Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hard to remove computer infection


  • This topic is locked This topic is locked
75 replies to this topic

#1 aparrish

aparrish

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 24 February 2012 - 01:50 PM

Frist, for whoevever gets my case, thank you for your help.

This computer is a Windows XP Pro SP3 on a network domain. About 4-5 weeks ago, it got one of the fake anti-virus malwares. The IT helper at my company has been working on trying to remove it using malware-bytes, super anti-sypware, kapersky, rescue2usb, pcinternet tools and combofix. He's gotten it to a semi-workable state in that the fake anti-virus program has not reoccured, but it's still infected with something. IT want to reformat the computer, but I'm trying this first (with his blessing) before we go that route.

Here are my problems (sorry they're a bit jumbled):

  • I noticed yesterday the combofix icon was on my desktop. Today it was gone. I confirmed with the IT person that he did not remove it and neither did I. We're the only two currently with access to this computer. I do not see a folder in program files for it either so I don't know if the log is available.
  • For a lack of a better description, it appears there is a restore point the virus has made. IT helper has said he run scans, fixes problems, run scans again which come up clean, everything will appear to work better for a couple days, and then it'll start having problems again. I print many of my files as PDFs and save them in the same folder day to day. Usually when I got to save the PDF, the save as window "opens" to the folder I previously used or the my documents folder. However, since I got this infection, the save as window will go back to previous previous years (ie 2011 or 2010 instead of the current 2012 folder). There's also the issue of the disappearing combofix noted above. When I started super anti-spyware, it warned the definitions had not been updated in over 15 days, but I just updated them late last week or earlier this week. A previous time I had started super anti-spyware, it said definiation hadn't been updated for 60+ days but I know that wasn't right because I updated it when the infection started wich was less than 60 days prior (heck, even upgraded to a newer version). Every now and again, IE will go through initial setup as if you had just installed the current version tho it's been months/year+ since the current version was installed.
  • Symantec anti-virus will popup with a trogen.gen and quarantines it.
  • I started a super anti-spyware scan this morning after it started runnig slow and it also found 7 trogan.gen-(can't remember the extension) cases in the registry. I ended the scan before it finished and came here.
  • Memory runs high. With nothing open but what Windows starts with, it's usually running 600mb+ and once I get programs open, it'll run 750-900mb. I have 1gb of memory. Just after the IT helper would get a clean set of scans, memory would run around 300-350mb.
  • I'll get some redirects using IE. Thankfully it's mostly work at home type things but I have gotten a couple nearly NSFW adult chat pop-ups.
  • Tho I have internet connection, I mostly do not have network connection. When I try to view the entire network, I do not see any other computer. When I'm on another computer, I can not see this computer. There is a local printer attached to this computer that is shared and I can not print to it from another computer nor can I access the shared folders on it from another compter. However, it does have some network connectivity as one of the programs I use gathers data from a time clock that is on the network. Since I have not had a problem gathering data, I did not want to chance losing that ability by unjoining/rejoining the domain.
  • I tried to ping other computers, the default gateway, or DNS servers in command prompt and get " 'ping' is not recognized as an internal or external command, operable program or batch file".
  • If I try to access System Restore I receive the error "system restore application has encouthed a problem and needs to close".
  • The computer will randomly restart. It will randomly freeze and the only way to restart is to press/hold the power button.
  • I can't access windows updates on the microsoft site and have not received indications from windows updates that there were updates availble to install. However, earlier this week, I did have 118 updates install after the IT person ran combofix.

