Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected svchost.exe


  • This topic is locked This topic is locked
13 replies to this topic

#1 shazbot24

shazbot24

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 14 January 2012 - 05:06 PM

A couple days ago my sophos anti-virus detected several viruses (mal/fakeav-mq) and (mal/encpk-aco) and then my computer proceeded to freeze up. Having already dealt with what I believe to be Trojan loaders, I proceeded to start my computer in safe mode with networking and subsequently ran rkill followed by dds (DDS had to be run after rkill, as the virus' processes would not have allowed my computer to function long enough to run the scan) and malwarebytes, the results of which I shall post after having explained the situation. It seems to be that it was not successful to say the least, and now malwarebytes is blocking svchost.exe from connecting to the ip 178.238.233.155. Any help would be greatly appreciated.

To recap, the logs posted are in order as follows: Malwarebytes, rkill, and DDS.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8084

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

1/14/2012 3:21:17 PM
mbam-log-2012-01-14 (15-21-17).txt

Scan type: Full scan (C:\|)
Objects scanned: 707892
Time elapsed: 2 hour(s), 31 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Owner\AppData\Local\Temp\1.5429743245325347e7.tmp (Spyware.Agent) -> Quarantined and deleted successfully.
c:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.



-------------------------------


This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 4/2012 Sat at 16:42:30.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:

\\.\globalroot\systemroot\svchost.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe


--- ATTENTION ---

Windows was configured to use a proxy! Proxy settings have been removed.

The Proxy Server that was configured is: http=127.0.0.1:64121

If this was a valid setting, please double-click on the rk-proxy.reg file on your desktop and allow the data to be merged to restore your proxy settings.


Rkill completed on 4/2012 Sat at 16:42:46.


-------------------------------------


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Run by Owner at 16:57:45 on 2012-01-14
Microsoft Windows 7 Home Premium 6.1.7600.0.932.81.1033.18.6139.4251 [GMT -5:00]
.
AV: Sophos Anti-Virus *Enabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C}
SP: Sophos Anti-Virus *Enabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\SysWOW64\schtasks.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Bitcoin\bitcoin.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavMain.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\firefox.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [D72.exe] C:\Program Files (x86)\LP\8896\D72.exe
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Bitcoin.lnk - C:\Program Files (x86)\Bitcoin\bitcoin.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERS~1.LNK - C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B08652BA-F67C-40D5-A240-5EF328750354} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B08652BA-F67C-40D5-A240-5EF328750354}\35F636365627 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B08652BA-F67C-40D5-A240-5EF328750354}\9716E6963656C6C696 : DhcpNameServer = 167.206.251.129 167.206.251.130
TCP: Interfaces\{B08652BA-F67C-40D5-A240-5EF328750354}\C6162696E656E65647 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{CDDB8FB4-FFEA-415D-B0B9-1F39CA15407D} : DhcpNameServer = 140.142.17.18 140.142.15.27
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL, C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Sophos Web Content Scanner: {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [D72.exe] C:\Program Files (x86)\LP\8896\D72.exe
AppInit_DLLs-X64: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL, C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c96io2xl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 64121
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 SAVOnAccess;SAVOnAccess;C:\Windows\system32\DRIVERS\savonaccess.sys --> C:\Windows\system32\DRIVERS\savonaccess.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-27 652872]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2010-12-2 218432]
R2 SAVAdminService;Sophos Anti-Virus status reporter;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-10-8 163056]
R2 SAVService;Sophos Anti-Virus;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2010-6-4 97520]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [2010-9-21 230640]
R2 swi_service;Sophos Web Intelligence Service;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2010-10-8 1541360]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2mdx64.sys --> C:\Windows\system32\DRIVERS\o2mdx64.sys [?]
R3 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sdx64.sys --> C:\Windows\system32\DRIVERS\o2sdx64.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 RpcSs32;Remote Procedure Call (RPC) ;C:\Windows\system32\ws2_3232.exe --> C:\Windows\system32\ws2_3232.exe [?]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys --> C:\Windows\system32\DRIVERS\motusbdevice.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-10 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-10 4925184]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 SophosBootDriver;SophosBootDriver;C:\Windows\system32\DRIVERS\SophosBootDriver.sys --> C:\Windows\system32\DRIVERS\SophosBootDriver.sys [?]
.
=============== Created Last 30 ================
.
2012-01-14 20:23:58 20480 ----a-w- C:\Windows\svchost.exe
2012-01-10 23:59:51 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-10 23:59:51 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-10 23:59:50 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-10 23:59:50 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-08 21:30:58 -------- d-----w- C:\Program Files (x86)\6244D
2012-01-08 21:30:24 -------- d-----w- C:\Users\Owner\AppData\Roaming\6A962
2012-01-08 21:30:24 -------- d-----w- C:\Program Files (x86)\LP
2012-01-06 23:25:01 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E6B9B9E6-8BF9-49D0-93EA-3A0769C17849}\mpengine.dll
.
==================== Find3M ====================
.
2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-11-24 02:52:14 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2011-11-05 05:26:29 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 05:23:10 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-11-05 05:17:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:35:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 04:34:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-11-05 04:30:11 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-05 04:07:32 482816 ----a-w- C:\Windows\System32\html.iec
2011-11-05 03:28:41 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-11-05 03:25:44 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:55:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-11-02 03:48:15 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-11-02 03:48:15 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-11-02 03:45:22 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-10-26 05:19:07 43520 ----a-w- C:\Windows\System32\csrsrv.dll
.
============= FINISH: 16:59:15.55 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:35 AM

Posted 17 January 2012 - 12:12 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 shazbot24

shazbot24
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 17 January 2012 - 06:53 PM

Thanks for replying, after running combofix the computer crashed to a blue screen and restarted so I ran it in safemode and then used combofix. After that finished running it restarted and then gave me a log. svchost.exe is still being blocked.

---------------------------------------------



ComboFix 12-01-17.01 - Owner 7/2012 Tue 18:17:21.1.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.932.81.1033.18.6139.5307 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Enabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C}
SP: Sophos Anti-Virus *Enabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
Error: Cfiles.dat
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LP
c:\program files (x86)\LP\8896\12BE.tmp
c:\program files (x86)\LP\8896\561B.tmp
c:\program files (x86)\LP\8896\88E5.tmp
c:\program files (x86)\LP\8896\90D2.tmp
c:\program files (x86)\LP\8896\CED3.tmp
c:\program files (x86)\LP\8896\D72.exe
c:\program files (x86)\LP\BD46\3FEC.tmp
c:\users\Owner\AppData\Roaming\Bitcoin
c:\users\Owner\AppData\Roaming\Bitcoin\.lock
c:\users\Owner\AppData\Roaming\Bitcoin\__db.001
c:\users\Owner\AppData\Roaming\Bitcoin\__db.002
c:\users\Owner\AppData\Roaming\Bitcoin\__db.003
c:\users\Owner\AppData\Roaming\Bitcoin\__db.004
c:\users\Owner\AppData\Roaming\Bitcoin\__db.005
c:\users\Owner\AppData\Roaming\Bitcoin\__db.006
c:\users\Owner\AppData\Roaming\Bitcoin\addr.dat
c:\users\Owner\AppData\Roaming\Bitcoin\blk0001.dat
c:\users\Owner\AppData\Roaming\Bitcoin\blkindex.dat
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000258
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000259
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000260
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000261
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000262
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000263
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000264
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000265
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000266
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000267
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000268
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000269
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000270
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000271
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000272
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000273
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000274
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000275
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000276
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000277
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000278
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000279
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000280
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000281
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000282
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000283
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000284
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000285
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000286
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000287
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000288
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000289
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000290
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000291
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000292
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000293
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000294
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000295
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000296
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000297
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000298
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000299
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000300
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000301
c:\users\Owner\AppData\Roaming\Bitcoin\db.log
c:\users\Owner\AppData\Roaming\Bitcoin\debug.log
c:\users\Owner\AppData\Roaming\Bitcoin\wallet.dat
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c96io2xl.default\extensions\{b420735d-d074-4091-a97d-d792293e7648}
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c96io2xl.default\extensions\{b420735d-d074-4091-a97d-d792293e7648}\chrome.manifest
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c96io2xl.default\extensions\{b420735d-d074-4091-a97d-d792293e7648}\chrome\xulcache.jar
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c96io2xl.default\extensions\{b420735d-d074-4091-a97d-d792293e7648}\defaults\preferences\xulcache.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c96io2xl.default\extensions\{b420735d-d074-4091-a97d-d792293e7648}\install.rdf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RpcSs32
.
.
((((((((((((((((((((((((( Files Created from 2011-12-17 to 2012-01-17 )))))))))))))))))))))))))))))))
.
.
2012-01-17 23:35 . 2012-01-17 23:36 -------- d-----w- c:\users\Owner\AppData\Roaming\Bitcoin
2012-01-17 23:33 . 2012-01-17 23:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-14 20:23 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost.exe
2012-01-10 23:59 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-01-10 23:59 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-10 23:59 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-10 23:59 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-08 21:30 . 2012-01-12 02:44 -------- d-----w- c:\program files (x86)\6244D
2012-01-08 21:30 . 2012-01-14 17:29 -------- d-----w- c:\users\Owner\AppData\Roaming\6A962
2012-01-06 23:25 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E6B9B9E6-8BF9-49D0-93EA-3A0769C17849}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2011-10-27 07:40 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 05:00 . 2011-12-14 23:54 3141632 ----a-w- c:\windows\system32\win32k.sys
2011-11-24 02:52 . 2011-11-24 02:52 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-05 05:26 . 2011-12-14 23:55 1197568 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 05:23 . 2011-12-14 23:55 57856 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-05 05:17 . 2011-12-14 23:54 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:35 . 2011-12-14 23:55 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-05 04:34 . 2011-12-14 23:55 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-11-05 04:30 . 2011-12-14 23:54 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-05 04:07 . 2011-12-14 23:55 482816 ----a-w- c:\windows\system32\html.iec
2011-11-05 03:28 . 2011-12-14 23:55 386048 ----a-w- c:\windows\SysWow64\html.iec
2011-11-05 03:25 . 2011-12-14 23:55 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-05 02:55 . 2011-12-14 23:55 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-11-02 03:48 . 2011-02-04 20:01 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-11-02 03:48 . 2011-02-04 19:41 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-11-02 03:45 . 2011-02-04 19:41 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-10-26 05:19 . 2011-12-14 23:55 43520 ----a-w- c:\windows\system32\csrsrv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-03 1242448]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-02-11 396152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2010-09-21 439536]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Bitcoin.lnk - c:\program files (x86)\Bitcoin\bitcoin.exe [2011-4-27 7490048]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamersFirst LIVE!.lnk - c:\program files (x86)\GamersFirst\LIVE!\Live.exe [2011-8-15 2589808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\Owner\AppData\Local\Temp\00573BA.tmp [x]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2010-12-02 218432]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-10-08 163056]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2010-06-04 97520]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2010-10-08 1541360]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys [x]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-28 16334880]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"combofix"="c:\combofix\CF27256.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c96io2xl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 64121
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-D72.exe - c:\program files (x86)\LP\8896\D72.exe
AddRemove-Matroska Pack - c:\program files (x86)\Matroska Pack\uninstall.exe
AddRemove-PunkBusterSvc - c:\program files (x86)\GAMERSFIRST\APB RELOADED\Binaries\pbsvc_apb.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Owner\AppData\Local\Temp\00573BA.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1287804269-1291962856-3967002781-1000\Software\SecuROM\License information*]
"datasecu"=hex:c7,0d,c4,01,df,8a,e8,7f,be,6b,6a,3f,b5,a8,d8,9b,a9,82,90,13,57,
c8,cb,96,6a,49,48,f9,c5,a9,a1,6b,7f,9c,b4,db,2b,87,4a,38,43,21,ea,d4,a0,14,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files (x86)\Sophos\AutoUpdate\ALsvc.exe
c:\windows\SysWOW64\schtasks.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Pando Networks\Media Booster\PMB.exe
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2012-01-17 18:45:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-17 23:45
ComboFix2.txt 2010-09-25 04:50
ComboFix3.txt 2010-09-25 02:25
.
Pre-Run: 18,666,528,768 bytes free
Post-Run: 33,669,779,456 bytes free
.
- - End Of File - - B50A31472EA713CF25CE6DC6F7538F66

