Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer slowed down and a lot of "not responding" messages


  • This topic is locked This topic is locked
12 replies to this topic

#1 Arwen86

Arwen86

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 04 September 2011 - 03:10 AM

Hello,

I have a problem very similar to http://www.bleepingcomputer.com/forums/topic416137.html.
After I reboot and click the log in button it takes up to 10 min for Windows to start responding and the intro/welcome music to be played. Also, I often get not responding messages for almost all programs.

Avast, Malwarebytes and Hijackthis didn't find anything so I ran Combofix.

Here is the log file.

ComboFix 11-09-03.01 - Bozovic 04/09/2011 9:06.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.392 [GMT 2:00]
Running from: c:\documents and settings\Bozovic\Desktop\Programi\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Bozovic\Desktop\[Torrentreactor.to] - Gossip Girl S03E22 HDTV - Last Tango, Then Paris.torrent
c:\documents and settings\Bozovic\Desktop\[Torrentreactor.to] - Gossip Girl S03E22 HDTV - Last Tango, Then Paris.torrent
c:\documents and settings\Bozovic\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Bozovic\Local Settings\Application Data\ApplicationHistory\acad.exe.d8af3bf3.ini
c:\documents and settings\Bozovic\Local Settings\Application Data\ApplicationHistory\acstart16.exe.3d54d716.ini
c:\documents and settings\Bozovic\Local Settings\Application Data\ApplicationHistory\admigrator.exe.2313f4e.ini
c:\documents and settings\Bozovic\Local Settings\Application Data\ApplicationHistory\Block-Checker Scanner.exe.267f98d1.ini
c:\documents and settings\Bozovic\Local Settings\Application Data\ApplicationHistory\Block-Checker Scanner.exe.e7206d66.ini
c:\documents and settings\Bozovic\Local Settings\Application Data\ApplicationHistory\InternetDopuna.exe.36d0a87b.ini
c:\documents and settings\Bozovic\Local Settings\Application Data\ApplicationHistory\Ngen.exe.2c05686e.ini
c:\documents and settings\Bozovic\Local Settings\Application Data\ApplicationHistory\PlanPlus2006.exe.d60f6270.ini
c:\documents and settings\Bozovic\WINDOWS
c:\windows\dasetup.log
c:\windows\system32\_000036_.tmp.dll
c:\windows\system32\CddbCdda.dll
c:\windows\system32\drivers\wdreg.exe
H:\autorun.inf
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-08-04 to 2011-09-04 )))))))))))))))))))))))))))))))
.
.
2011-08-30 12:56 . 2011-08-30 12:56 -------- d-----w- c:\documents and settings\Bozovic\Local Settings\Application Data\ArcSoft
2011-08-30 12:55 . 2011-08-31 12:57 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2011-08-30 12:54 . 2011-08-30 12:54 -------- d-----w- c:\program files\Common Files\ArcSoft
2011-08-30 12:54 . 2011-08-30 12:54 -------- d-----w- c:\program files\ArcSoft
2011-08-29 07:40 . 2011-08-29 07:40 -------- d-----w- c:\program files\Conduit
2011-08-29 07:40 . 2011-08-29 07:40 -------- d-----w- c:\documents and settings\Bozovic\Local Settings\Application Data\BitTorrentBar
2011-08-29 07:40 . 2011-08-29 07:40 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-08-29 07:40 . 2011-08-29 07:40 -------- d-----w- c:\documents and settings\Bozovic\Local Settings\Application Data\Conduit
2011-08-29 07:39 . 2011-08-29 07:39 -------- d-----w- c:\program files\BitTorrent
2011-08-29 07:38 . 2011-09-04 06:31 -------- d-----w- c:\documents and settings\Bozovic\Application Data\BitTorrent
2011-08-05 12:34 . 2011-08-05 12:56 -------- d-----w- c:\documents and settings\Bozovic\Local Settings\Application Data\DC++
2011-08-05 12:34 . 2011-08-05 12:56 -------- d-----w- c:\documents and settings\Bozovic\Application Data\DC++
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-20 02:36 . 2011-05-23 20:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-06 17:52 . 2010-12-21 05:07 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2010-12-21 05:07 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-04 11:43 . 2010-06-30 05:21 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2008-03-29 07:20 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-03-01 23:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2008-04-02 22:00 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2008-03-29 07:20 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2008-03-29 07:20 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2008-03-29 07:20 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2008-03-29 07:20 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2008-03-29 07:20 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2008-04-02 22:00 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-31 11:44 . 2011-05-08 12:49 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2010-01-15_19.23.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 22:02 . 2009-07-11 22:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2011-09-04 07:18 . 2011-09-04 07:18 16384 c:\windows\Temp\Perflib_Perfdata_1ec.dat
+ 2006-09-28 16:56 . 2006-09-28 16:56 55808 c:\windows\system32\WudfSvc.dll
+ 2006-09-28 18:13 . 2006-09-28 18:13 95344 c:\windows\system32\WUDFCoinstaller.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 38400 c:\windows\system32\wpdshextres.dll
+ 2006-10-18 18:00 . 2006-10-18 18:00 17408 c:\windows\system32\wpdshextautoplay.exe
+ 2006-10-18 19:47 . 2006-10-18 19:47 63488 c:\windows\system32\wpdmtpus.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 35840 c:\windows\system32\wpdconns.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 37376 c:\windows\system32\wmdmps.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 33792 c:\windows\system32\wmdmlog.dll
- 2008-03-31 07:22 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
+ 2011-04-02 23:52 . 2007-11-30 03:39 17272 c:\windows\system32\spmsg.dll
+ 2010-04-16 21:12 . 2010-04-16 21:12 48464 c:\windows\system32\sirenacm.dll
+ 2010-03-18 09:09 . 2010-03-18 09:09 99176 c:\windows\system32\PresentationHostProxy.dll
+ 2001-08-23 13:00 . 2011-03-27 16:43 72842 c:\windows\system32\perfc009.dat
+ 2010-03-18 09:09 . 2010-03-18 09:09 49488 c:\windows\system32\netfxperf.dll
+ 2009-11-11 19:06 . 2009-11-11 19:06 11600 c:\windows\system32\mui\0409\mscorees.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 27136 c:\windows\system32\mspmsnsv.dll
+ 2004-08-04 01:07 . 2008-05-19 04:33 18944 c:\windows\system32\msisip.dll
+ 2004-08-04 01:07 . 2008-05-18 23:57 95744 c:\windows\system32\msiexec.exe
+ 2006-06-22 09:44 . 2006-06-22 09:44 20480 c:\windows\system32\Macromed\Flash\UninstFl.exe
+ 2004-08-04 01:07 . 2006-10-18 19:47 11264 c:\windows\system32\LAPRXY.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 70472 c:\windows\system32\dxva2.dll
+ 2006-09-28 17:00 . 2006-09-28 17:00 82944 c:\windows\system32\drivers\WudfRd.sys
+ 2006-09-28 16:55 . 2006-09-28 16:55 77568 c:\windows\system32\drivers\WudfPf.sys
+ 2006-10-18 18:00 . 2006-10-18 18:00 38528 c:\windows\system32\drivers\wpdusb.sys
+ 2010-04-02 19:23 . 2010-04-02 19:23 67712 c:\windows\system32\drivers\hl_mull.sys
+ 2004-08-04 01:07 . 2006-10-18 19:47 37376 c:\windows\system32\dllcache\wmdmps.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 33792 c:\windows\system32\dllcache\wmdmlog.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 27136 c:\windows\system32\dllcache\mspmsnsv.dll
+ 2004-08-04 01:07 . 2008-05-19 04:33 18944 c:\windows\system32\dllcache\msisip.dll
+ 2004-08-04 01:07 . 2008-05-18 23:57 95744 c:\windows\system32\dllcache\msiexec.exe
+ 2004-08-04 01:07 . 2006-10-18 19:47 11264 c:\windows\system32\dllcache\LAPRXY.dll
- 2007-07-21 11:22 . 2010-01-15 03:21 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-07-21 11:22 . 2011-06-02 03:42 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-07-21 11:22 . 2010-01-15 03:21 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-07-21 11:22 . 2011-06-02 03:42 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-07-21 11:22 . 2010-01-15 03:21 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-06-02 03:42 . 2011-06-02 03:42 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-07-27 14:34 . 2010-07-27 14:34 87702 c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
+ 2010-05-05 14:05 . 2010-05-05 14:05 94208 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2010-04-29 10:11 . 2010-04-29 10:11 79488 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2010-05-05 14:38 . 2010-05-05 14:38 65816 c:\windows\system32\Adobe\Director\SWDNLD.EXE
+ 2010-03-18 12:16 . 2010-03-18 12:16 87408 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsFormsIntegration.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 93024 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationTypes.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 35688 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationProvider.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 17784 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Presentation.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 58240 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Input.Manipulations.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 67912 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PenIMC.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 31576 c:\windows\Microsoft.NET\Framework\v4.0.30319\WMINet_Utils.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 44920 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.ApplicationServices.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 37240 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Channels.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 64352 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Numerics.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 45952 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.Thunk.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 51032 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Device.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 50552 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.DataSetExtensions.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 81784 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Configuration.Install.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 81800 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.DataAnnotations.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 39784 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.Contract.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 68952 c:\windows\Microsoft.NET\Framework\v4.0.30319\SMDiagnostics.dll
+ 2010-03-18 19:58 . 2010-03-18 19:58 96088 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupUtility.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 78152 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\3082\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\3076\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\2070\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\2052\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1055\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1053\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1049\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1046\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1045\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1044\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 19288 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1043\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 15192 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1042\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 15704 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1041\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1040\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1038\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 16728 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1037\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1036\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1035\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1033\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 19288 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1032\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1031\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1030\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1029\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1028\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1025\SetupResources.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 13648 c:\windows\Microsoft.NET\Framework\v4.0.30319\SbsNclPerf.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 58192 c:\windows\Microsoft.NET\Framework\v4.0.30319\regtlibv12.exe
