Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Issues after Virus Removal - almost %100 CPU usage


  • This topic is locked This topic is locked
16 replies to this topic

#1 gnikk

gnikk

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 25 January 2012 - 01:41 PM

I originally posted under 'Am I infected? What do I do?', and after some assistance, was asked to create a new topic here. http://www.bleepingcomputer.com/forums/topic439491.html/page__pid__2570044#entry2570044

My desktop computer started running really slow a few weeks ago. IE won't open, and other programs run REALLY slow. I looked at Windows Task Manager and the CPU usage is above 90%. I was able to figure out if the Plug and Play service is not running, then things speed up (of course there are a lot of things that won't work without Plug and Play). I've run Malwarebytes and it comes back clean. Any help is much appreciated.

DDS Log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.2.0
Run by The Kings at 21:16:54 on 2012-01-24
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1692 [GMT -6:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [RunNarrator] Narrator.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - hxxp://coupons.smartsource.com/download/cscmv5X.cab
DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} - hxxp://usfulfillment.puretracks.com/onager.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1235658840546
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.adoramapix.com/components/aurigma/ImageUploader4.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{23514706-BF8C-4D8A-8382-4B8EEE118930} : DhcpNameServer = 192.168.1.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli bakefilu.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\the kings\application data\mozilla\firefox\profiles\ag0s3sra.default\
FF - plugin: c:\documents and settings\the kings\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\the kings\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
S0 vtcgtrh;vtcgtrh;c:\windows\system32\drivers\pergtw.sys --> c:\windows\system32\drivers\pergtw.sys [?]
S1 SABKUTIL;SABKUTIL;\??\j:\sabkutil.sys --> j:\SABKUTIL.sys [?]
S2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-3-17 65536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\drivers\coh_mon.sys --> c:\windows\system32\drivers\COH_Mon.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-10-13 583640]
S4 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-2-28 1251720]
.
=============== Created Last 30 ================
.
2012-01-24 18:33:47 -------- d-----w- c:\program files\HRBlock2011
2012-01-24 03:20:45 -------- d-----w- c:\documents and settings\the kings\local settings\application data\Sun
2012-01-24 03:06:14 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-01-24 03:06:14 141312 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-22 19:59:58 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2012-01-22 19:38:57 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2012-01-22 19:37:57 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys
2012-01-22 19:36:58 216064 ----a-w- c:\windows\system32\dllcache\um34scan.dll
2012-01-22 19:35:57 17129 ----a-w- c:\windows\system32\dllcache\tdkcd31.sys
2012-01-22 19:34:58 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2012-01-22 19:33:57 38912 ----a-w- c:\windows\system32\dllcache\sm9aw.dll
2012-01-22 19:32:58 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys
2012-01-22 19:31:57 65664 ----a-w- c:\windows\system32\dllcache\s3legacy.sys
2012-01-22 19:30:59 128286 ----a-w- c:\windows\system32\dllcache\ptserli.sys
2012-01-22 19:29:59 29502 ----a-w- c:\windows\system32\dllcache\pca200e.sys
2012-01-22 19:28:57 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys
2012-01-22 19:27:59 19968 ----a-w- c:\windows\system32\dllcache\mxicfg.dll
2012-01-22 19:26:59 65536 ----a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll
2012-01-22 19:25:59 5632 ----a-w- c:\windows\system32\dllcache\kbd103.dll
2012-01-22 19:24:59 100936 ----a-w- c:\windows\system32\dllcache\ibmtok.sys
2012-01-22 19:23:58 93696 ----a-w- c:\windows\system32\dllcache\hpgt42.dll
2012-01-22 19:22:57 43520 ----a-w- c:\windows\system32\dllcache\EXCH_fcachdll.dll
2012-01-22 19:21:59 66591 ----a-w- c:\windows\system32\dllcache\el90xbc5.sys
2012-01-22 19:20:59 117760 ----a-w- c:\windows\system32\dllcache\d100ib5.sys
2012-01-22 19:19:56 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
2012-01-22 19:18:55 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
.
==================== Find3M ====================
.
2012-01-24 03:05:59 567184 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-10 21:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 21:18:03.82 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:18 AM

Posted 28 January 2012 - 02:53 PM

Hi,

Please do the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT



Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 gnikk

gnikk
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 31 January 2012 - 11:59 PM

TDSSKiller - no threats:

22:20:44.0828 2516 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
22:20:46.0875 2516 ============================================================
22:20:46.0875 2516 Current date / time: 2012/01/31 22:20:46.0875
22:20:46.0875 2516 SystemInfo:
22:20:46.0875 2516
22:20:46.0875 2516 OS Version: 5.1.2600 ServicePack: 3.0
22:20:46.0875 2516 Product type: Workstation
22:20:46.0875 2516 ComputerName: KING
22:20:46.0875 2516 UserName: The Kings
22:20:46.0875 2516 Windows directory: C:\WINDOWS
22:20:46.0875 2516 System windows directory: C:\WINDOWS
22:20:46.0875 2516 Processor architecture: Intel x86
22:20:46.0875 2516 Number of processors: 2
22:20:46.0875 2516 Page size: 0x1000
22:20:46.0875 2516 Boot type: Normal boot
22:20:46.0875 2516 ============================================================
22:20:54.0718 2516 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:20:55.0296 2516 Initialize success
22:22:06.0250 2784 ============================================================
22:22:06.0265 2784 Scan started
22:22:06.0265 2784 Mode: Manual;
22:22:06.0265 2784 ============================================================
22:22:06.0593 2784 Abiosdsk - ok
22:22:06.0687 2784 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
22:22:06.0703 2784 abp480n5 - ok
22:22:06.0828 2784 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:22:06.0828 2784 ACPI - ok
22:22:06.0875 2784 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:22:06.0875 2784 ACPIEC - ok
22:22:07.0000 2784 ADIHdAudAddService (62afc64108bbdb8d3ca32aad559e5af1) C:\WINDOWS\system32\drivers\ADIHdAud.sys
22:22:07.0015 2784 ADIHdAudAddService - ok
22:22:07.0109 2784 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
22:22:07.0125 2784 adpu160m - ok
22:22:07.0234 2784 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:22:07.0234 2784 aec - ok
22:22:07.0328 2784 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
22:22:07.0328 2784 AegisP - ok
22:22:07.0390 2784 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
22:22:07.0406 2784 AFD - ok
22:22:07.0453 2784 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
22:22:07.0468 2784 agp440 - ok
22:22:07.0484 2784 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
22:22:07.0484 2784 agpCPQ - ok
22:22:07.0546 2784 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
22:22:07.0578 2784 Aha154x - ok
22:22:07.0671 2784 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
22:22:07.0671 2784 aic78u2 - ok
22:22:07.0734 2784 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
22:22:07.0750 2784 aic78xx - ok
22:22:08.0031 2784 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
22:22:08.0031 2784 AliIde - ok
22:22:08.0109 2784 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
22:22:08.0109 2784 alim1541 - ok
22:22:08.0187 2784 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
22:22:08.0203 2784 amdagp - ok
22:22:08.0234 2784 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
22:22:08.0234 2784 amsint - ok
22:22:08.0421 2784 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
22:22:08.0421 2784 asc - ok
22:22:08.0546 2784 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22:22:08.0562 2784 asc3350p - ok
22:22:08.0765 2784 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
22:22:08.0765 2784 asc3550 - ok
22:22:09.0187 2784 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:22:09.0203 2784 AsyncMac - ok
22:22:09.0296 2784 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:22:09.0296 2784 atapi - ok
22:22:09.0343 2784 Atdisk - ok
22:22:09.0453 2784 ati2mtag (f5fc6ac1e7bc776871361d463fc86be2) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:22:09.0500 2784 ati2mtag - ok
22:22:09.0578 2784 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:22:09.0609 2784 Atmarpc - ok
22:22:09.0718 2784 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:22:09.0718 2784 audstub - ok
22:22:09.0812 2784 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
22:22:09.0812 2784 b57w2k - ok
22:22:09.0937 2784 BASFND (3d87b0484be1093c6614062701f375c5) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
22:22:09.0937 2784 BASFND - ok
22:22:10.0109 2784 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:22:10.0109 2784 Beep - ok
22:22:10.0328 2784 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
22:22:10.0343 2784 cbidf - ok
22:22:10.0453 2784 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:22:10.0468 2784 cbidf2k - ok
22:22:10.0656 2784 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:22:10.0656 2784 CCDECODE - ok
22:22:10.0750 2784 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
22:22:10.0765 2784 cd20xrnt - ok
22:22:10.0812 2784 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:22:10.0812 2784 Cdaudio - ok
22:22:10.0875 2784 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:22:10.0890 2784 Cdfs - ok
22:22:10.0953 2784 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:22:10.0968 2784 Cdrom - ok
22:22:10.0968 2784 Changer - ok
22:22:11.0296 2784 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
22:22:11.0296 2784 CmdIde - ok
22:22:11.0437 2784 COH_Mon - ok
22:22:11.0718 2784 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
22:22:11.0718 2784 Cpqarray - ok
22:22:11.0796 2784 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
22:22:11.0796 2784 dac2w2k - ok
22:22:11.0859 2784 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
22:22:11.0859 2784 dac960nt - ok
22:22:12.0140 2784 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:22:12.0140 2784 Disk - ok
22:22:12.0218 2784 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
22:22:12.0234 2784 DLABOIOM - ok
22:22:12.0250 2784 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
22:22:12.0250 2784 DLACDBHM - ok
22:22:12.0296 2784 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
22:22:12.0296 2784 DLADResN - ok
22:22:12.0406 2784 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
22:22:12.0421 2784 DLAIFS_M - ok
22:22:12.0562 2784 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
22:22:12.0562 2784 DLAOPIOM - ok
22:22:12.0625 2784 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
22:22:12.0625 2784 DLAPoolM - ok
22:22:12.0671 2784 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
22:22:12.0671 2784 DLARTL_N - ok
22:22:12.0796 2784 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
22:22:12.0812 2784 DLAUDFAM - ok
22:22:12.0921 2784 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
22:22:12.0921 2784 DLAUDF_M - ok
22:22:13.0109 2784 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:22:13.0156 2784 dmboot - ok
22:22:13.0234 2784 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:22:13.0234 2784 dmio - ok
22:22:13.0328 2784 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:22:13.0328 2784 dmload - ok
22:22:13.0421 2784 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:22:13.0421 2784 DMusic - ok
22:22:13.0671 2784 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
22:22:13.0671 2784 dpti2o - ok
22:22:13.0750 2784 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:22:13.0750 2784 drmkaud - ok
22:22:13.0859 2784 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
22:22:13.0890 2784 DRVMCDB - ok
22:22:14.0046 2784 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
22:22:14.0062 2784 DRVNDDM - ok
22:22:14.0234 2784 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
22:22:14.0234 2784 DSproct - ok
22:22:14.0421 2784 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:22:14.0437 2784 E100B - ok
22:22:14.0578 2784 EraserUtilRebootDrv - ok
22:22:14.0781 2784 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:22:14.0781 2784 Fastfat - ok
22:22:14.0890 2784 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:22:14.0906 2784 Fdc - ok
22:22:15.0015 2784 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:22:15.0015 2784 Fips - ok
22:22:15.0109 2784 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:22:15.0125 2784 Flpydisk - ok
22:22:15.0250 2784 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:22:15.0265 2784 FltMgr - ok
22:22:15.0375 2784 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:22:15.0390 2784 Fs_Rec - ok
22:22:15.0531 2784 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:22:15.0546 2784 Ftdisk - ok
22:22:15.0625 2784 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
22:22:15.0625 2784 GEARAspiWDM - ok
22:22:15.0687 2784 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:22:15.0687 2784 Gpc - ok
22:22:15.0750 2784 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
22:22:15.0750 2784 hamachi - ok
22:22:15.0843 2784 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:22:15.0843 2784 HDAudBus - ok
22:22:15.0984 2784 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:22:15.0984 2784 HidUsb - ok
22:22:16.0140 2784 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
22:22:16.0140 2784 hpn - ok
22:22:16.0250 2784 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
22:22:16.0296 2784 HPZid412 - ok
22:22:16.0390 2784 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
22:22:16.0406 2784 HPZipr12 - ok
22:22:16.0453 2784 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
22:22:16.0453 2784 HPZius12 - ok
22:22:16.0515 2784 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:22:16.0515 2784 HTTP - ok
22:22:16.0609 2784 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
22:22:16.0609 2784 i2omgmt - ok
22:22:16.0671 2784 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
22:22:16.0671 2784 i2omp - ok
22:22:16.0687 2784 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:22:16.0687 2784 i8042prt - ok
22:22:16.0734 2784 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:22:16.0734 2784 Imapi - ok
22:22:16.0843 2784 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
22:22:16.0843 2784 ini910u - ok
22:22:16.0921 2784 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:22:16.0937 2784 IntelIde - ok
22:22:16.0984 2784 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:22:17.0000 2784 intelppm - ok
22:22:17.0046 2784 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:22:17.0046 2784 Ip6Fw - ok
22:22:17.0093 2784 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:22:17.0109 2784 IpFilterDriver - ok
22:22:17.0187 2784 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:22:17.0187 2784 IpInIp - ok
22:22:17.0296 2784 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:22:17.0296 2784 IpNat - ok
22:22:17.0484 2784 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:22:17.0484 2784 IPSec - ok
22:22:17.0531 2784 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:22:17.0546 2784 IRENUM - ok
22:22:17.0640 2784 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:22:17.0640 2784 isapnp - ok
22:22:17.0656 2784 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:22:17.0656 2784 Kbdclass - ok
22:22:17.0687 2784 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:22:17.0703 2784 kbdhid - ok
22:22:17.0828 2784 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:22:17.0828 2784 kmixer - ok
22:22:17.0953 2784 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:22:17.0953 2784 KSecDD - ok
22:22:18.0171 2784 lbrtfdc - ok
22:22:18.0484 2784 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:22:18.0500 2784 mnmdd - ok
22:22:18.0578 2784 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:22:18.0593 2784 Modem - ok
22:22:18.0671 2784 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:22:18.0671 2784 Mouclass - ok
22:22:18.0718 2784 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:22:18.0734 2784 mouhid - ok
22:22:18.0781 2784 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:22:18.0781 2784 MountMgr - ok
22:22:18.0812 2784 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
22:22:18.0812 2784 mraid35x - ok
22:22:18.0906 2784 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:22:18.0906 2784 MRxDAV - ok
22:22:19.0000 2784 MRxSmb (421f7b922cec5a5f340e7574a98f7b7c) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:22:19.0046 2784 MRxSmb - ok
22:22:19.0250 2784 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:22:19.0250 2784 Msfs - ok
22:22:19.0359 2784 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:22:19.0359 2784 MSKSSRV - ok
22:22:19.0531 2784 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:22:19.0562 2784 MSPCLOCK - ok
22:22:19.0640 2784 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:22:19.0640 2784 MSPQM - ok
22:22:19.0718 2784 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:22:19.0718 2784 mssmbios - ok
22:22:19.0765 2784 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:22:19.0765 2784 MSTEE - ok
22:22:19.0843 2784 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
22:22:19.0859 2784 Mup - ok
22:22:19.0937 2784 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:22:19.0937 2784 NABTSFEC - ok
22:22:20.0093 2784 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:22:20.0093 2784 NDIS - ok
22:22:20.0187 2784 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:22:20.0187 2784 NdisIP - ok
22:22:20.0250 2784 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:22:20.0250 2784 NdisTapi - ok
22:22:20.0390 2784 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:22:20.0390 2784 Ndisuio - ok
22:22:20.0437 2784 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:22:20.0453 2784 NdisWan - ok
22:22:20.0453 2784 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
22:22:20.0468 2784 NDProxy - ok
22:22:20.0609 2784 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:22:20.0625 2784 NetBIOS - ok
22:22:20.0796 2784 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:22:20.0812 2784 NetBT - ok
22:22:21.0093 2784 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:22:21.0109 2784 Npfs - ok
22:22:21.0203 2784 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:22:21.0218 2784 Ntfs - ok
22:22:21.0484 2784 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:22:21.0484 2784 Null - ok
22:22:21.0765 2784 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:22:21.0828 2784 nv - ok
22:22:21.0890 2784 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:22:21.0890 2784 NwlnkFlt - ok
22:22:21.0937 2784 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:22:21.0937 2784 NwlnkFwd - ok
22:22:22.0015 2784 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:22:22.0015 2784 Parport - ok
22:22:22.0093 2784 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:22:22.0093 2784 PartMgr - ok
22:22:22.0187 2784 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:22:22.0187 2784 ParVdm - ok
22:22:22.0265 2784 PCANDIS5 (58c5ea3de400fe1d08cfeca6d5c14ebd) C:\WINDOWS\system32\PCANDIS5.SYS
22:22:22.0328 2784 PCANDIS5 - ok
22:22:22.0515 2784 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:22:22.0546 2784 PCI - ok
22:22:22.0593 2784 PCIDump - ok
22:22:22.0671 2784 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:22:22.0671 2784 PCIIde - ok
22:22:22.0750 2784 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:22:22.0781 2784 Pcmcia - ok
22:22:22.0937 2784 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
22:22:22.0937 2784 pcouffin - ok
22:22:23.0015 2784 PDCOMP - ok
22:22:23.0015 2784 PDFRAME - ok
22:22:23.0031 2784 PDRELI - ok
22:22:23.0078 2784 PDRFRAME - ok
22:22:23.0187 2784 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
22:22:23.0187 2784 perc2 - ok
22:22:23.0250 2784 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
22:22:23.0250 2784 perc2hib - ok
22:22:23.0687 2784 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:22:23.0687 2784 PptpMiniport - ok
22:22:23.0718 2784 PROCEXP151 - ok
22:22:23.0765 2784 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:22:23.0781 2784 PSched - ok
22:22:23.0921 2784 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:22:23.0937 2784 Ptilink - ok
22:22:24.0000 2784 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:22:24.0000 2784 PxHelp20 - ok
22:22:24.0046 2784 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
22:22:24.0062 2784 ql1080 - ok
22:22:24.0109 2784 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
22:22:24.0125 2784 Ql10wnt - ok
22:22:24.0203 2784 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
22:22:24.0218 2784 ql12160 - ok
22:22:24.0421 2784 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
22:22:24.0421 2784 ql1240 - ok
22:22:24.0531 2784 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
22:22:24.0546 2784 ql1280 - ok
22:22:24.0625 2784 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:22:24.0625 2784 RasAcd - ok
22:22:24.0703 2784 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:22:24.0703 2784 Rasl2tp - ok
22:22:24.0734 2784 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:22:24.0734 2784 RasPppoe - ok
22:22:24.0828 2784 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:22:24.0843 2784 Raspti - ok
22:22:24.0968 2784 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:22:24.0984 2784 Rdbss - ok
22:22:25.0078 2784 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:22:25.0078 2784 RDPCDD - ok
22:22:25.0296 2784 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:22:25.0312 2784 rdpdr - ok
22:22:25.0390 2784 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
22:22:25.0406 2784 RDPWD - ok
22:22:25.0515 2784 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:22:25.0531 2784 redbook - ok
22:22:25.0859 2784 RT61 (ef64988c8e699e2481d1fd45bf472ef0) C:\WINDOWS\system32\DRIVERS\RT61.sys
22:22:25.0875 2784 RT61 - ok
22:22:25.0906 2784 SABKUTIL - ok
22:22:26.0078 2784 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:22:26.0078 2784 SASDIFSV - ok
22:22:26.0093 2784 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:22:26.0109 2784 SASKUTIL - ok
22:22:26.0390 2784 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:22:26.0406 2784 Secdrv - ok
22:22:26.0531 2784 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
22:22:26.0546 2784 SenFiltService - ok
22:22:26.0640 2784 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:22:26.0640 2784 serenum - ok
22:22:26.0671 2784 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:22:26.0671 2784 Serial - ok
22:22:27.0156 2784 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:22:27.0171 2784 Sfloppy - ok
22:22:27.0250 2784 Simbad - ok
22:22:27.0359 2784 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
22:22:27.0390 2784 sisagp - ok
22:22:27.0468 2784 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:22:27.0468 2784 SLIP - ok
22:22:27.0578 2784 sonypvs1 (dfadfc2c86662f40759bf02add27d569) C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
22:22:27.0578 2784 sonypvs1 - ok
22:22:27.0687 2784 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
22:22:27.0703 2784 Sparrow - ok
22:22:27.0781 2784 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:22:27.0781 2784 splitter - ok
22:22:27.0843 2784 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:22:27.0875 2784 sr - ok
22:22:28.0156 2784 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:22:28.0171 2784 streamip - ok
22:22:28.0281 2784 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:22:28.0281 2784 swenum - ok
22:22:28.0328 2784 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:22:28.0328 2784 swmidi - ok
22:22:28.0546 2784 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
22:22:28.0562 2784 symc810 - ok
22:22:28.0593 2784 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
22:22:28.0593 2784 symc8xx - ok
22:22:28.0687 2784 SymIM - ok
22:22:28.0843 2784 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
22:22:28.0843 2784 symlcbrd - ok
22:22:28.0890 2784 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
22:22:28.0890 2784 sym_hi - ok
22:22:28.0937 2784 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
22:22:28.0953 2784 sym_u3 - ok
22:22:29.0062 2784 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:22:29.0062 2784 sysaudio - ok
22:22:29.0156 2784 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:22:29.0156 2784 Tcpip - ok
22:22:29.0218 2784 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:22:29.0234 2784 TDPIPE - ok
22:22:29.0390 2784 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:22:29.0390 2784 TDTCP - ok
22:22:29.0531 2784 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:22:29.0562 2784 TermDD - ok
22:22:29.0718 2784 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
22:22:29.0718 2784 TosIde - ok
22:22:29.0906 2784 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:22:29.0906 2784 Udfs - ok
22:22:30.0000 2784 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
22:22:30.0000 2784 ultra - ok
22:22:30.0187 2784 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:22:30.0218 2784 Update - ok
22:22:30.0437 2784 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:22:30.0437 2784 USBAAPL - ok
22:22:30.0562 2784 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
22:22:30.0578 2784 usbaudio - ok
22:22:30.0671 2784 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:22:30.0687 2784 usbccgp - ok
22:22:30.0765 2784 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:22:30.0765 2784 usbehci - ok
22:22:30.0828 2784 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:22:30.0828 2784 usbhub - ok
22:22:30.0906 2784 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:22:30.0921 2784 usbprint - ok
22:22:30.0984 2784 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:22:31.0000 2784 usbscan - ok
22:22:31.0078 2784 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:22:31.0078 2784 USBSTOR - ok
22:22:31.0140 2784 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:22:31.0156 2784 usbuhci - ok
22:22:31.0171 2784 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:22:31.0187 2784 VgaSave - ok
22:22:31.0250 2784 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:22:31.0265 2784 viaagp - ok
22:22:31.0343 2784 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:22:31.0343 2784 ViaIde - ok
22:22:31.0453 2784 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:22:31.0484 2784 VolSnap - ok
22:22:31.0578 2784 vtcgtrh - ok
22:22:31.0796 2784 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:22:31.0812 2784 Wanarp - ok
22:22:31.0937 2784 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
22:22:31.0984 2784 Wdf01000 - ok
22:22:32.0062 2784 WDICA - ok
22:22:32.0203 2784 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:22:32.0218 2784 wdmaud - ok
22:22:32.0390 2784 wg111nd5 (5dc04e2badf701d7a9d00365b623df2f) C:\WINDOWS\system32\DRIVERS\wg111nd5.sys
22:22:32.0453 2784 wg111nd5 - ok
22:22:33.0125 2784 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:22:33.0125 2784 WS2IFSL - ok
22:22:33.0265 2784 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:22:33.0312 2784 WSTCODEC - ok
22:22:33.0421 2784 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:22:33.0421 2784 WudfPf - ok
22:22:33.0453 2784 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:22:33.0484 2784 WudfRd - ok
22:22:33.0750 2784 xusb21 (09e5340bd9b2cb730bf4dc6be7721291) C:\WINDOWS\system32\DRIVERS\xusb21.sys
22:22:33.0750 2784 xusb21 - ok
22:22:34.0078 2784 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:22:34.0281 2784 \Device\Harddisk0\DR0 - ok
22:22:34.0281 2784 Boot (0x1200) (2f15d13e380a6f66e774428ea5c5b530) \Device\Harddisk0\DR0\Partition0
22:22:34.0281 2784 \Device\Harddisk0\DR0\Partition0 - ok
22:22:34.0296 2784 ============================================================
22:22:34.0296 2784 Scan finished
22:22:34.0296 2784 ============================================================
22:22:34.0515 2776 Detected object count: 0
22:22:34.0515 2776 Actual detected object count: 0
22:22:36.0359 2504 Deinitialize success


