Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by 64 BIT Zero Access Rootkit


  • This topic is locked This topic is locked
20 replies to this topic

#1 Casey_D.

Casey_D.

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 19 February 2012 - 10:13 PM

For the past few weeks I have been dealing with some kind of infection that has been redirecting me from my Google searches. I have ran spybot search & destroy with nothing being found, and also ran malwarebytes anti-malware. The malwarebtyes found 5 Trojans, removed then and restarted but I am still coming across with this redirect.

And I should point out the redirects aren't my major concern with whatever I have gotten, my major issue is that I cannot connect to my localhost or 127.0.0.1 because of whatever I have been infected with. (Just a note I am 99% certain this is the issue as I have had 2-3 different professionals take a look at my system and they are also stumped as to why it may be happening otherwise.)

Other things I have tried are resetting the host file back to factory settings to no avail. Running both the programs I used in safe mode, also not finding anything else after those 5. Also I cannot get winsock to reset after reading that may be an issue but I just come up with the missing .dll error.

Thanks to the help of narenxp I now know that it is a 64 BIT zero access rootkit.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_30
Run by Grie at 19:03:14 on 2012-02-19
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.5118.2614 [GMT -8:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
B:\Windows\system32\wininit.exe
B:\Windows\system32\lsm.exe
B:\Windows\system32\svchost.exe -k DcomLaunch
B:\Windows\system32\nvvsvc.exe
B:\Windows\system32\svchost.exe -k RPCSS
B:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
B:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
B:\Windows\system32\svchost.exe -k netsvcs
B:\Windows\system32\svchost.exe -k LocalService
B:\Windows\system32\svchost.exe -k NetworkService
B:\Windows\System32\spoolsv.exe
B:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
B:\Windows\SysWOW64\svchost.exe -k Akamai
B:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
B:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
B:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
B:\Windows\system32\svchost.exe -k imgsvc
B:\Windows\system32\Wacom_Tablet.exe
B:\Windows\System32\svchost.exe -k secsvcs
B:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
B:\Windows\system32\nvvsvc.exe
B:\Windows\SYSTEM32\WISPTIS.EXE
B:\Windows\system32\WTablet\Wacom_TabletUser.exe
B:\Windows\system32\Dwm.exe
B:\Windows\Explorer.EXE
B:\Windows\system32\taskhost.exe
B:\Windows\system32\Wacom_Tablet.exe
B:\Windows\SYSTEM32\WISPTIS.EXE
B:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
B:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
B:\Windows\system32\SearchIndexer.exe
B:\Windows\System32\svchost.exe -k LocalServicePeerNet
B:\Program Files\Windows Media Player\wmpnetwk.exe
B:\Windows\System32\mobsync.exe
B:\Program Files (x86)\Mozilla Firefox\firefox.exe
B:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
B:\Windows\system32\wuauclt.exe
B:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
B:\Windows\explorer.exe
B:\xampp\xampp-control-3-beta.exe
B:\xampp\mysql\bin\mysqld.exe
B:\Program Files (x86)\uTorrent\uTorrent.exe
B:\Windows\SysWOW64\cmd.exe
B:\Windows\system32\conhost.exe
B:\Windows\SysWOW64\cscript.exe
B:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - B:\Program Files (x86)\Adobe

\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - B:\Program Files

(x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - B:

\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - B:\Program Files

(x86)\Java\jre6\bin\ssv.dll
BHO: MegaIeHelperBHO Class: {77f4e711-789b-447f-9614-96759b2f83c6} - B:\Users\Grie.Casey-PC

\AppData\Local\Megamedia\Megakey\MegaIeHelper.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - B:\Program Files (x86)\Skype

\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - B:

\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - B:\Program Files

(x86)\Java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - B:\Program Files (x86)\Adobe

\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
uRun: [AdobeBridge]
uRun: [NCsoft]
uRun: [uTorrent] "B:\Program Files (x86)\uTorrent\uTorrent.exe"
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
IE: Capture Web Page - B:\Users\Grie.Casey-PC\AppData\Local\Megamedia\Megakey\CaptureWebPage.htm
IE: E&xport to Microsoft Excel - B:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fetch to Megaupload - B:\Users\Grie.Casey-PC\AppData\Local\Megamedia\Megakey\MegaUpload.htm
IE: Se&nd to OneNote - B:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Sothink SWF Catcher - B:\Program Files (x86)\Common Files\SourceTec\SWF Catcher

\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - B:\Program Files (x86)\Common Files\SourceTec\SWF

Catcher\InternetExplorer.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - B:\Program

Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - B:\Program

Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - B:\Program

Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - B:

\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: B:\ProgramData\Megamedia\Megakey\msadm.dll
LSP: mswsock.dll
DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} -

hxxps://lva.msllab.microsoft.com/UnifiedLabViewer/checkpages/cabs/VMRCActiveXClient.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30

-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA} -

hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03

-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30

-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30

-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{B8716071-EB51-4893-B3C4-88E035A31DCD} : NameServer = 192.168.0.1
TCP: Interfaces\{C5F3D3AF-62C5-4185-A845-8BDB07A42BA5} : DhcpNameServer = 192.168.42.129
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - B:\Program Files (x86)\Common Files

\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - B:\Program Files

(x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - B:

\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3

consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - B:\Program Files

(x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - B:\Program Files

(x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - B:

\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - B:\Program Files

(x86)\Java\jre6\bin\ssv.dll
BHO-X64: MegaIeHelperBHO Class: {77F4E711-789B-447F-9614-96759B2F83C6} - B:\Users\Grie.Casey-PC

\AppData\Local\Megamedia\Megakey\MegaIeHelper.dll
BHO-X64: MegaIeHelperBHO - No File
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - B:\Program Files

(x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - B:

\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - B:\Program Files

(x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - B:\Program Files

(x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
IE-X64: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - B:\Program Files (x86)\Common Files\SourceTec

\SWF Catcher\InternetExplorer.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - B:

\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - B:\Users\Grie.Casey-PC\AppData\Roaming\Mozilla\Firefox\Profiles

\a9lp7851.default\
FF - prefs.js: browser.startup.homepage - www.cocc.edu
FF - prefs.js: network.proxy.type - 0
FF - component: B:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin

\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
FF - plugin: B:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: B:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: B:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: B:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: B:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
FF - plugin: B:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
FF - plugin: B:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: B:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: B:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: B:\Program Files (x86)\Microsoft Silverlight\3.0.50106.0\npctrlui.dll
FF - plugin: B:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: B:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: B:\Program Files (x86)\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: B:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: B:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: B:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: B:\Users\Grie.Casey-PC\AppData\Local\Megamedia\Megakey\npMegaPlugin.dll
FF - plugin: B:\Users\Grie.Casey-PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: B:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: B:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;B:\Windows\system32\Drivers\PxHlpa64.sys --> B:\Windows\system32\Drivers

\PxHlpa64.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;B:\Program Files (x86)\Common Files\Adobe\ARM

\1.0\armsvc.exe [2011-6-6 64952]
R2 Akamai;Akamai NetSession Interface;B:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 cpuz135;cpuz135;\??\B:\Windows\system32\drivers\cpuz135_x64.sys --> B:\Windows

\system32\drivers\cpuz135_x64.sys [?]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;B:\Program Files (x86)\LogMeIn Hamachi\hamachi-

2.exe [2012-2-7 2343816]
R2 TabletServiceWacom;TabletServiceWacom;B:\Windows\system32\Wacom_Tablet.exe --> B:\Windows

\system32\Wacom_Tablet.exe [?]
R3 pnetmdm;PdaNet Modem;B:\Windows\system32\DRIVERS\pnetmdm64.sys --> B:\Windows

\system32\DRIVERS\pnetmdm64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;B:\Windows\system32\DRIVERS\Rt64win7.sys --> B:\Windows

\system32\DRIVERS\Rt64win7.sys [?]
R3 wacmoumonitor;Wacom Mode Helper;B:\Windows\system32\DRIVERS\wacmoumonitor.sys --> B:\Windows

\system32\DRIVERS\wacmoumonitor.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;B:\Windows

\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;B:\Windows

\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);B:\Program Files (x86)\Google\Update\GoogleUpdate.exe

[2012-1-27 136176]
S2 KMService;KMService;B:\Windows\System32\srvany.exe [2010-10-6 8192]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-

nt.exe [?]
S3 androidusb;ADB Interface Driver;B:\Windows\system32\Drivers\androidusb.sys --> B:\Windows

\system32\Drivers\androidusb.sys [?]
S3 gupdatem;Google Update Service (gupdatem);B:\Program Files (x86)\Google\Update

\GoogleUpdate.exe [2012-1-27 136176]
S3 HTCAND64;HTC Device Driver;B:\Windows\system32\Drivers\ANDROIDUSB.sys --> B:\Windows

\system32\Drivers\ANDROIDUSB.sys [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;B:\Windows\System32\drivers\libusb0.sys

[2010-6-17 33792]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;B:

\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;B:\Windows

\system32\DRIVERS\MijXfilt.sys --> B:\Windows\system32\DRIVERS\MijXfilt.sys [?]
S3 npggsvc;nProtect GameGuard Service;B:\Windows\system32\GameMon.des -service --> B:\Windows

\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;B:\Program Files\Common Files\Microsoft Shared

\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PsSdk41;PsSdk41;\??\B:\Windows\system32\Drivers\pssdk41.sys --> B:\Windows\system32\Drivers

\pssdk41.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;B:\Windows\system32\drivers

\rdpvideominiport.sys --> B:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RivaTuner64;RivaTuner64;B:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena

2009 edition\RivaTuner64.sys [2009-8-22 19952]
S3 skfiltv;skfiltv;B:\Windows\system32\drivers\skfiltv.sys --> B:\Windows\system32\drivers

\skfiltv.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;B:\Program Files (x86)\Common Files\Adobe\SwitchBoard

\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;B:\Windows\system32\drivers\tsusbflt.sys --> B:\Windows\system32\drivers

\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;B:\Windows\system32\Drivers\usbaapl64.sys --> B:\Windows

\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;B:\Windows\system32\Wat\WatAdminSvc.exe

--> B:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;B:\Windows\system32\DRIVERS\wdcsam64.sys --> B:\Windows

\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2012-02-20 00:08:00 69000 ----a-w- B:\ProgramData\Microsoft\Windows Defender

\Definition Updates\{3600C580-01AF-4B73-899D-34A3F61B4869}\offreg.dll
2012-02-19 22:52:18 -------- d-s---w- B:\ComboFix
2012-02-19 22:47:56 98816 ----a-w- B:\Windows\sed.exe
2012-02-19 22:47:56 518144 ----a-w- B:\Windows\SWREG.exe
2012-02-19 22:47:56 256000 ----a-w- B:\Windows\PEV.exe
2012-02-19 22:47:56 208896 ----a-w- B:\Windows\MBR.exe
2012-02-19 22:04:13 515584 ----a-w- B:\Windows\System32\timedate.cpl
2012-02-19 22:04:13 478720 ----a-w- B:\Windows\SysWow64\timedate.cpl
2012-02-19 22:04:11 3145728 ----a-w- B:\Windows\System32\win32k.sys
2012-02-19 22:04:02 509952 ----a-w- B:\Windows\System32\ntshrui.dll
2012-02-19 22:04:02 442880 ----a-w- B:\Windows\SysWow64\ntshrui.dll
2012-02-19 22:02:23 75776 ----a-w- B:\Windows\SysWow64\psisrndr.ax
2012-02-19 22:02:23 613888 ----a-w- B:\Windows\System32\psisdecd.dll
2012-02-19 22:02:23 465408 ----a-w- B:\Windows\SysWow64\psisdecd.dll
2012-02-19 22:02:23 108032 ----a-w- B:\Windows\System32\psisrndr.ax
2012-02-19 22:02:08 498688 ----a-w- B:\Windows\System32\drivers\afd.sys
2012-02-19 22:01:19 6144 ----a-w- B:\Program Files\Internet Explorer\iecompat.dll
2012-02-19 22:01:19 6144 ----a-w- B:\Program Files (x86)\Internet Explorer

\iecompat.dll
2012-02-19 22:00:56 690688 ----a-w- B:\Windows\SysWow64\msvcrt.dll
2012-02-19 22:00:56 634880 ----a-w- B:\Windows\System32\msvcrt.dll
2012-02-19 22:00:45 861696 ----a-w- B:\Windows\System32\oleaut32.dll
2012-02-19 22:00:45 571904 ----a-w- B:\Windows\SysWow64\oleaut32.dll
2012-02-19 22:00:45 331776 ----a-w- B:\Windows\System32\oleacc.dll
2012-02-19 22:00:45 233472 ----a-w- B:\Windows\SysWow64\oleacc.dll
2012-02-19 22:00:33 723456 ----a-w- B:\Windows\System32\EncDec.dll
2012-02-19 22:00:33 534528 ----a-w- B:\Windows\SysWow64\EncDec.dll
2012-02-19 22:00:11 2048 ----a-w- B:\Windows\SysWow64\tzres.dll
2012-02-19 22:00:11 2048 ----a-w- B:\Windows\System32\tzres.dll
2012-02-19 21:59:31 1731920 ----a-w- B:\Windows\System32\ntdll.dll
2012-02-19 21:59:31 1292080 ----a-w- B:\Windows\SysWow64\ntdll.dll
2012-02-19 21:57:54 77312 ----a-w- B:\Windows\System32\packager.dll
2012-02-19 21:57:54 67072 ----a-w- B:\Windows\SysWow64\packager.dll
2012-02-05 14:20:55 0 --sha-w- B:\Windows\System32\dds_trash_log.cmd
.
==================== Find3M ====================
.
2012-02-18 05:45:34 414368 ----a-w- B:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-16 08:47:38 1188864 ----a-w- B:\Windows\System32\wininet.dll
2011-12-16 07:54:22 981504 ----a-w- B:\Windows\SysWow64\wininet.dll
2011-12-16 06:44:38 1638912 ----a-w- B:\Windows\System32\mshtml.tlb
2011-12-16 06:09:17 1638912 ----a-w- B:\Windows\SysWow64\mshtml.tlb
2011-12-10 23:24:08 23152 ----a-w- B:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 19:06:38.40 ===============

Attached Files


Edited by Casey_D., 19 February 2012 - 10:25 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:58 AM

Posted 20 February 2012 - 01:52 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Casey_D.

Casey_D.
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 20 February 2012 - 02:28 PM

