\aticalrt64.dll
2011-07-08 03:02:06	46080	----a-w-	C:\Windows\SysWow64\aticalrt.dll
2011-07-08 03:01:58	44544	----a-w-	C:\Windows\System32\aticalcl64.dll
2011-07-08 03:01:58	44032	----a-w-	C:\Windows\SysWow64\aticalcl.dll
2011-07-08 03:01:46	8134656	----a-w-	C:\Windows\System32\aticaldd64.dll
2011-07-08 03:00:34	4367360	----a-w-	C:\Windows\SysWow64\atiumdag.dll
2011-07-08 02:58:52	6740480	----a-w-	C:\Windows\SysWow64\aticaldd.dll
2011-07-08 02:55:56	4039680	----a-w-	C:\Windows\SysWow64\atiumdva.dll
2011-07-08 02:54:30	58880	----a-w-	C:\Windows\System32\coinst.dll
2011-07-08 02:54:22	5540864	----a-w-	C:\Windows\System32\atiumd64.dll
2011-07-08 02:47:42	375808	----a-w-	C:\Windows\System32\atiadlxx.dll
2011-07-08 02:47:34	266240	----a-w-	C:\Windows\SysWow64\atiadlxy.dll
2011-07-08 02:47:24	15360	----a-w-	C:\Windows\System32\atig6pxx.dll
2011-07-08 02:47:20	13312	----a-w-	C:\Windows\SysWow64\atiglpxx.dll
2011-07-08 02:47:20	13312	----a-w-	C:\Windows\System32\atiglpxx.dll
2011-07-08 02:47:18	39936	----a-w-	C:\Windows\System32\atig6txx.dll
2011-07-08 02:47:10	32768	----a-w-	C:\Windows\SysWow64\atigktxx.dll
2011-07-08 02:47:04	307712	----a-w-	C:\Windows\System32\drivers\atikmpag.sys
2011-07-08 02:46:20	40960	----a-w-	C:\Windows\System32\atiuxp64.dll
2011-07-08 02:46:14	31744	----a-w-	C:\Windows\SysWow64\atiuxpag.dll
2011-07-08 02:46:06	38912	----a-w-	C:\Windows\System32\atiu9p64.dll
2011-07-08 02:45:58	29184	----a-w-	C:\Windows\SysWow64\atiu9pag.dll
2011-07-08 02:45:38	45056	----a-w-	C:\Windows\System32\atitmp64.dll
2011-07-08 02:45:10	53248	----a-w-	C:\Windows\System32\drivers\ati2erec.dll
2011-07-08 02:41:02	53760	----a-w-	C:\Windows\System32\atimpc64.dll
2011-07-08 02:41:02	53760	----a-w-	C:\Windows\System32\amdpcom64.dll
2011-07-08 02:40:48	52736	----a-w-	C:\Windows\SysWow64\atimpc32.dll
2011-07-08 02:40:48	52736	----a-w-	C:\Windows\SysWow64\amdpcom32.dll
2011-07-06 15:49:23	275456	----a-w-	C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-28 04:32:21	404640	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-27 21:23:20	53760	----a-w-	C:\Windows\SysWow64\OVDecode.dll
2011-06-27 21:23:02	43520	----a-w-	C:\Windows\SysWow64\OpenCL.dll
2011-06-27 21:22:40	13904896	----a-w-	C:\Windows\SysWow64\amdocl.dll
2011-06-26 06:45:56	256000	----a-w-	C:\Windows\PEV.exe
2011-06-17 20:14:30	1424272	----a-w-	C:\Windows\System32\drivers\tcpip.sys
2011-06-17 16:16:33	451072	----a-w-	C:\Windows\System32\winsrv.dll
2011-06-17 13:56:56	40448	----a-w-	C:\Windows\System32\drivers\tcpipreg.sys
2011-06-16 08:34:06	2971648	----a-w-	C:\Windows\System32\SlotMaximizerBe.dll
2011-06-16 08:34:06	105984	----a-w-	C:\Windows\System32\SlotMaximizerAg.dll
.
============= FINISH: 15:49:53.56 ===============
3.I do not have the original Windows CD. We moved and... well I'm sure you can understand.
I'm a patience person, rushing things won't get anything done faster. And I know there are tons of people who have issues. But you guys are saints for fixing what bleeps start.

Attached Files



#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:38 PM

Posted 01 September 2011 - 08:11 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Tracur is not a nice trojan so let's attempt to hit it hard

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


Then

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#6 lazydude

lazydude
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 02 September 2011 - 06:05 AM

It took 6 restarts for my computer to boot up, in addition do you know if this trojan is related to computer freezing?
MBAM:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7634

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19120

9/2/2011 6:04:07 AM
mbam-log-2011-09-02 (06-04-07).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 444703
Time elapsed: 1 hour(s), 2 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Value: ClickPotatoLite@ClickPotatoLite.com -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files (x86)\enigmo 2 - supernova\uninstall.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files (x86)\clickpotatolite\bin\10.0.659.0\launchhelp.dll.vir (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\Windows\imglib.dll.vir (Spyware.NetVizor) -> Quarantined and deleted successfully.