ComboFix:

ComboFix 12-01-31.01 - The Kings 01/31/2012 22:36:01.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1691 [GMT -6:00]
Running from: c:\documents and settings\The Kings\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\The Kings\Application Data\inst.exe
c:\documents and settings\The Kings\Local Settings\Application Data\{0C7641C2-EDFA-4C42-92DD-3AA21F7D96D8}
c:\documents and settings\The Kings\Local Settings\Application Data\{0C7641C2-EDFA-4C42-92DD-3AA21F7D96D8}\chrome.manifest
c:\documents and settings\The Kings\Local Settings\Application Data\{0C7641C2-EDFA-4C42-92DD-3AA21F7D96D8}\chrome\content\_cfg.js
c:\documents and settings\The Kings\Local Settings\Application Data\{0C7641C2-EDFA-4C42-92DD-3AA21F7D96D8}\chrome\content\overlay.xul
c:\documents and settings\The Kings\Local Settings\Application Data\{0C7641C2-EDFA-4C42-92DD-3AA21F7D96D8}\install.rdf
c:\documents and settings\The Kings\My Documents\~WRL0005.tmp
c:\documents and settings\The Kings\WINDOWS
C:\s
c:\windows\Downloaded Program Files\CpnMgr.dll
c:\windows\system32\18467.exe
c:\windows\system32\26500.exe
c:\windows\system32\6334.exe
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\system32\ctfmon .exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-01 to 2012-02-01 )))))))))))))))))))))))))))))))
.
.
2012-01-24 18:33 . 2012-01-24 18:34 -------- d-----w- c:\program files\HRBlock2011
2012-01-24 03:20 . 2012-01-24 03:20 -------- d-----w- c:\documents and settings\The Kings\Local Settings\Application Data\Sun
2012-01-24 03:06 . 2012-01-24 03:06 -------- d-----w- c:\program files\Common Files\Java
2012-01-24 03:06 . 2012-01-24 03:05 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-01-24 03:06 . 2012-01-24 03:05 141312 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-22 19:59 . 2012-01-22 19:59 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2012-01-22 19:35 . 2001-08-17 19:51 16896 ----a-w- c:\windows\system32\dllcache\stcusb.sys
2012-01-22 19:35 . 2001-08-17 18:11 48736 ----a-w- c:\windows\system32\dllcache\srwlnd5.sys
2012-01-22 19:33 . 2004-08-04 10:00 38912 ----a-w- c:\windows\system32\dllcache\sm9aw.dll
2012-01-22 19:32 . 2001-08-17 19:53 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys
2012-01-22 19:31 . 2001-08-17 19:57 65664 ----a-w- c:\windows\system32\dllcache\s3legacy.sys
2012-01-22 19:30 . 2001-08-17 19:28 128286 ----a-w- c:\windows\system32\dllcache\ptserli.sys
2012-01-22 19:29 . 2004-08-04 03:31 29502 ----a-w- c:\windows\system32\dllcache\pca200e.sys
2012-01-22 19:28 . 2001-08-17 19:47 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys
2012-01-22 19:27 . 2001-08-18 04:36 19968 ----a-w- c:\windows\system32\dllcache\mxicfg.dll
2012-01-22 19:26 . 2001-08-18 04:36 65536 ----a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll
2012-01-22 19:25 . 2001-08-17 20:55 5632 ----a-w- c:\windows\system32\dllcache\kbd103.dll
2012-01-22 19:24 . 2001-08-17 18:12 100936 ----a-w- c:\windows\system32\dllcache\ibmtok.sys
2012-01-22 19:23 . 2001-08-18 04:36 93696 ----a-w- c:\windows\system32\dllcache\hpgt42.dll
2012-01-22 19:22 . 2001-08-18 04:36 43520 ----a-w- c:\windows\system32\dllcache\EXCH_fcachdll.dll
2012-01-22 19:21 . 2001-08-17 18:11 66591 ----a-w- c:\windows\system32\dllcache\el90xbc5.sys
2012-01-22 19:20 . 2001-08-17 18:12 117760 ----a-w- c:\windows\system32\dllcache\d100ib5.sys
2012-01-22 19:19 . 2001-08-17 19:51 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
2012-01-22 19:18 . 2001-08-17 20:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-24 03:05 . 2011-01-03 23:43 567184 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-10 21:24 . 2010-02-14 19:58 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-21 04:04 . 2012-01-03 22:17 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
<pre>
c:\program files\Adobe\Reader 8.0\Reader\reader_sl .exe
c:\program files\Analog Devices\Core\smax4pnp .exe
c:\program files\ATI Technologies\ATI.ACE\cli .exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\applesyncnotifier .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\Symantec Shared\ccapp .exe
c:\program files\CyberLink\PowerDVD\dvdlauncher .exe
c:\program files\Electronic Arts\EADM\core .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\HP\HP Software Update\hpwuschd2 .exe
c:\program files\iTunes\ituneshelper .exe
c:\program files\Messenger\msmsgs .exe
c:\windows\system32\rundll32 .exe
c:\windows\system32\DLA\dlactrlw .exe
c:\windows\system32\spool\drivers\w32x86\3\wrtmon .exe
</pre>
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-11-29 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-11-08 02:29 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-12-14 23:17 47904 -c--a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeScreenSharing]
c:\documents and settings\The Kings\Local Settings\Application Data\FreeScreenSharing\FreeScreenSharing.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-11-06 19:19 136176 ----atw- c:\documents and settings\The Kings\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 23:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-02 22:05 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-09-30 18:19 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-01-10 06:23 4616064 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-06-04 00:51 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
2009-09-30 22:57 718688 ----a-w- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\swkotor\\swkotor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\oblivion\\OblivionLauncher.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 12:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 11:48 AM 116608]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [10/13/2010 10:42 PM 583640]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [2/26/2009 9:47 AM 47360]
S0 vtcgtrh;vtcgtrh;c:\windows\system32\drivers\pergtw.sys --> c:\windows\system32\drivers\pergtw.sys [?]
S1 SABKUTIL;SABKUTIL;\??\j:\sabkutil.sys --> j:\SABKUTIL.sys [?]
S2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [3/17/2006 4:25 PM 65536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys --> c:\windows\system32\Drivers\COH_Mon.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\Drivers\PROCEXP151.SYS --> c:\windows\system32\Drivers\PROCEXP151.SYS [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2012-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4035743746-1989056851-3061778754-1006Core.job
- c:\documents and settings\The Kings\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-06 19:19]
.
2012-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4035743746-1989056851-3061778754-1006UA.job
- c:\documents and settings\The Kings\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-06 19:19]
.
2012-02-01 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2010-10-14 13:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\The Kings\Application Data\Mozilla\Firefox\Profiles\ag0s3sra.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-31 22:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,a6,70,09,d4,e7,a2,46,ae,e4,0c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,a6,70,09,d4,e7,a2,46,ae,e4,0c,\
.
[HKEY_USERS\S-1-5-21-4035743746-1989056851-3061778754-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@DACL=(02 0000)
@="Internet Explorer Zonemapping"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
@DACL=(02 0000)
@="Internet Explorer User Accelerators"
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@DACL=(02 0000)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3014"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=expand:"scecli.dll"
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@DACL=(02 0000)
@="802.3 Group Policy"
"DisplayName"=expand:"@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=expand:"dot3gpclnt.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@="Software Installation"
"DllName"=expand:"appmgmts.dll"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
@DACL=(02 0000)
@="Internet Explorer Machine Accelerators"
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
@DACL=(02 0000)
"DllName"="c:\\Program Files\\SUPERAntiSpyware\\SASWINLO.dll"
"Logon"="SABWINLOLogon"
"Logoff"="SABWINLOLogoff"
"Startup"="SABWINLOStartup"
"Shutdown"="SABWINLOShutdown"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
@DACL=(02 0000)
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
@DACL=(02 0000)
"Asynchronous"=dword:00000001
"DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"
"Startup"="WlDimsStartup"
"Shutdown"="WlDimsShutdown"
"Logon"="WlDimsLogon"
"Logoff"="WlDimsLogoff"
"StartShell"="WlDimsStartShell"
"Lock"="WlDimsLock"
"Unlock"="WlDimsUnlock"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
@DACL=(02 0000)
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=expand:"sclgntfy.dll"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
@DACL=(02 0000)
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1808)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\rundll32.exe
c:\program files\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
Completion time: 2012-01-31 22:52:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-01 04:52
.
Pre-Run: 121,192,628,224 bytes free
Post-Run: 121,289,453,568 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 6B2AB67ABCC1163487A2F7B758AF2D5A

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:18 AM

Posted 01 February 2012 - 05:52 PM

Hi

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

RenV::
c:\program files\Adobe\Reader 8.0\Reader\reader_sl .exe
c:\program files\Analog Devices\Core\smax4pnp .exe
c:\program files\ATI Technologies\ATI.ACE\cli .exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\applesyncnotifier .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\Symantec Shared\ccapp .exe
c:\program files\CyberLink\PowerDVD\dvdlauncher .exe
c:\program files\Electronic Arts\EADM\core .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\HP\HP Software Update\hpwuschd2 .exe
c:\program files\iTunes\ituneshelper .exe
c:\program files\Messenger\msmsgs .exe
c:\windows\system32\rundll32 .exe
c:\windows\system32\DLA\dlactrlw .exe
c:\windows\system32\spool\drivers\w32x86\3\wrtmon .exe

Driver::
vtcgtrh

RegLock::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 gnikk

gnikk
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 01 February 2012 - 08:04 PM