ComboFix 12-02-19.02 - Grie 02/20/2012 1:02.4.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.5118.2717 [GMT -8:00]
Running from: b:\users\Grie.Casey-PC\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
b:\users\Grie.Casey-PC\AppData\Local\assembly\tmp
b:\users\Grie.Casey-PC\AppData\Roaming\Grie3SQLite3.dll
b:\users\Grie.Casey-PC\AppData\Roaming\Grielog.dat
b:\users\Grie.Casey-PC\AppData\Roaming\inst.exe
b:\users\Grie.Casey-PC\AppData\Roaming\mIRC\logs\status.log
b:\users\Grie.Casey-PC\AppData\Roaming\PC
b:\users\Grie.Casey-PC\AppData\Roaming\PC\WheelmanGame\Config\DF\cache\cache.dat
b:\users\Grie.Casey-PC\AppData\Roaming\PC\WheelmanGame\Config\DF\engine_log.html
b:\users\Grie.Casey-PC\AppData\Roaming\vso_ts_preview.xml
b:\users\Grie.Casey-PC\AppData\Roaming\Windir
b:\windows\assembly\GAC_32\Desktop.ini
b:\windows\assembly\GAC_64\Desktop.ini
b:\windows\system32\ReadMe.txt
b:\windows\System64
b:\windows\SysWow64\ijl11.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-01-20 to 2012-02-20 )))))))))))))))))))))))))))))))
.
.
2012-02-20 10:14 . 2012-02-20 10:14 -------- d-----w- b:\users\GRIE~1~CAS\AppData\Local\temp
2012-02-20 10:14 . 2012-02-20 10:14 -------- d-----w- b:\windows\system32\config\systemprofile\AppData\Local\temp
2012-02-20 10:14 . 2012-02-20 10:14 -------- d-----w- b:\users\Casey\AppData\Local\temp
2012-02-20 00:08 . 2012-02-20 00:08 69000 ----a-w- b:\programdata\Microsoft\Windows Defender\Definition Updates\{3600C580-01AF-4B73-899D-34A3F61B4869}\offreg.dll
2012-02-19 22:04 . 2011-12-30 06:26 515584 ----a-w- b:\windows\system32\timedate.cpl
2012-02-19 22:04 . 2011-12-30 05:27 478720 ----a-w- b:\windows\SysWow64\timedate.cpl
2012-02-19 22:04 . 2012-01-14 04:06 3145728 ----a-w- b:\windows\system32\win32k.sys
2012-02-19 22:04 . 2012-01-04 10:44 509952 ----a-w- b:\windows\system32\ntshrui.dll
2012-02-19 22:04 . 2012-01-04 08:58 442880 ----a-w- b:\windows\SysWow64\ntshrui.dll
2012-02-19 22:02 . 2011-08-17 05:26 613888 ----a-w- b:\windows\system32\psisdecd.dll
2012-02-19 22:02 . 2011-08-17 05:25 108032 ----a-w- b:\windows\system32\psisrndr.ax
2012-02-19 22:02 . 2011-08-17 04:24 465408 ----a-w- b:\windows\SysWow64\psisdecd.dll
2012-02-19 22:02 . 2011-08-17 04:19 75776 ----a-w- b:\windows\SysWow64\psisrndr.ax
2012-02-19 22:02 . 2011-12-28 03:59 498688 ----a-w- b:\windows\system32\drivers\afd.sys
2012-02-19 22:01 . 2011-08-13 05:27 6144 ----a-w- b:\program files\Internet Explorer\iecompat.dll
2012-02-19 22:01 . 2011-08-13 04:18 6144 ----a-w- b:\program files (x86)\Internet Explorer\iecompat.dll
2012-02-19 22:00 . 2011-12-16 08:46 634880 ----a-w- b:\windows\system32\msvcrt.dll
2012-02-19 22:00 . 2011-12-16 07:52 690688 ----a-w- b:\windows\SysWow64\msvcrt.dll
2012-02-19 22:00 . 2011-08-27 05:37 861696 ----a-w- b:\windows\system32\oleaut32.dll
2012-02-19 22:00 . 2011-08-27 05:37 331776 ----a-w- b:\windows\system32\oleacc.dll
2012-02-19 22:00 . 2011-08-27 04:26 571904 ----a-w- b:\windows\SysWow64\oleaut32.dll
2012-02-19 22:00 . 2011-08-27 04:26 233472 ----a-w- b:\windows\SysWow64\oleacc.dll
2012-02-19 22:00 . 2011-10-15 06:31 723456 ----a-w- b:\windows\system32\EncDec.dll
2012-02-19 22:00 . 2011-10-15 05:38 534528 ----a-w- b:\windows\SysWow64\EncDec.dll
2012-02-19 22:00 . 2011-11-05 05:32 2048 ----a-w- b:\windows\system32\tzres.dll
2012-02-19 22:00 . 2011-11-05 04:26 2048 ----a-w- b:\windows\SysWow64\tzres.dll
2012-02-19 21:59 . 2011-11-17 06:41 1731920 ----a-w- b:\windows\system32\ntdll.dll
2012-02-19 21:59 . 2011-11-17 05:38 1292080 ----a-w- b:\windows\SysWow64\ntdll.dll
2012-02-19 21:57 . 2011-11-19 14:58 77312 ----a-w- b:\windows\system32\packager.dll
2012-02-19 21:57 . 2011-11-19 14:01 67072 ----a-w- b:\windows\SysWow64\packager.dll
2012-02-05 14:20 . 2012-02-19 21:54 0 --sha-w- b:\windows\system32\dds_trash_log.cmd
2012-01-28 07:14 . 2012-01-28 07:17 -------- d-----w- b:\program files (x86)\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-18 05:45 . 2011-06-26 02:33 414368 ----a-w- b:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 23:24 . 2012-01-17 01:01 23152 ----a-w- b:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{77F4E711-789B-447F-9614-96759B2F83C6}]
2011-01-13 04:16 64000 ----a-w- b:\users\Grie.Casey-PC\AppData\Local\Megamedia\Megakey\MegaIeHelper.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="b:\program files (x86)\uTorrent\uTorrent.exe" [2011-04-19 399736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"AdobeCS4ServiceManager"="b:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;b:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;b:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);b:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-28 136176]
R3 androidusb;ADB Interface Driver;b:\windows\system32\Drivers\androidusb.sys [x]
R3 dump_wmimmc;dump_wmimmc;b:\program files (x86)\Gpotato\Flyff\GameGuard\dump_wmimmc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);b:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-28 136176]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;b:\windows\system32\drivers\libusb0.sys [2008-02-19 28672]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;b:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;b:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 NPF;NetGroup Packet Filter Driver;b:\windows\system32\drivers\npf.sys [x]
R3 osppsvc;Office Software Protection Platform;b:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PsSdk41;PsSdk41;b:\windows\system32\Drivers\pssdk41.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;b:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RivaTuner64;RivaTuner64;b:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2011-07-31 19952]
R3 skfiltv;skfiltv;b:\windows\system32\drivers\skfiltv.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;b:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;b:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;b:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;b:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;b:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;b:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;b:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;b:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 X6va003;X6va003;b:\users\GRIE~1.CAS\AppData\Local\Temp\0039EAD.tmp [x]
R3 X6va005;X6va005;b:\users\GRIE~1.CAS\AppData\Local\Temp\0055882.tmp [x]
S0 PxHlpa64;PxHlpa64;b:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;b:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Akamai;Akamai NetSession Interface;b:\windows\System32\svchost.exe [2009-07-14 27136]
S2 cpuz135;cpuz135;b:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;b:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-07 2343816]
S2 TabletServiceWacom;TabletServiceWacom;b:\windows\system32\Wacom_Tablet.exe [x]
S3 HTCAND64;HTC Device Driver;b:\windows\system32\Drivers\ANDROIDUSB.sys [x]
S3 pcouffin;VSO Software pcouffin;b:\windows\system32\Drivers\pcouffin.sys [x]
S3 pnetmdm;PdaNet Modem;b:\windows\system32\DRIVERS\pnetmdm64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;b:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 wacmoumonitor;Wacom Mode Helper;b:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-20 b:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- b:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-28 07:14]
.
2012-02-20 b:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- b:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-28 07:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77F4E711-789B-447F-9614-96759B2F83C6}]
2011-01-13 04:19 78336 ----a-w- b:\users\Grie.Casey-PC\AppData\Local\Megamedia\Megakey\x64\MegaIeHelper64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="b:\combofix\CF16506.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
KS0108
Xponaut_WBD
.
------- Supplementary Scan -------
.
uLocal Page = b:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = b:\windows\SysWOW64\blank.htm
IE: Capture Web Page - b:\users\Grie.Casey-PC\AppData\Local\Megamedia\Megakey\CaptureWebPage.htm
IE: E&xport to Microsoft Excel - b:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fetch to Megaupload - b:\users\Grie.Casey-PC\AppData\Local\Megamedia\Megakey\MegaUpload.htm
IE: Se&nd to OneNote - b:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Sothink SWF Catcher - b:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
LSP: b:\programdata\Megamedia\Megakey\msadm.dll
LSP: mswsock.dll
TCP: Interfaces\{B8716071-EB51-4893-B3C4-88E035A31DCD}: NameServer = 192.168.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - b:\users\Grie.Casey-PC\AppData\Roaming\Mozilla\Firefox\Profiles\a9lp7851.default\
FF - prefs.js: browser.startup.homepage - www.cocc.edu
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-NCsoft - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - b:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-InstallShield_{2A856E11-228D-459F-A196-6F4F7E104FFC} - b:\program files (x86)\InstallShield Installation Information\{2A856E11-228D-459F-A196-6F4F7E104FFC}\setup.exe
AddRemove-{2EEEC858-21F8-419B-8FE2-820621BFFCD7} - g:\getdataback\Uninstall.exe
AddRemove-{32F27FAA-60D1-4EC3-8502-51AEC72BF50F} - b:\program files (x86)\InstallShield Installation Information\{32F27FAA-60D1-4EC3-8502-51AEC72BF50F}\setup.exe
AddRemove-{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F} - g:\getdataback for ntfs\Uninstall.exe
AddRemove-FXAA Post Process Injector - b:\program files (x86)\The Elder Scrolls V Skyrim\Uninstal.exe
AddRemove-NCsoft-CityOfHeroes - d:\city of heros\NCLauncher.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="b:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="b:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
"ImagePath"="\??\b:\users\GRIE~1.CAS\AppData\Local\Temp\0039EAD.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\b:\users\GRIE~1.CAS\AppData\Local\Temp\0055882.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3843598834-1698903087-2497583273-1001\Software\SecuROM\License information*]
"datasecu"=hex:9c,5c,35,ed,5f,9f,51,20,2e,d3,7d,cf,ab,26,7e,26,67,3b,52,fe,2d,
54,80,72,0c,1e,43,6b,c1,dc,e5,08,11,57,b8,10,29,45,1b,be,2e,7c,c5,5c,67,37,\
"rkeysecu"=hex:1d,da,83,9a,0d,bc,0c,b5,de,27,71,d0,f0,0b,b5,73
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@b:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="b:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="b:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="b:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="b:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="b:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="b:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
b:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
.
**************************************************************************
.
Completion time: 2012-02-20 11:17:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-20 19:17
.
Pre-Run: 5,232,349,184 bytes free
Post-Run: 8,484,921,344 bytes free
.
- - End Of File - - 173D675E23FBDD2374574FFCF8FA6713


Fortunately there were no problems with running combofix, everything went smoothly.

However my computer is still acting the same. I.E. Cannot reset winsock, cannot access localhost(127.0.0.1), however I am getting the redirects less frequently.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:58 AM

Posted 20 February 2012 - 03:27 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Casey_D.

Casey_D.
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 20 February 2012 - 04:53 PM

