Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Removing Google Redirect Virus


  • This topic is locked This topic is locked
20 replies to this topic

#1 googster

googster

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 27 November 2011 - 10:38 AM

Hello. I am new to the site and I need help with the google redirect virus. I have read through several topics and articles here on the site, but so far what I have read and tried is not working. I apologize in advance if I am not following the proper procedure, but so far nothing else has worked.

As I said, I read through some of the removal guides and followed the instructions to install the TDSS Killer application. However something is blocking it from running I guess, because everytime I try to run it, nothing happens. I even renamed it as iexplorer.exe and iexplorer.com and abcd.com, but nothing works. In addition to the redirect virus, I am also have the symptoms described by others when internet explorer runs radio ads in the background. I have also watched cookies pop up as fast as I could delete them. I have also tried Hitman Pro 3.5, Adaware, TrendMicro Housecall, Sophos Endpoint Security, and Malwarebytes. Nothing is working.

I have a Dell Vostro 200 desktop, windows xp, intel dual core processer. Please let me know what other info you may need. And thanks in advance for any help...this is really getting frustrating.

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:44 PM

Posted 27 November 2011 - 03:04 PM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 googster

googster
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 27 November 2011 - 07:23 PM

Thanks for the quick reply and help/advice. Pasted below are the logs for the DDS scans. I also did the GMER scan, but two things happened. First, I got an error message as it loaded that said, LoadDriver Error, and something about "can't create stable subkey under a volatile parent key". After that the window for GMER came up, but I was unable to check/uncheck the proper boxes as suggested in the prep guide...it would only allow me to check 3 of the boxes...services, registry, files. None of the other boxes could be checked. I did the scan as is, but it said it found nothing. I did not copy this log since it found nothing. Is there something I can do to fix the check boxes before I scan it again?

Here are the logs, both dds and attach (they are quite lengthy):

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by Mom and Dad at 18:23:34 on 2011-11-27
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.160 [GMT -5:00]
.
AV: Sophos Anti-Virus *Enabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dldocoms.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCM3.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.montgomerycountymd.gov/content/FireRescue/dcQuicklinks/
mURLSearchHooks: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [HelpData] rundll32.exe "c:\documents and settings\mom and dad\local settings\application data\help\helpdata\Helpdata.dll",DllRegisterServer
uRun: [Mozilla Update] rundll32 "c:\documents and settings\mom and dad\local settings\application data\{3248f0a6-6813-11d6-a77b-00b0d0150060}\{3248f0a6-6813-11d6-a77b-00b0d0150060}update\{3248F0A6-6813-11D6-A77B-00B0D0150060}updt32.dll",DllRegisterServer
uRun: [IntelVerifierUpdate] rundll32.exe "c:\documents and settings\all users\application data\IntelVerifierUpdate.dll",DllRegisterServer
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Sophos AutoUpdate Monitor] c:\program files\sophos\autoupdate\almon.exe
dRun: [HelpData] rundll32.exe "c:\documents and settings\mom and dad\local settings\application data\help\helpdata\Helpdata.dll",DllRegisterServer
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{21A3D036-17F7-453B-8BFC-4129F9ECEB5C} : NameServer = 68.28.104.132 68.28.105.132
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2011-11-12 153728]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2011-11-12 24192]
R1 SKMScan;SKMScan;c:\windows\system32\drivers\skmscan.sys [2011-11-12 31736]
R2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe -service --> c:\windows\system32\dldocoms.exe -service [?]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2011-11-12 167960]
R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2011-11-12 99864]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2011-5-6 232472]
R2 swi_service;Sophos Web Intelligence Service;c:\program files\sophos\sophos anti-virus\web intelligence\swi_service.exe [2011-11-12 1543704]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2007-8-16 99200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldoserv.exe [2008-4-5 99568]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-27 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-27 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2007-8-16 13824]
S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [2011-11-12 24312]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-10 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2011-11-12 14976]
.
=============== Created Last 30 ================
.
2011-11-27 15:24:22 -------- d-----w- c:\windows\SxsCaPendDel
2011-11-25 13:58:37 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-25 13:58:14 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-11-25 13:56:01 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro
2011-11-24 08:00:46 116224 ----a-w- c:\documents and settings\all users\application data\IntelVerifierUpdate.dll
2011-11-15 13:55:06 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-15 13:40:57 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection
2011-11-15 13:40:54 -------- d-----w- c:\program files\Toolbar Cleaner
2011-11-12 23:26:53 -------- d--h--w- c:\windows\PIF
2011-11-12 21:41:19 -------- d-----w- c:\documents and settings\mom and dad\local settings\application data\Sophos
2011-11-12 21:34:22 -------- d-----w- c:\documents and settings\all users\application data\Sophos Web Intelligence
2011-11-12 21:33:47 -------- d-----w- c:\program files\common files\Cisco Systems
2011-11-12 21:33:30 30744 ----a-w- c:\windows\system32\SophosBootTasks.exe
2011-11-12 21:33:19 -------- d-----w- c:\documents and settings\all users\application data\Sophos
2011-11-12 21:29:53 153728 ----a-w- c:\windows\system32\drivers\savonaccesscontrol.sys
2011-11-12 21:26:45 24192 ----a-w- c:\windows\system32\drivers\savonaccessfilter.sys
2011-11-12 21:19:44 14976 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys
2011-11-12 21:18:39 24312 ----a-w- c:\windows\system32\drivers\sdcfilter.sys
2011-11-12 21:17:11 31736 ----a-w- c:\windows\system32\drivers\skmscan.sys
2011-11-12 21:15:37 131824 ----a-w- c:\windows\system32\sdccoinstaller.dll
2011-11-12 21:05:07 -------- d-----w- c:\program files\Sophos
2011-11-12 21:04:01 -------- d---a-w- C:\savinst
2011-11-12 19:30:04 -------- d-----w- C:\TEMP
2011-11-10 03:08:50 -------- d-----w- c:\documents and settings\mom and dad\local settings\application data\Microsoft_Corporation
2011-11-09 22:38:03 296030 ----a-w- c:\windows\system32\shimg.dll
2011-11-04 22:32:07 -------- d-----w- c:\documents and settings\mom and dad\application data\Windows Search
2011-11-01 20:55:18 -------- d-----w- c:\program files\iPod
2011-11-01 20:50:52 -------- d-----w- c:\program files\Bonjour
2011-11-01 18:33:46 -------- d-----w- c:\windows\system32\winrm
2011-11-01 18:33:41 -------- dc----w- c:\windows\$968930Uinstall_KB968930$
2011-11-01 13:52:11 6144 ------w- c:\windows\system32\dllcache\iecompat.dll
2011-11-01 13:47:05 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-11-01 13:44:39 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-11-01 13:44:39 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2011-11-01 13:27:25 -------- d-----w- c:\windows\system32\XPSViewer
2011-11-01 13:26:42 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-11-01 13:24:07 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-11-01 13:24:07 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-11-01 13:24:07 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-11-01 13:24:07 117760 ------w- c:\windows\system32\prntvpt.dll
2011-11-01 13:24:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-11-01 13:24:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-11-01 13:24:05 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-11-01 13:24:05 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2011-11-01 13:24:02 -------- d-----w- C:\39f90df1e60f22bd4ad1
2011-11-01 13:17:09 -------- d-----w- c:\documents and settings\mom and dad\local settings\application data\Identities
2011-11-01 13:17:07 -------- d-----w- c:\documents and settings\mom and dad\application data\Windows Desktop Search
2011-11-01 13:16:29 -------- d-----w- c:\windows\system32\GroupPolicy
2011-11-01 13:16:29 -------- d-----w- c:\program files\Windows Desktop Search
2011-11-01 13:14:58 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2011-11-01 13:14:58 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2011-11-01 13:14:58 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
.
==================== Find3M ====================
.
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-08 16:06:32 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-09-08 16:02:42 88 --sh--r- c:\windows\system32\54FC9A4C35.sys
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 03:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 03:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll
.
============= FINISH: 18:30:30.37 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/5/2008 1:29:29 PM
System Uptime: 11/27/2011 10:08:32 AM (8 hours ago)
.
Motherboard: Dell Inc. | | 0CU409
Processor: Intel® Pentium® Dual CPU E2160 @ 1.80GHz | Socket 775 | 1795/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 79.265 GiB free.
D: is CDROM (UDF)
E: is Removable
F: is Removable
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 10/24/2011 8:22:52 PM - System Checkpoint
RP2: 10/26/2011 3:40:28 AM - System Checkpoint
RP3: 10/28/2011 6:39:41 PM - System Checkpoint
RP4: 10/31/2011 11:58:05 AM - System Checkpoint
RP5: 11/1/2011 8:35:04 AM - Software Distribution Service 3.0
RP6: 11/1/2011 9:14:50 AM - Software Distribution Service 3.0
RP7: 11/1/2011 10:20:31 AM - Printer Driver Microsoft XPS Document Writer Installed
RP8: 11/1/2011 2:15:15 PM - Software Distribution Service 3.0
RP9: 11/1/2011 4:19:19 PM - Software Distribution Service 3.0
RP10: 11/1/2011 4:53:20 PM - Installed iTunes
RP11: 11/4/2011 6:26:28 PM - Software Distribution Service 3.0
RP12: 11/5/2011 9:43:20 AM - Software Distribution Service 3.0
RP13: 11/6/2011 9:29:39 AM - System Checkpoint
RP14: 11/7/2011 12:25:09 PM - System Checkpoint
RP15: 11/8/2011 5:44:13 PM - System Checkpoint
RP16: 11/9/2011 6:47:41 PM - System Checkpoint
RP17: 11/10/2011 7:10:44 AM - Software Distribution Service 3.0
RP18: 11/11/2011 3:00:17 AM - Software Distribution Service 3.0
RP19: 11/12/2011 3:59:44 AM - System Checkpoint
RP20: 11/13/2011 4:39:27 AM - System Checkpoint
RP21: 11/14/2011 5:34:19 AM - System Checkpoint
RP22: 11/15/2011 7:06:27 AM - System Checkpoint
RP23: 11/15/2011 8:39:20 AM - Installed Ad-Aware
RP24: 11/15/2011 8:40:22 AM - Installed Ad-Aware
RP25: 11/16/2011 11:05:18 AM - System Checkpoint
RP26: 11/17/2011 6:30:16 PM - System Checkpoint
RP27: 11/18/2011 6:48:51 PM - System Checkpoint
RP28: 11/19/2011 8:43:25 PM - System Checkpoint
RP29: 11/20/2011 9:07:39 PM - System Checkpoint
RP30: 11/21/2011 10:02:03 PM - System Checkpoint
RP31: 11/22/2011 10:24:14 PM - System Checkpoint
RP32: 11/24/2011 3:32:01 AM - System Checkpoint
RP33: 11/25/2011 4:48:36 AM - System Checkpoint
RP34: 11/26/2011 5:14:04 AM - System Checkpoint
RP35: 11/27/2011 10:23:37 AM - Removed Ad-Aware
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Acrobat.com
Add-ons
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11
Advanced Network Diagramming
Advanced Network Diagramming Help
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Arthur's Adventures With D.W.
AutoDiscovery and Layout
AutoDiscovery and Layout Help
Block Diagrams
Block Diagrams Help
Bonjour
Borders and Backgrounds
Borders and Backgrounds Help
Browser Address Error Redirector
BTrieve
CAD Drawing Converter
CAD Drawing Converter Help
CAD Drawing Display
Callouts and Connectors
Callouts and Connectors Help
Clip Art and Symbols
Clip Art and Symbols Help
Conexant D850 PCI V.92 Modem
Corel Snapfire muvee autoProducer add-on
Corel Snapfire Plus
Critical Update for Windows Media Player 11 (KB959772)
Custom Properties Editor
CutePDF Writer 2.8
Database Design
Database Design Help
Database Wizard
Dell 968 AIO Printer
Dell Automated PC TuneUp
Dell DataSafe Online
Dell Driver Reset Tool
Dell Network Assistant
Dell Support Center (Support Software)
Developing Visio Solutions Help
Digital Line Detect
Directory Services
Directory Services Help
Disney Mix-It Plug-in and Windows Media Player Skin
Disney Mix Central
EPSON CardMonitor
EPSON PhotoStarter3.0
EPSON PictureMate Deluxe User's Guide
EPSON Printer Software
FA Phonics Made Easy
Film Factory
Flowcharts
Flowcharts Help
Forms and Charts
Forms and Charts Help
GIMP 2.6.11
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
Graphics Filters
Help for Visio 2000 (HTML Help)
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections 12.1.8.0
Internet Diagrams
Internet Diagrams Help
iTunes
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 11
Java™ 6 Update 7
LDAP Driver
Little Bear Rainy Day Activities
Maps
Maps Help
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Repository
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visio 2000
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio Service Pack 3
Mobile Broadband Generic Drivers
MobileMe Control Panel
Modem Diagnostics Tool
MSDE
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
muvee autoProducer 5.0
NDS Extensions
NetWaiting
Network Diagrams
Network Diagrams Help
Office Layout
Office Layout Help
Organization Charts
Organization Charts Help
Orly's Draw-A-Story
Page Layout Wizard
PowerDVD
Program Files
Program Files Enterprise
Program Files Enterprise Help
Program Files Help
Project Schedules
Project Schedules Help
Property Reporting Wizard
Puppy Luv
QuickTime
Realtek High Definition Audio Driver
Release Notes
Release Notes Enterprise
Safari
Save as HTML
SearchAssist
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shape Explorer Help
Software Design
Software Design Help
Solutions
Sophos Anti-Virus
Sophos AutoUpdate
Sprint Mobile Broadband (Novatel Wireless) - Lite
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VBA
Visio
Visio Core Files
VoiceOver Kit
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
11/27/2011 10:24:22 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
11/23/2011 10:00:41 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the dldoCATSCustConnectService service to connect.
11/23/2011 10:00:41 AM, error: Service Control Manager [7000] - The dldoCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/22/2011 4:25:06 PM, error: SAVOnAccessControl [85] - File [...ystem32\ntdll.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process AAWService.exe, (start check timestamp [ 1cca95d33cca3e6]).
11/22/2011 4:25:06 PM, error: SAVOnAccessControl [85] - File [...ystem32\csrss.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process AAWService.exe, (start check timestamp [ 1cca95d345bb0fe]).
11/22/2011 4:25:06 PM, error: SAVOnAccessControl [85] - File [...stem32\csrsrv.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process AAWService.exe, (start check timestamp [ 1cca95d345e1358]).
11/22/2011 4:25:05 PM, error: SAVOnAccessControl [85] - File [...system32\smss.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process AAWService.exe, (start check timestamp [ 1cca95d33a8e0a0]).
11/22/2011 4:25:05 PM, error: SAVOnAccessControl [85] - File [...oUpdate\ALsvc.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SavMain.exe, (start check timestamp [ 1cca95d33c0b824]).
11/22/2011 4:25:05 PM, error: SAVOnAccessControl [85] - File [...eatManagement.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SavMain.exe, (start check timestamp [ 1cca95d339f5738]).
11/22/2011 4:25:05 PM, error: SAVOnAccessControl [85] - File [...canManagement.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SavMain.exe, (start check timestamp [ 1cca95d3424dae8]).
11/22/2011 4:25:05 PM, error: SAVOnAccessControl [85] - File [...\ICManagement.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SAVAdminService, (start check timestamp [ 1cca95d3398302a]).
11/22/2011 4:25:04 PM, error: SAVOnAccessControl [85] - File [...ponentManager.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SavMain.exe, (start check timestamp [ 1cca95d33746ce4]).
11/22/2011 4:25:04 PM, error: SAVOnAccessControl [85] - File [...ponentManager.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SAVAdminService, (start check timestamp [ 1cca95d33746ce4]).
11/22/2011 4:24:25 PM, error: Service Control Manager [7034] - The Sophos Anti-Virus service terminated unexpectedly. It has done this 1 time(s).
11/22/2011 4:24:24 PM, error: SAVOnAccessControl [566] - Communication error between on-access driver and service for a modification of file "refetch\DRWTSN32.EXE-01DDCF15.pf" by process svchost.exe .
11/22/2011 4:24:24 PM, error: SAVOnAccessControl [564] - Communication error between on-access driver and service for access of registry value [44A35E5BFD25BD9AF\Usage SAVService] by process svchost.exe.
11/22/2011 4:24:24 PM, error: SAVOnAccessControl [37] - Driver threads still active when driver is being shutdown.
11/22/2011 12:36:56 PM, error: SAVOnAccessControl [85] - File [...\security\cacerts]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process jqs.exe, (start check timestamp [ 1cca93d546f0384]).
11/22/2011 12:36:55 PM, error: SAVOnAccessControl [85] - File [...lib\resources.jar]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process jqs.exe, (start check timestamp [ 1cca93d543f547c]).
11/22/2011 12:36:55 PM, error: SAVOnAccessControl [85] - File [...em32\SETUPAPI.DLL]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process jqs.exe, (start check timestamp [ 1cca93d5422b844]).
11/22/2011 12:36:55 PM, error: SAVOnAccessControl [85] - File [...e6\lib\plugin.jar]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process jqs.exe, (start check timestamp [ 1cca93d54382d6e]).
11/22/2011 12:36:55 PM, error: SAVOnAccessControl [85] - File [...e6\lib\meta-index]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process jqs.exe, (start check timestamp [ 1cca93d54382d6e]).
11/22/2011 12:36:55 PM, error: SAVOnAccessControl [85] - File [...e6\lib\javaws.jar]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process jqs.exe, (start check timestamp [ 1cca93d5435cb14]).
11/22/2011 12:36:55 PM, error: SAVOnAccessControl [85] - File [...e6\lib\deploy.jar]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process jqs.exe, (start check timestamp [ 1cca93d54310660]).
11/22/2011 12:36:55 PM, error: SAVOnAccessControl [85] - File [...a\jre6\lib\rt.jar]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process jqs.exe, (start check timestamp [ 1cca93d543f547c]).
11/22/2011 12:36:54 PM, error: SAVOnAccessControl [85] - File [...ponentManager.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SAVAdminService, (start check timestamp [ 1cca93d5349c246]).
11/22/2011 12:36:54 PM, error: SAVOnAccessControl [85] - File [...\ICManagement.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SAVAdminService, (start check timestamp [ 1cca93d534e86fa]).
11/22/2011 12:36:45 PM, error: Service Control Manager [7034] - The Sophos Anti-Virus service terminated unexpectedly. It has done this 2 time(s).
11/22/2011 12:28:52 PM, error: SAVOnAccessControl [85] - File [...ystem32\ntdll.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process AAWService.exe, (start check timestamp [ 1cca93c343c626a]).
11/22/2011 12:28:52 PM, error: SAVOnAccessControl [85] - File [...ystem32\csrss.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process AAWService.exe, (start check timestamp [ 1cca93c34674cbe]).
11/22/2011 12:28:52 PM, error: SAVOnAccessControl [85] - File [...system32\smss.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process AAWService.exe, (start check timestamp [ 1cca93c343a0010]).
11/22/2011 12:28:52 PM, error: SAVOnAccessControl [85] - File [...stem32\csrsrv.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process AAWService.exe, (start check timestamp [ 1cca93c346e73cc]).
11/22/2011 12:28:51 PM, error: SAVOnAccessControl [85] - File [...ponentManager.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SavMain.exe, (start check timestamp [ 1cca93c3349328e]).
11/22/2011 12:28:51 PM, error: SAVOnAccessControl [85] - File [...ponentManager.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SAVAdminService, (start check timestamp [ 1cca93c3349328e]).
11/22/2011 12:28:51 PM, error: SAVOnAccessControl [85] - File [...oUpdate\ALsvc.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SavMain.exe, (start check timestamp [ 1cca93c33741ce2]).
11/22/2011 12:28:51 PM, error: SAVOnAccessControl [85] - File [...eatManagement.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SavMain.exe, (start check timestamp [ 1cca93c334b94e8]).
11/22/2011 12:28:51 PM, error: SAVOnAccessControl [85] - File [...canManagement.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SavMain.exe, (start check timestamp [ 1cca93c3397e028]).
11/22/2011 12:28:51 PM, error: SAVOnAccessControl [85] - File [...\ICManagement.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SAVAdminService, (start check timestamp [ 1cca93c334b94e8]).
11/20/2011 7:22:07 PM, error: Print [6161] - The document https://www.onlinebanking.pnc.com/alservlet/DepositActivityServ owned by Mom and Dad failed to print on printer Dell 968 AIO Printer. Data type: LEMF. Size of the spool file in bytes: 8704010. Number of bytes printed: 0. Total number of pages in the document: 11. Number of pages printed: 7. Client machine: \\OFFICE. Win32 error code returned by the print processor: 0 (0x0).
.
==== End Of File ===========================