+ 2010-03-18 12:16 . 2010-03-18 12:16 32592 c:\windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
+ 2010-03-18 12:16 . 2010-03-18 12:16 52040 c:\windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
+ 2010-03-18 12:16 . 2010-03-18 12:16 21336 c:\windows\Microsoft.NET\Framework\v4.0.30319\normalization.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 27984 c:\windows\Microsoft.NET\Framework\v4.0.30319\MUI\0409\mscorsecr.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 40784 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorpe.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 20816 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscoreeis.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 12128 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualC.Dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 97680 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 36168 c:\windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
+ 2010-03-18 12:16 . 2010-03-18 12:16 78168 c:\windows\Microsoft.NET\Framework\v4.0.30319\ISymWrapper.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 58200 c:\windows\Microsoft.NET\Framework\v4.0.30319\InstallUtilLib.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 27992 c:\windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
+ 2010-03-18 12:16 . 2010-03-18 12:16 42312 c:\windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 11592 c:\windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
+ 2010-03-18 12:16 . 2010-03-18 12:16 88904 c:\windows\Microsoft.NET\Framework\v4.0.30319\dfdll.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 31048 c:\windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
+ 2010-03-18 12:16 . 2010-03-18 12:16 81248 c:\windows\Microsoft.NET\Framework\v4.0.30319\CustomMarshalers.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 44368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Culture.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 95048 c:\windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
+ 2010-03-18 12:16 . 2010-03-18 12:16 29008 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe
+ 2010-03-18 12:16 . 2010-03-18 12:16 29528 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
+ 2010-03-18 12:16 . 2010-03-18 12:16 29016 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe
+ 2010-03-18 12:16 . 2010-03-18 12:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\Accessibility.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 10064 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\CvtResUI.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 24400 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\alinkui.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorlib.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 13648 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 13648 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 13648 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 13648 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 13648 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 13648 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 13648 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 13648 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 13648 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2010-11-22 21:30 . 2010-11-22 21:30 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2010-11-22 21:29 . 2010-11-22 21:29 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2010-11-22 21:29 . 2010-11-22 21:29 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-11-22 21:29 . 2010-11-22 21:29 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2010-11-22 21:29 . 2010-11-22 21:29 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2010-11-22 21:29 . 2010-11-22 21:29 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-11-22 21:29 . 2010-11-22 21:29 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-11-22 21:29 . 2010-11-22 21:29 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-11-22 21:29 . 2010-11-22 21:29 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-08-02 05:46 . 2011-08-02 05:46 22016 c:\windows\Installer\ffa015c.msi
+ 2010-12-21 01:58 . 2010-12-21 01:58 25088 c:\windows\Installer\58884d.msi
+ 2010-07-27 14:48 . 2010-07-27 14:48 28160 c:\windows\Installer\1e7dfc8b.msi
+ 2010-10-08 02:23 . 2010-10-08 02:23 25088 c:\windows\Installer\124d2547.msi
+ 2011-01-21 20:05 . 2011-01-21 20:05 27136 c:\windows\Installer\100ef8ca.msi
+ 2011-01-21 20:04 . 2011-01-21 20:05 58880 c:\windows\Installer\100ef8a0.msi
+ 2010-05-13 11:28 . 2010-05-13 11:28 25214 c:\windows\Installer\{F7B0939E-58DF-11DF-B3A6-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2011-01-21 20:05 . 2011-01-21 20:05 61272 c:\windows\Installer\{E6158D07-2637-4ECF-B576-37C489669174}\IconWlc.exe
+ 2011-06-23 10:52 . 2011-06-23 10:52 65536 c:\windows\Installer\{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}\ARPPRODUCTICON.exe
+ 2011-01-21 20:06 . 2011-01-21 20:06 80395 c:\windows\Installer\{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}\MsblIco.Exe
+ 2011-06-02 03:47 . 2011-06-02 03:47 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2011-06-02 03:47 . 2011-06-02 03:47 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2011-06-02 03:47 . 2011-06-02 03:47 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2011-06-02 03:47 . 2011-06-02 03:47 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2011-06-02 03:47 . 2011-06-02 03:47 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2011-06-02 03:47 . 2011-06-02 03:47 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2011-06-02 03:47 . 2011-06-02 03:47 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\ARPPRODUCTICON.exe
+ 2011-03-27 16:45 . 2011-03-27 16:45 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2007-02-12 07:06 . 2007-02-12 07:06 23656 c:\windows\Installer\{5783F2D7-6001-0409-0002-0060B0CE6BBA}\CustomRes.dll
+ 2007-02-12 06:06 . 2007-02-12 06:06 23656 c:\windows\Installer\{5783F2D7-6001-0409-0002-0060B0CE6BBA}\CustomRes.dll
+ 2011-06-23 10:57 . 2011-06-23 10:57 73728 c:\windows\Installer\{5783F2D7-6001-0409-0002-0060B0CE6BBA}\Acad162_icon.exe
- 2009-03-13 18:05 . 2009-03-13 18:05 73728 c:\windows\Installer\{5783F2D7-6001-0409-0002-0060B0CE6BBA}\Acad162_icon.exe
+ 2010-09-18 13:13 . 2010-09-18 13:13 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-01-27 23:11 . 2010-01-27 23:11 25214 c:\windows\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
- 2009-06-05 22:55 . 2009-06-05 22:55 25214 c:\windows\Installer\{194B2FE0-2B17-4DF2-A532-213FDFC87FB9}\NewShortcut4_1.exe
+ 2009-06-05 22:55 . 2010-04-17 15:02 25214 c:\windows\Installer\{194B2FE0-2B17-4DF2-A532-213FDFC87FB9}\NewShortcut4_1.exe
- 2009-06-05 22:55 . 2009-06-05 22:55 40960 c:\windows\Installer\{194B2FE0-2B17-4DF2-A532-213FDFC87FB9}\NewShortcut3.exe
+ 2009-06-05 22:55 . 2010-04-17 15:02 40960 c:\windows\Installer\{194B2FE0-2B17-4DF2-A532-213FDFC87FB9}\NewShortcut3.exe
+ 2009-06-05 22:55 . 2010-04-17 15:02 65536 c:\windows\Installer\{194B2FE0-2B17-4DF2-A532-213FDFC87FB9}\NewShortcut1_1.exe
- 2009-06-05 22:55 . 2009-06-05 22:55 65536 c:\windows\Installer\{194B2FE0-2B17-4DF2-A532-213FDFC87FB9}\NewShortcut1_1.exe
+ 2009-06-05 22:55 . 2010-04-17 15:02 65536 c:\windows\Installer\{194B2FE0-2B17-4DF2-A532-213FDFC87FB9}\DocumentsToGo.exe
- 2009-06-05 22:55 . 2009-06-05 22:55 65536 c:\windows\Installer\{194B2FE0-2B17-4DF2-A532-213FDFC87FB9}\DocumentsToGo.exe
+ 2009-06-05 22:55 . 2010-04-17 15:02 65536 c:\windows\Installer\{194B2FE0-2B17-4DF2-A532-213FDFC87FB9}\DesktopDocsToGo.exe
- 2009-06-05 22:55 . 2009-06-05 22:55 65536 c:\windows\Installer\{194B2FE0-2B17-4DF2-A532-213FDFC87FB9}\DesktopDocsToGo.exe
- 2009-06-05 22:55 . 2009-06-05 22:55 25214 c:\windows\Installer\{194B2FE0-2B17-4DF2-A532-213FDFC87FB9}\ARPPRODUCTICON.exe
+ 2009-06-05 22:55 . 2010-04-17 15:02 25214 c:\windows\Installer\{194B2FE0-2B17-4DF2-A532-213FDFC87FB9}\ARPPRODUCTICON.exe
+ 2010-04-15 09:31 . 2010-04-15 09:31 25214 c:\windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2011-06-23 10:53 . 2011-06-23 10:53 53248 c:\windows\assembly\tmp\1AHOU18E\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2010-11-23 02:26 . 2010-11-23 02:26 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\b56a80a51f412ce3832eddecb9bf1580\UIAutomationProvider.ni.dll
+ 2010-11-23 03:00 . 2010-11-23 03:00 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\c0ed04db7c18a6c59eddfc18e40e0fb3\System.Windows.Presentation.ni.dll
+ 2010-11-23 02:58 . 2010-11-23 02:58 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\089fd08b7e00981f59306855ea5065e0\System.Web.ApplicationServices.ni.dll
+ 2010-11-23 02:57 . 2010-11-23 02:57 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\eeae22dcbdfe5fbe6ee7aa8810c8d330\System.ServiceModel.Channels.ni.dll
+ 2010-11-23 02:36 . 2010-11-23 02:36 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\52895ca79afea8292b54f053322cff36\System.AddIn.Contract.ni.dll
+ 2010-11-23 02:18 . 2010-11-23 02:18 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\8974f2d78277786a0b4e84f1127a75c0\Microsoft.VisualC.ni.dll
+ 2010-11-22 22:03 . 2010-11-22 22:03 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\46c8b155e6fcd5696ffa15a67824ebab\Accessibility.ni.dll
+ 2011-04-02 23:52 . 2006-10-04 14:05 39424 c:\windows\AppPatch\acadproc.dll
+ 2011-04-02 23:46 . 2006-09-28 17:01 58368 c:\windows\$NtUninstallWudf01000$\spuninst\WudfCustom.dll
+ 2011-04-02 23:48 . 2004-08-04 01:07 23552 c:\windows\$NtUninstallWMFDist11$\wmdmps.dll
+ 2011-04-02 23:48 . 2004-08-04 01:07 27136 c:\windows\$NtUninstallWMFDist11$\wmdmlog.dll
+ 2011-04-02 23:48 . 2006-11-02 09:46 13312 c:\windows\$NtUninstallWMFDist11$\spuninst\wpdinstallutil.dll
+ 2011-04-02 23:48 . 2004-08-04 01:07 52224 c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
+ 2011-06-22 22:47 . 2005-05-04 12:45 15360 c:\windows\$NtUninstallKB942288-v3$\msisip.dll
+ 2011-06-22 22:47 . 2005-05-04 12:45 78848 c:\windows\$NtUninstallKB942288-v3$\msiexec.exe
+ 2004-08-04 01:07 . 2006-10-18 19:47 4096 c:\windows\system32\wmvdmoe2.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 4096 c:\windows\system32\wmvdmod.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 4096 c:\windows\system32\WMVADVE.DLL
+ 2006-10-18 19:47 . 2006-10-18 19:47 4096 c:\windows\system32\WMVADVD.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 4096 c:\windows\system32\wmsdmoe2.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 4096 c:\windows\system32\wmsdmod.dll
+ 2006-10-18 19:58 . 2006-10-18 19:58 8704 c:\windows\system32\wdfmgr.exe
+ 2006-10-18 19:47 . 2006-10-18 19:47 4096 c:\windows\system32\wdfapi.dll
+ 2006-10-18 19:58 . 2006-10-18 19:58 8704 c:\windows\system32\uwdf.exe
+ 2010-05-17 23:29 . 2010-05-17 23:29 8704 c:\windows\system32\SpOrder.dll
+ 2004-08-04 01:07 . 2008-04-16 23:43 2560 c:\windows\system32\msimsg.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 4096 c:\windows\system32\MPG4DMOD.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 4096 c:\windows\system32\MP4SDMOD.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 4096 c:\windows\system32\MP43DMOD.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 4096 c:\windows\system32\dllcache\wmvdmoe2.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 4096 c:\windows\system32\dllcache\wmvdmod.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 4096 c:\windows\system32\dllcache\wmsdmoe2.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 4096 c:\windows\system32\dllcache\wmsdmod.dll
+ 2004-08-04 01:07 . 2008-04-16 23:43 2560 c:\windows\system32\dllcache\msimsg.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 4096 c:\windows\system32\dllcache\MPG4DMOD.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 4096 c:\windows\system32\dllcache\MP4SDMOD.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 4096 c:\windows\system32\dllcache\MP43DMOD.dll