ComboFix 12-02-01.01 - The Kings 02/01/2012 18:44:34.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1519 [GMT -6:00]
Running from: c:\documents and settings\The Kings\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\The Kings\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vtcgtrh
.
.
((((((((((((((((((((((((( Files Created from 2012-01-02 to 2012-02-02 )))))))))))))))))))))))))))))))
.
.
2012-02-02 00:34 . 2012-02-02 00:34 -------- d-----w- c:\windows\LastGood.Tmp
2012-01-24 18:33 . 2012-01-24 18:34 -------- d-----w- c:\program files\HRBlock2011
2012-01-24 03:20 . 2012-01-24 03:20 -------- d-----w- c:\documents and settings\The Kings\Local Settings\Application Data\Sun
2012-01-24 03:06 . 2012-01-24 03:06 -------- d-----w- c:\program files\Common Files\Java
2012-01-24 03:06 . 2012-01-24 03:05 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-01-24 03:06 . 2012-01-24 03:05 141312 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-22 19:59 . 2012-01-22 19:59 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2012-01-22 19:38 . 2001-08-17 19:28 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2012-01-22 19:37 . 2001-08-17 19:28 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys
2012-01-22 19:36 . 2001-08-18 04:36 216064 ----a-w- c:\windows\system32\dllcache\um34scan.dll
2012-01-22 19:35 . 2001-08-17 18:13 17129 ----a-w- c:\windows\system32\dllcache\tdkcd31.sys
2012-01-22 19:34 . 2004-08-04 10:00 101376 ----a-w- c:\windows\system32\dllcache\srusbusd.dll
2012-01-22 19:33 . 2004-08-04 10:00 38912 ----a-w- c:\windows\system32\dllcache\sm9aw.dll
2012-01-22 19:32 . 2001-08-17 19:53 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys
2012-01-22 19:31 . 2001-08-17 19:57 65664 ----a-w- c:\windows\system32\dllcache\s3legacy.sys
2012-01-22 19:30 . 2001-08-17 19:28 128286 ----a-w- c:\windows\system32\dllcache\ptserli.sys
2012-01-22 19:29 . 2004-08-04 03:31 29502 ----a-w- c:\windows\system32\dllcache\pca200e.sys
2012-01-22 19:28 . 2001-08-17 19:47 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys
2012-01-22 19:27 . 2001-08-18 04:36 19968 ----a-w- c:\windows\system32\dllcache\mxicfg.dll
2012-01-22 19:26 . 2001-08-18 04:36 65536 ----a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll
2012-01-22 19:25 . 2001-08-17 20:55 5632 ----a-w- c:\windows\system32\dllcache\kbd103.dll
2012-01-22 19:24 . 2001-08-17 18:12 100936 ----a-w- c:\windows\system32\dllcache\ibmtok.sys
2012-01-22 19:23 . 2001-08-18 04:36 93696 ----a-w- c:\windows\system32\dllcache\hpgt42.dll
2012-01-22 19:22 . 2001-08-18 04:36 43520 ----a-w- c:\windows\system32\dllcache\EXCH_fcachdll.dll
2012-01-22 19:21 . 2001-08-17 18:11 66591 ----a-w- c:\windows\system32\dllcache\el90xbc5.sys
2012-01-22 19:20 . 2001-08-17 18:12 117760 ----a-w- c:\windows\system32\dllcache\d100ib5.sys
2012-01-22 19:19 . 2001-08-17 19:51 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
2012-01-22 19:18 . 2001-08-17 20:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-24 03:05 . 2011-01-03 23:43 567184 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-10 21:24 . 2010-02-14 19:58 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-21 04:04 . 2012-01-03 22:17 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-01_04.47.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-20 18:18 . 2006-09-20 13:35 20480 c:\windows\system32\spool\drivers\w32x86\3\wrtmon.exe
+ 2007-07-20 20:04 . 2005-09-08 10:20 122940 c:\windows\system32\DLA\dlactrlw.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-11-29 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-11-08 02:29 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-12-14 23:17 47904 -c--a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-11-06 19:19 136176 ----atw- c:\documents and settings\The Kings\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-29 02:21 141600 -c--a-w- c:\program files\iTunes\ituneshelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-02 22:05 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-09-30 18:19 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-01-10 06:23 4616064 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-21 13:00 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
2009-09-30 22:57 718688 ----a-w- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\swkotor\\swkotor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\oblivion\\OblivionLauncher.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 12:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 11:48 AM 116608]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [10/13/2010 10:42 PM 583640]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [2/26/2009 9:47 AM 47360]
S1 SABKUTIL;SABKUTIL;\??\j:\sabkutil.sys --> j:\SABKUTIL.sys [?]
S2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [3/17/2006 4:25 PM 65536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys --> c:\windows\system32\Drivers\COH_Mon.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\Drivers\PROCEXP151.SYS --> c:\windows\system32\Drivers\PROCEXP151.SYS [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2012-02-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-21 18:10]
.
2012-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4035743746-1989056851-3061778754-1006Core.job
- c:\documents and settings\The Kings\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-06 19:19]
.
2012-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4035743746-1989056851-3061778754-1006UA.job
- c:\documents and settings\The Kings\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-06 19:19]
.
2012-02-01 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2010-10-14 13:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\The Kings\Application Data\Mozilla\Firefox\Profiles\ag0s3sra.default\
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-FreeScreenSharing - c:\documents and settings\The Kings\Local Settings\Application Data\FreeScreenSharing\FreeScreenSharing.exe
MSConfigStartUp-Yahoo! Pager - c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-01 18:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,a6,70,09,d4,e7,a2,46,ae,e4,0c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,a6,70,09,d4,e7,a2,46,ae,e4,0c,\
.
[HKEY_USERS\S-1-5-21-4035743746-1989056851-3061778754-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(864)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1636)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
Completion time: 2012-02-01 18:58:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-02 00:58
ComboFix2.txt 2012-02-01 04:52
.
Pre-Run: 120,060,145,664 bytes free
Post-Run: 120,826,908,672 bytes free
.
- - End Of File - - 0051B1EFFE1364B2DC6348D8E0F39CF5

Edited by gnikk, 01 February 2012 - 08:05 PM.


#6 gnikk

gnikk
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 01 February 2012 - 08:53 PM

I should mention that after I ran the Combofix as instructed above, when I went to shut down my computer, it wanted to install Windows Updates. It installed 76 of them. Then I turned the computer back on and when I shut it down again it, it installed 19 more Windows Updates. I hope I did not mess anything up.

Edited by gnikk, 01 February 2012 - 09:49 PM.


#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:18 AM

Posted 01 February 2012 - 09:59 PM

wow, that was a lot of updates

Please run the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 gnikk

gnikk
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 02 February 2012 - 04:04 PM

MBAM was clean:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.02.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
The Kings :: KING [administrator]

2/1/2012 10:08:47 PM
mbam-log-2012-02-01 (22-08-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206026
Time elapsed: 4 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



ESET found no threats. I am still having the same issue with close to 100% CPU usage. Maybe the problem is not malware related?

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:18 AM

Posted 02 February 2012 - 05:12 PM

It may not be,

Please re-run ComboFix, allow it to update if it asks to do so

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 gnikk

gnikk
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 03 February 2012 - 12:12 AM