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:35 AM

Posted 17 January 2012 - 07:24 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

Folder::
c:\program files (x86)\6244D
c:\users\Owner\AppData\Roaming\6A962

Firefox::
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c96io2xl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 64121

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 shazbot24

shazbot24
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 17 January 2012 - 08:19 PM

Blue screened again while running combofix and it still continues to detect svchost connecting to a malicious ip 178.238.233.155


--------------------------




ComboFix 12-01-17.01 - Owner 7/2012 Tue 18:17:21.1.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.932.81.1033.18.6139.5307 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Enabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C}
SP: Sophos Anti-Virus *Enabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
Error: Cfiles.dat
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LP
c:\program files (x86)\LP\8896\12BE.tmp
c:\program files (x86)\LP\8896\561B.tmp
c:\program files (x86)\LP\8896\88E5.tmp
c:\program files (x86)\LP\8896\90D2.tmp
c:\program files (x86)\LP\8896\CED3.tmp
c:\program files (x86)\LP\8896\D72.exe
c:\program files (x86)\LP\BD46\3FEC.tmp
c:\users\Owner\AppData\Roaming\Bitcoin
c:\users\Owner\AppData\Roaming\Bitcoin\.lock
c:\users\Owner\AppData\Roaming\Bitcoin\__db.001
c:\users\Owner\AppData\Roaming\Bitcoin\__db.002
c:\users\Owner\AppData\Roaming\Bitcoin\__db.003
c:\users\Owner\AppData\Roaming\Bitcoin\__db.004
c:\users\Owner\AppData\Roaming\Bitcoin\__db.005
c:\users\Owner\AppData\Roaming\Bitcoin\__db.006
c:\users\Owner\AppData\Roaming\Bitcoin\addr.dat
c:\users\Owner\AppData\Roaming\Bitcoin\blk0001.dat
c:\users\Owner\AppData\Roaming\Bitcoin\blkindex.dat
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000258
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000259
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000260
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000261
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000262
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000263
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000264
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000265
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000266
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000267
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000268
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000269
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000270
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000271
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000272
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000273
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000274
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000275
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000276
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000277
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000278
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000279
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000280
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000281
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000282
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000283
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000284
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000285
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000286
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000287
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000288
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000289
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000290
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000291
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000292
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000293
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000294
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000295
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000296
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000297
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000298
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000299
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000300
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000301
c:\users\Owner\AppData\Roaming\Bitcoin\db.log
c:\users\Owner\AppData\Roaming\Bitcoin\debug.log
c:\users\Owner\AppData\Roaming\Bitcoin\wallet.dat
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c96io2xl.default\extensions\{b420735d-d074-4091-a97d-d792293e7648}
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c96io2xl.default\extensions\{b420735d-d074-4091-a97d-d792293e7648}\chrome.manifest
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c96io2xl.default\extensions\{b420735d-d074-4091-a97d-d792293e7648}\chrome\xulcache.jar
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c96io2xl.default\extensions\{b420735d-d074-4091-a97d-d792293e7648}\defaults\preferences\xulcache.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c96io2xl.default\extensions\{b420735d-d074-4091-a97d-d792293e7648}\install.rdf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RpcSs32
.
.
((((((((((((((((((((((((( Files Created from 2011-12-17 to 2012-01-17 )))))))))))))))))))))))))))))))
.
.
2012-01-17 23:35 . 2012-01-17 23:36 -------- d-----w- c:\users\Owner\AppData\Roaming\Bitcoin
2012-01-17 23:33 . 2012-01-17 23:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-14 20:23 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost.exe
2012-01-10 23:59 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-01-10 23:59 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-10 23:59 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-10 23:59 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-08 21:30 . 2012-01-12 02:44 -------- d-----w- c:\program files (x86)\6244D
2012-01-08 21:30 . 2012-01-14 17:29 -------- d-----w- c:\users\Owner\AppData\Roaming\6A962
2012-01-06 23:25 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E6B9B9E6-8BF9-49D0-93EA-3A0769C17849}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2011-10-27 07:40 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 05:00 . 2011-12-14 23:54 3141632 ----a-w- c:\windows\system32\win32k.sys
2011-11-24 02:52 . 2011-11-24 02:52 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-05 05:26 . 2011-12-14 23:55 1197568 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 05:23 . 2011-12-14 23:55 57856 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-05 05:17 . 2011-12-14 23:54 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:35 . 2011-12-14 23:55 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-05 04:34 . 2011-12-14 23:55 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-11-05 04:30 . 2011-12-14 23:54 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-05 04:07 . 2011-12-14 23:55 482816 ----a-w- c:\windows\system32\html.iec
2011-11-05 03:28 . 2011-12-14 23:55 386048 ----a-w- c:\windows\SysWow64\html.iec
2011-11-05 03:25 . 2011-12-14 23:55 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-05 02:55 . 2011-12-14 23:55 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-11-02 03:48 . 2011-02-04 20:01 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-11-02 03:48 . 2011-02-04 19:41 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-11-02 03:45 . 2011-02-04 19:41 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-10-26 05:19 . 2011-12-14 23:55 43520 ----a-w- c:\windows\system32\csrsrv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-03 1242448]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-02-11 396152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2010-09-21 439536]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Bitcoin.lnk - c:\program files (x86)\Bitcoin\bitcoin.exe [2011-4-27 7490048]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamersFirst LIVE!.lnk - c:\program files (x86)\GamersFirst\LIVE!\Live.exe [2011-8-15 2589808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\Owner\AppData\Local\Temp\00573BA.tmp [x]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2010-12-02 218432]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-10-08 163056]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2010-06-04 97520]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2010-10-08 1541360]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys [x]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-28 16334880]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"combofix"="c:\combofix\CF27256.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c96io2xl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 64121
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-D72.exe - c:\program files (x86)\LP\8896\D72.exe
AddRemove-Matroska Pack - c:\program files (x86)\Matroska Pack\uninstall.exe
AddRemove-PunkBusterSvc - c:\program files (x86)\GAMERSFIRST\APB RELOADED\Binaries\pbsvc_apb.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Owner\AppData\Local\Temp\00573BA.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1287804269-1291962856-3967002781-1000\Software\SecuROM\License information*]
"datasecu"=hex:c7,0d,c4,01,df,8a,e8,7f,be,6b,6a,3f,b5,a8,d8,9b,a9,82,90,13,57,
c8,cb,96,6a,49,48,f9,c5,a9,a1,6b,7f,9c,b4,db,2b,87,4a,38,43,21,ea,d4,a0,14,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files (x86)\Sophos\AutoUpdate\ALsvc.exe
c:\windows\SysWOW64\schtasks.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Pando Networks\Media Booster\PMB.exe
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2012-01-17 18:45:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-17 23:45
ComboFix2.txt 2010-09-25 04:50
ComboFix3.txt 2010-09-25 02:25
.
Pre-Run: 18,666,528,768 bytes free
Post-Run: 33,669,779,456 bytes free
.
- - End Of File - - B50A31472EA713CF25CE6DC6F7538F66

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:35 AM

Posted 18 January 2012 - 11:10 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 shazbot24

shazbot24
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 18 January 2012 - 09:16 PM

svchost.exe is still being detected as malicious from malwarebytes.