+ 2010-05-05 14:07 . 2010-05-05 14:07 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 8536 c:\windows\Microsoft.NET\NETFXRepair.3082.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 8536 c:\windows\Microsoft.NET\NETFXRepair.3076.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 8536 c:\windows\Microsoft.NET\NETFXRepair.2070.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 8024 c:\windows\Microsoft.NET\NETFXRepair.2052.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1055.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1053.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1049.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1046.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1045.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1044.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1043.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1042.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1041.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1040.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1038.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1037.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1036.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1035.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1033.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1032.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1031.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1030.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1029.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 8024 c:\windows\Microsoft.NET\NETFXRepair.1028.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1025.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 8032 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelRegUI.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 8040 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelInstallRC.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 8032 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll
+ 2010-11-23 02:13 . 2010-11-23 02:13 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\332105a018674f583e57c47e643a742d\dfsvc.ni.exe
+ 2011-04-02 23:48 . 2004-08-04 01:07 6656 c:\windows\$NtUninstallWMFDist11$\laprxy.dll
+ 2010-11-22 21:29 . 2010-11-22 21:29 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
+ 2010-11-22 21:29 . 2010-11-22 21:29 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2006-09-28 16:56 . 2006-09-28 16:56 316416 c:\windows\system32\WUDFx.dll
+ 2006-09-28 16:56 . 2006-09-28 16:56 165376 c:\windows\system32\WudfPlatform.dll
+ 2006-09-28 16:56 . 2006-09-28 16:56 146432 c:\windows\system32\WudfHost.exe
+ 2006-10-18 19:47 . 2006-10-18 19:47 356352 c:\windows\system32\wpdsp.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 133632 c:\windows\system32\WPDShServiceObj.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 154624 c:\windows\system32\wpdmtp.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 629760 c:\windows\system32\wpd_ci.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 656896 c:\windows\system32\WMVXENCD.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 767488 c:\windows\system32\WMVSENCD.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 603648 c:\windows\system32\WMSPDMOD.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 937984 c:\windows\system32\wmnetmgr.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 157184 c:\windows\system32\wmidx.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 535040 c:\windows\system32\wmdrmsdk.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 348672 c:\windows\system32\wmdrmnet.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 429056 c:\windows\system32\wmdrmdev.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 222208 c:\windows\system32\wmasf.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 757248 c:\windows\system32\wmadmod.dll
+ 2010-03-18 09:09 . 2010-03-18 09:09 158048 c:\windows\system32\UIAutomationCore.dll
+ 2006-08-24 15:15 . 2006-08-24 15:15 150808 c:\windows\system32\rgb9rast_2.dll
+ 2010-03-18 09:09 . 2010-03-18 09:09 295264 c:\windows\system32\PresentationHost.exe
+ 2006-10-18 19:47 . 2006-10-18 19:47 199168 c:\windows\system32\PortableDeviceWMDRM.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 132096 c:\windows\system32\PortableDeviceWiaCompat.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 166912 c:\windows\system32\PortableDeviceTypes.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 101888 c:\windows\system32\PortableDeviceClassExtension.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 284160 c:\windows\system32\PortableDeviceApi.dll
+ 2001-08-23 13:00 . 2011-03-27 16:43 449882 c:\windows\system32\perfh009.dat
+ 2004-08-04 01:07 . 2006-10-18 19:47 321536 c:\windows\system32\mswmdm.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 771424 c:\windows\system32\msvcr100_clr0400.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 414208 c:\windows\system32\msscp.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 175616 c:\windows\system32\mspmsp.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 179712 c:\windows\system32\msnetobj.dll
+ 2004-08-04 01:07 . 2008-05-19 04:33 332800 c:\windows\system32\msihnd.dll
+ 2006-10-02 13:28 . 2006-10-02 13:28 312128 c:\windows\system32\msdelta.dll
+ 2009-09-23 23:30 . 2009-09-23 23:30 156488 c:\windows\system32\mscorier.dll
+ 2010-03-18 09:09 . 2010-03-18 09:09 297808 c:\windows\system32\mscoree.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 259072 c:\windows\system32\MPG4DECD.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 317440 c:\windows\system32\MP4SDECD.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 259072 c:\windows\system32\MP43DECD.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 212992 c:\windows\system32\MFPLAT.dll
+ 2011-08-20 02:36 . 2011-08-20 02:36 243360 c:\windows\system32\Macromed\Flash\FlashUtil10v_Plugin.exe
+ 2010-09-23 01:33 . 2010-09-23 01:33 232912 c:\windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe
+ 2010-09-23 01:33 . 2010-09-23 01:33 311760 c:\windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.dll
+ 2004-08-04 01:07 . 2006-10-18 18:03 100864 c:\windows\system32\logagent.exe
+ 2011-03-01 22:35 . 2011-02-02 20:40 157472 c:\windows\system32\javaws.exe
+ 2011-03-01 22:35 . 2011-02-02 20:40 145184 c:\windows\system32\javaw.exe
+ 2011-03-01 22:35 . 2011-02-02 20:40 145184 c:\windows\system32\java.exe
+ 2010-03-18 12:16 . 2010-03-18 12:16 486216 c:\windows\system32\evr.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 991744 c:\windows\system32\drmv2clt.dll
+ 2006-10-18 18:00 . 2006-10-18 18:00 249856 c:\windows\system32\drmupgds.exe
+ 2006-10-18 19:47 . 2006-10-18 19:47 671232 c:\windows\system32\drivers\UMDF\wpdmtpdr.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 603648 c:\windows\system32\dllcache\WMSPDMOD.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 937984 c:\windows\system32\dllcache\wmnetmgr.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 157184 c:\windows\system32\dllcache\wmidx.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 222208 c:\windows\system32\dllcache\wmasf.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 757248 c:\windows\system32\dllcache\wmadmod.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 211456 c:\windows\system32\dllcache\qasf.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 321536 c:\windows\system32\dllcache\mswmdm.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 414208 c:\windows\system32\dllcache\msscp.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 175616 c:\windows\system32\dllcache\mspmsp.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 179712 c:\windows\system32\dllcache\msnetobj.dll
+ 2004-08-04 01:07 . 2008-05-19 04:33 332800 c:\windows\system32\dllcache\msihnd.dll
+ 2004-08-04 01:07 . 2006-10-18 18:03 100864 c:\windows\system32\dllcache\logagent.exe
+ 2004-08-04 01:07 . 2006-10-18 19:47 991744 c:\windows\system32\dllcache\drmv2clt.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 229376 c:\windows\system32\dllcache\cewmdm.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 542720 c:\windows\system32\dllcache\blackbox.dll
+ 2010-06-30 05:26 . 2011-02-02 20:40 472808 c:\windows\system32\deployJava1.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 229376 c:\windows\system32\cewmdm.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 542720 c:\windows\system32\blackbox.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 276992 c:\windows\system32\audiodev.dll
+ 2010-04-29 10:11 . 2010-04-29 10:11 136568 c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 2010-05-05 14:05 . 2010-05-05 14:05 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2010-05-05 14:36 . 2010-05-05 14:36 467224 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1157609.exe
+ 2010-05-05 14:08 . 2010-05-05 14:08 446464 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2010-05-05 14:06 . 2010-05-05 14:06 372736 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2010-04-29 10:11 . 2010-04-29 10:11 753152 c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2010-05-05 14:05 . 2010-05-05 14:05 503808 c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2010-05-05 14:37 . 2010-05-05 14:37 213272 c:\windows\system32\Adobe\Director\SwDir.dll
+ 2010-05-05 14:07 . 2010-05-05 14:07 131072 c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 114520 c:\windows\Microsoft.NET\NETFXRepair.exe
+ 2010-03-18 12:16 . 2010-03-18 12:16 915800 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpftxt_v0400.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 753504 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
+ 2010-03-18 12:16 . 2010-03-18 12:16 350592 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationClientsideProviders.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 163168 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationClient.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 675672 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Speech.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 334688 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Printing.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 581464 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\ReachFramework.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 832856 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationUI.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 801136 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 181096 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationHost_v0400.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 194424 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Royale.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 478576 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Luna.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 167288 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Classic.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 232304 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Aero.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 807264 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\NaturalLanguage6.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 138592 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Linq.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 699224 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Xaml.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 857960 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Services.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 269672 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Transactions.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 113512 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceProcess.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 129912 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Routing.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 390008 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Discovery.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 505208 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Activities.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 261472 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Security.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 122264 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 291184 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Remoting.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 349568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.DurableInstancing.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 231760 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Net.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 253280 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Messaging.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 134528 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Management.Instrumentation.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 378720 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Management.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 123736 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.IO.Log.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 125816 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.Selectors.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 392552 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.dll