12:45:26.0864 1580 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
12:45:28.0342 1580 ============================================================
12:45:28.0342 1580 Current date / time: 2012/02/20 12:45:28.0342
12:45:28.0342 1580 SystemInfo:
12:45:28.0342 1580
12:45:28.0342 1580 OS Version: 6.1.7601 ServicePack: 1.0
12:45:28.0358 1580 Product type: Workstation
12:45:28.0358 1580 ComputerName: CASEY-PC
12:45:28.0379 1580 UserName: Grie
12:45:28.0379 1580 Windows directory: B:\Windows
12:45:28.0379 1580 System windows directory: B:\Windows
12:45:28.0379 1580 Running under WOW64
12:45:28.0379 1580 Processor architecture: Intel x64
12:45:28.0379 1580 Number of processors: 2
12:45:28.0379 1580 Page size: 0x1000
12:45:28.0379 1580 Boot type: Normal boot
12:45:28.0379 1580 ============================================================
12:45:31.0667 1580 Drive \Device\Harddisk3\DR3 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x9769, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
12:45:31.0682 1580 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:45:32.0235 1580 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:45:32.0266 1580 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:45:32.0286 1580 \Device\Harddisk3\DR3:
12:45:32.0308 1580 MBR used
12:45:32.0308 1580 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1081F791
12:45:32.0340 1580 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x1081F80F, BlocksNum 0x126CB181
12:45:32.0358 1580 \Device\Harddisk0\DR0:
12:45:32.0359 1580 MBR used
12:45:32.0359 1580 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852FC1
12:45:32.0359 1580 \Device\Harddisk1\DR1:
12:45:32.0359 1580 MBR used
12:45:32.0359 1580 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
12:45:32.0359 1580 \Device\Harddisk2\DR2:
12:45:32.0510 1580 MBR used
12:45:32.0510 1580 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
12:45:32.0963 1580 Initialize success
12:45:32.0963 1580 ============================================================
12:45:40.0698 4980 ============================================================
12:45:40.0698 4980 Scan started
12:45:40.0698 4980 Mode: Manual;
12:45:40.0698 4980 ============================================================
12:46:02.0301 4980 1394ohci (a87d604aea360176311474c87a63bb88) B:\Windows\system32\drivers\1394ohci.sys
12:46:02.0327 4980 1394ohci - ok
12:46:02.0843 4980 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) B:\Windows\system32\drivers\ACPI.sys
12:46:02.0878 4980 ACPI - ok
12:46:03.0320 4980 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) B:\Windows\system32\drivers\acpipmi.sys
12:46:03.0339 4980 AcpiPmi - ok
12:46:04.0010 4980 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) B:\Windows\system32\DRIVERS\adp94xx.sys
12:46:04.0054 4980 adp94xx - ok
12:46:04.0570 4980 adpahci (597f78224ee9224ea1a13d6350ced962) B:\Windows\system32\DRIVERS\adpahci.sys
12:46:04.0590 4980 adpahci - ok
12:46:05.0042 4980 adpu320 (e109549c90f62fb570b9540c4b148e54) B:\Windows\system32\DRIVERS\adpu320.sys
12:46:05.0059 4980 adpu320 - ok
12:46:05.0621 4980 AFD (1c7857b62de5994a75b054a9fd4c3825) B:\Windows\system32\drivers\afd.sys
12:46:05.0634 4980 AFD - ok
12:46:06.0038 4980 agp440 (608c14dba7299d8cb6ed035a68a15799) B:\Windows\system32\drivers\agp440.sys
12:46:06.0052 4980 agp440 - ok
12:46:06.0564 4980 aliide (5812713a477a3ad7363c7438ca2ee038) B:\Windows\system32\drivers\aliide.sys
12:46:06.0584 4980 aliide - ok
12:46:06.0941 4980 amdide (1ff8b4431c353ce385c875f194924c0c) B:\Windows\system32\drivers\amdide.sys
12:46:06.0950 4980 amdide - ok
12:46:07.0437 4980 AmdK8 (7024f087cff1833a806193ef9d22cda9) B:\Windows\system32\DRIVERS\amdk8.sys
12:46:07.0450 4980 AmdK8 - ok
12:46:07.0613 4980 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) B:\Windows\system32\DRIVERS\amdppm.sys
12:46:07.0621 4980 AmdPPM - ok
12:46:07.0912 4980 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) B:\Windows\system32\drivers\amdsata.sys
12:46:07.0923 4980 amdsata - ok
12:46:08.0223 4980 amdsbs (f67f933e79241ed32ff46a4f29b5120b) B:\Windows\system32\DRIVERS\amdsbs.sys
12:46:08.0238 4980 amdsbs - ok
12:46:08.0555 4980 amdxata (540daf1cea6094886d72126fd7c33048) B:\Windows\system32\drivers\amdxata.sys
12:46:08.0570 4980 amdxata - ok
12:46:08.0906 4980 androidusb (81fc369485c12837de3d708b7c8fda7d) B:\Windows\system32\Drivers\androidusb.sys
12:46:08.0913 4980 androidusb - ok
12:46:09.0264 4980 AppID (89a69c3f2f319b43379399547526d952) B:\Windows\system32\drivers\appid.sys
12:46:09.0271 4980 AppID - ok
12:46:09.0611 4980 arc (c484f8ceb1717c540242531db7845c4e) B:\Windows\system32\DRIVERS\arc.sys
12:46:09.0623 4980 arc - ok
12:46:09.0908 4980 arcsas (019af6924aefe7839f61c830227fe79c) B:\Windows\system32\DRIVERS\arcsas.sys
12:46:09.0920 4980 arcsas - ok
12:46:10.0316 4980 AsyncMac (769765ce2cc62867468cea93969b2242) B:\Windows\system32\DRIVERS\asyncmac.sys
12:46:10.0322 4980 AsyncMac - ok
12:46:10.0752 4980 atapi (02062c0b390b7729edc9e69c680a6f3c) B:\Windows\system32\drivers\atapi.sys
12:46:10.0752 4980 atapi - ok
12:46:11.0170 4980 b06bdrv (3e5b191307609f7514148c6832bb0842) B:\Windows\system32\DRIVERS\bxvbda.sys
12:46:11.0193 4980 b06bdrv - ok
12:46:11.0480 4980 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) B:\Windows\system32\DRIVERS\b57nd60a.sys
12:46:11.0489 4980 b57nd60a - ok
12:46:11.0822 4980 Beep (16a47ce2decc9b099349a5f840654746) B:\Windows\system32\drivers\Beep.sys
12:46:11.0835 4980 Beep - ok
12:46:12.0264 4980 blbdrive (61583ee3c3a17003c4acd0475646b4d3) B:\Windows\system32\DRIVERS\blbdrive.sys
12:46:12.0285 4980 blbdrive - ok
12:46:12.0559 4980 bowser (6c02a83164f5cc0a262f4199f0871cf5) B:\Windows\system32\DRIVERS\bowser.sys
12:46:12.0593 4980 bowser - ok
12:46:12.0844 4980 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) B:\Windows\system32\DRIVERS\BrFiltLo.sys
12:46:12.0845 4980 BrFiltLo - ok
12:46:13.0093 4980 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) B:\Windows\system32\DRIVERS\BrFiltUp.sys
12:46:13.0117 4980 BrFiltUp - ok
12:46:13.0511 4980 BridgeMP (5c2f352a4e961d72518261257aae204b) B:\Windows\system32\DRIVERS\bridge.sys
12:46:13.0521 4980 BridgeMP - ok
12:46:13.0783 4980 Brserid (43bea8d483bf1870f018e2d02e06a5bd) B:\Windows\System32\Drivers\Brserid.sys
12:46:13.0806 4980 Brserid - ok
12:46:14.0033 4980 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) B:\Windows\System32\Drivers\BrSerWdm.sys
12:46:14.0045 4980 BrSerWdm - ok
12:46:14.0300 4980 BrUsbMdm (b79968002c277e869cf38bd22cd61524) B:\Windows\System32\Drivers\BrUsbMdm.sys
12:46:14.0317 4980 BrUsbMdm - ok
12:46:14.0540 4980 BrUsbSer (a87528880231c54e75ea7a44943b38bf) B:\Windows\System32\Drivers\BrUsbSer.sys
12:46:14.0554 4980 BrUsbSer - ok
12:46:14.0897 4980 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) B:\Windows\system32\DRIVERS\bthmodem.sys
12:46:14.0914 4980 BTHMODEM - ok
12:46:15.0184 4980 catchme - ok
12:46:15.0487 4980 cdfs (b8bd2bb284668c84865658c77574381a) B:\Windows\system32\DRIVERS\cdfs.sys
12:46:15.0506 4980 cdfs - ok
12:46:15.0857 4980 cdrom (f036ce71586e93d94dab220d7bdf4416) B:\Windows\system32\DRIVERS\cdrom.sys
12:46:15.0875 4980 cdrom - ok
12:46:16.0295 4980 circlass (d7cd5c4e1b71fa62050515314cfb52cf) B:\Windows\system32\DRIVERS\circlass.sys
12:46:16.0310 4980 circlass - ok
12:46:16.0555 4980 CLFS (fe1ec06f2253f691fe36217c592a0206) B:\Windows\system32\CLFS.sys
12:46:16.0570 4980 CLFS - ok
12:46:17.0011 4980 CmBatt (0840155d0bddf1190f84a663c284bd33) B:\Windows\system32\DRIVERS\CmBatt.sys
12:46:17.0013 4980 CmBatt - ok
12:46:17.0151 4980 cmdide (e19d3f095812725d88f9001985b94edd) B:\Windows\system32\drivers\cmdide.sys
12:46:17.0159 4980 cmdide - ok
12:46:17.0412 4980 CNG (c4943b6c962e4b82197542447ad599f4) B:\Windows\system32\Drivers\cng.sys
12:46:17.0455 4980 CNG - ok
12:46:17.0711 4980 Compbatt (102de219c3f61415f964c88e9085ad14) B:\Windows\system32\DRIVERS\compbatt.sys
12:46:17.0725 4980 Compbatt - ok
12:46:17.0976 4980 CompositeBus (03edb043586cceba243d689bdda370a8) B:\Windows\system32\drivers\CompositeBus.sys
12:46:17.0995 4980 CompositeBus - ok
12:46:18.0306 4980 cpuz135 (76355d5eafdfa3e9b7580b9153de1f30) B:\Windows\system32\drivers\cpuz135_x64.sys
12:46:18.0308 4980 cpuz135 - ok
12:46:18.0539 4980 crcdisk (1c827878a998c18847245fe1f34ee597) B:\Windows\system32\DRIVERS\crcdisk.sys
12:46:18.0548 4980 crcdisk - ok
12:46:18.0953 4980 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) B:\Windows\system32\drivers\csc.sys
12:46:18.0984 4980 CSC - ok
12:46:19.0339 4980 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) B:\Windows\system32\Drivers\dfsc.sys
12:46:19.0348 4980 DfsC - ok
12:46:19.0556 4980 discache (13096b05847ec78f0977f2c0f79e9ab3) B:\Windows\system32\drivers\discache.sys
12:46:19.0570 4980 discache - ok
12:46:19.0875 4980 Disk (9819eee8b5ea3784ec4af3b137a5244c) B:\Windows\system32\DRIVERS\disk.sys
12:46:19.0889 4980 Disk - ok
12:46:20.0221 4980 drmkaud (9b19f34400d24df84c858a421c205754) B:\Windows\system32\drivers\drmkaud.sys
12:46:20.0232 4980 drmkaud - ok
12:46:20.0386 4980 dump_wmimmc - ok
12:46:20.0820 4980 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) B:\Windows\System32\drivers\dxgkrnl.sys
12:46:20.0855 4980 DXGKrnl - ok
12:46:21.0536 4980 ebdrv (dc5d737f51be844d8c82c695eb17372f) B:\Windows\system32\DRIVERS\evbda.sys
12:46:21.0622 4980 ebdrv - ok
12:46:22.0050 4980 elxstor (0e5da5369a0fcaea12456dd852545184) B:\Windows\system32\DRIVERS\elxstor.sys
12:46:22.0077 4980 elxstor - ok
12:46:22.0333 4980 ErrDev (34a3c54752046e79a126e15c51db409b) B:\Windows\system32\drivers\errdev.sys
12:46:22.0341 4980 ErrDev - ok
12:46:22.0654 4980 exfat (a510c654ec00c1e9bdd91eeb3a59823b) B:\Windows\system32\drivers\exfat.sys
12:46:22.0663 4980 exfat - ok
12:46:22.0952 4980 fastfat (0adc83218b66a6db380c330836f3e36d) B:\Windows\system32\drivers\fastfat.sys
12:46:22.0975 4980 fastfat - ok
12:46:23.0185 4980 fdc (d765d19cd8ef61f650c384f62fac00ab) B:\Windows\system32\DRIVERS\fdc.sys
12:46:23.0201 4980 fdc - ok
12:46:23.0540 4980 FileInfo (655661be46b5f5f3fd454e2c3095b930) B:\Windows\system32\drivers\fileinfo.sys
12:46:23.0542 4980 FileInfo - ok
12:46:23.0787 4980 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) B:\Windows\system32\drivers\filetrace.sys
12:46:23.0799 4980 Filetrace - ok
12:46:24.0172 4980 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) B:\Windows\system32\DRIVERS\flpydisk.sys
12:46:24.0193 4980 flpydisk - ok
12:46:24.0420 4980 FltMgr (da6b67270fd9db3697b20fce94950741) B:\Windows\system32\drivers\fltmgr.sys
12:46:24.0441 4980 FltMgr - ok
12:46:24.0700 4980 FsDepends (d43703496149971890703b4b1b723eac) B:\Windows\system32\drivers\FsDepends.sys
12:46:24.0714 4980 FsDepends - ok
12:46:24.0983 4980 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) B:\Windows\system32\drivers\Fs_Rec.sys
12:46:24.0995 4980 Fs_Rec - ok
12:46:25.0356 4980 fvevol (1f7b25b858fa27015169fe95e54108ed) B:\Windows\system32\DRIVERS\fvevol.sys
12:46:25.0371 4980 fvevol - ok
12:46:25.0631 4980 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) B:\Windows\system32\DRIVERS\gagp30kx.sys
12:46:25.0650 4980 gagp30kx - ok
12:46:26.0131 4980 hcw85cir (f2523ef6460fc42405b12248338ab2f0) B:\Windows\system32\drivers\hcw85cir.sys
12:46:26.0143 4980 hcw85cir - ok
12:46:26.0493 4980 HdAudAddService (975761c778e33cd22498059b91e7373a) B:\Windows\system32\drivers\HdAudio.sys
12:46:26.0509 4980 HdAudAddService - ok
12:46:26.0725 4980 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) B:\Windows\system32\drivers\HDAudBus.sys
12:46:26.0759 4980 HDAudBus - ok
12:46:27.0007 4980 HidBatt (78e86380454a7b10a5eb255dc44a355f) B:\Windows\system32\DRIVERS\HidBatt.sys
12:46:27.0029 4980 HidBatt - ok
12:46:27.0265 4980 HidBth (7fd2a313f7afe5c4dab14798c48dd104) B:\Windows\system32\DRIVERS\hidbth.sys
12:46:27.0281 4980 HidBth - ok
12:46:27.0585 4980 HidIr (0a77d29f311b88cfae3b13f9c1a73825) B:\Windows\system32\DRIVERS\hidir.sys
12:46:27.0593 4980 HidIr - ok
12:46:27.0967 4980 HidUsb (9592090a7e2b61cd582b612b6df70536) B:\Windows\system32\DRIVERS\hidusb.sys
12:46:27.0984 4980 HidUsb - ok
12:46:28.0233 4980 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) B:\Windows\system32\drivers\HpSAMD.sys
12:46:28.0246 4980 HpSAMD - ok
12:46:28.0564 4980 HTCAND64 (81fc369485c12837de3d708b7c8fda7d) B:\Windows\system32\Drivers\ANDROIDUSB.sys
12:46:28.0565 4980 HTCAND64 - ok
12:46:29.0024 4980 HTTP (0ea7de1acb728dd5a369fd742d6eee28) B:\Windows\system32\drivers\HTTP.sys
12:46:29.0058 4980 HTTP - ok
12:46:29.0321 4980 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) B:\Windows\system32\drivers\hwpolicy.sys
12:46:29.0334 4980 hwpolicy - ok
12:46:29.0621 4980 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) B:\Windows\system32\drivers\i8042prt.sys
12:46:29.0636 4980 i8042prt - ok
12:46:29.0939 4980 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) B:\Windows\system32\drivers\iaStorV.sys
12:46:29.0964 4980 iaStorV - ok
12:46:30.0233 4980 iirsp (5c18831c61933628f5bb0ea2675b9d21) B:\Windows\system32\DRIVERS\iirsp.sys
12:46:30.0241 4980 iirsp - ok
12:46:30.0542 4980 intelide (f00f20e70c6ec3aa366910083a0518aa) B:\Windows\system32\drivers\intelide.sys
12:46:30.0553 4980 intelide - ok
12:46:30.0880 4980 intelppm (ada036632c664caa754079041cf1f8c1) B:\Windows\system32\DRIVERS\intelppm.sys
12:46:30.0913 4980 intelppm - ok
12:46:31.0266 4980 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) B:\Windows\system32\DRIVERS\ipfltdrv.sys
12:46:31.0279 4980 IpFilterDriver - ok
12:46:31.0669 4980 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) B:\Windows\system32\drivers\IPMIDrv.sys
12:46:31.0673 4980 IPMIDRV - ok
12:46:31.0895 4980 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) B:\Windows\system32\drivers\ipnat.sys
12:46:31.0911 4980 IPNAT - ok
12:46:32.0217 4980 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) B:\Windows\system32\drivers\irenum.sys
12:46:32.0230 4980 IRENUM - ok
12:46:32.0496 4980 isapnp (2f7b28dc3e1183e5eb418df55c204f38) B:\Windows\system32\drivers\isapnp.sys
12:46:32.0510 4980 isapnp - ok
12:46:32.0864 4980 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) B:\Windows\system32\drivers\msiscsi.sys
12:46:33.0058 4980 iScsiPrt - ok
12:46:33.0634 4980 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) B:\Windows\system32\DRIVERS\kbdclass.sys
12:46:33.0650 4980 kbdclass - ok
12:46:33.0927 4980 kbdhid (0705eff5b42a9db58548eec3b26bb484) B:\Windows\system32\DRIVERS\kbdhid.sys
12:46:33.0941 4980 kbdhid - ok
12:46:34.0383 4980 KSecDD (da1e991a61cfdd755a589e206b97644b) B:\Windows\system32\Drivers\ksecdd.sys
12:46:34.0417 4980 KSecDD - ok
12:46:34.0679 4980 KSecPkg (7e33198d956943a4f11a5474c1e9106f) B:\Windows\system32\Drivers\ksecpkg.sys
12:46:34.0693 4980 KSecPkg - ok
12:46:35.0001 4980 ksthunk (6869281e78cb31a43e969f06b57347c4) B:\Windows\system32\drivers\ksthunk.sys
12:46:35.0019 4980 ksthunk - ok
12:46:35.0358 4980 libusb0 (bd3b46fe838b468254415c5f95008b4f) B:\Windows\system32\drivers\libusb0.sys
12:46:35.0384 4980 libusb0 - ok
12:46:35.0730 4980 lltdio (1538831cf8ad2979a04c423779465827) B:\Windows\system32\DRIVERS\lltdio.sys
12:46:35.0743 4980 lltdio - ok
12:46:36.0095 4980 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) B:\Windows\system32\DRIVERS\lsi_fc.sys
12:46:36.0097 4980 LSI_FC - ok
12:46:36.0396 4980 LSI_SAS (1047184a9fdc8bdbff857175875ee810) B:\Windows\system32\DRIVERS\lsi_sas.sys
12:46:36.0434 4980 LSI_SAS - ok
12:46:36.0932 4980 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) B:\Windows\system32\DRIVERS\lsi_sas2.sys
12:46:36.0956 4980 LSI_SAS2 - ok
12:46:37.0490 4980 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) B:\Windows\system32\DRIVERS\lsi_scsi.sys
12:46:37.0509 4980 LSI_SCSI - ok
12:46:37.0874 4980 luafv (43d0f98e1d56ccddb0d5254cff7b356e) B:\Windows\system32\drivers\luafv.sys
12:46:37.0889 4980 luafv - ok
12:46:38.0252 4980 megasas (a55805f747c6edb6a9080d7c633bd0f4) B:\Windows\system32\DRIVERS\megasas.sys
12:46:38.0255 4980 megasas - ok
12:46:38.0553 4980 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) B:\Windows\system32\DRIVERS\MegaSR.sys
12:46:38.0563 4980 MegaSR - ok
12:46:38.0881 4980 Modem (800ba92f7010378b09f9ed9270f07137) B:\Windows\system32\drivers\modem.sys
12:46:38.0902 4980 Modem - ok
12:46:39.0206 4980 monitor (b03d591dc7da45ece20b3b467e6aadaa) B:\Windows\system32\DRIVERS\monitor.sys
12:46:39.0207 4980 monitor - ok
12:46:39.0503 4980 MotioninJoyXFilter (cda14c7b99ec3ff2b4128b9356b83f5c) B:\Windows\system32\DRIVERS\MijXfilt.sys
12:46:39.0505 4980 MotioninJoyXFilter - ok
12:46:39.0839 4980 mouclass (7d27ea49f3c1f687d357e77a470aea99) B:\Windows\system32\DRIVERS\mouclass.sys
12:46:39.0861 4980 mouclass - ok
12:46:40.0253 4980 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) B:\Windows\system32\DRIVERS\mouhid.sys
12:46:40.0261 4980 mouhid - ok
12:46:40.0510 4980 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) B:\Windows\system32\drivers\mountmgr.sys
12:46:40.0524 4980 mountmgr - ok
12:46:40.0792 4980 mpio (a44b420d30bd56e145d6a2bc8768ec58) B:\Windows\system32\drivers\mpio.sys
12:46:40.0821 4980 mpio - ok
12:46:41.0060 4980 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) B:\Windows\system32\drivers\mpsdrv.sys
12:46:41.0063 4980 mpsdrv - ok
12:46:41.0438 4980 MRxDAV (dc722758b8261e1abafd31a3c0a66380) B:\Windows\system32\drivers\mrxdav.sys
12:46:41.0447 4980 MRxDAV - ok
12:46:41.0700 4980 mrxsmb (a5d9106a73dc88564c825d317cac68ac) B:\Windows\system32\DRIVERS\mrxsmb.sys
12:46:41.0726 4980 mrxsmb - ok
12:46:41.0922 4980 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) B:\Windows\system32\DRIVERS\mrxsmb10.sys
12:46:41.0956 4980 mrxsmb10 - ok
12:46:42.0176 4980 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) B:\Windows\system32\DRIVERS\mrxsmb20.sys
12:46:42.0181 4980 mrxsmb20 - ok
12:46:42.0439 4980 msahci (c25f0bafa182cbca2dd3c851c2e75796) B:\Windows\system32\drivers\msahci.sys
12:46:42.0451 4980 msahci - ok
12:46:42.0725 4980 msdsm (db801a638d011b9633829eb6f663c900) B:\Windows\system32\drivers\msdsm.sys
12:46:42.0742 4980 msdsm - ok
12:46:43.0005 4980 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) B:\Windows\system32\drivers\Msfs.sys
12:46:43.0023 4980 Msfs - ok
12:46:43.0621 4980 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) B:\Windows\System32\drivers\mshidkmdf.sys
12:46:43.0636 4980 mshidkmdf - ok
12:46:43.0961 4980 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) B:\Windows\system32\drivers\msisadrv.sys
12:46:43.0974 4980 msisadrv - ok
12:46:44.0295 4980 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) B:\Windows\system32\drivers\MSKSSRV.sys
12:46:44.0297 4980 MSKSSRV - ok
12:46:44.0583 4980 msloop (103b3bbe23ab774b009d182276ec6786) B:\Windows\system32\DRIVERS\loop.sys
12:46:44.0585 4980 msloop - ok
12:46:44.0837 4980 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) B:\Windows\system32\drivers\MSPCLOCK.sys
12:46:44.0839 4980 MSPCLOCK - ok
12:46:45.0129 4980 MSPQM (4ed981241db27c3383d72092b618a1d0) B:\Windows\system32\drivers\MSPQM.sys
12:46:45.0146 4980 MSPQM - ok
12:46:45.0488 4980 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) B:\Windows\system32\drivers\MsRPC.sys
12:46:45.0497 4980 MsRPC - ok
12:46:46.0115 4980 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) B:\Windows\system32\drivers\mssmbios.sys
12:46:46.0116 4980 mssmbios - ok
12:46:46.0434 4980 MSTEE (2e66f9ecb30b4221a318c92ac2250779) B:\Windows\system32\drivers\MSTEE.sys
12:46:46.0448 4980 MSTEE - ok
12:46:46.0745 4980 MTConfig (7ea404308934e675bffde8edf0757bcd) B:\Windows\system32\DRIVERS\MTConfig.sys
12:46:46.0746 4980 MTConfig - ok
12:46:47.0069 4980 Mup (f9a18612fd3526fe473c1bda678d61c8) B:\Windows\system32\Drivers\mup.sys
12:46:47.0072 4980 Mup - ok
12:46:47.0426 4980 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) B:\Windows\system32\DRIVERS\nwifi.sys
12:46:47.0443 4980 NativeWifiP - ok
12:46:47.0887 4980 NDIS (79b47fd40d9a817e932f9d26fac0a81c) B:\Windows\system32\drivers\ndis.sys
12:46:47.0929 4980 NDIS - ok
12:46:48.0236 4980 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) B:\Windows\system32\DRIVERS\ndiscap.sys
12:46:48.0252 4980 NdisCap - ok
12:46:48.0541 4980 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) B:\Windows\system32\DRIVERS\ndistapi.sys
12:46:48.0549 4980 NdisTapi - ok