ComboFix:
ComboFix 11-09-01.03 - Jordan 09/02/2011   6:19.6.4 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.8190.5849 [GMT -5:00]
Running from: c:\users\Jordan\Desktop\Comfix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\comct332.ocx
.
.
(((((((((((((((((((((((((   Files Created from 2011-08-02 to 2011-09-02  )))))))))))))))))))))))))))))))
.
.
2011-09-02 11:32 . 2011-09-02 11:32	--------	d-----w-	c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-09-02 11:32 . 2011-09-02 11:32	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-09-02 03:23 . 2011-08-12 04:10	8862544	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E13554E4-077D-4238-ADA4-FDC28731A6DE}\mpengine.dll
2011-09-02 02:39 . 2011-09-02 02:39	--------	d-----w-	c:\users\Jordan\AppData\Roaming\Malwarebytes
2011-09-02 02:39 . 2011-07-07 00:52	41272	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-09-02 02:39 . 2011-09-02 02:39	--------	d-----w-	c:\programdata\Malwarebytes
2011-09-02 02:39 . 2011-09-02 02:39	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-02 02:39 . 2011-07-07 00:52	25912	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-08-27 19:11 . 2011-07-11 13:45	2048	----a-w-	c:\windows\system32\tzres.dll
2011-08-27 19:11 . 2011-07-11 13:25	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2011-08-27 19:11 . 2011-06-20 08:45	4699536	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-08-23 11:15 . 2011-08-23 11:15	--------	d-----w-	c:\program files (x86)\ESET
2011-08-21 19:30 . 2011-09-01 03:48	134104	----a-w-	c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-08-21 19:30 . 2011-09-01 03:48	89048	----a-w-	c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-08-21 19:30 . 2011-09-01 03:48	785368	----a-w-	c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-08-21 19:30 . 2011-09-01 03:48	478168	----a-w-	c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-08-21 19:30 . 2011-09-01 03:48	1846232	----a-w-	c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-08-21 19:30 . 2011-09-01 03:48	15832	----a-w-	c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-08-21 19:30 . 2011-08-12 03:16	2106216	----a-w-	c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-08-21 19:30 . 2011-08-12 03:16	1998168	----a-w-	c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-08-11 12:31 . 2011-07-29 12:05	601424	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-08-11 12:31 . 2011-07-29 12:05	601424	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{35A7E855-2DB3-42BE-BE69-12F9B1E03C2A}\gapaengine.dll
2011-08-10 02:55 . 2011-07-23 11:32	660760	----a-w-	c:\program files\Internet Explorer\iexplore.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-12 04:10 . 2011-07-30 11:23	8862544	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-20 14:44 . 2011-07-29 11:59	8578896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C63EB54-50CF-4A3E-9BCB-92A1EDCE24E4}\mpengine.dll
2011-07-08 04:37 . 2011-07-08 04:37	60416	----a-w-	c:\windows\system32\OVDecode64.dll
2011-07-08 04:37 . 2011-07-08 04:37	51200	----a-w-	c:\windows\system32\OpenCL.dll
2011-07-08 04:36 . 2011-07-08 04:36	16907776	----a-w-	c:\windows\system32\amdocl64.dll
2011-07-08 04:15 . 2011-07-08 04:15	9884672	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2011-07-08 03:54 . 2011-07-08 03:54	23385600	----a-w-	c:\windows\system32\atio6axx.dll
2011-07-08 03:33 . 2011-07-08 03:33	17940992	----a-w-	c:\windows\SysWow64\atioglxx.dll
2011-07-08 03:29 . 2011-07-08 03:29	151552	----a-w-	c:\windows\system32\atiapfxx.exe
2011-07-08 03:29 . 2010-11-26 02:58	689152	----a-w-	c:\windows\SysWow64\aticfx32.dll
2011-07-08 03:28 . 2010-11-26 02:57	814592	----a-w-	c:\windows\system32\aticfx64.dll
2011-07-08 03:25 . 2011-07-08 03:25	462848	----a-w-	c:\windows\system32\ATIDEMGX.dll
2011-07-08 03:25 . 2011-07-08 03:25	485376	----a-w-	c:\windows\system32\atieclxx.exe
2011-07-08 03:25 . 2011-07-08 03:25	204288	----a-w-	c:\windows\system32\atiesrxx.exe
2011-07-08 03:23 . 2011-07-08 03:23	120320	----a-w-	c:\windows\system32\atitmm64.dll
2011-07-08 03:23 . 2011-07-08 03:23	423424	----a-w-	c:\windows\system32\atipdl64.dll
2011-07-08 03:23 . 2011-07-08 03:23	356352	----a-w-	c:\windows\SysWow64\atipdlxx.dll
2011-07-08 03:23 . 2011-07-08 03:23	278528	----a-w-	c:\windows\SysWow64\Oemdspif.dll
2011-07-08 03:23 . 2011-07-08 03:23	16384	----a-w-	c:\windows\system32\atimuixx.dll
2011-07-08 03:23 . 2011-07-08 03:23	59392	----a-w-	c:\windows\system32\atiedu64.dll
2011-07-08 03:22 . 2011-07-08 03:22	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2011-07-08 03:19 . 2011-07-08 03:19	4275712	----a-w-	c:\windows\SysWow64\atidxx32.dll
2011-07-08 03:10 . 2011-07-08 03:10	5072896	----a-w-	c:\windows\system32\atidxx64.dll
2011-07-08 03:06 . 2011-07-08 03:06	1113088	----a-w-	c:\windows\system32\atiumd6v.dll
2011-07-08 03:05 . 2011-07-08 03:05	1828864	----a-w-	c:\windows\SysWow64\atiumdmv.dll
2011-07-08 03:05 . 2009-09-19 01:44	3848704	----a-w-	c:\windows\system32\atiumd6a.dll
2011-07-08 03:02 . 2011-07-08 03:02	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2011-07-08 03:02 . 2011-07-08 03:02	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2011-07-08 03:01 . 2011-07-08 03:01	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2011-07-08 03:01 . 2011-07-08 03:01	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2011-07-08 03:01 . 2011-07-08 03:01	8134656	----a-w-	c:\windows\system32\aticaldd64.dll
2011-07-08 03:00 . 2009-09-19 01:56	4367360	----a-w-	c:\windows\SysWow64\atiumdag.dll
2011-07-08 02:58 . 2011-07-08 02:58	6740480	----a-w-	c:\windows\SysWow64\aticaldd.dll
2011-07-08 02:55 . 2009-09-19 01:38	4039680	----a-w-	c:\windows\SysWow64\atiumdva.dll
2011-07-08 02:54 . 2010-11-26 02:24	58880	----a-w-	c:\windows\system32\coinst.dll
2011-07-08 02:54 . 2009-09-19 01:50	5540864	----a-w-	c:\windows\system32\atiumd64.dll
2011-07-08 02:47 . 2011-07-08 02:47	375808	----a-w-	c:\windows\system32\atiadlxx.dll
2011-07-08 02:47 . 2011-07-08 02:47	266240	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2011-07-08 02:47 . 2011-07-08 02:47	15360	----a-w-	c:\windows\system32\atig6pxx.dll
2011-07-08 02:47 . 2011-07-08 02:47	13312	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2011-07-08 02:47 . 2011-07-08 02:47	13312	----a-w-	c:\windows\system32\atiglpxx.dll
2011-07-08 02:47 . 2011-07-08 02:47	39936	----a-w-	c:\windows\system32\atig6txx.dll
2011-07-08 02:47 . 2011-07-08 02:47	32768	----a-w-	c:\windows\SysWow64\atigktxx.dll
2011-07-08 02:47 . 2011-07-08 02:47	307712	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2011-07-08 02:46 . 2011-07-08 02:46	40960	----a-w-	c:\windows\system32\atiuxp64.dll
2011-07-08 02:46 . 2011-07-08 02:46	31744	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2011-07-08 02:46 . 2010-11-26 02:15	38912	----a-w-	c:\windows\system32\atiu9p64.dll
2011-07-08 02:45 . 2010-11-26 02:15	29184	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2011-07-08 02:45 . 2010-11-26 02:15	45056	----a-w-	c:\windows\system32\atitmp64.dll
2011-07-08 02:45 . 2011-07-08 02:45	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2011-07-08 02:41 . 2011-07-08 02:41	53760	----a-w-	c:\windows\system32\atimpc64.dll
2011-07-08 02:41 . 2011-07-08 02:41	53760	----a-w-	c:\windows\system32\amdpcom64.dll
2011-07-08 02:40 . 2011-07-08 02:40	52736	----a-w-	c:\windows\SysWow64\atimpc32.dll
2011-07-08 02:40 . 2011-07-08 02:40	52736	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2011-06-28 04:32 . 2011-05-28 21:34	404640	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-27 21:23 . 2011-06-27 21:23	53760	----a-w-	c:\windows\SysWow64\OVDecode.dll
2011-06-27 21:23 . 2011-06-27 21:23	43520	----a-w-	c:\windows\SysWow64\OpenCL.dll
2011-06-27 21:22 . 2011-06-27 21:22	13904896	----a-w-	c:\windows\SysWow64\amdocl.dll
2011-06-16 08:34 . 2011-06-16 08:34	2971648	----a-w-	c:\windows\system32\SlotMaximizerBe.dll
2011-06-16 08:34 . 2011-06-16 08:34	105984	----a-w-	c:\windows\system32\SlotMaximizerAg.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-08-19_11.02.04   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 03:20 . 2011-08-22 20:39	32768          	c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2011-08-13 18:04	32768          	c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2011-08-13 18:04	81920          	c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2011-08-22 20:39	81920          	c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2011-08-13 18:04	32768          	c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:20 . 2011-08-22 20:39	32768          	c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2011-09-02 11:10	76876          	c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-08-27 02:36 . 2011-09-02 11:10	18050          	c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2219899703-1796258898-542126263-1000_UserData.bin
+ 2009-08-27 02:36 . 2011-09-01 20:26	16384          	c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-27 02:36 . 2011-08-19 04:24	16384          	c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-27 02:35 . 2011-08-19 04:24	32768          	c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-27 02:35 . 2011-09-01 20:26	32768          	c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-27 02:36 . 2011-09-01 20:26	16384          	c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-08-27 02:36 . 2011-08-19 04:24	16384          	c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-30 02:38 . 2011-09-02 11:47	16384          	c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-30 02:38 . 2011-08-19 04:25	16384          	c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-08-30 02:38 . 2011-09-02 11:47	16384          	c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-08-30 02:38 . 2011-08-19 04:25	16384          	c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-21 04:07 . 2010-09-21 04:07	70584          	c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\adobeextractfiles.dll
- 2010-03-30 07:11 . 2011-07-30 13:03	49152          	c:\windows\.jagex_cache_32\runescape\jagmisc.dll
+ 2010-03-30 07:11 . 2011-08-20 06:26	49152          	c:\windows\.jagex_cache_32\runescape\jagmisc.dll
+ 2010-05-19 05:06 . 2011-08-20 06:26	81920          	c:\windows\.jagex_cache_32\runescape\hw3d.dll
- 2010-05-19 05:06 . 2011-07-30 13:03	81920          	c:\windows\.jagex_cache_32\runescape\hw3d.dll
+ 2011-08-19 21:01 . 2011-08-19 21:01	9560          	c:\windows\system32\networklist\icons\{8EA3DF51-466A-4810-81A2-464030499405}_48.bin
+ 2011-08-19 21:01 . 2011-08-19 21:01	4280          	c:\windows\system32\networklist\icons\{8EA3DF51-466A-4810-81A2-464030499405}_32.bin
+ 2011-08-19 21:01 . 2011-08-19 21:01	2456          	c:\windows\system32\networklist\icons\{8EA3DF51-466A-4810-81A2-464030499405}_24.bin
+ 2011-09-02 11:47 . 2011-09-02 11:47	2048          	c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-19 04:24 . 2011-08-19 04:24	2048          	c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-02 11:47 . 2011-09-02 11:47	2048          	c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-08-19 04:24 . 2011-08-19 04:24	2048          	c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-12-14 10:35 . 2011-08-23 23:32	181920          	c:\windows\SysWOW64\mlfcache.dat
+ 2006-11-02 15:45 . 2011-09-02 11:10	100918          	c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 12:46 . 2011-09-02 11:15	658326          	c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2011-08-19 04:32	658326          	c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2011-08-19 04:32	125510          	c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2011-09-02 11:15	125510          	c:\windows\system32\perfc009.dat
+ 2006-11-02 15:17 . 2011-08-27 21:57	262144          	c:\windows\system32\config\systemprofile\ntuser.dat
- 2006-11-02 15:17 . 2011-07-29 11:02	262144          	c:\windows\system32\config\systemprofile\ntuser.dat
+ 2010-08-11 12:39 . 2011-08-30 03:19	262144          	c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
- 2010-08-11 12:39 . 2011-07-28 18:29	262144          	c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2010-08-05 22:11 . 2011-09-02 11:45	388096          	c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-08-05 22:11 . 2011-08-19 04:23	388096          	c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-09-21 04:07 . 2010-09-21 04:07	338856          	c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\readerupdater.exe
+ 2010-09-21 04:07 . 2010-09-21 04:07	932288          	c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\adobearm.exe
+ 2010-09-21 04:07 . 2010-09-21 04:07	338856          	c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrobatupdater.exe
- 2010-03-30 06:05 . 2011-07-30 13:03	937984          	c:\windows\.jagex_cache_32\runescape\sw3d.dll
+ 2010-03-30 06:05 . 2011-08-20 06:26	937984          	c:\windows\.jagex_cache_32\runescape\sw3d.dll
- 2010-03-30 07:11 . 2011-07-30 13:03	137216          	c:\windows\.jagex_cache_32\runescape\jaggl.dll
+ 2010-03-30 07:11 . 2011-08-20 06:26	137216          	c:\windows\.jagex_cache_32\runescape\jaggl.dll
- 2010-05-19 05:06 . 2011-07-30 13:03	102400          	c:\windows\.jagex_cache_32\runescape\jagdx.dll
+ 2010-05-19 05:06 . 2011-08-20 06:26	102400          	c:\windows\.jagex_cache_32\runescape\jagdx.dll
- 2010-05-19 05:06 . 2011-07-30 13:03	148992          	c:\windows\.jagex_cache_32\runescape\jaclib.dll
+ 2010-05-19 05:06 . 2011-08-20 06:26	148992          	c:\windows\.jagex_cache_32\runescape\jaclib.dll
+ 2009-05-09 12:48 . 2011-09-02 11:45	3820752          	c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-05-09 12:48 . 2011-08-19 04:23	3820752          	c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2006-11-02 12:33 . 2011-08-28 08:16	11010048          	c:\windows\system32\SMI\Store\Machine\schema.dat
- 2006-11-02 12:33 . 2011-08-19 08:00	11010048          	c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2010-08-05 22:11 . 2011-09-02 11:45	11281300          	c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2219899703-1796258898-542126263-1000-12288.dat
+ 2011-06-08 04:39 . 2011-06-08 04:39	19798016          	c:\windows\Installer\2ac04.msp
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"NVIDIA nTune"="c:\program files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 98304]
"InstallIQUpdater"="c:\program files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2010-07-07 1008128]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-06 224616]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-08 336384]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 AFS;AFS; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 uvnc_service;uvnc_service;c:\program files (x86)\UltraVNC\winvnc.exe [x]
R3 ALSysIO;ALSysIO;c:\users\Jordan\AppData\Local\Temp\ALSysIO64.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [2009-02-02 23536]
R3 TeamViewer6;TeamViewer 6;c:\users\Jordan\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Service.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-08 365568]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-11 c:\windows\Tasks\HPCeeScheduleForJordan.job
- c:\program files (x86)\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2009-05-09 01:17]
.
2011-08-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-02-02 18:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
c:\program files (x86)\Hotspot Shield\hssie\HssIE_64.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-08-19 333344]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://g.live.com/1rewlive4startup/home
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=;ftp=;https=;
uSearchURL,(Default) = hxxp://my.juno.com/s/search?r=minisearch
IE: Display All Images with Full Quality - "c:\program files (x86)\Juno\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files (x86)\Juno\qsacc\appres.dll/227"
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: juno.com
TCP: Interfaces\{091B5538-26DA-4A4D-8B1A-D21F84E31ECD}: NameServer = 68.105.28.11,68.105.29.11
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\68g3zchw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.homepage.dontask, true
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{0170104E-FA8A-4130-A625-1420AD5F97Ef} - c:\windows\SysWow64\atidxx3232.dll
AddRemove-Cheat Engine 5.5_is1 - c:\program files (x86)\Cheat Engine\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,84,85,89,55,39,06,7b,46,bb,47,e1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,84,85,89,55,39,06,7b,46,bb,47,e1,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
Completion time: 2011-09-02  06:54:23 - machine was rebooted
ComboFix-quarantined-files.txt  2011-09-02 11:54
ComboFix2.txt  2011-08-19 11:05
ComboFix3.txt  2011-08-02 00:42
ComboFix4.txt  2011-07-31 11:03
ComboFix5.txt  2011-09-02 11:13
.
Pre-Run: 523,138,326,528 bytes free
Post-Run: 523,059,691,520 bytes free
.
- - End Of File - - 859DF9D7EB075FA33422CAE057DF2760

Attached Files


Edited by lazydude, 02 September 2011 - 06:57 AM.


#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:38 PM

Posted 02 September 2011 - 06:06 PM

Rerun Combofix again, as shown

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

Driver::
AFS

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]


Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Posted Image
m0le is a proud member of UNITE

#8 lazydude

lazydude
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 03 September 2011 - 09:24 AM

I was wondering if this virus goes with computer freezing, in addition does it also include not being able to boot up my computer?
Because the fans on my computer go really fast then shut off one time. The while it restarts again, it starts off fast for like a millisecond then it goes normal(or it stays going fast); but it still shuts off. Does this x amount times. And while both of those are happening my monitor is like its not receiving anything from my gpu. Now before you think its my gpu, I've been having it for 6 months and it hasn't done this. My computer is cleaned - no dust. I've also tried plugging my monitor into my mobo DVI socket and it did the same.