21:04:18.0396 4940 TDSS rootkit removing tool 2.7.5.0 Jan 18 2012 09:26:24
21:04:19.0406 4940 ============================================================
21:04:19.0406 4940 Current date / time: 2012/01/18 21:04:19.0406
21:04:19.0406 4940 SystemInfo:
21:04:19.0406 4940
21:04:19.0406 4940 OS Version: 6.1.7600 ServicePack: 0.0
21:04:19.0406 4940 Product type: Workstation
21:04:19.0406 4940 ComputerName: OWNER-PC
21:04:19.0407 4940 UserName: Owner
21:04:19.0407 4940 Windows directory: C:\Windows
21:04:19.0407 4940 System windows directory: C:\Windows
21:04:19.0407 4940 Running under WOW64
21:04:19.0407 4940 Processor architecture: Intel x64
21:04:19.0407 4940 Number of processors: 2
21:04:19.0407 4940 Page size: 0x1000
21:04:19.0407 4940 Boot type: Normal boot
21:04:19.0407 4940 ============================================================
21:04:20.0788 4940 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:04:21.0016 4940 Initialize success
21:04:25.0510 4156 ============================================================
21:04:25.0510 4156 Scan started
21:04:25.0510 4156 Mode: Manual;
21:04:25.0510 4156 ============================================================
21:04:28.0969 4156 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
21:04:28.0973 4156 1394ohci - ok
21:04:29.0216 4156 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
21:04:29.0223 4156 ACPI - ok
21:04:29.0563 4156 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
21:04:29.0571 4156 AcpiPmi - ok
21:04:29.0941 4156 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:04:29.0948 4156 adp94xx - ok
21:04:30.0210 4156 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:04:30.0216 4156 adpahci - ok
21:04:30.0489 4156 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:04:30.0491 4156 adpu320 - ok
21:04:30.0802 4156 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
21:04:30.0821 4156 AFD - ok
21:04:31.0047 4156 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
21:04:31.0052 4156 agp440 - ok
21:04:31.0369 4156 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
21:04:31.0372 4156 aliide - ok
21:04:31.0765 4156 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
21:04:31.0775 4156 amdide - ok
21:04:32.0059 4156 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:04:32.0065 4156 AmdK8 - ok
21:04:32.0314 4156 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:04:32.0319 4156 AmdPPM - ok
21:04:32.0713 4156 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
21:04:32.0718 4156 amdsata - ok
21:04:33.0000 4156 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:04:33.0004 4156 amdsbs - ok
21:04:33.0357 4156 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
21:04:33.0358 4156 amdxata - ok
21:04:33.0714 4156 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
21:04:33.0720 4156 AppID - ok
21:04:34.0169 4156 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:04:34.0178 4156 arc - ok
21:04:34.0462 4156 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:04:34.0470 4156 arcsas - ok
21:04:34.0931 4156 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:04:34.0939 4156 AsyncMac - ok
21:04:35.0223 4156 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
21:04:35.0224 4156 atapi - ok
21:04:35.0741 4156 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:04:35.0783 4156 b06bdrv - ok
21:04:36.0060 4156 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:04:36.0090 4156 b57nd60a - ok
21:04:36.0294 4156 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:04:36.0300 4156 Beep - ok
21:04:36.0606 4156 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:04:36.0609 4156 blbdrive - ok
21:04:36.0990 4156 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
21:04:36.0998 4156 bowser - ok
21:04:37.0144 4156 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:04:37.0152 4156 BrFiltLo - ok
21:04:37.0266 4156 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:04:37.0275 4156 BrFiltUp - ok
21:04:37.0734 4156 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:04:37.0736 4156 BridgeMP - ok
21:04:37.0905 4156 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:04:37.0961 4156 Brserid - ok
21:04:38.0107 4156 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:04:38.0117 4156 BrSerWdm - ok
21:04:38.0404 4156 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:04:38.0407 4156 BrUsbMdm - ok
21:04:38.0699 4156 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:04:38.0703 4156 BrUsbSer - ok
21:04:39.0012 4156 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
21:04:39.0017 4156 BTCFilterService - ok
21:04:39.0191 4156 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:04:39.0198 4156 BTHMODEM - ok
21:04:39.0368 4156 catchme - ok
21:04:39.0990 4156 CAXHWAZL (0ca8ed7f262a3d0034f156bdfdf4814c) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
21:04:39.0994 4156 CAXHWAZL - ok
21:04:40.0204 4156 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:04:40.0215 4156 cdfs - ok
21:04:40.0748 4156 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
21:04:40.0750 4156 cdrom - ok
21:04:41.0252 4156 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:04:41.0254 4156 circlass - ok
21:04:41.0357 4156 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:04:41.0364 4156 CLFS - ok
21:04:41.0568 4156 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:04:41.0570 4156 CmBatt - ok
21:04:41.0664 4156 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
21:04:41.0667 4156 cmdide - ok
21:04:41.0746 4156 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
21:04:41.0757 4156 CNG - ok
21:04:42.0142 4156 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:04:42.0143 4156 Compbatt - ok
21:04:42.0572 4156 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:04:42.0577 4156 CompositeBus - ok
21:04:42.0780 4156 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:04:42.0786 4156 crcdisk - ok
21:04:43.0001 4156 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
21:04:43.0003 4156 DfsC - ok
21:04:43.0202 4156 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:04:43.0211 4156 discache - ok
21:04:43.0406 4156 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:04:43.0408 4156 Disk - ok
21:04:43.0560 4156 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:04:43.0569 4156 drmkaud - ok
21:04:43.0721 4156 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:04:43.0723 4156 dtsoftbus01 - ok
21:04:43.0951 4156 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
21:04:43.0959 4156 DXGKrnl - ok
21:04:44.0513 4156 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:04:44.0612 4156 ebdrv - ok
21:04:45.0038 4156 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:04:45.0072 4156 elxstor - ok
21:04:45.0325 4156 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
21:04:45.0328 4156 ErrDev - ok
21:04:45.0550 4156 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:04:45.0554 4156 exfat - ok
21:04:45.0598 4156 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:04:45.0602 4156 fastfat - ok
21:04:45.0791 4156 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:04:45.0793 4156 fdc - ok
21:04:46.0032 4156 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:04:46.0034 4156 FileInfo - ok
21:04:46.0187 4156 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:04:46.0189 4156 Filetrace - ok
21:04:46.0354 4156 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:04:46.0357 4156 flpydisk - ok
21:04:46.0407 4156 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
21:04:46.0411 4156 FltMgr - ok
21:04:46.0451 4156 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:04:46.0453 4156 FsDepends - ok
21:04:46.0480 4156 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:04:46.0480 4156 Fs_Rec - ok
21:04:46.0530 4156 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:04:46.0534 4156 fvevol - ok
21:04:46.0582 4156 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:04:46.0586 4156 gagp30kx - ok
21:04:46.0713 4156 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:04:46.0714 4156 GEARAspiWDM - ok
21:04:46.0815 4156 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:04:46.0816 4156 hcw85cir - ok
21:04:46.0964 4156 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
21:04:46.0983 4156 HdAudAddService - ok
21:04:47.0244 4156 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:04:47.0252 4156 HDAudBus - ok
21:04:47.0379 4156 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:04:47.0382 4156 HidBatt - ok
21:04:47.0494 4156 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:04:47.0496 4156 HidBth - ok
21:04:47.0846 4156 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:04:47.0848 4156 HidIr - ok
21:04:48.0292 4156 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
21:04:48.0293 4156 HidUsb - ok
21:04:48.0397 4156 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:04:48.0399 4156 HpSAMD - ok
21:04:48.0571 4156 HSF_DPV (8774d021a3fffe44150f8510381deee6) C:\Windows\system32\DRIVERS\CAX_DPV.sys
21:04:48.0609 4156 HSF_DPV - ok
21:04:48.0958 4156 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
21:04:49.0003 4156 HTTP - ok
21:04:49.0346 4156 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
21:04:49.0346 4156 hwpolicy - ok
21:04:49.0491 4156 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:04:49.0493 4156 i8042prt - ok
21:04:49.0596 4156 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
21:04:49.0599 4156 iaStor - ok
21:04:49.0790 4156 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
21:04:49.0802 4156 iaStorV - ok
21:04:49.0933 4156 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:04:49.0944 4156 iirsp - ok
21:04:50.0032 4156 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
21:04:50.0034 4156 intelide - ok
21:04:50.0125 4156 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:04:50.0126 4156 intelppm - ok
21:04:50.0199 4156 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:04:50.0207 4156 IpFilterDriver - ok
21:04:50.0274 4156 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:04:50.0277 4156 IPMIDRV - ok
21:04:50.0333 4156 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:04:50.0340 4156 IPNAT - ok
21:04:50.0572 4156 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:04:50.0575 4156 IRENUM - ok
21:04:50.0620 4156 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
21:04:50.0629 4156 isapnp - ok
21:04:50.0709 4156 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
21:04:50.0713 4156 iScsiPrt - ok
21:04:50.0802 4156 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:04:50.0803 4156 kbdclass - ok
21:04:50.0922 4156 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
21:04:50.0924 4156 kbdhid - ok
21:04:50.0972 4156 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
21:04:50.0974 4156 KSecDD - ok
21:04:50.0995 4156 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
21:04:50.0997 4156 KSecPkg - ok
21:04:51.0017 4156 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:04:51.0019 4156 ksthunk - ok
21:04:51.0095 4156 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:04:51.0097 4156 lltdio - ok
21:04:51.0209 4156 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:04:51.0212 4156 LSI_FC - ok
21:04:51.0277 4156 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:04:51.0285 4156 LSI_SAS - ok
21:04:51.0400 4156 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:04:51.0403 4156 LSI_SAS2 - ok
21:04:51.0760 4156 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:04:51.0773 4156 LSI_SCSI - ok
21:04:51.0904 4156 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:04:51.0906 4156 luafv - ok
21:04:52.0076 4156 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
21:04:52.0076 4156 MBAMProtector - ok
21:04:52.0310 4156 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:04:52.0314 4156 mdmxsdk - ok
21:04:52.0562 4156 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:04:52.0567 4156 megasas - ok
21:04:52.0624 4156 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:04:52.0629 4156 MegaSR - ok
21:04:52.0675 4156 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:04:52.0675 4156 Modem - ok
21:04:52.0723 4156 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:04:52.0724 4156 monitor - ok
21:04:52.0795 4156 motccgp (a70bf78713b104c46c4e6e7858b6f02e) C:\Windows\system32\DRIVERS\motccgp.sys
21:04:52.0797 4156 motccgp - ok
21:04:52.0896 4156 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys
21:04:52.0902 4156 motccgpfl - ok
21:04:52.0954 4156 motmodem (6cbc0f4005593c96c9aecad39f0690fc) C:\Windows\system32\DRIVERS\motmodem.sys
21:04:52.0955 4156 motmodem - ok
21:04:52.0995 4156 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
21:04:52.0996 4156 MotoSwitchService - ok
21:04:53.0041 4156 Motousbnet (87701078c3f720ac7a028e937994cc49) C:\Windows\system32\DRIVERS\Motousbnet.sys
21:04:53.0042 4156 Motousbnet - ok
21:04:53.0149 4156 motusbdevice (307727f9829fb46ff4be0e4d1dac5002) C:\Windows\system32\DRIVERS\motusbdevice.sys
21:04:53.0151 4156 motusbdevice - ok
21:04:53.0368 4156 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:04:53.0369 4156 mouclass - ok
21:04:53.0489 4156 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:04:53.0491 4156 mouhid - ok
21:04:53.0644 4156 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
21:04:53.0652 4156 mountmgr - ok
21:04:53.0851 4156 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
21:04:53.0854 4156 mpio - ok
21:04:53.0922 4156 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:04:53.0929 4156 mpsdrv - ok
21:04:53.0973 4156 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
21:04:53.0976 4156 MRxDAV - ok
21:04:54.0020 4156 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:04:54.0023 4156 mrxsmb - ok
21:04:54.0064 4156 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:04:54.0068 4156 mrxsmb10 - ok
21:04:54.0085 4156 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:04:54.0087 4156 mrxsmb20 - ok
21:04:54.0111 4156 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
21:04:54.0112 4156 msahci - ok
21:04:54.0164 4156 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
21:04:54.0167 4156 msdsm - ok
21:04:54.0213 4156 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:04:54.0215 4156 Msfs - ok
21:04:54.0231 4156 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:04:54.0234 4156 mshidkmdf - ok
21:04:54.0262 4156 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
21:04:54.0263 4156 msisadrv - ok
21:04:54.0443 4156 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:04:54.0446 4156 MSKSSRV - ok
21:04:54.0505 4156 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:04:54.0507 4156 MSPCLOCK - ok
21:04:54.0547 4156 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:04:54.0549 4156 MSPQM - ok
21:04:54.0582 4156 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