12:46:49.0125 4980 Ndisuio (136185f9fb2cc61e573e676aa5402356) B:\Windows\system32\DRIVERS\ndisuio.sys
12:46:49.0136 4980 Ndisuio - ok
12:46:49.0369 4980 NdisWan (53f7305169863f0a2bddc49e116c2e11) B:\Windows\system32\DRIVERS\ndiswan.sys
12:46:49.0377 4980 NdisWan - ok
12:46:49.0630 4980 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) B:\Windows\system32\drivers\NDProxy.sys
12:46:49.0638 4980 NDProxy - ok
12:46:49.0912 4980 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) B:\Windows\system32\DRIVERS\netbios.sys
12:46:49.0919 4980 NetBIOS - ok
12:46:50.0133 4980 NetBT (09594d1089c523423b32a4229263f068) B:\Windows\system32\DRIVERS\netbt.sys
12:46:50.0146 4980 NetBT - ok
12:46:50.0397 4980 nfrd960 (77889813be4d166cdab78ddba990da92) B:\Windows\system32\DRIVERS\nfrd960.sys
12:46:50.0409 4980 nfrd960 - ok
12:46:50.0751 4980 NPF (3ceee0be85d24d911b9c02714817774c) B:\Windows\system32\drivers\npf.sys
12:46:50.0759 4980 NPF - ok
12:46:51.0018 4980 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) B:\Windows\system32\drivers\Npfs.sys
12:46:51.0029 4980 Npfs - ok
12:46:51.0321 4980 NPPTNT2 - ok
12:46:51.0539 4980 nsiproxy (e7f5ae18af4168178a642a9247c63001) B:\Windows\system32\drivers\nsiproxy.sys
12:46:51.0541 4980 nsiproxy - ok
12:46:51.0826 4980 Ntfs (a2f74975097f52a00745f9637451fdd8) B:\Windows\system32\drivers\Ntfs.sys
12:46:51.0886 4980 Ntfs - ok
12:46:52.0165 4980 Null (9899284589f75fa8724ff3d16aed75c1) B:\Windows\system32\drivers\Null.sys
12:46:52.0180 4980 Null - ok
12:46:55.0244 4980 nvlddmkm (cc1efea1f0ab17e59bd4b5baff3e5cb0) B:\Windows\system32\DRIVERS\nvlddmkm.sys
12:46:55.0551 4980 nvlddmkm - ok
12:46:55.0891 4980 nvraid (0a92cb65770442ed0dc44834632f66ad) B:\Windows\system32\drivers\nvraid.sys
12:46:55.0909 4980 nvraid - ok
12:46:56.0292 4980 nvstor (dab0e87525c10052bf65f06152f37e4a) B:\Windows\system32\drivers\nvstor.sys
12:46:56.0304 4980 nvstor - ok
12:46:56.0585 4980 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) B:\Windows\system32\drivers\nv_agp.sys
12:46:56.0595 4980 nv_agp - ok
12:46:56.0896 4980 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) B:\Windows\system32\drivers\ohci1394.sys
12:46:56.0905 4980 ohci1394 - ok
12:46:57.0463 4980 Parport (0086431c29c35be1dbc43f52cc273887) B:\Windows\system32\DRIVERS\parport.sys
12:46:57.0473 4980 Parport - ok
12:46:57.0734 4980 partmgr (871eadac56b0a4c6512bbe32753ccf79) B:\Windows\system32\drivers\partmgr.sys
12:46:57.0752 4980 partmgr - ok
12:46:57.0990 4980 pci (94575c0571d1462a0f70bde6bd6ee6b3) B:\Windows\system32\drivers\pci.sys
12:46:58.0010 4980 pci - ok
12:46:58.0207 4980 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) B:\Windows\system32\drivers\pciide.sys
12:46:58.0220 4980 pciide - ok
12:46:58.0480 4980 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) B:\Windows\system32\DRIVERS\pcmcia.sys
12:46:58.0497 4980 pcmcia - ok
12:46:58.0811 4980 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) B:\Windows\system32\Drivers\pcouffin.sys
12:46:58.0820 4980 pcouffin - ok
12:46:59.0105 4980 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) B:\Windows\system32\drivers\pcw.sys
12:46:59.0113 4980 pcw - ok
12:46:59.0479 4980 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) B:\Windows\system32\drivers\peauth.sys
12:46:59.0514 4980 PEAUTH - ok
12:46:59.0872 4980 pnetmdm (06841f5cd8410b6bdc0b5a631b8f8787) B:\Windows\system32\DRIVERS\pnetmdm64.sys
12:46:59.0887 4980 pnetmdm - ok
12:47:00.0479 4980 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) B:\Windows\system32\DRIVERS\raspptp.sys
12:47:00.0501 4980 PptpMiniport - ok
12:47:00.0690 4980 Processor (0d922e23c041efb1c3fac2a6f943c9bf) B:\Windows\system32\DRIVERS\processr.sys
12:47:00.0699 4980 Processor - ok
12:47:01.0021 4980 Psched (0557cf5a2556bd58e26384169d72438d) B:\Windows\system32\DRIVERS\pacer.sys
12:47:01.0026 4980 Psched - ok
12:47:01.0340 4980 PsSdk41 (86154f3a156fa2a5429c2940c69f426f) B:\Windows\system32\Drivers\pssdk41.sys
12:47:01.0371 4980 PsSdk41 - ok
12:47:01.0678 4980 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) B:\Windows\system32\Drivers\PxHlpa64.sys
12:47:01.0710 4980 PxHlpa64 - ok
12:47:02.0218 4980 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) B:\Windows\system32\DRIVERS\ql2300.sys
12:47:02.0278 4980 ql2300 - ok
12:47:02.0558 4980 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) B:\Windows\system32\DRIVERS\ql40xx.sys
12:47:02.0567 4980 ql40xx - ok
12:47:02.0867 4980 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) B:\Windows\system32\drivers\qwavedrv.sys
12:47:02.0881 4980 QWAVEdrv - ok
12:47:03.0124 4980 RasAcd (5a0da8ad5762fa2d91678a8a01311704) B:\Windows\system32\DRIVERS\rasacd.sys
12:47:03.0142 4980 RasAcd - ok
12:47:03.0463 4980 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) B:\Windows\system32\DRIVERS\AgileVpn.sys
12:47:03.0479 4980 RasAgileVpn - ok
12:47:03.0785 4980 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) B:\Windows\system32\DRIVERS\rasl2tp.sys
12:47:03.0796 4980 Rasl2tp - ok
12:47:04.0105 4980 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) B:\Windows\system32\DRIVERS\raspppoe.sys
12:47:04.0115 4980 RasPppoe - ok
12:47:04.0404 4980 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) B:\Windows\system32\DRIVERS\rassstp.sys
12:47:04.0414 4980 RasSstp - ok
12:47:04.0689 4980 rdbss (77f665941019a1594d887a74f301fa2f) B:\Windows\system32\DRIVERS\rdbss.sys
12:47:04.0715 4980 rdbss - ok
12:47:05.0006 4980 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) B:\Windows\system32\DRIVERS\rdpbus.sys
12:47:05.0021 4980 rdpbus - ok
12:47:05.0312 4980 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) B:\Windows\system32\DRIVERS\RDPCDD.sys
12:47:05.0325 4980 RDPCDD - ok
12:47:05.0624 4980 RDPDR (1b6163c503398b23ff8b939c67747683) B:\Windows\system32\drivers\rdpdr.sys
12:47:05.0632 4980 RDPDR - ok
12:47:05.0912 4980 RDPENCDD (bb5971a4f00659529a5c44831af22365) B:\Windows\system32\drivers\rdpencdd.sys
12:47:05.0921 4980 RDPENCDD - ok
12:47:06.0194 4980 RDPREFMP (216f3fa57533d98e1f74ded70113177a) B:\Windows\system32\drivers\rdprefmp.sys
12:47:06.0211 4980 RDPREFMP - ok
12:47:06.0595 4980 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) B:\Windows\system32\drivers\rdpvideominiport.sys
12:47:06.0603 4980 RdpVideoMiniport - ok
12:47:06.0969 4980 RDPWD (15b66c206b5cb095bab980553f38ed23) B:\Windows\system32\drivers\RDPWD.sys
12:47:06.0995 4980 RDPWD - ok
12:47:07.0299 4980 rdyboost (34ed295fa0121c241bfef24764fc4520) B:\Windows\system32\drivers\rdyboost.sys
12:47:07.0312 4980 rdyboost - ok
12:47:07.0617 4980 RivaTuner64 (a10b40cf9eb57d24e44717a2d38a00f4) B:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
12:47:07.0629 4980 RivaTuner64 - ok
12:47:07.0954 4980 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) B:\Windows\system32\Drivers\RootMdm.sys
12:47:07.0970 4980 ROOTMODEM - ok
12:47:08.0255 4980 rspndr (ddc86e4f8e7456261e637e3552e804ff) B:\Windows\system32\DRIVERS\rspndr.sys
12:47:08.0269 4980 rspndr - ok
12:47:08.0685 4980 RTL8167 (3372196f61af48503656ef6aa3e92d1b) B:\Windows\system32\DRIVERS\Rt64win7.sys
12:47:08.0710 4980 RTL8167 - ok
12:47:09.0035 4980 s3cap (e60c0a09f997826c7627b244195ab581) B:\Windows\system32\drivers\vms3cap.sys
12:47:09.0054 4980 s3cap - ok
12:47:09.0475 4980 sbp2port (ac03af3329579fffb455aa2daabbe22b) B:\Windows\system32\drivers\sbp2port.sys
12:47:09.0479 4980 sbp2port - ok
12:47:09.0864 4980 SCDEmu (b2f50286dc82b93c013e3fc57ba1a956) B:\Windows\system32\drivers\SCDEmu.sys
12:47:09.0880 4980 SCDEmu - ok
12:47:10.0161 4980 scfilter (253f38d0d7074c02ff8deb9836c97d2b) B:\Windows\system32\DRIVERS\scfilter.sys
12:47:10.0170 4980 scfilter - ok
12:47:10.0503 4980 secdrv (3ea8a16169c26afbeb544e0e48421186) B:\Windows\system32\drivers\secdrv.sys
12:47:10.0510 4980 secdrv - ok
12:47:10.0865 4980 Serenum (cb624c0035412af0debec78c41f5ca1b) B:\Windows\system32\DRIVERS\serenum.sys
12:47:10.0878 4980 Serenum - ok
12:47:11.0172 4980 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) B:\Windows\system32\DRIVERS\serial.sys
12:47:11.0183 4980 Serial - ok
12:47:11.0430 4980 sermouse (1c545a7d0691cc4a027396535691c3e3) B:\Windows\system32\DRIVERS\sermouse.sys
12:47:11.0440 4980 sermouse - ok
12:47:11.0733 4980 sffdisk (a554811bcd09279536440c964ae35bbf) B:\Windows\system32\drivers\sffdisk.sys
12:47:11.0743 4980 sffdisk - ok
12:47:11.0977 4980 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) B:\Windows\system32\drivers\sffp_mmc.sys
12:47:11.0991 4980 sffp_mmc - ok
12:47:12.0268 4980 sffp_sd (dd85b78243a19b59f0637dcf284da63c) B:\Windows\system32\drivers\sffp_sd.sys
12:47:12.0277 4980 sffp_sd - ok
12:47:12.0471 4980 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) B:\Windows\system32\DRIVERS\sfloppy.sys
12:47:12.0485 4980 sfloppy - ok
12:47:12.0835 4980 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) B:\Windows\system32\DRIVERS\SiSRaid2.sys
12:47:12.0853 4980 SiSRaid2 - ok
12:47:13.0109 4980 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) B:\Windows\system32\DRIVERS\sisraid4.sys
12:47:13.0112 4980 SiSRaid4 - ok
12:47:13.0431 4980 skfiltv (01acb9228c303de1fff82b807d28b2b0) B:\Windows\system32\drivers\skfiltv.sys
12:47:13.0439 4980 skfiltv - ok
12:47:13.0713 4980 Smb (548260a7b8654e024dc30bf8a7c5baa4) B:\Windows\system32\DRIVERS\smb.sys
12:47:13.0718 4980 Smb - ok
12:47:13.0773 4980 speedfan - ok
12:47:14.0008 4980 spldr (b9e31e5cacdfe584f34f730a677803f9) B:\Windows\system32\drivers\spldr.sys
12:47:14.0016 4980 spldr - ok
12:47:14.0346 4980 srv (441fba48bff01fdb9d5969ebc1838f0b) B:\Windows\system32\DRIVERS\srv.sys
12:47:14.0380 4980 srv - ok
12:47:14.0746 4980 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) B:\Windows\system32\DRIVERS\srv2.sys
12:47:14.0790 4980 srv2 - ok
12:47:15.0071 4980 srvnet (27e461f0be5bff5fc737328f749538c3) B:\Windows\system32\DRIVERS\srvnet.sys
12:47:15.0075 4980 srvnet - ok
12:47:15.0361 4980 stexstor (f3817967ed533d08327dc73bc4d5542a) B:\Windows\system32\DRIVERS\stexstor.sys
12:47:15.0363 4980 stexstor - ok
12:47:15.0651 4980 storflt (7785dc213270d2fc066538daf94087e7) B:\Windows\system32\drivers\vmstorfl.sys
12:47:15.0662 4980 storflt - ok
12:47:15.0912 4980 storvsc (d34e4943d5ac096c8edeebfd80d76e23) B:\Windows\system32\drivers\storvsc.sys
12:47:15.0921 4980 storvsc - ok
12:47:16.0173 4980 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) B:\Windows\system32\drivers\swenum.sys
12:47:16.0183 4980 swenum - ok
12:47:16.0470 4980 Synth3dVsc - ok
12:47:16.0841 4980 tap0901 (f0b9d3ed88e56d3cd713dff21e42aaf0) B:\Windows\system32\DRIVERS\tap0901.sys
12:47:16.0851 4980 tap0901 - ok
12:47:17.0586 4980 Tcpip (fc62769e7bff2896035aeed399108162) B:\Windows\system32\drivers\tcpip.sys
12:47:17.0646 4980 Tcpip - ok
12:47:18.0449 4980 TCPIP6 (fc62769e7bff2896035aeed399108162) B:\Windows\system32\DRIVERS\tcpip.sys
12:47:18.0463 4980 TCPIP6 - ok
12:47:18.0683 4980 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) B:\Windows\system32\drivers\tcpipreg.sys
12:47:18.0685 4980 tcpipreg - ok
12:47:18.0984 4980 TDPIPE (3371d21011695b16333a3934340c4e7c) B:\Windows\system32\drivers\tdpipe.sys
12:47:18.0993 4980 TDPIPE - ok
12:47:19.0266 4980 TDTCP (e4245bda3190a582d55ed09e137401a9) B:\Windows\system32\drivers\tdtcp.sys
12:47:19.0273 4980 TDTCP - ok
12:47:19.0693 4980 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) B:\Windows\system32\DRIVERS\tdx.sys
12:47:19.0709 4980 tdx - ok
12:47:19.0961 4980 TermDD (561e7e1f06895d78de991e01dd0fb6e5) B:\Windows\system32\drivers\termdd.sys
12:47:19.0992 4980 TermDD - ok
12:47:20.0308 4980 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) B:\Windows\system32\DRIVERS\tssecsrv.sys
12:47:20.0310 4980 tssecsrv - ok
12:47:20.0619 4980 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) B:\Windows\system32\drivers\tsusbflt.sys
12:47:20.0646 4980 TsUsbFlt - ok
12:47:20.0934 4980 tsusbhub - ok
12:47:21.0277 4980 tunnel (3566a8daafa27af944f5d705eaa64894) B:\Windows\system32\DRIVERS\tunnel.sys
12:47:21.0289 4980 tunnel - ok
12:47:21.0460 4980 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) B:\Windows\system32\DRIVERS\uagp35.sys
12:47:21.0472 4980 uagp35 - ok
12:47:21.0699 4980 udfs (ff4232a1a64012baa1fd97c7b67df593) B:\Windows\system32\DRIVERS\udfs.sys
12:47:21.0713 4980 udfs - ok
12:47:21.0911 4980 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) B:\Windows\system32\drivers\uliagpkx.sys
12:47:21.0927 4980 uliagpkx - ok
12:47:22.0216 4980 umbus (dc54a574663a895c8763af0fa1ff7561) B:\Windows\system32\drivers\umbus.sys
12:47:22.0230 4980 umbus - ok
12:47:22.0468 4980 UmPass (b2e8e8cb557b156da5493bbddcc1474d) B:\Windows\system32\DRIVERS\umpass.sys
12:47:22.0469 4980 UmPass - ok
12:47:22.0872 4980 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) B:\Windows\system32\Drivers\usbaapl64.sys
12:47:22.0881 4980 USBAAPL64 - ok
12:47:23.0231 4980 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) B:\Windows\system32\drivers\usbaudio.sys
12:47:23.0245 4980 usbaudio - ok
12:47:23.0847 4980 usbccgp (6f1a3157a1c89435352ceb543cdb359c) B:\Windows\system32\DRIVERS\usbccgp.sys
12:47:23.0869 4980 usbccgp - ok
12:47:24.0188 4980 usbcir (af0892a803fdda7492f595368e3b68e7) B:\Windows\system32\drivers\usbcir.sys
12:47:24.0196 4980 usbcir - ok
12:47:24.0434 4980 usbehci (c025055fe7b87701eb042095df1a2d7b) B:\Windows\system32\DRIVERS\usbehci.sys
12:47:24.0446 4980 usbehci - ok
12:47:24.0803 4980 usbhub (287c6c9410b111b68b52ca298f7b8c24) B:\Windows\system32\DRIVERS\usbhub.sys
12:47:24.0863 4980 usbhub - ok
12:47:25.0177 4980 usbohci (9840fc418b4cbd632d3d0a667a725c31) B:\Windows\system32\DRIVERS\usbohci.sys
12:47:25.0185 4980 usbohci - ok
12:47:25.0438 4980 usbprint (73188f58fb384e75c4063d29413cee3d) B:\Windows\system32\DRIVERS\usbprint.sys
12:47:25.0439 4980 usbprint - ok
12:47:25.0706 4980 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) B:\Windows\system32\DRIVERS\USBSTOR.SYS
12:47:25.0717 4980 USBSTOR - ok
12:47:25.0939 4980 usbuhci (81fb2216d3a60d1284455d511797db3d) B:\Windows\system32\DRIVERS\usbuhci.sys
12:47:25.0946 4980 usbuhci - ok
12:47:26.0295 4980 usb_rndisx (70d05ee263568a742d14e1876df80532) B:\Windows\system32\DRIVERS\usb8023x.sys
12:47:26.0296 4980 usb_rndisx - ok
12:47:26.0590 4980 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) B:\Windows\system32\drivers\vdrvroot.sys
12:47:26.0597 4980 vdrvroot - ok
12:47:26.0901 4980 vga (da4da3f5e02943c2dc8c6ed875de68dd) B:\Windows\system32\DRIVERS\vgapnp.sys
12:47:26.0921 4980 vga - ok
12:47:27.0187 4980 VgaSave (53e92a310193cb3c03bea963de7d9cfc) B:\Windows\System32\drivers\vga.sys
12:47:27.0207 4980 VgaSave - ok
12:47:27.0502 4980 VGPU - ok
12:47:27.0623 4980 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) B:\Windows\system32\drivers\vhdmp.sys
12:47:27.0633 4980 vhdmp - ok
12:47:27.0831 4980 viaide (e5689d93ffe4e5d66c0178761240dd54) B:\Windows\system32\drivers\viaide.sys
12:47:27.0837 4980 viaide - ok
12:47:28.0061 4980 vmbus (86ea3e79ae350fea5331a1303054005f) B:\Windows\system32\drivers\vmbus.sys
12:47:28.0070 4980 vmbus - ok
12:47:28.0226 4980 VMBusHID (7de90b48f210d29649380545db45a187) B:\Windows\system32\drivers\VMBusHID.sys
12:47:28.0234 4980 VMBusHID - ok
12:47:28.0468 4980 volmgr (d2aafd421940f640b407aefaaebd91b0) B:\Windows\system32\drivers\volmgr.sys
12:47:28.0478 4980 volmgr - ok
12:47:28.0785 4980 volmgrx (a255814907c89be58b79ef2f189b843b) B:\Windows\system32\drivers\volmgrx.sys
12:47:28.0811 4980 volmgrx - ok
12:47:29.0072 4980 volsnap (0d08d2f3b3ff84e433346669b5e0f639) B:\Windows\system32\drivers\volsnap.sys
12:47:29.0101 4980 volsnap - ok
12:47:29.0453 4980 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) B:\Windows\system32\DRIVERS\vpchbus.sys
12:47:29.0470 4980 vpcbus - ok
12:47:29.0826 4980 vpcnfltr (e675fb2b48c54f09895482e2253b289c) B:\Windows\system32\DRIVERS\vpcnfltr.sys
12:47:29.0841 4980 vpcnfltr - ok
12:47:30.0190 4980 vpcusb (5fb42082b0d19a0268705f1dd343df20) B:\Windows\system32\DRIVERS\vpcusb.sys
12:47:30.0199 4980 vpcusb - ok
12:47:30.0483 4980 vpcvmm (207b6539799cc1c112661a9b620dd233) B:\Windows\system32\drivers\vpcvmm.sys
12:47:30.0502 4980 vpcvmm - ok
12:47:30.0843 4980 vsmraid (5e2016ea6ebaca03c04feac5f330d997) B:\Windows\system32\DRIVERS\vsmraid.sys
12:47:30.0889 4980 vsmraid - ok
12:47:31.0153 4980 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) B:\Windows\System32\drivers\vwifibus.sys
12:47:31.0156 4980 vwifibus - ok
12:47:31.0439 4980 wacmoumonitor (37e4600e2cdad3c1a3613a25b97d457c) B:\Windows\system32\DRIVERS\wacmoumonitor.sys
12:47:31.0454 4980 wacmoumonitor - ok
12:47:31.0687 4980 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) B:\Windows\system32\DRIVERS\wacommousefilter.sys
12:47:31.0697 4980 wacommousefilter - ok
12:47:31.0974 4980 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) B:\Windows\system32\DRIVERS\wacompen.sys
12:47:31.0989 4980 WacomPen - ok
12:47:32.0289 4980 wacomvhid (26b430e7c5f598fe7353e3bc4b261321) B:\Windows\system32\DRIVERS\wacomvhid.sys
12:47:32.0310 4980 wacomvhid - ok
12:47:32.0866 4980 WANARP (356afd78a6ed4457169241ac3965230c) B:\Windows\system32\DRIVERS\wanarp.sys
12:47:32.0882 4980 WANARP - ok
12:47:32.0951 4980 Wanarpv6 (356afd78a6ed4457169241ac3965230c) B:\Windows\system32\DRIVERS\wanarp.sys
12:47:32.0953 4980 Wanarpv6 - ok
12:47:33.0314 4980 Wd (72889e16ff12ba0f235467d6091b17dc) B:\Windows\system32\DRIVERS\wd.sys
12:47:33.0331 4980 Wd - ok
12:47:33.0589 4980 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) B:\Windows\system32\DRIVERS\wdcsam64.sys
12:47:33.0601 4980 WDC_SAM - ok
12:47:33.0926 4980 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) B:\Windows\system32\drivers\Wdf01000.sys
12:47:33.0960 4980 Wdf01000 - ok
12:47:34.0303 4980 WfpLwf (611b23304bf067451a9fdee01fbdd725) B:\Windows\system32\DRIVERS\wfplwf.sys
12:47:34.0320 4980 WfpLwf - ok
12:47:34.0561 4980 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) B:\Windows\system32\drivers\wimmount.sys
12:47:34.0576 4980 WIMMount - ok
12:47:35.0150 4980 WinUSB (fe88b288356e7b47b74b13372add906d) B:\Windows\system32\DRIVERS\WinUSB.sys
12:47:35.0164 4980 WinUSB - ok
12:47:35.0428 4980 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) B:\Windows\system32\drivers\wmiacpi.sys
12:47:35.0440 4980 WmiAcpi - ok
12:47:35.0730 4980 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) B:\Windows\system32\drivers\ws2ifsl.sys
12:47:35.0751 4980 ws2ifsl - ok
12:47:36.0103 4980 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) B:\Windows\system32\drivers\WudfPf.sys
12:47:36.0118 4980 WudfPf - ok
12:47:36.0481 4980 WUDFRd (cf8d590be3373029d57af80914190682) B:\Windows\system32\DRIVERS\WUDFRd.sys
12:47:36.0524 4980 WUDFRd - ok
12:47:37.0131 4980 X6va003 - ok
12:47:37.0364 4980 X6va005 - ok
12:47:37.0689 4980 xusb21 (9176c0822faa649e45121875be32f5d2) B:\Windows\system32\DRIVERS\xusb21.sys
12:47:37.0711 4980 xusb21 - ok
12:47:37.0752 4980 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk3\DR3
12:47:37.0842 4980 \Device\Harddisk3\DR3 - ok
12:47:37.0872 4980 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:47:37.0876 4980 \Device\Harddisk0\DR0 - ok
12:47:37.0883 4980 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
12:47:37.0890 4980 \Device\Harddisk1\DR1 - ok
12:47:37.0933 4980 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
12:47:37.0936 4980 \Device\Harddisk2\DR2 - ok
12:47:37.0948 4980 Boot (0x1200) (090f5d50ef01eeaeb8f731e80fc5e747) \Device\Harddisk3\DR3\Partition0
12:47:37.0949 4980 \Device\Harddisk3\DR3\Partition0 - ok
12:47:37.0984 4980 Boot (0x1200) (6bacabb39dc2a01f34358a4fb6c1cd0a) \Device\Harddisk3\DR3\Partition1
12:47:38.0005 4980 \Device\Harddisk3\DR3\Partition1 - ok
12:47:38.0019 4980 Boot (0x1200) (8d1acab2705afd31e3129d225d508608) \Device\Harddisk0\DR0\Partition0
12:47:38.0020 4980 \Device\Harddisk0\DR0\Partition0 - ok
12:47:38.0027 4980 Boot (0x1200) (91f4f2cbeb72ceda59953fff6d3f57da) \Device\Harddisk1\DR1\Partition0
12:47:38.0028 4980 \Device\Harddisk1\DR1\Partition0 - ok
12:47:38.0040 4980 Boot (0x1200) (5fad27bcf507cdd67a79c2dccfe5f655) \Device\Harddisk2\DR2\Partition0
12:47:38.0042 4980 \Device\Harddisk2\DR2\Partition0 - ok
12:47:38.0043 4980 ============================================================
12:47:38.0043 4980 Scan finished
12:47:38.0043 4980 ============================================================
12:47:38.0074 3340 Detected object count: 0
12:47:38.0074 3340 Actual detected object count: 0