+ 2010-03-17 23:51 . 2010-03-17 23:51 109568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.Wrapper.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 246128 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 120152 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Dynamic.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 607064 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 182144 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.Protocols.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 395120 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 285072 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.AccountManagement.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 829280 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Deployment.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 747360 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.SqlXml.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 436600 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Services.Client.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 683872 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Linq.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 409448 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.configuration.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 210816 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.Composition.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 149848 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 122248 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.DurableInstancing.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 525704 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.Core.Presentation.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 112976 c:\windows\Microsoft.NET\Framework\v4.0.30319\sysglobl.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 124240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
+ 2009-08-31 10:44 . 2009-08-31 10:44 144416 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\sqmapi.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 295248 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupUi.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 807256 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupEngine.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 173920 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
+ 2010-03-18 12:16 . 2010-03-18 12:16 121688 c:\windows\Microsoft.NET\Framework\v4.0.30319\PerfCounter.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 150856 c:\windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
+ 2010-03-18 12:16 . 2010-03-18 12:16 130384 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
+ 2010-03-18 12:16 . 2010-03-18 12:16 335184 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 110936 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsecimpl.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 372048 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 145752 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorpehost.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 413008 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 955728 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 661352 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 349576 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Compatibility.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 170368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Transactions.Bridge.Dtc.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 387960 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Transactions.Bridge.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 746336 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.JScript.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 505184 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.CSharp.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 794464 c:\windows\Microsoft.NET\Framework\v4.0.30319\EventLogMessages.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 688472 c:\windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 129880 c:\windows\Microsoft.NET\Framework\v4.0.30319\CORPerfMonExt.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 105808 c:\windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
+ 2010-03-18 12:16 . 2010-03-18 12:16 105288 c:\windows\Microsoft.NET\Framework\v4.0.30319\alink.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 139088 c:\windows\Microsoft.NET\Framework\v4.0.30319\AdoNetDiag.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 255304 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\vbc7ui.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 255896 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\Microsoft.VisualBasic.Activities.CompilerUI.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 182088 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\cscui.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2010-11-22 21:29 . 2010-11-22 21:29 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2010-11-22 21:29 . 2010-11-22 21:29 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-11-22 21:29 . 2010-11-22 21:29 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2010-11-22 21:29 . 2010-11-22 21:29 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2010-11-22 21:29 . 2010-11-22 21:29 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-11-22 21:29 . 2010-11-22 21:29 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-11-22 21:29 . 2010-11-22 21:29 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-11-22 21:29 . 2010-11-22 21:29 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2010-11-22 21:29 . 2010-11-22 21:29 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-11-22 21:29 . 2010-11-22 21:29 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2010-11-22 21:29 . 2010-11-22 21:29 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-11-22 21:29 . 2010-11-22 21:29 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2010-11-22 21:29 . 2010-11-22 21:29 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2010-11-22 21:29 . 2010-11-22 21:29 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2010-11-22 21:29 . 2010-11-22 21:29 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2010-11-22 21:29 . 2010-11-22 21:29 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-11-22 21:29 . 2010-11-22 21:29 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2010-11-22 21:29 . 2010-11-22 21:29 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-11-22 21:29 . 2010-11-22 21:29 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2010-06-21 23:42 . 2010-06-21 23:42 219648 c:\windows\Installer\1a8d17.msi
+ 2011-03-01 22:35 . 2011-03-01 22:35 180224 c:\windows\Installer\126d56d9.msi
+ 2010-10-29 01:49 . 2010-10-29 01:49 677376 c:\windows\Installer\11363621.msi
+ 2011-01-21 20:06 . 2011-01-21 20:06 429056 c:\windows\Installer\100ef8f8.msi
+ 2011-01-21 20:05 . 2011-01-21 20:05 149504 c:\windows\Installer\100ef8b7.msi
+ 2011-06-17 23:36 . 2011-06-17 23:36 295606 c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A83000000003}\SC_Reader.exe
+ 2010-12-21 19:07 . 2010-12-21 19:07 102400 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
+ 2007-02-12 06:06 . 2007-02-12 06:06 304744 c:\windows\Installer\{5783F2D7-6001-0409-0002-0060B0CE6BBA}\InstRes.dll
- 2007-02-12 07:06 . 2007-02-12 07:06 304744 c:\windows\Installer\{5783F2D7-6001-0409-0002-0060B0CE6BBA}\InstRes.dll
- 2007-02-12 07:06 . 2007-02-12 07:06 267880 c:\windows\Installer\{5783F2D7-6001-0409-0002-0060B0CE6BBA}\InstBasicUI.dll
+ 2007-02-12 06:06 . 2007-02-12 06:06 267880 c:\windows\Installer\{5783F2D7-6001-0409-0002-0060B0CE6BBA}\InstBasicUI.dll
+ 2011-05-31 16:57 . 2011-05-31 16:57 371272 c:\windows\Installer\{5335DADB-34BA-4AE8-A519-648D78498846}\SkypeIcon.exe
+ 2010-11-23 03:00 . 2010-11-23 03:00 245760 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\bf56bd4e9996950950b4685dac7f2156\WindowsFormsIntegration.ni.dll
+ 2010-11-23 02:26 . 2010-11-23 02:26 195584 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\bbd68c1c06eb762bedb74bc73dc9a414\UIAutomationTypes.ni.dll
+ 2010-11-23 03:00 . 2010-11-23 03:00 481792 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\00798a39f87603ae67392c44f85b1957\UIAutomationClient.ni.dll
+ 2010-11-23 02:22 . 2010-11-23 02:22 391680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\0a5fb7acbda333f46ef269b56b063562\System.Xml.Linq.ni.dll
+ 2010-11-23 02:26 . 2010-11-23 02:26 187904 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\3a3e9feefb5fb9724cd7867a35d69cdf\System.Windows.Input.Manipulations.ni.dll
+ 2010-11-23 02:24 . 2010-11-23 02:24 645632 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\40ab9da3eafd6bd1cbc6695ba406975a\System.Transactions.ni.dll
+ 2010-11-23 02:58 . 2010-11-23 02:58 220672 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\3f1613bcf5b9cf536359bfff7bd18a5a\System.ServiceProcess.ni.dll
+ 2010-11-23 02:57 . 2010-11-23 02:57 365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\82ed1ab8f0885159082e80a036ff644b\System.ServiceModel.Routing.ni.dll
+ 2010-11-22 21:35 . 2010-11-22 21:35 721920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\0f2c177d8261d29f86d89095eef16727\System.Security.ni.dll
+ 2010-11-23 02:25 . 2010-11-23 02:25 310272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\894d864ff8eeb97fad09797d33a06d83\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-11-23 02:25 . 2010-11-23 02:25 758784 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b095af4c06f82361e8be3ec0e6347cc3\System.Runtime.Remoting.ni.dll
+ 2010-11-22 21:35 . 2010-11-22 21:35 144896 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\be70c34efd115166a2710acac3346bfa\System.Numerics.ni.dll
+ 2010-11-23 02:52 . 2010-11-23 02:52 651264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\6826a32db8001b220cdd0d6e58aa465a\System.Net.ni.dll
+ 2010-11-23 02:52 . 2010-11-23 02:52 625152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\291408f3000e5c3cf1b37a19fe92805d\System.Messaging.ni.dll
+ 2010-11-23 02:51 . 2010-11-23 02:51 392704 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\9d6d586577a11ea9a64a425ef3c71908\System.Management.Instrumentation.ni.dll
+ 2010-11-23 02:51 . 2010-11-23 02:51 405504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\f7cf3d2a43d81edd5f92789f6f3ee35c\System.IO.Log.ni.dll
+ 2010-11-23 02:51 . 2010-11-23 02:51 228352 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\9959125c968b7f2c43c656e1393b35ad\System.IdentityModel.Selectors.ni.dll
+ 2010-11-23 02:24 . 2010-11-23 02:24 230912 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\fd54d0f2f9e59c87b568b9abc23d7cdf\System.EnterpriseServices.Wrapper.dll
+ 2010-11-23 02:24 . 2010-11-23 02:24 784896 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\fd54d0f2f9e59c87b568b9abc23d7cdf\System.EnterpriseServices.ni.dll
+ 2010-11-22 21:35 . 2010-11-22 21:35 373248 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\026f06d9cc11f8e4bce87765d35feee5\System.Dynamic.ni.dll
+ 2010-11-23 02:50 . 2010-11-23 02:50 911872 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\ee2d12ef14e9b70fac2f6d27146f2fe5\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-11-23 02:50 . 2010-11-23 02:50 461824 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\6f3b1d1d489ab511340848400b89f056\System.DirectoryServices.Protocols.ni.dll
+ 2010-11-23 02:50 . 2010-11-23 02:50 112128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\27cf40470d358fe4a57e502a8350353d\System.Device.ni.dll
+ 2010-11-23 02:37 . 2010-11-23 02:37 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\4d3fc0529d8089c7c0d611f5dd452bba\System.Data.DataSetExtensions.ni.dll