21:04:54.0588 4156 MsRPC - ok
21:04:54.0697 4156 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:04:54.0697 4156 mssmbios - ok
21:04:54.0818 4156 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:04:54.0820 4156 MSTEE - ok
21:04:54.0834 4156 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:04:54.0836 4156 MTConfig - ok
21:04:54.0850 4156 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:04:54.0851 4156 Mup - ok
21:04:54.0908 4156 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:04:55.0054 4156 NativeWifiP - ok
21:04:55.0412 4156 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
21:04:55.0437 4156 NDIS - ok
21:04:55.0545 4156 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:04:55.0546 4156 NdisCap - ok
21:04:55.0607 4156 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:04:55.0610 4156 NdisTapi - ok
21:04:55.0641 4156 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
21:04:55.0643 4156 Ndisuio - ok
21:04:55.0663 4156 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:04:55.0666 4156 NdisWan - ok
21:04:55.0683 4156 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
21:04:55.0685 4156 NDProxy - ok
21:04:55.0738 4156 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:04:55.0740 4156 NetBIOS - ok
21:04:55.0776 4156 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
21:04:55.0780 4156 NetBT - ok
21:04:56.0615 4156 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
21:04:56.0774 4156 NETw5s64 - ok
21:04:57.0451 4156 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
21:04:57.0577 4156 netw5v64 - ok
21:04:57.0717 4156 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:04:57.0719 4156 nfrd960 - ok
21:04:57.0856 4156 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:04:57.0866 4156 Npfs - ok
21:04:57.0897 4156 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:04:57.0899 4156 nsiproxy - ok
21:04:58.0006 4156 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
21:04:58.0039 4156 Ntfs - ok
21:04:58.0064 4156 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:04:58.0066 4156 Null - ok
21:04:59.0114 4156 nvlddmkm (24f526274353ff7bb93d99d238e582da) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:04:59.0180 4156 nvlddmkm - ok
21:04:59.0408 4156 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
21:04:59.0412 4156 nvraid - ok
21:04:59.0586 4156 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
21:04:59.0590 4156 nvstor - ok
21:04:59.0749 4156 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
21:04:59.0756 4156 nv_agp - ok
21:04:59.0985 4156 O2MDRDR (26da4b40670ad436f7daec053a2a9eca) C:\Windows\system32\DRIVERS\o2mdx64.sys
21:04:59.0986 4156 O2MDRDR - ok
21:05:00.0099 4156 O2SDRDR (2e69a2adc12daa7ac7b4ffd8601e88b0) C:\Windows\system32\DRIVERS\o2sdx64.sys
21:05:00.0101 4156 O2SDRDR - ok
21:05:00.0268 4156 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
21:05:00.0270 4156 ohci1394 - ok
21:05:00.0502 4156 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:05:00.0506 4156 Parport - ok
21:05:00.0622 4156 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
21:05:00.0624 4156 partmgr - ok
21:05:00.0824 4156 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
21:05:00.0832 4156 pci - ok
21:05:01.0151 4156 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
21:05:01.0153 4156 pciide - ok
21:05:01.0365 4156 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:05:01.0369 4156 pcmcia - ok
21:05:01.0504 4156 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:05:01.0505 4156 pcw - ok
21:05:01.0627 4156 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:05:01.0646 4156 PEAUTH - ok
21:05:01.0931 4156 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
21:05:01.0933 4156 PptpMiniport - ok
21:05:02.0121 4156 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:05:02.0131 4156 Processor - ok
21:05:02.0529 4156 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
21:05:02.0533 4156 Psched - ok
21:05:02.0955 4156 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:05:03.0028 4156 ql2300 - ok
21:05:03.0533 4156 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:05:03.0535 4156 ql40xx - ok
21:05:03.0804 4156 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:05:03.0805 4156 QWAVEdrv - ok
21:05:03.0936 4156 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:05:03.0941 4156 RasAcd - ok
21:05:04.0339 4156 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:05:04.0343 4156 RasAgileVpn - ok
21:05:04.0757 4156 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:05:04.0760 4156 Rasl2tp - ok
21:05:04.0992 4156 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:05:05.0000 4156 RasPppoe - ok
21:05:05.0181 4156 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:05:05.0190 4156 RasSstp - ok
21:05:05.0354 4156 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
21:05:05.0373 4156 rdbss - ok
21:05:05.0445 4156 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:05:05.0447 4156 rdpbus - ok
21:05:05.0552 4156 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:05:05.0555 4156 RDPCDD - ok
21:05:05.0592 4156 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:05:05.0596 4156 RDPENCDD - ok
21:05:05.0741 4156 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:05:05.0744 4156 RDPREFMP - ok
21:05:05.0920 4156 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
21:05:05.0926 4156 RDPWD - ok
21:05:06.0169 4156 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
21:05:06.0180 4156 rdyboost - ok
21:05:06.0802 4156 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:05:06.0812 4156 rspndr - ok
21:05:07.0125 4156 SAVOnAccess (d9057e8ca97628e275979a09ea66b34b) C:\Windows\system32\DRIVERS\savonaccess.sys
21:05:07.0127 4156 SAVOnAccess - ok
21:05:07.0266 4156 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
21:05:07.0274 4156 sbp2port - ok
21:05:07.0752 4156 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
21:05:07.0758 4156 scfilter - ok
21:05:08.0089 4156 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\DRIVERS\sdbus.sys
21:05:08.0101 4156 sdbus - ok
21:05:08.0389 4156 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:05:08.0395 4156 secdrv - ok
21:05:08.0728 4156 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:05:08.0730 4156 Serenum - ok
21:05:08.0835 4156 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:05:08.0837 4156 Serial - ok
21:05:08.0866 4156 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:05:08.0867 4156 sermouse - ok
21:05:08.0897 4156 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
21:05:08.0899 4156 sffdisk - ok
21:05:08.0969 4156 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:05:08.0971 4156 sffp_mmc - ok
21:05:09.0009 4156 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:05:09.0011 4156 sffp_sd - ok
21:05:09.0028 4156 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:05:09.0031 4156 sfloppy - ok
21:05:09.0101 4156 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:05:09.0103 4156 SiSRaid2 - ok
21:05:09.0122 4156 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:05:09.0124 4156 SiSRaid4 - ok
21:05:09.0174 4156 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:05:09.0176 4156 Smb - ok
21:05:09.0261 4156 SophosBootDriver (69fbe35a8165adbc313aa7f64b868ca1) C:\Windows\system32\DRIVERS\SophosBootDriver.sys
21:05:09.0263 4156 SophosBootDriver - ok
21:05:09.0302 4156 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:05:09.0302 4156 spldr - ok
21:05:09.0490 4156 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
21:05:09.0508 4156 srv - ok
21:05:09.0773 4156 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
21:05:09.0779 4156 srv2 - ok
21:05:10.0129 4156 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
21:05:10.0150 4156 SrvHsfHDA - ok
21:05:10.0601 4156 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
21:05:10.0640 4156 SrvHsfV92 - ok
21:05:10.0853 4156 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
21:05:10.0889 4156 SrvHsfWinac - ok
21:05:11.0069 4156 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
21:05:11.0072 4156 srvnet - ok
21:05:11.0326 4156 StarOpen (e57b778208c783d8debab320c16a1b82) C:\Windows\system32\drivers\StarOpen.sys
21:05:11.0334 4156 StarOpen - ok
21:05:11.0524 4156 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:05:11.0531 4156 stexstor - ok
21:05:11.0821 4156 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:05:11.0822 4156 swenum - ok
21:05:12.0316 4156 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
21:05:12.0379 4156 Tcpip - ok
21:05:12.0656 4156 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
21:05:12.0667 4156 TCPIP6 - ok
21:05:12.0748 4156 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
21:05:12.0751 4156 tcpipreg - ok
21:05:12.0786 4156 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:05:12.0788 4156 TDPIPE - ok
21:05:12.0809 4156 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:05:12.0811 4156 TDTCP - ok
21:05:12.0832 4156 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
21:05:12.0835 4156 tdx - ok
21:05:12.0881 4156 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
21:05:12.0881 4156 TermDD - ok
21:05:13.0110 4156 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:05:13.0118 4156 tssecsrv - ok
21:05:13.0206 4156 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
21:05:13.0208 4156 tunnel - ok
21:05:13.0244 4156 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:05:13.0246 4156 uagp35 - ok
21:05:13.0306 4156 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
21:05:13.0349 4156 udfs - ok
21:05:13.0606 4156 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:05:13.0615 4156 uliagpkx - ok
21:05:13.0749 4156 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
21:05:13.0754 4156 umbus - ok
21:05:13.0829 4156 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:05:13.0831 4156 UmPass - ok
21:05:13.0971 4156 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
21:05:13.0973 4156 usbaudio - ok
21:05:14.0026 4156 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
21:05:14.0029 4156 usbccgp - ok
21:05:14.0214 4156 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
21:05:14.0219 4156 usbcir - ok
21:05:14.0396 4156 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
21:05:14.0404 4156 usbehci - ok
21:05:14.0796 4156 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
21:05:14.0805 4156 usbhub - ok
21:05:14.0903 4156 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
21:05:14.0905 4156 usbohci - ok
21:05:14.0938 4156 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:05:14.0940 4156 usbprint - ok
21:05:14.0980 4156 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:05:14.0990 4156 USBSTOR - ok
21:05:15.0023 4156 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:05:15.0025 4156 usbuhci - ok
21:05:15.0090 4156 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
21:05:15.0093 4156 usbvideo - ok
21:05:15.0124 4156 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:05:15.0124 4156 vdrvroot - ok
21:05:15.0172 4156 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:05:15.0173 4156 vga - ok
21:05:15.0190 4156 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:05:15.0191 4156 VgaSave - ok
21:05:15.0227 4156 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
21:05:15.0238 4156 vhdmp - ok
21:05:15.0331 4156 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
21:05:15.0340 4156 viaide - ok
21:05:15.0465 4156 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
21:05:15.0467 4156 volmgr - ok
21:05:15.0577 4156 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
21:05:15.0589 4156 volmgrx - ok
21:05:15.0690 4156 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
21:05:15.0833 4156 volsnap - ok
21:05:16.0002 4156 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:05:16.0005 4156 vsmraid - ok
21:05:16.0038 4156 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:05:16.0044 4156 vwifibus - ok
21:05:16.0082 4156 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:05:16.0084 4156 vwififlt - ok
21:05:16.0140 4156 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:05:16.0142 4156 WacomPen - ok
21:05:16.0201 4156 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:05:16.0203 4156 WANARP - ok
21:05:16.0229 4156 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:05:16.0230 4156 Wanarpv6 - ok
21:05:16.0340 4156 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:05:16.0348 4156 Wd - ok
21:05:16.0395 4156 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:05:16.0404 4156 Wdf01000 - ok
21:05:16.0501 4156 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:05:16.0503 4156 WfpLwf - ok
21:05:16.0517 4156 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:05:16.0518 4156 WIMMount - ok
21:05:16.0568 4156 winachsf (47e8fe123d0a99dc0e172f89425b9342) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
21:05:16.0591 4156 winachsf - ok
21:05:16.0953 4156 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
21:05:16.0962 4156 WinUsb - ok
21:05:17.0581 4156 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:05:17.0581 4156 WmiAcpi - ok
21:05:17.0794 4156 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:05:17.0797 4156 ws2ifsl - ok
21:05:18.0119 4156 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
21:05:18.0129 4156 WudfPf - ok
21:05:18.0469 4156 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:05:18.0474 4156 WUDFRd - ok
21:05:18.0891 4156 X6va005 - ok
21:05:19.0162 4156 XAudio (e288fa83c178a3458bac1fa80b346c06) C:\Windows\system32\DRIVERS\xaudio64.sys
21:05:19.0170 4156 XAudio - ok
21:05:19.0397 4156 yukonw7 (79d9ce9614c955dd31aa2556b4014662) C:\Windows\system32\DRIVERS\yk62x64.sys
21:05:19.0468 4156 yukonw7 - ok
21:05:19.0598 4156 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
21:05:19.0678 4156 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
21:05:19.0678 4156 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
21:05:19.0719 4156 Boot (0x1200) (8429dc0a5fe167547c77759638afa8cb) \Device\Harddisk0\DR0\Partition0
21:05:19.0723 4156 \Device\Harddisk0\DR0\Partition0 - ok
21:05:19.0740 4156 Boot (0x1200) (59dc945f1eef20b3b210640bd49e3126) \Device\Harddisk0\DR0\Partition1
21:05:19.0742 4156 \Device\Harddisk0\DR0\Partition1 - ok
21:05:19.0743 4156 ============================================================
21:05:19.0743 4156 Scan finished
21:05:19.0743 4156 ============================================================
21:05:19.0756 4152 Detected object count: 1
21:05:19.0756 4152 Actual detected object count: 1
21:05:40.0528 4152 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
21:05:41.0127 4152 \Device\Harddisk0\DR0 - ok
21:05:41.0129 4152 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
21:05:46.0045 4700 Deinitialize success