aswMBR version 0.9.9.1618 Copyright© 2011 AVAST Software
Run date: 2012-02-19 18:11:28
-----------------------------
18:11:28.304 OS Version: Windows x64 6.1.7601 Service Pack 1
18:11:28.304 Number of processors: 2 586 0x4303
18:11:28.306 ComputerName: CASEY-PC UserName: Grie
18:11:32.553 Initialize success
18:12:35.258 AVAST engine defs: 12021901
18:13:06.087 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
18:13:06.090 Disk 0 Vendor: WDC_WD6400AAKS-00A7B2 01.03B01 Size: 610480MB BusType: 3
18:13:06.093 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-5
18:13:06.096 Disk 1 Vendor: WDC_WD10EADS-11M2B2 80.00A80 Size: 953869MB BusType: 3
18:13:06.099 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T1L0-7
18:13:06.102 Disk 2 Vendor: SAMSUNG_HN-M101MBB 2AR10001 Size: 953869MB BusType: 3
18:13:06.105 Disk 3 (boot) \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP0T0L0-0
18:13:06.110 Disk 3 Vendor: ST3300620A 3.AAC Size: 286168MB BusType: 3
18:13:06.128 Disk 3 MBR read successfully
18:13:06.132 Disk 3 MBR scan
18:13:06.150 Disk 3 Windows 7 default MBR code
18:13:06.169 Disk 3 Partition 1 80 (A) 07 HPFS/NTFS NTFS 135230 MB offset 63
18:13:06.176 Disk 3 Partition - 00 0F Extended LBA 150934 MB offset 276953040
18:13:06.202 Disk 3 Partition 2 00 07 HPFS/NTFS NTFS 150934 MB offset 276953103
18:13:06.210 Service scanning
18:13:34.876 Modules scanning
18:13:34.882 Disk 3 trace - called modules:
18:13:34.895 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:13:34.901 1 nt!IofCallDriver -> \Device\Harddisk3\DR3[0xfffffa80055d5590]
18:13:34.907 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa80049211c0]
18:13:34.913 5 ACPI.sys[fffff88000efa7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80052df060]
18:13:38.822 AVAST engine scan B:\Windows
18:13:41.776 AVAST engine scan B:\Windows\system32
18:13:55.601 File: B:\Windows\system32\consrv.dll **INFECTED** Win64:Sirefef-C [Drp]
18:16:11.970 File: B:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
18:16:15.525 File: B:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win64:Sirefef-C [Drp]
18:17:34.239 AVAST engine scan B:\Windows\system32\drivers
18:17:52.425 AVAST engine scan B:\Users\Grie.Casey-PC
18:34:10.476 File: B:\Users\Grie.Casey-PC\Downloads\Runtime_GetDataBack_for_NTFS_and_FAT_4_22_keygen.exe **INFECTED** Win32:MalOb-HU [Cryp]
18:36:19.047 AVAST engine scan B:\ProgramData
18:40:03.471 Scan finished successfully
18:51:14.297 Disk 3 MBR has been saved successfully to "B:\MBR.dat"
18:51:14.303 The log file has been saved successfully to "B:\aswMBR.txt"