Logs (if I'm not doing something right with posting these, please let me know):
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Administrator at 9:00:05 on 2012-02-24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.990.189 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\TeamViewer\Version7\tv_w32.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe
C:\PROGRAM FILES\Internet Explorer\iexplore.exe
C:\PROGRAM FILES\Internet Explorer\iexplore.exe
C:\PROGRAM FILES\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10q_ActiveX.exe -update activex
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
LSP: mswsock.dll
Trusted Zone: 192.168.3.15
Trusted Zone: synergymms.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{B8003625-1E27-4EED-A16F-086414B31779} : NameServer = 192.168.3.22,24.25.5.61
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LMIinit - LMIinit.dll
Notify: NecUsb3Sevice - USB3Nw32.dll
Notify: USB3Nw32 - USB3Nw32.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2007-7-3 3456]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-1-16 326688]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-1-16 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2012-1-16 656320]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2012-1-16 252712]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-1-16 184536]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-8-14 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-8-14 108392]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-12-7 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-9-16 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-12-15 47640]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2012-1-16 162200]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2008-12-8 2440120]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-1-11 2984832]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-9 106104]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120222.016\NAVENG.SYS [2012-2-22 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120222.016\NAVEX15.SYS [2012-2-22 1576312]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TFSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 NecUsb;USB Service;c:\windows\system32\svchost.exe -k NecUsbSevice [2004-8-11 14336]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2012-1-16 89472]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2012-1-16 125888]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2012-1-16 70664]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2012-02-24 13:04:03 -------- d-----w- c:\documents and settings\administrator\local settings\application data\PCHealth
2012-02-24 12:39:35 5484 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-02-23 13:01:01 -------- d-----w- c:\windows\ie8updates
2012-02-22 18:43:26 456320 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2012-02-22 18:42:19 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2012-02-22 18:42:16 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2012-02-22 18:42:16 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-02-22 18:42:14 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2012-02-22 18:42:14 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2012-02-22 18:42:13 2000384 ------w- c:\windows\system32\dllcache\iertutil.dll
2012-02-22 18:42:12 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2012-02-22 18:41:31 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2012-02-22 18:40:12 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-22 18:40:12 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-02-22 14:54:11 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2012-02-22 14:53:58 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2012-02-22 14:53:57 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2012-02-22 14:53:27 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2012-02-22 14:52:47 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2012-02-22 14:52:10 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2012-02-22 14:51:40 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2012-02-22 14:51:40 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2012-02-22 14:49:59 105472 ------w- c:\windows\system32\dllcache\mup.sys
2012-02-22 14:49:46 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2012-02-22 14:43:03 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2012-02-22 14:42:35 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2012-02-22 14:37:54 718336 ------w- c:\windows\system32\dllcache\ntdll.dll
2012-02-22 14:37:40 45568 ------w- c:\windows\system32\dllcache\wab.exe
2012-02-22 14:34:16 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2012-02-22 14:34:16 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2012-02-22 13:51:07 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2012-02-22 13:51:07 64512 ----a-w- c:\windows\system32\dllcache\serial.sys
2012-02-22 13:51:06 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-22 13:51:06 162816 ----a-w- c:\windows\system32\dllcache\netbt.sys
2012-02-21 18:04:14 -------- d-sha-r- C:\cmdcons
2012-02-21 17:58:50 98816 ----a-w- c:\windows\sed.exe
2012-02-21 17:58:50 518144 ----a-w- c:\windows\SWREG.exe
2012-02-21 17:58:50 256000 ----a-w- c:\windows\PEV.exe
2012-02-21 17:58:50 208896 ----a-w- c:\windows\MBR.exe
2012-02-08 18:11:21 388096 ----a-r- c:\documents and settings\administrator\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-02-08 18:11:17 -------- d-----w- c:\program files\Trend Micro
2012-02-08 13:27:50 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-02-05 14:20:39 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
.
==================== Find3M ====================
.
2012-02-01 02:30:34 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-01 02:30:26 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-02-01 02:30:16 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-02-01 02:30:16 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-01-16 17:42:56 125888 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2012-01-16 17:42:51 89472 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2012-01-16 17:42:51 31960 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ------w- c:\windows\system32\html.iec
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-07 23:22:16 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2011-12-07 23:21:58 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2010-09-01 13:38:20 451 ------w- c:\program files\090120109382043.bat
.
============= FINISH: 9:01:56.20 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:55 AM

Posted 29 February 2012 - 03:53 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 aparrish

aparrish
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 29 February 2012 - 08:51 AM

Hi Myrti,

Thank you for helping me with this. Unless one of your replies hits on a friday afternoon or the weekend, I should be able to reply within a day.

I'm running Windows XP Pro Version 2002 w/SP3. I do have access to the recovery disk Dell sent with the computer.