ComboFix 11-09-02.04 - Jordan 09/02/2011  22:48:30.7.4 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.8190.5979 [GMT -5:00]
Running from: c:\users\Jordan\Desktop\ComboFix.exe
Command switches used :: c:\users\Jordan\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AFS
.
.
(((((((((((((((((((((((((   Files Created from 2011-08-03 to 2011-09-03  )))))))))))))))))))))))))))))))
.
.
2011-09-03 04:00 . 2011-09-03 04:00	--------	d-----w-	c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-09-03 04:00 . 2011-09-03 04:00	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-09-02 11:55 . 2011-08-12 04:10	8862544	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CBF34682-B443-4621-ADF3-62FFB7919AF6}\mpengine.dll
2011-09-02 02:39 . 2011-09-02 02:39	--------	d-----w-	c:\users\Jordan\AppData\Roaming\Malwarebytes
2011-09-02 02:39 . 2011-07-07 00:52	41272	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-09-02 02:39 . 2011-09-02 02:39	--------	d-----w-	c:\programdata\Malwarebytes
2011-09-02 02:39 . 2011-09-02 02:39	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-02 02:39 . 2011-07-07 00:52	25912	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-08-27 19:11 . 2011-07-11 13:45	2048	----a-w-	c:\windows\system32\tzres.dll
2011-08-27 19:11 . 2011-07-11 13:25	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2011-08-27 19:11 . 2011-06-20 08:45	4699536	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-08-23 11:15 . 2011-08-23 11:15	--------	d-----w-	c:\program files (x86)\ESET
2011-08-21 19:30 . 2011-09-01 03:48	134104	----a-w-	c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-08-21 19:30 . 2011-09-01 03:48	89048	----a-w-	c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-08-21 19:30 . 2011-09-01 03:48	785368	----a-w-	c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-08-21 19:30 . 2011-09-01 03:48	478168	----a-w-	c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-08-21 19:30 . 2011-09-01 03:48	1846232	----a-w-	c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-08-21 19:30 . 2011-09-01 03:48	15832	----a-w-	c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-08-21 19:30 . 2011-08-12 03:16	2106216	----a-w-	c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-08-21 19:30 . 2011-08-12 03:16	1998168	----a-w-	c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-08-11 12:31 . 2011-07-29 12:05	601424	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-08-11 12:31 . 2011-07-29 12:05	601424	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{35A7E855-2DB3-42BE-BE69-12F9B1E03C2A}\gapaengine.dll
2011-08-10 02:55 . 2011-07-23 11:32	660760	----a-w-	c:\program files\Internet Explorer\iexplore.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-12 04:10 . 2011-07-30 11:23	8862544	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-20 14:44 . 2011-07-29 11:59	8578896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C63EB54-50CF-4A3E-9BCB-92A1EDCE24E4}\mpengine.dll
2011-07-08 04:37 . 2011-07-08 04:37	60416	----a-w-	c:\windows\system32\OVDecode64.dll
2011-07-08 04:37 . 2011-07-08 04:37	51200	----a-w-	c:\windows\system32\OpenCL.dll
2011-07-08 04:36 . 2011-07-08 04:36	16907776	----a-w-	c:\windows\system32\amdocl64.dll
2011-07-08 04:15 . 2011-07-08 04:15	9884672	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2011-07-08 03:54 . 2011-07-08 03:54	23385600	----a-w-	c:\windows\system32\atio6axx.dll
2011-07-08 03:33 . 2011-07-08 03:33	17940992	----a-w-	c:\windows\SysWow64\atioglxx.dll
2011-07-08 03:29 . 2011-07-08 03:29	151552	----a-w-	c:\windows\system32\atiapfxx.exe
2011-07-08 03:29 . 2010-11-26 02:58	689152	----a-w-	c:\windows\SysWow64\aticfx32.dll
2011-07-08 03:28 . 2010-11-26 02:57	814592	----a-w-	c:\windows\system32\aticfx64.dll
2011-07-08 03:25 . 2011-07-08 03:25	462848	----a-w-	c:\windows\system32\ATIDEMGX.dll
2011-07-08 03:25 . 2011-07-08 03:25	485376	----a-w-	c:\windows\system32\atieclxx.exe
2011-07-08 03:25 . 2011-07-08 03:25	204288	----a-w-	c:\windows\system32\atiesrxx.exe
2011-07-08 03:23 . 2011-07-08 03:23	120320	----a-w-	c:\windows\system32\atitmm64.dll
2011-07-08 03:23 . 2011-07-08 03:23	423424	----a-w-	c:\windows\system32\atipdl64.dll
2011-07-08 03:23 . 2011-07-08 03:23	356352	----a-w-	c:\windows\SysWow64\atipdlxx.dll
2011-07-08 03:23 . 2011-07-08 03:23	278528	----a-w-	c:\windows\SysWow64\Oemdspif.dll
2011-07-08 03:23 . 2011-07-08 03:23	16384	----a-w-	c:\windows\system32\atimuixx.dll
2011-07-08 03:23 . 2011-07-08 03:23	59392	----a-w-	c:\windows\system32\atiedu64.dll
2011-07-08 03:22 . 2011-07-08 03:22	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2011-07-08 03:19 . 2011-07-08 03:19	4275712	----a-w-	c:\windows\SysWow64\atidxx32.dll
2011-07-08 03:10 . 2011-07-08 03:10	5072896	----a-w-	c:\windows\system32\atidxx64.dll
2011-07-08 03:06 . 2011-07-08 03:06	1113088	----a-w-	c:\windows\system32\atiumd6v.dll
2011-07-08 03:05 . 2011-07-08 03:05	1828864	----a-w-	c:\windows\SysWow64\atiumdmv.dll
2011-07-08 03:05 . 2009-09-19 01:44	3848704	----a-w-	c:\windows\system32\atiumd6a.dll
2011-07-08 03:02 . 2011-07-08 03:02	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2011-07-08 03:02 . 2011-07-08 03:02	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2011-07-08 03:01 . 2011-07-08 03:01	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2011-07-08 03:01 . 2011-07-08 03:01	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2011-07-08 03:01 . 2011-07-08 03:01	8134656	----a-w-	c:\windows\system32\aticaldd64.dll
2011-07-08 03:00 . 2009-09-19 01:56	4367360	----a-w-	c:\windows\SysWow64\atiumdag.dll
2011-07-08 02:58 . 2011-07-08 02:58	6740480	----a-w-	c:\windows\SysWow64\aticaldd.dll
2011-07-08 02:55 . 2009-09-19 01:38	4039680	----a-w-	c:\windows\SysWow64\atiumdva.dll
2011-07-08 02:54 . 2010-11-26 02:24	58880	----a-w-	c:\windows\system32\coinst.dll
2011-07-08 02:54 . 2009-09-19 01:50	5540864	----a-w-	c:\windows\system32\atiumd64.dll
2011-07-08 02:47 . 2011-07-08 02:47	375808	----a-w-	c:\windows\system32\atiadlxx.dll
2011-07-08 02:47 . 2011-07-08 02:47	266240	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2011-07-08 02:47 . 2011-07-08 02:47	15360	----a-w-	c:\windows\system32\atig6pxx.dll
2011-07-08 02:47 . 2011-07-08 02:47	13312	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2011-07-08 02:47 . 2011-07-08 02:47	13312	----a-w-	c:\windows\system32\atiglpxx.dll
2011-07-08 02:47 . 2011-07-08 02:47	39936	----a-w-	c:\windows\system32\atig6txx.dll
2011-07-08 02:47 . 2011-07-08 02:47	32768	----a-w-	c:\windows\SysWow64\atigktxx.dll
2011-07-08 02:47 . 2011-07-08 02:47	307712	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2011-07-08 02:46 . 2011-07-08 02:46	40960	----a-w-	c:\windows\system32\atiuxp64.dll
2011-07-08 02:46 . 2011-07-08 02:46	31744	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2011-07-08 02:46 . 2010-11-26 02:15	38912	----a-w-	c:\windows\system32\atiu9p64.dll
2011-07-08 02:45 . 2010-11-26 02:15	29184	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2011-07-08 02:45 . 2010-11-26 02:15	45056	----a-w-	c:\windows\system32\atitmp64.dll
2011-07-08 02:45 . 2011-07-08 02:45	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2011-07-08 02:41 . 2011-07-08 02:41	53760	----a-w-	c:\windows\system32\atimpc64.dll
2011-07-08 02:41 . 2011-07-08 02:41	53760	----a-w-	c:\windows\system32\amdpcom64.dll
2011-07-08 02:40 . 2011-07-08 02:40	52736	----a-w-	c:\windows\SysWow64\atimpc32.dll
2011-07-08 02:40 . 2011-07-08 02:40	52736	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2011-06-28 04:32 . 2011-05-28 21:34	404640	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-27 21:23 . 2011-06-27 21:23	53760	----a-w-	c:\windows\SysWow64\OVDecode.dll
2011-06-27 21:23 . 2011-06-27 21:23	43520	----a-w-	c:\windows\SysWow64\OpenCL.dll
2011-06-27 21:22 . 2011-06-27 21:22	13904896	----a-w-	c:\windows\SysWow64\amdocl.dll
2011-06-16 08:34 . 2011-06-16 08:34	2971648	----a-w-	c:\windows\system32\SlotMaximizerBe.dll
2011-06-16 08:34 . 2011-06-16 08:34	105984	----a-w-	c:\windows\system32\SlotMaximizerAg.dll
.
.
(((((((((((((((((((((((((((((   SnapShot_2011-09-02_11.48.01   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:23 . 2011-09-02 11:49	77022          	c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-08-27 02:36 . 2011-09-02 11:49	18188          	c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2219899703-1796258898-542126263-1000_UserData.bin
+ 2009-08-27 02:36 . 2011-09-02 12:41	16384          	c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-27 02:36 . 2011-09-01 20:26	16384          	c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-27 02:35 . 2011-09-01 20:26	32768          	c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-27 02:35 . 2011-09-02 12:41	32768          	c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-27 02:36 . 2011-09-02 12:41	16384          	c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-08-27 02:36 . 2011-09-01 20:26	16384          	c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-08-30 02:38 . 2011-09-02 11:47	16384          	c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-08-30 02:38 . 2011-09-03 14:01	16384          	c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-08-30 02:38 . 2011-09-03 14:01	16384          	c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-08-30 02:38 . 2011-09-02 11:47	16384          	c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-16 08:07 . 2011-06-16 08:07	87408          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	87408          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	93024          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	93024          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	35688          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	35688          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	17784          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	17784          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	58240          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	58240          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	44920          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	44920          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	37240          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	37240          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	64352          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	64352          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	51032          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	51032          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	50552          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	50552          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	81784          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	81784          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	81800          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	81800          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	39784          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	39784          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	68952          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	68952          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	62880          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	62880          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	12128          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-06-16 08:07 . 2011-06-16 08:07	12128          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-06-16 08:07 . 2011-06-16 08:07	97680          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	97680          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	17240          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	17240          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	94552          	c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	94552          	c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	91488          	c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	91488          	c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	78168          	c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-09-03 08:02 . 2011-09-03 08:02	78168          	c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	81248          	c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-09-03 08:02 . 2011-09-03 08:02	81248          	c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-09-03 08:14 . 2011-09-03 08:14	70656          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml.Hosting\2f4f8c27bead809838c2edc45e7fc6c0\System.Xaml.Hosting.ni.dll
+ 2011-09-03 08:15 . 2011-09-03 08:15	42496          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\357c754688a5756ac7fc4fc831ffbf03\System.Windows.Presentation.ni.dll
+ 2011-09-03 08:15 . 2011-09-03 08:15	53760          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DynamicD#\c05543a5ad0e08b8142e22ded1741b31\System.Web.DynamicData.Design.ni.dll
+ 2011-09-03 08:10 . 2011-09-03 08:10	86016          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\f7738bf2ff3dc492be82f64880dcfc4c\System.Web.ApplicationServices.ni.dll
+ 2011-09-03 08:07 . 2011-09-03 08:07	47104          	c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Workflow.#\dbfb9e15a3fda72ac9866da23512ddb8\Microsoft.Workflow.Compiler.ni.exe
+ 2011-09-03 08:19 . 2011-09-03 08:19	54784          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml.Hosting\e79b604afd028454021741ed9a346cda\System.Xaml.Hosting.ni.dll
+ 2011-09-03 08:20 . 2011-09-03 08:20	35328          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\b25f69257705a10c95b7b3189e2fc390\System.Windows.Presentation.ni.dll
+ 2011-09-03 08:20 . 2011-09-03 08:20	46592          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\0e7767944043ea135ac3d5c8e640a461\System.Web.DynamicData.Design.ni.dll
+ 2011-09-03 08:17 . 2011-09-03 08:17	71680          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\c43c3b0a5d254895dd63c46bad2f23c0\System.Web.ApplicationServices.ni.dll
+ 2011-09-03 08:20 . 2011-09-03 08:20	82432          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\a1fdc3ccb352a4ad6ee0efa0eaee40fb\System.ServiceModel.Channels.ni.dll
+ 2011-09-03 08:17 . 2011-09-03 08:17	37888          	c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Workflow.#\17c3a09744ad7d2b365ca85a4c7f183e\Microsoft.Workflow.Compiler.ni.exe
+ 2009-09-09 23:12 . 2011-09-03 13:57	1982          	c:\windows\system32\WDI\ERCQueuedResolutions.dat
+ 2011-09-03 14:00 . 2011-09-03 14:00	2048          	c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-09-02 11:47 . 2011-09-02 11:47	2048          	c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-09-02 11:47 . 2011-09-02 11:47	2048          	c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-03 14:00 . 2011-09-03 14:00	2048          	c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2006-11-02 15:45 . 2011-09-02 11:10	100918          	c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2011-09-02 11:49	100918          	c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 12:46 . 2011-09-02 11:15	658326          	c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2011-09-03 08:02	658326          	c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2011-09-02 11:15	125510          	c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2011-09-03 08:02	125510          	c:\windows\system32\perfc009.dat