aswMBR version 0.9.9.1618 Copyright© 2011 AVAST Software
Run date: 2012-02-20 12:48:32
-----------------------------
12:48:32.148 OS Version: Windows x64 6.1.7601 Service Pack 1
12:48:32.148 Number of processors: 2 586 0x4303
12:48:32.149 ComputerName: CASEY-PC UserName: Grie
12:48:35.903 Initialize success
12:52:29.381 AVAST engine defs: 12022001
12:54:18.443 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
12:54:18.446 Disk 0 Vendor: WDC_WD6400AAKS-00A7B2 01.03B01 Size: 610480MB BusType: 3
12:54:18.451 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-5
12:54:18.454 Disk 1 Vendor: WDC_WD10EADS-11M2B2 80.00A80 Size: 953869MB BusType: 3
12:54:18.459 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T1L0-7
12:54:18.463 Disk 2 Vendor: SAMSUNG_HN-M101MBB 2AR10001 Size: 953869MB BusType: 3
12:54:18.468 Disk 3 (boot) \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP0T0L0-0
12:54:18.471 Disk 3 Vendor: ST3300620A 3.AAC Size: 286168MB BusType: 3
12:54:18.550 Disk 3 MBR read successfully
12:54:18.555 Disk 3 MBR scan
12:54:18.631 Disk 3 Windows 7 default MBR code
12:54:18.664 Disk 3 Partition 1 80 (A) 07 HPFS/NTFS NTFS 135230 MB offset 63
12:54:18.670 Disk 3 Partition - 00 0F Extended LBA 150934 MB offset 276953040
12:54:18.730 Disk 3 Partition 2 00 07 HPFS/NTFS NTFS 150934 MB offset 276953103
12:54:18.738 Service scanning
12:56:20.083 Modules scanning
12:56:20.089 Disk 3 trace - called modules:
12:56:20.130 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys
12:56:20.137 1 nt!IofCallDriver -> \Device\Harddisk3\DR3[0xfffffa800557b060]
12:56:20.145 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa80054dc4b0]
12:56:20.151 5 ACPI.sys[fffff88000f837a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80053a0060]
12:56:23.915 AVAST engine scan B:\Windows
12:56:31.861 AVAST engine scan B:\Windows\system32
12:57:10.623 File: B:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
13:07:06.562 AVAST engine scan B:\Windows\system32\drivers
13:08:02.997 AVAST engine scan B:\Users\Grie.Casey-PC
13:44:07.151 File: B:\Users\Grie.Casey-PC\Downloads\Runtime_GetDataBack_for_NTFS_and_FAT_4_22_keygen.exe **INFECTED** Win32:MalOb-HU [Cryp]
13:47:54.362 AVAST engine scan B:\ProgramData
13:51:23.681 Scan finished successfully
13:53:17.190 Disk 3 MBR has been saved successfully to "B:\MBR.dat"
13:53:17.206 The log file has been saved successfully to "B:\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:58 AM

Posted 20 February 2012 - 05:41 PM

Hello


I would like to run this before I remove the infected file to be sure of something


For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Casey_D.

Casey_D.
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 20 February 2012 - 06:08 PM

Scan result of Farbar Recovery Scan Tool Version: 20-02-2012
Ran by SYSTEM at 2012-02-20 14:59:12
Running from H:\
Microsoft Windows XP (X64) OS Language: English(US)
The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKLM\...\Run: [GrooveMonitor] "F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe [2007832 2009-08-12] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [Run StartupMonitor] StartupMonitor.exe [x]
HKLM\...\Run: [nwiz] nwiz.exe /install [x]
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup [13680640 2009-02-18] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [86016 2009-02-18] (NVIDIA Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Winlogon: [Userinit] [x]
HKLM-x32\...\Winlogon: [Shell] [x ] ()
Winlogon\Notify\avgrsstarter: avgrsstx.dll (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\crypt32chain: crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: %SystemRoot%\System32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: wlnotify.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) ======

2 6to4; C:\Windows\System32\6to4svc.dll [100352 2008-04-14] (Microsoft Corporation)
4 Alerter; C:\Windows\System32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation)
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [33800 2007-10-24] (Microsoft Corporation)
2 avg8emc; C:\PROGRA~1\AVG\AVG8\avgemc.exe [908056 2009-08-02] (AVG Technologies CZ, s.r.o.)
2 avg8wd; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [297752 2009-08-02] (AVG Technologies CZ, s.r.o.)
3 CiSvc; C:\Windows\System32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation)
4 ClipSrv; C:\Windows\System32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation)
3 dmadmin; C:\Windows\System32\dmadmin.exe /com [224768 2008-04-14] (Microsoft Corp., Veritas Software)
2 dmserver; C:\Windows\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corp.)
4 ERSvc; C:\Windows\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation)
4 Eventlog; C:\Windows\System32\services.exe [108544 2008-04-14] (Microsoft Corporation)
4 FastUserSwitchingCompatibility; C:\Windows\System32\shsvcs.dll [135168 2008-04-14] (Microsoft Corporation)
4 FLEXnet Licensing Service; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [655624 2009-05-18] (Acresso Software Inc.)
4 FontCache3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [36864 2007-10-09] (Microsoft Corporation)
4 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation)
4 HTTPFilter; C:\Windows\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation)
4 IDriverT; "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [69632 2005-04-03] (Macrovision Corporation)
4 idsvc; "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [864256 2007-10-11] (Microsoft Corporation)
4 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation)
4 Messenger; C:\Windows\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation)
4 Microsoft Office Groove Audit Service; "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe" [65824 2006-10-26] (Microsoft Corporation)
4 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation)
2 NetDDE; C:\Windows\System32\netdde.exe [111104 2008-04-14] (Microsoft Corporation)
2 NetDDEdsdm; C:\Windows\System32\netdde.exe [111104 2008-04-14] (Microsoft Corporation)
4 NetTcpPortSharing; "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [122880 2007-10-11] (Microsoft Corporation)
2 Nla; C:\Windows\System32\mswsock.dll [245248 2008-07-28] (Microsoft Corporation)
4 NtLmSsp; C:\Windows\System32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
4 NtmsSvc; C:\Windows\System32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation)
2 NVSvc; C:\Windows\System32\nvsvc32.exe [163908 2009-02-18] (NVIDIA Corporation)
4 odserv; "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [441136 2006-10-26] (Microsoft Corporation)
4 OrbisClient.Services; "C:\Program Files\TestOut\Orbis\OrbisClient.Services.exe" [14904 2008-04-10] ()
4 ose; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [145184 2006-10-26] (Microsoft Corporation)
2 PlugPlay; C:\Windows\System32\services.exe [108544 2008-04-14] (Microsoft Corporation)
4 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [66872 2009-06-02] ()
4 PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [107832 2009-06-02] ()
2 PolicyAgent; C:\Windows\System32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
4 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation)
4 RSVP; C:\Windows\System32\rsvp.exe [132608 2008-04-14] (Microsoft Corporation)
4 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP2\RpcAgentSrv.exe [98488 2008-12-11] (SiSoftware)
4 SCardSvr; C:\Windows\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation)
4 srservice; C:\WINDOWS\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation)
4 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{7C9B6AE2-C99A-49AA-88A8-03D3497D9FB8} [5120 2008-04-14] (Microsoft Corporation)
4 SysmonLog; C:\Windows\System32\smlogsvc.exe [89600 2008-04-14] (Microsoft Corporation)
4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [73216 2008-04-14] (Microsoft Corporation)
4 UPS; C:\Windows\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation)
4 WmdmPmSN; C:\WINDOWS\system32\MsPMSNSv.dll [27136 2006-10-18] (Microsoft Corporation)
4 Wmi; C:\Windows\System32\advapi32.dll [617472 2008-04-14] (Microsoft Corporation)
2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [23576 2008-10-16] (Microsoft Corporation)
4 WZCSVC; C:\Windows\System32\wzcsvc.dll [483328 2008-04-14] (Microsoft Corporation)
2 xmlprov; C:\Windows\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation)
4 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]

========================== Drivers (Whitelisted) =============

4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [11648 2008-04-14] (Microsoft Corporation)
3 aec; C:\Windows\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation)
3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36352 2005-03-09] (Advanced Micro Devices)
2 Aspi32; C:\Windows\System32\Drivers\Aspi32.sys [16877 2006-02-25] (Adaptec)
3 Atmarpc; C:\Windows\System32\DRIVERS\atmarpc.sys [59904 2008-04-14] (Microsoft Corporation)
3 audstub; C:\Windows\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation)
1 AvgLdx86; C:\Windows\System32\Drivers\avgldx86.sys [335240 2009-08-02] (AVG Technologies CZ, s.r.o.)
1 AvgMfx86; C:\Windows\System32\Drivers\avgmfx86.sys [27784 2009-08-02] (AVG Technologies CZ, s.r.o.)
0 AvgRkx86; C:\Windows\System32\Drivers\avgrkx86.sys [12552 2009-06-30] (AVG Technologies CZ, s.r.o.)
1 AvgTdiX; C:\Windows\System32\Drivers\avgtdix.sys [108552 2009-06-30] (AVG Technologies CZ, s.r.o.)
4 cbidf2k; C:\Windows\System32\Drivers\cbidf2k.sys [13952 2008-04-14] (Microsoft Corporation)
1 Cdaudio; C:\Windows\System32\Drivers\Cdaudio.sys [18688 2008-04-14] (Microsoft Corporation)
4 dmboot; C:\Windows\System32\drivers\dmboot.sys [799744 2008-04-14] (Microsoft Corp., Veritas Software)
0 dmio; C:\Windows\System32\drivers\dmio.sys [153344 2008-04-14] (Microsoft Corp., Veritas Software)
0 dmload; C:\Windows\System32\drivers\dmload.sys [5888 2008-04-14] (Microsoft Corp., Veritas Software.)
3 DMusic; C:\Windows\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation)
1 Fips; C:\Windows\System32\Drivers\Fips.sys [44544 2008-04-14] (Microsoft Corporation)
0 Ftdisk; C:\Windows\System32\DRIVERS\ftdisk.sys [125056 2008-04-14] (Microsoft Corporation)
3 Gpc; C:\Windows\System32\DRIVERS\msgpc.sys [35072 2008-04-14] (Microsoft Corporation)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows ® Server 2003 DDK provider)
1 Imapi; C:\Windows\System32\DRIVERS\imapi.sys [42112 2008-04-14] (Microsoft Corporation)
3 IntcAzAudAddService; C:\Windows\System32\drivers\RtkHDAud.sys [5795328 2009-07-20] (Realtek Semiconductor Corp.)
3 Ip6Fw; C:\Windows\System32\DRIVERS\Ip6Fw.sys [36608 2008-04-14] (Microsoft Corporation)
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [20864 2008-04-14] (Microsoft Corporation)
1 IPSec; C:\Windows\System32\DRIVERS\ipsec.sys [75264 2008-04-14] (Microsoft Corporation)
3 kmixer; C:\Windows\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation)
1 mnmdd; C:\Windows\System32\Drivers\mnmdd.sys [4224 2008-04-14] (Microsoft Corporation)
3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
3 nv; C:\Windows\System32\DRIVERS\nv4_mini.sys [6308224 2009-02-18] (NVIDIA Corporation)
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [12416 2008-04-14] (Microsoft Corporation)
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [32512 2008-04-14] (Microsoft Corporation)
3 PSched; C:\Windows\System32\DRIVERS\psched.sys [69120 2008-04-14] (Microsoft Corporation)
3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [17792 2008-04-14] (Parallel Technologies, Inc.)
3 Raspti; C:\Windows\System32\DRIVERS\raspti.sys [16512 2008-04-14] (Microsoft Corporation)
1 redbook; C:\Windows\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation)
3 RTL8023xp; C:\Windows\System32\DRIVERS\Rtnicxp.sys [130432 2009-03-25] (Realtek Semiconductor Corporation )
3 splitter; C:\Windows\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2009-03-09] (Duplex Secure Ltd.)
0 Sr; C:\Windows\System32\DRIVERS\sr.sys [73472 2008-04-14] (Microsoft Corporation)
3 swmidi; C:\Windows\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation)
3 sysaudio; C:\Windows\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation)
1 Tcpip6; C:\Windows\System32\DRIVERS\tcpip6.sys [225856 2008-07-28] (Microsoft Corporation)
3 Update; C:\Windows\System32\DRIVERS\update.sys [384768 2008-04-14] (Microsoft Corporation)
3 wdmaud; C:\Windows\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation)
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
0 atapi; C:\Windows\System32\DRIVERS\atapi.sys [x]
4 Atdisk; [x]
1 BIOS; \??\F:\WINDOWS\system32\drivers\BIOS.sys [x]
1 BS_I2cIo; \??\F:\WINDOWS\system32\drivers\BS_I2cIo.sys [x]
4 cd20xrnt; [x]
1 Changer; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
4 hpn; [x]
1 i2omgmt; [x]
4 i2omp; [x]
4 ini910u; [x]
4 IntelIde; [x]
1 lbrtfdc; [x]
3 maxidemo; C:\Windows\System32\DRIVERS\maxidemo.sys [x]
4 mraid35x; [x]
3 npggsvc; F:\WINDOWS\system32\GameMon.des -service [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
3 SANDRA; \??\F:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP2\WNt500x86\Sandra.sys [x]
4 Simbad; [x]
4 Sparrow; [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
4 TosIde; [x]
4 ultra; [x]
4 ViaIde; [x]
3 WDICA; [x]
3 WINFLASH; \??\F:\Program Files\BIOSTAR\T-Utility BIOS Live Update\WinFlash.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-02-20 14:59 - 2012-02-20 14:59 - 0000000 ____D C:\FRST


============ 3 Months Modified Files and Folders =============

2012-02-20 14:59 - 2012-02-20 14:59 - 0000000 ____D C:\FRST
2012-02-18 18:45 - 2009-03-10 23:46 - 0000000 ___RD C:\Documents and Settings\Administrator\My Documents\My Videos
2012-01-14 10:36 - 2011-11-11 20:33 - 0000000 ____D C:\Program Files\The Elder Scrolls V Skyrim
2012-01-14 10:31 - 2012-01-14 10:31 - 0000000 ____D C:\Program Files\Square Enix
2012-01-04 13:59 - 2012-01-04 13:55 - 0000000 ____D C:\portal 2
2011-12-31 13:49 - 2010-06-04 16:00 - 0000000 ___RD C:\Games
2011-12-25 22:04 - 2009-03-09 06:19 - 0000000 ___RD C:\Documents and Settings\Administrator\My Documents
2011-12-25 21:59 - 2009-10-04 23:35 - 0000000 ____D C:\Backflash
2011-12-13 16:46 - 2009-03-11 00:45 - 0000000 ____D C:\Program Files\Spybot - Search & Destroy

========================= Known DLLs (Whitelisted) ============

C:\Windows\SysWOW64\advapi32.dll is missing
C:\Windows\SysWOW64\comdlg32.dll is missing
C:\Windows\SysWOW64\gdi32.dll is missing
C:\Windows\SysWOW64\imagehlp.dll is missing
C:\Windows\SysWOW64\kernel32.dll is missing
C:\Windows\SysWOW64\lz32.dll is missing
C:\Windows\SysWOW64\ole32.dll is missing
C:\Windows\SysWOW64\oleaut32.dll is missing
[2008-04-14 02:00] - [2008-04-14 02:00] - 0074752 ____A (Microsoft Corporation) C:\Windows\System32\olecli32.dll
C:\Windows\SysWOW64\olecli32.dll is missing
[2008-04-14 02:00] - [2008-04-14 02:00] - 0037376 ____A (Microsoft Corporation) C:\Windows\System32\olecnv32.dll
C:\Windows\SysWOW64\olecnv32.dll is missing
[2008-04-14 02:00] - [2008-04-14 02:00] - 0022016 ____A (Microsoft Corporation) C:\Windows\System32\olesvr32.dll
C:\Windows\SysWOW64\olesvr32.dll is missing
[2008-04-14 02:00] - [2008-04-14 02:00] - 0069120 ____A (Microsoft Corporation) C:\Windows\System32\olethk32.dll
C:\Windows\SysWOW64\olethk32.dll is missing
C:\Windows\SysWOW64\rpcrt4.dll is missing
C:\Windows\SysWOW64\shell32.dll is missing
C:\Windows\SysWOW64\url.dll is missing
C:\Windows\SysWOW64\urlmon.dll is missing
C:\Windows\SysWOW64\user32.dll is missing
C:\Windows\SysWOW64\version.dll is missing
C:\Windows\SysWOW64\wininet.dll is missing
C:\Windows\SysWOW64\wldap32.dll is missing

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe
[2008-04-14 02:00] - [2008-04-14 02:00] - 0507904 ____A (Microsoft Corporation) ED0EF0A136DEC83DF69F04118870003E

C:\Windows\explorer.exe
[2008-07-03 01:38] - [2008-07-03 01:38] - 1033728 ____A (Microsoft Corporation) 2BB75B7F548D82A099125D0C5971DE7D

C:\Windows\System32\svchost.exe
[2008-04-14 02:00] - [2008-04-14 02:00] - 0014336 ____A (Microsoft Corporation) 27C6D03BCDB8CFEB96B716F3D8BE3E18

C:\Windows\System32\User32.dll
[2008-04-14 02:00] - [2008-04-14 02:00] - 0578560 ____A (Microsoft Corporation) B26B135FF1B9F60C9388B4A7D16F600B

C:\Windows\System32\Drivers\volsnap.sys
[2008-04-14 02:00] - [2008-04-14 02:00] - 0052352 ____A (Microsoft Corporation) 4C8FCB5CC53AAB716D810740FE59D025


========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 5118.49 MB
Available physical RAM: 4557.6 MB
Total Pagefile: 5116.64 MB
Available Pagefile: 4544.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:596.16 GB) (Free:322.41 GB) NTFS
3 Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:931.39 GB) NTFS
4 Drive e: (F IS FOR FUN!!!) (Fixed) (Total:931.51 GB) (Free:667.42 GB) NTFS
5 Drive f: (Windows 7 - 64 Bit) (Fixed) (Total:132.06 GB) (Free:6.74 GB) NTFS ==>[System with boot components (obtained from reading drive)]
6 Drive g: (Windows 7 - 32 Bit) (Fixed) (Total:147.4 GB) (Free:55.87 GB) NTFS
7 Drive h: (CASEY'S FLA) (Removable) (Total:7.44 GB) (Free:7.35 GB) FAT32
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 9 MB
Disk 1 Online 931 GB 0 B
Disk 2 Online 931 GB 0 B
Disk 3 Online 279 GB 1024 KB
Disk 4 Online 7640 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 596 GB 31 KB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C NTFS Partition 596 GB Healthy

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 1024 KB

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D New Volume NTFS Partition 931 GB Healthy

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 1024 KB

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E F IS FOR FU NTFS Partition 931 GB Healthy

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 132 GB 31 KB
Partition 0 Extended 147 GB 132 GB
Partition 2 Logical 147 GB 132 GB

Disk: 3
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F Windows 7 - NTFS Partition 132 GB Healthy

Disk: 3
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G Windows 7 - NTFS Partition 147 GB Healthy

Partitions of Disk 4:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7639 MB 1024 KB

Disk: 4
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H CASEY'S FLA FAT32 Removable 7639 MB Healthy


======================= End Of Log ==========================

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:58 AM

Posted 20 February 2012 - 08:14 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

File::
B:\Windows\system32\consrv.dll
b:\windows\system32\dds_trash_log.cmd

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Casey_D.