I have not done anything to resolve this since I opened the topic. With the exception of the network and redirect issues, the computer is behaving itself fairly well (tho now that I've said that, it'll start having issues, lol).

I do have to work fixing this into my work day and it would be helpful to know if the scans/fixes I'm going to run are under or over 30 minutes. I realized that scan time vaires from system to system so some basis to go from is that a full scan in Symentec usually takes 90 minutes and the GMER scan took about 3.5 hours. And if you think a scan should take under 30 minutes and it takes more than that, I understand and will not complain. :)


OTL logs are below.

OTL.TXT
OTL logfile created on: 2/29/2012 8:22:44 AM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

989.90 Mb Total Physical Memory | 428.99 Mb Available Physical Memory | 43.34% Memory free
2.33 Gb Paging File | 1.85 Gb Available in Paging File | 79.34% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 43.32 Gb Free Space | 58.17% Space Free | Partition Type: NTFS

Computer Name: HELSINKI | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/29 08:21:55 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2012/01/31 21:30:02 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/01/03 09:41:46 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/12/14 06:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011/12/14 06:59:19 | 010,981,248 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe
PRC - [2011/12/14 06:41:55 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\tv_w32.exe
PRC - [2011/09/16 14:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2011/09/16 14:10:50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/06/07 16:48:38 | 000,817,264 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2008/12/08 21:01:54 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/12/08 20:42:34 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/12/08 20:42:32 | 001,795,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2008/08/14 13:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/12/19 00:01:35 | 000,022,723 | R--- | M] () -- C:\WINDOWS\system32\ml405Pl3.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (VSP1284D)
SRV - File not found [Auto | Stopped] -- -- (NecUsb)
SRV - [2012/01/31 21:30:02 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/01/03 09:41:46 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/12/14 06:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/09/16 14:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/06/07 16:48:38 | 000,817,264 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/03/11 01:37:39 | 000,053,248 | ---- | M] (Sysinternals) [On_Demand | Stopped] -- C:\WINDOWS\PSEXESVC.EXE -- (PSEXESVC)
SRV - [2008/12/08 21:01:54 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/12/08 20:42:32 | 001,795,400 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/12/08 20:01:28 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/08/14 13:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/08/14 13:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/06/30 15:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/04/13 19:12:36 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\ELacpi.dll -- (HpqKbFiltr)
SRV - [2007/07/09 12:59:28 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


========== Driver Services (SafeList) ==========

DRV - [2012/02/03 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/03 04:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/01/31 21:30:34 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/01/16 12:42:56 | 000,125,888 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2012/01/16 12:42:51 | 000,089,472 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2012/01/03 09:41:44 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2012/01/03 09:41:44 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/09/16 14:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/09/16 14:10:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2011/08/23 11:45:00 | 000,326,688 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2011/08/18 09:31:02 | 000,184,536 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2011/08/03 03:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120228.006\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/03 03:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120228.006\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/19 09:23:40 | 000,070,664 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2011/07/19 09:18:26 | 000,252,712 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2011/03/02 11:39:10 | 000,162,200 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2010/08/10 13:52:27 | 000,594,208 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/08/10 13:52:02 | 000,170,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/06/17 13:24:35 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/03/24 00:59:09 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2008/10/13 11:31:46 | 000,319,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/10/13 11:31:46 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/10/13 11:31:46 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/08/21 10:13:56 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/08/21 10:13:56 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/06/16 15:53:14 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/02/15 19:59:56 | 001,754,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/09/14 02:45:38 | 000,003,456 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atiide.sys -- (atiide)
DRV - [2006/05/17 02:03:24 | 000,044,544 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/03/17 09:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006/01/10 10:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/08 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2004/06/09 07:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2)
DRV - [1997/08/07 00:03:02 | 000,007,328 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DS1410D.SYS -- (DS1410D)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070703


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070703
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070703
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1074564116-3638092115-3834490600-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
IE - HKU\S-1-5-21-1074564116-3638092115-3834490600-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1074564116-3638092115-3834490600-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)