+ 2010-08-05 22:11 . 2011-09-03 13:57	388096          	c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-08-05 22:11 . 2011-09-02 11:45	388096          	c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-06-16 08:07 . 2011-06-16 08:07	350592          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	350592          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	163168          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	163168          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	138592          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	138592          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	699224          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	699224          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	857960          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	857960          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	675672          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	675672          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	113512          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	113512          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	129912          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	129912          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	390008          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	390008          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	505208          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	505208          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	261472          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	261472          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	122264          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	122264          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	291184          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	291184          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	349568          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	349568          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	231760          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	231760          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	253280          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	253280          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	378720          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	378720          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	134528          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	134528          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	123736          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	123736          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	392552          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	392552          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	125816          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	125816          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	120152          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	120152          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	607064          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	607064          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	395120          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	395120          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	182144          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	182144          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	285072          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	285072          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	829280          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	829280          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	747360          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	747360          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	436600          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	436600          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	683872          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	683872          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	409448          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	409448          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	210816          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	210816          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	149848          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	149848          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	122248          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	122248          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	525704          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	525704          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	112976          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	112976          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	581464          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	581464          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	832856          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	832856          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	194424          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	194424          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	478576          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	478576          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	167288          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	167288          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	232304          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	232304          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	661352          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	661352          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	349576          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	349576          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	387960          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	387960          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	746336          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	746336          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	505184          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	505184          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	288616          	c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	288616          	c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	335712          	c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	335712          	c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	125440          	c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	125440          	c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	237424          	c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	237424          	c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	187776          	c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	187776          	c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	269672          	c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	269672          	c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	334688          	c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	334688          	c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	109568          	c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-09-03 08:02 . 2011-09-03 08:02	109568          	c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	246128          	c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-09-03 08:02 . 2011-09-03 08:02	246128          	c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-09-03 08:02 . 2011-09-03 08:02	170368          	c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	170368          	c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-09-03 08:16 . 2011-09-03 08:16	552960          	c:\windows\assembly\NativeImages_v4.0.30319_64\XamlBuildTask\7c400a0f16c0a0a0697357e5aa18d89b\XamlBuildTask.ni.dll
+ 2011-09-03 08:07 . 2011-09-03 08:07	462336          	c:\windows\assembly\NativeImages_v4.0.30319_64\WsatConfig\57c4b65ef846fe05e9c03416e4dc8338\WsatConfig.ni.exe
+ 2011-09-03 08:16 . 2011-09-03 08:16	322048          	c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\6c332f5c8c795f7e5415d94bf1d68b0b\WindowsFormsIntegration.ni.dll
+ 2011-09-03 08:16 . 2011-09-03 08:16	645120          	c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\0b326be8df8a20d09e9eb8e827c7258c\UIAutomationClient.ni.dll
+ 2011-09-03 08:09 . 2011-09-03 08:09	525824          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\c767821a3004226d67edf155d5737083\System.Xml.Linq.ni.dll
+ 2011-09-03 08:11 . 2011-09-03 08:11	254976          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Inpu#\a7fe785edf8113c49b5fa6adcb537408\System.Windows.Input.Manipulations.ni.dll
+ 2011-09-03 08:15 . 2011-09-03 08:15	244224          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\820bf604c5055ca63864f042254fad55\System.Windows.Forms.DataVisualization.Design.ni.dll
+ 2011-09-03 08:11 . 2011-09-03 08:11	314880          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.RegularE#\4a4069e206c748016fd69f33283435b4\System.Web.RegularExpressions.ni.dll
+ 2011-09-03 08:15 . 2011-09-03 08:15	444416          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Entity\8c53f8968c1aee56e428f7a8b2712017\System.Web.Entity.ni.dll
+ 2011-09-03 08:15 . 2011-09-03 08:15	366080          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Entity.D#\0d056c8e5bd962e148e98c4e887ce310\System.Web.Entity.Design.ni.dll
+ 2011-09-03 08:15 . 2011-09-03 08:15	962048          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DynamicD#\5eca8504400b3abe12e8511a91ba1f96\System.Web.DynamicData.ni.dll
+ 2011-09-03 08:15 . 2011-09-03 08:15	329216          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DataVisu#\4dd53f516e00c633b9d114f0b18354c5\System.Web.DataVisualization.Design.ni.dll
+ 2011-09-03 08:09 . 2011-09-03 08:09	903168          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\0cad532e2fb59585cc790c3fe656e64f\System.Transactions.ni.dll
+ 2011-09-03 08:11 . 2011-09-03 08:11	280576          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\ee501cc4420ce53f2ded79b3ad798c90\System.ServiceProcess.ni.dll
+ 2011-09-03 08:14 . 2011-09-03 08:14	107520          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\e3cbf844da8dbc1190d37abc30570e29\System.ServiceModel.Channels.ni.dll
+ 2011-09-03 08:14 . 2011-09-03 08:14	574976          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\d5dca414bf2eaadaa237977df320e072\System.ServiceModel.Activation.ni.dll
+ 2011-09-03 08:15 . 2011-09-03 08:15	507904          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\4b2c5b2baad543993991af8e6e347964\System.ServiceModel.Routing.ni.dll
+ 2011-09-03 08:06 . 2011-09-03 08:06	939520          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Security\bd4e7dba4c1d18de2bb92f050691f714\System.Security.ni.dll
+ 2011-09-03 08:09 . 2011-09-03 08:09	994304          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\8343c5b434a16b418f727c2d94c6957d\System.Runtime.Remoting.ni.dll
+ 2011-09-03 08:10 . 2011-09-03 08:10	308224          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Cach#\a4f46af5bee02697f096338385e2baf4\System.Runtime.Caching.ni.dll
+ 2011-09-03 08:14 . 2011-09-03 08:14	930304          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Net\41d449b0be8ff6b6dc9174313db88459\System.Net.ni.dll
+ 2011-09-03 08:14 . 2011-09-03 08:14	781824          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\f8aa02fc7b4467081e19e35a5601f518\System.Messaging.ni.dll
+ 2011-09-03 08:14 . 2011-09-03 08:14	521728          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management.I#\4fc188ed573c4a57a0287938986f6a1c\System.Management.Instrumentation.ni.dll
+ 2011-09-03 08:14 . 2011-09-03 08:14	531456          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.IO.Log\0cca1aa68edcb1f5ee92fc8aaa2c7d51\System.IO.Log.ni.dll
+ 2011-09-03 08:14 . 2011-09-03 08:14	290816          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityMode#\80d06aff25a9994a00f2976a1cb06733\System.IdentityModel.Selectors.ni.dll
+ 2011-09-03 08:09 . 2011-09-03 08:09	348672          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\df0ac9043e9b88bcafa5b378994d8365\System.EnterpriseServices.Wrapper.dll
+ 2011-09-03 08:07 . 2011-09-03 08:07	511488          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\ce5254e2408f77d6a09d30508f8dd52a\System.Dynamic.ni.dll
+ 2011-09-03 08:11 . 2011-09-03 08:11	289792          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing.Desi#\2e852fd84583fc2332ce488779f6b106\System.Drawing.Design.ni.dll
+ 2011-09-03 08:11 . 2011-09-03 08:11	628736          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\6048f7c3071c23536b976d262c34fae1\System.DirectoryServices.Protocols.ni.dll
+ 2011-09-03 08:14 . 2011-09-03 08:14	141824          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Device\80d5d1a7442173fc59c419b8d1c647ff\System.Device.ni.dll
+ 2011-09-03 08:14 . 2011-09-03 08:14	658944          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\8b196cf45ef0a5a64299cc414eaeeabb\System.Data.Services.Design.ni.dll
+ 2011-09-03 08:12 . 2011-09-03 08:12	176128          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.DataSet#\33038b29c486ff870f23a6b37e5b9d11\System.Data.DataSetExtensions.ni.dll
+ 2011-09-03 08:11 . 2011-09-03 08:11	181248          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\c509822f920d2613ab999e6148ab8099\System.Configuration.Install.ni.dll
+ 2011-09-03 08:12 . 2011-09-03 08:12	255488          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\e0dc7e5bc5e66268387e19c10727a030\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-09-03 08:12 . 2011-09-03 08:12	865792          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\55d507e7cc2017d6eed82527df1e910a\System.AddIn.ni.dll
+ 2011-09-03 08:11 . 2011-09-03 08:11	553472          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.D#\0a65293a0732eaeb538fb5d9accafe92\System.Activities.DurableInstancing.ni.dll
+ 2011-09-03 08:07 . 2011-09-03 08:07	430080          	c:\windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\7597686f1c999b6491518ff47508acdf\SMSvcHost.ni.exe
+ 2011-09-03 08:09 . 2011-09-03 08:09	184832          	c:\windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\53d186939a3367ce3b37c84464370ca6\SMDiagnostics.ni.dll
+ 2011-09-03 08:09 . 2011-09-03 08:09	387584          	c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\eb1dae468677366538f99b623e7a7018\PresentationFramework.Royale.ni.dll
+ 2011-09-03 08:09 . 2011-09-03 08:09	745984          	c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\1e80fa78c14d8cac7feaa1d70ffb0a38\PresentationFramework.Luna.ni.dll
+ 2011-09-03 08:09 . 2011-09-03 08:09	331264          	c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\196d1a63ee35811bd9ce868bc70273a7\PresentationFramework.Classic.ni.dll
+ 2011-09-03 08:09 . 2011-09-03 08:09	555520          	c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\039366972f5ad8f34025c5aed57c1929\PresentationFramework.Aero.ni.dll
+ 2011-09-03 08:06 . 2011-09-03 08:06	364544          	c:\windows\assembly\NativeImages_v4.0.30319_64\MSBuild\e02e5954de8e345aaeeadda0ce9b2ce3\MSBuild.ni.exe
+ 2011-09-03 08:07 . 2011-09-03 08:07	422400          	c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\2282b71e9ea6da3366b3b81984109382\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2011-09-03 08:07 . 2011-09-03 08:07	600064          	c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\85e60ede22b298d7e5fcc17757f74ef1\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-09-03 08:07 . 2011-09-03 08:07	849920          	c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Uti#\49cb222730019ddee3188e59aa5db9fa\Microsoft.Build.Utilities.v4.0.ni.dll
+ 2011-09-03 08:06 . 2011-09-03 08:06	353792          	c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Fra#\9fd80f7ed7273ee7e2f49159fc8fbea4\Microsoft.Build.Framework.ni.dll
+ 2011-09-03 08:05 . 2011-09-03 08:05	660480          	c:\windows\assembly\NativeImages_v4.0.30319_64\ComSvcConfig\ee81e938d05b8f9f4b5e523d64c0e13d\ComSvcConfig.ni.exe
+ 2011-09-03 08:20 . 2011-09-03 08:20	404480          	c:\windows\assembly\NativeImages_v4.0.30319_32\XamlBuildTask\e782fcf4c7fd93759848209e2e4623e3\XamlBuildTask.ni.dll
+ 2011-09-03 08:17 . 2011-09-03 08:17	356864          	c:\windows\assembly\NativeImages_v4.0.30319_32\WsatConfig\4911603e46d56e98201c6f5e0ecb0e8d\WsatConfig.ni.exe
+ 2011-09-03 08:20 . 2011-09-03 08:20	252416          	c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\6472eef5098d682d9fe1ba988f0e2a16\WindowsFormsIntegration.ni.dll
+ 2011-09-03 08:20 . 2011-09-03 08:20	482816          	c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\30c40325e5863915a93fdbc61888017e\UIAutomationClient.ni.dll
+ 2011-09-03 08:17 . 2011-09-03 08:17	391680          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\21077827f11f2b5473a075c2cfe52869\System.Xml.Linq.ni.dll
+ 2011-09-03 08:17 . 2011-09-03 08:17	188928          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\fd14fbfb1b15903bf9fb8b712e497117\System.Windows.Input.Manipulations.ni.dll
+ 2011-09-03 08:20 . 2011-09-03 08:20	194048          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\58daccadab92efee72bdd83b9efa8d9d\System.Windows.Forms.DataVisualization.Design.ni.dll
+ 2011-09-03 08:17 . 2011-09-03 08:17	224256          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.RegularE#\3a7926eda66a2c2f23c5e0a9a10e3add\System.Web.RegularExpressions.ni.dll
+ 2011-09-03 08:20 . 2011-09-03 08:20	861696          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\758ee66f2b33aff7ed4e5c77203519af\System.Web.Extensions.Design.ni.dll
+ 2011-09-03 08:20 . 2011-09-03 08:20	332800          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\32b3da52b6b772e804aa661c5a0e9139\System.Web.Entity.ni.dll
+ 2011-09-03 08:20 . 2011-09-03 08:20	297472          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\0c2f55e715613d0d049b5ec2020e5dba\System.Web.Entity.Design.ni.dll