ComboFix 12-02-01.01 - The Kings 02/02/2012 22:11:19.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1529 [GMT -6:00]
Running from: c:\documents and settings\The Kings\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2012-01-03 to 2012-02-03 )))))))))))))))))))))))))))))))
.
.
2012-02-02 00:42 . 2011-11-04 19:20 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2012-01-24 18:33 . 2012-01-24 18:34 -------- d-----w- c:\program files\HRBlock2011
2012-01-24 03:20 . 2012-01-24 03:20 -------- d-----w- c:\documents and settings\The Kings\Local Settings\Application Data\Sun
2012-01-24 03:06 . 2012-01-24 03:06 -------- d-----w- c:\program files\Common Files\Java
2012-01-24 03:06 . 2012-01-24 03:05 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-01-24 03:06 . 2012-01-24 03:05 141312 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-22 19:59 . 2012-01-22 19:59 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2012-01-22 19:38 . 2001-08-17 19:28 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2012-01-22 19:37 . 2001-08-17 19:28 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys
2012-01-22 19:36 . 2001-08-18 04:36 216064 ----a-w- c:\windows\system32\dllcache\um34scan.dll
2012-01-22 19:35 . 2001-08-17 18:13 17129 ----a-w- c:\windows\system32\dllcache\tdkcd31.sys
2012-01-22 19:34 . 2004-08-04 10:00 101376 ----a-w- c:\windows\system32\dllcache\srusbusd.dll
2012-01-22 19:33 . 2004-08-04 10:00 38912 ----a-w- c:\windows\system32\dllcache\sm9aw.dll
2012-01-22 19:32 . 2001-08-17 19:53 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys
2012-01-22 19:31 . 2001-08-17 19:57 65664 ----a-w- c:\windows\system32\dllcache\s3legacy.sys
2012-01-22 19:30 . 2001-08-17 19:28 128286 ----a-w- c:\windows\system32\dllcache\ptserli.sys
2012-01-22 19:29 . 2004-08-04 03:31 29502 ----a-w- c:\windows\system32\dllcache\pca200e.sys
2012-01-22 19:28 . 2001-08-17 19:47 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys
2012-01-22 19:27 . 2001-08-18 04:36 19968 ----a-w- c:\windows\system32\dllcache\mxicfg.dll
2012-01-22 19:26 . 2001-08-18 04:36 65536 ----a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll
2012-01-22 19:25 . 2001-08-17 20:55 5632 ----a-w- c:\windows\system32\dllcache\kbd103.dll
2012-01-22 19:24 . 2001-08-17 18:12 100936 ----a-w- c:\windows\system32\dllcache\ibmtok.sys
2012-01-22 19:23 . 2001-08-18 04:36 93696 ----a-w- c:\windows\system32\dllcache\hpgt42.dll
2012-01-22 19:22 . 2001-08-18 04:36 43520 ----a-w- c:\windows\system32\dllcache\EXCH_fcachdll.dll
2012-01-22 19:21 . 2001-08-17 18:11 66591 ----a-w- c:\windows\system32\dllcache\el90xbc5.sys
2012-01-22 19:20 . 2001-08-17 18:12 117760 ----a-w- c:\windows\system32\dllcache\d100ib5.sys
2012-01-22 19:19 . 2001-08-17 19:51 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
2012-01-22 19:18 . 2001-08-17 20:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-24 03:05 . 2011-01-03 23:43 567184 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-10 21:24 . 2010-02-14 19:58 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2004-08-10 17:51 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-10 17:51 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-10 17:51 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-10 17:51 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-10 17:51 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-21 04:04 . 2012-01-03 22:17 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
<pre>
c:\program files\QuickTime\qttask   .exe
c:\program files\Yahoo!\Search Protection\searchprotection .exe
</pre>
.
((((((((((((((((((((((((((((( SnapShot@2012-02-01_04.47.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-19 04:51 . 2011-04-19 04:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll
+ 2011-05-14 02:17 . 2011-05-14 02:17 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920\vcomp.dll
+ 2011-05-14 01:45 . 2011-05-14 01:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll
+ 2011-05-14 01:45 . 2011-05-14 01:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll
+ 2011-05-14 01:45 . 2011-05-14 01:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll
+ 2011-05-14 01:45 . 2011-05-14 01:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll
+ 2011-05-14 01:45 . 2011-05-14 01:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll
+ 2011-05-14 01:45 . 2011-05-14 01:45 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
+ 2011-05-14 01:45 . 2011-05-14 01:45 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll
+ 2011-05-14 01:45 . 2011-05-14 01:45 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll
+ 2011-05-14 01:45 . 2011-05-14 01:45 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll
+ 2011-05-14 07:06 . 2011-05-14 07:06 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll
+ 2011-05-14 07:23 . 2011-05-14 07:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll
+ 2011-05-14 00:37 . 2011-05-14 00:37 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 21880 c:\windows\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\Microsoft.Workflow.Compiler.exe
- 2011-07-06 22:15 . 2011-07-06 22:15 21880 c:\windows\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\Microsoft.Workflow.Compiler.exe
+ 2011-06-11 07:58 . 2011-06-11 07:58 51024 c:\windows\system32\vcomp100.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 51024 c:\windows\system32\vcomp100.dll
- 2007-07-20 19:56 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2007-07-20 19:56 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe
+ 2004-08-10 17:51 . 2010-08-27 05:57 99840 c:\windows\system32\srvsvc.dll
+ 2004-08-10 17:51 . 2010-08-17 13:17 58880 c:\windows\system32\spoolsv.exe
+ 2007-10-20 18:18 . 2006-09-20 13:35 20480 c:\windows\system32\spool\drivers\w32x86\3\wrtmon.exe
- 2004-08-10 17:51 . 2011-11-08 14:55 88018 c:\windows\system32\perfc009.dat
+ 2004-08-10 17:51 . 2012-02-02 01:47 88018 c:\windows\system32\perfc009.dat
+ 2004-08-10 17:51 . 2011-09-26 17:41 20480 c:\windows\system32\oleaccrc.dll
- 2004-08-10 17:51 . 2009-03-08 09:31 66560 c:\windows\system32\mshtmled.dll
+ 2004-08-10 17:51 . 2011-11-04 19:20 66560 c:\windows\system32\mshtmled.dll
- 2009-03-08 09:31 . 2009-12-21 19:14 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 09:31 . 2011-11-04 19:20 55296 c:\windows\system32\msfeedsbs.dll
+ 2011-06-11 07:58 . 2011-06-11 07:58 81744 c:\windows\system32\mfcm100u.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 81744 c:\windows\system32\mfcm100u.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 81744 c:\windows\system32\mfcm100.dll
+ 2011-06-11 07:58 . 2011-06-11 07:58 81744 c:\windows\system32\mfcm100.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 60752 c:\windows\system32\mfc100rus.dll
+ 2011-06-11 07:58 . 2011-06-11 07:58 60752 c:\windows\system32\mfc100rus.dll
+ 2011-06-11 07:58 . 2011-06-11 07:58 43344 c:\windows\system32\mfc100kor.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 43344 c:\windows\system32\mfc100kor.dll
+ 2011-06-11 07:58 . 2011-06-11 07:58 43856 c:\windows\system32\mfc100jpn.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 43856 c:\windows\system32\mfc100jpn.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 62288 c:\windows\system32\mfc100ita.dll
+ 2011-06-11 07:58 . 2011-06-11 07:58 62288 c:\windows\system32\mfc100ita.dll
+ 2011-06-11 07:58 . 2011-06-11 07:58 64336 c:\windows\system32\mfc100fra.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 64336 c:\windows\system32\mfc100fra.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 63824 c:\windows\system32\mfc100esn.dll
+ 2011-06-11 07:58 . 2011-06-11 07:58 63824 c:\windows\system32\mfc100esn.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 55120 c:\windows\system32\mfc100enu.dll
+ 2011-06-11 07:58 . 2011-06-11 07:58 55120 c:\windows\system32\mfc100enu.dll
+ 2011-06-11 07:58 . 2011-06-11 07:58 64336 c:\windows\system32\mfc100deu.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 64336 c:\windows\system32\mfc100deu.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 36176 c:\windows\system32\mfc100cht.dll
+ 2011-06-11 07:58 . 2011-06-11 07:58 36176 c:\windows\system32\mfc100cht.dll
+ 2011-06-11 07:58 . 2011-06-11 07:58 36176 c:\windows\system32\mfc100chs.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 36176 c:\windows\system32\mfc100chs.dll
+ 2004-08-10 17:51 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll
- 2004-08-10 17:51 . 2008-04-14 00:11 23040 c:\windows\system32\mciseq.dll
+ 2004-08-10 17:51 . 2011-11-04 19:20 43520 c:\windows\system32\licmgr10.dll
- 2004-08-10 17:51 . 2009-12-21 19:14 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-10 17:51 . 2011-11-04 19:20 25600 c:\windows\system32\jsproxy.dll
- 2004-08-10 18:02 . 2008-04-14 00:11 81920 c:\windows\system32\isign32.dll
+ 2004-08-10 18:02 . 2010-11-18 18:12 81920 c:\windows\system32\isign32.dll
- 2004-08-10 17:51 . 2008-04-14 00:11 80384 c:\windows\system32\iccvid.dll
+ 2004-08-10 17:51 . 2010-06-17 14:03 80384 c:\windows\system32\iccvid.dll
+ 2004-08-10 17:51 . 2010-11-02 15:17 40960 c:\windows\system32\drivers\ndproxy.sys
+ 2004-08-10 17:51 . 2011-07-08 14:02 10496 c:\windows\system32\drivers\ndistapi.sys
+ 2004-08-10 17:50 . 2009-04-20 17:17 45568 c:\windows\system32\dnsrslvr.dll
- 2004-08-10 17:50 . 2008-04-14 00:11 45568 c:\windows\system32\dnsrslvr.dll
- 2009-10-24 13:32 . 2009-12-21 19:14 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-10-24 13:32 . 2011-11-04 19:20 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2004-08-10 18:02 . 2010-10-11 14:59 45568 c:\windows\system32\dllcache\wab.exe
+ 2004-08-10 17:51 . 2010-08-27 05:57 99840 c:\windows\system32\dllcache\srvsvc.dll
+ 2004-08-10 17:51 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
+ 2004-08-10 17:51 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe
+ 2004-08-10 17:51 . 2011-09-26 17:41 20480 c:\windows\system32\dllcache\oleaccrc.dll
+ 2004-08-10 17:51 . 2010-11-02 15:17 40960 c:\windows\system32\dllcache\ndproxy.sys
+ 2004-08-10 17:51 . 2011-07-08 14:02 10496 c:\windows\system32\dllcache\ndistapi.sys
- 2004-08-10 17:51 . 2009-03-08 09:31 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-10 17:51 . 2011-11-04 19:20 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-10-24 13:32 . 2011-11-04 19:20 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-10-24 13:32 . 2009-12-21 19:14 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2004-08-10 17:51 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll
- 2004-08-10 17:51 . 2008-04-14 00:11 23040 c:\windows\system32\dllcache\mciseq.dll
+ 2004-08-10 17:51 . 2011-11-04 19:20 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2004-08-10 17:51 . 2009-12-21 19:14 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-10 17:51 . 2011-11-04 19:20 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-10 18:02 . 2010-11-18 18:12 81920 c:\windows\system32\dllcache\isign32.dll
- 2004-08-10 18:02 . 2008-04-14 00:11 81920 c:\windows\system32\dllcache\isign32.dll
+ 2004-08-10 17:50 . 2009-04-20 17:17 45568 c:\windows\system32\dllcache\dnsrslvr.dll
- 2004-08-10 17:50 . 2008-04-14 00:11 45568 c:\windows\system32\dllcache\dnsrslvr.dll
- 2004-08-10 17:50 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2004-08-10 17:50 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2004-08-10 17:50 . 2010-01-13 14:01 86016 c:\windows\system32\dllcache\cabview.dll
+ 2004-08-10 17:50 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll
- 2004-08-10 17:50 . 2009-12-14 07:08 33280 c:\windows\system32\csrsrv.dll
+ 2004-08-10 17:50 . 2011-10-28 05:31 33280 c:\windows\system32\csrsrv.dll
+ 2004-08-10 17:50 . 2010-01-13 14:01 86016 c:\windows\system32\cabview.dll
+ 2004-08-10 17:50 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll
+ 2011-12-26 09:54 . 2011-12-26 09:54 15120 c:\windows\Microsoft.NET\Framework\v4.0.30319\webengine.dll
+ 2011-07-09 15:30 . 2011-07-09 15:30 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
- 2010-03-18 18:16 . 2010-03-18 18:16 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2011-12-26 09:54 . 2011-12-26 09:54 33552 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe
- 2008-07-30 00:16 . 2008-07-30 00:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2010-04-08 05:48 . 2010-04-08 05:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2011-12-25 09:49 . 2011-12-25 09:49 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2011-12-25 17:07 . 2011-12-25 17:07 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2008-05-28 05:49 . 2008-05-28 05:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2011-12-25 04:55 . 2011-12-25 04:55 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2008-05-28 05:49 . 2008-05-28 05:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2011-12-25 04:55 . 2011-12-25 04:55 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2011-12-25 04:55 . 2011-12-25 04:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2008-05-28 05:49 . 2008-05-28 05:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2011-12-25 05:49 . 2011-12-25 05:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2008-05-28 06:30 . 2008-05-28 06:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2003-02-21 00:19 . 2003-02-21 00:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2011-12-25 05:49 . 2011-12-25 05:49 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2011-07-06 22:15 . 2011-07-06 22:15 97624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 97624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2011-07-06 22:15 . 2011-07-06 22:15 29544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 29544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 70040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll
- 2011-07-06 22:15 . 2011-07-06 22:15 70040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 24928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll
- 2011-07-06 22:15 . 2011-07-06 22:15 24928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 81272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-07-06 22:15 . 2011-07-06 22:15 81272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-07-06 22:15 . 2011-07-06 22:15 33144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 33144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
- 2011-07-06 22:15 . 2011-07-06 22:15 93576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 93576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 24944 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
- 2011-07-06 22:15 . 2011-07-06 22:15 24944 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
- 2011-07-06 22:15 . 2011-07-06 22:15 28024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 28024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2011-07-06 22:15 . 2011-07-06 22:15 12168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 12168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 95592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll
- 2011-07-06 22:15 . 2011-07-06 22:15 95592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2011-07-06 22:15 . 2011-07-06 22:15 86888 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 86888 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-07-06 22:10 . 2011-07-06 22:10 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 21880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe
- 2011-07-06 22:15 . 2011-07-06 22:15 21880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe
- 2011-07-06 22:10 . 2011-07-06 22:10 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 40304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
- 2011-07-06 22:15 . 2011-07-06 22:15 40304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 67968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll
- 2011-07-06 22:15 . 2011-07-06 22:15 67968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll
- 2011-07-06 22:10 . 2011-07-06 22:10 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-07-06 22:10 . 2011-07-06 22:10 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-07-06 22:10 . 2011-07-06 22:10 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-02-02 01:47 . 2012-02-02 01:47 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2010-05-10 01:34 . 2010-05-10 01:34 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2011-10-01 00:31 . 2011-10-01 00:31 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-10-01 00:31 . 2012-02-02 01:43 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2012-02-02 01:32 . 2009-12-21 19:14 12800 c:\windows\ie8updates\KB2618444-IE8\xpshims.dll
+ 2012-02-02 01:32 . 2009-03-08 09:31 66560 c:\windows\ie8updates\KB2618444-IE8\mshtmled.dll
+ 2012-02-02 01:32 . 2009-12-21 19:14 55296 c:\windows\ie8updates\KB2618444-IE8\msfeedsbs.dll
+ 2012-02-02 01:32 . 2009-03-08 09:34 43008 c:\windows\ie8updates\KB2618444-IE8\licmgr10.dll
+ 2012-02-02 01:32 . 2009-12-21 19:14 25600 c:\windows\ie8updates\KB2618444-IE8\jsproxy.dll
+ 2012-02-02 01:33 . 2012-02-02 01:33 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_cdae7947\System.Drawing.Design.dll
+ 2012-02-02 01:33 . 2012-02-02 01:33 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_2953c725\CustomMarshalers.dll
+ 2012-02-02 03:49 . 2012-02-02 03:49 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\6f4a1ba24dffa86dd2a2ab8127e0b16d\UIAutomationProvider.ni.dll
+ 2012-02-02 03:52 . 2012-02-02 03:52 55808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml.Hosting\f6122a6acd23a7f8673138225ecf0180\System.Xaml.Hosting.ni.dll
+ 2012-02-02 03:52 . 2012-02-02 03:52 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\f45abd2caa9f93bb60ce92de6a885d6e\System.Windows.Presentation.ni.dll
+ 2012-02-02 03:52 . 2012-02-02 03:52 24064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Routing\3447b1ea4537dd7a1b7796efb935f4b0\System.Web.Routing.ni.dll
+ 2012-02-02 03:52 . 2012-02-02 03:52 46592 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\83c5d636055e2ff172687a9dbf79e5db\System.Web.DynamicData.Design.ni.dll
+ 2012-02-02 03:49 . 2012-02-02 03:49 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\c15f4190f96acf9b328fa3645c2063ea\System.Web.ApplicationServices.ni.dll
+ 2012-02-02 03:52 . 2012-02-02 03:52 24576 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Abstract#\5dd4316500d6e940dfed628463fe4595\System.Web.Abstractions.ni.dll
+ 2012-02-02 03:52 . 2012-02-02 03:52 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\e97547ed8d34e96b9d5836ea04b28c26\System.ServiceModel.Channels.ni.dll
+ 2012-02-02 03:52 . 2012-02-02 03:52 12288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\6ab752f8ab98f09615768a90d50593c1\System.ServiceModel.ServiceMoniker40.ni.dll
+ 2012-02-02 03:50 . 2012-02-02 03:50 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\b811cdf42feaf9a32408b03ab1c4e2d5\System.AddIn.Contract.ni.dll
+ 2012-02-02 03:49 . 2012-02-02 03:49 37888 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Workflow.#\0ee0c4233a9eb5099ad58fcbfbca220b\Microsoft.Workflow.Compiler.ni.exe
+ 2012-02-02 03:49 . 2012-02-02 03:49 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\cfba497fc860b32b8d895f57bf148aa7\Microsoft.VisualC.ni.dll
+ 2012-02-02 03:48 . 2012-02-02 03:48 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\1f368300314889ee35325be9f80ef1c3\Accessibility.ni.dll
+ 2012-02-02 01:54 . 2012-02-02 01:54 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll
+ 2012-02-02 01:44 . 2012-02-02 01:44 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\2cddd536dadeef050e4247682b0f6a04\UIAutomationProvider.ni.dll
+ 2012-02-02 03:48 . 2012-02-02 03:48 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\6c334564da041df8fb75415f2d503224\System.Windows.Presentation.ni.dll
+ 2012-02-02 03:48 . 2012-02-02 03:48 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\750de53f30e516eb2c62de9bab7954e9\System.Web.DynamicData.Design.ni.dll
+ 2012-02-02 03:46 . 2012-02-02 03:46 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ac92806d5bd508eb25f1b4b73a36b101\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-02 03:46 . 2012-02-02 03:46 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\e6a9cd66d11a21776dbf425e8e28099c\System.AddIn.Contract.ni.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\99264f22a0cb430f646df9e9d094ed45\PresentationFontCache.ni.exe
+ 2012-02-02 01:52 . 2012-02-02 01:52 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\66873b557d5c7013e4c630361473b0c2\PresentationFontCache.ni.exe
+ 2012-02-02 01:52 . 2012-02-02 01:52 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\5b30652a7b802199984f93b5e414260f\PresentationCFFRasterizer.ni.dll
+ 2012-02-02 01:45 . 2012-02-02 01:45 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\40abc52401285758a390f089963a3a51\PresentationCFFRasterizer.ni.dll
+ 2012-02-02 03:47 . 2012-02-02 03:47 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\eaa8d72317e5b8047e413939cc71ffba\Microsoft.Vsa.ni.dll
+ 2012-02-02 03:46 . 2012-02-02 03:46 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\aefe683674c97a998f4e908c1a7ee7c6\Microsoft.Build.Framework.ni.dll
+ 2012-02-02 03:46 . 2012-02-02 03:46 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\845eef4d09f28da6ee05d99f93c90f6e\Microsoft.Build.Framework.ni.dll
+ 2012-02-02 03:46 . 2012-02-02 03:46 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\ab7ce2d94ca725c3889a4e3c1ee88ece\dfsvc.ni.exe