Hosts file not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1074564116-3638092115-3834490600-500\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1074564116-3638092115-3834490600-500\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-1074564116-3638092115-3834490600-500\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10q_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10q_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1074564116-3638092115-3834490600-500\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1074564116-3638092115-3834490600-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O15 - HKLM\..Trusted Domains: 192.168.3.15 ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: synergymms.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ohenry.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8003625-1E27-4EED-A16F-086414B31779}: NameServer = 192.168.3.22,24.25.5.61
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\NecUsb3Sevice: DllName - (USB3Nw32.dll) - File not found
O20 - Winlogon\Notify\USB3Nw32: DllName - (USB3Nw32.dll) - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 16:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{011075b8-3745-11df-b994-001aa027950d}\Shell - "" = AutoRun
O33 - MountPoints2\{011075b8-3745-11df-b994-001aa027950d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{011075b8-3745-11df-b994-001aa027950d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - Services: "CaCCProvSP"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe - (Microsoft Corporation)
MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: DVDLauncher - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\phaccounting\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {A36A18AC-6A96-F0BB-702E-4F15ED9F10BA} - Java (Sun)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: HpqKbFiltr - C:\WINDOWS\system32\ELacpi.dll (Oak Technology Inc.)
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/02/29 08:21:52 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/02/28 09:05:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/02/24 09:04:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2012/02/24 09:00:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2012/02/24 09:00:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2012/02/24 08:59:57 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2012/02/24 08:04:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PCHealth
[2012/02/23 08:01:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/02/23 07:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012/02/22 13:43:26 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2012/02/22 13:42:19 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2012/02/22 13:42:16 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2012/02/22 13:42:16 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2012/02/22 13:42:13 | 002,000,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2012/02/22 13:42:12 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2012/02/22 13:41:31 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2012/02/22 09:54:11 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2012/02/22 09:53:58 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2012/02/22 09:53:57 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2012/02/22 09:53:27 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2012/02/22 09:52:47 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2012/02/22 09:52:10 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2012/02/22 09:51:40 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2012/02/22 09:51:40 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2012/02/22 09:49:59 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2012/02/22 09:49:46 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2012/02/22 09:48:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/02/22 09:43:03 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2012/02/22 09:42:35 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2012/02/22 09:37:40 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2012/02/22 09:34:16 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2012/02/22 08:51:07 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serial.sys
[2012/02/22 08:51:06 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netbt.sys
[2012/02/21 13:04:14 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/21 12:58:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/21 12:58:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/21 12:58:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/21 12:58:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/21 12:58:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/21 11:17:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/08 13:16:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Kaspersky Rescue2Usb
[2012/02/08 13:11:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\HiJackThis
[2012/02/08 13:11:17 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/02/08 08:27:50 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/29 08:24:00 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1142955711-545866328-314601362-1851UA.job
[2012/02/29 08:21:55 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/02/29 08:15:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/29 08:08:00 | 000,001,024 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1142955711-545866328-314601362-500UA.job
[2012/02/29 08:02:01 | 000,444,569 | ---- | M] () -- C:\WINDOWS\KRON997.INI
[2012/02/29 08:02:01 | 000,001,878 | ---- | M] () -- C:\WINDOWS\krxl997.dat
[2012/02/29 07:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2012/02/29 07:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2012/02/29 06:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2012/02/29 06:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2012/02/29 05:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2012/02/29 05:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2012/02/29 04:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2012/02/29 04:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2012/02/29 03:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2012/02/29 03:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2012/02/29 02:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2012/02/29 02:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2012/02/29 01:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/02/29 01:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/02/29 00:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/02/29 00:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/02/28 23:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2012/02/28 23:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2012/02/28 22:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2012/02/28 22:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2012/02/28 21:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2012/02/28 21:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2012/02/28 20:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2012/02/28 20:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2012/02/28 19:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2012/02/28 19:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2012/02/28 19:24:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1142955711-545866328-314601362-1851Core.job
[2012/02/28 18:50:02 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2012/02/28 18:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2012/02/28 17:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2012/02/28 17:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2012/02/28 16:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2012/02/28 16:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2012/02/28 15:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2012/02/28 15:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2012/02/28 14:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2012/02/28 14:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2012/02/28 14:08:00 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1142955711-545866328-314601362-500Core.job