Thank you again. Look forward to next reply.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:44 PM

Posted 28 November 2011 - 12:04 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 googster

googster
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 28 November 2011 - 01:08 PM

Thank you so much for the reply and help information. Unfortunately I don't think the combofix scan fixed anything. I ran the scan...I originally had a little trouble disabling my Sophos Endpoint Security virus protection. I read the instructions in your link, which had me disable on access scanning. However there was still "suspicious behavior" protection on and that stopped the combofix from installing the first time around. Once I turned that off, it seemed to load fine and the scan did run.

The scan took 40 minutes. The remainder of the process took about another 20 minutes. Some files were deleted. After it was finished I attempted to go online (after I re-enabled my virus protection from Sophos).

1. The google redirect virus is apparently still present, as I am still being redirected when I click on a search link.

2. Internet explorer is still apparently running in the background. It is present in "processes" when I open the task manager, and my "usage" of MB is still going up even when I don't start internet explorer myself.

Here is the combo fix log. So what do we do now?

Thank you again.

By the way, the post was too long, so I am posting it in a seperate post, maybe two.

#6 googster

googster
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 28 November 2011 - 01:16 PM

ComboFix 11-11-28.02 - Mom and Dad 11/28/2011 11:47:53.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.408 [GMT -5:00]
Running from: c:\documents and settings\Mom and Dad\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\IntelVerifierUpdate.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Mom and Dad\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}\{3248F0A6-6813-11D6-A77B-00B0D0150060}Update\{3248F0A6-6813-11D6-A77B-00B0D0150060}updt32.dll
c:\documents and settings\Mom and Dad\Local Settings\Application Data\Help\HelpData\Helpdata.dll
c:\windows\system32\shimg.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-28 )))))))))))))))))))))))))))))))
.
.
2011-11-27 15:24 . 2011-11-28 15:51 -------- d-----w- c:\windows\SxsCaPendDel
2011-11-25 13:58 . 2011-11-25 20:12 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-25 13:58 . 2011-11-25 13:58 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-11-25 13:56 . 2011-11-25 13:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-11-18 23:20 . 2011-11-18 23:20 -------- d-----w- c:\documents and settings\Courtney Green\Application Data\Windows Search
2011-11-18 23:19 . 2011-11-18 23:19 -------- d-----w- c:\documents and settings\Courtney Green\Application Data\adawaretb
2011-11-18 21:36 . 2011-11-18 21:36 -------- d-----w- c:\documents and settings\Courtney Green\Local Settings\Application Data\adaware
2011-11-15 13:55 . 2011-11-15 13:55 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-15 13:40 . 2011-11-15 13:40 -------- d-----w- c:\program files\Toolbar Cleaner
2011-11-15 13:40 . 2011-11-27 15:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-11-12 23:26 . 2011-11-12 23:26 -------- d--h--w- c:\windows\PIF
2011-11-12 21:41 . 2011-11-12 21:41 -------- d-----w- c:\documents and settings\Mom and Dad\Local Settings\Application Data\Sophos
2011-11-12 21:34 . 2011-11-12 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos Web Intelligence
2011-11-12 21:33 . 2011-11-12 21:33 -------- d-----w- c:\program files\Common Files\Cisco Systems
2011-11-12 21:33 . 2011-11-12 21:26 30744 ----a-w- c:\windows\system32\SophosBootTasks.exe
2011-11-12 21:33 . 2011-11-12 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2011-11-12 21:29 . 2011-11-12 21:29 153728 ----a-w- c:\windows\system32\drivers\savonaccesscontrol.sys
2011-11-12 21:26 . 2011-11-12 21:26 24192 ----a-w- c:\windows\system32\drivers\savonaccessfilter.sys
2011-11-12 21:19 . 2011-11-12 21:19 14976 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys
2011-11-12 21:18 . 2011-11-12 21:18 24312 ----a-w- c:\windows\system32\drivers\sdcfilter.sys
2011-11-12 21:17 . 2011-11-12 21:17 31736 ----a-w- c:\windows\system32\drivers\skmscan.sys
2011-11-12 21:15 . 2011-11-12 21:15 131824 ----a-w- c:\windows\system32\sdccoinstaller.dll
2011-11-12 21:05 . 2011-11-12 21:33 -------- d-----w- c:\program files\Sophos
2011-11-12 21:04 . 2011-11-12 21:04 -------- d---a-w- C:\savinst
2011-11-12 19:30 . 2011-11-12 19:38 -------- d-----w- C:\TEMP
2011-11-10 03:08 . 2011-11-10 03:08 -------- d-----w- c:\documents and settings\Mom and Dad\Local Settings\Application Data\Microsoft_Corporation
2011-11-04 22:32 . 2011-11-04 22:32 -------- d-----w- c:\documents and settings\Mom and Dad\Application Data\Windows Search
2011-11-01 20:55 . 2011-11-01 20:55 -------- d-----w- c:\program files\iPod
2011-11-01 20:51 . 2011-11-01 20:51 -------- d-----w- c:\program files\Apple Software Update
2011-11-01 20:51 . 2011-11-01 20:51 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-11-01 20:50 . 2011-11-01 20:50 -------- d-----w- c:\program files\Bonjour
2011-11-01 18:33 . 2011-11-01 18:33 -------- d-----w- c:\windows\system32\winrm
2011-11-01 18:33 . 2011-11-01 18:33 -------- dc----w- c:\windows\$968930Uinstall_KB968930$
2011-11-01 15:23 . 2011-11-01 15:23 -------- d-sh--w- c:\documents and settings\Courtney Green\PrivacIE
2011-11-01 15:22 . 2011-11-01 15:22 -------- d-----w- c:\documents and settings\Courtney Green\Local Settings\Application Data\Identities
2011-11-01 15:22 . 2011-11-01 15:22 -------- d-----w- c:\documents and settings\Courtney Green\Application Data\Windows Desktop Search
2011-11-01 13:57 . 2011-11-01 13:57 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-11-01 13:52 . 2011-08-16 10:45 6144 ------w- c:\windows\system32\dllcache\iecompat.dll
2011-11-01 13:47 . 2011-08-22 23:48 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-11-01 13:44 . 2011-08-17 21:32 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-11-01 13:44 . 2011-08-17 21:32 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2011-11-01 13:27 . 2011-11-01 13:27 -------- d-----w- c:\windows\system32\XPSViewer
2011-11-01 13:27 . 2011-11-01 13:27 -------- d-----w- c:\program files\MSBuild
2011-11-01 13:27 . 2011-11-01 13:27 -------- d-----w- c:\program files\Reference Assemblies
2011-11-01 13:26 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-11-01 13:24 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-11-01 13:24 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-11-01 13:24 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-11-01 13:24 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-11-01 13:24 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-11-01 13:24 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-11-01 13:24 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-11-01 13:24 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2011-11-01 13:24 . 2011-11-01 13:26 -------- d-----w- C:\39f90df1e60f22bd4ad1
2011-11-01 13:17 . 2011-11-01 13:17 -------- d-----w- c:\documents and settings\Mom and Dad\Local Settings\Application Data\Identities
2011-11-01 13:17 . 2011-11-01 13:17 -------- d-----w- c:\documents and settings\Mom and Dad\Application Data\Windows Desktop Search
2011-11-01 13:16 . 2011-11-01 19:16 -------- d-----w- c:\program files\Windows Desktop Search
2011-11-01 13:16 . 2011-11-01 13:16 -------- d-----w- c:\windows\system32\GroupPolicy
2011-11-01 13:14 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2011-11-01 13:14 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2011-11-01 13:14 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2004-08-10 19:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-10 18:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2011-09-26 15:41 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-10 18:51 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-10 18:51 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2004-08-10 18:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05 178536 ----a-w- c:\windows\system32\dnssdX.dll
.
.
.


NOTE to GRINGO:::::Snapshot portion of log removed at this point and pasted in the next post......Googster



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-29 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-14 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-14 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-14 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-14 16132608]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-14 16384]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2011-05-06 494616]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pytb]
c:\docume~1\MOMAND~1\APPLIC~1\MICROS~1\Protect\kiyukso.qh [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uedyy]
c:\docume~1\MOMAND~1\APPLIC~1\MICROS~1\Protect\hsnxuup.yw [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2007-03-21 05:33 478800 ----a-w- c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell 968 AIO Printer Fax Server]
2007-10-05 13:31 312560 ----a-w- c:\program files\Dell 968 AIO Printer\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellAutomatedPCTuneUp]
2007-10-11 14:49 465136 ----a-w- c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 16:13 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldomon.exe]
2007-10-05 13:30 455920 ----a-w- c:\program files\Dell 968 AIO Printer\dldomon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-02-14 00:21 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-03-31 21:07 1838592 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 22:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
2007-10-05 13:30 410864 ----a-w- c:\program files\Dell 968 AIO Printer\memcard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2007-09-17 16:56 124200 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-12-18 23:23 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-10-29 20:06 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\WINDOWS\\system32\\dldocoms.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\dldomon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldopswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldotime.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\dldoaiox.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\DLDOFax.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldojswx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dldocfg.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [11/12/2011 4:29 PM 153728]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [11/12/2011 4:26 PM 24192]
R1 SKMScan;SKMScan;c:\windows\system32\drivers\skmscan.sys [11/12/2011 4:17 PM 31736]
R2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe -service --> c:\windows\system32\dldocoms.exe -service [?]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [11/12/2011 4:29 PM 167960]
R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [11/12/2011 4:30 PM 99864]
R2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [11/12/2011 4:05 PM 1543704]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [8/16/2007 2:24 PM 99200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldoserv.exe [4/5/2008 12:54 PM 99568]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/27/2010 7:58 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/27/2010 7:58 PM 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [8/16/2007 2:24 PM 13824]
S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [11/12/2011 4:18 PM 24312]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/10/2004 1:51 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [11/12/2011 4:19 PM 14976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.montgomerycountymd.gov/content/FireRescue/dcQuicklinks/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{21A3D036-17F7-453B-8BFC-4129F9ECEB5C}: NameServer = 68.28.104.132 68.28.105.132
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-HelpData - c:\documents and settings\Mom and Dad\Local Settings\Application Data\Help\HelpData\Helpdata.dll
HKCU-Run-Mozilla Update - c:\documents and settings\Mom and Dad\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}\{3248F0A6-6813-11D6-A77B-00B0D0150060}Update\{3248F0A6-6813-11D6-A77B-00B0D0150060}updt32.dll
HKCU-Run-IntelVerifierUpdate - c:\documents and settings\All Users\Application Data\IntelVerifierUpdate.dll
HKU-Default-Run-HelpData - c:\documents and settings\Mom and Dad\Local Settings\Application Data\Help\HelpData\Helpdata.dll
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-osCheck - c:\program files\Norton Internet Security\osCheck.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-28 12:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1816)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dldocoms.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
c:\windows\system32\PSIService.exe
c:\program files\Sophos\AutoUpdate\ALsvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\fxssvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-11-28 12:47:38 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-28 17:47
ComboFix2.txt 2011-10-28 20:50
.
Pre-Run: 84,719,857,664 bytes free
Post-Run: 87,630,319,616 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 32FC6CB06035EDB1E64109785D87ABFB

#7 googster

googster
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 28 November 2011 - 01:17 PM

Here is the "snapshot" portion...I removed it from the middle section of the log. Hope this is OK. Thanks.