+ 2011-09-03 08:20 . 2011-09-03 08:20	705536          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\2cb43bfb33d917dff8a98e2f36d39d0b\System.Web.DynamicData.ni.dll
+ 2011-09-03 08:20 . 2011-09-03 08:20	259072          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\1622be328ba5237b16b77574d0bb683b\System.Web.DataVisualization.Design.ni.dll
+ 2011-09-03 08:17 . 2011-09-03 08:17	646656          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\35088dcea3449dd518738b606bd9a150\System.Transactions.ni.dll
+ 2011-09-03 08:17 . 2011-09-03 08:17	221696          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\e5e480c7ee8c4e0e0a08bb9d809da311\System.ServiceProcess.ni.dll
+ 2011-09-03 08:20 . 2011-09-03 08:20	365056          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\e6c0820211b8ef81c6273f1e2159662b\System.ServiceModel.Routing.ni.dll
+ 2011-09-03 08:19 . 2011-09-03 08:19	422912          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d9854773e25636562796594d81b711ce\System.ServiceModel.Activation.ni.dll
+ 2011-09-03 08:04 . 2011-09-03 08:04	729088          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\f0273f74592371ee808687bbe3b47c96\System.Security.ni.dll
+ 2011-09-03 08:17 . 2011-09-03 08:17	770560          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ecabf11096837ede75a4818632bf715c\System.Runtime.Remoting.ni.dll
+ 2011-09-03 08:17 . 2011-09-03 08:17	241664          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Cach#\37e9674a79d53b6c76795ffa783ea960\System.Runtime.Caching.ni.dll
+ 2011-09-03 08:20 . 2011-09-03 08:20	653312          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\6a64161b2b9795a2db7404b1c4594a1f\System.Net.ni.dll
+ 2011-09-03 08:19 . 2011-09-03 08:19	626176          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\db4a2bdca79d189d8d4a5beaf5798eff\System.Messaging.ni.dll
+ 2011-09-03 08:20 . 2011-09-03 08:20	395264          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\da1301f9af8b84875439449d68ed6488\System.Management.Instrumentation.ni.dll
+ 2011-09-03 08:20 . 2011-09-03 08:20	413696          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\cf5e78d682f36ee0cf243c9c0086d9c4\System.IO.Log.ni.dll
+ 2011-09-03 08:19 . 2011-09-03 08:19	229376          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\2322a873c1b039804c0606c71852d192\System.IdentityModel.Selectors.ni.dll
+ 2011-09-03 08:17 . 2011-09-03 08:17	236032          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\535974de0ac28f073025a0d2cfae1568\System.EnterpriseServices.Wrapper.dll
+ 2011-09-03 08:17 . 2011-09-03 08:17	786944          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\535974de0ac28f073025a0d2cfae1568\System.EnterpriseServices.ni.dll
+ 2011-09-03 08:04 . 2011-09-03 08:04	377344          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\e208a029639dec267bb888366feba173\System.Dynamic.ni.dll
+ 2011-09-03 08:04 . 2011-09-03 08:04	224768          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\2a170f718d17859abc24b94bcb7d4e3c\System.Drawing.Design.ni.dll
+ 2011-09-03 08:20 . 2011-09-03 08:20	913920          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\0c37a3bc52d0a8fb2343f912da4a49a6\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-09-03 08:17 . 2011-09-03 08:17	468992          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\062b6ae9f82eb189eb383c26d0a40996\System.DirectoryServices.Protocols.ni.dll
+ 2011-09-03 08:20 . 2011-09-03 08:20	112640          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\d325ed56b35d4745619121ae9293bf07\System.Device.ni.dll
+ 2011-09-03 08:20 . 2011-09-03 08:20	507904          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\903d833bc30502e13bb81c77f5c4b8ac\System.Data.Services.Design.ni.dll
+ 2011-09-03 08:18 . 2011-09-03 08:18	134656          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\544584967fdc7025f6a4506696110493\System.Data.DataSetExtensions.ni.dll
+ 2011-09-03 08:04 . 2011-09-03 08:04	980480          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\adeec723413d77446d6606813c050048\System.Configuration.ni.dll
+ 2011-09-03 08:17 . 2011-09-03 08:17	148480          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\acd1a7754df6d47b53df162dfe63de92\System.Configuration.Install.ni.dll
+ 2011-09-03 08:04 . 2011-09-03 08:04	690176          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\17aff9c2c94f82753e669acc12631cfb\System.ComponentModel.Composition.ni.dll
+ 2011-09-03 08:18 . 2011-09-03 08:18	194048          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\0f2c28024362223e2f9d3666bacdae54\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-09-03 08:18 . 2011-09-03 08:18	617984          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\9c18864a019ded007f212239f6b5a37a\System.AddIn.ni.dll
+ 2011-09-03 08:18 . 2011-09-03 08:18	404992          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\736a509c3674fdfd018ae4530d12397a\System.Activities.DurableInstancing.ni.dll
+ 2011-09-03 08:17 . 2011-09-03 08:17	317952          	c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\227ebd4817d958e0ccb2234fd8dfc9ce\SMSvcHost.ni.exe
+ 2011-09-03 08:17 . 2011-09-03 08:17	142848          	c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\04375632f6906bd95e87c5d85b31e2a6\SMDiagnostics.ni.dll
+ 2011-09-03 08:04 . 2011-09-03 08:04	656896          	c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b2449fe3db220f6110d76287246caaf6\PresentationFramework.Luna.ni.dll
+ 2011-09-03 08:04 . 2011-09-03 08:04	327680          	c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\814807b505a3f318fbd225ac41897a3f\PresentationFramework.Royale.ni.dll
+ 2011-09-03 08:04 . 2011-09-03 08:04	284160          	c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\63a4e0d2a3a83df23a2d120127e9312f\PresentationFramework.Classic.ni.dll
+ 2011-09-03 08:04 . 2011-09-03 08:04	450560          	c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\404f0d161b7bfc2c1ef9a4b47c37bfa8\PresentationFramework.Aero.ni.dll
+ 2011-09-03 08:17 . 2011-09-03 08:17	274432          	c:\windows\assembly\NativeImages_v4.0.30319_32\MSBuild\c4cb9433cbb7063563e31e0c4c4b82d8\MSBuild.ni.exe
+ 2011-09-03 08:17 . 2011-09-03 08:17	303104          	c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\8fc8777e515a67cf6af8f2f9816eb410\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2011-09-03 08:17 . 2011-09-03 08:17	418816          	c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\982b28a3e0a3f8818f893a3331d9f0bd\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-09-03 08:17 . 2011-09-03 08:17	631808          	c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Uti#\a539de15ecaf42c1157674a49fe9df36\Microsoft.Build.Utilities.v4.0.ni.dll
+ 2011-09-03 08:17 . 2011-09-03 08:17	258048          	c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Fra#\360a6ba32f831caf2754c5eaf20b40e4\Microsoft.Build.Framework.ni.dll
+ 2011-09-03 08:17 . 2011-09-03 08:17	135680          	c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Con#\2311c93f3173ee66456dea5292b12b48\Microsoft.Build.Conversion.v4.0.ni.dll
+ 2011-09-03 08:17 . 2011-09-03 08:17	474624          	c:\windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\0cd2bfab01a740108d6ec30ab3f669ce\ComSvcConfig.ni.exe
+ 2011-09-03 08:17 . 2011-09-03 08:17	846336          	c:\windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\d276401e942d49b3f2b399c3ea9309e9\AspNetMMCExt.ni.dll
+ 2011-04-28 13:48 . 2011-04-28 13:48	3510600          	c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.dll
- 2011-03-23 03:01 . 2011-03-23 03:01	3510600          	c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.dll
- 2011-03-23 03:01 . 2011-03-23 03:01	3510600          	c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
+ 2011-04-28 13:48 . 2011-04-28 13:48	3510600          	c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	1303896          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	1303896          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	3510600          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	3510600          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	2207568          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	2207568          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	5028200          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	5028200          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	1711496          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	1711496          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	6067048          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	6067048          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	1026936          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	1026936          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	4464480          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	4464480          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	1339736          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	1339736          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	1199968          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	1199968          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	1462648          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	1462648          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	6346600          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	6346600          	c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	3111768          	c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	3111768          	c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	3453792          	c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	3453792          	c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	4967248          	c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	4967248          	c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	3563408          	c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	3563408          	c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	2970968          	c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-09-03 08:02 . 2011-09-03 08:02	2970968          	c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	3545952          	c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2011-09-03 08:03 . 2011-09-03 08:03	3545952          	c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2011-09-03 08:02 . 2011-09-03 08:02	5197648          	c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	5197648          	c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-06-16 08:07 . 2011-06-16 08:07	2989456          	c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-09-03 08:02 . 2011-09-03 08:02	2989456          	c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-04-28 14:57 . 2011-04-28 14:57	2721280          	c:\windows\Installer\456a96b.msp
+ 2011-09-03 08:07 . 2011-09-03 08:07	5176320          	c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\5202133e255ce05947b8afe895e3f76f\WindowsBase.ni.dll
+ 2011-09-03 08:16 . 2011-09-03 08:16	1430016          	c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\a9bf6deb79fd9d2b2541a950ab75a70f\UIAutomationClientsideProviders.ni.dll
+ 2011-09-03 08:06 . 2011-09-03 08:06	7038976          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\1ac4e05bc3b2813ddadb59ba9f0fd961\System.Xml.ni.dll
+ 2011-09-03 08:06 . 2011-09-03 08:06	2447360          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\37ecfcc3de7bdc36ba1c3dfb7ee6a6d5\System.Xaml.ni.dll
+ 2011-09-03 08:16 . 2011-09-03 08:16	1590272          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.WorkflowServ#\fbe2ba64347969428cdb4b44b7a60b70\System.WorkflowServices.ni.dll
+ 2011-09-03 08:16 . 2011-09-03 08:16	2884096          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Workflow.Run#\9e028e746b445086627029bcf48089fb\System.Workflow.Runtime.ni.dll
+ 2011-09-03 08:16 . 2011-09-03 08:16	5906432          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Workflow.Com#\88e29a2b2fed720ec84bae72faade29f\System.Workflow.ComponentModel.ni.dll
+ 2011-09-03 08:15 . 2011-09-03 08:15	3742208          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Workflow.Act#\e9bdcbb56cf9748638fb2d482b8ab52d\System.Workflow.Activities.ni.dll
+ 2011-09-03 08:15 . 2011-09-03 08:15	5627392          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\66beb5e0938298c2812c188925644c94\System.Windows.Forms.DataVisualization.ni.dll
+ 2011-09-03 08:10 . 2011-09-03 08:10	2270720          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\0de9c94ffb0f87fa109f80d3585293c6\System.Web.Services.ni.dll
+ 2011-09-03 08:15 . 2011-09-03 08:15	2955776          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Mobile\1c2e4f125d7a937843660a6541928db0\System.Web.Mobile.ni.dll
+ 2011-09-03 08:15 . 2011-09-03 08:15	1095680          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Extensio#\c5776a40ae450cfe439229d78603bfad\System.Web.Extensions.Design.ni.dll
+ 2011-09-03 08:14 . 2011-09-03 08:14	3758080          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Extensio#\ba57499f1d8069a7b065754621897357\System.Web.Extensions.ni.dll
+ 2011-09-03 08:15 . 2011-09-03 08:15	5595648          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DataVisu#\59e6263d191855509c91fb276f0953a4\System.Web.DataVisualization.ni.dll
+ 2011-09-03 08:15 . 2011-09-03 08:15	2733568          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Speech\23e8fddabb602c3efb1e0a66f37fab2f\System.Speech.ni.dll
+ 2011-09-03 08:13 . 2011-09-03 08:13	1475584          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\bedac84f554b8fd44b56a93a45b57c67\System.ServiceModel.Web.ni.dll
+ 2011-09-03 08:14 . 2011-09-03 08:14	1561600          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\713b393e8d7075bd1a3683f9e6f6b268\System.ServiceModel.Discovery.ni.dll
+ 2011-09-03 08:14 . 2011-09-03 08:14	1904640          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\49d303c42b9b694447a3ba6e2a1548cf\System.ServiceModel.Activities.ni.dll
+ 2011-09-03 08:09 . 2011-09-03 08:09	3404288          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\6c1acbeb3e61475007b5d20745cad8e8\System.Runtime.Serialization.ni.dll
+ 2011-09-03 08:09 . 2011-09-03 08:09	1346560          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\12d17462d5e3ba196e299bb0f1f0b20d\System.Runtime.DurableInstancing.ni.dll
+ 2011-09-03 08:11 . 2011-09-03 08:11	1422336          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\ed79f8685b97f5520a3169860c8df9f8\System.Printing.ni.dll
+ 2011-09-03 08:14 . 2011-09-03 08:14	1470464          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management\58696f56812c7ea9dc5fde8baa3a4b2a\System.Management.ni.dll
+ 2011-09-03 08:14 . 2011-09-03 08:14	1416192          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\ad8f2f562edccb394180c80e54ddfb21\System.IdentityModel.ni.dll
+ 2011-09-03 08:09 . 2011-09-03 08:09	1096704          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\df0ac9043e9b88bcafa5b378994d8365\System.EnterpriseServices.ni.dll
+ 2011-09-03 08:09 . 2011-09-03 08:09	2290688          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\058e1143c689861be149cf7c1fcf597a\System.Drawing.ni.dll
+ 2011-09-03 08:14 . 2011-09-03 08:14	1217024          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\eb5e94ddc12db438063a90394e46f070\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-09-03 08:09 . 2011-09-03 08:09	1622016          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\0cf67c3a77fd159d0af43d16663b1a65\System.DirectoryServices.ni.dll
+ 2011-09-03 08:11 . 2011-09-03 08:11	2400256          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\39ccef129f4a96c17b6406678d53c87b\System.Deployment.ni.dll
+ 2011-09-03 08:10 . 2011-09-03 08:10	8580608          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data\fc45ad58e3a025051ededa0efbae404f\System.Data.ni.dll
+ 2011-09-03 08:06 . 2011-09-03 08:06	3386880          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\ed5027c747ed64957ac313befd47e345\System.Data.SqlXml.ni.dll
+ 2011-09-03 08:13 . 2011-09-03 08:13	2691584          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Services\5a6f3925547464ba12ecf96b55f564e3\System.Data.Services.ni.dll
+ 2011-09-03 08:14 . 2011-09-03 08:14	1791488          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\c6f24f3171576104e80b12c4f4254ed2\System.Data.Services.Client.ni.dll
+ 2011-09-03 08:11 . 2011-09-03 08:11	1498112          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.OracleC#\df4c3306f4d3a1320396f232deea114a\System.Data.OracleClient.ni.dll
+ 2011-09-03 08:13 . 2011-09-03 08:13	3380736          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\5f31190f3c1a0ec0518782618b804517\System.Data.Linq.ni.dll