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:35 AM

Posted 18 January 2012 - 09:29 PM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 shazbot24

shazbot24
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 18 January 2012 - 10:22 PM

The computer seems to be running faster and there wasn't a detection just yet, but I'll edit the post if anything happens.

ComboFix 12-01-18.04 - Owner 8/2012 Wed 21:54:21.4.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.932.81.1033.18.6139.4840 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt.txt
AV: Sophos Anti-Virus *Enabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C}
SP: Sophos Anti-Virus *Enabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
Error: Cfiles.dat
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\Roaming\Bitcoin
c:\users\Owner\AppData\Roaming\Bitcoin\.lock
c:\users\Owner\AppData\Roaming\Bitcoin\__db.001
c:\users\Owner\AppData\Roaming\Bitcoin\__db.002
c:\users\Owner\AppData\Roaming\Bitcoin\__db.003
c:\users\Owner\AppData\Roaming\Bitcoin\__db.004
c:\users\Owner\AppData\Roaming\Bitcoin\__db.005
c:\users\Owner\AppData\Roaming\Bitcoin\__db.006
c:\users\Owner\AppData\Roaming\Bitcoin\addr.dat
c:\users\Owner\AppData\Roaming\Bitcoin\blk0001.dat
c:\users\Owner\AppData\Roaming\Bitcoin\blkindex.dat
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000002
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000003
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000004
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000005
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000006
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000007
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000008
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000009
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000010
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000011
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000012
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000013
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000014
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000015
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000016
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000017
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000018
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000019
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000020
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000021
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000022
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000023
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000024
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000025
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000026
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000027
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000028
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000029
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000030
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000031
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000032
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000033
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000034
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000035
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000036
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000037
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000038
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000039
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000040
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000041
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000042
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000043
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000044
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000045
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000046
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000047
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000048
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000049
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000050
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000051
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000052
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000053
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000054
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000055
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000056
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000057
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000058
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000059
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000060
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000061
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000062
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000063
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000064
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000065
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000066
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000067
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000068
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000069
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000070
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000071
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000072
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000073
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000074
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000075
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000076
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000077
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000078
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000079
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000080
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000081
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000082
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000083
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000084
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000085
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000086
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000087
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000088
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000089
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000090
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000091
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000092
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000093
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000094
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000095
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000096
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000097
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000098
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000099
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000100
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000101
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000102
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000103
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000104
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000105
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000106
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000107
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000108
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000109
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000110
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000111
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000112
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000113
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000114
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000115
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000116
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000117
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000118
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000119
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000120
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000121
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000122
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000123
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000124
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000125
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000126
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000127
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000128
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000129
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000130
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000131
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000132
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000133
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000134
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000135
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000136
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000137
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000138
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000139
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000140
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000141
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000142
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000143
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000144
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000145
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000146
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000147
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000148
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000149
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000150
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000151
c:\users\Owner\AppData\Roaming\Bitcoin\database\log.0000000152
c:\users\Owner\AppData\Roaming\Bitcoin\db.log
c:\users\Owner\AppData\Roaming\Bitcoin\debug.log
c:\users\Owner\AppData\Roaming\Bitcoin\wallet.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-12-19 to 2012-01-19 )))))))))))))))))))))))))))))))
.
.
2012-01-19 03:08 . 2012-01-19 03:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-10 23:59 . 2011-10-26 05:22 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-10 23:59 . 2011-10-26 05:22 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-10 23:59 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-10 23:59 . 2011-10-26 04:28 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-10 23:59 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-01-10 23:59 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-10 23:59 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-10 23:59 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-06 23:25 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E6B9B9E6-8BF9-49D0-93EA-3A0769C17849}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-19 02:22 . 2011-02-04 20:01 281656 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-01-19 02:22 . 2011-02-04 19:41 281656 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-01-18 23:06 . 2011-02-04 19:41 281656 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-12-10 20:24 . 2011-10-27 07:40 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 05:00 . 2011-12-14 23:54 3141632 ----a-w- c:\windows\system32\win32k.sys
2011-11-24 02:52 . 2011-11-24 02:52 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-05 05:26 . 2011-12-14 23:55 1197568 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 05:23 . 2011-12-14 23:55 57856 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-05 05:17 . 2011-12-14 23:54 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:35 . 2011-12-14 23:55 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-05 04:34 . 2011-12-14 23:55 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-11-05 04:30 . 2011-12-14 23:54 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-05 04:07 . 2011-12-14 23:55 482816 ----a-w- c:\windows\system32\html.iec
2011-11-05 03:28 . 2011-12-14 23:55 386048 ----a-w- c:\windows\SysWow64\html.iec
2011-11-05 03:25 . 2011-12-14 23:55 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-05 02:55 . 2011-12-14 23:55 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-26 05:19 . 2011-12-14 23:55 43520 ----a-w- c:\windows\system32\csrsrv.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-17_23.36.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-18 00:34 . 2012-01-18 00:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012011720120118\index.dat
+ 2012-01-18 00:34 . 2012-01-18 00:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012010920120116\index.dat
- 2011-10-22 05:44 . 2012-01-14 21:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2011-10-22 05:44 . 2012-01-18 01:04 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-12-15 17:10 . 2012-01-19 02:10 34232 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-19 02:10 39132 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-14 20:11 . 2012-01-19 02:10 10004 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1287804269-1291962856-3967002781-1000_UserData.bin