+ 2012-02-02 03:45 . 2012-02-02 03:45 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-10-15 09:46 . 2009-10-15 09:46 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-08-21 08:06 . 2009-08-21 08:06 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2012-02-02 01:24 . 2012-02-02 01:24 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-10-15 09:46 . 2009-10-15 09:46 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-02-02 01:47 . 2012-02-02 01:47 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-10-15 09:47 . 2009-10-15 09:47 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-10-15 09:46 . 2009-10-15 09:46 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-10-15 09:46 . 2009-10-15 09:46 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-10-15 09:46 . 2009-10-15 09:46 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-02-02 01:47 . 2012-02-02 01:47 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-10-15 09:47 . 2009-10-15 09:47 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-10-15 09:46 . 2009-10-15 09:46 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-10-15 09:46 . 2009-10-15 09:46 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-10-15 09:46 . 2009-10-15 09:46 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-10-15 09:46 . 2009-10-15 09:46 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-10-15 09:46 . 2009-10-15 09:46 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-10-15 09:46 . 2009-10-15 09:46 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-02-02 01:33 . 2012-02-02 01:33 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2009-10-15 09:46 . 2009-10-15 09:46 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-04-15 11:15 . 2011-02-17 12:32 5120 c:\windows\system32\xpsp4res.dll
+ 2012-02-02 03:48 . 2012-02-02 03:48 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\fed35fa53f20bd75214f2eca0cde1ece\dfsvc.ni.exe
+ 2012-02-02 01:46 . 2012-02-02 01:46 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-10-15 09:46 . 2009-10-15 09:46 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-10-15 09:47 . 2009-10-15 09:47 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-02-02 01:47 . 2012-02-02 01:47 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-10-15 09:46 . 2009-10-15 09:46 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-10-15 09:46 . 2009-10-15 09:46 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-07-06 22:10 . 2011-07-06 22:10 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
- 2011-07-06 22:10 . 2011-07-06 22:10 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-10-15 09:46 . 2009-10-15 09:46 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-10-15 09:46 . 2009-10-15 09:46 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll
+ 2004-08-10 17:51 . 2009-12-24 06:59 177664 c:\windows\system32\wintrust.dll
+ 2004-08-10 17:51 . 2011-10-14 14:47 176128 c:\windows\system32\winmm.dll
- 2004-08-10 17:51 . 2008-04-14 00:12 176128 c:\windows\system32\winmm.dll
+ 2004-08-10 17:51 . 2011-11-04 19:20 916992 c:\windows\system32\wininet.dll
+ 2004-08-10 17:51 . 2011-03-04 06:37 420864 c:\windows\system32\vbscript.dll
- 2004-08-10 17:51 . 2008-04-14 00:12 406016 c:\windows\system32\usp10.dll
+ 2004-08-10 17:51 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll
+ 2004-08-10 17:51 . 2011-11-04 19:20 105984 c:\windows\system32\url.dll
- 2004-08-10 17:51 . 2009-03-08 09:34 105984 c:\windows\system32\url.dll
+ 2008-07-30 00:59 . 2011-09-26 17:41 611328 c:\windows\system32\uiautomationcore.dll
+ 2004-08-10 17:51 . 2010-08-27 08:02 119808 c:\windows\system32\t2embed.dll
- 2004-08-10 17:51 . 2009-10-15 16:28 119808 c:\windows\system32\t2embed.dll
- 2004-08-10 17:51 . 2008-04-14 00:12 135168 c:\windows\system32\shsvcs.dll
+ 2004-08-10 17:51 . 2009-07-27 23:17 135168 c:\windows\system32\shsvcs.dll
+ 2004-08-10 17:51 . 2011-01-21 14:44 439296 c:\windows\system32\shimgvw.dll
- 2004-08-10 17:51 . 2008-04-14 00:12 270848 c:\windows\system32\sbe.dll
+ 2004-08-10 17:51 . 2011-02-09 13:53 270848 c:\windows\system32\sbe.dll
+ 2004-08-10 17:51 . 2010-08-16 08:45 590848 c:\windows\system32\rpcrt4.dll
+ 2004-08-10 17:51 . 2011-11-03 15:28 386048 c:\windows\system32\qdvd.dll
- 2004-08-10 17:51 . 2008-04-14 00:12 386048 c:\windows\system32\qdvd.dll
- 2004-08-10 17:51 . 2011-11-08 14:55 503164 c:\windows\system32\perfh009.dat
+ 2004-08-10 17:51 . 2012-02-02 01:47 503164 c:\windows\system32\perfh009.dat
- 2004-08-10 17:51 . 2008-04-14 00:12 551936 c:\windows\system32\oleaut32.dll
+ 2004-08-10 17:51 . 2010-12-20 17:32 551936 c:\windows\system32\oleaut32.dll
+ 2004-08-10 17:51 . 2011-09-26 17:41 220160 c:\windows\system32\oleacc.dll
+ 2004-08-10 17:51 . 2010-11-09 14:52 249856 c:\windows\system32\odbc32.dll
- 2004-08-10 17:51 . 2008-04-14 00:12 249856 c:\windows\system32\odbc32.dll
+ 2004-08-10 17:51 . 2011-11-04 19:20 206848 c:\windows\system32\occache.dll
- 2004-08-10 17:51 . 2009-12-21 19:14 206848 c:\windows\system32\occache.dll
+ 2004-08-10 17:51 . 2010-12-09 15:15 718336 c:\windows\system32\ntdll.dll
+ 2004-08-10 17:51 . 2008-06-20 16:02 245248 c:\windows\system32\mswsock.dll
- 2004-08-10 17:51 . 2008-06-20 17:46 245248 c:\windows\system32\mswsock.dll
+ 2011-06-11 07:58 . 2011-06-11 07:58 773968 c:\windows\system32\msvcr100.dll
- 2011-02-19 05:40 . 2011-02-19 05:40 773968 c:\windows\system32\msvcr100.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 421200 c:\windows\system32\msvcp100.dll
+ 2011-06-11 07:58 . 2011-06-11 07:58 421200 c:\windows\system32\msvcp100.dll
- 2004-08-10 18:01 . 2008-04-14 00:12 677888 c:\windows\system32\mstsc.exe
+ 2004-08-10 18:01 . 2011-01-27 11:57 677888 c:\windows\system32\mstsc.exe
+ 2004-08-10 17:51 . 2011-11-04 19:20 611840 c:\windows\system32\mstime.dll
- 2004-08-10 17:51 . 2009-03-08 09:32 611840 c:\windows\system32\mstime.dll
+ 2009-03-08 09:32 . 2011-11-04 19:20 602112 c:\windows\system32\msfeeds.dll
- 2006-10-19 02:47 . 2006-10-19 02:47 317440 c:\windows\system32\MP4SDECD.dll
+ 2006-10-19 02:47 . 2010-03-30 18:24 317440 c:\windows\system32\mp4sdecd.dll
+ 2004-08-10 17:51 . 2011-02-08 13:33 974848 c:\windows\system32\mfc42u.dll
+ 2004-08-10 17:51 . 2011-02-08 13:33 978944 c:\windows\system32\mfc42.dll
+ 2004-08-10 17:51 . 2010-09-18 06:53 953856 c:\windows\system32\mfc40u.dll
+ 2004-08-10 17:51 . 2010-09-18 06:53 954368 c:\windows\system32\mfc40.dll
+ 2004-08-10 17:51 . 2010-12-20 17:26 730112 c:\windows\system32\lsasrv.dll
- 2004-08-10 17:51 . 2009-06-25 08:25 730112 c:\windows\system32\lsasrv.dll
+ 2004-08-10 17:51 . 2010-12-22 12:34 301568 c:\windows\system32\kerberos.dll
- 2004-08-10 17:51 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll
- 2004-08-10 17:51 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll
+ 2004-08-10 17:51 . 2011-03-04 06:37 726528 c:\windows\system32\jscript.dll
+ 2004-08-10 18:02 . 2011-10-10 14:22 692736 c:\windows\system32\inetcomm.dll
+ 2004-08-10 17:51 . 2011-11-04 19:20 184320 c:\windows\system32\iepeers.dll
- 2004-08-10 17:51 . 2009-12-21 19:14 184320 c:\windows\system32\iepeers.dll
+ 2004-08-10 17:51 . 2011-11-04 19:20 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-10 17:51 . 2009-12-21 19:14 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-10 17:51 . 2011-11-04 11:24 174080 c:\windows\system32\ie4uinit.exe
+ 2004-08-10 18:01 . 2011-02-11 13:25 229888 c:\windows\system32\fxscover.exe
- 2004-08-10 17:57 . 2012-01-09 06:01 167504 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-10 17:57 . 2012-02-02 03:38 167504 c:\windows\system32\FNTCACHE.DAT
- 2004-08-10 17:51 . 2008-04-14 00:11 186880 c:\windows\system32\encdec.dll
+ 2004-08-10 17:51 . 2011-10-18 11:13 186880 c:\windows\system32\encdec.dll
+ 2004-08-10 17:51 . 2010-02-11 12:02 226880 c:\windows\system32\drivers\tcpip6.sys
+ 2004-08-10 17:51 . 2011-02-17 13:18 357888 c:\windows\system32\drivers\srv.sys
+ 2004-08-10 18:01 . 2011-06-24 14:10 139656 c:\windows\system32\drivers\rdpwd.sys
- 2004-08-10 18:01 . 2008-04-14 00:13 139656 c:\windows\system32\drivers\rdpwd.sys
+ 2004-08-10 17:51 . 2011-04-21 13:37 105472 c:\windows\system32\drivers\mup.sys
+ 2004-08-10 17:51 . 2011-07-15 13:29 456320 c:\windows\system32\drivers\mrxsmb.sys
- 2004-08-10 17:50 . 2008-08-14 10:04 138496 c:\windows\system32\drivers\afd.sys
+ 2004-08-10 17:50 . 2011-08-17 13:49 138496 c:\windows\system32\drivers\afd.sys
+ 2004-08-10 17:50 . 2011-03-03 06:55 149504 c:\windows\system32\dnsapi.dll
+ 2004-08-10 18:01 . 2010-07-12 12:55 218112 c:\windows\system32\dllcache\wordpad.exe
+ 2004-08-10 17:51 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
- 2004-08-10 17:51 . 2008-04-14 00:12 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2004-08-10 17:51 . 2011-11-25 21:57 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2004-08-10 17:51 . 2011-10-14 14:47 176128 c:\windows\system32\dllcache\winmm.dll
- 2004-08-10 17:51 . 2008-04-14 00:12 176128 c:\windows\system32\dllcache\winmm.dll
+ 2004-08-10 17:51 . 2011-11-04 19:20 916992 c:\windows\system32\dllcache\wininet.dll
- 2004-08-10 17:51 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2004-08-10 17:51 . 2011-11-16 14:21 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2004-08-10 18:02 . 2011-04-30 03:01 758784 c:\windows\system32\dllcache\vgx.dll
+ 2004-08-10 17:51 . 2011-03-04 06:37 420864 c:\windows\system32\dllcache\vbscript.dll
- 2004-08-10 17:51 . 2008-04-14 00:12 406016 c:\windows\system32\dllcache\usp10.dll
+ 2004-08-10 17:51 . 2010-04-16 15:36 406016 c:\windows\system32\dllcache\usp10.dll
+ 2004-08-10 17:51 . 2011-11-04 19:20 105984 c:\windows\system32\dllcache\url.dll
- 2004-08-10 17:51 . 2009-03-08 09:34 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-10 17:51 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2004-08-10 17:51 . 2010-08-27 08:02 119808 c:\windows\system32\dllcache\t2embed.dll
- 2004-08-10 17:51 . 2009-10-15 16:28 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2004-08-10 17:51 . 2011-02-17 13:18 357888 c:\windows\system32\dllcache\srv.sys
+ 2004-08-10 17:51 . 2009-07-27 23:17 135168 c:\windows\system32\dllcache\shsvcs.dll
- 2004-08-10 17:51 . 2008-04-14 00:12 135168 c:\windows\system32\dllcache\shsvcs.dll
+ 2004-08-10 17:51 . 2011-01-21 14:44 439296 c:\windows\system32\dllcache\shimgvw.dll
+ 2004-08-10 17:51 . 2011-11-16 14:21 152064 c:\windows\system32\dllcache\schannel.dll
+ 2004-08-10 17:51 . 2011-02-09 13:53 270848 c:\windows\system32\dllcache\sbe.dll
- 2004-08-10 17:51 . 2008-04-14 00:12 270848 c:\windows\system32\dllcache\sbe.dll
+ 2004-08-10 17:51 . 2010-08-16 08:45 590848 c:\windows\system32\dllcache\rpcrt4.dll
+ 2004-08-10 18:01 . 2011-06-24 14:10 139656 c:\windows\system32\dllcache\rdpwd.sys
- 2004-08-10 18:01 . 2008-04-14 00:13 139656 c:\windows\system32\dllcache\rdpwd.sys
+ 2004-08-10 17:51 . 2011-11-03 15:28 386048 c:\windows\system32\dllcache\qdvd.dll
- 2004-08-10 17:51 . 2008-04-14 00:12 386048 c:\windows\system32\dllcache\qdvd.dll
+ 2004-08-10 17:51 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll
- 2004-08-10 17:51 . 2008-04-14 00:12 551936 c:\windows\system32\dllcache\oleaut32.dll
+ 2004-08-10 17:51 . 2011-09-26 17:41 220160 c:\windows\system32\dllcache\oleacc.dll
- 2004-08-10 17:51 . 2008-04-14 00:12 249856 c:\windows\system32\dllcache\odbc32.dll
+ 2004-08-10 17:51 . 2010-11-09 14:52 249856 c:\windows\system32\dllcache\odbc32.dll
- 2004-08-10 17:51 . 2009-12-21 19:14 206848 c:\windows\system32\dllcache\occache.dll
+ 2004-08-10 17:51 . 2011-11-04 19:20 206848 c:\windows\system32\dllcache\occache.dll
+ 2004-08-10 17:51 . 2010-12-09 15:15 718336 c:\windows\system32\dllcache\ntdll.dll
+ 2004-08-10 17:51 . 2011-04-21 13:37 105472 c:\windows\system32\dllcache\mup.sys
- 2004-08-10 17:51 . 2008-06-20 17:46 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2004-08-10 17:51 . 2008-06-20 16:02 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2004-08-10 17:51 . 2011-11-04 19:20 611840 c:\windows\system32\dllcache\mstime.dll
- 2004-08-10 17:51 . 2009-03-08 09:32 611840 c:\windows\system32\dllcache\mstime.dll
- 2004-08-10 18:02 . 2008-04-14 00:12 102400 c:\windows\system32\dllcache\msjro.dll
+ 2004-08-10 18:02 . 2010-11-09 14:52 102400 c:\windows\system32\dllcache\msjro.dll
+ 2009-10-24 13:32 . 2011-11-04 19:20 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2004-08-10 18:02 . 2008-04-14 00:11 200704 c:\windows\system32\dllcache\msadox.dll
+ 2004-08-10 18:02 . 2010-11-09 14:52 200704 c:\windows\system32\dllcache\msadox.dll
- 2004-08-10 18:02 . 2008-04-14 00:11 180224 c:\windows\system32\dllcache\msadomd.dll
+ 2004-08-10 18:02 . 2010-11-09 14:52 180224 c:\windows\system32\dllcache\msadomd.dll
+ 2004-08-10 18:02 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll
- 2004-08-10 18:02 . 2008-04-14 00:11 536576 c:\windows\system32\dllcache\msado15.dll
+ 2004-08-10 18:02 . 2010-11-09 14:52 143360 c:\windows\system32\dllcache\msadco.dll
- 2004-08-10 18:02 . 2008-04-14 00:11 143360 c:\windows\system32\dllcache\msadco.dll
+ 2004-08-10 17:51 . 2011-07-15 13:29 456320 c:\windows\system32\dllcache\mrxsmb.sys
+ 2010-03-30 18:24 . 2010-03-30 18:24 317440 c:\windows\system32\dllcache\mp4sdecd.dll
+ 2004-08-10 17:51 . 2011-02-08 13:33 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2004-08-10 17:51 . 2011-02-08 13:33 978944 c:\windows\system32\dllcache\mfc42.dll
+ 2004-08-10 17:51 . 2010-09-18 06:53 953856 c:\windows\system32\dllcache\mfc40u.dll
+ 2004-08-10 17:51 . 2010-09-18 06:53 954368 c:\windows\system32\dllcache\mfc40.dll
+ 2004-08-10 17:51 . 2010-12-20 17:26 730112 c:\windows\system32\dllcache\lsasrv.dll
- 2004-08-10 17:51 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2004-08-10 18:01 . 2011-01-27 11:57 677888 c:\windows\system32\dllcache\lhmstsc.exe
- 2004-08-10 18:01 . 2008-04-14 00:12 677888 c:\windows\system32\dllcache\lhmstsc.exe
- 2004-08-10 17:51 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2004-08-10 17:51 . 2010-12-22 12:34 301568 c:\windows\system32\dllcache\kerberos.dll
- 2004-08-10 17:51 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll
+ 2004-08-10 17:51 . 2011-03-04 06:37 726528 c:\windows\system32\dllcache\jscript.dll
+ 2004-08-10 18:02 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2009-10-24 13:32 . 2011-11-04 19:20 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2004-08-10 17:51 . 2011-11-04 19:20 184320 c:\windows\system32\dllcache\iepeers.dll
- 2004-08-10 17:51 . 2009-12-21 19:14 184320 c:\windows\system32\dllcache\iepeers.dll
- 2004-08-10 17:51 . 2009-12-21 19:14 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-10 17:51 . 2011-11-04 19:20 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-10 17:51 . 2011-11-04 11:24 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-10 18:02 . 2010-06-14 14:31 744448 c:\windows\system32\dllcache\helpsvc.exe
- 2004-08-10 18:02 . 2008-04-14 00:12 744448 c:\windows\system32\dllcache\helpsvc.exe
+ 2004-08-10 18:01 . 2011-02-11 13:25 229888 c:\windows\system32\dllcache\fxscover.exe
+ 2004-08-10 17:51 . 2011-10-18 11:13 186880 c:\windows\system32\dllcache\encdec.dll
- 2004-08-10 17:51 . 2008-04-14 00:11 186880 c:\windows\system32\dllcache\encdec.dll
+ 2004-08-10 17:50 . 2011-03-03 06:55 149504 c:\windows\system32\dllcache\dnsapi.dll
- 2004-08-10 17:50 . 2008-04-14 00:11 599040 c:\windows\system32\dllcache\crypt32.dll
+ 2004-08-10 17:50 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll
+ 2004-08-10 17:50 . 2010-08-23 16:12 617472 c:\windows\system32\dllcache\comctl32.dll
- 2004-08-10 17:50 . 2008-04-14 00:11 617472 c:\windows\system32\dllcache\comctl32.dll
+ 2004-08-10 17:50 . 2011-02-15 12:56 290432 c:\windows\system32\dllcache\atmfd.dll
+ 2004-08-10 17:50 . 2011-08-17 13:49 138496 c:\windows\system32\dllcache\afd.sys
- 2004-08-10 17:50 . 2008-08-14 10:04 138496 c:\windows\system32\dllcache\afd.sys
+ 2004-08-10 17:50 . 2010-02-12 04:33 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2007-07-20 20:04 . 2005-09-08 10:20 122940 c:\windows\system32\DLA\dlactrlw.exe
- 2004-08-10 17:50 . 2008-04-14 00:11 599040 c:\windows\system32\crypt32.dll
+ 2004-08-10 17:50 . 2011-09-28 07:06 599040 c:\windows\system32\crypt32.dll
- 2004-08-10 17:50 . 2008-04-14 00:11 617472 c:\windows\system32\comctl32.dll
+ 2004-08-10 17:50 . 2010-08-23 16:12 617472 c:\windows\system32\comctl32.dll
+ 2004-08-10 17:50 . 2011-02-15 12:56 290432 c:\windows\system32\atmfd.dll
+ 2011-06-11 07:58 . 2011-06-11 07:58 138056 c:\windows\system32\atl100.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 138056 c:\windows\system32\atl100.dll
+ 2004-08-10 17:50 . 2010-02-12 04:33 100864 c:\windows\system32\6to4svc.dll
+ 2011-02-11 13:25 . 2011-02-11 13:25 229888 c:\windows\ServicePackFiles\ServicePackCache\i386\fxscover.exe
+ 2004-08-10 18:02 . 2010-06-14 14:31 744448 c:\windows\pchealth\helpctr\binaries\helpsvc.exe
- 2004-08-10 18:02 . 2008-04-14 00:12 744448 c:\windows\pchealth\helpctr\binaries\helpsvc.exe
+ 2011-12-26 09:54 . 2011-12-26 09:54 496400 c:\windows\Microsoft.NET\Framework\v4.0.30319\webengine4.dll
- 2010-03-18 18:16 . 2010-03-18 18:16 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
+ 2011-07-09 15:30 . 2011-07-09 15:30 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
+ 2011-12-26 10:39 . 2011-12-26 10:39 192792 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
+ 2011-07-09 15:30 . 2011-07-09 15:30 956240 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
- 2010-03-18 18:16 . 2010-03-18 18:16 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
+ 2011-04-12 21:11 . 2011-04-12 21:11 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
+ 2010-03-31 06:16 . 2010-03-31 06:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2010-04-08 05:48 . 2010-04-08 05:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2010-04-08 05:48 . 2010-04-08 05:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
- 2008-07-30 00:16 . 2008-07-30 00:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2011-12-25 09:49 . 2011-12-25 09:49 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2010-02-09 18:22 . 2010-02-09 18:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2008-07-25 16:17 . 2008-07-25 16:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2011-07-07 11:18 . 2011-07-07 11:18 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-03-25 12:15 . 2011-03-25 12:15 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2009-08-08 04:51 . 2009-08-08 04:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-07-07 11:18 . 2011-07-07 11:18 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2008-05-28 05:49 . 2008-05-28 05:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2011-12-25 04:55 . 2011-12-25 04:55 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2008-05-28 05:48 . 2008-05-28 05:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2011-12-25 04:53 . 2011-12-25 04:53 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2011-12-25 05:49 . 2011-12-25 05:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2008-05-28 06:30 . 2008-05-28 06:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 431984 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll
- 2011-07-06 22:15 . 2011-07-06 22:15 431984 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 511344 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
- 2011-07-06 22:15 . 2011-07-06 22:15 511344 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-07-06 22:15 . 2011-07-06 22:15 826208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 826208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 321912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
- 2011-07-06 22:15 . 2011-07-06 22:15 321912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
- 2011-07-06 22:15 . 2011-07-06 22:15 137568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 137568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll
- 2011-07-06 22:15 . 2011-07-06 22:15 132464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 132464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
- 2011-07-06 22:15 . 2011-07-06 22:15 237928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 237928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 316272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
- 2011-07-06 22:15 . 2011-07-06 22:15 316272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 170872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll
- 2011-07-06 22:15 . 2011-07-06 22:15 170872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2011-07-06 22:10 . 2011-07-06 22:10 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-07-06 22:10 . 2011-07-06 22:10 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-07-06 22:15 . 2011-07-06 22:15 683368 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 683368 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 178040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll
- 2011-07-06 22:15 . 2011-07-06 22:15 178040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 804720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
- 2011-07-06 22:15 . 2011-07-06 22:15 804720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-07-06 22:10 . 2011-07-06 22:10 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-07-06 22:10 . 2011-07-06 22:10 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna

#11 gnikk

gnikk
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 03 February 2012 - 12:16 AM

ComboFix log continued:

- 2011-07-06 22:11 . 2011-07-06 22:11 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 587624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks\v4.0_4.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
- 2011-07-06 22:15 . 2011-07-06 22:15 587624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks\v4.0_4.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
- 2011-07-06 22:10 . 2011-07-06 22:10 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2011-07-06 22:10 . 2011-07-06 22:10 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-07-06 22:10 . 2011-07-06 22:10 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 220024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll
- 2011-07-06 22:15 . 2011-07-06 22:15 220024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 107376 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-07-06 22:15 . 2011-07-06 22:15 107376 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 714600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-07-06 22:15 . 2011-07-06 22:15 714600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 498520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-07-06 22:15 . 2011-07-06 22:15 498520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-07-06 22:10 . 2011-07-06 22:10 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-07-06 22:10 . 2011-07-06 22:10 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 495984 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2011-07-06 22:15 . 2011-07-06 22:15 495984 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-12-25 11:40 . 2011-12-25 11:40 819200 c:\windows\Installer\d2327.msp
+ 2010-02-25 06:14 . 2010-02-25 06:14 543232 c:\windows\Installer\d2292.msp
+ 2012-02-02 01:07 . 2012-02-02 01:07 467456 c:\windows\Installer\d228c.msi
+ 2012-02-02 01:38 . 2012-02-02 01:38 223744 c:\windows\Installer\2a7651.msi
+ 2012-02-02 01:32 . 2009-12-21 19:14 916480 c:\windows\ie8updates\KB2618444-IE8\wininet.dll
+ 2012-02-02 01:32 . 2009-03-08 09:34 105984 c:\windows\ie8updates\KB2618444-IE8\url.dll
+ 2012-02-02 01:32 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2618444-IE8\spuninst\updspapi.dll
+ 2012-02-02 01:32 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2618444-IE8\spuninst\spuninst.exe
+ 2012-02-02 01:32 . 2009-12-21 19:14 206848 c:\windows\ie8updates\KB2618444-IE8\occache.dll
+ 2012-02-02 01:32 . 2009-03-08 09:32 611840 c:\windows\ie8updates\KB2618444-IE8\mstime.dll
+ 2012-02-02 01:32 . 2009-12-21 19:14 594432 c:\windows\ie8updates\KB2618444-IE8\msfeeds.dll
+ 2012-02-02 01:32 . 2009-12-21 19:14 246272 c:\windows\ie8updates\KB2618444-IE8\ieproxy.dll
+ 2012-02-02 01:32 . 2009-12-21 19:14 184320 c:\windows\ie8updates\KB2618444-IE8\iepeers.dll
+ 2012-02-02 01:32 . 2009-03-08 09:35 742912 c:\windows\ie8updates\KB2618444-IE8\iedvtool.dll
+ 2012-02-02 01:32 . 2009-12-21 19:14 387584 c:\windows\ie8updates\KB2618444-IE8\iedkcs32.dll
+ 2012-02-02 01:32 . 2009-12-21 13:19 173056 c:\windows\ie8updates\KB2618444-IE8\ie4uinit.exe
+ 2012-02-02 01:06 . 2009-03-08 09:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll
+ 2012-02-02 01:06 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll
+ 2012-02-02 01:06 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
+ 2012-02-02 01:07 . 2009-03-08 09:33 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
+ 2012-02-02 01:07 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
+ 2012-02-02 01:07 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
+ 2012-02-02 01:07 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll
+ 2008-11-12 20:45 . 2011-07-15 13:29 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2012-02-02 01:34 . 2012-02-02 01:34 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_862e7348\System.Drawing.dll
+ 2012-02-02 01:34 . 2012-02-02 01:34 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_326b86b8\System.Drawing.Design.dll
+ 2012-02-02 01:34 . 2012-02-02 01:34 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_bcc3c29c\CustomMarshalers.dll
+ 2012-02-02 03:52 . 2012-02-02 03:52 404480 c:\windows\assembly\NativeImages_v4.0.30319_32\XamlBuildTask\ecb0328b918c4a5adfbd83c946e0e196\XamlBuildTask.ni.dll
+ 2012-02-02 03:48 . 2012-02-02 03:48 356864 c:\windows\assembly\NativeImages_v4.0.30319_32\WsatConfig\040df73a6631957668b3d538e70ff7a0\WsatConfig.ni.exe
+ 2012-02-02 03:52 . 2012-02-02 03:52 252416 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\b18816abd9dd59ca3f1d682a756e5745\WindowsFormsIntegration.ni.dll
+ 2012-02-02 03:49 . 2012-02-02 03:49 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\c170b431f43ab80000d31bcc58acd1a5\UIAutomationTypes.ni.dll
+ 2012-02-02 03:52 . 2012-02-02 03:52 482816 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\ee096062554a6344a49083910c0af16e\UIAutomationClient.ni.dll
+ 2012-02-02 03:49 . 2012-02-02 03:49 391680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\1faca3f09472860e010689b67c68a327\System.Xml.Linq.ni.dll
+ 2012-02-02 03:49 . 2012-02-02 03:49 188928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\eeb9b49d8598c6f5926f494074af2d69\System.Windows.Input.Manipulations.ni.dll
+ 2012-02-02 03:52 . 2012-02-02 03:52 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\a863e081c9bcbaec568abe127fb1dbe3\System.Windows.Forms.DataVisualization.Design.ni.dll
+ 2012-02-02 03:49 . 2012-02-02 03:49 224256 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.RegularE#\386e276cb95b2116d2662d4684126895\System.Web.RegularExpressions.ni.dll
+ 2012-02-02 03:52 . 2012-02-02 03:52 864256 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\8df52ddecec26752d703df9d12236688\System.Web.Extensions.Design.ni.dll
+ 2012-02-02 03:52 . 2012-02-02 03:52 334848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\fe84f37a8516df60cdac854877b10d4c\System.Web.Entity.ni.dll
+ 2012-02-02 03:52 . 2012-02-02 03:52 297984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\20bf1148d776288a46b2b0e2f4d0582a\System.Web.Entity.Design.ni.dll
+ 2012-02-02 03:52 . 2012-02-02 03:52 708096 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\3d0404968e66893c9514ae5e1ae70537\System.Web.DynamicData.ni.dll
+ 2012-02-02 03:52 . 2012-02-02 03:52 260096 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\6624e14fb88b0d2bf2d6074d9d548b11\System.Web.DataVisualization.Design.ni.dll
+ 2012-02-02 03:49 . 2012-02-02 03:49 646656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\344c1e000e4158cc37a5e9068e095d40\System.Transactions.ni.dll
+ 2012-02-02 03:49 . 2012-02-02 03:49 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\a0e090647c856fe52e1f1e5d2a25b1ac\System.ServiceProcess.ni.dll
+ 2012-02-02 03:51 . 2012-02-02 03:51 425472 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\a901a73f236e319100cc6f95f10aac4c\System.ServiceModel.Activation.ni.dll
+ 2012-02-02 03:52 . 2012-02-02 03:52 365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\1cce5f9cad92a8ba3deb833291637b95\System.ServiceModel.Routing.ni.dll
+ 2012-02-02 01:28 . 2012-02-02 01:28 729088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\c12a8284683ba6b400a4562da310ce59\System.Security.ni.dll
+ 2012-02-02 03:49 . 2012-02-02 03:49 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\137a2ae391d89577ad63db08303a5158\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-02 03:49 . 2012-02-02 03:49 771584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\4f84d9b7209d8d81c308deda59c60524\System.Runtime.Remoting.ni.dll
+ 2012-02-02 03:49 . 2012-02-02 03:49 241664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Cach#\69686330b905615bdbc5a43d159ed335\System.Runtime.Caching.ni.dll
+ 2012-02-02 01:27 . 2012-02-02 01:27 145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\d038332bf07a163f855200919ee678cc\System.Numerics.ni.dll
+ 2012-02-02 03:52 . 2012-02-02 03:52 653312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\8410db646e037bab93d66ef9d17a3ce5\System.Net.ni.dll
+ 2012-02-02 03:51 . 2012-02-02 03:51 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\7cdd3b54c476345732c735ea253d95d5\System.Messaging.ni.dll
+ 2012-02-02 03:52 . 2012-02-02 03:52 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\fe11b4a9c8067184aff54b627b0e046b\System.Management.Instrumentation.ni.dll
+ 2012-02-02 03:52 . 2012-02-02 03:52 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\7970b94c1582f58c8f79f531f104c754\System.IO.Log.ni.dll
+ 2012-02-02 03:51 . 2012-02-02 03:51 229376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\26bdff3178be53810cb7bac268f7af08\System.IdentityModel.Selectors.ni.dll
+ 2012-02-02 03:49 . 2012-02-02 03:49 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\a2baf116d3055aadb99b77e327a74907\System.EnterpriseServices.Wrapper.dll
+ 2012-02-02 03:49 . 2012-02-02 03:49 786944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\a2baf116d3055aadb99b77e327a74907\System.EnterpriseServices.ni.dll
+ 2012-02-02 01:27 . 2012-02-02 01:27 377344 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\d8131e4810c207d23b977603fdad6e33\System.Dynamic.ni.dll
+ 2012-02-02 01:28 . 2012-02-02 01:28 224768 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\fcc666923b1ee799fa03c87082249868\System.Drawing.Design.ni.dll
+ 2012-02-02 03:52 . 2012-02-02 03:52 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\86db06eb0e133c3c2042cd6abcfff399\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-02 03:49 . 2012-02-02 03:49 468992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\2f7f2d7c549c23373541e052c8364755\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-02 03:52 . 2012-02-02 03:52 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\ecae7de1b9e1cf0d6d3bc7f01b891a1a\System.Device.ni.dll
+ 2012-02-02 03:52 . 2012-02-02 03:52 508416 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\e57c88d8d9bc9c0e3241f4747782befa\System.Data.Services.Design.ni.dll
+ 2012-02-02 03:50 . 2012-02-02 03:50 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\e6c62a3b06ae5f2f9de5164117dd6ba6\System.Data.DataSetExtensions.ni.dll
+ 2012-02-02 01:28 . 2012-02-02 01:28 980480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\cb7cfe8f0e8532f6381c22bf719a95dc\System.Configuration.ni.dll
+ 2012-02-02 03:49 . 2012-02-02 03:49 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\96907044ee8b845f05d72805d100fb7e\System.Configuration.Install.ni.dll
+ 2012-02-02 01:27 . 2012-02-02 01:27 690176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\d5f97e0367e37f9aead033b54f40a895\System.ComponentModel.Composition.ni.dll
+ 2012-02-02 03:50 . 2012-02-02 03:50 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\c11789fd2d4aeb3a41b8a925975ebd96\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-02 03:50 . 2012-02-02 03:50 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\53e0aa766368680b3785a0867d632f0c\System.AddIn.ni.dll
+ 2012-02-02 03:50 . 2012-02-02 03:50 404992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\aef6e32f096486514002cee2bd716b0b\System.Activities.DurableInstancing.ni.dll
+ 2012-02-02 03:48 . 2012-02-02 03:48 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\eee8be5d9f06c6d32cb1eeca8cfbfe38\SMSvcHost.ni.exe
+ 2012-02-02 03:49 . 2012-02-02 03:49 142848 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\c60bbf982563abd181e673c1d5e92006\SMDiagnostics.ni.dll
+ 2012-02-02 01:27 . 2012-02-02 01:27 450560 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d2ad394c477fc1c71c900c892d7fce0b\PresentationFramework.Aero.ni.dll
+ 2012-02-02 01:27 . 2012-02-02 01:27 284160 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\63f98ea6df6a734c122348fa32296df0\PresentationFramework.Classic.ni.dll
+ 2012-02-02 01:28 . 2012-02-02 01:28 656896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\61aa640996b77695572adefea8fd36b7\PresentationFramework.Luna.ni.dll
+ 2012-02-02 01:27 . 2012-02-02 01:27 327680 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\30d7b48c6018eb8d7db378908568130f\PresentationFramework.Royale.ni.dll
+ 2012-02-02 03:48 . 2012-02-02 03:48 274432 c:\windows\assembly\NativeImages_v4.0.30319_32\MSBuild\50ef00afe8174ef7b9ca3577a301b02b\MSBuild.ni.exe
+ 2012-02-02 03:49 . 2012-02-02 03:49 219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\bb4c4b1083c312a8d139184726b1b30b\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-02-02 03:49 . 2012-02-02 03:49 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\54c59931e1860675710f19c7c3ba4cc8\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-02 03:49 . 2012-02-02 03:49 631808 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Uti#\503994046462b53944ed2915dfb43cb0\Microsoft.Build.Utilities.v4.0.ni.dll
+ 2012-02-02 03:48 . 2012-02-02 03:48 258048 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Fra#\1bf86eecca78429158f8e8b8910f3e6e\Microsoft.Build.Framework.ni.dll
+ 2012-02-02 03:48 . 2012-02-02 03:48 135680 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Con#\1b119eca340bea3a2489017f8f4e9aac\Microsoft.Build.Conversion.v4.0.ni.dll
+ 2012-02-02 03:48 . 2012-02-02 03:48 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\04226f317855c555a957f4c2d0dc240d\CustomMarshalers.ni.dll
+ 2012-02-02 03:48 . 2012-02-02 03:48 474624 c:\windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\b1f3bb67ddbeb6f698ae4eab0f2885eb\ComSvcConfig.ni.exe
+ 2012-02-02 03:48 . 2012-02-02 03:48 851968 c:\windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\99cc7207886c65b89a74e08e0d44729b\AspNetMMCExt.ni.dll
+ 2012-02-02 03:46 . 2012-02-02 03:46 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\c8627df7adb416722d8e0f05c57fef6b\WsatConfig.ni.exe
+ 2012-02-02 01:54 . 2012-02-02 01:54 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a2c1bb3c5b1447b398e72c56091ca571\WindowsFormsIntegration.ni.dll
+ 2012-02-02 01:54 . 2012-02-02 01:54 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f102afdffdbe2565bcedb7fa0626b865\UIAutomationTypes.ni.dll
+ 2012-02-02 01:44 . 2012-02-02 01:44 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\1d1a920a8e798c76879d56b151789d3e\UIAutomationTypes.ni.dll
+ 2012-02-02 01:54 . 2012-02-02 01:54 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\ba55240b7753047f8d1b03ef473bf74e\UIAutomationClient.ni.dll
+ 2012-02-02 03:48 . 2012-02-02 03:48 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\566b2e11e7f3f6d973b17b86cf42f9bc\System.Xml.Linq.ni.dll
+ 2012-02-02 03:48 . 2012-02-02 03:48 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\0bda7bdfaf440d5dd4bc6a1dea7ffa39\System.Web.Routing.ni.dll
+ 2012-02-02 03:48 . 2012-02-02 03:48 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\018b6e48c32d5b5d78086998e3505f1c\System.Web.RegularExpressions.ni.dll
+ 2012-02-02 03:48 . 2012-02-02 03:48 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6e29f9faa74a48b83a13a3413b826295\System.Web.Extensions.Design.ni.dll
+ 2012-02-02 03:48 . 2012-02-02 03:48 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\be8965fe859bc53dff61579bf626858b\System.Web.Entity.ni.dll
+ 2012-02-02 03:48 . 2012-02-02 03:48 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\8441b3eb247e0344fede848337ee911c\System.Web.Entity.Design.ni.dll
+ 2012-02-02 03:48 . 2012-02-02 03:48 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\09c6a41f187ba483486cdb92dad714a1\System.Web.DynamicData.ni.dll
+ 2012-02-02 03:48 . 2012-02-02 03:48 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\5efb726d424b9712632eff749411fa89\System.Web.Abstractions.ni.dll
+ 2012-02-02 03:47 . 2012-02-02 03:47 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll
+ 2012-02-02 03:47 . 2012-02-02 03:47 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
+ 2012-02-02 03:46 . 2012-02-02 03:46 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\36c12de583ee81e9c99acb72b09d77ac\System.Security.ni.dll
+ 2012-02-02 03:47 . 2012-02-02 03:47 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\81096bfe85eb0da5f05e8a127ffa43b2\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-02 03:47 . 2012-02-02 03:47 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\b2a84980f206431821d85d5155d5916f\System.Net.ni.dll
+ 2012-02-02 03:47 . 2012-02-02 03:47 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
+ 2012-02-02 03:47 . 2012-02-02 03:47 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\f36eded354122da9555a6c7cdbdb5431\System.Management.Instrumentation.ni.dll
+ 2012-02-02 03:45 . 2012-02-02 03:45 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\20a77c41ee12362d303fb2574fcd5a24\System.IO.Log.ni.dll
+ 2012-02-02 03:45 . 2012-02-02 03:45 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\41c3a2fcffc58b20023c7d54e57ea956\System.IdentityModel.Selectors.ni.dll
+ 2012-02-02 03:47 . 2012-02-02 03:47 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.Wrapper.dll
+ 2012-02-02 03:47 . 2012-02-02 03:47 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.ni.dll
+ 2012-02-02 01:53 . 2012-02-02 01:53 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\896eca06e2d9377b2dc4fad56ce49b07\System.Drawing.Design.ni.dll
+ 2012-02-02 03:47 . 2012-02-02 03:47 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\33e9b0c368c31ef37a2ec7b5a181044b\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-02 03:47 . 2012-02-02 03:47 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\11cdd1c0d65428cd3505d3813d36638c\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-02 03:47 . 2012-02-02 03:47 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e5ada332a9bc3c982e6aede6ba354196\System.Data.Services.Client.ni.dll
+ 2012-02-02 03:47 . 2012-02-02 03:47 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3f179f373f31817a914b639a56cc0497\System.Data.Services.Design.ni.dll
+ 2012-02-02 03:47 . 2012-02-02 03:47 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\f374e8e7849a72d1470b4a6a0771a137\System.Data.Entity.Design.ni.dll
+ 2012-02-02 03:46 . 2012-02-02 03:46 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\b9d9ff5d03e90ede1116794f2c7dd6da\System.Data.DataSetExtensions.ni.dll
+ 2012-02-02 03:46 . 2012-02-02 03:46 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
+ 2012-02-02 03:47 . 2012-02-02 03:47 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\29d7091f6eab0ec61c4eb625ed221b73\System.Configuration.Install.ni.dll
+ 2012-02-02 03:46 . 2012-02-02 03:46 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\3048737e9e3bf5173121a084337256bc\System.AddIn.ni.dll
+ 2012-02-02 03:46 . 2012-02-02 03:46 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6e45cf503f025c5fe814ea7e52f62a78\SMSvcHost.ni.exe
+ 2012-02-02 03:46 . 2012-02-02 03:46 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\474a341340f687bcbd7777f2820a8c7a\SMDiagnostics.ni.dll
+ 2012-02-02 03:46 . 2012-02-02 03:46 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\439732479756e0f6df88d29e50a402bf\ServiceModelReg.ni.exe
+ 2012-02-02 01:46 . 2012-02-02 01:46 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d548bacfbb5e860debf12027d4b753ae\PresentationFramework.Classic.ni.dll
+ 2012-02-02 01:53 . 2012-02-02 01:53 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c2ebcc8d60422f224b4088f3d7a2ac1f\PresentationFramework.Luna.ni.dll
+ 2012-02-02 01:53 . 2012-02-02 01:53 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94cfc00ad448575bfb0e67c53b514cd5\PresentationFramework.Aero.ni.dll
+ 2012-02-02 01:53 . 2012-02-02 01:53 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\478d57d96f3d8d5fc15c7ac635a4a6a1\PresentationFramework.Classic.ni.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\24b04dd14603fb47394499ecfedc4afb\PresentationFramework.Royale.ni.dll
+ 2012-02-02 01:53 . 2012-02-02 01:53 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\23c5852ff8ed973ff9b63ce9ba7f91f0\PresentationFramework.Royale.ni.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0a1dbf17855d43bdf5c904709fdfe1cd\PresentationFramework.Aero.ni.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\088d16321ba4b13795060bb8b9bc4d09\PresentationFramework.Luna.ni.dll
+ 2012-02-02 03:46 . 2012-02-02 03:46 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\04595f414c49cf2a65b349648ba23e62\MSBuild.ni.exe
+ 2012-02-02 03:46 . 2012-02-02 03:46 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\4cbd7ed9fbf9f1b3cbdf23906cc0f5a3\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-02 03:46 . 2012-02-02 03:46 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\ff6d4892775fd1f9b137f7c92ea453f2\Microsoft.Build.Utilities.ni.dll
+ 2012-02-02 03:46 . 2012-02-02 03:46 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\47ff0720cb80a0fc0bbd15ddc3d12adc\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-02-02 03:46 . 2012-02-02 03:46 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\da112c5757e3c68d6369b6aa46cc9682\Microsoft.Build.Engine.ni.dll
+ 2012-02-02 03:46 . 2012-02-02 03:46 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\dc278e1123086ae32fec8f7e9751db14\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-02-02 03:46 . 2012-02-02 03:46 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll
+ 2012-02-02 03:46 . 2012-02-02 03:46 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\4e68d5df30b197ff72c75f1c3c24b949\ComSvcConfig.ni.exe
+ 2012-02-02 03:45 . 2012-02-02 03:45 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\bfcea15c95909860c4f4ac19bd7a2d6c\AspNetMMCExt.ni.dll
- 2009-10-15 09:46 . 2009-10-15 09:46 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-10-15 09:46 . 2009-10-15 09:46 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-10-15 09:46 . 2009-10-15 09:46 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-10-15 09:46 . 2009-10-15 09:46 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-02-02 01:24 . 2012-02-02 01:24 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2009-10-15 09:46 . 2009-10-15 09:46 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-10-15 09:46 . 2009-10-15 09:46 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-02-02 01:47 . 2012-02-02 01:47 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-10-15 09:46 . 2009-10-15 09:46 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-10-15 09:47 . 2009-10-15 09:47 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-02-02 01:47 . 2012-02-02 01:47 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-02-02 01:24 . 2012-02-02 01:24 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2009-10-15 09:46 . 2009-10-15 09:46 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-10-15 09:46 . 2009-10-15 09:46 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-10-15 09:46 . 2009-10-15 09:46 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-02-02 01:47 . 2012-02-02 01:47 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-10-15 09:47 . 2009-10-15 09:47 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-02-02 01:47 . 2012-02-02 01:47 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-10-15 09:47 . 2009-10-15 09:47 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-02-02 01:47 . 2012-02-02 01:47 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-10-15 09:47 . 2009-10-15 09:47 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-10-15 09:47 . 2009-10-15 09:47 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-02-02 01:47 . 2012-02-02 01:47 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-02-02 01:24 . 2012-02-02 01:24 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-08-21 08:06 . 2009-08-21 08:06 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-10-15 09:46 . 2009-10-15 09:46 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-10-15 09:46 . 2009-10-15 09:46 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-10-15 09:46 . 2009-10-15 09:46 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-10-15 09:46 . 2009-10-15 09:46 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-02-02 01:47 . 2012-02-02 01:47 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-10-15 09:46 . 2009-10-15 09:47 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-10-15 09:46 . 2009-10-15 09:46 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-10-15 09:46 . 2009-10-15 09:46 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-10-15 09:46 . 2009-10-15 09:46 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-10-15 09:46 . 2009-10-15 09:46 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-10-15 09:46 . 2009-10-15 09:46 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-02-02 01:47 . 2012-02-02 01:47 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2009-10-15 09:47 . 2009-10-15 09:47 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-02-02 00:43 . 2010-10-23 00:51 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll
+ 2012-02-02 00:59 . 2010-08-23 16:12 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 3781960 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 3766600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll
+ 2011-05-14 02:04 . 2011-05-14 02:04 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll
+ 2011-05-14 02:04 . 2011-05-14 02:04 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80.dll
+ 2004-08-10 17:51 . 2010-04-06 10:52 2462720 c:\windows\system32\WMVCore.dll
+ 2004-08-10 17:51 . 2011-11-04 19:20 1212416 c:\windows\system32\urlmon.dll
+ 2004-08-10 17:51 . 2011-01-21 14:44 8462336 c:\windows\system32\shell32.dll
+ 2004-08-10 17:51 . 2011-11-03 15:28 1292288 c:\windows\system32\quartz.dll
+ 2004-08-10 17:51 . 2011-11-01 16:07 1288704 c:\windows\system32\ole32.dll
+ 2004-08-10 17:51 . 2011-10-25 13:37 2148864 c:\windows\system32\ntoskrnl.exe
+ 2004-08-04 03:59 . 2011-10-25 12:52 2027008 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-10 17:51 . 2010-06-14 07:41 1172480 c:\windows\system32\msxml3.dll
- 2004-08-10 17:51 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
+ 2004-08-10 18:01 . 2011-02-02 07:58 2067456 c:\windows\system32\mstscax.dll
+ 2004-08-10 17:51 . 2011-11-04 19:20 5978112 c:\windows\system32\mshtml.dll
+ 2011-06-11 07:58 . 2011-06-11 07:58 4422992 c:\windows\system32\mfc100u.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 4422992 c:\windows\system32\mfc100u.dll
- 2011-02-20 04:03 . 2011-02-20 04:03 4397384 c:\windows\system32\mfc100.dll
+ 2011-06-11 07:58 . 2011-06-11 07:58 4397384 c:\windows\system32\mfc100.dll
+ 2009-03-08 09:32 . 2011-11-04 19:20 2000384 c:\windows\system32\iertutil.dll
+ 2004-08-10 17:51 . 2010-04-06 10:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
+ 2004-08-10 17:51 . 2011-11-23 13:25 1859584 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-10 17:51 . 2011-11-04 19:20 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-10 17:51 . 2011-01-21 14:44 8462336 c:\windows\system32\dllcache\shell32.dll
+ 2004-08-10 17:51 . 2011-11-03 15:28 1292288 c:\windows\system32\dllcache\quartz.dll
+ 2004-08-10 17:51 . 2011-11-01 16:07 1288704 c:\windows\system32\dllcache\ole32.dll
+ 2008-10-15 17:56 . 2011-10-25 13:33 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2004-08-04 03:59 . 2011-10-25 12:52 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-15 17:56 . 2011-10-25 12:52 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2004-08-10 17:51 . 2011-10-25 13:37 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2004-08-10 17:51 . 2010-06-14 07:41 1172480 c:\windows\system32\dllcache\msxml3.dll
- 2004-08-10 17:51 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2004-08-10 18:02 . 2010-01-29 15:01 1315328 c:\windows\system32\dllcache\msoe.dll
- 2004-08-10 18:02 . 2009-07-10 13:27 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2004-08-10 17:51 . 2011-11-04 19:20 5978112 c:\windows\system32\dllcache\mshtml.dll
- 2004-08-10 18:02 . 2008-04-14 00:12 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2004-08-10 18:02 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2004-08-10 18:01 . 2011-02-02 07:58 2067456 c:\windows\system32\dllcache\lhmstscx.dll
+ 2009-10-24 13:32 . 2011-11-04 19:20 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2011-04-12 21:11 . 2011-04-12 21:11 5028200 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll
+ 2011-12-26 09:54 . 2011-12-26 09:54 1863464 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Extensions.dll
+ 2011-12-26 09:54 . 2011-12-26 09:54 5230864 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.dll
+ 2011-04-28 17:06 . 2011-04-28 17:06 1749880 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.DataVisualization.dll
+ 2011-04-28 14:48 . 2011-04-28 14:48 3510600 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
+ 2011-07-09 15:30 . 2011-07-09 15:30 5197648 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2011-07-09 15:30 . 2011-07-09 15:30 1142616 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
+ 2011-07-09 15:30 . 2011-07-09 15:30 6724424 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