[2012/02/28 13:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2012/02/28 13:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2012/02/28 12:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2012/02/28 12:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2012/02/28 11:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2012/02/28 11:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2012/02/28 10:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2012/02/28 10:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2012/02/28 09:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2012/02/28 09:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2012/02/28 08:50:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2012/02/28 08:50:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2012/02/27 07:40:30 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/02/27 07:40:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/27 07:40:09 | 1038,061,568 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/25 06:31:51 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/24 16:50:43 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\UoWnTKm.dat
[2012/02/24 16:50:42 | 000,082,433 | ---- | M] () -- C:\WINDOWS\System32\Mh126dL2.com_
[2012/02/24 09:04:31 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2012/02/24 09:00:04 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2012/02/24 08:57:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2012/02/24 08:57:21 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2012/02/24 07:39:35 | 000,467,156 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/24 07:39:35 | 000,080,180 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/24 07:26:03 | 000,289,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/23 11:00:41 | 000,707,522 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/02/22 21:00:00 | 000,000,798 | ---- | M] () -- C:\WINDOWS\tasks\PXAcctBackup.job
[2012/02/21 13:04:22 | 000,000,329 | RHS- | M] () -- C:\boot.ini
[2012/02/21 11:39:23 | 000,000,213 | ---- | M] () -- C:\Boot.bak
[2012/02/08 13:17:17 | 220,262,400 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\kav_rescue_10.iso
[2012/02/08 13:11:44 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2012/02/08 13:09:55 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.msi
[2012/02/08 13:08:52 | 000,387,584 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rescue2usb.exe
[2012/02/07 08:54:22 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/06 19:40:15 | 000,000,001 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1yV0DRWP.exe_.b
[2012/02/06 19:40:15 | 000,000,001 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1yV0DRWP.exe.b
[2012/01/31 21:30:34 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2012/01/31 21:30:16 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2012/01/31 21:30:16 | 000,030,592 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/24 11:36:11 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2012/02/24 11:36:11 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2012/02/24 11:36:11 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2012/02/24 11:36:11 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2012/02/24 11:36:11 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2012/02/24 11:36:11 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2012/02/24 11:36:11 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2012/02/24 11:36:11 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2012/02/24 11:36:11 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2012/02/24 11:36:11 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2012/02/24 11:36:11 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2012/02/24 11:36:11 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2012/02/24 11:36:11 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2012/02/24 11:36:11 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2012/02/24 11:36:11 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2012/02/24 11:36:11 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2012/02/24 11:36:11 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2012/02/24 11:36:11 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2012/02/24 11:36:11 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2012/02/24 11:36:11 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2012/02/24 11:36:11 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2012/02/24 11:36:11 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2012/02/24 11:36:11 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2012/02/24 11:36:11 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2012/02/24 11:36:11 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2012/02/24 11:36:11 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2012/02/24 11:36:11 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2012/02/24 11:36:11 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2012/02/24 11:36:11 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2012/02/24 11:36:11 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2012/02/24 11:36:11 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2012/02/24 11:36:10 | 000,082,433 | ---- | C] () -- C:\WINDOWS\System32\Mh126dL2.com_
[2012/02/24 11:36:10 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2012/02/24 11:36:10 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2012/02/24 11:36:10 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2012/02/24 11:36:10 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2012/02/24 11:36:10 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2012/02/24 11:36:10 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2012/02/24 11:36:10 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2012/02/24 11:36:10 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2012/02/24 11:36:10 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2012/02/24 11:36:10 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2012/02/24 11:36:10 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2012/02/24 11:36:10 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2012/02/24 11:36:10 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2012/02/24 11:36:10 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2012/02/24 11:36:10 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2012/02/24 11:36:10 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2012/02/24 11:36:10 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2012/02/24 09:05:34 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe
[2012/02/24 09:04:22 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2012/02/24 08:57:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2012/02/24 08:57:19 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2012/02/22 13:40:12 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/22 13:40:12 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/21 13:04:21 | 000,000,213 | ---- | C] () -- C:\Boot.bak
[2012/02/21 13:04:18 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/21 12:58:50 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/21 12:58:50 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/21 12:58:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/21 12:58:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/21 12:58:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/21 12:14:16 | 1038,061,568 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/08 13:14:58 | 220,262,400 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\kav_rescue_10.iso
[2012/02/08 13:11:19 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2012/02/08 13:09:53 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.msi
[2012/02/08 13:08:50 | 000,387,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rescue2usb.exe
[2012/02/07 08:54:22 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/06 19:40:15 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1yV0DRWP.exe_.b
[2012/02/06 19:40:15 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1yV0DRWP.exe.b
[2012/02/05 09:20:39 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/02/04 09:50:10 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\UoWnTKm.dat
[2012/01/04 12:20:57 | 000,103,733 | ---- | C] () -- C:\WINDOWS\System32\itusbcore.dat
[2012/01/04 12:20:57 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\itlsvc.dat
[2012/01/03 07:54:46 | 000,014,874 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\135dil02g115fl18q0qnl5l227703x45s5165
[2011/06/16 07:15:15 | 000,000,424 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ems_datasource.xml
[2011/05/13 12:05:28 | 000,284,160 | R--- | C] () -- C:\WINDOWS\System32\mvhlewsi.dll
[2011/04/12 16:43:15 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/01 08:38:20 | 000,000,451 | ---- | C] () -- C:\Program Files\090120109382043.bat
[2010/07/23 08:36:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/06/29 11:09:43 | 000,022,723 | R--- | C] () -- C:\WINDOWS\System32\ml405Pl3.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 04:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 04:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< End of report >