+ 2010-11-22 21:34 . 2010-11-22 21:34 973312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ac2cd19f2159d48684e17cbdecfaa3b7\System.Configuration.ni.dll
+ 2010-11-23 02:37 . 2010-11-23 02:37 145920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\95d48fd5985ea45686feb0bf3dd48965\System.Configuration.Install.ni.dll
+ 2010-11-22 21:32 . 2010-11-22 21:32 690176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\ea21918644eb5bcc678bd72c4c7564a8\System.ComponentModel.Composition.ni.dll
+ 2010-11-23 02:36 . 2010-11-23 02:36 193536 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\d09724ed63bd50523934132c98f15fef\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-11-23 02:36 . 2010-11-23 02:36 613888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\d8081c7946511948a128a77803f0985f\System.AddIn.ni.dll
+ 2010-11-23 02:32 . 2010-11-23 02:32 402944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\04bf5714cef2ce3fc97d55c9843b36f0\System.Activities.DurableInstancing.ni.dll
+ 2010-11-23 02:13 . 2010-11-23 02:13 316928 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\49e65c90ae6199360d5ec36ff8ed04d5\SMSvcHost.ni.exe
+ 2010-11-23 02:23 . 2010-11-23 02:23 142336 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\b420437eca1d1aec1a8bf23cc5173661\SMDiagnostics.ni.dll
+ 2010-11-22 21:33 . 2010-11-22 21:33 450048 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b4e58d1a3e0ee75b6b107585c92c68e8\PresentationFramework.Aero.ni.dll
+ 2010-11-22 21:33 . 2010-11-22 21:33 327168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\6db66420e529cf49087d9809fc19d4b3\PresentationFramework.Royale.ni.dll
+ 2010-11-22 21:32 . 2010-11-22 21:32 283648 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\340df2dd99f470883c9a7834a1533f8a\PresentationFramework.Classic.ni.dll
+ 2010-11-22 21:33 . 2010-11-22 21:33 656896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\054df232cc5c718f35a9808007c053d1\PresentationFramework.Luna.ni.dll
+ 2010-11-23 02:18 . 2010-11-23 02:18 302080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\8748b9252024e0666d932b19a9b008cf\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2010-11-23 02:15 . 2010-11-23 02:15 418304 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\6a557c74c85034c1dd514949e7d2e159\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-11-23 02:14 . 2010-11-23 02:14 193024 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\da19e7188e9253fd383e8149b960e102\CustomMarshalers.ni.dll
- 2009-03-13 18:01 . 2009-03-13 18:01 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2011-06-23 10:53 . 2011-06-23 10:53 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2011-04-02 23:46 . 2006-09-15 23:05 379184 c:\windows\$NtUninstallWudf01000$\spuninst\updspapi.dll
+ 2011-04-02 23:46 . 2006-09-15 23:05 221488 c:\windows\$NtUninstallWudf01000$\spuninst\spuninst.exe
+ 2011-04-02 23:48 . 2004-08-04 01:07 809984 c:\windows\$NtUninstallWMFDist11$\wmvdmod.dll
+ 2011-04-02 23:48 . 2004-08-04 01:07 896512 c:\windows\$NtUninstallWMFDist11$\wmspdmoe.dll
+ 2011-04-02 23:48 . 2004-08-04 01:07 484864 c:\windows\$NtUninstallWMFDist11$\wmspdmod.dll
+ 2011-04-02 23:48 . 2004-08-04 01:07 759296 c:\windows\$NtUninstallWMFDist11$\wmsdmod.dll
+ 2011-04-02 23:48 . 2004-08-04 01:07 151552 c:\windows\$NtUninstallWMFDist11$\wmidx.dll
+ 2011-04-02 23:48 . 2007-10-27 15:39 230912 c:\windows\$NtUninstallWMFDist11$\wmasf.dll
+ 2011-04-02 23:48 . 2004-08-04 01:07 670720 c:\windows\$NtUninstallWMFDist11$\wmadmoe.dll
+ 2011-04-02 23:48 . 2004-08-04 01:07 408064 c:\windows\$NtUninstallWMFDist11$\wmadmod.dll
+ 2011-04-02 23:48 . 2006-05-16 16:11 371424 c:\windows\$NtUninstallWMFDist11$\spuninst\updspapi.dll
+ 2011-04-02 23:48 . 2006-05-16 16:11 213216 c:\windows\$NtUninstallWMFDist11$\spuninst\spuninst.exe
+ 2011-04-02 23:48 . 2004-08-04 01:07 237568 c:\windows\$NtUninstallWMFDist11$\qasf.dll
+ 2011-04-02 23:48 . 2004-08-04 01:07 245760 c:\windows\$NtUninstallWMFDist11$\mswmdm.dll
+ 2011-04-02 23:48 . 2004-08-04 01:07 356352 c:\windows\$NtUninstallWMFDist11$\msscp.dll
+ 2011-04-02 23:48 . 2004-08-04 01:07 201728 c:\windows\$NtUninstallWMFDist11$\mspmsp.dll
+ 2011-04-02 23:48 . 2004-08-04 01:07 259072 c:\windows\$NtUninstallWMFDist11$\msnetobj.dll
+ 2011-04-02 23:48 . 2004-08-04 01:07 240640 c:\windows\$NtUninstallWMFDist11$\mpg4dmod.dll
+ 2011-04-02 23:48 . 2004-08-04 01:07 384512 c:\windows\$NtUninstallWMFDist11$\mp4sdmod.dll
+ 2011-04-02 23:48 . 2004-08-04 01:07 310272 c:\windows\$NtUninstallWMFDist11$\mp43dmod.dll
+ 2011-04-02 23:48 . 2004-08-04 01:07 103936 c:\windows\$NtUninstallWMFDist11$\logagent.exe
+ 2011-04-02 23:48 . 2004-08-04 01:07 695296 c:\windows\$NtUninstallWMFDist11$\drmv2clt.dll
+ 2011-04-02 23:48 . 2004-08-04 01:07 159232 c:\windows\$NtUninstallWMFDist11$\cewmdm.dll
+ 2011-04-02 23:48 . 2004-08-04 01:07 286208 c:\windows\$NtUninstallWMFDist11$\blackbox.dll
+ 2011-04-02 23:52 . 2006-09-25 15:58 379184 c:\windows\$NtUninstallMSCompPackV1$\spuninst\updspapi.dll
+ 2011-04-02 23:52 . 2006-09-25 15:58 221488 c:\windows\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe
+ 2011-06-22 22:47 . 2007-11-30 03:39 382840 c:\windows\$NtUninstallKB942288-v3$\spuninst\updspapi.dll
+ 2011-06-22 22:47 . 2007-11-30 03:39 231288 c:\windows\$NtUninstallKB942288-v3$\spuninst\spuninst.exe
+ 2011-06-22 22:47 . 2005-05-04 12:45 884736 c:\windows\$NtUninstallKB942288-v3$\msimsg.dll
+ 2011-06-22 22:47 . 2005-05-04 12:45 271360 c:\windows\$NtUninstallKB942288-v3$\msihnd.dll
+ 2011-04-02 23:52 . 2005-10-12 23:12 371424 c:\windows\$NtUninstallKB926239$\spuninst\updspapi.dll
+ 2011-04-02 23:52 . 2005-10-12 23:12 213216 c:\windows\$NtUninstallKB926239$\spuninst\spuninst.exe
+ 2009-07-11 22:02 . 2009-07-11 22:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 2603008 c:\windows\system32\WpdShext.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 1382912 c:\windows\system32\WMVSDECD.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 1574912 c:\windows\system32\WMVENCOD.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 1543680 c:\windows\system32\WMVDECOD.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 2450944 c:\windows\system32\wmvcore.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 1329152 c:\windows\system32\WMSPDMOE.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 1117696 c:\windows\system32\WMADMOE.dll
+ 2004-08-04 01:07 . 2008-05-19 04:33 4445184 c:\windows\system32\msi.dll
+ 2010-01-27 01:07 . 2011-08-20 02:36 6277280 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2007-07-21 13:06 . 2011-06-23 23:02 1651712 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-04 01:07 . 2006-10-18 19:47 2450944 c:\windows\system32\dllcache\wmvcore.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 1329152 c:\windows\system32\dllcache\WMSPDMOE.dll
+ 2004-08-04 01:07 . 2006-10-18 19:47 1117696 c:\windows\system32\dllcache\WMADMOE.dll
+ 2004-08-04 01:07 . 2008-05-19 04:33 4445184 c:\windows\system32\dllcache\msi.dll
+ 2009-11-11 19:06 . 2009-11-11 19:06 1130824 c:\windows\system32\dfshim.dll
+ 2010-05-05 13:40 . 2010-05-05 13:40 1011712 c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2010-04-29 10:11 . 2010-04-29 10:11 1975408 c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2010-05-05 13:44 . 2010-05-05 13:44 1798144 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 1663320 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 1303896 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsBase.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 6346600 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 3545952 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationCore.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 2650464 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\NlsLexicons0009.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 4881752 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\NlsData0009.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 2199880 c:\windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
+ 2010-03-18 12:16 . 2010-03-18 12:16 2207568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.XML.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 4982120 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 1711496 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.DataVisualization.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 6067048 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 1026936 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 3481928 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 4464480 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Entity.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 2970968 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 1339736 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 1462648 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.Presentation.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 1199968 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.dll
+ 2010-03-18 20:26 . 2010-03-18 20:26 1163264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\netfx_core_x86.msi
+ 2010-03-18 12:16 . 2010-03-18 12:16 5196112 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 1141592 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 2989456 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2010-03-18 12:16 . 2010-03-18 12:16 1972552 c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
+ 2010-03-18 12:16 . 2010-03-18 12:16 6730056 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2010-11-22 21:29 . 2010-11-22 21:29 3481928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2010-11-22 21:29 . 2010-11-22 21:29 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-11-22 21:29 . 2010-11-22 21:29 4982120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-11-22 21:29 . 2010-11-22 21:29 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2010-11-22 21:29 . 2010-11-22 21:29 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2010-11-22 21:29 . 2010-11-22 21:29 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2010-11-22 21:29 . 2010-11-22 21:29 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-11-22 21:29 . 2010-11-22 21:29 5196112 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2010-11-22 21:30 . 2010-11-22 21:30 1160192 c:\windows\Installer\950a8c.msi
+ 2010-04-17 15:02 . 2010-04-17 15:02 5686272 c:\windows\Installer\1dd01e89.msi
+ 2011-06-23 10:57 . 2011-06-23 10:57 5058560 c:\windows\Installer\1d434721.msi
+ 2011-06-23 10:52 . 2011-06-23 10:52 3954176 c:\windows\Installer\1d4346a3.msi
+ 2010-12-21 19:07 . 2010-12-21 19:07 2086912 c:\windows\Installer\18f017c.msi
+ 2011-06-02 03:47 . 2011-06-02 03:47 1529344 c:\windows\Installer\17e461b9.msi
+ 2010-12-21 18:00 . 2010-12-21 18:00 1093632 c:\windows\Installer\1523e58.msi
+ 2011-06-17 23:36 . 2011-06-17 23:36 4272128 c:\windows\Installer\1158896.msi
+ 2011-05-31 16:57 . 2011-05-31 16:57 1587200 c:\windows\Installer\106b6280.msi
+ 2010-11-22 21:32 . 2010-11-22 21:32 3779072 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\f1f3a74eb37b27b7d05b8ffa941f8473\WindowsBase.ni.dll
+ 2010-11-23 03:00 . 2010-11-23 03:00 1055744 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\f307842a5d932b4c92a71a1b77d1148b\UIAutomationClientsideProviders.ni.dll
+ 2010-11-22 21:32 . 2010-11-22 21:32 9000960 c:\windows\assembly\NativeImages_v4.0.30319_32\System\161c6f80ad93b0505054d244f1c6243c\System.ni.dll
+ 2010-11-22 21:33 . 2010-11-22 21:33 5571584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2d7c29ad77c15abfa6a8fe6d24840a91\System.Xml.ni.dll
+ 2010-11-23 02:21 . 2010-11-23 02:21 1776640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d85a3d6ed5bb77f5603e098cccf60bfa\System.Xaml.ni.dll
+ 2010-11-23 02:59 . 2010-11-23 02:59 4496384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\7775d84ce45d39ac5eede2ba5e966a8a\System.Windows.Forms.DataVisualization.ni.dll
+ 2010-11-23 02:59 . 2010-11-23 02:59 1828352 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\90550903efefcbf634ee236b6fde4d0a\System.Web.Services.ni.dll
+ 2010-11-23 02:58 . 2010-11-23 02:58 1992192 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\e59f0799f4351c001f2e4b72064df5de\System.Speech.ni.dll
+ 2010-11-23 02:57 . 2010-11-23 02:57 1388032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\67c54ed5743b27d8e8570a7688de93ae\System.ServiceModel.Activities.ni.dll
+ 2010-11-23 02:57 . 2010-11-23 02:57 1127424 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\589e9eded9e383f4b7dfa4c66aa5c9bf\System.ServiceModel.Discovery.ni.dll