+ 2011-09-03 08:13 . 2011-09-03 08:13	1726976          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity.#\ec4f3d6399aa106303065b86cbf8847a\System.Data.Entity.Design.ni.dll
+ 2011-09-03 08:06 . 2011-09-03 08:06	1255424          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\fcf22c02eb60f8d045daa4386bb604f3\System.Configuration.ni.dll
+ 2011-09-03 08:12 . 2011-09-03 08:12	1002496          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\6f848e806caa9545c09866dd0950d853\System.ComponentModel.Composition.ni.dll
+ 2011-09-03 08:11 . 2011-09-03 08:11	5680640          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities\c073f492e366b50d599e8f1447579946\System.Activities.ni.dll
+ 2011-09-03 08:12 . 2011-09-03 08:12	4887040          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\6f2faf3f19358776373922b510603a8f\System.Activities.Presentation.ni.dll
+ 2011-09-03 08:11 . 2011-09-03 08:11	2005504          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\9a2609f428f731670b3a730cb3f88dd4\System.Activities.Core.Presentation.ni.dll
+ 2011-09-03 08:11 . 2011-09-03 08:11	4127232          	c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\dbe098606014df542c37b96962fd8717\ReachFramework.ni.dll
+ 2011-09-03 08:09 . 2011-09-03 08:09	2032128          	c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\00416e9efbc68509f113692996b45e75\PresentationUI.ni.dll
+ 2011-09-03 08:07 . 2011-09-03 08:07	1890304          	c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationBuildTa#\ec0a15599921f73b7a56051e9b7afb93\PresentationBuildTasks.ni.dll
+ 2011-09-03 08:07 . 2011-09-03 08:07	2314752          	c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\d83a6fc3a6bd96beaa9845201290f292\Microsoft.VisualBasic.ni.dll
+ 2011-09-03 08:07 . 2011-09-03 08:07	1622528          	c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\c386ff5a7c5bfa6b1dfdc6f53119b3a6\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2011-09-03 08:07 . 2011-09-03 08:07	1828864          	c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\6bf044858d9641f9b24c4554076e5ae7\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2011-09-03 08:07 . 2011-09-03 08:07	1510400          	c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\e174701b531de21d8a96ea8ea5975000\Microsoft.Transactions.Bridge.ni.dll
+ 2011-09-03 08:14 . 2011-09-03 08:14	3312128          	c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\9f986e23b6ecb48281324d51fdb6e799\Microsoft.JScript.ni.dll
+ 2011-09-03 08:07 . 2011-09-03 08:07	2009088          	c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\5046c55b7feb9c9156d18fe1d4735480\Microsoft.CSharp.ni.dll
+ 2011-09-03 08:06 . 2011-09-03 08:06	5997056          	c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build\abe1be45214fd65637bfcad0f5885b02\Microsoft.Build.ni.dll
+ 2011-09-03 08:11 . 2011-09-03 08:11	3804672          	c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Tas#\5a229d6ec80ae687c61556b4934d8e84\Microsoft.Build.Tasks.v4.0.ni.dll
+ 2011-09-03 08:07 . 2011-09-03 08:07	2518528          	c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Eng#\97fc5d998a224b1a4c1f5c5db583635c\Microsoft.Build.Engine.ni.dll
+ 2011-09-03 08:05 . 2011-09-03 08:05	1003008          	c:\windows\assembly\NativeImages_v4.0.30319_64\AspNetMMCExt\5f0dd07c65f51bfbb6df9fa4aa0a4cb8\AspNetMMCExt.ni.dll
+ 2011-09-03 08:04 . 2011-09-03 08:04	3798016          	c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\34f85cc53f8487a29fcaf90c9efd93b2\WindowsBase.ni.dll
+ 2011-09-03 08:20 . 2011-09-03 08:20	1057792          	c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\7589c9739d52787b05c68a143d20dcee\UIAutomationClientsideProviders.ni.dll
+ 2011-09-03 08:04 . 2011-09-03 08:04	9085952          	c:\windows\assembly\NativeImages_v4.0.30319_32\System\b13a0678a604588bfb6a4ebfadc32cb0\System.ni.dll
+ 2011-09-03 08:04 . 2011-09-03 08:04	5618176          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bbcb0d5e67db5452b3ba77fd71ea182d\System.Xml.ni.dll
+ 2011-09-03 08:17 . 2011-09-03 08:17	1781760          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3aa498d229252ab540482ccecaab8f85\System.Xaml.ni.dll
+ 2011-09-03 08:20 . 2011-09-03 08:20	1208320          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\cdce42cd0fad501dd2a2e7ac4c081011\System.WorkflowServices.ni.dll
+ 2011-09-03 08:20 . 2011-09-03 08:20	1968640          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Run#\0536647f474b56b39cc12842ec8ace5c\System.Workflow.Runtime.ni.dll
+ 2011-09-03 08:20 . 2011-09-03 08:20	4461568          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Com#\f31c346bdaaf54581b5139c2a815e9f6\System.Workflow.ComponentModel.ni.dll
+ 2011-09-03 08:20 . 2011-09-03 08:20	2870272          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\ebd981550d00eead9ac4381d56ec4722\System.Workflow.Activities.ni.dll
+ 2011-09-03 08:20 . 2011-09-03 08:20	4545024          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\4742ebf18e4d1f9f6a464afb3f2e884d\System.Windows.Forms.DataVisualization.ni.dll
+ 2011-09-03 08:17 . 2011-09-03 08:17	1895424          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\dc7b1ab0894c561302c96a091a7ab043\System.Web.Services.ni.dll
+ 2011-09-03 08:20 . 2011-09-03 08:20	2328576          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\e25a5334f7e500342842780ee1999ca1\System.Web.Mobile.ni.dll
+ 2011-09-03 08:20 . 2011-09-03 08:20	3087872          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\587c770a0d980876e0aee2265a623be5\System.Web.Extensions.ni.dll
+ 2011-09-03 08:20 . 2011-09-03 08:20	4531712          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\f8bf3bd8913bb46cb94e669d85cb5b01\System.Web.DataVisualization.ni.dll
+ 2011-09-03 08:20 . 2011-09-03 08:20	2011136          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\36b38adc49360fcc35892ab7fb15c9d8\System.Speech.ni.dll
+ 2011-09-03 08:20 . 2011-09-03 08:20	1128960          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\e2abacbaf2e4786339eba541d3d5596c\System.ServiceModel.Discovery.ni.dll
+ 2011-09-03 08:19 . 2011-09-03 08:19	1387520          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\0f9b303dde68998490e8b5be32c6147a\System.ServiceModel.Activities.ni.dll
+ 2011-09-03 08:19 . 2011-09-03 08:19	1050624          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\0d6672e2f8038c5349f39c713b5c7697\System.ServiceModel.Web.ni.dll
+ 2011-09-03 08:17 . 2011-09-03 08:17	2637312          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\020ccbaa78022e92722e98d1c677bfed\System.Runtime.Serialization.ni.dll
+ 2011-09-03 08:17 . 2011-09-03 08:17	1020928          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\65c22515c57fbe4a3c3a6382986d7192\System.Runtime.DurableInstancing.ni.dll
+ 2011-09-03 08:17 . 2011-09-03 08:17	1050112          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\16fb985d0651d7c5d25aa06de7921eee\System.Printing.ni.dll
+ 2011-09-03 08:19 . 2011-09-03 08:19	1218560          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\2c94c3a30c2464d14c3edb1ef5ad9c18\System.Management.ni.dll
+ 2011-09-03 08:19 . 2011-09-03 08:19	1072128          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\0d26f913a3620a32aac1bf34e380ede0\System.IdentityModel.ni.dll
+ 2011-09-03 08:04 . 2011-09-03 08:04	1652736          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c3b1fb3982b305452a4c7c8cdcb1934\System.Drawing.ni.dll
+ 2011-09-03 08:17 . 2011-09-03 08:17	1172992          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\9e98b2fb9d6c6bfd22331a3612e1ae77\System.DirectoryServices.ni.dll
+ 2011-09-03 08:17 . 2011-09-03 08:17	1878016          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\738bd15095d25b3df67f7574274e3480\System.Deployment.ni.dll
+ 2011-09-03 08:04 . 2011-09-03 08:04	6798336          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\a2191137e48d026aafbd8395d767afa1\System.Data.ni.dll
+ 2011-09-03 08:04 . 2011-09-03 08:04	2545152          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\921f450dafcc9c118240bdc111f85c7b\System.Data.SqlXml.ni.dll
+ 2011-09-03 08:19 . 2011-09-03 08:19	2018304          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Services\f1b6e47d1a5e82107040c7f2bccdd6d6\System.Data.Services.ni.dll
+ 2011-09-03 08:20 . 2011-09-03 08:20	1338880          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\392366875f6c71fdd16e1db79062ebb1\System.Data.Services.Client.ni.dll
+ 2011-09-03 08:17 . 2011-09-03 08:17	1189376          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\8afe7e1f3addab301258557ba93e2e7a\System.Data.OracleClient.ni.dll
+ 2011-09-03 08:04 . 2011-09-03 08:04	2512384          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\12d1f89d64401ab14f15e3e5e4ddf966\System.Data.Linq.ni.dll
+ 2011-09-03 08:19 . 2011-09-03 08:19	1408000          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity.#\666ce0126ec98e32ee09ffc4afb7fcce\System.Data.Entity.Design.ni.dll
+ 2011-09-03 08:04 . 2011-09-03 08:04	7054336          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\2adac0cd51859321437cc684331a3b45\System.Core.ni.dll
+ 2011-09-03 08:18 . 2011-09-03 08:18	4121088          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\9bbcd5e6d245a8b7799b5425b2b2b302\System.Activities.ni.dll
+ 2011-09-03 08:18 . 2011-09-03 08:18	3713024          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\276bef59e43e2fa5b005d47b1a898d80\System.Activities.Presentation.ni.dll
+ 2011-09-03 08:18 . 2011-09-03 08:18	1518080          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\2899fc096074503091d61f6744c11845\System.Activities.Core.Presentation.ni.dll
+ 2011-09-03 08:18 . 2011-09-03 08:18	2859008          	c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\56e13dd851c3818cad1ae86777baedda\ReachFramework.ni.dll
+ 2011-09-03 08:17 . 2011-09-03 08:17	1630208          	c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\5e48f32fa425c2e822776c54d4a98093\PresentationUI.ni.dll
+ 2011-09-03 08:17 . 2011-09-03 08:17	1478144          	c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationBuildTa#\02df60e4acfdc10925f537588039412b\PresentationBuildTasks.ni.dll
+ 2011-09-03 08:17 . 2011-09-03 08:17	1172480          	c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\5753643b5768a762ff52c1a3e86437a8\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2011-09-03 08:17 . 2011-09-03 08:17	1836544          	c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\3a35d8c95c2a851e1175cc02d3ad3e50\Microsoft.VisualBasic.ni.dll
+ 2011-09-03 08:17 . 2011-09-03 08:17	1138688          	c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\0881c19254cb2f023624305d6fe13290\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2011-09-03 08:17 . 2011-09-03 08:17	1082368          	c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\ba6e30d4928b782b24606e333d72e9bd\Microsoft.Transactions.Bridge.ni.dll
+ 2011-09-03 08:19 . 2011-09-03 08:19	2452480          	c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\6fb9478d3774d431ccd29f7524446f18\Microsoft.JScript.ni.dll
+ 2011-09-03 08:04 . 2011-09-03 08:04	1616384          	c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\7c28712cdf88f58930538dcc2f342a78\Microsoft.CSharp.ni.dll
+ 2011-09-03 08:17 . 2011-09-03 08:17	4243456          	c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build\6616791409caec4be479e47443a5588e\Microsoft.Build.ni.dll
+ 2011-09-03 08:17 . 2011-09-03 08:17	2868736          	c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\70b026614b7d7d5ab97ef704de534849\Microsoft.Build.Tasks.v4.0.ni.dll
+ 2011-09-03 08:17 . 2011-09-03 08:17	1929216          	c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Eng#\ec5058d9e0f6a13ec4c46448f7c23618\Microsoft.Build.Engine.ni.dll
+ 2010-08-05 22:11 . 2011-09-03 13:57	11293008          	c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2219899703-1796258898-542126263-1000-12288.dat
+ 2011-09-03 08:03 . 2011-09-03 08:03	11872768          	c:\windows\assembly\NativeImages_v4.0.30319_64\System\e033094f5df23aa619519b537eb14448\System.ni.dll
+ 2011-09-03 08:11 . 2011-09-03 08:11	17288192          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\e0091eb98fa841649b6fad17bb0e7262\System.Windows.Forms.ni.dll
+ 2011-09-03 08:10 . 2011-09-03 08:10	15656448          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web\60073206bd3904cfc625e0913b9ccdef\System.Web.ni.dll
+ 2011-09-03 08:14 . 2011-09-03 08:14	24483840          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\a73197785f07721fd89b02713b6f0b86\System.ServiceModel.ni.dll
+ 2011-09-03 08:10 . 2011-09-03 08:10	13255680          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Design\f8b5a462bf7492c95d2dd823db7e8ffc\System.Design.ni.dll
+ 2011-09-03 08:13 . 2011-09-03 08:13	18434048          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\fe4d47d9ba672ae77c737bb7ad518324\System.Data.Entity.ni.dll
+ 2011-09-03 08:06 . 2011-09-03 08:06	10422272          	c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\4ef06cf2c3950f4d4b9037b841c05914\System.Core.ni.dll
+ 2011-09-03 08:09 . 2011-09-03 08:09	23242240          	c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\9b38883339d48793df2b27d247e73971\PresentationFramework.ni.dll
+ 2011-09-03 08:08 . 2011-09-03 08:08	15102976          	c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\7b4a4ec0cae68a2c165b0a73be99105d\PresentationCore.ni.dll
+ 2011-09-03 08:04 . 2011-09-03 08:04	13137920          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f72ff4e603cc8879eb7b18841bfa9c0c\System.Windows.Forms.ni.dll
+ 2011-09-03 08:17 . 2011-09-03 08:17	11993088          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\2893ce1fc4f7bff9fba4bf550944d4eb\System.Web.ni.dll
+ 2011-09-03 08:19 . 2011-09-03 08:19	17996800          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\af95bce9a5fcfe3119fc175cc9b0b3d5\System.ServiceModel.ni.dll
+ 2011-09-03 08:04 . 2011-09-03 08:04	10969088          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\b21d85d9212da4598629dcbe5a2e2f79\System.Design.ni.dll
+ 2011-09-03 08:19 . 2011-09-03 08:19	13325312          	c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\ce6c51d21159048033141cfc37c74aa2\System.Data.Entity.ni.dll
+ 2011-09-03 08:04 . 2011-09-03 08:04	17671168          	c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1be95cb0b36c0cc1a0b13d20387e0bcc\PresentationFramework.ni.dll
+ 2011-09-03 08:04 . 2011-09-03 08:04	11106816          	c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\957a34ba01f489cf306bd9aeffcbf67b\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0170104E-FA8A-4130-A625-1420AD5F97Ef}]
c:\windows\SysWow64\atidxx3232.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"NVIDIA nTune"="c:\program files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 98304]
"InstallIQUpdater"="c:\program files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2010-07-07 1008128]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-06 224616]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-08 336384]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 uvnc_service;uvnc_service;c:\program files (x86)\UltraVNC\winvnc.exe [x]
R3 ALSysIO;ALSysIO;c:\users\Jordan\AppData\Local\Temp\ALSysIO64.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [2009-02-02 23536]
R3 TeamViewer6;TeamViewer 6;c:\users\Jordan\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Service.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-08 365568]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-11 c:\windows\Tasks\HPCeeScheduleForJordan.job
- c:\program files (x86)\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2009-05-09 01:17]
.
2011-08-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-02-02 18:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
c:\program files (x86)\Hotspot Shield\hssie\HssIE_64.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-08-19 333344]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"combofix"="c:\combofix\CF25970.3XE" [2008-01-21 363008]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://g.live.com/1rewlive4startup/home
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=;ftp=;https=;
uSearchURL,(Default) = hxxp://my.juno.com/s/search?r=minisearch
IE: Display All Images with Full Quality - "c:\program files (x86)\Juno\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files (x86)\Juno\qsacc\appres.dll/227"
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: juno.com
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\68g3zchw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.homepage.dontask, true
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
Completion time: 2011-09-03  09:06:53 - machine was rebooted
ComboFix-quarantined-files.txt  2011-09-03 14:06
ComboFix2.txt  2011-09-02 11:54
ComboFix3.txt  2011-08-19 11:05
ComboFix4.txt  2011-08-02 00:42
ComboFix5.txt  2011-09-03 03:22
.
Pre-Run: 523,046,326,272 bytes free
Post-Run: 522,111,631,360 bytes free
.
- - End Of File - - 6A434B930F2CD93973DA7EE8D5E98A3E