Extras.TXT
OTL Extras logfile created on: 2/29/2012 8:22:44 AM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

989.90 Mb Total Physical Memory | 428.99 Mb Available Physical Memory | 43.34% Memory free
2.33 Gb Paging File | 1.85 Gb Available in Paging File | 79.34% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 43.32 Gb Free Space | 58.17% Space Free | Partition Type: NTFS

Computer Name: HELSINKI | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\Temp\{EB6B8130-8B18-11D4-9F50-00010243DBDA}\bisrvloc.exe" = C:\WINDOWS\Temp\{EB6B8130-8B18-11D4-9F50-00010243DBDA}\bisrvloc.exe:*:Enabled:bisrvloc
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39DAB269-A972-4068-A972-93DFFC78C261}" = SAI Strong Name Installer
"{3BAB4914-9CC1-4CC2-A3DA-56EF62DFD373}" = Symantec Endpoint Protection
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{6527051E-8939-4639-9690-800B3442E610}" = PC Tools Anti-Spam Toolbar
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{976475B8-63E9-4559-BE2C-D26086BE4C40}" = LogMeIn
"{99A77625-8561-45BA-A283-D47589AED1DB}" = Newmarket (Application Proxy)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7D5787B-3A91-4433-A753-CFE520671683}" = Acronis True Image WD Edition
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-1033-0000-BA7E-000000000003}" = Adobe Acrobat 8 Standard
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{B74B63A3-DF69-46EA-BFB8-08912C00CE11}" = Cisco ASDM Launcher
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB9FF6BD-FCE9-43FB-AD3C-5BCD4C822962}" = ATI Catalyst Control Center
"{CD5DC4AA-7D62-48D9-B756-5925471001FE}" = Microsoft OLE DB Provider for Visual FoxPro
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{D493AAAF-24FA-45FC-ACDE-35B890C6274E}" = SynergyMMS Desktop Installer
"{EB6B8130-8B18-11D4-9F50-00010243DBDA}" = Hummingbird BI Query
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"Adobe Acrobat 8 Standard" = Adobe Acrobat 8.1.3 Standard
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ATI Display Driver" = ATI Display Driver
"Dell_HostCD" = Dell Software Uninstall
"eTIME" = eTIME
"HandPunch for eTIME" = HandPunch for eTIME
"ie8" = Windows Internet Explorer 8
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Newmarket International Workstation Setup" = Newmarket International Workstation Setup
"RRDeinstKey" = R&R Report Writer, Version 12
"SearchAssist" = SearchAssist
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"Spyware Doctor" = PC Tools Internet Security
"TeamViewer 7" = TeamViewer 7
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1074564116-3638092115-3834490600-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"6b7600964767df88" = EMS Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/29/2012 4:21:21 AM | Computer Name = HELSINKI | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The RPC protocol
sequence is not supported. ). Group Policy processing aborted.