- 2011-02-14 19:56 . 2012-01-14 20:38 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-14 19:56 . 2012-01-18 17:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-14 19:56 . 2012-01-14 20:38 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-14 19:56 . 2012-01-18 17:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-18 17:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-14 20:38 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-01-18 22:44 78432 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-12-15 18:12 . 2012-01-19 02:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-15 18:12 . 2012-01-17 23:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-15 18:12 . 2012-01-17 23:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-15 18:12 . 2012-01-19 02:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-26 10:18 . 2011-12-26 10:18 16656 c:\windows\Microsoft.NET\Framework64\v4.0.30319\webengine.dll
+ 2011-12-26 10:18 . 2011-12-26 10:18 41744 c:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe
+ 2011-12-26 08:54 . 2011-12-26 08:54 15120 c:\windows\Microsoft.NET\Framework\v4.0.30319\webengine.dll
+ 2011-12-26 08:54 . 2011-12-26 08:54 33552 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe
- 2011-09-18 07:13 . 2011-09-18 07:13 97624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll
+ 2012-01-18 08:07 . 2012-01-18 08:07 97624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2011-09-18 07:13 . 2011-09-18 07:13 29544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll
+ 2012-01-18 08:07 . 2012-01-18 08:07 29544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-01-18 08:07 . 2012-01-18 08:07 70040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll
- 2011-09-18 07:13 . 2011-09-18 07:13 70040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll
+ 2012-01-18 08:07 . 2012-01-18 08:07 24928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll
- 2011-09-18 07:13 . 2011-09-18 07:13 24928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2012-01-18 08:07 . 2012-01-18 08:07 81272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-09-18 07:13 . 2011-09-18 07:13 81272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-01-18 08:07 . 2012-01-18 08:07 33144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
- 2011-09-18 07:13 . 2011-09-18 07:13 33144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2012-01-18 08:07 . 2012-01-18 08:07 93576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll
- 2011-09-18 07:13 . 2011-09-18 07:13 93576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-01-18 08:07 . 2012-01-18 08:07 24944 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
- 2011-09-18 07:13 . 2011-09-18 07:13 24944 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2012-01-18 08:07 . 2012-01-18 08:07 28024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2011-09-18 07:13 . 2011-09-18 07:13 28024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2012-01-18 08:07 . 2012-01-18 08:07 12168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll
- 2011-09-18 07:13 . 2011-09-18 07:13 12168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-01-18 08:07 . 2012-01-18 08:07 98152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll
- 2011-09-18 07:13 . 2011-09-18 07:13 98152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2011-09-18 07:13 . 2011-09-18 07:13 86888 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-01-18 08:07 . 2012-01-18 08:07 86888 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-01-18 02:06 . 2012-01-18 02:06 17920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Xna.Framework.Video\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.Video.dll
+ 2012-01-18 02:06 . 2012-01-18 02:06 20992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Xna.Framework.Storage\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.Storage.dll
+ 2012-01-18 02:06 . 2012-01-18 02:06 54272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Xna.Framework.Net\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.Net.dll
+ 2012-01-18 02:06 . 2012-01-18 02:06 23040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Xna.Framework.Input.Touch\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.Input.Touch.dll
+ 2012-01-18 02:06 . 2012-01-18 02:06 71680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Xna.Framework.GamerServices\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.GamerServices.dll
+ 2012-01-18 02:06 . 2012-01-18 02:06 24576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Xna.Framework.Avatar\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.Avatar.dll
+ 2012-01-18 08:07 . 2012-01-18 08:07 21880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe
- 2011-09-18 07:13 . 2011-09-18 07:13 21880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe
- 2011-10-13 07:04 . 2011-10-13 07:04 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-01-18 08:07 . 2012-01-18 08:07 40304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
- 2011-09-18 07:13 . 2011-09-18 07:13 40304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-01-18 08:06 . 2012-01-18 08:06 67968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll
- 2011-09-18 07:13 . 2011-09-18 07:13 67968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-18 02:06 . 2012-01-18 02:06 75776 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Xna.Framework.Xact\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.Xact.dll
+ 2012-01-18 02:06 . 2012-01-18 02:06 75264 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Xna.Framework.Game\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.Game.dll
+ 2012-01-18 08:03 . 2012-01-18 08:03 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-13 07:03 . 2011-10-13 07:03 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-13 07:03 . 2011-10-13 07:03 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-18 08:03 . 2012-01-18 08:03 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-02-07 01:00 . 2012-01-18 08:09 34144 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\oisicon.exe
- 2011-02-07 01:00 . 2011-12-18 08:02 34144 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\oisicon.exe
- 2011-02-07 01:00 . 2011-12-18 08:02 42848 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\msouc.exe
+ 2011-02-07 01:00 . 2012-01-18 08:09 42848 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\msouc.exe
- 2011-02-07 01:00 . 2011-12-18 08:02 19296 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\cagicon.exe
+ 2011-02-07 01:00 . 2012-01-18 08:09 19296 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\cagicon.exe
+ 2012-01-18 22:15 . 2012-01-18 22:15 55808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml.Hosting\5489f3d82b02843c58a4942afd3807e6\System.Xaml.Hosting.ni.dll
+ 2012-01-18 22:15 . 2012-01-18 22:15 46592 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\55b0452fe2e58293dfd0f6e76c69521f\System.Web.DynamicData.Design.ni.dll
+ 2012-01-19 03:09 . 2012-01-19 03:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-17 23:34 . 2012-01-17 23:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-19 03:09 . 2012-01-19 03:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-17 23:34 . 2012-01-17 23:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-10 23:59 . 2011-10-14 04:42 716800 c:\windows\SysWOW64\jscript.dll
- 2011-04-13 10:13 . 2011-02-18 05:35 716800 c:\windows\SysWOW64\jscript.dll
+ 2011-04-14 10:36 . 2012-01-19 00:24 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-04-14 10:36 . 2012-01-17 23:10 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-01-19 02:07 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-01-17 23:35 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-01-17 23:35 704512 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-19 02:07 704512 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-28 15:55 . 2012-01-18 06:40 224232 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-01-14 21:47 662154 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-19 02:15 662154 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-01-14 21:47 126136 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-01-19 02:15 126136 c:\windows\system32\perfc009.dat
+ 2012-01-10 23:59 . 2011-10-14 05:21 852480 c:\windows\system32\jscript.dll
- 2011-04-13 10:13 . 2011-02-18 06:36 852480 c:\windows\system32\jscript.dll
- 2009-07-14 05:01 . 2012-01-11 04:46 455120 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-19 02:06 455120 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-26 10:18 . 2011-12-26 10:18 721680 c:\windows\Microsoft.NET\Framework64\v4.0.30319\webengine4.dll
+ 2011-12-26 10:47 . 2011-12-26 10:47 261912 c:\windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe
+ 2011-12-26 08:54 . 2011-12-26 08:54 496400 c:\windows\Microsoft.NET\Framework\v4.0.30319\webengine4.dll
+ 2011-12-26 09:39 . 2011-12-26 09:39 192792 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
- 2011-10-13 07:04 . 2011-10-13 07:04 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-01-18 08:07 . 2012-01-18 08:07 431984 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll
- 2011-09-18 07:13 . 2011-09-18 07:13 431984 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll
- 2011-09-18 07:13 . 2011-09-18 07:13 511344 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2012-01-18 08:07 . 2012-01-18 08:07 511344 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-09-18 07:13 . 2011-09-18 07:13 826208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-01-18 08:07 . 2012-01-18 08:07 826208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-01-18 08:07 . 2012-01-18 08:07 321912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
- 2011-09-18 07:13 . 2011-09-18 07:13 321912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2012-01-18 08:07 . 2012-01-18 08:07 137568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll
- 2011-09-18 07:13 . 2011-09-18 07:13 137568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2012-01-18 08:07 . 2012-01-18 08:07 132464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
- 2011-09-18 07:13 . 2011-09-18 07:13 132464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2012-01-18 08:07 . 2012-01-18 08:07 237928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
- 2011-09-18 07:13 . 2011-09-18 07:13 237928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-01-18 08:07 . 2012-01-18 08:07 326000 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
- 2011-09-18 07:13 . 2011-09-18 07:13 326000 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2011-09-18 07:13 . 2011-09-18 07:13 175992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll
+ 2012-01-18 08:07 . 2012-01-18 08:07 175992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-01-18 08:07 . 2012-01-18 08:07 683368 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll
- 2011-09-18 07:13 . 2011-09-18 07:13 683368 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll
- 2011-09-18 07:13 . 2011-09-18 07:13 178040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2012-01-18 08:07 . 2012-01-18 08:07 178040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-01-18 08:07 . 2012-01-18 08:07 810352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
- 2011-09-18 07:13 . 2011-09-18 07:13 810352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-01-18 08:07 . 2012-01-18 08:07 587624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks\v4.0_4.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
- 2011-09-18 07:13 . 2011-09-18 07:13 587624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks\v4.0_4.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2011-09-18 07:13 . 2011-09-18 07:13 220024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll
+ 2012-01-18 08:06 . 2012-01-18 08:06 220024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll
- 2011-09-18 07:13 . 2011-09-18 07:13 107376 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-01-18 08:06 . 2012-01-18 08:06 107376 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-09-18 07:13 . 2011-09-18 07:13 714600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-01-18 08:06 . 2012-01-18 08:06 714600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-01-18 08:07 . 2012-01-18 08:07 498520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-09-18 07:13 . 2011-09-18 07:13 498520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-01-18 08:07 . 2012-01-18 08:07 512368 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2011-09-18 07:13 . 2011-09-18 07:13 512368 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-01-18 08:03 . 2012-01-18 08:03 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-10-13 07:03 . 2011-10-13 07:03 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-01-18 08:03 . 2012-01-18 08:03 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-10-13 07:03 . 2011-10-13 07:03 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-01-18 08:03 . 2012-01-18 08:03 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-10-13 07:03 . 2011-10-13 07:03 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-01-18 08:03 . 2012-01-18 08:03 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-01-18 08:06 . 2012-01-18 08:06 495984 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2011-09-18 07:13 . 2011-09-18 07:13 495984 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-01-18 02:06 . 2012-01-18 02:06 672768 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Xna.Framework\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.dll