+ 2010-11-23 02:23 . 2010-11-23 02:23 2625024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\30ed505f7ea7d6139128d4a6d9981dc0\System.Runtime.Serialization.ni.dll
+ 2010-11-23 02:24 . 2010-11-23 02:24 1011200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\591cc2015a0165ede73d3e6770e0e7c2\System.Runtime.DurableInstancing.ni.dll
+ 2010-11-23 02:27 . 2010-11-23 02:27 1047040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\40125e5383c4af4d0b7a23e2d52b5112\System.Printing.ni.dll
+ 2010-11-23 02:52 . 2010-11-23 02:52 1159168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\848c4005079e434e04096d683fab1ded\System.Management.ni.dll
+ 2010-11-23 02:51 . 2010-11-23 02:51 1065984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\81558b32b261e911f8f822f1de63fdca\System.IdentityModel.ni.dll
+ 2010-11-22 21:35 . 2010-11-22 21:35 1651200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2fe09cc54a8390b20e380239db34228f\System.Drawing.ni.dll
+ 2010-11-23 02:25 . 2010-11-23 02:25 1151488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\9cf61683cbb57e80828013b2c9024a7e\System.DirectoryServices.ni.dll
+ 2010-11-23 02:26 . 2010-11-23 02:26 1872384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\0778748cd9700240f093adfc5dfc5750\System.Deployment.ni.dll
+ 2010-11-22 21:33 . 2010-11-22 21:33 6754816 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\c12e10c218be4be353975af6abb072d9\System.Data.ni.dll
+ 2010-11-22 21:34 . 2010-11-22 21:34 2538496 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\0da585d97fb80a097bf7cb4c5002c3ac\System.Data.SqlXml.ni.dll
+ 2010-11-23 02:50 . 2010-11-23 02:50 1332736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\b5abc386410cb0b80710bf5b1ca511dc\System.Data.Services.Client.ni.dll
+ 2010-11-22 21:33 . 2010-11-22 21:33 2499072 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\73dd24232790e0e5c2649dde8e65516c\System.Data.Linq.ni.dll
+ 2010-11-22 21:32 . 2010-11-22 21:32 7025664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\85693dfd9ba4905b0fd947fdb51446d5\System.Core.ni.dll
+ 2010-11-23 02:31 . 2010-11-23 02:31 4103168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\1f1416d0bd44f4f4b7b447dd46100cb2\System.Activities.ni.dll
+ 2010-11-23 02:35 . 2010-11-23 02:35 3691520 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\9a80ca1aff58bb8bd4ba68aedbb0b21d\System.Activities.Presentation.ni.dll
+ 2010-11-23 02:32 . 2010-11-23 02:32 1506304 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\c58f64b1cb8226be2d8d65c852dfe2e3\System.Activities.Core.Presentation.ni.dll
+ 2010-11-23 02:28 . 2010-11-23 02:28 2842624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\ea622ab70f67eef23533a326f29c5ed2\ReachFramework.ni.dll
+ 2010-11-23 02:20 . 2010-11-23 02:20 1622528 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\29a210cb0025eec8da18645b52d2e559\PresentationUI.ni.dll
+ 2010-11-23 02:17 . 2010-11-23 02:17 1167872 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\f4e162e7a860c3577fbb3455fc1349a5\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2010-11-23 02:17 . 2010-11-23 02:17 1137664 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\d0694f0467545d1f779c687b3c39ded2\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2010-11-23 02:16 . 2010-11-23 02:16 1819648 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\a571b1efa54d6a35b336fa5b5e624854\Microsoft.VisualBasic.ni.dll
+ 2010-11-23 02:14 . 2010-11-23 02:14 1079808 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\1dc732b2fb25d70b83fa2cab112525f9\Microsoft.Transactions.Bridge.ni.dll
+ 2010-11-23 02:52 . 2010-11-23 02:52 2441728 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\657c944537a05caa1b1f55cffb8aabb9\Microsoft.JScript.ni.dll
+ 2010-11-22 21:34 . 2010-11-22 21:34 1612288 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\597354cf9a5082f5ca1914732fab0892\Microsoft.CSharp.ni.dll
+ 2011-04-02 23:48 . 2005-09-28 13:46 1184984 c:\windows\$NtUninstallWMFDist11$\wvc1dmod.dll
+ 2011-04-02 23:48 . 2004-08-04 01:07 1001472 c:\windows\$NtUninstallWMFDist11$\wmvdmoe2.dll
+ 2011-04-02 23:48 . 2007-10-27 15:37 2109440 c:\windows\$NtUninstallWMFDist11$\wmvcore.dll
+ 2011-04-02 23:48 . 2004-08-04 01:07 1119744 c:\windows\$NtUninstallWMFDist11$\wmsdmoe2.dll
+ 2011-04-02 23:48 . 2004-08-04 01:07 1050624 c:\windows\$NtUninstallWMFDist11$\wmnetmgr.dll
+ 2011-06-22 22:47 . 2007-04-18 16:12 2854400 c:\windows\$NtUninstallKB942288-v3$\msi.dll
+ 2011-03-27 16:45 . 2011-03-27 16:45 20308992 c:\windows\Installer\43cb1.msp
+ 2010-11-22 21:36 . 2010-11-22 21:36 13006336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f3cdd09fc0acc85c7febbd2e2ef9c4e5\System.Windows.Forms.ni.dll
+ 2010-11-23 02:55 . 2010-11-23 02:56 17919488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\40f4f298c3c655b834c73b5046a9cd0b\System.ServiceModel.ni.dll
+ 2010-11-23 02:50 . 2010-11-23 02:50 13273600 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\7afa32d3d9ab340abd33e960a849685c\System.Data.Entity.ni.dll
+ 2010-11-22 21:34 . 2010-11-22 21:34 17629184 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8357ade60159c25ee88db0aab8686e6d\PresentationFramework.ni.dll
+ 2010-11-22 21:32 . 2010-11-22 21:32 11057664 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7a1eeb425f9318f432afead4b2da965a\PresentationCore.ni.dll
+ 2010-11-22 21:31 . 2010-11-22 21:31 14415872 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\4ff1f12a08d455f195ba996fe77497c6\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBitT.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2011-03-28 16:22 176936 ----a-w- c:\program files\BitTorrentBar\prxtbBitT.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBitT.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Device Detector"="DevDetect.exe -autorun" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"nwiz"="nwiz.exe" [2007-12-04 1626112]
"ChangeFilterMerit"="c:\program files\PlayTV DVR\ChangeFilterMerit.exe" [2005-05-17 40960]
"PVRemote"="c:\program files\PlayTV DVR\Remote\PVRemote.exe" [2007-02-13 417792]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-04 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
.
c:\documents and settings\Bozovic\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\palmOne\HOTSYNC.EXE [2004-3-4 299008]
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2008-8-20 19968]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2007-3-23 11000]
DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2009-6-6 24576]
TotalMedia Backup Monitor.lnk - c:\program files\ArcSoft\TotalMedia Backup\uBBMonitor.exe [2011-8-30 331776]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk /k:C /k:D /k:F /k:G *
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Alias SketchBook Snapshot.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Alias SketchBook Snapshot.lnk
backup=c:\windows\pss\Alias SketchBook Snapshot.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher 2.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher 2.lnk
backup=c:\windows\pss\Exif Launcher 2.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-06 22:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-05-27 12:52 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CorelDRAW Graphics Suite 11b]
2003-11-25 11:39 729088 ----a-w- c:\program files\Corel\Corel Graphics 12\Languages\EN\Programs\registration.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
2007-09-25 09:29 2007088 ----a-w- c:\program files\FlashGet\flashget.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
2006-11-28 00:12 2658304 ----a-w- c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
2006-06-27 15:21 1449984 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2007-08-07 00:05 200704 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]
2007-08-23 05:01 450808 ----a-w- c:\program files\Registry Clean Expert\RCHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
2002-02-04 20:32 53248 ------w- c:\program files\REGSHAVE\REGSHAVE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 18:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 13:28 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 00:11 132496 ----a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\LMabcoms.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Documents and Settings\\Bozovic\\Desktop\\utorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
"30301:TCP"= 30301:TCP:30301
"6888:TCP"= 6888:TCP:6888
.
R0 Achernar;Achernar - SCSI Command Filters;c:\windows\system32\drivers\Achernar.sys [25/07/2007 15:30 16855]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [06/04/2008 23:36 5248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [02/03/2011 01:03 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [03/04/2008 00:00 309848]
R1 CXAVSAUD;Prolink 2388x Audio Capture;c:\windows\system32\drivers\pvavsaud.sys [25/07/2007 15:23 9984]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/04/2008 00:00 19544]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 hl_mull;hl_mull;c:\windows\system32\drivers\hl_mull.sys [02/04/2010 21:23 67712]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [21/12/2010 07:07 366640]
R2 PVTUNE;Prolink 2388x Tuner;c:\windows\system32\drivers\pv88tune.sys [25/07/2007 15:23 32896]
R3 Aldebaran;Aldebaran - SCSI Command Filters;c:\windows\system32\drivers\Aldebaran.sys [25/07/2007 15:30 21808]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21/12/2010 07:07 22712]
R3 pvavXBAR;Prolink 2388x AVStream Crossbar;c:\windows\system32\drivers\pvavxbar.sys [25/07/2007 15:23 11776]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\documents and settings\Bozovic\Desktop\VCdRom.sys --> c:\documents and settings\Bozovic\Desktop\VCdRom.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 14:16 130384]
S2 gupdate1c9e1c29e02f02c;Google Update Service (gupdate1c9e1c29e02f02c);c:\program files\Google\Update\GoogleUpdate.exe [31/05/2009 09:37 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [31/05/2009 09:37 133104]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 14:16 753504]
S4 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [06/04/2008 23:36 159616]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-31 07:37]
.
2011-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-31 07:37]
.
2011-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1390067357-725345543-1003Core.job
- c:\documents and settings\Bozovic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-05 09:57]
.
2011-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1390067357-725345543-1003UA.job
- c:\documents and settings\Bozovic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-05 09:57]
.
2011-09-04 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 21:44]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: &Download All with FlashGet - c:\progra~1\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\progra~1\FlashGet\jc_link.htm
IE: &Encyclopedia - http://files.db3nf.com/scripts/ie-e.htm
IE: &WordWeb... - c:\windows\wweb32.dll/lookup.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254 89.216.1.30
FF - ProfilePath - c:\documents and settings\Bozovic\Application Data\Mozilla\Firefox\Profiles\66mg8zs2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&q=
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-avast! - c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-04 09:20
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-448539723-1390067357-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{148FFA9A-28E9-4AE7-4CD0-109FFC55A20D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abhokejgioddemkpidmifkandiconcidho"=hex:61,61,00,00
"bbhokejgioddemkpidlicmjeckoenggjodke"=hex:61,61,00,00
.
[HKEY_LOCAL_MACHINE\software\Xanthic\{EAC0842F-9764-03DD-A0B6-5FFFB48AD6EB}*_]
"fr"="078F587452535F"
"lr"="078F465952535F"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2460)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\bgsvcgen.exe
c:\windows\system32\hasplms.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\WgaTray.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\ACD Systems\EN\DevDetect.exe
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2011-09-04 09:29:29 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-04 07:29
ComboFix2.txt 2010-02-14 01:35
ComboFix3.txt 2010-01-15 19:25
.
Pre-Run: 1,290,219,520 bytes free
Post-Run: 6,713,729,024 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 2E1F0647E44AFDA8213EBE44E630C718