((((((((((((((((((((((((((((( SnapShot@2011-10-28_20.27.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-12 21:17 . 2011-11-12 21:17 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2011-11-28 17:23 . 2011-05-06 20:36 27672 c:\windows\temp\sophos_autoupdate1.dir\SharedRes.dll
+ 2011-11-28 17:23 . 2011-05-06 20:36 30744 c:\windows\temp\sophos_autoupdate1.dir\crypto.dll
+ 2011-11-28 17:30 . 2011-11-28 17:30 16384 c:\windows\temp\Perflib_Perfdata_b4.dat
+ 2008-05-27 02:18 . 2008-05-27 02:18 56320 c:\windows\system32\xmlfilter.dll
+ 2009-10-09 18:56 . 2009-10-09 18:56 14848 c:\windows\system32\wsmprovhost.exe
+ 2009-10-09 18:56 . 2009-10-09 18:56 12288 c:\windows\system32\wsmplpxy.dll
+ 2009-10-09 18:56 . 2009-10-09 18:56 12288 c:\windows\system32\winrssrv.dll
+ 2009-10-09 18:56 . 2009-10-09 18:56 22528 c:\windows\system32\winrshost.exe
+ 2009-10-09 20:22 . 2009-10-09 20:22 69632 c:\windows\system32\winrs.exe
+ 2009-10-09 18:56 . 2009-10-09 18:56 25088 c:\windows\system32\winrmprov.dll
+ 2009-10-09 18:56 . 2009-10-09 18:56 24064 c:\windows\system32\WindowsPowerShell\v1.0\pwrshsip.dll
+ 2008-05-27 02:19 . 2008-05-27 02:19 97792 c:\windows\system32\UncCplExt.dll
+ 2008-07-30 01:10 . 2008-07-30 01:10 26112 c:\windows\system32\TsWpfWrp.exe
+ 2008-05-27 01:59 . 2008-05-27 01:59 18904 c:\windows\system32\structuredqueryschematrivial.bin
+ 2008-03-31 21:06 . 2009-05-12 19:12 26144 c:\windows\system32\spupdsvc.exe
- 2008-03-31 21:06 . 2009-01-07 22:21 26144 c:\windows\system32\spupdsvc.exe
- 2008-12-25 16:50 . 2009-01-07 22:20 16928 c:\windows\system32\spmsg.dll
+ 2008-12-25 16:50 . 2009-05-12 19:12 16928 c:\windows\system32\spmsg.dll
+ 2008-05-27 02:17 . 2008-05-27 02:17 87552 c:\windows\system32\searchfilterhost.exe
+ 2008-05-27 02:18 . 2008-05-27 02:18 38400 c:\windows\system32\rtffilt.dll
+ 2009-10-09 20:22 . 2009-10-09 20:22 42496 c:\windows\system32\pwrshplugin.dll
+ 2008-05-27 02:18 . 2008-05-27 02:18 71680 c:\windows\system32\propdefs.dll
+ 2010-03-31 04:16 . 2010-03-31 04:16 99176 c:\windows\system32\PresentationHostProxy.dll
+ 2005-10-29 03:49 . 2005-10-29 03:49 84480 c:\windows\system32\pintool.exe
+ 2004-08-10 18:51 . 2011-11-07 16:27 88158 c:\windows\system32\perfc009.dat
+ 2008-05-27 02:19 . 2008-05-27 02:19 11264 c:\windows\system32\oephRes.dll
+ 2004-08-10 18:51 . 2008-03-07 17:02 98304 c:\windows\system32\nlhtml.dll
- 2004-08-10 18:51 . 2008-04-14 00:12 98304 c:\windows\system32\nlhtml.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 49488 c:\windows\system32\netfxperf.dll
+ 2008-05-27 02:18 . 2008-05-27 02:18 44032 c:\windows\system32\msstrc.dll
+ 2008-05-27 02:17 . 2008-05-27 02:17 32768 c:\windows\system32\mssprxy.dll
+ 2008-05-27 02:17 . 2008-05-27 02:17 87552 c:\windows\system32\mssitlb.dll
+ 2008-05-27 02:17 . 2008-05-27 02:17 11776 c:\windows\system32\msshooks.dll
+ 2008-05-27 02:17 . 2008-05-27 02:17 60416 c:\windows\system32\msscntrs.dll
+ 2008-05-27 02:17 . 2008-05-27 02:17 34816 c:\windows\system32\msscb.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 83968 c:\windows\system32\mscories.dll
- 2004-08-10 18:51 . 2008-04-14 00:11 29696 c:\windows\system32\mimefilt.dll
+ 2004-08-10 18:51 . 2008-03-07 17:02 29696 c:\windows\system32\mimefilt.dll
+ 2008-07-29 23:24 . 2008-07-29 23:24 97800 c:\windows\system32\infocardapi.dll
+ 2008-07-29 23:24 . 2008-07-29 23:24 11264 c:\windows\system32\icardres.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 70472 c:\windows\system32\dxva2.dll
+ 2011-11-01 20:51 . 2011-08-02 21:38 42496 c:\windows\system32\DRVSTORE\usbaapl_091115F4EDEB41DBA0EC91574CE905B4E0482482\usbaapl.sys
+ 2011-11-01 20:51 . 2011-08-02 21:38 18432 c:\windows\system32\DRVSTORE\netaapl_63AA05C4700EB9CAF2D048DAC1D06D764A0D4C41\netaapl.sys
+ 2008-12-25 15:12 . 2011-08-02 21:38 42496 c:\windows\system32\drivers\usbaapl.sys
- 2009-06-11 07:49 . 2009-04-30 21:22 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-06-11 07:49 . 2011-08-22 23:48 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2005-10-29 03:49 . 2005-10-29 03:49 25600 c:\windows\system32\bcsprsrc.dll
+ 2005-10-28 20:40 . 2005-10-28 20:40 96792 c:\windows\system32\basecsp.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 87408 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsFormsIntegration.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 93024 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationTypes.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 35688 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationProvider.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 17784 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Presentation.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 58240 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Input.Manipulations.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 67912 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PenIMC.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 31576 c:\windows\Microsoft.NET\Framework\v4.0.30319\WMINet_Utils.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 44920 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.ApplicationServices.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 37240 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Channels.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 64352 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Numerics.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 45952 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.Thunk.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 51032 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Device.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 50552 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.DataSetExtensions.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 81784 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Configuration.Install.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 81800 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.DataAnnotations.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 39784 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.Contract.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 68952 c:\windows\Microsoft.NET\Framework\v4.0.30319\SMDiagnostics.dll
+ 2010-03-18 19:58 . 2010-03-18 19:58 96088 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupUtility.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 78152 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\3082\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\3076\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\2070\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\2052\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1055\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1053\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1049\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1046\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1045\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1044\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 19288 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1043\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 15192 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1042\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 15704 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1041\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1040\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1038\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 16728 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1037\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1036\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1035\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1033\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 19288 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1032\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1031\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1030\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1029\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1028\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1025\SetupResources.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 13648 c:\windows\Microsoft.NET\Framework\v4.0.30319\SbsNclPerf.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 58192 c:\windows\Microsoft.NET\Framework\v4.0.30319\regtlibv12.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 32592 c:\windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 52040 c:\windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 21336 c:\windows\Microsoft.NET\Framework\v4.0.30319\normalization.dll
+ 2011-07-09 13:30 . 2011-07-09 13:30 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 27984 c:\windows\Microsoft.NET\Framework\v4.0.30319\MUI\0409\mscorsecr.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 40784 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorpe.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 20816 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscoreeis.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 12128 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualC.Dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 97680 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 36168 c:\windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 78168 c:\windows\Microsoft.NET\Framework\v4.0.30319\ISymWrapper.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 58200 c:\windows\Microsoft.NET\Framework\v4.0.30319\InstallUtilLib.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 27992 c:\windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 42312 c:\windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 11592 c:\windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 88904 c:\windows\Microsoft.NET\Framework\v4.0.30319\dfdll.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 31048 c:\windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 81248 c:\windows\Microsoft.NET\Framework\v4.0.30319\CustomMarshalers.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 44368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Culture.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 95048 c:\windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 29008 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 29528 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 29016 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\Accessibility.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 10064 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\CvtResUI.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 24400 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\alinkui.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 70648 c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 91136 c:\windows\Microsoft.NET\Framework\v3.5\MSBuild.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 40960 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Data.Entity.Build.Tasks.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 89080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2052.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 92664 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1042.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 95224 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1041.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 89592 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1028.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 84480 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2052.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 94720 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1042.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 97792 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1041.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 84992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1028.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 97280 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 95224 c:\windows\Microsoft.NET\Framework\v3.5\EdmGen.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 78856 c:\windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe
+ 2008-07-30 01:10 . 2008-07-30 01:10 46104 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2008-07-29 23:59 . 2008-07-29 23:59 32768 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2008-07-30 01:10 . 2008-07-30 01:10 71160 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2008-07-29 23:32 . 2008-07-29 23:32 17448 c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2010-04-08 03:48 . 2010-04-08 03:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2008-07-29 23:16 . 2008-07-29 23:16 73728 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2008-07-29 23:16 . 2008-07-29 23:16 20504 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2008-07-29 23:16 . 2008-07-29 23:16 11280 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 37896 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 81400 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2008-07-25 15:17 . 2008-07-25 15:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 57392 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 95232 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 61952 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 88584 c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 24584 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 31744 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 19456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2008-07-25 15:16 . 2008-07-25 15:16 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 77312 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 94208 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 46592 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2008-07-25 15:16 . 2008-07-25 15:16 97792 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 65032 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 18936 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 62968 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 35320 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 27136 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 80376 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 89608 c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2010-09-22 13:43 . 2010-09-22 13:43 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2008-07-25 15:16 . 2008-07-25 15:16 34312 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2008-07-25 15:16 . 2008-07-25 15:16 33288 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2008-07-25 15:16 . 2008-07-25 15:16 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2008-07-25 15:16 . 2008-07-25 15:16 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 33800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 17416 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 22024 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 58880 c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2008-07-25 15:16 . 2008-07-25 15:16 98808 c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 96768 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorlib.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 13648 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 13648 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 13648 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 13648 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 13648 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 13648 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 13648 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 13648 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 13648 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2011-11-05 13:51 . 2011-11-05 13:51 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2011-11-05 13:50 . 2011-11-05 13:50 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-11-05 13:50 . 2011-11-05 13:50 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2011-11-05 13:50 . 2011-11-05 13:50 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2011-11-05 13:50 . 2011-11-05 13:50 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-11-05 13:50 . 2011-11-05 13:50 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-11-05 13:50 . 2011-11-05 13:50 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-11-05 13:50 . 2011-11-05 13:50 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-07-30 01:07 . 2008-07-30 01:07 23040 c:\windows\Installer\3c9e3be.msp
+ 2011-11-01 13:23 . 2011-11-01 13:23 88576 c:\windows\Installer\3c27802.msi
+ 2011-11-12 21:34 . 2011-11-12 21:34 25214 c:\windows\Installer\{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}\MainGUIShortcut.exe
+ 2011-11-12 21:34 . 2011-11-12 21:34 25214 c:\windows\Installer\{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}\ARPPRODUCTICON.exe
+ 2011-11-01 20:52 . 2011-11-01 20:52 27136 c:\windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
+ 2011-11-12 21:05 . 2011-11-12 21:35 65536 c:\windows\Installer\{15C418EB-7675-42be-B2B3-281952DA014D}\ARPPRODUCTICON.exe
+ 2011-11-01 13:24 . 2008-07-06 12:06 89088 c:\windows\Driver Cache\i386\filterpipelineprintproc.dll
+ 2011-11-05 14:21 . 2011-11-05 14:21 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\6f4a1ba24dffa86dd2a2ab8127e0b16d\UIAutomationProvider.ni.dll
+ 2011-11-05 14:23 . 2011-11-05 14:23 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\f45abd2caa9f93bb60ce92de6a885d6e\System.Windows.Presentation.ni.dll
+ 2011-11-05 14:23 . 2011-11-05 14:23 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\c15f4190f96acf9b328fa3645c2063ea\System.Web.ApplicationServices.ni.dll
+ 2011-11-05 14:23 . 2011-11-05 14:23 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\e97547ed8d34e96b9d5836ea04b28c26\System.ServiceModel.Channels.ni.dll
+ 2011-11-05 14:21 . 2011-11-05 14:21 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\b811cdf42feaf9a32408b03ab1c4e2d5\System.AddIn.Contract.ni.dll
+ 2011-11-05 14:20 . 2011-11-05 14:20 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\cfba497fc860b32b8d895f57bf148aa7\Microsoft.VisualC.ni.dll
+ 2011-11-05 14:20 . 2011-11-05 14:20 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\1f368300314889ee35325be9f80ef1c3\Accessibility.ni.dll
+ 2011-11-05 13:57 . 2011-11-05 13:57 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll
+ 2011-11-05 14:20 . 2011-11-05 14:20 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\6c334564da041df8fb75415f2d503224\System.Windows.Presentation.ni.dll
+ 2011-11-05 14:20 . 2011-11-05 14:20 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a54a122f1070ab71931dd9679ddd8e90\System.Web.DynamicData.Design.ni.dll
+ 2011-11-05 14:18 . 2011-11-05 14:18 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ac92806d5bd508eb25f1b4b73a36b101\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-11-05 14:18 . 2011-11-05 14:18 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\e6a9cd66d11a21776dbf425e8e28099c\System.AddIn.Contract.ni.dll
+ 2011-11-05 13:55 . 2011-11-05 13:55 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\66873b557d5c7013e4c630361473b0c2\PresentationFontCache.ni.exe
+ 2011-11-05 13:55 . 2011-11-05 13:55 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\5b30652a7b802199984f93b5e414260f\PresentationCFFRasterizer.ni.dll
+ 2011-11-05 14:18 . 2011-11-05 14:18 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\a615508098c5f4f5a34e89d22527c9de\Microsoft.WSMan.Runtime.ni.dll
+ 2011-11-05 14:19 . 2011-11-05 14:19 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\eaa8d72317e5b8047e413939cc71ffba\Microsoft.Vsa.ni.dll
+ 2011-11-05 14:17 . 2011-11-05 14:17 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\aefe683674c97a998f4e908c1a7ee7c6\Microsoft.Build.Framework.ni.dll
+ 2011-11-05 14:18 . 2011-11-05 14:18 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\845eef4d09f28da6ee05d99f93c90f6e\Microsoft.Build.Framework.ni.dll
+ 2011-11-05 14:17 . 2011-11-05 14:17 91648 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Backgroun#\17fc30ccabf04ef1cf60a571067bc6dc\Microsoft.BackgroundIntelligentTransfer.Management.ni.dll
+ 2011-11-05 14:17 . 2011-11-05 14:17 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\ab7ce2d94ca725c3889a4e3c1ee88ece\dfsvc.ni.exe
+ 2011-11-05 14:17 . 2011-11-05 14:17 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
+ 2011-11-01 13:27 . 2011-11-01 13:27 94208 c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2011-11-01 13:27 . 2011-11-01 13:27 98304 c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2011-11-01 13:27 . 2011-11-01 13:27 40960 c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2011-11-01 13:29 . 2011-11-01 13:29 12288 c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2011-11-01 13:29 . 2011-11-01 13:29 61440 c:\windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-11-01 13:29 . 2011-11-01 13:29 32768 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2011-11-01 13:29 . 2011-11-01 13:29 77824 c:\windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2011-11-01 18:31 . 2011-11-01 18:31 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2011-11-01 13:27 . 2011-11-01 13:27 73728 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-11-01 13:29 . 2011-11-01 13:29 53248 c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-11-01 13:29 . 2011-11-01 13:29 57344 c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2011-11-01 13:29 . 2011-11-01 13:29 45056 c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2011-11-01 13:27 . 2011-11-01 13:27 46104 c:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
+ 2011-11-01 13:27 . 2011-11-01 13:27 32768 c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
+ 2011-11-01 18:34 . 2011-11-01 18:34 13824 c:\windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-11-01 13:29 . 2011-11-01 13:29 41984 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-11-01 18:34 . 2011-11-01 18:34 69632 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
+ 2011-11-01 18:35 . 2011-11-01 18:35 16896 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.GraphicalHost.resources.dll
+ 2011-11-01 18:35 . 2011-11-01 18:35 40960 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.GPowerShell.resources.dll
+ 2011-11-01 18:35 . 2011-11-01 18:35 69632 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Editor.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Editor.resources.dll
+ 2011-11-01 18:34 . 2011-11-01 18:34 40960 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.resources.dll
+ 2011-11-01 18:34 . 2011-11-01 18:34 49152 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.resources.dll
+ 2011-11-01 18:34 . 2011-11-01 18:34 36864 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.resources.dll
+ 2011-11-01 18:34 . 2011-11-01 18:34 10752 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.resources.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-11-01 13:29 . 2011-11-01 13:29 94208 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
+ 2011-11-01 13:29 . 2011-11-01 13:29 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-11-01 18:34 . 2011-11-01 18:34 57344 c:\windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-10-09 18:57 . 2009-10-09 18:57 20480 c:\windows\$968930Uinstall_KB968930$\PSCustomSetupUtil.exe
+ 2011-11-01 19:01 . 2011-11-01 19:01 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-10-09 18:56 . 2009-10-09 18:56 2048 c:\windows\system32\winrsmgr.dll
+ 2009-10-09 20:23 . 2009-10-09 20:23 4608 c:\windows\system32\WindowsPowerShell\v1.0\pwrshmsg.dll
+ 2009-10-09 20:23 . 2009-10-09 20:23 4096 c:\windows\system32\WindowsPowerShell\v1.0\powershell_ise.resources.dll