+ 2012-01-18 02:06 . 2012-01-18 02:06 427008 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Xna.Framework.Graphics\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.Graphics.dll
+ 2012-01-18 08:03 . 2012-01-18 08:03 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2011-10-13 07:03 . 2011-10-13 07:03 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2011-02-07 01:00 . 2011-12-18 08:02 415584 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\pubs.exe
+ 2011-02-07 01:00 . 2012-01-18 08:09 415584 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\pubs.exe
- 2011-02-07 01:00 . 2011-12-18 08:02 303456 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\outicon.exe
+ 2011-02-07 01:00 . 2012-01-18 08:09 303456 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\outicon.exe
+ 2011-02-07 01:00 . 2012-01-18 08:09 571232 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\misc.exe
- 2011-02-07 01:00 . 2011-12-18 08:02 571232 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\misc.exe
- 2011-02-07 01:00 . 2011-12-18 08:02 326496 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\joticon.exe
+ 2011-02-07 01:00 . 2012-01-18 08:09 326496 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\joticon.exe
+ 2011-02-07 01:00 . 2012-01-18 08:09 469856 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\inficon.exe
- 2011-02-07 01:00 . 2011-12-18 08:02 469856 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\inficon.exe
- 2011-02-07 01:00 . 2011-12-18 08:02 178528 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\grvicons.exe
+ 2011-02-07 01:00 . 2012-01-18 08:09 178528 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\grvicons.exe
- 2009-07-14 00:22 . 2009-07-14 01:41 465920 c:\windows\ehome\mstvcapn.dll
+ 2012-01-10 23:59 . 2011-10-29 05:24 465920 c:\windows\ehome\mstvcapn.dll
+ 2012-01-18 22:17 . 2012-01-18 22:17 995328 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\0ad859c1fc5b199e5c5836382d194c7e\System.Runtime.Remoting.ni.dll
+ 2012-01-18 22:17 . 2012-01-18 22:17 661504 c:\windows\assembly\NativeImages_v4.0.30319_64\ComSvcConfig\9a7e89481854d6bf430641efb7a64613\ComSvcConfig.ni.exe
+ 2012-01-18 22:15 . 2012-01-18 22:15 865280 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\c4688bf6b864e76fbd936a7fdd5f0748\System.Web.Extensions.Design.ni.dll
+ 2012-01-18 22:15 . 2012-01-18 22:15 335360 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\8614eb36d94b640ab78ca4b7165f08f8\System.Web.Entity.ni.dll
+ 2012-01-18 22:15 . 2012-01-18 22:15 297984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\8e2860651899e90f4de23486fbd5be87\System.Web.Entity.Design.ni.dll
+ 2012-01-18 22:15 . 2012-01-18 22:15 712192 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\8fedbb375a0bbbfd414f36dd67ef5b51\System.Web.DynamicData.ni.dll
+ 2012-01-18 22:15 . 2012-01-18 22:15 260608 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\17f371e10888ff6fdee8274a11f2605a\System.Web.DataVisualization.Design.ni.dll
+ 2012-01-18 22:15 . 2012-01-18 22:15 432640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b998d241c567915a2069d0c790dd6c53\System.ServiceModel.Activation.ni.dll
+ 2012-01-18 22:15 . 2012-01-18 22:15 771584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\59e895b8e5b2b4743fcc6236daab7c5e\System.Runtime.Remoting.ni.dll
+ 2012-01-18 22:15 . 2012-01-18 22:15 508928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\8feecdcd543403861ae71d1c7c37a67b\System.Data.Services.Design.ni.dll
+ 2012-01-18 22:14 . 2012-01-18 22:14 475136 c:\windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\a7926d017c525fb94a75bc1a635be8e7\ComSvcConfig.ni.exe
+ 2012-01-18 22:14 . 2012-01-18 22:14 852480 c:\windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\a7dd4c02cacad59b65102fcce1011c85\AspNetMMCExt.ni.dll
+ 2009-07-14 04:54 . 2012-01-19 02:07 5554176 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-17 23:35 5554176 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:45 . 2012-01-18 17:47 3837335 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-01-14 21:44 3837335 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-02-06 07:09 . 2012-01-19 02:06 4706968 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1287804269-1291962856-3967002781-1000-12288.dat
- 2011-02-06 07:09 . 2012-01-11 04:46 4706968 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1287804269-1291962856-3967002781-1000-12288.dat
+ 2011-12-26 08:54 . 2011-12-26 08:54 1863464 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Extensions.dll
+ 2011-12-26 10:18 . 2011-12-26 10:18 5200656 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.dll
+ 2011-12-26 08:54 . 2011-12-26 08:54 1863464 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Extensions.dll
+ 2011-12-26 08:54 . 2011-12-26 08:54 5230864 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-09-18 07:13 . 2011-09-18 07:13 1587064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2012-01-18 08:07 . 2012-01-18 08:07 1587064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
- 2011-09-18 07:13 . 2011-09-18 07:13 1070960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2012-01-18 08:07 . 2012-01-18 08:07 1070960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-01-18 08:07 . 2012-01-18 08:07 1863464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2011-09-18 07:13 . 2011-09-18 07:13 1749880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.dll
+ 2012-01-18 08:07 . 2012-01-18 08:07 1749880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-01-18 08:07 . 2012-01-18 08:07 5097816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-09-18 07:13 . 2011-09-18 07:13 5097816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2011-09-18 07:13 . 2011-09-18 07:13 1327968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll
+ 2012-01-18 08:06 . 2012-01-18 08:06 1327968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll
+ 2012-01-18 08:06 . 2012-01-18 08:06 1069936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll
- 2011-09-18 07:13 . 2011-09-18 07:13 1069936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll
+ 2012-01-18 08:07 . 2012-01-18 08:07 5200656 c:\windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-01-18 08:04 . 2012-01-18 08:04 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-01-18 08:06 . 2012-01-18 08:06 5230864 c:\windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2011-10-13 07:03 . 2011-10-13 07:03 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-01-18 08:03 . 2012-01-18 08:03 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-10-13 07:04 . 2011-10-13 07:04 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-01-18 08:03 . 2012-01-18 08:03 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-01-18 08:03 . 2012-01-18 08:03 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-10-13 07:03 . 2011-10-13 07:03 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-10-13 07:03 . 2011-10-13 07:03 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-01-18 08:03 . 2012-01-18 08:03 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-12-28 05:10 . 2011-12-28 05:10 7054336 c:\windows\Installer\3a5b9e.msi
+ 2011-12-12 21:15 . 2011-12-12 21:15 3446784 c:\windows\Installer\17f1862.msp
+ 2011-12-26 11:24 . 2011-12-26 11:24 8835072 c:\windows\Installer\17f183f.msp
- 2011-02-07 01:00 . 2011-12-18 08:02 1479520 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\xlicons.exe
+ 2011-02-07 01:00 . 2012-01-18 08:09 1479520 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\xlicons.exe
+ 2011-02-07 01:00 . 2012-01-18 08:09 1858400 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\wordicon.exe
- 2011-02-07 01:00 . 2011-12-18 08:02 1858400 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\wordicon.exe
+ 2011-02-07 01:00 . 2012-01-18 08:09 3792736 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\pptico.exe
- 2011-02-07 01:00 . 2011-12-18 08:02 3792736 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\pptico.exe
- 2011-02-07 01:00 . 2011-12-18 08:02 1449312 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\accicons.exe
+ 2011-02-07 01:00 . 2012-01-18 08:09 1449312 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\accicons.exe
+ 2012-01-18 22:18 . 2012-01-18 22:18 2287104 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\43728abc794e8a2f8b9178d83299f691\System.Web.Services.ni.dll
+ 2012-01-18 22:17 . 2012-01-18 22:17 1829888 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\61b5e642d21b7e31457885975af7ce11\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-01-18 22:17 . 2012-01-18 22:17 1007104 c:\windows\assembly\NativeImages_v4.0.30319_64\AspNetMMCExt\ee0a231813aefbf7b7eb6d8eec56a4e4\AspNetMMCExt.ni.dll
+ 2012-01-18 22:16 . 2012-01-18 22:16 1223168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\c62d9d8bb2b22f8eaf9d8cbbf6123e47\System.WorkflowServices.ni.dll
+ 2012-01-18 22:16 . 2012-01-18 22:16 1971712 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Run#\e8804a70f32e7804d259792e7d27b5b8\System.Workflow.Runtime.ni.dll
+ 2012-01-18 22:16 . 2012-01-18 22:16 2871808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\a0ba653e91dcb6fbbfb94e37e18ed736\System.Workflow.Activities.ni.dll
+ 2012-01-18 22:15 . 2012-01-18 22:15 1925632 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\53f1ed558eef032f8678a10b623db2c6\System.Web.Services.ni.dll
+ 2012-01-18 22:15 . 2012-01-18 22:15 2334208 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\f2f7d93088dc2d346d680763d464c03f\System.Web.Mobile.ni.dll
+ 2012-01-18 22:15 . 2012-01-18 22:15 3126784 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\3e852413b89a1ca83b501dde1c951200\System.Web.Extensions.ni.dll
+ 2012-01-18 22:15 . 2012-01-18 22:15 4535808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\a439f6190b9ad82d9345292736777c85\System.Web.DataVisualization.ni.dll
+ 2012-01-18 22:15 . 2012-01-18 22:15 1086464 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d40d01d24635877797a3c389510d9c3a\System.ServiceModel.Web.ni.dll
+ 2012-01-18 22:15 . 2012-01-18 22:15 2026496 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Services\66ebacc95030b565991917af67cbd885\System.Data.Services.ni.dll
+ 2012-01-18 22:15 . 2012-01-18 22:15 1424384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity.#\3713bc9e571e75a2f26a3b082b3f2609\System.Data.Entity.Design.ni.dll
+ 2012-01-18 22:14 . 2012-01-18 22:14 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\8c2ab599a8499bf042f4a256355ff223\Microsoft.VisualBasic.Compatibility.ni.dll
- 2009-07-14 02:34 . 2012-01-15 08:32 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-01-18 17:59 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-01-18 22:18 . 2012-01-18 22:18 15761920 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web\e24ac22d02e4d2ac32f82bfd7af4456b\System.Web.ni.dll
+ 2012-01-18 22:15 . 2012-01-18 22:15 12079104 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\609d3c4cb0dc1b42589609f55f8a9398\System.Web.ni.dll
+ 2012-01-18 08:08 . 2012-01-18 08:08 10999296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\87a1b6f2a75241de15fad9381ea6e706\System.Design.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-03 1242448]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-02-11 396152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2010-09-21 439536]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Bitcoin.lnk - c:\program files (x86)\Bitcoin\bitcoin.exe [2011-4-27 7490048]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamersFirst LIVE!.lnk - c:\program files (x86)\GamersFirst\LIVE!\Live.exe [2011-8-15 2589808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\Owner\AppData\Local\Temp\00573BA.tmp [x]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2010-12-02 218432]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-10-08 163056]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2010-06-04 97520]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2010-10-08 1541360]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys [x]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-28 16334880]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c96io2xl.default\
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Owner\AppData\Local\Temp\00573BA.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1287804269-1291962856-3967002781-1000\Software\SecuROM\License information*]
"datasecu"=hex:c7,0d,c4,01,df,8a,e8,7f,be,6b,6a,3f,b5,a8,d8,9b,a9,82,90,13,57,
c8,cb,96,6a,49,48,f9,c5,a9,a1,6b,7f,9c,b4,db,2b,87,4a,38,43,21,ea,d4,a0,14,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Sophos\AutoUpdate\ALsvc.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\windows\SysWOW64\schtasks.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Pando Networks\Media Booster\PMB.exe
.
**************************************************************************
.
Completion time: 2012-01-18 22:15:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-19 03:15
ComboFix2.txt 2012-01-18 01:12
ComboFix3.txt 2012-01-17 23:45
ComboFix4.txt 2010-09-25 04:50
ComboFix5.txt 2012-01-19 02:53
.
Pre-Run: 29,116,112,896 bytes free
Post-Run: 29,189,459,968 bytes free
.
- - End Of File - - FDD421A0CBBC354592E87F4FA8170AB0