Casey_D.
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 21 February 2012 - 10:49 PM

ComboFix 12-02-19.02 - Grie 02/21/2012 10:06:10.7.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.5118.3719 [GMT -8:00]
Running from: b:\users\Grie.Casey-PC\Desktop\ComboFix.exe
Command switches used :: b:\users\Grie.Casey-PC\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"b:\windows\system32\consrv.dll"
"b:\windows\system32\dds_trash_log.cmd"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
b:\windows\assembly\GAC_32\Desktop.ini
b:\windows\assembly\GAC_64\Desktop.ini
b:\windows\assembly\temp\@
b:\windows\assembly\temp\cfg.ini
b:\windows\system32\consrv.dll
b:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-01-22 to 2012-02-22 )))))))))))))))))))))))))))))))
.
.
2012-02-21 19:47 . 2012-02-21 19:47 -------- d-----w- b:\windows\system32\config\systemprofile\AppData\Local\temp
2012-02-21 19:47 . 2012-02-21 19:47 -------- d-----w- b:\users\GRIE~1~CAS\AppData\Local\temp
2012-02-21 19:47 . 2012-02-21 19:47 -------- d-----w- b:\users\Grie\AppData\Local\temp
2012-02-21 19:47 . 2012-02-21 19:47 -------- d-----w- b:\users\Default\AppData\Local\temp
2012-02-21 19:47 . 2012-02-21 19:47 -------- d-----w- b:\users\Casey\AppData\Local\temp
2012-02-21 19:47 . 2012-02-21 19:47 -------- d-----w- b:\users\Administrator\AppData\Local\temp
2012-02-21 03:47 . 2012-02-21 04:41 -------- d-----w- b:\program files (x86)\Notepad++
2012-02-20 23:12 . 2012-01-06 05:15 8602168 ----a-w- b:\programdata\Microsoft\Windows Defender\Definition Updates\{2BB4277A-42DA-4AA8-9D86-AB2A8BCB596D}\mpengine.dll
2012-02-19 22:04 . 2011-12-30 06:26 515584 ----a-w- b:\windows\system32\timedate.cpl
2012-02-19 22:04 . 2011-12-30 05:27 478720 ----a-w- b:\windows\SysWow64\timedate.cpl
2012-02-19 22:04 . 2012-01-14 04:06 3145728 ----a-w- b:\windows\system32\win32k.sys
2012-02-19 22:04 . 2012-01-04 10:44 509952 ----a-w- b:\windows\system32\ntshrui.dll
2012-02-19 22:04 . 2012-01-04 08:58 442880 ----a-w- b:\windows\SysWow64\ntshrui.dll
2012-02-19 22:02 . 2011-08-17 05:26 613888 ----a-w- b:\windows\system32\psisdecd.dll
2012-02-19 22:02 . 2011-08-17 05:25 108032 ----a-w- b:\windows\system32\psisrndr.ax
2012-02-19 22:02 . 2011-08-17 04:24 465408 ----a-w- b:\windows\SysWow64\psisdecd.dll
2012-02-19 22:02 . 2011-08-17 04:19 75776 ----a-w- b:\windows\SysWow64\psisrndr.ax
2012-02-19 22:02 . 2011-12-28 03:59 498688 ----a-w- b:\windows\system32\drivers\afd.sys
2012-02-19 22:00 . 2011-12-16 08:46 634880 ----a-w- b:\windows\system32\msvcrt.dll
2012-02-19 22:00 . 2011-12-16 07:52 690688 ----a-w- b:\windows\SysWow64\msvcrt.dll
2012-02-19 22:00 . 2011-08-27 05:37 861696 ----a-w- b:\windows\system32\oleaut32.dll
2012-02-19 22:00 . 2011-08-27 05:37 331776 ----a-w- b:\windows\system32\oleacc.dll
2012-02-19 22:00 . 2011-08-27 04:26 571904 ----a-w- b:\windows\SysWow64\oleaut32.dll
2012-02-19 22:00 . 2011-08-27 04:26 233472 ----a-w- b:\windows\SysWow64\oleacc.dll
2012-02-19 22:00 . 2011-10-15 06:31 723456 ----a-w- b:\windows\system32\EncDec.dll
2012-02-19 22:00 . 2011-10-15 05:38 534528 ----a-w- b:\windows\SysWow64\EncDec.dll
2012-02-19 22:00 . 2011-11-05 05:32 2048 ----a-w- b:\windows\system32\tzres.dll
2012-02-19 22:00 . 2011-11-05 04:26 2048 ----a-w- b:\windows\SysWow64\tzres.dll
2012-02-19 21:59 . 2011-11-17 06:41 1731920 ----a-w- b:\windows\system32\ntdll.dll
2012-02-19 21:59 . 2011-11-17 05:38 1292080 ----a-w- b:\windows\SysWow64\ntdll.dll
2012-02-19 21:57 . 2011-11-19 14:58 77312 ----a-w- b:\windows\system32\packager.dll
2012-02-19 21:57 . 2011-11-19 14:01 67072 ----a-w- b:\windows\SysWow64\packager.dll
2012-01-28 07:14 . 2012-01-28 07:17 -------- d-----w- b:\program files (x86)\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-18 05:45 . 2011-06-26 02:33 414368 ----a-w- b:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-29 13:10 . 2010-04-12 06:08 279656 ------w- b:\windows\system32\MpSigStub.exe
2011-12-10 23:24 . 2012-01-17 01:01 23152 ----a-w- b:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-20_19.10.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-20 23:14 . 2012-02-20 23:14 76800 b:\windows\SysWOW64\SetIEInstalledDate.exe
+ 2012-02-20 23:14 . 2012-02-20 23:14 74752 b:\windows\SysWOW64\RegisterIEPKEYs.exe
+ 2012-02-20 23:14 . 2012-02-20 23:14 54272 b:\windows\SysWOW64\pngfilt.dll
+ 2012-02-20 23:14 . 2012-02-20 23:14 48640 b:\windows\SysWOW64\mshtmler.dll
+ 2012-02-20 23:14 . 2012-02-20 23:14 72704 b:\windows\SysWOW64\mshtmled.dll
+ 2012-02-20 23:14 . 2012-02-20 23:14 11776 b:\windows\SysWOW64\mshta.exe
+ 2012-02-20 23:14 . 2012-02-20 23:14 10752 b:\windows\SysWOW64\msfeedssync.exe
+ 2012-02-20 23:14 . 2012-02-20 23:14 41472 b:\windows\SysWOW64\msfeedsbs.dll
+ 2012-02-20 23:14 . 2012-02-20 23:14 23552 b:\windows\SysWOW64\licmgr10.dll
+ 2012-02-20 23:14 . 2012-02-20 23:14 65024 b:\windows\SysWOW64\jsproxy.dll
+ 2012-02-20 23:14 . 2012-02-20 23:14 78848 b:\windows\SysWOW64\inseng.dll
+ 2012-02-20 23:14 . 2012-02-20 23:14 35840 b:\windows\SysWOW64\imgutil.dll
+ 2012-02-20 23:14 . 2012-02-20 23:14 86528 b:\windows\SysWOW64\iesysprep.dll
+ 2012-02-20 23:14 . 2012-02-20 23:14 74752 b:\windows\SysWOW64\iesetup.dll
+ 2012-02-20 23:14 . 2012-02-20 23:14 31744 b:\windows\SysWOW64\iernonce.dll
+ 2012-02-20 23:14 . 2012-02-20 23:14 74240 b:\windows\SysWOW64\ie4uinit.exe
+ 2012-02-20 23:14 . 2012-02-20 23:14 66048 b:\windows\SysWOW64\icardie.dll
+ 2009-07-14 04:46 . 2012-02-21 18:05 88160 b:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-04-14 01:26 . 2012-02-20 23:08 16384 b:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-14 01:26 . 2012-02-20 00:08 16384 b:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-14 01:26 . 2012-02-20 00:08 16384 b:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-14 01:26 . 2012-02-20 23:08 16384 b:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-22 07:57 . 2011-11-22 07:57 68880 b:\windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
+ 2011-11-22 06:31 . 2011-11-22 06:31 57616 b:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
- 2012-02-19 22:31 . 2012-02-19 22:31 97624 b:\windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 97624 b:\windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 87408 b:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 87408 b:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 93024 b:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 93024 b:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 35688 b:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 35688 b:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 11120 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 11120 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2012-02-19 22:31 . 2012-02-19 22:31 29544 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 29544 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 17784 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 17784 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 58240 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 58240 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 70040 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll
- 2012-02-19 22:31 . 2012-02-19 22:31 70040 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 24928 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll
- 2012-02-19 22:31 . 2012-02-19 22:31 24928 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll
- 2012-02-19 22:31 . 2012-02-19 22:31 81272 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 81272 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 33144 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
- 2012-02-19 22:31 . 2012-02-19 22:31 33144 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 93576 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll
- 2012-02-19 22:31 . 2012-02-19 22:31 93576 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 44920 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 44920 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-02-19 22:31 . 2012-02-19 22:31 24944 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 24944 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 28024 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2012-02-19 22:31 . 2012-02-19 22:31 28024 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 12168 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll
- 2012-02-19 22:31 . 2012-02-19 22:31 12168 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 37240 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 37240 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-02-19 22:30 . 2012-02-19 22:30 98152 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 98152 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 64352 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 64352 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 86888 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-02-19 22:31 . 2012-02-19 22:31 86888 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 51032 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 51032 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 50552 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 50552 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 81784 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-02-20 19:34 . 2012-02-20 19:34 81784 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 81800 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 81800 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 39784 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-02-20 19:34 . 2012-02-20 19:34 39784 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 68952 b:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 68952 b:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-02-19 22:31 . 2012-02-19 22:31 21880 b:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe
+ 2012-02-20 19:31 . 2012-02-20 19:31 21880 b:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe
+ 2012-02-20 19:35 . 2012-02-20 19:35 62880 b:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 62880 b:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-02-20 19:34 . 2012-02-20 19:34 12128 b:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-02-19 22:46 . 2012-02-19 22:46 12128 b:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 40304 b:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
- 2012-02-19 22:30 . 2012-02-19 22:30 40304 b:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 97680 b:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 97680 b:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 67968 b:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll
- 2012-02-19 22:30 . 2012-02-19 22:30 67968 b:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll
+ 2012-02-20 19:34 . 2012-02-20 19:34 17240 b:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 17240 b:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-02-19 22:45 . 2012-02-19 22:45 94552 b:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-02-20 19:34 . 2012-02-20 19:34 94552 b:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-02-20 19:34 . 2012-02-20 19:34 91488 b:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 91488 b:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-02-20 19:34 . 2012-02-20 19:34 78168 b:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-02-19 22:44 . 2012-02-19 22:44 78168 b:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-02-19 22:45 . 2012-02-19 22:45 81248 b:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-02-20 19:34 . 2012-02-20 19:34 81248 b:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-02-20 22:49 . 2012-02-20 22:49 47616 b:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Workflow.#\64fd2fd1812f2536afaec66752707952\Microsoft.Workflow.Compiler.ni.exe
+ 2012-02-20 22:49 . 2012-02-20 22:49 14336 b:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC\a4e98103e5d36bf22ef19c64442543f2\Microsoft.VisualC.ni.dll
+ 2012-02-20 19:49 . 2012-02-20 19:49 10752 b:\windows\assembly\NativeImages_v4.0.30319_64\dfsvc\cbd21f19057f07ec2cb55b2bef91f344\dfsvc.ni.exe
+ 2012-02-20 19:49 . 2012-02-20 19:49 58368 b:\windows\assembly\NativeImages_v4.0.30319_64\Accessibility\52890eb2a4f8d822bff7e9cddc713fb5\Accessibility.ni.dll
+ 2012-02-21 00:41 . 2012-02-21 00:41 2138 b:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LBQ8TD1Y\%25252F76.73.39.227%25252FLVz4X3wp8A3QyvU38e544ecdf35ad71976f5c44566ce36c236h%252526xref%25253Dhttp%25253A%25252F%25252Fgadsdentimes[1].com
+ 2012-02-22 02:02 . 2012-02-22 02:02 2048 b:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-20 19:09 . 2012-02-20 19:09 2048 b:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-20 19:09 . 2012-02-20 19:09 2048 b:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-22 02:02 . 2012-02-22 02:02 2048 b:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-20 23:14 . 2012-02-20 23:14 152064 b:\windows\SysWOW64\wextract.exe
+ 2012-02-20 23:14 . 2012-02-20 23:14 203776 b:\windows\SysWOW64\webcheck.dll
+ 2012-02-20 23:14 . 2012-02-20 23:14 420864 b:\windows\SysWOW64\vbscript.dll
+ 2012-02-20 23:14 . 2012-02-20 23:14 231936 b:\windows\SysWOW64\url.dll
+ 2012-02-20 23:14 . 2012-02-20 23:14 123392 b:\windows\SysWOW64\occache.dll
+ 2012-02-20 23:14 . 2012-02-20 23:14 162304 b:\windows\SysWOW64\msrating.dll
+ 2012-02-20 23:14 . 2012-02-20 23:14 161792 b:\windows\SysWOW64\msls31.dll
+ 2012-02-20 23:14 . 2012-02-20 23:14 580608 b:\windows\SysWOW64\msfeeds.dll
+ 2012-02-20 23:14 . 2012-02-20 23:14 716800 b:\windows\SysWOW64\jscript.dll
- 2012-02-19 22:02 . 2011-10-14 04:24 716800 b:\windows\SysWOW64\jscript.dll
+ 2012-02-20 23:14 . 2012-02-20 23:14 150528 b:\windows\SysWOW64\iexpress.exe
+ 2012-02-20 23:14 . 2012-02-20 23:14 142848 b:\windows\SysWOW64\ieUnatt.exe
+ 2012-02-20 23:14 . 2012-02-20 23:14 176640 b:\windows\SysWOW64\ieui.dll
- 2012-02-19 21:58 . 2011-12-16 07:52 176640 b:\windows\SysWOW64\ieui.dll
+ 2012-02-20 23:14 . 2012-02-20 23:14 118784 b:\windows\SysWOW64\iepeers.dll
+ 2012-02-20 23:14 . 2012-02-20 23:14 353584 b:\windows\SysWOW64\iedkcs32.dll
+ 2012-02-20 23:14 . 2012-02-20 23:14 434176 b:\windows\SysWOW64\ieapfltr.dll
+ 2012-02-20 23:14 . 2012-02-20 23:14 163840 b:\windows\SysWOW64\ieakui.dll
- 2009-07-13 23:42 . 2009-07-14 01:05 163840 b:\windows\SysWOW64\ieakui.dll
+ 2012-02-20 23:14 . 2012-02-20 23:14 227840 b:\windows\SysWOW64\ieaksie.dll
+ 2012-02-20 23:14 . 2012-02-20 23:14 130560 b:\windows\SysWOW64\ieakeng.dll
+ 2012-02-20 23:14 . 2012-02-20 23:14 110592 b:\windows\SysWOW64\IEAdvpack.dll
+ 2012-02-20 23:14 . 2012-02-20 23:14 223232 b:\windows\SysWOW64\dxtrans.dll
+ 2012-02-20 23:14 . 2012-02-20 23:14 353792 b:\windows\SysWOW64\dxtmsft.dll
- 2011-12-14 00:55 . 2012-01-21 06:03 131072 b:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2011-12-14 00:55 . 2012-02-21 01:17 131072 b:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-02-20 23:14 . 2012-02-20 23:14 101888 b:\windows\SysWOW64\admparse.dll
+ 2009-07-14 05:01 . 2012-02-22 02:00 483400 b:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-02-20 00:06 483400 b:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-22 07:57 . 2011-11-22 07:57 598784 b:\windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll
+ 2011-11-22 06:31 . 2011-11-22 06:31 518400 b:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
+ 2011-11-22 06:31 . 2011-11-22 06:31 957200 b:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 350592 b:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 350592 b:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 163168 b:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 163168 b:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 138592 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 138592 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 699224 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 699224 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2012-02-19 22:31 . 2012-02-19 22:31 431984 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 431984 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll
- 2012-02-19 22:31 . 2012-02-19 22:31 511344 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 511344 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 857960 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 857960 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 826208 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2012-02-19 22:31 . 2012-02-19 22:31 826208 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2012-02-19 22:31 . 2012-02-19 22:31 321912 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 321912 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 137568 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll
- 2012-02-19 22:31 . 2012-02-19 22:31 137568 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 132464 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
- 2012-02-19 22:31 . 2012-02-19 22:31 132464 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 237928 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
- 2012-02-19 22:31 . 2012-02-19 22:31 237928 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 675672 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 675672 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 113512 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-02-20 19:34 . 2012-02-20 19:34 113512 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-02-19 22:31 . 2012-02-19 22:31 326000 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 326000 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 129912 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 129912 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 390008 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 390008 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 505208 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 505208 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-02-19 22:31 . 2012-02-19 22:31 175992 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 175992 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 261472 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-02-20 19:34 . 2012-02-20 19:34 261472 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 122264 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 122264 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 291184 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 291184 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 349568 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 349568 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 236880 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 236880 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 253280 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 253280 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-02-20 19:34 . 2012-02-20 19:34 378720 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 378720 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 134528 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 134528 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 123736 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 123736 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 392552 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 392552 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 125816 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 125816 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 120152 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-02-20 19:34 . 2012-02-20 19:34 120152 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 607064 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-02-20 19:34 . 2012-02-20 19:34 607064 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 395120 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-02-20 19:34 . 2012-02-20 19:34 395120 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-02-20 19:34 . 2012-02-20 19:34 182144 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 182144 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 285072 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-02-20 19:34 . 2012-02-20 19:34 285072 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-02-20 19:34 . 2012-02-20 19:34 829280 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 829280 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 747360 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-02-20 19:34 . 2012-02-20 19:34 747360 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 683368 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll
- 2012-02-19 22:30 . 2012-02-19 22:30 683368 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll
- 2012-02-19 22:30 . 2012-02-19 22:30 178040 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 178040 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 436600 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 436600 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 683872 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 683872 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 810352 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
- 2012-02-19 22:30 . 2012-02-19 22:30 810352 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 409448 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-02-20 19:34 . 2012-02-20 19:34 409448 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 210816 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 210816 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-02-20 19:34 . 2012-02-20 19:34 149848 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 149848 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 122248 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 122248 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 525704 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 525704 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-02-20 19:34 . 2012-02-20 19:34 112976 b:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 112976 b:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 581464 b:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 581464 b:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 832856 b:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 832856 b:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 194424 b:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 194424 b:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 478576 b:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 478576 b:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 167288 b:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 167288 b:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 232304 b:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 232304 b:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 587624 b:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks\v4.0_4.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
- 2012-02-19 22:31 . 2012-02-19 22:31 587624 b:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks\v4.0_4.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 661352 b:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-02-20 19:34 . 2012-02-20 19:34 661352 b:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 349576 b:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 349576 b:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 387960 b:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 387960 b:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-02-20 19:34 . 2012-02-20 19:34 746336 b:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 746336 b:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 505184 b:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-02-20 19:34 . 2012-02-20 19:34 505184 b:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 220024 b:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll
- 2012-02-19 22:30 . 2012-02-19 22:30 220024 b:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll
- 2012-02-19 22:30 . 2012-02-19 22:30 107376 b:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 107376 b:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 714600 b:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2012-02-19 22:30 . 2012-02-19 22:30 714600 b:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 498520 b:\windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2012-02-19 22:31 . 2012-02-19 22:31 498520 b:\windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 288616 b:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 288616 b:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 335712 b:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 335712 b:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 125440 b:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-02-20 19:34 . 2012-02-20 19:34 125440 b:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 237424 b:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-02-20 19:34 . 2012-02-20 19:34 237424 b:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-02-19 22:30 . 2012-02-19 22:30 512368 b:\windows\Microsoft.NET\assembly\GAC_64\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 512368 b:\windows\Microsoft.NET\assembly\GAC_64\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 187776 b:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 187776 b:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-02-20 19:34 . 2012-02-20 19:34 269672 b:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-02-19 22:45 . 2012-02-19 22:45 269672 b:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-02-20 19:34 . 2012-02-20 19:34 334688 b:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-02-19 22:45 . 2012-02-19 22:45 334688 b:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-02-19 22:45 . 2012-02-19 22:45 109568 b:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-02-20 19:34 . 2012-02-20 19:34 109568 b:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-02-19 22:45 . 2012-02-19 22:45 246128 b:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-02-20 19:34 . 2012-02-20 19:34 246128 b:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 495984 b:\windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2012-02-19 22:30 . 2012-02-19 22:30 495984 b:\windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2012-02-19 22:45 . 2012-02-19 22:45 170368 b:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-02-20 19:34 . 2012-02-20 19:34 170368 b:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-02-20 19:50 . 2012-02-20 19:50 462336 b:\windows\assembly\NativeImages_v4.0.30319_64\WsatConfig\eac69863f449fe367f746d5f0a350679\WsatConfig.ni.exe
+ 2012-02-20 19:49 . 2012-02-20 19:49 946688 b:\windows\assembly\NativeImages_v4.0.30319_64\System.Security\878946615037b9d5f09916c598420dc1\System.Security.ni.dll
+ 2012-02-20 19:49 . 2012-02-20 19:49 176640 b:\windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\8064e773b9addf027658899e27e94c7b\System.Numerics.ni.dll
+ 2012-02-20 22:48 . 2012-02-20 22:48 512000 b:\windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\cbc3e5d028dd347a294096f068a053d4\System.Dynamic.ni.dll
+ 2012-02-20 19:50 . 2012-02-20 19:50 432128 b:\windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\30cf4fc2c247cf490879f5436c63017c\SMSvcHost.ni.exe
+ 2012-02-20 19:49 . 2012-02-20 19:49 364544 b:\windows\assembly\NativeImages_v4.0.30319_64\MSBuild\fe507be01e652c9d1577ed3c82bc0725\MSBuild.ni.exe
+ 2012-02-20 22:49 . 2012-02-20 22:49 422400 b:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\480ae0610a44148c6532d3d134f9956f\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-02-20 22:48 . 2012-02-20 22:48 600064 b:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\16bf3be602620d349b25e6c2d08199a3\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-20 22:49 . 2012-02-20 22:49 851456 b:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Uti#\ef49e94c2b9e293e658979ba193686c7\Microsoft.Build.Utilities.v4.0.ni.dll
+ 2012-02-20 19:49 . 2012-02-20 19:49 353792 b:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Fra#\f03be672b1993e4a2dee05f0c99cf27a\Microsoft.Build.Framework.ni.dll
+ 2012-02-20 19:50 . 2012-02-20 19:50 279552 b:\windows\assembly\NativeImages_v4.0.30319_64\CustomMarshalers\f6b9abf9cd43524102ad9be82b7136d0\CustomMarshalers.ni.dll
+ 2012-02-20 19:49 . 2012-02-20 19:49 661504 b:\windows\assembly\NativeImages_v4.0.30319_64\ComSvcConfig\3c87931e06af65974a92146167d898f3\ComSvcConfig.ni.exe
+ 2012-02-20 19:29 . 2012-02-20 19:29 736768 b:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\c1127f26363bea39c40707b9ddb6bbb9\System.Security.ni.dll
+ 2012-02-20 19:28 . 2012-02-20 19:28 145408 b:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\3ce3d5b8126cda36b3dbd3535f249890\System.Numerics.ni.dll
+ 2012-02-20 19:29 . 2012-02-20 19:29 377856 b:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\cbb6e9a9b075d9f6fa303e3eef4c0ffd\System.Dynamic.ni.dll
+ 2012-02-20 19:32 . 2012-02-20 19:32 224768 b:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\0654fb77b7eb669edbe5309614f56609\System.Drawing.Design.ni.dll
+ 2012-02-20 19:29 . 2012-02-20 19:29 982528 b:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bab886a18699bab842769c5ce486c332\System.Configuration.ni.dll
+ 2012-02-20 19:29 . 2012-02-20 19:29 693760 b:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\a92c1bd4d32fbbc54134fc40d2f97389\System.ComponentModel.Composition.ni.dll
+ 2012-02-20 19:29 . 2012-02-20 19:29 309760 b:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\94d89db071d382d9ba0bc6381669b85f\PresentationFramework.Classic.ni.dll
+ 2012-02-20 19:29 . 2012-02-20 19:29 595968 b:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8b8a5c194aacfb2102d4e26b75a84e03\PresentationFramework.Aero.ni.dll
+ 2012-02-20 19:29 . 2012-02-20 19:29 387072 b:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\443c3fae1f6f0588a542ddc1c02c1be1\PresentationFramework.Royale.ni.dll
+ 2012-02-20 19:29 . 2012-02-20 19:29 755712 b:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\273034086c19b92034c9f2896724ac33\PresentationFramework.Luna.ni.dll
+ 2012-02-20 23:14 . 2012-02-20 23:14 1127424 b:\windows\SysWOW64\wininet.dll
+ 2012-02-20 23:14 . 2012-02-20 23:14 1103360 b:\windows\SysWOW64\urlmon.dll
+ 2012-02-20 23:14 . 2012-02-20 23:14 1798656 b:\windows\SysWOW64\jscript9.dll
+ 2012-02-20 23:14 . 2012-02-20 23:14 1792000 b:\windows\SysWOW64\iertutil.dll
+ 2012-02-20 23:14 . 2012-02-20 23:14 9705472 b:\windows\SysWOW64\ieframe.dll
+ 2012-02-20 23:14 . 2012-02-20 23:14 3695416 b:\windows\SysWOW64\ieapfltr.dat
- 2009-07-14 04:45 . 2012-02-20 00:08 5985246 b:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-02-21 03:22 5985246 b:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-11-22 06:31 . 2011-11-22 06:31 3512072 b:\windows\Microsoft.NET\Framework64\v4.0.30319\System.dll
+ 2011-11-22 07:57 . 2011-11-22 07:57 4970768 b:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll
+ 2011-11-22 07:57 . 2011-11-22 07:57 1455376 b:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll
+ 2011-11-22 07:57 . 2011-11-22 07:57 1515792 b:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordacwks.dll
+ 2011-11-22 07:57 . 2011-11-22 07:57 9793280 b:\windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
+ 2011-11-22 06:31 . 2011-11-22 06:31 3512072 b:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
+ 2011-11-22 06:31 . 2011-11-22 06:31 5201168 b:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2011-11-22 06:31 . 2011-11-22 06:31 1143568 b:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
+ 2011-11-22 06:31 . 2011-11-22 06:31 6727424 b:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 1368920 b:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 1368920 b:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-02-20 19:34 . 2012-02-20 19:34 3512072 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-02-20 19:34 . 2012-02-20 19:34 2207568 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 2207568 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-02-19 22:31 . 2012-02-19 22:31 1587064 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 1587064 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 1070960 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
- 2012-02-19 22:31 . 2012-02-19 22:31 1070960 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2012-02-20 19:34 . 2012-02-20 19:34 5028200 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 5028200 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-02-20 19:34 . 2012-02-20 19:34 1711496 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 1711496 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-02-19 22:31 . 2012-02-19 22:31 1863464 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 1863464 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2012-02-19 22:31 . 2012-02-19 22:31 1749880 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 1749880 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 6097256 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 6097256 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 1026936 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 1026936 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 5097816 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-02-19 22:30 . 2012-02-19 22:31 5097816 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 4464480 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 4464480 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 1354584 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 1354584 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 1199968 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 1199968 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 1462648 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 1462648 b:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 6428520 b:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 6428520 b:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2012-02-19 22:30 . 2012-02-19 22:30 1327968 b:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 1327968 b:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 1069936 b:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll
- 2012-02-19 22:30 . 2012-02-19 22:30 1069936 b:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 5200656 b:\windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2012-02-19 22:31 . 2012-02-19 22:31 5200656 b:\windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-02-20 19:34 . 2012-02-20 19:34 3116376 b:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 3116376 b:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 3824480 b:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 3824480 b:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-02-20 19:34 . 2012-02-20 19:34 4970768 b:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-02-20 19:35 . 2012-02-20 19:35 3563408 b:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-02-19 22:46 . 2012-02-19 22:46 3563408 b:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-02-20 19:31 . 2012-02-20 19:31 5230864 b:\windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2012-02-19 22:30 . 2012-02-19 22:30 5230864 b:\windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-02-20 19:34 . 2012-02-20 19:34 2975064 b:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-02-19 22:45 . 2012-02-19 22:45 2975064 b:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-02-19 22:45 . 2012-02-19 22:45 3788128 b:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-02-20 19:34 . 2012-02-20 19:34 3788128 b:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-02-20 19:34 . 2012-02-20 19:34 5201168 b:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-02-19 22:45 . 2012-02-19 22:45 2989456 b:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-02-20 19:34 . 2012-02-20 19:34 2989456 b:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-10-27 00:36 . 2011-10-27 00:36 2829312 b:\windows\Installer\b7c8f.msp
+ 2012-02-20 22:49 . 2012-02-20 22:49 5237248 b:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\02198c29552545c7d7e7a95ab39488e5\WindowsBase.ni.dll
+ 2012-02-20 19:49 . 2012-02-20 19:49 7037952 b:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\ecdcf3d1d7bc90546464d70a4bee843d\System.Xml.ni.dll
+ 2012-02-20 19:49 . 2012-02-20 19:49 2449408 b:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\3a9670f473f8f9291ca256d9a15fc281\System.Xaml.ni.dll
+ 2012-02-20 19:49 . 2012-02-20 19:49 3390976 b:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\657b967b5fd7819f273f5704197ce97e\System.Data.SqlXml.ni.dll
+ 2012-02-20 19:49 . 2012-02-20 19:49 1257472 b:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\c24ce44b45c0e0c0961a9755f192eb3a\System.Configuration.ni.dll
+ 2012-02-20 22:49 . 2012-02-20 22:49 1891328 b:\windows\assembly\NativeImages_v4.0.30319_64\PresentationBuildTa#\2876e05f3ce0df4f38abe04c9bec2e8c\PresentationBuildTasks.ni.dll
+ 2012-02-20 22:49 . 2012-02-20 22:49 1829888 b:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\54ab341a252461dbdcde4d460d17d85f\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-02-20 22:48 . 2012-02-20 22:48 2317312 b:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\1903f5de0c7c33993c55319d4fc3062e\Microsoft.VisualBasic.ni.dll
+ 2012-02-20 22:48 . 2012-02-20 22:48 1623040 b:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\15b88fefd6d638f01856a68c14e2ab9b\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-02-20 22:48 . 2012-02-20 22:48 1526784 b:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\2d92f0cffe052f601c1bca1f52425fef\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-20 19:50 . 2012-02-20 19:50 2009600 b:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\83f53b455553f5ad67e756f6762dc3b4\Microsoft.CSharp.ni.dll
+ 2012-02-20 19:49 . 2012-02-20 19:49 6004736 b:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build\5417f88ad5b4444a5f1e744fcd8ac9cc\Microsoft.Build.ni.dll
+ 2012-02-20 19:50 . 2012-02-20 19:50 2521088 b:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Eng#\0220591dc78673b4efa66d7848de3f54\Microsoft.Build.Engine.ni.dll
+ 2012-02-20 19:49 . 2012-02-20 19:49 1007104 b:\windows\assembly\NativeImages_v4.0.30319_64\AspNetMMCExt\ea41875cd4720b16a0a164e1d266c374\AspNetMMCExt.ni.dll
+ 2012-02-20 19:29 . 2012-02-20 19:29 3858432 b:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ef8c44c3c8766f219f576faab54c8dc7\WindowsBase.ni.dll
+ 2012-02-20 19:28 . 2012-02-20 19:28 9091584 b:\windows\assembly\NativeImages_v4.0.30319_32\System\2c59490afc22def906d3ca96e1207ff9\System.ni.dll
+ 2012-02-20 19:29 . 2012-02-20 19:29 5617664 b:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\19e79fc0f95c93b0244c7b287e254871\System.Xml.ni.dll
+ 2012-02-20 19:29 . 2012-02-20 19:29 1653248 b:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\aa90407cafb9b4a0dc5e3fdff170fee9\System.Drawing.ni.dll
+ 2012-02-20 19:29 . 2012-02-20 19:29 6815232 b:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\4a1e0e4ec906686357466a5881de605e\System.Data.ni.dll
+ 2012-02-20 19:29 . 2012-02-20 19:29 2549760 b:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\67ccf8c95fb30e4dcbe3f1eae1f72d00\System.Data.SqlXml.ni.dll
+ 2012-02-20 19:29 . 2012-02-20 19:29 2517504 b:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\f5cc7fbaadd22a9278512102cd30eb3a\System.Data.Linq.ni.dll
+ 2012-02-20 19:29 . 2012-02-20 19:29 7069696 b:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\7292b3e639a6202cf7eaf1f7ed271249\System.Core.ni.dll
+ 2012-02-20 19:29 . 2012-02-20 19:29 1616384 b:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\a263b12a7f89cd41ef8ea216dcd1e854\Microsoft.CSharp.ni.dll
+ 2012-02-20 23:14 . 2012-02-20 23:14 12282368 b:\windows\SysWOW64\mshtml.dll
+ 2009-07-14 04:54 . 2012-02-21 19:51 16187392 b:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-19 21:31 16187392 b:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-19 21:31 16187392 b:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-21 19:51 16187392 b:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-22 08:42 . 2011-11-22 08:42 33189888 b:\windows\Installer\b7c77.msp
+ 2012-02-20 19:28 . 2012-02-20 19:28 11880448 b:\windows\assembly\NativeImages_v4.0.30319_64\System\a9e29e892ad68ac0b88f0480746a0d0b\System.ni.dll
+ 2012-02-20 19:49 . 2012-02-20 19:49 10440704 b:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\e91a0d844afdda429e0fbd9814f41134\System.Core.ni.dll
+ 2012-02-20 19:28 . 2012-02-20 19:28 19355648 b:\windows\assembly\NativeImages_v4.0.30319_64\mscorlib\d9d8d4f8fc868d07be41d4ffb46d7364\mscorlib.ni.dll
+ 2012-02-20 19:29 . 2012-02-20 19:29 13138944 b:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7390d789557549200e474b9bbeca3d1a\System.Windows.Forms.ni.dll
+ 2012-02-20 19:32 . 2012-02-20 19:32 10999296 b:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\eaf249a4249af9de189417d3b973042a\System.Design.ni.dll
+ 2012-02-20 19:29 . 2012-02-20 19:29 18000384 b:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e48a8a41e50ee180c6ca9c50e4575f42\PresentationFramework.ni.dll
+ 2012-02-20 19:29 . 2012-02-20 19:29 11450880 b:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9dee5fd0cf53fc233a7fc20edf8e66ed\PresentationCore.ni.dll
+ 2012-02-20 19:28 . 2012-02-20 19:28 14413824 b:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\44ae9f9afb2373055136d57ac6db3f96\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{77F4E711-789B-447F-9614-96759B2F83C6}]
2011-01-13 04:16 64000 ----a-w- b:\users\Grie.Casey-PC\AppData\Local\Megamedia\Megakey\MegaIeHelper.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="b:\program files (x86)\uTorrent\uTorrent.exe" [2011-04-19 399736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"AdobeCS4ServiceManager"="b:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;b:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;b:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);b:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-28 136176]
R3 androidusb;ADB Interface Driver;b:\windows\system32\Drivers\androidusb.sys [x]
R3 dump_wmimmc;dump_wmimmc;b:\program files (x86)\Gpotato\Flyff\GameGuard\dump_wmimmc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);b:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-28 136176]
R3 HTCAND64;HTC Device Driver;b:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;b:\windows\system32\drivers\libusb0.sys [2008-02-19 28672]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;b:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;b:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 NPF;NetGroup Packet Filter Driver;b:\windows\system32\drivers\npf.sys [x]
R3 osppsvc;Office Software Protection Platform;b:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PsSdk41;PsSdk41;b:\windows\system32\Drivers\pssdk41.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;b:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RivaTuner64;RivaTuner64;b:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2011-07-31 19952]
R3 skfiltv;skfiltv;b:\windows\system32\drivers\skfiltv.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;b:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;b:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;b:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;b:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;b:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;b:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;b:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;b:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 X6va003;X6va003;b:\users\GRIE~1.CAS\AppData\Local\Temp\0039EAD.tmp [x]
R3 X6va005;X6va005;b:\users\GRIE~1.CAS\AppData\Local\Temp\0055882.tmp [x]
S0 PxHlpa64;PxHlpa64;b:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;b:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Akamai;Akamai NetSession Interface;b:\windows\System32\svchost.exe [2009-07-14 27136]
S2 cpuz135;cpuz135;b:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;b:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-07 2343816]
S2 TabletServiceWacom;TabletServiceWacom;b:\windows\system32\Wacom_Tablet.exe [x]
S3 pcouffin;VSO Software pcouffin;b:\windows\system32\Drivers\pcouffin.sys [x]
S3 pnetmdm;PdaNet Modem;b:\windows\system32\DRIVERS\pnetmdm64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;b:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 wacmoumonitor;Wacom Mode Helper;b:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-22 b:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- b:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-28 07:14]
.
2012-02-22 b:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- b:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-28 07:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77F4E711-789B-447F-9614-96759B2F83C6}]
2011-01-13 04:19 78336 ----a-w- b:\users\Grie.Casey-PC\AppData\Local\Megamedia\Megakey\x64\MegaIeHelper64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="b:\combofix\CF11907.3XE" [2010-11-20 345088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
KS0108
Xponaut_WBD
.
------- Supplementary Scan -------
.
uLocal Page = b:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = b:\windows\SysWOW64\blank.htm
IE: Capture Web Page - b:\users\Grie.Casey-PC\AppData\Local\Megamedia\Megakey\CaptureWebPage.htm
IE: E&xport to Microsoft Excel - b:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fetch to Megaupload - b:\users\Grie.Casey-PC\AppData\Local\Megamedia\Megakey\MegaUpload.htm
IE: Se&nd to OneNote - b:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Sothink SWF Catcher - b:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
LSP: b:\programdata\Megamedia\Megakey\msadm.dll
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - b:\users\Grie.Casey-PC\AppData\Roaming\Mozilla\Firefox\Profiles\a9lp7851.default\
FF - prefs.js: browser.startup.homepage - hxxps://my.pcc.edu/cp/home/displaylogin
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="b:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="b:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
"ImagePath"="\??\b:\users\GRIE~1.CAS\AppData\Local\Temp\0039EAD.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\b:\users\GRIE~1.CAS\AppData\Local\Temp\0055882.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3843598834-1698903087-2497583273-1001\Software\SecuROM\License information*]
"datasecu"=hex:9c,5c,35,ed,5f,9f,51,20,2e,d3,7d,cf,ab,26,7e,26,67,3b,52,fe,2d,
54,80,72,0c,1e,43,6b,c1,dc,e5,08,11,57,b8,10,29,45,1b,be,2e,7c,c5,5c,67,37,\
"rkeysecu"=hex:1d,da,83,9a,0d,bc,0c,b5,de,27,71,d0,f0,0b,b5,73
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@b:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="b:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="b:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="b:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="b:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="b:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="b:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
b:\windows\SysWOW64\ping.exe
b:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
.
**************************************************************************
.
Completion time: 2012-02-21 19:38:54 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-22 03:38
ComboFix2.txt 2012-02-20 19:17
.
Pre-Run: 2,567,757,824 bytes free
Post-Run: 3,385,659,392 bytes free
.
- - End Of File - - C8C6C8FBDBC35F6215D227B9F98BA022

My only problem was that it was so slow. This entire time was spent letting the program run. But I waited it out and it finally finished!