+ 2008-05-27 02:19 . 2008-05-27 02:19 2048 c:\windows\system32\UncRes.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.3082.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.3076.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.2070.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8024 c:\windows\Microsoft.NET\NETFXRepair.2052.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1055.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1053.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1049.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1046.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1045.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1044.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1043.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1042.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1041.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1040.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1038.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1037.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1036.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1035.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1033.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1032.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1031.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1030.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1029.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8024 c:\windows\Microsoft.NET\NETFXRepair.1028.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1025.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8032 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelRegUI.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8040 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelInstallRC.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8032 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 5632 c:\windows\Microsoft.NET\Framework\v3.5\Sentinel.v3.5Client.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 6656 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2008-07-25 15:16 . 2008-07-25 15:16 5120 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2011-11-05 14:20 . 2011-11-05 14:20 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\fed35fa53f20bd75214f2eca0cde1ece\dfsvc.ni.exe
+ 2011-11-01 13:29 . 2011-11-01 13:29 5632 c:\windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-11-01 18:34 . 2011-11-01 18:34 7168 c:\windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-11-01 18:34 . 2011-11-01 18:34 9216 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Security.resources.dll
+ 2011-11-01 18:34 . 2011-11-01 18:34 7168 c:\windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.resources.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-10-09 18:56 . 2009-10-09 18:56 9216 c:\windows\$968930Uinstall_KB968930$\PSSetupNativeUtils.exe
+ 2011-11-05 13:50 . 2011-11-05 13:50 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
+ 2011-11-05 13:50 . 2011-11-05 13:50 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-05-14 05:17 . 2011-05-14 05:17 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
+ 2011-05-14 05:12 . 2011-05-14 05:12 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
+ 2011-05-14 05:11 . 2011-05-14 05:11 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 635904 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 558080 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll
+ 2011-11-28 17:23 . 2011-05-06 20:36 125976 c:\windows\temp\sophos_autoupdate1.dir\xmlcpp.dll
+ 2011-11-28 17:23 . 2011-05-06 20:36 318488 c:\windows\temp\sophos_autoupdate1.dir\retailer.dll
+ 2011-11-28 17:23 . 2010-09-30 13:08 348160 c:\windows\temp\sophos_autoupdate1.dir\MSVCR71.DLL
+ 2011-11-28 17:23 . 2010-09-30 13:08 503808 c:\windows\temp\sophos_autoupdate1.dir\MSVCP71.DLL
+ 2011-11-28 17:23 . 2011-05-06 20:36 752664 c:\windows\temp\sophos_autoupdate1.dir\libeay32.dll
+ 2011-11-28 17:23 . 2011-05-06 20:36 183320 c:\windows\temp\sophos_autoupdate1.dir\ChannelUpdater.dll
+ 2011-11-28 17:23 . 2011-07-27 22:23 744472 c:\windows\temp\sophos_autoupdate1.dir\ALUpdate.exe
+ 2008-07-30 01:26 . 2008-07-30 01:26 301568 c:\windows\system32\XPSViewer\XPSViewer.exe
+ 2009-10-09 18:56 . 2009-10-09 18:56 209408 c:\windows\system32\WsmWmiPl.dll
+ 2009-10-09 20:22 . 2009-10-09 20:22 368640 c:\windows\system32\WsmRes.dll
+ 2009-10-09 18:56 . 2009-10-09 18:56 139776 c:\windows\system32\WsmAuto.dll
+ 2009-10-09 18:56 . 2009-10-09 18:56 225280 c:\windows\system32\wsmanhttpconfig.exe
+ 2009-10-09 18:56 . 2009-10-09 18:56 233984 c:\windows\system32\winrscmd.dll
+ 2009-08-01 03:27 . 2009-08-01 03:27 201184 c:\windows\system32\winrm.vbs
+ 2009-10-09 20:23 . 2009-10-09 20:23 148480 c:\windows\system32\WindowsPowerShell\v1.0\pspluginwkr.dll
+ 2009-10-09 18:57 . 2009-10-09 18:57 204800 c:\windows\system32\WindowsPowerShell\v1.0\powershell_ise.exe
+ 2009-10-09 18:56 . 2009-10-09 18:56 448000 c:\windows\system32\WindowsPowerShell\v1.0\powershell.exe
+ 2009-10-09 18:57 . 2009-10-09 18:57 112640 c:\windows\system32\WindowsPowerShell\v1.0\Modules\BitsTransfer\microsoft.backgroundintelligenttransfer.management.interop.dll
+ 2009-07-16 14:22 . 2009-07-16 14:22 126976 c:\windows\system32\WindowsPowerShell\v1.0\CompiledComposition.Microsoft.PowerShell.GPowerShell.dll
+ 2009-10-09 20:23 . 2009-10-09 20:23 178176 c:\windows\system32\wevtfwd.dll
+ 2008-05-27 02:19 . 2008-05-27 02:19 131072 c:\windows\system32\UncPH.dll
+ 2008-05-27 02:19 . 2008-05-27 02:19 108032 c:\windows\system32\UncNE.dll
+ 2008-05-27 02:19 . 2008-05-27 02:19 143872 c:\windows\system32\UncDMS.dll
+ 2008-05-27 01:59 . 2008-05-27 01:59 106605 c:\windows\system32\structuredqueryschema.bin
+ 2008-05-27 02:17 . 2008-05-27 02:17 301568 c:\windows\system32\srchadmin.dll
+ 2011-11-01 13:26 . 2008-07-06 12:06 765440 c:\windows\system32\spool\XPSEP\i386\mxdwdrv.dll
+ 2011-11-01 13:26 . 2008-07-06 12:06 765440 c:\windows\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
+ 2011-11-01 13:26 . 2008-07-06 12:06 748032 c:\windows\system32\spool\XPSEP\amd64\mxdwdrv.dll
+ 2011-11-01 13:26 . 2008-07-06 12:06 748032 c:\windows\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
+ 2011-11-01 13:26 . 2008-07-06 12:06 147456 c:\windows\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
+ 2008-04-05 17:53 . 2008-03-13 04:52 761344 c:\windows\system32\spool\drivers\w32x86\3\unires.dll
- 2008-04-05 17:53 . 2007-05-15 08:08 761344 c:\windows\system32\spool\drivers\w32x86\3\unires.dll
+ 2008-04-05 17:53 . 2008-07-06 12:06 744960 c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll
+ 2008-04-05 17:53 . 2008-07-06 12:06 373248 c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll
- 2008-04-05 17:53 . 2008-04-14 00:12 373248 c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll
+ 2011-11-01 13:24 . 2008-07-06 12:06 198656 c:\windows\system32\spool\drivers\w32x86\3\mxdwdui.dll
+ 2011-11-01 13:24 . 2008-07-06 12:06 765440 c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll
+ 2008-05-27 02:18 . 2008-05-27 02:18 184832 c:\windows\system32\searchprotocolhost.exe
+ 2008-05-27 02:18 . 2008-05-27 02:18 439808 c:\windows\system32\searchindexer.exe
+ 2006-08-24 20:15 . 2006-08-24 20:15 150808 c:\windows\system32\rgb9rast_2.dll
+ 2008-05-27 02:17 . 2008-05-27 02:17 754176 c:\windows\system32\propsys.dll
+ 2008-07-29 23:59 . 2008-07-29 23:59 781344 c:\windows\system32\PresentationNative_v0300.dll
+ 2010-03-31 04:10 . 2010-03-31 04:10 295264 c:\windows\system32\PresentationHost.exe
+ 2008-07-29 23:59 . 2008-07-29 23:59 105016 c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
+ 2004-08-10 18:51 . 2011-11-07 16:27 506930 c:\windows\system32\perfh009.dat
- 2004-08-10 18:51 . 2008-04-14 00:12 192000 c:\windows\system32\offfilt.dll
+ 2004-08-10 18:51 . 2008-03-07 17:02 192000 c:\windows\system32\offfilt.dll
+ 2008-05-27 02:19 . 2008-05-27 02:19 273408 c:\windows\system32\oeph.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 771424 c:\windows\system32\msvcr100_clr0400.dll
+ 2008-05-27 02:18 . 2008-05-27 02:18 203776 c:\windows\system32\mssphtb.dll
+ 2008-05-27 02:18 . 2009-05-25 04:24 350208 c:\windows\system32\mssph.dll
+ 2008-05-27 02:18 . 2008-05-27 02:18 231936 c:\windows\system32\msshsq.dll
+ 2009-09-24 04:30 . 2009-09-24 04:30 156488 c:\windows\system32\mscorier.dll
+ 2005-10-29 03:49 . 2005-10-29 03:49 151552 c:\windows\system32\ifxcardm.dll
+ 2008-07-29 23:24 . 2008-07-29 23:24 622080 c:\windows\system32\icardagt.exe
+ 2004-08-10 18:57 . 2011-11-01 14:19 231184 c:\windows\system32\FNTCACHE.DAT
+ 2010-03-18 17:16 . 2010-03-18 17:16 486216 c:\windows\system32\evr.dll
+ 2008-08-17 13:58 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2008-08-17 13:58 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2009-06-11 07:49 . 2011-08-22 23:48 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2011-09-03 10:17 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll
- 2011-09-03 10:17 . 2011-09-09 09:12 599040 c:\windows\system32\dllcache\crypt32.dll
- 2010-01-22 20:20 . 2009-11-21 15:51 471552 c:\windows\system32\dllcache\aclayers.dll
+ 2010-01-22 20:20 . 2011-03-11 14:10 471552 c:\windows\system32\dllcache\aclayers.dll
+ 2005-10-29 03:49 . 2005-10-29 03:49 133120 c:\windows\system32\axaltocm.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 114520 c:\windows\Microsoft.NET\NETFXRepair.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 915800 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpftxt_v0400.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 753504 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 350592 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationClientsideProviders.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 163168 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationClient.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 675672 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Speech.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 334688 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Printing.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 581464 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\ReachFramework.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 832856 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationUI.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 801136 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 181096 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationHost_v0400.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 194424 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Royale.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 478576 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Luna.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 167288 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Classic.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 232304 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Aero.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 807264 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\NaturalLanguage6.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 138592 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Linq.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 699224 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Xaml.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 857960 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Services.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 269672 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Transactions.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 113512 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceProcess.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 129912 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Routing.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 390008 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Discovery.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 505208 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Activities.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 261472 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Security.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 122264 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 291184 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Remoting.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 349568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.DurableInstancing.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 231760 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Net.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 253280 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Messaging.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 134528 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Management.Instrumentation.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 378720 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Management.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 123736 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.IO.Log.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 125816 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.Selectors.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 392552 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.dll
+ 2010-03-18 04:51 . 2010-03-18 04:51 109568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.Wrapper.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 246128 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 120152 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Dynamic.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 607064 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 182144 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.Protocols.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 395120 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 285072 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.AccountManagement.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 829280 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Deployment.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 747360 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.SqlXml.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 436600 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Services.Client.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 683872 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Linq.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 409448 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.configuration.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 210816 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.Composition.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 149848 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 122248 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.DurableInstancing.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 525704 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.Core.Presentation.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 112976 c:\windows\Microsoft.NET\Framework\v4.0.30319\sysglobl.dll
+ 2011-07-09 13:30 . 2011-07-09 13:30 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 124240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
+ 2009-08-31 10:44 . 2009-08-31 10:44 144416 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\sqmapi.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 295248 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupUi.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 807256 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupEngine.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 173920 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 121688 c:\windows\Microsoft.NET\Framework\v4.0.30319\PerfCounter.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 150856 c:\windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 130384 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 335184 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 110936 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsecimpl.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 372048 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 145752 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorpehost.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 413008 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
+ 2011-07-09 13:30 . 2011-07-09 13:30 956240 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 661352 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 349576 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Compatibility.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 170368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Transactions.Bridge.Dtc.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 387960 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Transactions.Bridge.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 746336 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.JScript.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 505184 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.CSharp.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 794464 c:\windows\Microsoft.NET\Framework\v4.0.30319\EventLogMessages.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 688472 c:\windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 129880 c:\windows\Microsoft.NET\Framework\v4.0.30319\CORPerfMonExt.dll
+ 2011-04-12 19:11 . 2011-04-12 19:11 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 105808 c:\windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 105288 c:\windows\Microsoft.NET\Framework\v4.0.30319\alink.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 139088 c:\windows\Microsoft.NET\Framework\v4.0.30319\AdoNetDiag.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 255304 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\vbc7ui.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 255896 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\Microsoft.VisualBasic.Activities.CompilerUI.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 182088 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\cscui.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 196104 c:\windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 802816 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 984056 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapUI.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.3082.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2070.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1055.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 105976 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1053.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 107000 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1049.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1046.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 109048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1045.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1044.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1043.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1040.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1038.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 101368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1037.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 112120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1036.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1035.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 113656 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1032.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 111608 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1031.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1030.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1029.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 102904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1025.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 689152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsscenario.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 413184 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsbasereqs.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 632320 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs70uimgr.dll
+ 2011-11-01 13:29 . 2011-11-01 13:29 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2008-07-29 22:47 . 2008-07-29 22:47 110080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 131584 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.3082.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 131072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2070.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1055.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1053.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 123904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1049.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 122880 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1046.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1045.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 121856 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1044.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 129024 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1043.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1040.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 132096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1038.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 111104 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1037.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 133120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1036.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 122368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1035.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 137728 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1032.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 130048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1031.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 126464 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1030.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 125440 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1029.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 113152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1025.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 269304 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
+ 2008-07-29 22:47 . 2008-07-29 22:47 177152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\HtmlLite.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 276984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\dlmgr.dll
+ 2008-07-30 03:15 . 2008-07-30 03:15 225490 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\baseline.dat
+ 2008-07-30 03:40 . 2008-07-30 03:40 233976 c:\windows\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 168448 c:\windows\Microsoft.NET\Framework\v3.5\1033\cscompui.dll
+ 2008-07-30 00:35 . 2008-07-30 00:35 864256 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2010-03-31 04:16 . 2010-03-31 04:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2008-07-30 01:10 . 2008-07-30 01:10 806928 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll
+ 2008-07-29 23:16 . 2008-07-29 23:16 152576 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2010-04-08 03:48 . 2010-04-08 03:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2008-07-29 23:16 . 2008-07-29 23:16 132096 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2010-04-08 03:48 . 2010-04-08 03:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2008-07-29 23:16 . 2008-07-29 23:16 156688 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2008-07-29 23:16 . 2008-07-29 23:16 163840 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2008-07-29 23:16 . 2008-07-29 23:16 397312 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2008-07-29 23:24 . 2008-07-29 23:24 881664 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2008-07-29 23:16 . 2008-07-29 23:16 168968 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2010-09-22 13:43 . 2010-09-22 13:43 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 839680 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 261632 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2010-02-09 16:22 . 2010-02-09 16:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 303104 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 113664 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 626688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 401408 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 970752 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 745472 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2008-11-25 08:59 . 2008-11-25 08:59 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 425984 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2011-07-07 09:18 . 2011-07-07 09:18 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 118784 c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 143360 c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 100856 c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 230912 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 345600 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 114176 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2011-03-25 10:15 . 2011-03-25 10:15 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 308224 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2011-07-07 09:18 . 2011-07-07 09:18 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 659456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 749568 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 655360 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 348160 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 230904 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 798224 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 575496 c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2008-07-25 15:16 . 2008-07-25 15:16 507904 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 147968 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 218112 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 193016 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 145408 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2011-11-05 13:50 . 2011-11-05 13:50 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2011-11-05 13:50 . 2011-11-05 13:50 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-11-05 13:50 . 2011-11-05 13:50 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2011-11-05 13:50 . 2011-11-05 13:50 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2011-11-05 13:50 . 2011-11-05 13:50 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-11-05 13:50 . 2011-11-05 13:50 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-11-05 13:50 . 2011-11-05 13:50 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-11-05 13:50 . 2011-11-05 13:50 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2011-11-05 13:50 . 2011-11-05 13:50 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-11-05 13:50 . 2011-11-05 13:50 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2011-11-05 13:50 . 2011-11-05 13:50 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-11-05 13:50 . 2011-11-05 13:50 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2011-11-05 13:50 . 2011-11-05 13:50 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2011-11-05 13:50 . 2011-11-05 13:50 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2011-11-05 13:50 . 2011-11-05 13:50 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2011-11-05 13:50 . 2011-11-05 13:50 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-11-05 13:50 . 2011-11-05 13:50 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2011-11-05 13:50 . 2011-11-05 13:50 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-11-05 13:50 . 2011-11-05 13:50 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2010-09-24 01:02 . 2010-09-24 01:02 798208 c:\windows\Installer\9487f8.msp
+ 2010-02-25 04:14 . 2010-02-25 04:14 543232 c:\windows\Installer\9487c3.msp
+ 2009-03-20 15:48 . 2009-03-20 15:48 183808 c:\windows\Installer\948787.msp
+ 2008-10-24 21:04 . 2008-10-24 21:04 125952 c:\windows\Installer\5d213ba.msp
+ 2009-01-20 21:42 . 2009-01-20 21:42 119808 c:\windows\Installer\54519fd.msp
+ 2008-12-13 13:58 . 2008-12-13 13:58 754688 c:\windows\Installer\3cc03ca.msp
+ 2011-11-01 13:29 . 2011-11-01 13:29 648192 c:\windows\Installer\3cc03a7.msi
+ 2008-07-30 01:23 . 2008-07-30 01:23 250880 c:\windows\Installer\3c9e3c7.msp
+ 2008-07-30 01:28 . 2008-07-30 01:28 278016 c:\windows\Installer\3c9e3c5.msp
+ 2008-07-29 23:40 . 2008-07-29 23:40 291840 c:\windows\Installer\3c9e3c3.msp
+ 2011-11-01 13:28 . 2011-11-01 13:28 137728 c:\windows\Installer\3c9e3bd.msi
+ 2008-07-29 21:35 . 2008-07-29 21:35 553472 c:\windows\Installer\3c27807.msp
+ 2008-07-29 21:33 . 2008-07-29 21:33 506368 c:\windows\Installer\3c27805.msp
+ 2008-07-29 21:37 . 2008-07-29 21:37 911360 c:\windows\Installer\3c27804.msp
+ 2008-10-26 22:16 . 2008-10-26 22:16 444416 c:\windows\Installer\1014484.msp
+ 2011-11-01 20:56 . 2011-11-01 20:56 380928 c:\windows\Installer\{29ED20C9-5E15-4969-9279-25BF3727A3DA}\iTunesIco.exe
+ 2008-02-14 00:22 . 2008-02-14 00:22 579112 c:\windows\Installer\$PatchCache$\Managed\55EEFB3E2E930EB49B6698EF8583221C\2.1.8044\file_tgctlsr.dll
+ 2008-02-14 00:21 . 2008-02-14 00:21 370216 c:\windows\Installer\$PatchCache$\Managed\55EEFB3E2E930EB49B6698EF8583221C\2.1.8044\file_sdcnetcheck.dll
- 2009-06-05 21:28 . 2006-09-06 21:43 213216 c:\windows\ie7\spuninst\spuninst.exe
+ 2011-11-01 13:44 . 2006-09-06 21:43 213216 c:\windows\ie7\spuninst\spuninst.exe
+ 2011-11-01 13:24 . 2008-03-13 04:52 761344 c:\windows\Driver Cache\i386\unires.dll
+ 2011-11-01 13:24 . 2008-07-06 12:06 744960 c:\windows\Driver Cache\i386\unidrvui.dll
+ 2011-11-01 13:24 . 2008-07-06 12:06 373248 c:\windows\Driver Cache\i386\unidrv.dll
+ 2011-11-01 13:24 . 2008-07-06 12:06 198656 c:\windows\Driver Cache\i386\mxdwdui.dll
+ 2011-11-01 13:24 . 2008-07-06 12:06 765440 c:\windows\Driver Cache\i386\mxdwdrv.dll
+ 2011-11-05 14:23 . 2011-11-05 14:23 252416 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\b18816abd9dd59ca3f1d682a756e5745\WindowsFormsIntegration.ni.dll
+ 2011-11-05 14:21 . 2011-11-05 14:21 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\c170b431f43ab80000d31bcc58acd1a5\UIAutomationTypes.ni.dll
+ 2011-11-05 14:23 . 2011-11-05 14:23 482816 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\ee096062554a6344a49083910c0af16e\UIAutomationClient.ni.dll
+ 2011-11-05 14:20 . 2011-11-05 14:20 391680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\1faca3f09472860e010689b67c68a327\System.Xml.Linq.ni.dll
+ 2011-11-05 14:21 . 2011-11-05 14:21 188928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\eeb9b49d8598c6f5926f494074af2d69\System.Windows.Input.Manipulations.ni.dll
+ 2011-11-05 14:21 . 2011-11-05 14:21 646656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\344c1e000e4158cc37a5e9068e095d40\System.Transactions.ni.dll
+ 2011-11-05 14:23 . 2011-11-05 14:23 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\a0e090647c856fe52e1f1e5d2a25b1ac\System.ServiceProcess.ni.dll
+ 2011-11-05 14:23 . 2011-11-05 14:23 365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\1cce5f9cad92a8ba3deb833291637b95\System.ServiceModel.Routing.ni.dll
+ 2011-11-05 13:53 . 2011-11-05 13:53 729088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\c12a8284683ba6b400a4562da310ce59\System.Security.ni.dll
+ 2011-11-05 14:21 . 2011-11-05 14:21 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\137a2ae391d89577ad63db08303a5158\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-11-05 14:21 . 2011-11-05 14:21 762368 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\7f18fb1e1acae58c6a572faf922bfa3a\System.Runtime.Remoting.ni.dll
+ 2011-11-05 13:46 . 2011-11-05 13:46 145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\d038332bf07a163f855200919ee678cc\System.Numerics.ni.dll
+ 2011-11-05 14:23 . 2011-11-05 14:23 653312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\8410db646e037bab93d66ef9d17a3ce5\System.Net.ni.dll
+ 2011-11-05 14:23 . 2011-11-05 14:23 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\7cdd3b54c476345732c735ea253d95d5\System.Messaging.ni.dll
+ 2011-11-05 14:23 . 2011-11-05 14:23 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\fe11b4a9c8067184aff54b627b0e046b\System.Management.Instrumentation.ni.dll
+ 2011-11-05 14:23 . 2011-11-05 14:23 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\7970b94c1582f58c8f79f531f104c754\System.IO.Log.ni.dll
+ 2011-11-05 14:23 . 2011-11-05 14:23 229376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\26bdff3178be53810cb7bac268f7af08\System.IdentityModel.Selectors.ni.dll
+ 2011-11-05 14:21 . 2011-11-05 14:21 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\a2baf116d3055aadb99b77e327a74907\System.EnterpriseServices.Wrapper.dll
+ 2011-11-05 14:21 . 2011-11-05 14:21 786944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\a2baf116d3055aadb99b77e327a74907\System.EnterpriseServices.ni.dll
+ 2011-11-05 13:53 . 2011-11-05 13:53 377344 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\d8131e4810c207d23b977603fdad6e33\System.Dynamic.ni.dll
+ 2011-11-05 14:22 . 2011-11-05 14:22 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\86db06eb0e133c3c2042cd6abcfff399\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-11-05 14:22 . 2011-11-05 14:22 468992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\2f7f2d7c549c23373541e052c8364755\System.DirectoryServices.Protocols.ni.dll
+ 2011-11-05 14:22 . 2011-11-05 14:22 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\ecae7de1b9e1cf0d6d3bc7f01b891a1a\System.Device.ni.dll
+ 2011-11-05 14:21 . 2011-11-05 14:21 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\e6c62a3b06ae5f2f9de5164117dd6ba6\System.Data.DataSetExtensions.ni.dll
+ 2011-11-05 13:53 . 2011-11-05 13:53 980480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\cb7cfe8f0e8532f6381c22bf719a95dc\System.Configuration.ni.dll
+ 2011-11-05 14:21 . 2011-11-05 14:21 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\96907044ee8b845f05d72805d100fb7e\System.Configuration.Install.ni.dll
+ 2011-11-05 13:53 . 2011-11-05 13:53 690176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\d5f97e0367e37f9aead033b54f40a895\System.ComponentModel.Composition.ni.dll
+ 2011-11-05 14:21 . 2011-11-05 14:21 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\c11789fd2d4aeb3a41b8a925975ebd96\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-11-05 14:21 . 2011-11-05 14:21 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\53e0aa766368680b3785a0867d632f0c\System.AddIn.ni.dll
+ 2011-11-05 14:21 . 2011-11-05 14:21 404992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\aef6e32f096486514002cee2bd716b0b\System.Activities.DurableInstancing.ni.dll
+ 2011-11-05 14:20 . 2011-11-05 14:20 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\eee8be5d9f06c6d32cb1eeca8cfbfe38\SMSvcHost.ni.exe
+ 2011-11-05 14:21 . 2011-11-05 14:21 142848 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\c60bbf982563abd181e673c1d5e92006\SMDiagnostics.ni.dll
+ 2011-11-05 13:53 . 2011-11-05 13:53 450560 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d2ad394c477fc1c71c900c892d7fce0b\PresentationFramework.Aero.ni.dll
+ 2011-11-05 13:53 . 2011-11-05 13:53 284160 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\63f98ea6df6a734c122348fa32296df0\PresentationFramework.Classic.ni.dll
+ 2011-11-05 13:53 . 2011-11-05 13:53 656896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\61aa640996b77695572adefea8fd36b7\PresentationFramework.Luna.ni.dll
+ 2011-11-05 13:53 . 2011-11-05 13:53 327680 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\30d7b48c6018eb8d7db378908568130f\PresentationFramework.Royale.ni.dll
+ 2011-11-05 14:20 . 2011-11-05 14:20 302592 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\0af393a8ed9e04a747330df54ac88dff\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2011-11-05 14:20 . 2011-11-05 14:20 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\54c59931e1860675710f19c7c3ba4cc8\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-11-05 14:20 . 2011-11-05 14:20 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\04226f317855c555a957f4c2d0dc240d\CustomMarshalers.ni.dll
+ 2011-11-05 14:17 . 2011-11-05 14:17 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\c8627df7adb416722d8e0f05c57fef6b\WsatConfig.ni.exe
+ 2011-11-05 13:57 . 2011-11-05 13:57 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a2c1bb3c5b1447b398e72c56091ca571\WindowsFormsIntegration.ni.dll
+ 2011-11-05 13:57 . 2011-11-05 13:57 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f102afdffdbe2565bcedb7fa0626b865\UIAutomationTypes.ni.dll
+ 2011-11-05 13:57 . 2011-11-05 13:57 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\ba55240b7753047f8d1b03ef473bf74e\UIAutomationClient.ni.dll
+ 2011-11-01 18:44 . 2011-11-01 18:44 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP57E.tmp\UIAutomationClient.dll
+ 2011-11-05 14:20 . 2011-11-05 14:20 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\566b2e11e7f3f6d973b17b86cf42f9bc\System.Xml.Linq.ni.dll
+ 2011-11-05 14:19 . 2011-11-05 14:19 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\3533d614ebecd4344efbee619dd11a74\System.Web.Routing.ni.dll
+ 2011-11-05 14:20 . 2011-11-05 14:20 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\018b6e48c32d5b5d78086998e3505f1c\System.Web.RegularExpressions.ni.dll
+ 2011-11-05 14:20 . 2011-11-05 14:20 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\d93514a764a83b18f6f3547b59cc8ae9\System.Web.Extensions.Design.ni.dll
+ 2011-11-05 14:20 . 2011-11-05 14:20 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\93b5d1b77a74b76ac73cbf51ec871c01\System.Web.Entity.ni.dll
+ 2011-11-05 14:20 . 2011-11-05 14:20 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d06a7d5872bbe85795f947f6c75d38c6\System.Web.Entity.Design.ni.dll
+ 2011-11-05 14:20 . 2011-11-05 14:20 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ad0851438a18bf730d974c9b2f5f776a\System.Web.DynamicData.ni.dll
+ 2011-11-05 14:19 . 2011-11-05 14:19 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\734ab0ea87d7dfd5c583eea535c05878\System.Web.Abstractions.ni.dll
+ 2011-11-05 14:19 . 2011-11-05 14:19 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll
+ 2011-11-05 14:19 . 2011-11-05 14:19 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
+ 2011-11-05 14:17 . 2011-11-05 14:17 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\36c12de583ee81e9c99acb72b09d77ac\System.Security.ni.dll
+ 2011-11-05 14:19 . 2011-11-05 14:19 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\81096bfe85eb0da5f05e8a127ffa43b2\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-11-05 14:19 . 2011-11-05 14:19 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\b2a84980f206431821d85d5155d5916f\System.Net.ni.dll
+ 2011-11-05 14:19 . 2011-11-05 14:19 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
+ 2011-11-05 14:19 . 2011-11-05 14:19 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\f36eded354122da9555a6c7cdbdb5431\System.Management.Instrumentation.ni.dll
+ 2011-11-05 14:17 . 2011-11-05 14:17 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\20a77c41ee12362d303fb2574fcd5a24\System.IO.Log.ni.dll
+ 2011-11-05 14:17 . 2011-11-05 14:17 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\41c3a2fcffc58b20023c7d54e57ea956\System.IdentityModel.Selectors.ni.dll
+ 2011-11-05 14:19 . 2011-11-05 14:19 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.Wrapper.dll
+ 2011-11-05 14:19 . 2011-11-05 14:19 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.ni.dll
+ 2011-11-05 13:56 . 2011-11-05 13:56 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\896eca06e2d9377b2dc4fad56ce49b07\System.Drawing.Design.ni.dll
+ 2011-11-05 14:19 . 2011-11-05 14:19 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\33e9b0c368c31ef37a2ec7b5a181044b\System.DirectoryServices.Protocols.ni.dll
+ 2011-11-05 14:19 . 2011-11-05 14:19 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\11cdd1c0d65428cd3505d3813d36638c\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-11-05 14:19 . 2011-11-05 14:19 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e5ada332a9bc3c982e6aede6ba354196\System.Data.Services.Client.ni.dll
+ 2011-11-05 14:19 . 2011-11-05 14:19 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3f179f373f31817a914b639a56cc0497\System.Data.Services.Design.ni.dll
+ 2011-11-05 14:19 . 2011-11-05 14:19 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\fee1a48b769a8c4beb335ee5ce006091\System.Data.Entity.Design.ni.dll
+ 2011-11-05 14:18 . 2011-11-05 14:18 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\b9d9ff5d03e90ede1116794f2c7dd6da\System.Data.DataSetExtensions.ni.dll
+ 2011-11-05 14:17 . 2011-11-05 14:17 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
+ 2011-11-05 14:19 . 2011-11-05 14:19 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\29d7091f6eab0ec61c4eb625ed221b73\System.Configuration.Install.ni.dll
+ 2011-11-05 14:18 . 2011-11-05 14:18 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\3048737e9e3bf5173121a084337256bc\System.AddIn.ni.dll
+ 2011-11-05 14:17 . 2011-11-05 14:17 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6e45cf503f025c5fe814ea7e52f62a78\SMSvcHost.ni.exe
+ 2011-11-05 14:17 . 2011-11-05 14:17 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\474a341340f687bcbd7777f2820a8c7a\SMDiagnostics.ni.dll
+ 2011-11-05 14:17 . 2011-11-05 14:17 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\f2df1ca28301bfe7e1d52b86c8394217\ServiceModelReg.ni.exe
+ 2011-11-05 13:56 . 2011-11-05 13:56 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c2ebcc8d60422f224b4088f3d7a2ac1f\PresentationFramework.Luna.ni.dll
+ 2011-11-05 13:56 . 2011-11-05 13:56 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94cfc00ad448575bfb0e67c53b514cd5\PresentationFramework.Aero.ni.dll
+ 2011-11-05 13:56 . 2011-11-05 13:56 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\478d57d96f3d8d5fc15c7ac635a4a6a1\PresentationFramework.Classic.ni.dll
+ 2011-11-05 13:56 . 2011-11-05 13:56 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\23c5852ff8ed973ff9b63ce9ba7f91f0\PresentationFramework.Royale.ni.dll
+ 2011-11-05 14:17 . 2011-11-05 14:17 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\04595f414c49cf2a65b349648ba23e62\MSBuild.ni.exe
+ 2011-11-05 14:18 . 2011-11-05 14:18 508928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\a976a4b51c81150402b0abee38f41ab1\Microsoft.WSMan.Management.ni.dll
+ 2011-11-05 14:17 . 2011-11-05 14:17 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\4cbd7ed9fbf9f1b3cbdf23906cc0f5a3\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-11-05 14:18 . 2011-11-05 14:18 156160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\df4a7b6bc850621fa2d38fb08f910ef7\Microsoft.PowerShell.Security.ni.dll
+ 2011-11-05 14:18 . 2011-11-05 14:18 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b3d3d76cfc8350587616860fb0f64ccc\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2011-11-05 14:18 . 2011-11-05 14:18 729600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\6f6b54b6cebab6867dafeb6db1b98ab1\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2011-11-05 14:18 . 2011-11-05 14:18 737792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\592e4b99037ec91cd4201d1ee28895b7\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2011-11-05 14:18 . 2011-11-05 14:18 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\3a03ec48148fa16aa65fd9ba5df49cb8\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2011-11-05 14:18 . 2011-11-05 14:18 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\ff6d4892775fd1f9b137f7c92ea453f2\Microsoft.Build.Utilities.ni.dll
+ 2011-11-05 14:18 . 2011-11-05 14:18 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\47ff0720cb80a0fc0bbd15ddc3d12adc\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-11-05 14:18 . 2011-11-05 14:18 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\da112c5757e3c68d6369b6aa46cc9682\Microsoft.Build.Engine.ni.dll
+ 2011-11-05 14:18 . 2011-11-05 14:18 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\dc278e1123086ae32fec8f7e9751db14\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-11-05 14:17 . 2011-11-05 14:17 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll
+ 2011-11-05 14:17 . 2011-11-05 14:17 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\4e68d5df30b197ff72c75f1c3c24b949\ComSvcConfig.ni.exe
+ 2011-11-05 14:17 . 2011-11-05 14:17 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\e1bcee92f5af50d560d577c0a99ea3bd\AspNetMMCExt.ni.dll
+ 2011-11-01 13:27 . 2011-11-01 13:27 385024 c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2011-11-01 13:27 . 2011-11-01 13:27 167936 c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2011-11-01 13:29 . 2011-11-01 13:29 139264 c:\windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2011-11-01 13:29 . 2011-11-01 13:29 507904 c:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2011-11-01 13:27 . 2011-11-01 13:27 540672 c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-11-01 13:29 . 2011-11-01 13:29 335872 c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2011-11-01 13:39 . 2011-11-01 13:39 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2011-11-01 13:29 . 2011-11-01 13:29 131072 c:\windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2011-11-01 13:39 . 2011-11-01 13:39 229376 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2011-11-01 13:27 . 2011-11-01 13:27 688128 c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-11-01 13:29 . 2011-11-01 13:29 569344 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-11-01 18:31 . 2011-11-01 18:31 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-11-01 13:29 . 2011-11-01 13:29 233472 c:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-11-01 13:29 . 2011-11-01 13:29 143360 c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2011-11-01 18:34 . 2011-11-01 18:34 253952 c:\windows\assembly\GAC_MSIL\System.Management.Automation.resources\1.0.0.0_en_31bf3856ad364e35\System.Management.Automation.resources.dll
+ 2011-11-01 13:27 . 2011-11-01 13:27 131072 c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2011-11-01 18:31 . 2011-11-01 18:31 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2011-11-01 13:27 . 2011-11-01 13:27 126976 c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-11-01 13:29 . 2011-11-01 13:29 286720 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-11-01 13:39 . 2011-11-01 13:39 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2011-11-01 13:29 . 2011-11-01 13:29 114688 c:\windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2011-11-01 13:39 . 2011-11-01 13:39 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2011-11-01 13:29 . 2011-11-01 13:29 684032 c:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2011-11-01 13:29 . 2011-11-01 13:29 229376 c:\windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2011-11-01 13:29 . 2011-11-01 13:29 667648 c:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-11-01 13:29 . 2011-11-01 13:29 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-11-01 18:31 . 2011-11-01 18:31 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2011-11-01 13:27 . 2011-11-01 13:27 528384 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2011-11-01 13:27 . 2011-11-01 13:27 864256 c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2011-11-01 13:27 . 2011-11-01 13:27 163840 c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2011-11-01 13:27 . 2011-11-01 13:27 397312 c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2011-11-01 13:27 . 2011-11-01 13:27 139264 c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2011-11-01 13:27 . 2011-11-01 13:27 196608 c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2011-11-01 13:27 . 2011-11-01 13:27 598016 c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2011-11-01 18:34 . 2011-11-01 18:34 274432 c:\windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-11-01 13:27 . 2011-11-01 13:27 397312 c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2011-11-01 18:35 . 2011-11-01 18:35 278528 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.GraphicalHost.dll
+ 2011-11-01 18:35 . 2011-11-01 18:35 651264 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.GPowerShell.dll
+ 2011-11-01 18:35 . 2011-11-01 18:35 991232 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Editor\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Editor.dll
+ 2011-11-01 18:34 . 2011-11-01 18:34 200704 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
+ 2011-11-01 18:34 . 2011-11-01 18:34 618496 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
+ 2011-11-01 18:34 . 2011-11-01 18:34 262144 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
+ 2011-11-01 18:34 . 2011-11-01 18:34 102400 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-11-01 13:29 . 2011-11-01 13:29 802816 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