+ 2010-04-08 05:48 . 2010-04-08 05:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2011-03-25 12:15 . 2011-03-25 12:15 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2008-07-25 16:17 . 2008-07-25 16:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2011-12-25 09:50 . 2011-12-25 09:50 5246976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2011-04-29 03:50 . 2011-04-29 03:50 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-07-07 11:18 . 2011-07-07 11:18 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2011-07-07 11:18 . 2011-07-07 11:18 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-12-25 17:07 . 2011-12-25 17:07 2064384 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2011-12-25 17:06 . 2011-12-25 17:06 1269760 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2008-05-28 06:35 . 2008-05-28 06:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2011-12-25 17:06 . 2011-12-25 17:06 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2011-12-25 04:54 . 2011-12-25 04:54 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2008-05-28 05:48 . 2008-05-28 05:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2011-12-25 04:53 . 2011-12-25 04:53 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2011-12-25 17:06 . 2011-12-25 17:06 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2008-05-28 05:43 . 2008-05-28 05:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 1587064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
- 2011-07-06 22:15 . 2011-07-06 22:15 1587064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
- 2011-07-06 22:15 . 2011-07-06 22:15 1070960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 1070960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 1863464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 1749880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2011-07-06 22:15 . 2011-07-06 22:15 5078360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 5078360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2011-07-06 22:15 . 2011-07-06 22:15 1327968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 1327968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 1064816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll
- 2011-07-06 22:15 . 2011-07-06 22:15 1064816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 5230864 c:\windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2011-07-06 22:10 . 2011-07-06 22:10 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-07-06 22:11 . 2011-07-06 22:11 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-02-02 01:26 . 2012-02-02 01:26 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-06-29 03:27 . 2011-06-29 03:27 4028928 c:\windows\Installer\d234d.msp
+ 2011-04-28 23:51 . 2011-04-28 23:51 1375744 c:\windows\Installer\d2336.msp
+ 2010-08-14 00:02 . 2010-08-14 00:02 2545664 c:\windows\Installer\d232f.msp
+ 2011-12-26 15:59 . 2011-12-26 15:59 4368896 c:\windows\Installer\d22fe.msp
+ 2011-11-01 19:34 . 2011-11-01 19:34 2531840 c:\windows\Installer\d22e9.msp
+ 2010-08-04 21:12 . 2010-08-04 21:12 1004544 c:\windows\Installer\d22e1.msp
+ 2011-07-27 13:39 . 2011-07-27 13:39 9892352 c:\windows\Installer\d22da.msp
+ 2010-04-12 04:17 . 2010-04-12 04:17 2607104 c:\windows\Installer\d22c4.msp
+ 2010-04-12 04:17 . 2010-04-12 04:17 4210688 c:\windows\Installer\d22c3.msp
+ 2011-12-26 11:06 . 2011-12-26 11:06 5115392 c:\windows\Installer\d22b0.msp
+ 2011-04-28 16:54 . 2011-04-28 16:54 2720768 c:\windows\Installer\d229d.msp
+ 2011-11-11 22:16 . 2011-11-11 22:16 8458240 c:\windows\Installer\d2282.msp
+ 2011-11-01 19:34 . 2011-11-01 19:34 1552384 c:\windows\Installer\2a768b.msp
+ 2011-05-02 06:06 . 2011-05-02 06:06 2705920 c:\windows\Installer\2a767b.msp
+ 2011-08-10 23:43 . 2011-08-10 23:43 3795968 c:\windows\Installer\2a766a.msp
+ 2011-04-29 18:28 . 2011-04-29 18:28 1995264 c:\windows\Installer\2a7658.msp
+ 2009-08-19 23:04 . 2009-08-19 23:04 4542296 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6514\WRD12CNV.DLL
+ 2009-08-17 20:32 . 2009-08-17 20:32 1787728 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6514\PPCNV.DLL
+ 2009-08-17 22:38 . 2009-08-17 22:38 8554872 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6514\OARTCONV.DLL
+ 2012-02-02 01:32 . 2009-12-21 19:14 1208832 c:\windows\ie8updates\KB2618444-IE8\urlmon.dll
+ 2012-02-02 01:32 . 2009-12-21 19:14 5942784 c:\windows\ie8updates\KB2618444-IE8\mshtml.dll
+ 2012-02-02 01:32 . 2009-12-21 19:14 1985536 c:\windows\ie8updates\KB2618444-IE8\iertutil.dll
+ 2008-10-15 17:56 . 2011-10-25 13:33 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-15 17:56 . 2011-10-25 12:52 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-15 17:56 . 2011-10-25 12:52 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-15 17:56 . 2011-10-25 13:37 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2012-02-02 01:34 . 2012-02-02 01:34 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_b4cd0231\System.dll
+ 2012-02-02 01:33 . 2012-02-02 01:33 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_8a506943\System.dll
+ 2012-02-02 01:34 . 2012-02-02 01:34 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_5043e793\System.Xml.dll
+ 2012-02-02 01:34 . 2012-02-02 01:34 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_04dc7cb6\System.Xml.dll
+ 2012-02-02 01:33 . 2012-02-02 01:33 3035136 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_f091512b\System.Windows.Forms.dll
+ 2012-02-02 01:34 . 2012-02-02 01:34 7917568 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_7d9ea883\System.Windows.Forms.dll
+ 2012-02-02 01:34 . 2012-02-02 01:34 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_3a925a01\System.Drawing.dll
+ 2012-02-02 01:34 . 2012-02-02 01:34 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_91513572\System.Design.dll
+ 2012-02-02 01:34 . 2012-02-02 01:34 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_1a39f638\System.Design.dll
+ 2012-02-02 01:34 . 2012-02-02 01:34 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_de763f39\mscorlib.dll
+ 2012-02-02 01:34 . 2012-02-02 01:34 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_014b2b0d\mscorlib.dll
+ 2012-02-02 01:27 . 2012-02-02 01:27 3798016 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\6e1c62ce679c8157560c7593c066cd85\WindowsBase.ni.dll
+ 2012-02-02 03:52 . 2012-02-02 03:52 1057792 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\0d8b512be71d0a491131dac4bada85cf\UIAutomationClientsideProviders.ni.dll
+ 2012-02-02 01:27 . 2012-02-02 01:27 9085952 c:\windows\assembly\NativeImages_v4.0.30319_32\System\af709611f9ffff0544b1d750303c4afa\System.ni.dll
+ 2012-02-02 01:28 . 2012-02-02 01:28 5618176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a401952384c24581989cdc85270f3d9d\System.Xml.ni.dll
+ 2012-02-02 03:48 . 2012-02-02 03:48 1781760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\4185130eda1d7a5e0e0474e72343570b\System.Xaml.ni.dll
+ 2012-02-02 03:52 . 2012-02-02 03:52 1208320 c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\8cd2807d50c15dc7d4dc310407fafe72\System.WorkflowServices.ni.dll
+ 2012-02-02 03:52 . 2012-02-02 03:52 1969152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Run#\4aac053a6c7c2a0f21903f3ded15ed62\System.Workflow.Runtime.ni.dll
+ 2012-02-02 03:52 . 2012-02-02 03:52 4461568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Com#\45b3e62f518b41959dc57f78d303c7d2\System.Workflow.ComponentModel.ni.dll
+ 2012-02-02 03:52 . 2012-02-02 03:52 2871808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\efbaa12cf2e60ab74689afa58e80dc3c\System.Workflow.Activities.ni.dll
+ 2012-02-02 03:52 . 2012-02-02 03:52 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\ee16a1514cffb8d75d96c2d3a182732a\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-02-02 03:49 . 2012-02-02 03:49 1897472 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\c6516ac5143b590c0b4a4e4206921345\System.Web.Services.ni.dll
+ 2012-02-02 03:52 . 2012-02-02 03:52 2334720 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\49b986837197982c6ffb3654b4efeb98\System.Web.Mobile.ni.dll
+ 2012-02-02 03:52 . 2012-02-02 03:52 3123200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\08b2642af07248880b6e0bc133024072\System.Web.Extensions.ni.dll
+ 2012-02-02 03:52 . 2012-02-02 03:52 4535808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\1656b4ce9f7d4fa4d967e8ea1d939ef4\System.Web.DataVisualization.ni.dll
+ 2012-02-02 03:52 . 2012-02-02 03:52 2011136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\2cafd0c1f713d71c1ad113adcaab71c7\System.Speech.ni.dll
+ 2012-02-02 03:51 . 2012-02-02 03:51 1051648 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ed405b25d38f585140a9ff0eb8579ede\System.ServiceModel.Web.ni.dll
+ 2012-02-02 03:52 . 2012-02-02 03:52 1128960 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\64433e6b7a1662a93a7c48229fbd4eed\System.ServiceModel.Discovery.ni.dll
+ 2012-02-02 03:51 . 2012-02-02 03:51 1387520 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\44fc3d9cf54d6e5926444a22b04f3b8e\System.ServiceModel.Activities.ni.dll
+ 2012-02-02 03:49 . 2012-02-02 03:49 2637312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\d04876810fa42d76546c5f1239f82943\System.Runtime.Serialization.ni.dll
+ 2012-02-02 03:49 . 2012-02-02 03:49 1020928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\c051780bb4f90580d46e80e6cd91c29f\System.Runtime.DurableInstancing.ni.dll
+ 2012-02-02 03:49 . 2012-02-02 03:49 1050112 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\f02f3ea43a6eaa6f7faa13ef31b63af1\System.Printing.ni.dll
+ 2012-02-02 03:51 . 2012-02-02 03:51 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\8d18ece52d96bfd1204ef646cefc4680\System.Management.ni.dll
+ 2012-02-02 03:51 . 2012-02-02 03:51 1072128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\fb2283aab5cdf8f5f93322be38a8734d\System.IdentityModel.ni.dll
+ 2012-02-02 01:27 . 2012-02-02 01:27 1652736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c04dcef499114715d2a222c01ea6b227\System.Drawing.ni.dll
+ 2012-02-02 03:49 . 2012-02-02 03:49 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\8968ac05250cff8cbfbcff1f83e3b98a\System.DirectoryServices.ni.dll
+ 2012-02-02 03:49 . 2012-02-02 03:49 1878016 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\384a6a4a4ec8cf84ca9b0d031afe290b\System.Deployment.ni.dll
+ 2012-02-02 01:27 . 2012-02-02 01:27 6798336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\494945003f729a5d6ec21324dff8c7b9\System.Data.ni.dll
+ 2012-02-02 01:28 . 2012-02-02 01:28 2545152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\1648cdc8909a9af097bde83f4c4e79a7\System.Data.SqlXml.ni.dll
+ 2012-02-02 03:51 . 2012-02-02 03:51 2018304 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Services\65de54b5883c0b7f6c4d5933b8bdece5\System.Data.Services.ni.dll
+ 2012-02-02 03:52 . 2012-02-02 03:52 1338880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\1a2bc468fa7fa92c05c03067b2989dd3\System.Data.Services.Client.ni.dll
+ 2012-02-02 03:49 . 2012-02-02 03:49 1189376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\22e03bf9d011ac30fd9dd559902d392b\System.Data.OracleClient.ni.dll
+ 2012-02-02 01:27 . 2012-02-02 01:27 2512384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\3cffbf0b7dea6898ef53cb5b7c5df023\System.Data.Linq.ni.dll
+ 2012-02-02 03:51 . 2012-02-02 03:51 1408512 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity.#\7689dcedb56a6afbee08eec666f49300\System.Data.Entity.Design.ni.dll
+ 2012-02-02 01:27 . 2012-02-02 01:27 7054336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\52598abacb89081ab248f435d9dabdf4\System.Core.ni.dll
+ 2012-02-02 03:49 . 2012-02-02 03:49 4121088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\c796f3c66633a10c86137a21c2e6a5c2\System.Activities.ni.dll
+ 2012-02-02 03:50 . 2012-02-02 03:50 3713024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\a883968d22f88c8f3ca2886147f987df\System.Activities.Presentation.ni.dll
+ 2012-02-02 03:50 . 2012-02-02 03:50 1518080 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\ca1d6e08f435634177e86738fb1656be\System.Activities.Core.Presentation.ni.dll
+ 2012-02-02 03:49 . 2012-02-02 03:49 2859008 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\54984bde314324fef70c9af78bfbef72\ReachFramework.ni.dll
+ 2012-02-02 03:49 . 2012-02-02 03:49 1630208 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\dbfb5689700b31f9173aceca76863885\PresentationUI.ni.dll
+ 2012-02-02 03:49 . 2012-02-02 03:49 1478144 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationBuildTa#\5d7e4420f19b0c5d29becfb1769ff249\PresentationBuildTasks.ni.dll
+ 2012-02-02 03:49 . 2012-02-02 03:49 1836544 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\dd95ef965cafab043a454a2b678a083d\Microsoft.VisualBasic.ni.dll
+ 2012-02-02 03:49 . 2012-02-02 03:49 1136640 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\d0b8385d1f1ff27a5af8619e7f51aa0b\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-02-02 03:49 . 2012-02-02 03:49 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\905bb851cac8f8e0ffd58ec89f6592a2\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-02-02 03:49 . 2012-02-02 03:49 1082368 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\fe6fa906c2231a9682d712a64eb9ba14\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-02 03:52 . 2012-02-02 03:52 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\46c01deb670388b92682013749c3a90a\Microsoft.JScript.ni.dll
+ 2012-02-02 01:28 . 2012-02-02 01:28 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\c94610345c43aa63f696b3ce06da1b9a\Microsoft.CSharp.ni.dll
+ 2012-02-02 03:48 . 2012-02-02 03:48 4243456 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build\85a117ce04a437566beb9f60b0f0462a\Microsoft.Build.ni.dll
+ 2012-02-02 03:49 . 2012-02-02 03:49 2868736 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\18b8fc43c6d5f0c3bed17526a1f89a61\Microsoft.Build.Tasks.v4.0.ni.dll
+ 2012-02-02 03:48 . 2012-02-02 03:48 1929216 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Eng#\af6c0eb567701f561d08b15f8ad54f30\Microsoft.Build.Engine.ni.dll
+ 2012-02-02 01:45 . 2012-02-02 01:45 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\9f1f276d7fd42f6ba72b790646ed897c\WindowsBase.ni.dll
+ 2012-02-02 01:52 . 2012-02-02 01:52 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll
+ 2012-02-02 01:54 . 2012-02-02 01:54 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\55d4813580b1e5d268ff0564942cee9c\UIAutomationClientsideProviders.ni.dll
+ 2012-02-02 01:52 . 2012-02-02 01:52 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
+ 2012-02-02 01:45 . 2012-02-02 01:45 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\6c9d830a0a73ef95247adf6dc3f8e8da\System.ni.dll
+ 2012-02-02 01:54 . 2012-02-02 01:54 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
+ 2012-02-02 03:48 . 2012-02-02 03:48 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\05c29118462056cf810df0b6aa660d05\System.WorkflowServices.ni.dll
+ 2012-02-02 03:48 . 2012-02-02 03:48 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\26b3258c559dc0ab6bdce481ffd458b3\System.Workflow.Runtime.ni.dll
+ 2012-02-02 03:48 . 2012-02-02 03:48 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\1642d1b72cd84caf24cbe7c5e8fd8368\System.Workflow.ComponentModel.ni.dll
+ 2012-02-02 03:48 . 2012-02-02 03:48 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\32ce12c3c2049f2df94c44c94b052e16\System.Workflow.Activities.ni.dll
+ 2012-02-02 03:48 . 2012-02-02 03:48 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f63ae1310e004777e880f28377bcddd2\System.Web.Services.ni.dll
+ 2012-02-02 03:48 . 2012-02-02 03:48 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\c99b02434e71ca9898bebbc08d63e885\System.Web.Mobile.ni.dll
+ 2012-02-02 03:48 . 2012-02-02 03:48 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c8f78b9e94857fdf6c2a378dd1629ee0\System.Web.Extensions.ni.dll
+ 2012-02-02 01:53 . 2012-02-02 01:53 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\10d7daa3d1e62a0e40587cdc707be93f\System.Speech.ni.dll
+ 2012-02-02 03:47 . 2012-02-02 03:47 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ae749b024162e9ac79110c633b5ce6be\System.ServiceModel.Web.ni.dll
+ 2012-02-02 03:45 . 2012-02-02 03:45 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\afd6134c090faf8c29cd64d4835142b2\System.Runtime.Serialization.ni.dll
+ 2012-02-02 01:53 . 2012-02-02 01:53 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\0f8e14bfdb27645fb1a92ce26f9bf521\System.Printing.ni.dll
+ 2012-02-02 03:45 . 2012-02-02 03:45 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\23eb4618c9d171be9fb551a13a475a32\System.IdentityModel.ni.dll
+ 2012-02-02 01:53 . 2012-02-02 01:53 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
+ 2012-02-02 03:47 . 2012-02-02 03:47 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\91cd88a803768151c6262853d3454ba7\System.DirectoryServices.ni.dll
+ 2012-02-02 03:47 . 2012-02-02 03:47 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\cc5ac99e8af2738e85cda5525fdd944f\System.Deployment.ni.dll
+ 2012-02-02 01:53 . 2012-02-02 01:53 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll
+ 2012-02-02 03:46 . 2012-02-02 03:46 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ef748704f543a8791e23387652d34dfb\System.Data.SqlXml.ni.dll
+ 2012-02-02 03:47 . 2012-02-02 03:47 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\f35064c125799df650c1a959d8fa450b\System.Data.Services.ni.dll
+ 2012-02-02 01:53 . 2012-02-02 01:53 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\d96a94076acb8e0c5a96a1b2de4b3a7a\System.Data.Linq.ni.dll
+ 2012-02-02 03:47 . 2012-02-02 03:47 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\b70adfee3b5ed7e0688d13f24cbec556\System.Data.Entity.ni.dll
+ 2012-02-02 01:53 . 2012-02-02 01:53 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\d507b9e0e50e453793ee5e01c07a5485\System.Core.ni.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\b5d529270be72ea36a32cf215bb90b3c\ReachFramework.ni.dll
+ 2012-02-02 01:53 . 2012-02-02 01:53 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\714e9504255565bd9076fe13628e104a\ReachFramework.ni.dll
+ 2012-02-02 01:53 . 2012-02-02 01:53 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\7dc6ee14234b0686182ced75f7dae990\PresentationUI.ni.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\27dc7312b95340199425d7b494818e8e\PresentationUI.ni.dll
+ 2012-02-02 01:45 . 2012-02-02 01:45 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\ab1d34c77b5cdf441f656090928f25e5\PresentationBuildTasks.ni.dll
+ 2012-02-02 01:52 . 2012-02-02 01:52 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\37fd70ad5f3726031995041b246fe862\PresentationBuildTasks.ni.dll
+ 2012-02-02 03:46 . 2012-02-02 03:46 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a86c12788293105a0d9fda1bc90c90bc\Microsoft.VisualBasic.ni.dll
+ 2012-02-02 03:46 . 2012-02-02 03:46 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\ce1ecd602ca089eb13a9b428dc7f0449\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-02 03:47 . 2012-02-02 03:47 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\8ad32b72258899177c07dc5912b5b748\Microsoft.JScript.ni.dll
+ 2012-02-02 03:46 . 2012-02-02 03:46 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\50e7c5eb58c982dba7b21cd10a69b095\Microsoft.Build.Tasks.ni.dll
+ 2012-02-02 03:46 . 2012-02-02 03:46 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\415cef6abab5bb959f200f6c537bc289\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-02-02 03:46 . 2012-02-02 03:46 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\eea7bcc8d356e3f2dcb4f36dfc1c6bc0\Microsoft.Build.Engine.ni.dll
+ 2012-02-02 01:32 . 2012-02-02 01:32 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-02-02 01:47 . 2012-02-02 01:47 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-10-15 09:47 . 2009-10-15 09:47 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-10-15 09:46 . 2009-10-15 09:46 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-08-21 08:10 . 2009-08-21 08:10 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-02-02 01:34 . 2012-02-02 01:34 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-02-02 01:24 . 2012-02-02 01:24 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-10-15 09:46 . 2009-10-15 09:46 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-02-02 01:32 . 2012-02-02 01:32 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-10-15 09:47 . 2009-10-15 09:47 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-02-02 01:47 . 2012-02-02 01:47 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-08-21 08:06 . 2009-08-21 08:06 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-02-02 01:32 . 2012-02-02 01:32 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-02-02 01:47 . 2012-02-02 01:47 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-10-15 09:41 . 2009-10-15 09:41 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2012-02-02 01:33 . 2012-02-02 01:33 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2012-02-02 01:33 . 2012-02-02 01:33 2064384 c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-02-02 01:33 . 2012-02-02 01:33 1269760 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2004-08-10 17:51 . 2009-07-14 04:43 10841088 c:\windows\system32\wmp.dll
+ 2004-08-10 17:51 . 2010-08-26 05:36 10841088 c:\windows\system32\wmp.dll
+ 2012-02-02 01:36 . 2012-01-04 23:15 52128560 c:\windows\system32\MRT.exe
+ 2009-03-08 09:39 . 2011-11-04 19:20 11081728 c:\windows\system32\ieframe.dll
+ 2004-08-10 17:51 . 2010-08-26 05:36 10841088 c:\windows\system32\dllcache\wmp.dll
- 2004-08-10 17:51 . 2009-07-14 04:43 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2009-10-24 13:32 . 2011-11-04 19:20 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2011-12-26 23:02 . 2011-12-26 23:02 12482048 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2656353\M2656353Uninstall.msp
+ 2011-12-26 15:02 . 2011-12-26 15:02 19677184 c:\windows\Installer\d2321.msp
+ 2010-03-31 07:23 . 2010-03-31 07:23 15638528 c:\windows\Installer\d2308.msp
+ 2011-07-11 23:19 . 2011-07-11 23:19 10619904 c:\windows\Installer\d22f5.msp
+ 2010-04-12 04:17 . 2010-04-12 04:17 14599680 c:\windows\Installer\d22d2.msp
+ 2011-04-13 17:37 . 2011-04-13 17:37 19201024 c:\windows\Installer\d22aa.msp
+ 2011-03-28 09:27 . 2011-03-28 09:27 15456256 c:\windows\Installer\2a7683.msp
+ 2012-02-02 01:42 . 2012-02-02 01:42 20333568 c:\windows\Installer\2a7675.msp
+ 2011-07-12 02:43 . 2011-07-12 02:43 11641344 c:\windows\Installer\2a7662.msp
+ 2009-08-17 22:39 . 2009-08-17 22:39 15119720 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6514\XL12CNV.EXE
+ 2009-08-17 21:40 . 2009-08-17 21:40 17309040 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6514\MSO.DLL
+ 2012-02-02 01:32 . 2009-12-21 19:14 11070464 c:\windows\ie8updates\KB2618444-IE8\ieframe.dll
+ 2012-02-02 01:28 . 2012-02-02 01:28 13137920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f2a34f1fb98ab9e8a76a22e132e18b21\System.Windows.Forms.ni.dll
+ 2012-02-02 03:49 . 2012-02-02 03:49 12076032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\022bb29a475db0110dfa955f319b7f07\System.Web.ni.dll
+ 2012-02-02 03:51 . 2012-02-02 03:51 17996800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\8f98e8e2739c6887f5721b8482767479\System.ServiceModel.ni.dll
+ 2012-02-02 01:28 . 2012-02-02 01:28 10980352 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\1cb783843ec3b7cf6ceca83228855fb4\System.Design.ni.dll
+ 2012-02-02 03:51 . 2012-02-02 03:51 13325312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\8e3c1cec16dfb531846f357a17e3a77a\System.Data.Entity.ni.dll
+ 2012-02-02 01:28 . 2012-02-02 01:28 17671168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\63d537bacaab5416d09a2a3cdf6a3667\PresentationFramework.ni.dll
+ 2012-02-02 01:27 . 2012-02-02 01:27 11106816 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\75f3656725581b2c90785755775bdf48\PresentationCore.ni.dll
+ 2012-02-02 01:27 . 2012-02-02 01:27 14407680 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll
+ 2012-02-02 01:35 . 2012-02-02 01:35 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB03.tmp\System.ServiceModel.dll
+ 2012-02-02 01:54 . 2012-02-02 01:54 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
+ 2012-02-02 03:48 . 2012-02-02 03:48 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll
+ 2012-02-02 03:46 . 2012-02-02 03:46 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\2dac4fc006596760cd4988d0bfd52ff0\System.ServiceModel.ni.dll
+ 2012-02-02 01:53 . 2012-02-02 01:53 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\9e15d80ffb037e9171fa4bd2e0233497\System.Design.ni.dll
+ 2012-02-02 01:46 . 2012-02-02 01:46 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\91ec4372b866e439088ebce6418ed000\PresentationFramework.ni.dll
+ 2012-02-02 01:53 . 2012-02-02 01:53 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\054488924fcc579cce9fa0209dafe28b\PresentationFramework.ni.dll
+ 2012-02-02 01:45 . 2012-02-02 01:45 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e80c7e597ec4931fca9abd3df49f578e\PresentationCore.ni.dll
+ 2012-02-02 01:52 . 2012-02-02 01:52 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll
+ 2012-02-02 01:51 . 2012-02-02 01:51 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
+ 2012-02-02 01:41 . 2012-02-02 01:41 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\44ecf972f11f3c238782da31f27df7e5\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-11-29 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-11-08 02:29 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-12-14 23:17 47904 -c--a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-11-06 19:19 136176 ----atw- c:\documents and settings\The Kings\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-29 02:21 141600 -c--a-w- c:\program files\iTunes\ituneshelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-02 22:05 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-09-30 18:19 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-01-10 06:23 4616064 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-21 13:00 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
2009-09-30 22:57 718688 ----a-w- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\swkotor\\swkotor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\oblivion\\OblivionLauncher.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 12:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 11:48 AM 116608]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [3/17/2006 4:25 PM 65536]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [10/13/2010 10:42 PM 583640]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [2/26/2009 9:47 AM 47360]
S1 SABKUTIL;SABKUTIL;\??\j:\sabkutil.sys --> j:\SABKUTIL.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys --> c:\windows\system32\Drivers\COH_Mon.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\Drivers\PROCEXP151.SYS --> c:\windows\system32\Drivers\PROCEXP151.SYS [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - BASFND
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2012-02-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-21 18:10]
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4035743746-1989056851-3061778754-1006Core.job
- c:\documents and settings\The Kings\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-06 19:19]
.
2012-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4035743746-1989056851-3061778754-1006UA.job
- c:\documents and settings\The Kings\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-06 19:19]
.
2012-02-03 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2010-10-14 13:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\The Kings\Application Data\Mozilla\Firefox\Profiles\ag0s3sra.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-02 22:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,a6,70,09,d4,e7,a2,46,ae,e4,0c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,a6,70,09,d4,e7,a2,46,ae,e4,0c,\
.
[HKEY_USERS\S-1-5-21-4035743746-1989056851-3061778754-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-4035743746-1989056851-3061778754-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,40,d2,01,71,32,62,96,49,9f,7f,86,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,40,d2,01,71,32,62,96,49,9f,7f,86,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(868)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3588)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-02-02 22:55:48
ComboFix-quarantined-files.txt 2012-02-03 04:55
ComboFix2.txt 2012-02-02 00:58
ComboFix3.txt 2012-02-01 04:52
.
Pre-Run: 116,357,246,976 bytes free
Post-Run: 118,401,785,856 bytes free
.
- - End Of File - - 27D1CD24C1FCDDCA79A68DE1ECE18882