And so far everything seems to be in working order! I no longer have any redirects, I can connect completely to localhost(127.0.0.1), and the only problem that seems to have appeared is now my shared folders no longer are accessible. That may just be a problem on my end but I felt I should mention it.

And THANK YOU, THANK YOU, THANK YOU, so much for helping me out. And when my next cheque comes in I'll be sure send a donation your way.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:58 AM

Posted 21 February 2012 - 11:17 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Ask Toolbar
Java 2 Runtime Environment, SE v1.4.2_07
Java™ 6 Update 3
Java™ 6 Update 30
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Casey_D.

Casey_D.
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 22 February 2012 - 05:05 PM

I got to the point of restarting my computer from running TFC and now my computer will no longer boot back up. The error is:

STOP: c0000135 The program can't start because %hs is missing from your computer. Try reinstalling the program to fix this problem.

I have tried every restore point created from the Revo uninstaller but to no avail.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:58 AM

Posted 22 February 2012 - 05:28 PM

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Casey_D.

Casey_D.
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 22 February 2012 - 05:44 PM

Scan result of Farbar Recovery Scan Tool Version: 21-02-2012
Ran by SYSTEM at 2012-02-22 14:36:49
Running from H:\
Microsoft Windows XP (X64) OS Language: English(US)
The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKLM\...\Run: [GrooveMonitor] "F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe [2007832 2009-08-12] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [Run StartupMonitor] StartupMonitor.exe [x]
HKLM\...\Run: [nwiz] nwiz.exe /install [x]
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup [13680640 2009-02-18] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [86016 2009-02-18] (NVIDIA Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Winlogon: [Userinit] [x]
HKLM-x32\...\Winlogon: [Shell] [x ] ()
Winlogon\Notify\avgrsstarter: avgrsstx.dll (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\crypt32chain: crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: %SystemRoot%\System32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: wlnotify.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) ======

2 6to4; C:\Windows\System32\6to4svc.dll [100352 2008-04-14] (Microsoft Corporation)
4 Alerter; C:\Windows\System32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation)
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [33800 2007-10-24] (Microsoft Corporation)
2 avg8emc; C:\PROGRA~1\AVG\AVG8\avgemc.exe [908056 2009-08-02] (AVG Technologies CZ, s.r.o.)
2 avg8wd; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [297752 2009-08-02] (AVG Technologies CZ, s.r.o.)
3 CiSvc; C:\Windows\System32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation)
4 ClipSrv; C:\Windows\System32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation)
3 dmadmin; C:\Windows\System32\dmadmin.exe /com [224768 2008-04-14] (Microsoft Corp., Veritas Software)
2 dmserver; C:\Windows\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corp.)
4 ERSvc; C:\Windows\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation)
4 Eventlog; C:\Windows\System32\services.exe [108544 2008-04-14] (Microsoft Corporation)
4 FastUserSwitchingCompatibility; C:\Windows\System32\shsvcs.dll [135168 2008-04-14] (Microsoft Corporation)
4 FLEXnet Licensing Service; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [655624 2009-05-18] (Acresso Software Inc.)
4 FontCache3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [36864 2007-10-09] (Microsoft Corporation)
4 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation)
4 HTTPFilter; C:\Windows\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation)
4 IDriverT; "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [69632 2005-04-03] (Macrovision Corporation)
4 idsvc; "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [864256 2007-10-11] (Microsoft Corporation)
4 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation)
4 Messenger; C:\Windows\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation)
4 Microsoft Office Groove Audit Service; "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe" [65824 2006-10-26] (Microsoft Corporation)
4 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation)
2 NetDDE; C:\Windows\System32\netdde.exe [111104 2008-04-14] (Microsoft Corporation)
2 NetDDEdsdm; C:\Windows\System32\netdde.exe [111104 2008-04-14] (Microsoft Corporation)
4 NetTcpPortSharing; "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [122880 2007-10-11] (Microsoft Corporation)
2 Nla; C:\Windows\System32\mswsock.dll [245248 2008-07-28] (Microsoft Corporation)
4 NtLmSsp; C:\Windows\System32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
4 NtmsSvc; C:\Windows\System32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation)
2 NVSvc; C:\Windows\System32\nvsvc32.exe [163908 2009-02-18] (NVIDIA Corporation)
4 odserv; "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [441136 2006-10-26] (Microsoft Corporation)
4 OrbisClient.Services; "C:\Program Files\TestOut\Orbis\OrbisClient.Services.exe" [14904 2008-04-10] ()
4 ose; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [145184 2006-10-26] (Microsoft Corporation)
2 PlugPlay; C:\Windows\System32\services.exe [108544 2008-04-14] (Microsoft Corporation)
4 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [66872 2009-06-02] ()
4 PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [107832 2009-06-02] ()
2 PolicyAgent; C:\Windows\System32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
4 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation)
4 RSVP; C:\Windows\System32\rsvp.exe [132608 2008-04-14] (Microsoft Corporation)
4 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP2\RpcAgentSrv.exe [98488 2008-12-11] (SiSoftware)
4 SCardSvr; C:\Windows\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation)
4 srservice; C:\WINDOWS\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation)
4 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{7C9B6AE2-C99A-49AA-88A8-03D3497D9FB8} [5120 2008-04-14] (Microsoft Corporation)
4 SysmonLog; C:\Windows\System32\smlogsvc.exe [89600 2008-04-14] (Microsoft Corporation)
4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [73216 2008-04-14] (Microsoft Corporation)
4 UPS; C:\Windows\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation)
4 WmdmPmSN; C:\WINDOWS\system32\MsPMSNSv.dll [27136 2006-10-18] (Microsoft Corporation)
4 Wmi; C:\Windows\System32\advapi32.dll [617472 2008-04-14] (Microsoft Corporation)
2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [23576 2008-10-16] (Microsoft Corporation)
4 WZCSVC; C:\Windows\System32\wzcsvc.dll [483328 2008-04-14] (Microsoft Corporation)
2 xmlprov; C:\Windows\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation)
4 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]

========================== Drivers (Whitelisted) =============

4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [11648 2008-04-14] (Microsoft Corporation)
3 aec; C:\Windows\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation)
3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36352 2005-03-09] (Advanced Micro Devices)
2 Aspi32; C:\Windows\System32\Drivers\Aspi32.sys [16877 2006-02-25] (Adaptec)
3 Atmarpc; C:\Windows\System32\DRIVERS\atmarpc.sys [59904 2008-04-14] (Microsoft Corporation)
3 audstub; C:\Windows\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation)
1 AvgLdx86; C:\Windows\System32\Drivers\avgldx86.sys [335240 2009-08-02] (AVG Technologies CZ, s.r.o.)
1 AvgMfx86; C:\Windows\System32\Drivers\avgmfx86.sys [27784 2009-08-02] (AVG Technologies CZ, s.r.o.)
0 AvgRkx86; C:\Windows\System32\Drivers\avgrkx86.sys [12552 2009-06-30] (AVG Technologies CZ, s.r.o.)
1 AvgTdiX; C:\Windows\System32\Drivers\avgtdix.sys [108552 2009-06-30] (AVG Technologies CZ, s.r.o.)
4 cbidf2k; C:\Windows\System32\Drivers\cbidf2k.sys [13952 2008-04-14] (Microsoft Corporation)
1 Cdaudio; C:\Windows\System32\Drivers\Cdaudio.sys [18688 2008-04-14] (Microsoft Corporation)
4 dmboot; C:\Windows\System32\drivers\dmboot.sys [799744 2008-04-14] (Microsoft Corp., Veritas Software)
0 dmio; C:\Windows\System32\drivers\dmio.sys [153344 2008-04-14] (Microsoft Corp., Veritas Software)
0 dmload; C:\Windows\System32\drivers\dmload.sys [5888 2008-04-14] (Microsoft Corp., Veritas Software.)
3 DMusic; C:\Windows\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation)
1 Fips; C:\Windows\System32\Drivers\Fips.sys [44544 2008-04-14] (Microsoft Corporation)
0 Ftdisk; C:\Windows\System32\DRIVERS\ftdisk.sys [125056 2008-04-14] (Microsoft Corporation)
3 Gpc; C:\Windows\System32\DRIVERS\msgpc.sys [35072 2008-04-14] (Microsoft Corporation)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows ® Server 2003 DDK provider)
1 Imapi; C:\Windows\System32\DRIVERS\imapi.sys [42112 2008-04-14] (Microsoft Corporation)
3 IntcAzAudAddService; C:\Windows\System32\drivers\RtkHDAud.sys [5795328 2009-07-20] (Realtek Semiconductor Corp.)
3 Ip6Fw; C:\Windows\System32\DRIVERS\Ip6Fw.sys [36608 2008-04-14] (Microsoft Corporation)
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [20864 2008-04-14] (Microsoft Corporation)
1 IPSec; C:\Windows\System32\DRIVERS\ipsec.sys [75264 2008-04-14] (Microsoft Corporation)
3 kmixer; C:\Windows\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation)
1 mnmdd; C:\Windows\System32\Drivers\mnmdd.sys [4224 2008-04-14] (Microsoft Corporation)
3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
3 nv; C:\Windows\System32\DRIVERS\nv4_mini.sys [6308224 2009-02-18] (NVIDIA Corporation)
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [12416 2008-04-14] (Microsoft Corporation)
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [32512 2008-04-14] (Microsoft Corporation)
3 PSched; C:\Windows\System32\DRIVERS\psched.sys [69120 2008-04-14] (Microsoft Corporation)
3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [17792 2008-04-14] (Parallel Technologies, Inc.)
3 Raspti; C:\Windows\System32\DRIVERS\raspti.sys [16512 2008-04-14] (Microsoft Corporation)
1 redbook; C:\Windows\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation)
3 RTL8023xp; C:\Windows\System32\DRIVERS\Rtnicxp.sys [130432 2009-03-25] (Realtek Semiconductor Corporation )
3 splitter; C:\Windows\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2009-03-09] (Duplex Secure Ltd.)
0 Sr; C:\Windows\System32\DRIVERS\sr.sys [73472 2008-04-14] (Microsoft Corporation)
3 swmidi; C:\Windows\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation)
3 sysaudio; C:\Windows\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation)
1 Tcpip6; C:\Windows\System32\DRIVERS\tcpip6.sys [225856 2008-07-28] (Microsoft Corporation)
3 Update; C:\Windows\System32\DRIVERS\update.sys [384768 2008-04-14] (Microsoft Corporation)
3 wdmaud; C:\Windows\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation)
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
0 atapi; C:\Windows\System32\DRIVERS\atapi.sys [x]
4 Atdisk; [x]
1 BIOS; \??\F:\WINDOWS\system32\drivers\BIOS.sys [x]
1 BS_I2cIo; \??\F:\WINDOWS\system32\drivers\BS_I2cIo.sys [x]
4 cd20xrnt; [x]
1 Changer; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
4 hpn; [x]
1 i2omgmt; [x]
4 i2omp; [x]
4 ini910u; [x]
4 IntelIde; [x]
1 lbrtfdc; [x]
3 maxidemo; C:\Windows\System32\DRIVERS\maxidemo.sys [x]
4 mraid35x; [x]
3 npggsvc; F:\WINDOWS\system32\GameMon.des -service [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
3 SANDRA; \??\F:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP2\WNt500x86\Sandra.sys [x]
4 Simbad; [x]
4 Sparrow; [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
4 TosIde; [x]
4 ultra; [x]
4 ViaIde; [x]
3 WDICA; [x]
3 WINFLASH; \??\F:\Program Files\BIOSTAR\T-Utility BIOS Live Update\WinFlash.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-02-20 14:59 - 2012-02-22 14:36 - 0000000 ____D C:\FRST


============ 3 Months Modified Files and Folders =============

2012-02-22 14:36 - 2012-02-20 14:59 - 0000000 ____D C:\FRST
2012-02-18 18:45 - 2009-03-10 23:46 - 0000000 ___RD C:\Documents and Settings\Administrator\My Documents\My Videos
2012-01-14 10:36 - 2011-11-11 20:33 - 0000000 ____D C:\Program Files\The Elder Scrolls V Skyrim
2012-01-14 10:31 - 2012-01-14 10:31 - 0000000 ____D C:\Program Files\Square Enix
2012-01-04 13:59 - 2012-01-04 13:55 - 0000000 ____D C:\portal 2
2011-12-31 13:49 - 2010-06-04 16:00 - 0000000 ___RD C:\Games
2011-12-25 22:04 - 2009-03-09 06:19 - 0000000 ___RD C:\Documents and Settings\Administrator\My Documents
2011-12-25 21:59 - 2009-10-04 23:35 - 0000000 ____D C:\Backflash
2011-12-13 16:46 - 2009-03-11 00:45 - 0000000 ____D C:\Program Files\Spybot - Search & Destroy

========================= Known DLLs (Whitelisted) ============

C:\Windows\SysWOW64\advapi32.dll is missing
C:\Windows\SysWOW64\comdlg32.dll is missing
C:\Windows\SysWOW64\gdi32.dll is missing
C:\Windows\SysWOW64\imagehlp.dll is missing
C:\Windows\SysWOW64\kernel32.dll is missing
C:\Windows\SysWOW64\lz32.dll is missing
C:\Windows\SysWOW64\ole32.dll is missing
C:\Windows\SysWOW64\oleaut32.dll is missing
[2008-04-14 02:00] - [2008-04-14 02:00] - 0074752 ____A (Microsoft Corporation) C:\Windows\System32\olecli32.dll
C:\Windows\SysWOW64\olecli32.dll is missing
[2008-04-14 02:00] - [2008-04-14 02:00] - 0037376 ____A (Microsoft Corporation) C:\Windows\System32\olecnv32.dll
C:\Windows\SysWOW64\olecnv32.dll is missing
[2008-04-14 02:00] - [2008-04-14 02:00] - 0022016 ____A (Microsoft Corporation) C:\Windows\System32\olesvr32.dll
C:\Windows\SysWOW64\olesvr32.dll is missing
[2008-04-14 02:00] - [2008-04-14 02:00] - 0069120 ____A (Microsoft Corporation) C:\Windows\System32\olethk32.dll
C:\Windows\SysWOW64\olethk32.dll is missing
C:\Windows\SysWOW64\rpcrt4.dll is missing
C:\Windows\SysWOW64\shell32.dll is missing
C:\Windows\SysWOW64\url.dll is missing
C:\Windows\SysWOW64\urlmon.dll is missing
C:\Windows\SysWOW64\user32.dll is missing
C:\Windows\SysWOW64\version.dll is missing
C:\Windows\SysWOW64\wininet.dll is missing
C:\Windows\SysWOW64\wldap32.dll is missing

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe
[2008-04-14 02:00] - [2008-04-14 02:00] - 0507904 ____A (Microsoft Corporation) ED0EF0A136DEC83DF69F04118870003E

C:\Windows\System32\wininit.exe is missing.
C:\Windows\SysWOW64\wininit.exe is missing.
C:\Windows\explorer.exe
[2008-07-03 01:38] - [2008-07-03 01:38] - 1033728 ____A (Microsoft Corporation) 2BB75B7F548D82A099125D0C5971DE7D

C:\Windows\SysWOW64\explorer.exe is missing.
C:\Windows\System32\svchost.exe
[2008-04-14 02:00] - [2008-04-14 02:00] - 0014336 ____A (Microsoft Corporation) 27C6D03BCDB8CFEB96B716F3D8BE3E18

C:\Windows\SysWOW64\svchost.exe is missing.
C:\Windows\System32\User32.dll
[2008-04-14 02:00] - [2008-04-14 02:00] - 0578560 ____A (Microsoft Corporation) B26B135FF1B9F60C9388B4A7D16F600B

C:\Windows\SysWOW64\User32.dll is missing.
C:\Windows\System32\Drivers\volsnap.sys
[2008-04-14 02:00] - [2008-04-14 02:00] - 0052352 ____A (Microsoft Corporation) 4C8FCB5CC53AAB716D810740FE59D025


========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 5118.49 MB
Available physical RAM: 4564.24 MB
Total Pagefile: 5116.64 MB
Available Pagefile: 4545.69 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:596.16 GB) (Free:322.41 GB) NTFS
3 Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:931.39 GB) NTFS
4 Drive e: (F IS FOR FUN!!!) (Fixed) (Total:931.51 GB) (Free:550.9 GB) NTFS
5 Drive f: (Windows 7 - 64 Bit) (Fixed) (Total:132.06 GB) (Free:0.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
6 Drive g: (Windows 7 - 32 Bit) (Fixed) (Total:147.4 GB) (Free:57.95 GB) NTFS
7 Drive h: (CASEY'S FLA) (Removable) (Total:7.46 GB) (Free:7.39 GB) NTFS
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 9 MB
Disk 1 Online 931 GB 0 B
Disk 2 Online 931 GB 0 B
Disk 3 Online 279 GB 1024 KB
Disk 4 Online 7640 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 596 GB 31 KB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C NTFS Partition 596 GB Healthy

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 1024 KB

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D New Volume NTFS Partition 931 GB Healthy

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 1024 KB

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E F IS FOR FU NTFS Partition 931 GB Healthy

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 132 GB 31 KB
Partition 0 Extended 147 GB 132 GB
Partition 2 Logical 147 GB 132 GB

Disk: 3
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F Windows 7 - NTFS Partition 132 GB Healthy

Disk: 3
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G Windows 7 - NTFS Partition 147 GB Healthy

Partitions of Disk 4:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7639 MB 1024 KB

Disk: 4
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H CASEY'S FLA NTFS Removable 7639 MB Healthy


======================= End Of Log ==========================

#14 Casey_D.

Casey_D.
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 24 February 2012 - 07:02 PM

Bumping in complacent to the instructions.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:58 AM

Posted 24 February 2012 - 09:00 PM

Print out these instructions to use while in the Recovery Console:

1.Restart your computer.
2.Before Windows loads, you will be prompted to choose which Operating System to start.
3.Use the up and down arrow key to select Microsoft Windows Recovery Console
4.You must enter which Windows installation to log onto. Type 1 and press 'Enter'.
5.At the C:\Windows prompt, type the following bolded entries, and press 'Enter'

chkdsk /r
[/list]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users