+ 2011-11-01 13:29 . 2011-11-01 13:29 733184 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-11-01 13:29 . 2011-11-01 13:29 106496 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-11-01 13:27 . 2011-11-01 13:27 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-11-01 13:27 . 2011-11-01 13:27 163840 c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2004-08-10 18:50 . 2011-03-11 14:10 471552 c:\windows\AppPatch\aclayers.dll
- 2004-08-10 18:50 . 2009-11-21 15:51 471552 c:\windows\AppPatch\aclayers.dll
+ 2011-11-01 18:33 . 2009-06-17 22:59 379184 c:\windows\$968930Uinstall_KB968930$\spuninst\updspapi.dll
+ 2011-11-01 18:33 . 2009-06-17 22:59 221488 c:\windows\$968930Uinstall_KB968930$\spuninst\spuninst.exe
+ 2009-10-09 20:23 . 2009-10-09 20:23 1107456 c:\windows\system32\WsmSvc.dll
+ 2009-03-28 14:14 . 2011-08-02 21:38 4517664 c:\windows\system32\usbaaplrc.dll
+ 2008-05-27 02:21 . 2008-05-27 02:21 1582592 c:\windows\system32\tquery.dll
+ 2011-11-01 13:26 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\XPSEP\i386\xpssvcs.dll
+ 2011-11-01 13:26 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\XPSEP\i386\i386\xpssvcs.dll
+ 2011-11-01 13:26 . 2008-07-06 21:36 2936832 c:\windows\system32\spool\XPSEP\amd64\xpssvcs.dll
+ 2011-11-01 13:26 . 2008-07-06 21:36 2936832 c:\windows\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
+ 2011-11-01 13:24 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\drivers\w32x86\3\XpsSvcs.dll
+ 2008-05-27 02:21 . 2008-05-27 02:21 1418240 c:\windows\system32\mssrch.dll
+ 2008-03-20 22:06 . 2008-03-20 22:06 1480232 c:\windows\system32\LegitCheckControl.dll
+ 2011-11-01 20:51 . 2011-08-02 21:38 4517664 c:\windows\system32\DRVSTORE\usbaapl_091115F4EDEB41DBA0EC91574CE905B4E0482482\usbaaplrc.dll
+ 2011-11-01 20:51 . 2010-04-20 00:29 1461992 c:\windows\system32\DRVSTORE\netaapl_63AA05C4700EB9CAF2D048DAC1D06D764A0D4C41\wdfcoinstaller01009.dll
+ 2009-11-07 05:06 . 2009-11-07 05:06 1130824 c:\windows\system32\dfshim.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 1663320 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 1303896 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsBase.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 6346600 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 3545952 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationCore.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 2650464 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\NlsLexicons0009.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 4881752 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\NlsData0009.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 2199880 c:\windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 2207568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.XML.dll
+ 2011-04-12 19:11 . 2011-04-12 19:11 5028200 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 1711496 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.DataVisualization.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 6067048 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 1026936 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
+ 2011-04-28 12:48 . 2011-04-28 12:48 3510600 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 4464480 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Entity.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 2970968 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 1339736 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 1462648 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.Presentation.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 1199968 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.dll
+ 2010-03-18 20:26 . 2010-03-18 20:26 1163264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\netfx_core_x86.msi
+ 2011-07-09 13:30 . 2011-07-09 13:30 5197648 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2011-07-09 13:30 . 2011-07-09 13:30 1142616 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 2989456 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 1972552 c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
+ 2011-07-09 13:30 . 2011-07-09 13:30 6724424 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 1720824 c:\windows\Microsoft.NET\Framework\v3.5\vbc.exe
+ 2008-07-29 22:47 . 2008-07-29 22:47 1054208 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 1364992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\SITSetup.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 1064448 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\gencomp.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 1548280 c:\windows\Microsoft.NET\Framework\v3.5\csc.exe
+ 2008-12-05 23:35 . 2008-12-05 23:35 1736528 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
+ 2008-07-30 01:10 . 2008-07-30 01:10 2637840 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll
+ 2008-07-30 01:10 . 2008-07-30 01:10 4883464 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 1344000 c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 1172472 c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2008-11-25 08:59 . 2008-11-25 08:59 2048000 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2011-03-25 10:15 . 2011-03-25 10:15 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2010-09-22 13:44 . 2010-09-22 13:44 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2011-04-29 01:50 . 2011-04-29 01:50 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 2933248 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2011-07-07 09:18 . 2011-07-07 09:18 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2011-07-07 09:18 . 2011-07-07 09:18 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 1163768 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2011-11-05 13:50 . 2011-11-05 13:50 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2011-11-05 13:50 . 2011-11-05 13:50 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-11-05 13:50 . 2011-11-05 13:50 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-11-05 13:50 . 2011-11-05 13:50 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2011-11-05 13:50 . 2011-11-05 13:50 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2011-11-05 13:50 . 2011-11-05 13:50 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2011-11-05 13:50 . 2011-11-05 13:50 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-11-05 13:51 . 2011-11-05 13:51 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2009-05-26 16:23 . 2009-05-26 16:23 3478528 c:\windows\Installer\d588043.msp
+ 2011-11-12 21:35 . 2011-11-12 21:35 1575936 c:\windows\Installer\a7384.msi
+ 2011-11-12 21:34 . 2011-11-12 21:34 2987008 c:\windows\Installer\a737d.msi
+ 2011-05-02 04:06 . 2011-05-02 04:06 2705920 c:\windows\Installer\9487ff.msp
+ 2010-09-23 11:39 . 2010-09-23 11:39 4265472 c:\windows\Installer\9487f1.msp
+ 2009-11-09 04:25 . 2009-11-09 04:25 1935360 c:\windows\Installer\9487db.msp
+ 2010-04-12 02:17 . 2010-04-12 02:17 2607104 c:\windows\Installer\9487ae.msp
+ 2010-04-12 02:17 . 2010-04-12 02:17 4210688 c:\windows\Installer\9487ad.msp
+ 2011-11-01 20:56 . 2011-11-01 20:56 5235200 c:\windows\Installer\54380c.msi
+ 2011-11-01 20:52 . 2011-11-01 20:52 1769984 c:\windows\Installer\542f70.msi
+ 2011-11-01 20:51 . 2011-11-01 20:51 1717248 c:\windows\Installer\542f40.msi
+ 2011-11-01 20:50 . 2011-11-01 20:50 2002432 c:\windows\Installer\542ee3.msi
+ 2011-11-01 20:49 . 2011-11-01 20:49 1532928 c:\windows\Installer\542e97.msi
+ 2008-12-13 13:57 . 2008-12-13 13:57 8397824 c:\windows\Installer\3cc03b5.msp
+ 2008-07-29 23:26 . 2008-07-29 23:26 1043456 c:\windows\Installer\3c9e3c6.msp
+ 2008-07-30 00:37 . 2008-07-30 00:37 2679808 c:\windows\Installer\3c9e3c4.msp
+ 2008-07-30 01:15 . 2008-07-30 01:15 3697664 c:\windows\Installer\3c9e3c2.msp
+ 2008-07-29 23:34 . 2008-07-29 23:34 1448448 c:\windows\Installer\3c9e3c1.msp
+ 2008-07-30 00:22 . 2008-07-30 00:22 4137984 c:\windows\Installer\3c9e3c0.msp
+ 2008-07-29 23:18 . 2008-07-29 23:18 3376640 c:\windows\Installer\3c9e3bf.msp
+ 2008-07-29 21:45 . 2008-07-29 21:45 2543616 c:\windows\Installer\3c2780b.msp
+ 2008-07-29 21:29 . 2008-07-29 21:29 2926080 c:\windows\Installer\3c2780a.msp
+ 2008-07-29 21:41 . 2008-07-29 21:41 6487040 c:\windows\Installer\3c27809.msp
+ 2008-07-29 21:39 . 2008-07-29 21:39 3403264 c:\windows\Installer\3c27808.msp
+ 2008-07-29 21:43 . 2008-07-29 21:43 1013248 c:\windows\Installer\3c27806.msp
+ 2008-07-29 21:31 . 2008-07-29 21:31 6083072 c:\windows\Installer\3c27803.msp
+ 2011-04-28 14:54 . 2011-04-28 14:54 2720768 c:\windows\Installer\321b96e.msp
+ 2011-11-01 20:21 . 2011-11-01 20:21 1160192 c:\windows\Installer\32047e.msi
+ 2008-08-14 07:30 . 2008-08-14 07:30 5391872 c:\windows\Installer\32046c.msp
+ 2011-03-25 13:03 . 2011-03-25 13:03 5079552 c:\windows\Installer\257ea.msp
+ 2008-02-14 00:22 . 2008-02-14 00:22 1099040 c:\windows\Installer\$PatchCache$\Managed\55EEFB3E2E930EB49B6698EF8583221C\2.1.8044\file_tgctlsi.dll
+ 2008-02-14 00:21 . 2008-02-14 00:21 1017240 c:\windows\Installer\$PatchCache$\Managed\55EEFB3E2E930EB49B6698EF8583221C\2.1.8044\file_dsc.exe
+ 2011-11-01 19:03 . 2011-11-01 19:03 7950848 c:\windows\assembly\temp\DEXYZ0A234\System.ni.dll
+ 2011-11-01 19:05 . 2011-11-01 19:05 5450752 c:\windows\assembly\temp\4WFYH0AT3M\System.Xml.ni.dll
+ 2011-11-05 13:53 . 2011-11-05 13:53 3798016 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\6e1c62ce679c8157560c7593c066cd85\WindowsBase.ni.dll
+ 2011-11-05 14:23 . 2011-11-05 14:23 1057792 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\0d8b512be71d0a491131dac4bada85cf\UIAutomationClientsideProviders.ni.dll
+ 2011-11-05 13:53 . 2011-11-05 13:53 9085952 c:\windows\assembly\NativeImages_v4.0.30319_32\System\af709611f9ffff0544b1d750303c4afa\System.ni.dll
+ 2011-11-05 13:53 . 2011-11-05 13:53 5618176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a401952384c24581989cdc85270f3d9d\System.Xml.ni.dll
+ 2011-11-05 14:20 . 2011-11-05 14:20 1781760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\4185130eda1d7a5e0e0474e72343570b\System.Xaml.ni.dll
+ 2011-11-05 14:23 . 2011-11-05 14:23 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\ee16a1514cffb8d75d96c2d3a182732a\System.Windows.Forms.DataVisualization.ni.dll
+ 2011-11-05 14:23 . 2011-11-05 14:23 1859584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\083b7d526799bb1f84c2c55bab854242\System.Web.Services.ni.dll
+ 2011-11-05 14:23 . 2011-11-05 14:23 2011136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\2cafd0c1f713d71c1ad113adcaab71c7\System.Speech.ni.dll
+ 2011-11-05 14:23 . 2011-11-05 14:23 1128960 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\64433e6b7a1662a93a7c48229fbd4eed\System.ServiceModel.Discovery.ni.dll
+ 2011-11-05 14:23 . 2011-11-05 14:23 1387520 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\44fc3d9cf54d6e5926444a22b04f3b8e\System.ServiceModel.Activities.ni.dll
+ 2011-11-05 14:21 . 2011-11-05 14:21 2637312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\d04876810fa42d76546c5f1239f82943\System.Runtime.Serialization.ni.dll
+ 2011-11-05 14:21 . 2011-11-05 14:21 1020928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\c051780bb4f90580d46e80e6cd91c29f\System.Runtime.DurableInstancing.ni.dll
+ 2011-11-05 14:21 . 2011-11-05 14:21 1050112 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\f02f3ea43a6eaa6f7faa13ef31b63af1\System.Printing.ni.dll
+ 2011-11-05 14:23 . 2011-11-05 14:23 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\8d18ece52d96bfd1204ef646cefc4680\System.Management.ni.dll
+ 2011-11-05 14:22 . 2011-11-05 14:22 1072128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\fb2283aab5cdf8f5f93322be38a8734d\System.IdentityModel.ni.dll
+ 2011-11-05 13:53 . 2011-11-05 13:53 1652736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c04dcef499114715d2a222c01ea6b227\System.Drawing.ni.dll
+ 2011-11-05 14:21 . 2011-11-05 14:21 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\8968ac05250cff8cbfbcff1f83e3b98a\System.DirectoryServices.ni.dll
+ 2011-11-05 14:21 . 2011-11-05 14:21 1878016 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\384a6a4a4ec8cf84ca9b0d031afe290b\System.Deployment.ni.dll
+ 2011-11-05 13:53 . 2011-11-05 13:53 6798336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\494945003f729a5d6ec21324dff8c7b9\System.Data.ni.dll
+ 2011-11-05 13:53 . 2011-11-05 13:53 2545152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\1648cdc8909a9af097bde83f4c4e79a7\System.Data.SqlXml.ni.dll
+ 2011-11-05 14:22 . 2011-11-05 14:22 1338880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\1a2bc468fa7fa92c05c03067b2989dd3\System.Data.Services.Client.ni.dll
+ 2011-11-05 13:54 . 2011-11-05 13:54 2512384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\3cffbf0b7dea6898ef53cb5b7c5df023\System.Data.Linq.ni.dll
+ 2011-11-05 13:53 . 2011-11-05 13:53 7054336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\52598abacb89081ab248f435d9dabdf4\System.Core.ni.dll
+ 2011-11-05 14:21 . 2011-11-05 14:21 4121088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\c796f3c66633a10c86137a21c2e6a5c2\System.Activities.ni.dll
+ 2011-11-05 14:21 . 2011-11-05 14:21 3713024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\a883968d22f88c8f3ca2886147f987df\System.Activities.Presentation.ni.dll
+ 2011-11-05 14:21 . 2011-11-05 14:21 1518080 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\ca1d6e08f435634177e86738fb1656be\System.Activities.Core.Presentation.ni.dll
+ 2011-11-05 14:21 . 2011-11-05 14:21 2859008 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\54984bde314324fef70c9af78bfbef72\ReachFramework.ni.dll
+ 2011-11-05 14:20 . 2011-11-05 14:20 1630208 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\dbfb5689700b31f9173aceca76863885\PresentationUI.ni.dll
+ 2011-11-05 14:20 . 2011-11-05 14:20 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\f6ea70e01df857374b9a72fbe9ed932b\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2011-11-05 14:20 . 2011-11-05 14:20 1836544 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\dd95ef965cafab043a454a2b678a083d\Microsoft.VisualBasic.ni.dll
+ 2011-11-05 14:20 . 2011-11-05 14:20 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\905bb851cac8f8e0ffd58ec89f6592a2\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2011-11-05 14:20 . 2011-11-05 14:20 1082368 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\fe6fa906c2231a9682d712a64eb9ba14\Microsoft.Transactions.Bridge.ni.dll
+ 2011-11-05 14:23 . 2011-11-05 14:23 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\46c01deb670388b92682013749c3a90a\Microsoft.JScript.ni.dll
+ 2011-11-05 13:53 . 2011-11-05 13:53 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\c94610345c43aa63f696b3ce06da1b9a\Microsoft.CSharp.ni.dll
+ 2011-11-05 13:55 . 2011-11-05 13:55 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll
+ 2011-11-05 13:57 . 2011-11-05 13:57 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\55d4813580b1e5d268ff0564942cee9c\UIAutomationClientsideProviders.ni.dll
+ 2011-11-05 13:55 . 2011-11-05 13:55 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
+ 2011-11-05 13:57 . 2011-11-05 13:57 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
+ 2011-11-05 14:20 . 2011-11-05 14:20 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\17902fdb0e0d3bc8b49bce693415fe7e\System.WorkflowServices.ni.dll
+ 2011-11-05 14:20 . 2011-11-05 14:20 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\f72c5f649951b0403e62bfab6c453e6f\System.Workflow.Runtime.ni.dll
+ 2011-11-05 14:20 . 2011-11-05 14:20 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\0aa4f4174204c93cc5181df4a6b2fb09\System.Workflow.ComponentModel.ni.dll
+ 2011-11-05 14:20 . 2011-11-05 14:20 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\921629dc69a5a895101097c88ae67897\System.Workflow.Activities.ni.dll
+ 2011-11-05 14:20 . 2011-11-05 14:20 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\6303e256d2ac0843c3e4c24172c90544\System.Web.Services.ni.dll
+ 2011-11-05 14:20 . 2011-11-05 14:20 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\f5dac0448a1dbe2687a5df92904d6274\System.Web.Mobile.ni.dll
+ 2011-11-05 14:19 . 2011-11-05 14:19 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\ccaf6bdd256a9b5079fedadcc8993327\System.Web.Extensions.ni.dll
+ 2011-11-05 13:57 . 2011-11-05 13:57 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\10d7daa3d1e62a0e40587cdc707be93f\System.Speech.ni.dll
+ 2011-11-05 14:19 . 2011-11-05 14:19 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\9ec7da53380a754b4ad97709df0dd7e7\System.ServiceModel.Web.ni.dll
+ 2011-11-05 14:17 . 2011-11-05 14:17 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\afd6134c090faf8c29cd64d4835142b2\System.Runtime.Serialization.ni.dll
+ 2011-11-05 13:56 . 2011-11-05 13:56 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\0f8e14bfdb27645fb1a92ce26f9bf521\System.Printing.ni.dll
+ 2011-11-05 14:19 . 2011-11-05 14:19 8365056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\3959e9012ee532343861eb35c6c72b24\System.Management.Automation.ni.dll
+ 2011-11-05 14:17 . 2011-11-05 14:17 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\d14065ede44df8e9b5d6b60c5ddccc69\System.IdentityModel.ni.dll
+ 2011-11-05 13:56 . 2011-11-05 13:56 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
+ 2011-11-05 14:19 . 2011-11-05 14:19 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\91cd88a803768151c6262853d3454ba7\System.DirectoryServices.ni.dll
+ 2011-11-05 14:19 . 2011-11-05 14:19 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\cc5ac99e8af2738e85cda5525fdd944f\System.Deployment.ni.dll
+ 2011-11-05 13:56 . 2011-11-05 13:56 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll
+ 2011-11-05 14:17 . 2011-11-05 14:17 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ef748704f543a8791e23387652d34dfb\System.Data.SqlXml.ni.dll
+ 2011-11-05 14:19 . 2011-11-05 14:19 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\541142d8742e6e88f1e729fafee04e71\System.Data.Services.ni.dll
+ 2011-11-05 13:56 . 2011-11-05 13:56 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\d96a94076acb8e0c5a96a1b2de4b3a7a\System.Data.Linq.ni.dll
+ 2011-11-05 14:19 . 2011-11-05 14:19 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\b70adfee3b5ed7e0688d13f24cbec556\System.Data.Entity.ni.dll
+ 2011-11-01 19:10 . 2011-11-01 19:10 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\a3ce22c2a84fdcb008d72d230ee0b2c0\System.Data.Entity.ni.dll
+ 2011-11-05 13:56 . 2011-11-05 13:56 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\d507b9e0e50e453793ee5e01c07a5485\System.Core.ni.dll
+ 2011-11-05 13:56 . 2011-11-05 13:56 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\714e9504255565bd9076fe13628e104a\ReachFramework.ni.dll
+ 2011-11-05 13:56 . 2011-11-05 13:56 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\7dc6ee14234b0686182ced75f7dae990\PresentationUI.ni.dll
+ 2011-11-01 19:03 . 2011-11-01 19:03 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b42ad515bb20ec1f1250c040371c6730\PresentationBuildTasks.ni.dll
+ 2011-11-05 13:55 . 2011-11-05 13:55 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\37fd70ad5f3726031995041b246fe862\PresentationBuildTasks.ni.dll
+ 2011-11-05 14:18 . 2011-11-05 14:18 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\24331b719aa25ac2b21099e32232840c\Microsoft.VisualBasic.ni.dll
+ 2011-11-05 14:17 . 2011-11-05 14:17 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\ce1ecd602ca089eb13a9b428dc7f0449\Microsoft.Transactions.Bridge.ni.dll
+ 2011-11-05 14:18 . 2011-11-05 14:18 1704448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\fba2661cffd923f17dbfa6662adf5ce3\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2011-11-05 14:18 . 2011-11-05 14:18 3722752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\eb5b6ad2dc6e2ecbdbb1ce1bf754b32e\Microsoft.PowerShell.Editor.ni.dll
+ 2011-11-05 14:18 . 2011-11-05 14:18 1609728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7c0df343514ab15e0fe9b11e9b013b11\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2011-11-05 14:19 . 2011-11-05 14:19 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\8ad32b72258899177c07dc5912b5b748\Microsoft.JScript.ni.dll
+ 2011-11-05 14:18 . 2011-11-05 14:18 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\50e7c5eb58c982dba7b21cd10a69b095\Microsoft.Build.Tasks.ni.dll
+ 2011-11-05 14:18 . 2011-11-05 14:18 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\415cef6abab5bb959f200f6c537bc289\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-11-05 14:17 . 2011-11-05 14:17 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\eea7bcc8d356e3f2dcb4f36dfc1c6bc0\Microsoft.Build.Engine.ni.dll
+ 2011-11-01 18:43 . 2011-11-01 18:43 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-11-01 13:27 . 2011-11-01 13:27 1630208 c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2011-11-01 13:27 . 2011-11-01 13:27 1138688 c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-11-01 18:49 . 2011-11-01 18:49 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2011-11-01 18:31 . 2011-11-01 18:31 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2011-11-01 18:34 . 2011-11-01 18:34 2682880 c:\windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-11-01 13:29 . 2011-11-01 13:29 2879488 c:\windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2011-11-01 18:43 . 2011-11-01 18:43 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-11-01 18:43 . 2011-11-01 18:43 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2011-11-01 19:01 . 2011-11-01 19:01 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-04-07 11:27 . 2011-11-10 12:11 50295240 c:\windows\system32\MRT.exe
+ 2011-03-28 07:27 . 2011-03-28 07:27 15456256 c:\windows\Installer\948811.msp
+ 2011-07-12 00:43 . 2011-07-12 00:43 11641344 c:\windows\Installer\948809.msp
+ 2010-03-31 05:23 . 2010-03-31 05:23 15638528 c:\windows\Installer\9487e7.msp
+ 2010-04-12 02:17 . 2010-04-12 02:17 14599680 c:\windows\Installer\9487bc.msp
+ 2009-10-27 18:57 . 2009-10-27 18:57 14009856 c:\windows\Installer\9487a2.msp
+ 2009-10-27 21:11 . 2009-10-27 21:11 11146240 c:\windows\Installer\948794.msp
+ 2008-12-13 14:21 . 2008-12-13 14:21 10473472 c:\windows\Installer\3cc03bf.msp
+ 2011-07-11 21:19 . 2011-07-11 21:19 10619904 c:\windows\Installer\257e3.msp
+ 2011-04-13 15:37 . 2011-04-13 15:37 19201024 c:\windows\Installer\257d7.msp
+ 2011-11-01 19:02 . 2011-11-01 19:02 11490816 c:\windows\assembly\temp\M5XGZ9S2L4\mscorlib.ni.dll
+ 2011-11-05 13:54 . 2011-11-05 13:54 13137920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f2a34f1fb98ab9e8a76a22e132e18b21\System.Windows.Forms.ni.dll
+ 2011-11-05 14:23 . 2011-11-05 14:23 17996800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\8f98e8e2739c6887f5721b8482767479\System.ServiceModel.ni.dll
+ 2011-11-05 14:22 . 2011-11-05 14:22 13325312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\8e3c1cec16dfb531846f357a17e3a77a\System.Data.Entity.ni.dll
+ 2011-11-05 13:55 . 2011-11-05 13:55 17671168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\63d537bacaab5416d09a2a3cdf6a3667\PresentationFramework.ni.dll
+ 2011-11-05 13:54 . 2011-11-05 13:54 11106816 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\75f3656725581b2c90785755775bdf48\PresentationCore.ni.dll
+ 2011-11-05 13:44 . 2011-11-05 13:44 14407680 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll
+ 2011-11-01 18:55 . 2011-11-01 18:55 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP79A.tmp\PresentationFramework.dll
+ 2011-11-05 13:57 . 2011-11-05 13:57 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
+ 2011-11-05 14:19 . 2011-11-05 14:19 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll
+ 2011-11-05 14:17 . 2011-11-05 14:17 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\ceadaf3b3d017c7a1ef10a06f8009f6f\System.ServiceModel.ni.dll
+ 2011-11-05 13:56 . 2011-11-05 13:56 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\c6374d32e4af7b7e3e46b32176f76558\System.Design.ni.dll
+ 2011-11-05 13:56 . 2011-11-05 13:56 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\054488924fcc579cce9fa0209dafe28b\PresentationFramework.ni.dll
+ 2011-11-05 13:55 . 2011-11-05 13:55 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll
+ 2011-11-05 13:55 . 2011-11-05 13:55 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
.
-- Snapshot reset to current date --