Thank you!

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:39 AM

Posted 08 September 2011 - 05:38 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 Arwen86

Arwen86
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 08 September 2011 - 06:26 PM

Hi,

thanks for your reply. I'm here and waiting for instructions :)

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:39 AM

Posted 08 September 2011 - 06:43 PM

Hi,

Just a few things before we start

The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case BitTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."


You should not be running Combofix without supervision.

Please note: ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for private use. Please read Combofix's Disclaimer.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


The other thing about running Combofix is that people assume it just automatically fixes the machine. This is not the case and there are still entries which we need to deal with.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

RegLockDel::
[HKEY_USERS\S-1-5-21-448539723-1390067357-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{148FFA9A-28E9-4AE7-4CD0-109FFC55A20D}*]

RegLock::
[HKEY_LOCAL_MACHINE\software\Xanthic\{EAC0842F-9764-03DD-A0B6-5FFFB48AD6EB}*_]


Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Posted Image
m0le is a proud member of UNITE

#5 Arwen86

Arwen86
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 11 September 2011 - 05:44 PM

First of all, I would like to apologize for not replying sooner. I either didn't receive the e-mail that the reply has been posted or it got deleted by mistake.

Secondly, if it is any defence I use torrents to download the shows that I am not able to obtain in my country by any other means. I'll read more about the dangers and alternative ways to download things as you suggested.

Last and most important thing, I did what you asked and here's the result:

ComboFix 11-09-11.06 - Bozovic 11/09/2011 23:46:08.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.508 [GMT 2:00]
Running from: c:\documents and settings\Bozovic\Desktop\Programi\ComboFix.exe
Command switches used :: c:\documents and settings\Bozovic\Desktop\Programi\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2011-08-11 to 2011-09-11 )))))))))))))))))))))))))))))))
.
.
2011-08-30 12:56 . 2011-08-30 12:56 -------- d-----w- c:\documents and settings\Bozovic\Local Settings\Application Data\ArcSoft
2011-08-30 12:55 . 2011-08-31 12:57 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2011-08-30 12:54 . 2011-08-30 12:54 -------- d-----w- c:\program files\Common Files\ArcSoft
2011-08-30 12:54 . 2011-08-30 12:54 -------- d-----w- c:\program files\ArcSoft
2011-08-29 07:40 . 2011-08-29 07:40 -------- d-----w- c:\program files\Conduit
2011-08-29 07:40 . 2011-08-29 07:40 -------- d-----w- c:\documents and settings\Bozovic\Local Settings\Application Data\BitTorrentBar
2011-08-29 07:40 . 2011-08-29 07:40 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-08-29 07:40 . 2011-08-29 07:40 -------- d-----w- c:\documents and settings\Bozovic\Local Settings\Application Data\Conduit
2011-08-29 07:39 . 2011-08-29 07:39 -------- d-----w- c:\program files\BitTorrent
2011-08-29 07:38 . 2011-09-04 06:31 -------- d-----w- c:\documents and settings\Bozovic\Application Data\BitTorrent
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-20 02:36 . 2011-05-23 20:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-06 17:52 . 2010-12-21 05:07 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2010-12-21 05:07 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-04 11:43 . 2010-06-30 05:21 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2008-03-29 07:20 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-03-01 23:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2008-04-02 22:00 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2008-03-29 07:20 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2008-03-29 07:20 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2008-03-29 07:20 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2008-03-29 07:20 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2008-03-29 07:20 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2008-04-02 22:00 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-09 10:11 . 2011-05-08 12:49 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-09-04_07.21.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-05 11:58 . 2011-09-05 11:58 16384 c:\windows\Temp\Perflib_Perfdata_1e0.dat
+ 2011-09-09 21:51 . 2011-09-09 21:51 22016 c:\windows\Installer\16b9540f.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBitT.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2011-03-28 16:22 176936 ----a-w- c:\program files\BitTorrentBar\prxtbBitT.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBitT.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Device Detector"="DevDetect.exe -autorun" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"nwiz"="nwiz.exe" [2007-12-04 1626112]
"ChangeFilterMerit"="c:\program files\PlayTV DVR\ChangeFilterMerit.exe" [2005-05-17 40960]
"PVRemote"="c:\program files\PlayTV DVR\Remote\PVRemote.exe" [2007-02-13 417792]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-04 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
.
c:\documents and settings\Bozovic\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\palmOne\HOTSYNC.EXE [2004-3-4 299008]
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2008-8-20 19968]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2007-3-23 11000]
DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2009-6-6 24576]
TotalMedia Backup Monitor.lnk - c:\program files\ArcSoft\TotalMedia Backup\uBBMonitor.exe [2011-8-30 331776]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk /k:C /k:D /k:F /k:G *
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Alias SketchBook Snapshot.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Alias SketchBook Snapshot.lnk
backup=c:\windows\pss\Alias SketchBook Snapshot.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher 2.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher 2.lnk
backup=c:\windows\pss\Exif Launcher 2.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-06 22:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-05-27 12:52 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CorelDRAW Graphics Suite 11b]
2003-11-25 11:39 729088 ----a-w- c:\program files\Corel\Corel Graphics 12\Languages\EN\Programs\registration.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
2007-09-25 09:29 2007088 ----a-w- c:\program files\FlashGet\flashget.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
2006-11-28 00:12 2658304 ----a-w- c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
2006-06-27 15:21 1449984 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2007-08-07 00:05 200704 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]
2007-08-23 05:01 450808 ----a-w- c:\program files\Registry Clean Expert\RCHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
2002-02-04 20:32 53248 ------w- c:\program files\REGSHAVE\REGSHAVE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 18:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 13:28 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 00:11 132496 ----a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\LMabcoms.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Documents and Settings\\Bozovic\\Desktop\\utorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
"30301:TCP"= 30301:TCP:30301
"6888:TCP"= 6888:TCP:6888
.
R0 Achernar;Achernar - SCSI Command Filters;c:\windows\system32\drivers\Achernar.sys [25/07/2007 15:30 16855]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [06/04/2008 23:36 5248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [02/03/2011 01:03 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [03/04/2008 00:00 309848]
R1 CXAVSAUD;Prolink 2388x Audio Capture;c:\windows\system32\drivers\pvavsaud.sys [25/07/2007 15:23 9984]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/04/2008 00:00 19544]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 hl_mull;hl_mull;c:\windows\system32\drivers\hl_mull.sys [02/04/2010 21:23 67712]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [21/12/2010 07:07 366640]
R2 PVTUNE;Prolink 2388x Tuner;c:\windows\system32\drivers\pv88tune.sys [25/07/2007 15:23 32896]
R3 Aldebaran;Aldebaran - SCSI Command Filters;c:\windows\system32\drivers\Aldebaran.sys [25/07/2007 15:30 21808]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21/12/2010 07:07 22712]
R3 pvavXBAR;Prolink 2388x AVStream Crossbar;c:\windows\system32\drivers\pvavxbar.sys [25/07/2007 15:23 11776]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\documents and settings\Bozovic\Desktop\VCdRom.sys --> c:\documents and settings\Bozovic\Desktop\VCdRom.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 14:16 130384]
S2 gupdate1c9e1c29e02f02c;Google Update Service (gupdate1c9e1c29e02f02c);c:\program files\Google\Update\GoogleUpdate.exe [31/05/2009 09:37 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [31/05/2009 09:37 133104]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 14:16 753504]
S4 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [06/04/2008 23:36 159616]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-31 07:37]
.
2011-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-31 07:37]
.
2011-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1390067357-725345543-1003Core.job
- c:\documents and settings\Bozovic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-05 09:57]
.
2011-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1390067357-725345543-1003UA.job
- c:\documents and settings\Bozovic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-05 09:57]
.
2011-09-11 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 21:44]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: &Download All with FlashGet - c:\progra~1\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\progra~1\FlashGet\jc_link.htm
IE: &Encyclopedia - http://files.db3nf.com/scripts/ie-e.htm
IE: &WordWeb... - c:\windows\wweb32.dll/lookup.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254 89.216.1.30
FF - ProfilePath - c:\documents and settings\Bozovic\Application Data\Mozilla\Firefox\Profiles\66mg8zs2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-12 00:09
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-448539723-1390067357-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{148FFA9A-28E9-4AE7-4CD0-109FFC55A20D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abhokejgioddemkpidmifkandiconcidho"=hex:61,61,00,00
"bbhokejgioddemkpidlicmjeckoenggjodke"=hex:61,61,00,00
.
[HKEY_LOCAL_MACHINE\software\Xanthic\{EAC0842F-9764-03DD-A0B6-5FFFB48AD6EB}*_]
"fr"="078F587452535F"
"lr"="078F465952535F"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3492)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-09-12 00:20:05
ComboFix-quarantined-files.txt 2011-09-11 22:19
ComboFix2.txt 2011-09-04 07:29
ComboFix3.txt 2010-02-14 01:35
ComboFix4.txt 2010-01-15 19:25
.
Pre-Run: 5,970,001,920 bytes free
Post-Run: 5,961,691,136 bytes free
.
- - End Of File - - DA1CB50490E6A49B3B9A91F2F2A5D314


Thank you.