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:18 AM

Posted 03 February 2012 - 02:50 AM

Hi

the log is still showing signs of infection

c:\program files\QuickTime\qttask .exe
c:\program files\Yahoo!\Search Protection\searchprotection .exe

(note the spaces before the .exe)

The comboFix log was so long because of all the updates that were installed, that shouldn't happen again



Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

RenV::
c:\program files\QuickTime\qttask   .exe
c:\program files\Yahoo!\Search Protection\searchprotection .exe
ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 gnikk

gnikk
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 03 February 2012 - 09:36 PM

I ran it, but I think I may still be infected with something. When I came to check to see if ComboFix was completed, it was, but I had a popup from PC Tools Registry Mechanic. I closed it through Task Manager. Here is the ComboFix log:

ComboFix 12-02-01.01 - The Kings 02/03/2012 16:15:56.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1683 [GMT -6:00]
Running from: c:\documents and settings\The Kings\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\The Kings\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-01-03 to 2012-02-03 )))))))))))))))))))))))))))))))
.
.
2012-02-02 00:42 . 2011-11-04 19:20 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2012-01-24 18:33 . 2012-01-24 18:34 -------- d-----w- c:\program files\HRBlock2011
2012-01-24 03:20 . 2012-01-24 03:20 -------- d-----w- c:\documents and settings\The Kings\Local Settings\Application Data\Sun
2012-01-24 03:06 . 2012-01-24 03:06 -------- d-----w- c:\program files\Common Files\Java
2012-01-24 03:06 . 2012-01-24 03:05 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-01-24 03:06 . 2012-01-24 03:05 141312 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-22 19:59 . 2012-01-22 19:59 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2012-01-22 19:38 . 2001-08-17 19:28 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2012-01-22 19:37 . 2001-08-17 19:28 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys
2012-01-22 19:36 . 2001-08-18 04:36 216064 ----a-w- c:\windows\system32\dllcache\um34scan.dll
2012-01-22 19:35 . 2001-08-17 18:13 17129 ----a-w- c:\windows\system32\dllcache\tdkcd31.sys
2012-01-22 19:34 . 2004-08-04 10:00 101376 ----a-w- c:\windows\system32\dllcache\srusbusd.dll
2012-01-22 19:33 . 2004-08-04 10:00 38912 ----a-w- c:\windows\system32\dllcache\sm9aw.dll
2012-01-22 19:32 . 2001-08-17 19:53 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys
2012-01-22 19:31 . 2001-08-17 19:57 65664 ----a-w- c:\windows\system32\dllcache\s3legacy.sys
2012-01-22 19:30 . 2001-08-17 19:28 128286 ----a-w- c:\windows\system32\dllcache\ptserli.sys
2012-01-22 19:29 . 2004-08-04 03:31 29502 ----a-w- c:\windows\system32\dllcache\pca200e.sys
2012-01-22 19:28 . 2001-08-17 19:47 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys
2012-01-22 19:27 . 2001-08-18 04:36 19968 ----a-w- c:\windows\system32\dllcache\mxicfg.dll
2012-01-22 19:26 . 2001-08-18 04:36 65536 ----a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll
2012-01-22 19:25 . 2001-08-17 20:55 5632 ----a-w- c:\windows\system32\dllcache\kbd103.dll
2012-01-22 19:24 . 2001-08-17 18:12 100936 ----a-w- c:\windows\system32\dllcache\ibmtok.sys
2012-01-22 19:23 . 2001-08-18 04:36 93696 ----a-w- c:\windows\system32\dllcache\hpgt42.dll
2012-01-22 19:22 . 2001-08-18 04:36 43520 ----a-w- c:\windows\system32\dllcache\EXCH_fcachdll.dll
2012-01-22 19:21 . 2001-08-17 18:11 66591 ----a-w- c:\windows\system32\dllcache\el90xbc5.sys
2012-01-22 19:20 . 2001-08-17 18:12 117760 ----a-w- c:\windows\system32\dllcache\d100ib5.sys
2012-01-22 19:19 . 2001-08-17 19:51 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
2012-01-22 19:18 . 2001-08-17 20:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-24 03:05 . 2011-01-03 23:43 567184 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-10 21:24 . 2010-02-14 19:58 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2004-08-10 17:51 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-10 17:51 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-10 17:51 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-10 17:51 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-10 17:51 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-21 04:04 . 2012-01-03 22:17 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-11-29 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-11-08 02:29 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-12-14 23:17 47904 -c--a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-11-06 19:19 136176 ----atw- c:\documents and settings\The Kings\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-29 02:21 141600 -c--a-w- c:\program files\iTunes\ituneshelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 06:54 417792 -c--a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-02 22:05 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-09-30 18:19 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-01-10 06:23 4616064 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-21 13:00 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
2009-09-30 22:57 718688 ----a-w- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\swkotor\\swkotor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\oblivion\\OblivionLauncher.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 12:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 11:48 AM 116608]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [3/17/2006 4:25 PM 65536]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [10/13/2010 10:42 PM 583640]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [2/26/2009 9:47 AM 47360]
S1 SABKUTIL;SABKUTIL;\??\j:\sabkutil.sys --> j:\SABKUTIL.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys --> c:\windows\system32\Drivers\COH_Mon.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\Drivers\PROCEXP151.SYS --> c:\windows\system32\Drivers\PROCEXP151.SYS [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2012-02-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-21 18:10]
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4035743746-1989056851-3061778754-1006Core.job
- c:\documents and settings\The Kings\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-06 19:19]
.
2012-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4035743746-1989056851-3061778754-1006UA.job
- c:\documents and settings\The Kings\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-06 19:19]
.
2012-02-03 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2010-10-14 13:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\The Kings\Application Data\Mozilla\Firefox\Profiles\ag0s3sra.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-03 16:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,a6,70,09,d4,e7,a2,46,ae,e4,0c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,a6,70,09,d4,e7,a2,46,ae,e4,0c,\
.
[HKEY_USERS\S-1-5-21-4035743746-1989056851-3061778754-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(860)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(884)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-02-03 16:47:35
ComboFix-quarantined-files.txt 2012-02-03 22:47
ComboFix2.txt 2012-02-03 04:55
ComboFix3.txt 2012-02-02 00:58
ComboFix4.txt 2012-02-01 04:52
.
Pre-Run: 118,394,888,192 bytes free
Post-Run: 118,370,840,576 bytes free
.
- - End Of File - - C7D60521079EA72288A1B18986213E17

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:18 AM

Posted 03 February 2012 - 10:23 PM

Depends on the path that PC tools found the detection, it may have alerted on something in quarantine already or an old system restore point.

Did you not what and where the detection was?

The log appears to be clean


Please run the following:

Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.


NEXT


  • Open My Computer.
  • Right-click the local disk volume that you want to defragment (usually your C:\ drive) > then click Properties.
  • On the Tools tab > click Defragment Now.
  • Click Defragment.


NEXT



Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 gnikk

gnikk
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 04 February 2012 - 02:29 AM

PC Tools said something about 400 something registry errors. That was the reason I thought it may have been malware. I updated Adobe and defragmented. I still have the same issue, so I guess it's not related to malware? I wish I could narrow the problem down, I'll keep searching to see if I can figure it out.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users