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:44 PM

Posted 28 November 2011 - 01:24 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 googster

googster
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 28 November 2011 - 02:09 PM

My computer will not run this program. I assume something is blocking it. I actually tried to run this prior to starting this thread, based on guides for removing this virus I found in the archives of this website. You can see in my first post that I tried this several times, saving the TDSSKiller under several different file names. I tried again following you instructions, but it still will not run. What can I do to make it run? Thanks again for your rapid responses.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:44 PM

Posted 28 November 2011 - 02:18 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 googster

googster
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 28 November 2011 - 02:32 PM

OK so I ran the TDSS fixer program. It said, "Infected MBR Detectec". I clicked on Repair, and then it said, "Repair was Successful", and "Repair Succeeded".

Then I ran the TDSS Killer. It said no infections were found.

Here is the log:

14:26:21.0828 3856 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
14:26:21.0843 3856 ============================================================
14:26:21.0843 3856 Current date / time: 2011/11/28 14:26:21.0843
14:26:21.0843 3856 SystemInfo:
14:26:21.0843 3856
14:26:21.0843 3856 OS Version: 5.1.2600 ServicePack: 3.0
14:26:21.0843 3856 Product type: Workstation
14:26:21.0843 3856 ComputerName: OFFICE
14:26:21.0843 3856 UserName: Mom and Dad
14:26:21.0843 3856 Windows directory: C:\WINDOWS
14:26:21.0843 3856 System windows directory: C:\WINDOWS
14:26:21.0843 3856 Processor architecture: Intel x86
14:26:21.0843 3856 Number of processors: 2
14:26:21.0843 3856 Page size: 0x1000
14:26:21.0843 3856 Boot type: Normal boot
14:26:21.0843 3856 ============================================================
14:26:29.0406 3856 Initialize success
14:26:43.0875 3872 ============================================================
14:26:43.0875 3872 Scan started
14:26:43.0875 3872 Mode: Manual;
14:26:43.0875 3872 ============================================================
14:26:45.0953 3872 Abiosdsk - ok
14:26:46.0171 3872 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
14:26:46.0375 3872 abp480n5 - ok
14:26:46.0718 3872 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:26:46.0828 3872 ACPI - ok
14:26:47.0281 3872 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:26:47.0359 3872 ACPIEC - ok
14:26:47.0656 3872 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
14:26:47.0984 3872 adpu160m - ok
14:26:48.0593 3872 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:26:48.0593 3872 aec - ok
14:26:48.0843 3872 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:26:48.0906 3872 AFD - ok
14:26:49.0406 3872 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
14:26:49.0453 3872 agp440 - ok
14:26:49.0859 3872 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
14:26:49.0968 3872 agpCPQ - ok
14:26:50.0515 3872 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
14:26:50.0718 3872 Aha154x - ok
14:26:51.0250 3872 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
14:26:51.0359 3872 aic78u2 - ok
14:26:52.0015 3872 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
14:26:52.0156 3872 aic78xx - ok
14:26:52.0703 3872 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
14:26:52.0734 3872 AliIde - ok
14:26:53.0156 3872 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
14:26:53.0187 3872 alim1541 - ok
14:26:53.0750 3872 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
14:26:53.0781 3872 amdagp - ok
14:26:54.0343 3872 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
14:26:54.0375 3872 amsint - ok
14:26:55.0109 3872 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
14:26:55.0265 3872 asc - ok
14:26:56.0109 3872 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
14:26:56.0250 3872 asc3350p - ok
14:26:57.0125 3872 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
14:26:57.0375 3872 asc3550 - ok
14:26:58.0156 3872 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:26:58.0296 3872 AsyncMac - ok
14:26:59.0093 3872 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:26:59.0093 3872 atapi - ok
14:26:59.0687 3872 Atdisk - ok
14:27:00.0421 3872 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:27:00.0609 3872 Atmarpc - ok
14:27:01.0234 3872 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:27:01.0296 3872 audstub - ok
14:27:02.0046 3872 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:27:02.0156 3872 Beep - ok
14:27:02.0296 3872 catchme - ok
14:27:02.0437 3872 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
14:27:02.0468 3872 cbidf - ok
14:27:02.0515 3872 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:27:02.0515 3872 cbidf2k - ok
14:27:02.0593 3872 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
14:27:02.0656 3872 cd20xrnt - ok
14:27:02.0687 3872 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:27:02.0703 3872 Cdaudio - ok
14:27:02.0750 3872 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:27:02.0765 3872 Cdfs - ok
14:27:02.0796 3872 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:27:02.0812 3872 Cdrom - ok
14:27:02.0828 3872 Changer - ok
14:27:02.0859 3872 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
14:27:02.0875 3872 CmdIde - ok
14:27:02.0953 3872 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14:27:02.0984 3872 Cpqarray - ok
14:27:03.0015 3872 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
14:27:03.0109 3872 dac2w2k - ok
14:27:03.0140 3872 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14:27:03.0187 3872 dac960nt - ok
14:27:03.0234 3872 datunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\datunidr.sys
14:27:03.0234 3872 datunidr - ok
14:27:03.0281 3872 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:27:03.0296 3872 Disk - ok
14:27:03.0343 3872 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:27:03.0359 3872 dmboot - ok
14:27:03.0437 3872 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:27:03.0468 3872 dmio - ok
14:27:03.0500 3872 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:27:03.0531 3872 dmload - ok
14:27:03.0562 3872 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:27:03.0562 3872 DMusic - ok
14:27:03.0609 3872 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
14:27:03.0625 3872 dpti2o - ok
14:27:03.0625 3872 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:27:03.0625 3872 drmkaud - ok
14:27:03.0640 3872 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:27:03.0671 3872 E100B - ok
14:27:03.0703 3872 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
14:27:03.0718 3872 e1express - ok
14:27:03.0750 3872 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:27:03.0765 3872 Fastfat - ok
14:27:03.0781 3872 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:27:03.0796 3872 Fdc - ok
14:27:03.0812 3872 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:27:03.0828 3872 Fips - ok
14:27:03.0859 3872 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:27:03.0875 3872 Flpydisk - ok
14:27:03.0906 3872 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:27:03.0937 3872 FltMgr - ok
14:27:03.0953 3872 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:27:03.0968 3872 Fs_Rec - ok
14:27:03.0984 3872 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:27:04.0015 3872 Ftdisk - ok
14:27:04.0031 3872 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:27:04.0062 3872 GEARAspiWDM - ok
14:27:04.0093 3872 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:27:04.0109 3872 Gpc - ok
14:27:04.0140 3872 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:27:04.0171 3872 HDAudBus - ok
14:27:04.0203 3872 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:27:04.0218 3872 HidUsb - ok
14:27:04.0296 3872 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
14:27:04.0375 3872 hpn - ok
14:27:04.0406 3872 HSFHWBS2 (663b895c3f8464339eacd1d9cf69d661) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
14:27:04.0421 3872 HSFHWBS2 - ok
14:27:04.0484 3872 HSF_DPV (7340b4d13875c413a6229bba8e4913ca) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
14:27:04.0515 3872 HSF_DPV - ok
14:27:04.0578 3872 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:27:04.0578 3872 HTTP - ok
14:27:04.0593 3872 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
14:27:04.0609 3872 i2omgmt - ok
14:27:04.0640 3872 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
14:27:04.0656 3872 i2omp - ok
14:27:04.0671 3872 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:27:04.0687 3872 i8042prt - ok
14:27:04.0890 3872 ialm (28423512370705aeda6a652fedb25468) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
14:27:05.0000 3872 ialm - ok
14:27:05.0140 3872 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\drivers\iaStor.sys
14:27:05.0171 3872 iaStor - ok
14:27:05.0203 3872 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:27:05.0218 3872 Imapi - ok
14:27:05.0250 3872 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
14:27:05.0328 3872 ini910u - ok
14:27:05.0515 3872 IntcAzAudAddService (17bbbabb21f86b650b2626045a9d016c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:27:05.0562 3872 IntcAzAudAddService - ok
14:27:05.0578 3872 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:27:05.0609 3872 IntelIde - ok
14:27:05.0656 3872 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:27:05.0671 3872 intelppm - ok
14:27:05.0703 3872 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:27:05.0718 3872 Ip6Fw - ok
14:27:05.0750 3872 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:27:05.0765 3872 IpFilterDriver - ok
14:27:05.0796 3872 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:27:05.0812 3872 IpInIp - ok
14:27:05.0843 3872 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:27:05.0875 3872 IpNat - ok
14:27:05.0890 3872 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:27:05.0906 3872 IPSec - ok
14:27:05.0921 3872 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:27:05.0937 3872 IRENUM - ok
14:27:05.0984 3872 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:27:06.0000 3872 isapnp - ok
14:27:06.0046 3872 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:27:06.0062 3872 Kbdclass - ok
14:27:06.0078 3872 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:27:06.0109 3872 kbdhid - ok
14:27:06.0218 3872 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:27:06.0218 3872 kmixer - ok
14:27:06.0375 3872 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:27:06.0468 3872 KSecDD - ok
14:27:06.0515 3872 Lavasoft Kernexplorer - ok
14:27:06.0515 3872 lbrtfdc - ok
14:27:06.0546 3872 MBAMSwissArmy - ok
14:27:06.0562 3872 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:27:06.0562 3872 mdmxsdk - ok
14:27:06.0578 3872 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:27:06.0593 3872 mnmdd - ok
14:27:06.0640 3872 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:27:06.0640 3872 Modem - ok
14:27:06.0640 3872 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:27:06.0656 3872 Mouclass - ok
14:27:06.0718 3872 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:27:06.0734 3872 mouhid - ok
14:27:06.0750 3872 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:27:06.0765 3872 MountMgr - ok
14:27:06.0796 3872 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
14:27:06.0875 3872 mraid35x - ok
14:27:06.0906 3872 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:27:06.0906 3872 MRxDAV - ok
14:27:06.0968 3872 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:27:07.0000 3872 MRxSmb - ok
14:27:07.0015 3872 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:27:07.0031 3872 Msfs - ok
14:27:07.0078 3872 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:27:07.0109 3872 MSKSSRV - ok
14:27:07.0109 3872 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:27:07.0125 3872 MSPCLOCK - ok
14:27:07.0156 3872 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:27:07.0171 3872 MSPQM - ok
14:27:07.0218 3872 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:27:07.0234 3872 mssmbios - ok
14:27:07.0265 3872 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:27:07.0281 3872 Mup - ok
14:27:07.0312 3872 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:27:07.0328 3872 NDIS - ok
14:27:07.0375 3872 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:27:07.0390 3872 NdisTapi - ok
14:27:07.0406 3872 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:27:07.0421 3872 Ndisuio - ok
14:27:07.0421 3872 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:27:07.0437 3872 NdisWan - ok
14:27:07.0468 3872 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:27:07.0484 3872 NDProxy - ok
14:27:07.0500 3872 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:27:07.0515 3872 NetBIOS - ok
14:27:07.0546 3872 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:27:07.0562 3872 NetBT - ok
14:27:07.0593 3872 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:27:07.0609 3872 Npfs - ok
14:27:07.0625 3872 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:27:07.0656 3872 Ntfs - ok
14:27:07.0671 3872 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:27:07.0703 3872 Null - ok
14:27:07.0796 3872 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:27:07.0843 3872 nv - ok
14:27:07.0890 3872 NWADI (67fb86eeb94059177642050718d57460) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
14:27:07.0906 3872 NWADI - ok
14:27:07.0937 3872 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:27:08.0000 3872 NwlnkFlt - ok
14:27:08.0015 3872 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:27:08.0078 3872 NwlnkFwd - ok
14:27:08.0125 3872 NWUSBCDFIL (ab2155b8acdf07e63e26c9a0ed07b825) C:\WINDOWS\system32\DRIVERS\NwUsbCdFil.sys
14:27:08.0140 3872 NWUSBCDFIL - ok
14:27:08.0156 3872 NWUSBModem (4e651808b35656ac88a4dcdaf6cc1169) C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
14:27:08.0265 3872 NWUSBModem - ok
14:27:08.0281 3872 NWUSBPort (4e651808b35656ac88a4dcdaf6cc1169) C:\WINDOWS\system32\DRIVERS\nwusbser.sys
14:27:08.0406 3872 NWUSBPort - ok
14:27:08.0421 3872 NWUSBPort2 (4e651808b35656ac88a4dcdaf6cc1169) C:\WINDOWS\system32\DRIVERS\nwusbser2.sys
14:27:08.0546 3872 NWUSBPort2 - ok
14:27:08.0593 3872 Packet (8f856dae19383bd69db444004d5d4f50) C:\WINDOWS\system32\DRIVERS\packet.sys
14:27:08.0593 3872 Packet - ok
14:27:08.0640 3872 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:27:08.0640 3872 Parport - ok
14:27:08.0671 3872 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:27:08.0687 3872 PartMgr - ok
14:27:08.0718 3872 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:27:08.0734 3872 ParVdm - ok
14:27:08.0750 3872 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys
14:27:08.0765 3872 PCASp50 - ok
14:27:08.0796 3872 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:27:08.0796 3872 PCI - ok
14:27:08.0812 3872 PCIDump - ok
14:27:08.0812 3872 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:27:08.0828 3872 PCIIde - ok
14:27:08.0859 3872 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:27:08.0875 3872 Pcmcia - ok
14:27:08.0875 3872 PDCOMP - ok
14:27:08.0890 3872 PDFRAME - ok
14:27:08.0906 3872 PDRELI - ok
14:27:08.0906 3872 PDRFRAME - ok
14:27:08.0937 3872 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
14:27:08.0984 3872 perc2 - ok
14:27:09.0000 3872 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
14:27:09.0015 3872 perc2hib - ok
14:27:09.0046 3872 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:27:09.0062 3872 PptpMiniport - ok
14:27:09.0078 3872 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:27:09.0093 3872 PSched - ok
14:27:09.0093 3872 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:27:09.0140 3872 Ptilink - ok
14:27:09.0281 3872 PTproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys
14:27:09.0296 3872 PTproct - ok
14:27:09.0328 3872 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:27:09.0375 3872 PxHelp20 - ok
14:27:09.0437 3872 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
14:27:09.0484 3872 ql1080 - ok
14:27:09.0515 3872 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
14:27:09.0562 3872 Ql10wnt - ok
14:27:09.0593 3872 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
14:27:09.0656 3872 ql12160 - ok
14:27:09.0656 3872 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
14:27:09.0703 3872 ql1240 - ok
14:27:09.0718 3872 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
14:27:09.0781 3872 ql1280 - ok
14:27:09.0812 3872 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:27:09.0828 3872 RasAcd - ok
14:27:09.0875 3872 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:27:09.0890 3872 Rasl2tp - ok
14:27:09.0890 3872 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:27:09.0906 3872 RasPppoe - ok
14:27:09.0921 3872 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:27:09.0937 3872 Raspti - ok
14:27:09.0953 3872 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:27:09.0968 3872 Rdbss - ok
14:27:09.0968 3872 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:27:10.0000 3872 RDPCDD - ok
14:27:10.0046 3872 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:27:10.0062 3872 rdpdr - ok
14:27:10.0125 3872 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
14:27:10.0140 3872 RDPWD - ok
14:27:10.0171 3872 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:27:10.0187 3872 redbook - ok
14:27:10.0250 3872 SAVOnAccessControl (97c392a422f5efdc3df88d277881eeb7) C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys
14:27:10.0281 3872 SAVOnAccessControl - ok
14:27:10.0296 3872 SAVOnAccessFilter (11b03091ab0a8d138b8e638134200739) C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys
14:27:10.0312 3872 SAVOnAccessFilter - ok
14:27:10.0359 3872 sdcfilter (30bde6ba44a5afeb63f78eda06c64866) C:\WINDOWS\system32\DRIVERS\sdcfilter.sys
14:27:10.0390 3872 sdcfilter - ok
14:27:10.0421 3872 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:27:10.0437 3872 Secdrv - ok
14:27:10.0453 3872 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:27:10.0468 3872 serenum - ok
14:27:10.0484 3872 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:27:10.0500 3872 Serial - ok
14:27:10.0515 3872 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:27:10.0531 3872 Sfloppy - ok
14:27:10.0546 3872 Simbad - ok
14:27:10.0578 3872 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
14:27:10.0593 3872 sisagp - ok
14:27:10.0609 3872 SKMScan (e407a8eea2fd4bf560c05c0ebf1793b3) C:\WINDOWS\system32\DRIVERS\skmscan.sys
14:27:10.0609 3872 SKMScan - ok
14:27:10.0687 3872 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
14:27:10.0703 3872 SONYPVU1 - ok
14:27:10.0734 3872 SophosBootDriver (3bdf94e0827d13e44249a646f6c0eb7c) C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys
14:27:10.0765 3872 SophosBootDriver - ok
14:27:10.0796 3872 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
14:27:10.0812 3872 Sparrow - ok
14:27:10.0828 3872 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:27:10.0828 3872 splitter - ok
14:27:10.0843 3872 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:27:10.0859 3872 sr - ok
14:27:10.0890 3872 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:27:10.0906 3872 Srv - ok
14:27:10.0921 3872 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:27:10.0937 3872 swenum - ok
14:27:10.0953 3872 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:27:10.0968 3872 swmidi - ok
14:27:10.0984 3872 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
14:27:11.0031 3872 symc810 - ok
14:27:11.0046 3872 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
14:27:11.0093 3872 symc8xx - ok
14:27:11.0109 3872 SymIM - ok
14:27:11.0109 3872 SymIMMP - ok
14:27:11.0125 3872 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
14:27:11.0187 3872 sym_hi - ok
14:27:11.0187 3872 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
14:27:11.0250 3872 sym_u3 - ok
14:27:11.0250 3872 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:27:11.0250 3872 sysaudio - ok
14:27:11.0312 3872 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:27:11.0328 3872 Tcpip - ok
14:27:11.0375 3872 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:27:11.0390 3872 TDPIPE - ok
14:27:11.0390 3872 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:27:11.0406 3872 TDTCP - ok
14:27:11.0421 3872 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:27:11.0437 3872 TermDD - ok
14:27:11.0453 3872 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
14:27:11.0468 3872 TosIde - ok
14:27:11.0484 3872 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:27:11.0500 3872 Udfs - ok
14:27:11.0500 3872 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
14:27:11.0546 3872 ultra - ok
14:27:11.0593 3872 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:27:11.0609 3872 Update - ok
14:27:11.0640 3872 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
14:27:11.0640 3872 USBAAPL - ok
14:27:11.0671 3872 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:27:11.0687 3872 usbccgp - ok
14:27:11.0718 3872 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:27:11.0734 3872 usbehci - ok
14:27:11.0734 3872 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:27:11.0750 3872 usbhub - ok
14:27:11.0750 3872 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:27:11.0781 3872 usbprint - ok
14:27:11.0796 3872 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:27:11.0812 3872 usbscan - ok
14:27:11.0812 3872 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:27:11.0828 3872 USBSTOR - ok
14:27:11.0828 3872 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:27:11.0843 3872 usbuhci - ok
14:27:11.0843 3872 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:27:11.0859 3872 VgaSave - ok
14:27:11.0890 3872 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
14:27:11.0906 3872 viaagp - ok
14:27:11.0906 3872 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
14:27:11.0921 3872 ViaIde - ok
14:27:11.0921 3872 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:27:11.0937 3872 VolSnap - ok
14:27:11.0968 3872 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:27:11.0968 3872 Wanarp - ok
14:27:11.0984 3872 WDICA - ok
14:27:12.0046 3872 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:27:12.0046 3872 wdmaud - ok
14:27:12.0109 3872 winachsf (8adcd6078affc4c81f3c3ebb1e9e3a2b) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
14:27:12.0140 3872 winachsf - ok
14:27:12.0234 3872 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:27:12.0250 3872 WudfPf - ok
14:27:12.0281 3872 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:27:12.0296 3872 WudfRd - ok
14:27:12.0343 3872 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
14:27:12.0468 3872 \Device\Harddisk0\DR0 - ok
14:27:12.0468 3872 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR3
14:27:12.0468 3872 \Device\Harddisk1\DR3 - ok
14:27:12.0484 3872 Boot (0x1200) (d1d029eeb87193027d1b4ac8b01a5b59) \Device\Harddisk0\DR0\Partition0
14:27:12.0484 3872 \Device\Harddisk0\DR0\Partition0 - ok
14:27:12.0484 3872 Boot (0x1200) (97b21af1dd29c48a8adffdf5694f8dc1) \Device\Harddisk1\DR3\Partition0
14:27:12.0484 3872 \Device\Harddisk1\DR3\Partition0 - ok
14:27:12.0484 3872 ============================================================
14:27:12.0484 3872 Scan finished
14:27:12.0484 3872 ============================================================
14:27:12.0500 3864 Detected object count: 0
14:27:12.0500 3864 Actual detected object count: 0