Attached Files


Edited by lazydude, 03 September 2011 - 09:30 AM.


#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:38 PM

Posted 03 September 2011 - 06:44 PM

From your write-up from the last post I think we'd better change tack. The boot issue and freezing may need to be investigated further.

Please run aswMBR

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#10 lazydude

lazydude
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 03 September 2011 - 11:06 PM

I got BSOD twice. I believe because of this scan. I had youtube on and my computer was making weird noises. Like it was distorted.
The first was IRQL_NOT_LESS_OR_EQUAL.
The second came up then restarted so I couldn't see.

I will wait for further instructions.
Also the program is 1.82MB and it downloaded avast definitions. Using my harddrive isn't an issue, just want to be descriptive.

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:38 PM

Posted 04 September 2011 - 05:47 AM

Definitely suspicious when aswMBR can't run.

Can you try MBRCheck for me

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#12 lazydude

lazydude
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 04 September 2011 - 12:30 PM

MBRCheck, version 1.2.3

(c) 2010, AD



Command-line:			

Windows Version:		Windows Vista Home Premium Edition

Windows Information:		Service Pack 2 (build 6002), 64-bit

Base Board Manufacturer:	PEGATRON CORPORATION

BIOS Manufacturer:		American Megatrends Inc.

System Manufacturer:		HP-Pavilion

System Product Name:		NY464AA-ABA p6130y

Logical Drives Mask:		0x0000079c



Kernel Drivers (total 149):