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:39 AM

Posted 11 September 2011 - 06:00 PM

The registry problem still exists. Please rerun using this script

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

RegNull::
[HKEY_USERS\S-1-5-21-448539723-1390067357-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{148FFA9A-28E9-4AE7-4CD0-109FFC55A20D}*]
[HKEY_LOCAL_MACHINE\software\Xanthic\{EAC0842F-9764-03DD-A0B6-5FFFB48AD6EB}*_]


Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Posted Image
m0le is a proud member of UNITE

#7 Arwen86

Arwen86
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 11 September 2011 - 06:55 PM

ComboFix 11-09-11.06 - Bozovic 12/09/2011 1:39.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.496 [GMT 2:00]
Running from: c:\documents and settings\Bozovic\Desktop\Programi\ComboFix.exe
Command switches used :: c:\documents and settings\Bozovic\Desktop\Programi\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2011-08-11 to 2011-09-11 )))))))))))))))))))))))))))))))
.
.
2011-08-30 12:56 . 2011-08-30 12:56 -------- d-----w- c:\documents and settings\Bozovic\Local Settings\Application Data\ArcSoft
2011-08-30 12:55 . 2011-08-31 12:57 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2011-08-30 12:54 . 2011-08-30 12:54 -------- d-----w- c:\program files\Common Files\ArcSoft
2011-08-30 12:54 . 2011-08-30 12:54 -------- d-----w- c:\program files\ArcSoft
2011-08-29 07:40 . 2011-08-29 07:40 -------- d-----w- c:\program files\Conduit
2011-08-29 07:40 . 2011-08-29 07:40 -------- d-----w- c:\documents and settings\Bozovic\Local Settings\Application Data\BitTorrentBar
2011-08-29 07:40 . 2011-08-29 07:40 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-08-29 07:40 . 2011-08-29 07:40 -------- d-----w- c:\documents and settings\Bozovic\Local Settings\Application Data\Conduit
2011-08-29 07:39 . 2011-08-29 07:39 -------- d-----w- c:\program files\BitTorrent
2011-08-29 07:38 . 2011-09-04 06:31 -------- d-----w- c:\documents and settings\Bozovic\Application Data\BitTorrent
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-06 20:45 . 2010-06-30 05:21 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2008-03-29 07:20 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-03-01 23:03 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2008-04-02 22:00 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2008-03-29 07:20 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2008-03-29 07:20 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2008-03-29 07:20 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2008-03-29 07:20 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2008-04-02 22:00 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2008-03-29 07:20 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-08-20 02:36 . 2011-05-23 20:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-06 17:52 . 2010-12-21 05:07 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2010-12-21 05:07 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-09 10:11 . 2011-05-08 12:49 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-09-04_07.21.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-11 22:52 . 2011-09-11 22:52 16384 c:\windows\Temp\Perflib_Perfdata_1f0.dat
+ 2011-09-09 21:51 . 2011-09-09 21:51 22016 c:\windows\Installer\16b9540f.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBitT.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2011-03-28 16:22 176936 ----a-w- c:\program files\BitTorrentBar\prxtbBitT.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBitT.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Device Detector"="DevDetect.exe -autorun" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"nwiz"="nwiz.exe" [2007-12-04 1626112]
"ChangeFilterMerit"="c:\program files\PlayTV DVR\ChangeFilterMerit.exe" [2005-05-17 40960]
"PVRemote"="c:\program files\PlayTV DVR\Remote\PVRemote.exe" [2007-02-13 417792]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-04 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
.
c:\documents and settings\Bozovic\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\palmOne\HOTSYNC.EXE [2004-3-4 299008]
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2008-8-20 19968]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2007-3-23 11000]
DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2009-6-6 24576]
TotalMedia Backup Monitor.lnk - c:\program files\ArcSoft\TotalMedia Backup\uBBMonitor.exe [2011-8-30 331776]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk /k:C /k:D /k:F /k:G *
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Alias SketchBook Snapshot.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Alias SketchBook Snapshot.lnk
backup=c:\windows\pss\Alias SketchBook Snapshot.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher 2.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher 2.lnk
backup=c:\windows\pss\Exif Launcher 2.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-06 22:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-05-27 12:52 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CorelDRAW Graphics Suite 11b]
2003-11-25 11:39 729088 ----a-w- c:\program files\Corel\Corel Graphics 12\Languages\EN\Programs\registration.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
2007-09-25 09:29 2007088 ----a-w- c:\program files\FlashGet\flashget.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
2006-11-28 00:12 2658304 ----a-w- c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
2006-06-27 15:21 1449984 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2007-08-07 00:05 200704 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]
2007-08-23 05:01 450808 ----a-w- c:\program files\Registry Clean Expert\RCHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
2002-02-04 20:32 53248 ------w- c:\program files\REGSHAVE\REGSHAVE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 18:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 13:28 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 00:11 132496 ----a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\LMabcoms.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Documents and Settings\\Bozovic\\Desktop\\utorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
"30301:TCP"= 30301:TCP:30301
"6888:TCP"= 6888:TCP:6888
.
R0 Achernar;Achernar - SCSI Command Filters;c:\windows\system32\drivers\Achernar.sys [25/07/2007 15:30 16855]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [06/04/2008 23:36 5248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [02/03/2011 01:03 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [03/04/2008 00:00 320856]
R1 CXAVSAUD;Prolink 2388x Audio Capture;c:\windows\system32\drivers\pvavsaud.sys [25/07/2007 15:23 9984]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/04/2008 00:00 20568]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 hl_mull;hl_mull;c:\windows\system32\drivers\hl_mull.sys [02/04/2010 21:23 67712]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [21/12/2010 07:07 366640]
R2 PVTUNE;Prolink 2388x Tuner;c:\windows\system32\drivers\pv88tune.sys [25/07/2007 15:23 32896]
R3 Aldebaran;Aldebaran - SCSI Command Filters;c:\windows\system32\drivers\Aldebaran.sys [25/07/2007 15:30 21808]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21/12/2010 07:07 22712]
R3 pvavXBAR;Prolink 2388x AVStream Crossbar;c:\windows\system32\drivers\pvavxbar.sys [25/07/2007 15:23 11776]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\documents and settings\Bozovic\Desktop\VCdRom.sys --> c:\documents and settings\Bozovic\Desktop\VCdRom.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 14:16 130384]
S2 gupdate1c9e1c29e02f02c;Google Update Service (gupdate1c9e1c29e02f02c);c:\program files\Google\Update\GoogleUpdate.exe [31/05/2009 09:37 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [31/05/2009 09:37 133104]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 14:16 753504]
S4 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [06/04/2008 23:36 159616]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-31 07:37]
.
2011-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-31 07:37]
.
2011-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1390067357-725345543-1003Core.job
- c:\documents and settings\Bozovic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-05 09:57]
.
2011-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1390067357-725345543-1003UA.job
- c:\documents and settings\Bozovic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-05 09:57]
.
2011-09-11 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 21:44]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: &Download All with FlashGet - c:\progra~1\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\progra~1\FlashGet\jc_link.htm
IE: &Encyclopedia - http://files.db3nf.com/scripts/ie-e.htm
IE: &WordWeb... - c:\windows\wweb32.dll/lookup.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254 89.216.1.30
FF - ProfilePath - c:\documents and settings\Bozovic\Application Data\Mozilla\Firefox\Profiles\66mg8zs2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-12 01:50
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3280)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-09-12 01:54:01
ComboFix-quarantined-files.txt 2011-09-11 23:53
ComboFix2.txt 2011-09-11 22:20
ComboFix3.txt 2011-09-04 07:29
ComboFix4.txt 2010-02-14 01:35
ComboFix5.txt 2011-09-11 23:37
.
Pre-Run: 5,953,380,352 bytes free
Post-Run: 5,936,291,840 bytes free
.
- - End Of File - - F619AF6731DD8BF15AB5FB6909F89CB0

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:39 AM

Posted 11 September 2011 - 08:09 PM

...and there they go! :)

Please next scan online with ESET

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.
Posted Image
m0le is a proud member of UNITE

#9 Arwen86

Arwen86
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 12 September 2011 - 07:32 AM

This is what I got when I clicked Export to file...

C:\Documents and Settings\Bozovic\Desktop\Programi\MediaInfo_GUI_0.7.48_Windows_i386.exe Win32/OpenCandy application deleted - quarantined
C:\System Volume Information\_restore{00F79107-CF5B-4907-9D33-6E7750A5AF45}\RP909\A0152995.exe Win32/OpenCandy application deleted - quarantined

Is the ESET scan safe to use on my own from time to time?

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:39 AM

Posted 12 September 2011 - 05:00 PM

Yes, the ESET scan is perfectly safe.

The log shows one file which was the original infected file and another file which is a system restore folder entry and they will be removed when we're done anyway.

How's the machine doing?
Posted Image
m0le is a proud member of UNITE

#11 Arwen86

Arwen86
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 13 September 2011 - 08:45 AM

A lot better. It took less time to restart, it seems more stable and overall it's faster. Oh and I was pleasantly surprised to see that Firefox is not consuming all of the available memory (I'm assuming it's to do with less or no viruses at all).

Thank you very much! I was on a verge of formatting C in the hope that something might work afterwards. You saved me.

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:39 AM

Posted 13 September 2011 - 02:08 PM

No problem, let's clear up and secure the machine

You're clean. Good stuff! :thumbup2:

Let's do some clearing up

If you used DeFogger now is the time to enable your CD emulation software again.

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    (For Vista/Windows 7 please click Start -> All Programs -> Accessories -> Run)
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between "Combofix" and "/")
  • Please follow the prompts to uninstall Combofix.
  • You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
This will uninstall Combofix and anything associated with it.


We Need to Clean Up our Mess
Download and Run OTC

We will now remove the tools we used during this fix using OTC.

  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Use and update your AntiVirus Software

You must have a good antivirus. There are plenty to choose from but I personally recommend the free options of Avast and Avira Antivir - though if you choose Avira you should make sure that you uncheck the box offering to install the Ask toolbar. If you want to purchase a security program then I recommend any of the following: AVG, Norton, McAfee, Kaspersky and ESET Nod32.

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

Use this next program to check for updates for programs already on your system. Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically, make sure that updates on any that are flagged are carried out as soon as possible

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it Arwen86, happy surfing!

Cheers.

m0le
Posted Image
m0le is a proud member of UNITE

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:39 AM

Posted 17 September 2011 - 07:19 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users