Thanks, and let me know what's next. I certainly appreciate this.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:44 PM

Posted 28 November 2011 - 02:46 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 googster

googster
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 28 November 2011 - 03:13 PM

OK, so the computer seems to be working good now after running the TDSS Fixer, repairing the infected file, and then running the TDSS Killer again (and not finding anything on this). Here is the new combofix log...the scan went much, much faster this time (only a few minutes compared to 40 the first time).

Just keep me informed on what's next...and thank you again.


ComboFix 11-11-28.02 - Mom and Dad 11/28/2011 14:56:34.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.361 [GMT -5:00]
Running from: c:\documents and settings\Mom and Dad\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mom and Dad\Desktop\CFScript.txt
AV: Sophos Anti-Virus *Disabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-28 )))))))))))))))))))))))))))))))
.
.
2011-11-27 15:24 . 2011-11-28 15:51 -------- d-----w- c:\windows\SxsCaPendDel
2011-11-25 13:58 . 2011-11-25 20:12 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-25 13:58 . 2011-11-25 13:58 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-11-25 13:56 . 2011-11-25 13:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-11-18 23:20 . 2011-11-18 23:20 -------- d-----w- c:\documents and settings\Courtney Green\Application Data\Windows Search
2011-11-18 23:19 . 2011-11-18 23:19 -------- d-----w- c:\documents and settings\Courtney Green\Application Data\adawaretb
2011-11-18 21:36 . 2011-11-18 21:36 -------- d-----w- c:\documents and settings\Courtney Green\Local Settings\Application Data\adaware
2011-11-15 13:55 . 2011-11-15 13:55 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-15 13:40 . 2011-11-15 13:40 -------- d-----w- c:\program files\Toolbar Cleaner
2011-11-15 13:40 . 2011-11-27 15:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-11-12 23:26 . 2011-11-12 23:26 -------- d--h--w- c:\windows\PIF
2011-11-12 21:41 . 2011-11-12 21:41 -------- d-----w- c:\documents and settings\Mom and Dad\Local Settings\Application Data\Sophos
2011-11-12 21:34 . 2011-11-12 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos Web Intelligence
2011-11-12 21:33 . 2011-11-12 21:33 -------- d-----w- c:\program files\Common Files\Cisco Systems
2011-11-12 21:33 . 2011-11-12 21:26 30744 ----a-w- c:\windows\system32\SophosBootTasks.exe
2011-11-12 21:33 . 2011-11-12 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2011-11-12 21:29 . 2011-11-12 21:29 153728 ----a-w- c:\windows\system32\drivers\savonaccesscontrol.sys
2011-11-12 21:26 . 2011-11-12 21:26 24192 ----a-w- c:\windows\system32\drivers\savonaccessfilter.sys
2011-11-12 21:19 . 2011-11-12 21:19 14976 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys
2011-11-12 21:18 . 2011-11-12 21:18 24312 ----a-w- c:\windows\system32\drivers\sdcfilter.sys
2011-11-12 21:17 . 2011-11-12 21:17 31736 ----a-w- c:\windows\system32\drivers\skmscan.sys
2011-11-12 21:15 . 2011-11-12 21:15 131824 ----a-w- c:\windows\system32\sdccoinstaller.dll
2011-11-12 21:05 . 2011-11-12 21:33 -------- d-----w- c:\program files\Sophos
2011-11-12 21:04 . 2011-11-12 21:04 -------- d---a-w- C:\savinst
2011-11-12 19:30 . 2011-11-12 19:38 -------- d-----w- C:\TEMP
2011-11-10 03:08 . 2011-11-10 03:08 -------- d-----w- c:\documents and settings\Mom and Dad\Local Settings\Application Data\Microsoft_Corporation
2011-11-04 22:32 . 2011-11-04 22:32 -------- d-----w- c:\documents and settings\Mom and Dad\Application Data\Windows Search
2011-11-01 20:55 . 2011-11-01 20:55 -------- d-----w- c:\program files\iPod
2011-11-01 20:51 . 2011-11-01 20:51 -------- d-----w- c:\program files\Apple Software Update
2011-11-01 20:51 . 2011-11-01 20:51 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-11-01 20:50 . 2011-11-01 20:50 -------- d-----w- c:\program files\Bonjour
2011-11-01 18:33 . 2011-11-01 18:33 -------- d-----w- c:\windows\system32\winrm
2011-11-01 18:33 . 2011-11-01 18:33 -------- dc----w- c:\windows\$968930Uinstall_KB968930$
2011-11-01 15:23 . 2011-11-01 15:23 -------- d-sh--w- c:\documents and settings\Courtney Green\PrivacIE
2011-11-01 15:22 . 2011-11-01 15:22 -------- d-----w- c:\documents and settings\Courtney Green\Local Settings\Application Data\Identities
2011-11-01 15:22 . 2011-11-01 15:22 -------- d-----w- c:\documents and settings\Courtney Green\Application Data\Windows Desktop Search
2011-11-01 13:57 . 2011-11-01 13:57 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-11-01 13:52 . 2011-08-16 10:45 6144 ------w- c:\windows\system32\dllcache\iecompat.dll
2011-11-01 13:47 . 2011-08-22 23:48 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-11-01 13:44 . 2011-08-17 21:32 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-11-01 13:44 . 2011-08-17 21:32 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2011-11-01 13:27 . 2011-11-01 13:27 -------- d-----w- c:\windows\system32\XPSViewer
2011-11-01 13:27 . 2011-11-01 13:27 -------- d-----w- c:\program files\MSBuild
2011-11-01 13:27 . 2011-11-01 13:27 -------- d-----w- c:\program files\Reference Assemblies
2011-11-01 13:26 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-11-01 13:24 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-11-01 13:24 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-11-01 13:24 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-11-01 13:24 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-11-01 13:24 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-11-01 13:24 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-11-01 13:24 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-11-01 13:24 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2011-11-01 13:24 . 2011-11-01 13:26 -------- d-----w- C:\39f90df1e60f22bd4ad1
2011-11-01 13:17 . 2011-11-01 13:17 -------- d-----w- c:\documents and settings\Mom and Dad\Local Settings\Application Data\Identities
2011-11-01 13:17 . 2011-11-01 13:17 -------- d-----w- c:\documents and settings\Mom and Dad\Application Data\Windows Desktop Search
2011-11-01 13:16 . 2011-11-01 19:16 -------- d-----w- c:\program files\Windows Desktop Search
2011-11-01 13:16 . 2011-11-01 13:16 -------- d-----w- c:\windows\system32\GroupPolicy
2011-11-01 13:14 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2011-11-01 13:14 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2011-11-01 13:14 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2004-08-10 19:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-10 18:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2011-09-26 15:41 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-10 18:51 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-10 18:51 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2004-08-10 18:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05 178536 ----a-w- c:\windows\system32\dnssdX.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-11-28_17.32.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-28 19:24 . 2011-11-28 19:24 16384 c:\windows\temp\Perflib_Perfdata_218.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-29 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-14 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-14 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-14 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-14 16132608]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-14 16384]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2011-05-06 494616]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pytb]
c:\docume~1\MOMAND~1\APPLIC~1\MICROS~1\Protect\kiyukso.qh [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uedyy]
c:\docume~1\MOMAND~1\APPLIC~1\MICROS~1\Protect\hsnxuup.yw [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2007-03-21 05:33 478800 ----a-w- c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell 968 AIO Printer Fax Server]
2007-10-05 13:31 312560 ----a-w- c:\program files\Dell 968 AIO Printer\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellAutomatedPCTuneUp]
2007-10-11 14:49 465136 ----a-w- c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 16:13 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldomon.exe]
2007-10-05 13:30 455920 ----a-w- c:\program files\Dell 968 AIO Printer\dldomon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-02-14 00:21 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-03-31 21:07 1838592 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 22:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
2007-10-05 13:30 410864 ----a-w- c:\program files\Dell 968 AIO Printer\memcard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2007-09-17 16:56 124200 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-12-18 23:23 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-10-29 20:06 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\WINDOWS\\system32\\dldocoms.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\dldomon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldopswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldotime.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\dldoaiox.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\DLDOFax.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldojswx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dldocfg.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [11/12/2011 4:29 PM 153728]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [11/12/2011 4:26 PM 24192]
R1 SKMScan;SKMScan;c:\windows\system32\drivers\skmscan.sys [11/12/2011 4:17 PM 31736]
R2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe -service --> c:\windows\system32\dldocoms.exe -service [?]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [11/12/2011 4:29 PM 167960]
R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [11/12/2011 4:30 PM 99864]
R2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [11/12/2011 4:05 PM 1543704]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [8/16/2007 2:24 PM 99200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldoserv.exe [4/5/2008 12:54 PM 99568]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/27/2010 7:58 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/27/2010 7:58 PM 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [8/16/2007 2:24 PM 13824]
S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [11/12/2011 4:18 PM 24312]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/10/2004 1:51 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [11/12/2011 4:19 PM 14976]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 11183168
*Deregistered* - 11183168
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.montgomerycountymd.gov/content/FireRescue/dcQuicklinks/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-28 15:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4028)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-11-28 15:05:08
ComboFix-quarantined-files.txt 2011-11-28 20:05
ComboFix2.txt 2011-10-28 20:50
.
Pre-Run: 87,392,428,032 bytes free
Post-Run: 87,414,886,400 bytes free
.
- - End Of File - - 0BD69DCD31C88F9334D809414A90869F

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:44 PM

Posted 28 November 2011 - 03:52 PM

These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 7


and click on remove



Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts


TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


If you have problems running Hijackthis.

sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 googster

googster
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 28 November 2011 - 10:56 PM

OK, so per your instructions:

Js2E runtime environment 5.0 Update 6.0 was removed

Java was updated to version 29

temp file cleaner was downloaded and it cleaned up or freed up over 800 MB of space

Malwarebytes was downloaded and ran. I actually updated it first. If found nothing. there was an error that read while installing it, but I can't recall what it said...something about a name not being found, but it installed fine and updated fine. The scan ran fine, again found nothing.

hijack this was downloaded and installed. log file below as well.

again, computer seems fine at this point. seems to be running fine, no IE running in background, google search seems fine.

thank you again, and here are the logs. Let me know if anything else needs to be done. And before you close this post, I have a few quick questions for future use of my computer. Thanks once again.


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8264

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

11/28/2011 10:35:19 PM
mbam-log-2011-11-28 (22-35-19).txt

Scan type: Quick scan
Objects scanned: 214754
Time elapsed: 5 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:44:46 PM, on 11/28/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17103)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dldocoms.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sophos\AutoUpdate\almon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.montgomerycountymd.gov/content/FireRescue/dcQuicklinks/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080331
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\almon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: dldoCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldoserv.exe
O23 - Service: dldo_device - - C:\WINDOWS\system32\dldocoms.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Limited - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Limited - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Limited - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Sophos Web Intelligence Service (swi_service) - Sophos Limited - C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe

--
End of file - 9093 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users