  0x02461000 \SystemRoot\system32\ntoskrnl.exe

  0x0241B000 \SystemRoot\system32\hal.dll

  0x00600000 \SystemRoot\system32\kdcom.dll

  0x0060A000 \SystemRoot\system32\PSHED.dll

  0x0061E000 \SystemRoot\system32\CLFS.SYS

  0x0067B000 \SystemRoot\system32\CI.dll

  0x0072D000 \SystemRoot\system32\drivers\Wdf01000.sys

  0x007D1000 \SystemRoot\system32\drivers\WDFLDR.SYS

  0x00808000 \SystemRoot\system32\drivers\acpi.sys

  0x0085E000 \SystemRoot\system32\drivers\WMILIB.SYS

  0x00867000 \SystemRoot\system32\drivers\msisadrv.sys

  0x00871000 \SystemRoot\system32\drivers\pci.sys

  0x008A1000 \SystemRoot\System32\drivers\partmgr.sys

  0x008B6000 \SystemRoot\system32\drivers\volmgr.sys

  0x008CA000 \SystemRoot\System32\drivers\volmgrx.sys

  0x00930000 \SystemRoot\system32\drivers\nvrd64.sys

  0x0095C000 \SystemRoot\system32\drivers\CLASSPNP.SYS

  0x00988000 \SystemRoot\System32\drivers\mountmgr.sys

  0x0099B000 \SystemRoot\system32\drivers\nvraid.sys

  0x009BE000 \SystemRoot\system32\drivers\nvstor64.sys

  0x00A03000 \SystemRoot\system32\drivers\storport.sys

  0x00A60000 \SystemRoot\system32\drivers\fltmgr.sys

  0x00AA7000 \SystemRoot\system32\drivers\fileinfo.sys

  0x00ABB000 \SystemRoot\System32\Drivers\ksecdd.sys

  0x00C04000 \SystemRoot\system32\drivers\ndis.sys

  0x00B42000 \SystemRoot\system32\drivers\msrpc.sys

  0x00B92000 \SystemRoot\system32\drivers\NETIO.SYS

  0x00E09000 \SystemRoot\System32\drivers\tcpip.sys

  0x00F7D000 \SystemRoot\System32\drivers\fwpkclnt.sys

  0x0100A000 \SystemRoot\System32\Drivers\Ntfs.sys

  0x0118A000 \SystemRoot\system32\drivers\volsnap.sys

  0x011CE000 \SystemRoot\System32\Drivers\spldr.sys

  0x011D6000 \SystemRoot\System32\Drivers\mup.sys

  0x00FA9000 \SystemRoot\System32\drivers\ecache.sys

  0x011E8000 \SystemRoot\system32\drivers\disk.sys

  0x01000000 \SystemRoot\system32\drivers\crcdisk.sys

  0x00FED000 \SystemRoot\system32\DRIVERS\tunnel.sys

  0x00E00000 \SystemRoot\system32\DRIVERS\tunmp.sys

  0x00BEB000 \SystemRoot\system32\DRIVERS\processr.sys

  0x00DF3000 \SystemRoot\system32\DRIVERS\nvsmu.sys

  0x009EA000 \SystemRoot\system32\DRIVERS\usbohci.sys

  0x02C00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

  0x02C46000 \SystemRoot\system32\DRIVERS\usbehci.sys

  0x02C57000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

  0x02D44000 \SystemRoot\system32\DRIVERS\ohci1394.sys

  0x02D56000 \SystemRoot\system32\DRIVERS\1394BUS.SYS

  0x02D66000 \SystemRoot\system32\DRIVERS\cdrom.sys

  0x02D82000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

  0x02E0B000 \SystemRoot\system32\DRIVERS\nvmfdx64.sys

  0x02F78000 \SystemRoot\system32\DRIVERS\atikmpag.sys

  0x0300C000 \SystemRoot\system32\DRIVERS\atikmdag.sys

  0x03A09000 \SystemRoot\System32\drivers\dxgkrnl.sys

  0x03AEC000 \SystemRoot\System32\drivers\watchdog.sys

  0x03C03000 \SystemRoot\system32\DRIVERS\athrx.sys

  0x03D26000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

  0x03D2F000 \SystemRoot\system32\DRIVERS\msiscsi.sys

  0x03D68000 \SystemRoot\system32\DRIVERS\TDI.SYS

  0x03D75000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

  0x03D98000 \SystemRoot\system32\DRIVERS\ndistapi.sys

  0x03DA4000 \SystemRoot\system32\DRIVERS\ndiswan.sys

  0x03DD5000 \SystemRoot\system32\DRIVERS\raspppoe.sys

  0x03AFC000 \SystemRoot\system32\DRIVERS\raspptp.sys

  0x03DE5000 \SystemRoot\system32\DRIVERS\rassstp.sys

  0x03B1A000 \SystemRoot\system32\DRIVERS\termdd.sys

  0x03B2D000 \SystemRoot\system32\DRIVERS\kbdclass.sys

  0x03B3B000 \SystemRoot\system32\DRIVERS\mouclass.sys

  0x03DFD000 \SystemRoot\system32\DRIVERS\swenum.sys

  0x03B47000 \SystemRoot\system32\DRIVERS\ks.sys

  0x03B7B000 \SystemRoot\system32\DRIVERS\circlass.sys

  0x03B8C000 \SystemRoot\system32\DRIVERS\mssmbios.sys

  0x03B97000 \SystemRoot\system32\DRIVERS\amdiox64.sys

  0x03BAB000 \SystemRoot\system32\DRIVERS\umbus.sys

  0x02D8F000 \SystemRoot\system32\DRIVERS\usbhub.sys

  0x03BBB000 \SystemRoot\System32\Drivers\NDProxy.SYS

  0x04601000 \SystemRoot\system32\drivers\RTKVHD64.sys

  0x04886000 \SystemRoot\system32\drivers\portcls.sys

  0x048C1000 \SystemRoot\system32\drivers\drmk.sys

  0x048E4000 \SystemRoot\system32\drivers\ksthunk.sys

  0x048EA000 \SystemRoot\system32\drivers\AtiHdmi.sys

  0x0490B000 \SystemRoot\system32\DRIVERS\MpFilter.sys

  0x0493C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

  0x04946000 \SystemRoot\System32\Drivers\Null.SYS

  0x0495A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

  0x04962000 \SystemRoot\system32\DRIVERS\hidusb.sys

  0x0496B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

  0x0497D000 \SystemRoot\system32\DRIVERS\USBD.SYS

  0x04995000 \SystemRoot\System32\drivers\vga.sys

  0x049A3000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

  0x049C8000 \SystemRoot\system32\DRIVERS\mouhid.sys

  0x049D3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

  0x049DC000 \SystemRoot\system32\drivers\rdpencdd.sys

  0x049E5000 \SystemRoot\System32\Drivers\Msfs.SYS

  0x0497F000 \SystemRoot\System32\Drivers\Npfs.SYS

  0x049F0000 \SystemRoot\System32\DRIVERS\rasacd.sys

  0x03BCF000 \SystemRoot\system32\DRIVERS\tdx.sys

  0x039CC000 \SystemRoot\system32\DRIVERS\usbccgp.sys

  0x02FC8000 \SystemRoot\system32\DRIVERS\smb.sys

  0x04C03000 \SystemRoot\system32\drivers\afd.sys

  0x04C6E000 \SystemRoot\system32\DRIVERS\kbdhid.sys

  0x04C79000 \SystemRoot\System32\DRIVERS\netbt.sys

  0x04CBD000 \SystemRoot\system32\DRIVERS\pacer.sys

  0x04CDB000 \SystemRoot\system32\DRIVERS\netbios.sys

  0x04CEA000 \SystemRoot\system32\DRIVERS\wanarp.sys

  0x04D05000 \SystemRoot\system32\DRIVERS\rdbss.sys

  0x04D52000 \SystemRoot\system32\drivers\nsiproxy.sys

  0x04D5E000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

  0x04D76000 \SystemRoot\System32\Drivers\dfsc.sys

  0x04D93000 \SystemRoot\system32\DRIVERS\udfs.sys

  0x04DE1000 \SystemRoot\System32\Drivers\crashdmp.sys

  0x04DEF000 \SystemRoot\System32\Drivers\dump_diskdump.sys

  0x00DC7000 \SystemRoot\System32\Drivers\dump_nvstor64.sys

  0x00020000 \SystemRoot\System32\win32k.sys

  0x03BEC000 \SystemRoot\System32\drivers\Dxapi.sys

  0x039E8000 \SystemRoot\system32\DRIVERS\monitor.sys

  0x004D0000 \SystemRoot\System32\TSDDD.dll

  0x00660000 \SystemRoot\System32\cdd.dll

  0x008E0000 \SystemRoot\System32\ATMFD.DLL

  0x02DD7000 \SystemRoot\system32\drivers\luafv.sys

  0x0700D000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

  0x07D37000 \SystemRoot\system32\DRIVERS\nvBridge.kmd

  0x07D39000 \SystemRoot\system32\drivers\spsys.sys

  0x07DD3000 \SystemRoot\system32\DRIVERS\lltdio.sys

  0x0840A000 \SystemRoot\system32\DRIVERS\nwifi.sys

  0x0843E000 \SystemRoot\system32\DRIVERS\ndisuio.sys

  0x08449000 \SystemRoot\system32\DRIVERS\rspndr.sys

  0x08461000 \SystemRoot\system32\drivers\HTTP.sys

  0x08504000 \SystemRoot\System32\DRIVERS\srvnet.sys

  0x0852D000 \SystemRoot\system32\DRIVERS\bowser.sys

  0x0854B000 \SystemRoot\System32\drivers\mpsdrv.sys

  0x08565000 \SystemRoot\system32\drivers\mrxdav.sys

  0x0858C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

  0x085B5000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

  0x007E0000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

  0x08A0E000 \SystemRoot\System32\DRIVERS\srv2.sys

  0x08A40000 \SystemRoot\System32\DRIVERS\srv.sys

  0x08AD3000 \SystemRoot\system32\DRIVERS\MpNWMon.sys

  0x08AE3000 \SystemRoot\system32\drivers\peauth.sys

  0x08B99000 \SystemRoot\System32\Drivers\secdrv.SYS

  0x08BA4000 \SystemRoot\System32\drivers\tcpipreg.sys

  0x08BB4000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

  0x08BD4000 \SystemRoot\system32\DRIVERS\WUDFPf.sys

  0x09C09000 \SystemRoot\system32\DRIVERS\ipnat.sys

  0x09C38000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys

  0x09C50000 \??\C:\Windows\nvoclk64.sys

  0x09C5E000 \SystemRoot\system32\drivers\tdtcp.sys

  0x09C6B000 \SystemRoot\System32\DRIVERS\tssecsrv.sys

  0x09C79000 \SystemRoot\System32\Drivers\RDPWD.SYS

  0x09CB5000 \??\C:\Windows\system32\drivers\mbam.sys

  0x76EB0000 \Windows\System32\ntdll.dll



Processes (total 77):

   	0 System Idle Process

   	4 System

 	456 C:\Windows\System32\smss.exe

 	524 csrss.exe

 	588 C:\Windows\System32\wininit.exe

 	616 csrss.exe

 	644 C:\Windows\System32\services.exe

 	656 C:\Windows\System32\lsass.exe

 	664 C:\Windows\System32\lsm.exe

 	772 C:\Windows\System32\winlogon.exe

 	856 C:\Windows\System32\svchost.exe

 	904 C:\Windows\System32\nvvsvc.exe

 	932 C:\Windows\System32\svchost.exe

	1000 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

 	464 C:\Windows\System32\atiesrxx.exe

 	632 C:\Windows\System32\svchost.exe

 	748 C:\Windows\System32\svchost.exe

 	296 C:\Windows\System32\svchost.exe

	1120 C:\Windows\System32\audiodg.exe

	1144 C:\Windows\System32\svchost.exe

	1164 C:\Windows\System32\SLsvc.exe

	1228 C:\Windows\System32\svchost.exe

	1268 C:\Windows\System32\atieclxx.exe

	1424 C:\Windows\System32\svchost.exe

	1700 C:\Windows\System32\spoolsv.exe

	1724 C:\Windows\System32\svchost.exe

	2088 C:\Windows\System32\dwm.exe

	2124 C:\Windows\System32\taskeng.exe

	2136 C:\Windows\explorer.exe

	2268 C:\Windows\System32\nvraidservice.exe

	2276 C:\Program Files\Microsoft Security Client\msseces.exe

	2284 C:\Program Files\Windows Sidebar\sidebar.exe

	2296 C:\Windows\ehome\ehtray.exe

	2368 C:\Windows\ehome\ehmsas.exe

	2444 C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe

	2576 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

	2596 C:\Program Files\Windows Sidebar\sidebar.exe

	2656 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

	2668 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

	2680 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

	2732 C:\Program Files (x86)\iTunes\iTunesHelper.exe

	2824 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

	2844 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

	2928 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

	2724 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

	2500 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

	2920 C:\Program Files (x86)\Bonjour\mDNSResponder.exe

	2084 C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe

	3124 C:\Windows\System32\svchost.exe

	3160 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

	3220 C:\Windows\System32\svchost.exe

	3264 C:\Windows\System32\svchost.exe

	3308 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

	3340 C:\Windows\System32\SearchIndexer.exe

	3440 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

	3736 WUDFHost.exe

	3960 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

	3996 C:\Program Files\iPod\bin\iPodService.exe

	4020 WmiPrvSE.exe

	4076 C:\Windows\System32\alg.exe

	3820 C:\Windows\System32\mobsync.exe

	4228 WmiPrvSE.exe

	4556 C:\Windows\System32\wbem\unsecapp.exe

	5088 C:\Program Files (x86)\Mozilla Firefox\firefox.exe

	5116 C:\Windows\System32\svchost.exe

	4640 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

	4356 C:\Windows\System32\taskeng.exe

	4400 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe

	4184 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

	4132 C:\Windows\System32\wuauclt.exe

	2640 C:\Windows\servicing\TrustedInstaller.exe

	1136 C:\Windows\System32\wbem\WMIADAP.exe

	4860 C:\Windows\System32\SearchProtocolHost.exe

	4100 C:\Windows\System32\SearchFilterHost.exe

	4512 C:\Windows\System32\dllhost.exe

	4328 C:\Users\Jordan\Desktop\MBRCheck.exe

	4688 C:\Windows\SysWOW64\conime.exe



\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x000000ab`3144de00  (NTFS)



PhysicalDrive0 Model Number: ST3750528AS, Rev: HP22



  	Size  Device Name      	MBR Status

  --------------------------------------------

	698 GB  \\.\PhysicalDrive0   MBR Code Faked!

        	SHA1: 70B340BF698EDC59D8300D1A71392C9CE7CA1CE7





Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit: 

Options:

  [1] Dump the MBR of a physical disk to file.

  [2] Restore the MBR of a physical disk with a standard boot code.

  [3] Exit.



Enter your choice: 



Done!


#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:38 PM

Posted 04 September 2011 - 05:04 PM

The MBR shows that it is faked but this is not necessarily malware. Please do the following:

Run MBRCheck again

When prompted, Enter 'Y' and hit ENTER for more options
When you see: "Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit):"

Enter 0 to dump the MBR to the physical disk.

Name the dumped file as dump0.dat

Enter -1 to exit.

Please then locate the files and visit this site and follow the instructions for uploading the file.
Posted Image
m0le is a proud member of UNITE

#14 lazydude

lazydude
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 04 September 2011 - 05:42 PM

Done.

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:38 PM

Posted 04 September 2011 - 06:01 PM

The MBR has been rewritten.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Important Note: While fixing the Master Boot Record (MBR) is generally safe, there is a small risk of damaging the operating system so that it will not boot up or the partitions may become corrupted. I recommend you have your Windows CD available which will allow recovering the boot code via the Windows Recovery Console in case of any problems or install the XP Recovery Console before proceeding with the above fix. Then if any problems occur, the links below explain how to use and repair the MBR:If you do not have a Vista recovery disk then please burn one as shown here


Run MBRCheck.exe
  • Run MBRCheck.exe
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter 2 and press the Enter key
  • Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes:, followed by a list of operating systems. Please enter the correct number for your operating system, and then press Enter.
  • when asked Do you want to fix the MRB code? type in YES and press enter
  • Restart your PC.
After you restart the PC
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread

Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users