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:35 AM

Posted 18 January 2012 - 10:26 PM

Hello

I would ike to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 shazbot24

shazbot24
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 18 January 2012 - 10:51 PM

AaAaAA!!! - A Reckless Disregard for Gravity
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader X (10.0.1)
Adobe Setup
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Amnesia: The Dark Descent
APB Reloaded
Apple Application Support
Apple Software Update
ASIO4ALL
Assassin's Creed Brotherhood
Audacity 1.3.12 (Unicode)
Audiosurf
Back to the Future: Ep 2 - Get Tannen!
Back to the Future: Ep 3 - Citizen Brown
Back to the Future: Ep 4 - Double Visions
Back to the Future: Ep 5 - OUTATIME
Back to the Future: Episode 1
Battlefield: Bad Company 2
Beyond Good & Evil
BioShock
Bitcoin
Black Prophecy
Blender (remove only)
Blender NIF Scripts (remove only)
Borderlands
CDBurnerXP
Counter-Strike: Source
Crysis
Crysis 2 Demo
D3DX10
DAEMON Tools Lite
Dark Messiah Might and Magic Multi-Player
Dark Messiah Might and Magic Single Player
DDS Converter 2.1
DOOM 3
DOOM 3: Resurrection of Evil
E.Y.E: Divine Cybermancy
Extreme Graphics for GTA4 1.01
Fallout 3
Fallout 3 - The Garden of Eden Creation Kit
Fallout Mod Manager 0.13.21
Fallout: New Vegas
FL Studio 10
Fraps (remove only)
GamersFirst LIVE!
Garry's Mod
GIMP 2.6.11
Google SketchUp 8
Grand Theft Auto IV
Grand Theft Auto: San Andreas
Haali Media Splitter
IL Download Manager
ImgBurn
Java Auto Updater
Java™ 6 Update 23
Just Cause 2
K-Lite Codec Pack 5.6.1 (Full)
Killing Floor
Left 4 Dead 2
Lego Indiana Jones 2
Magicka - Demo
Malwarebytes Anti-Malware version 1.60.0.1800
Marvell Miniport Driver
Mass Effect
Mass Effect 2
Matroska Pack
Microsoft .NET Framework 1.1
Microsoft AppLocale
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Monday Night Combat
Morrowind
Morrowind AnimKit 2.1 (remove only)
Morrowind mod manager 0.8.4
MotoHelper 2.0.40 Driver 4.8.0
MotoHelper MergeModules
Mozilla Firefox 10.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nation Red
Need for Speed: Hot Pursuit
Neverwinter Nights 2: Platinum
NifSkope (remove only)
NVIDIA PhysX
Oblivion
Oblivion - Knights of the Nine
Oblivion mod manager 1.1.12
Pando Media Booster
Poker Night at the Inventory
Project64 1.6
PunkBuster Services
PyFFI 2.1.8
Python 2.6.6
Python 2.7.1
QuickTime
Resident Evil 5
RGSS-RTP Standard
RPGXP
RPG∏∞2003 ◊≤flπ∞fi
Section 8: Prejudice
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Sophos Anti-Virus
Sophos AutoUpdate
Speccy
Star Wars - Battlefront II
Steam
Team Fortress 2
Terraria
TES Construction Set
The Elder Scrolls V: Skyrim
The Lord of the Rings Online? v03.02.05.8032
Tom Clancy's Splinter Cell: Conviction
Ubisoft Game Launcher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
VLC media player 1.1.7
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:35 AM

Posted 18 January 2012 - 10:55 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Java 6 Update 23

and click on remove



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:35 AM

Posted 21 January 2012 - 02:23 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:35 AM

Posted 23 January 2012 - 11:21 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users