Error - 2/29/2012 5:18:42 AM | Computer Name = HELSINKI | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The RPC protocol
sequence is not supported. ). Group Policy processing aborted.

Error - 2/29/2012 5:55:23 AM | Computer Name = HELSINKI | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The RPC protocol
sequence is not supported. ). Group Policy processing aborted.

Error - 2/29/2012 7:01:44 AM | Computer Name = HELSINKI | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The RPC protocol
sequence is not supported. ). Group Policy processing aborted.

Error - 2/29/2012 7:29:25 AM | Computer Name = HELSINKI | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The RPC protocol
sequence is not supported. ). Group Policy processing aborted.

Error - 2/29/2012 8:32:46 AM | Computer Name = HELSINKI | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The RPC protocol
sequence is not supported. ). Group Policy processing aborted.

Error - 2/29/2012 9:06:27 AM | Computer Name = HELSINKI | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The RPC protocol
sequence is not supported. ). Group Policy processing aborted.

Error - 2/29/2012 9:24:22 AM | Computer Name = HELSINKI | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 5.1.2600.5512, faulting
module srrstr.dll, version 5.1.2600.5512, fault address 0x000099c2.

Error - 2/29/2012 9:24:31 AM | Computer Name = HELSINKI | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 2/29/2012 9:24:47 AM | Computer Name = HELSINKI | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 1/1/2008 3:28:31 PM | Computer Name = HELSINKI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6024.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/1/2008 3:28:47 PM | Computer Name = HELSINKI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6024.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/2/2008 3:11:12 PM | Computer Name = HELSINKI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6024.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/3/2008 8:01:46 AM | Computer Name = HELSINKI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6024.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/29/2008 11:12:15 AM | Computer Name = HELSINKI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 999
seconds with 660 seconds of active time. This session ended with a crash.

Error - 1/30/2008 10:09:35 AM | Computer Name = HELSINKI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2036
seconds with 1800 seconds of active time. This session ended with a crash.

Error - 5/28/2008 10:16:35 AM | Computer Name = HELSINKI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/21/2011 4:11:51 PM | Computer Name = HELSINKI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4813
seconds with 3120 seconds of active time. This session ended with a crash.

Error - 1/25/2012 9:40:51 AM | Computer Name = HELSINKI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1308
seconds with 360 seconds of active time. This session ended with a crash.

Error - 2/7/2012 9:46:47 AM | Computer Name = HELSINKI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5588
seconds with 840 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/29/2012 9:14:30 AM | Computer Name = HELSINKI | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 2/29/2012 9:16:02 AM | Computer Name = HELSINKI | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 2/29/2012 9:16:05 AM | Computer Name = HELSINKI | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 2/29/2012 9:16:06 AM | Computer Name = HELSINKI | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 2/29/2012 9:16:43 AM | Computer Name = HELSINKI | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 2/29/2012 9:17:09 AM | Computer Name = HELSINKI | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 2/29/2012 9:21:47 AM | Computer Name = HELSINKI | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 2/29/2012 9:26:05 AM | Computer Name = HELSINKI | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 2/29/2012 9:30:27 AM | Computer Name = HELSINKI | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 2/29/2012 9:31:08 AM | Computer Name = HELSINKI | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:55 AM

Posted 29 February 2012 - 08:58 AM

Hi,

We will begin with ComboFix.exe. It should not run for more than half an hour, but no guarantees...

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 aparrish

aparrish
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 01 March 2012 - 09:43 AM

Hi Myrti,

I downloaded combofix and started it this morning and got through the agreement page. When the blue box appeared it first said " 'ping' is not recognized as an internal or external command, operable program or batch file" then a space, then please wait, then combofix is preparing to run, and a blinking cursor. Then I had a brief power outage and the computer restared. Once it was back up and running and started combofix again and got to the "preparing to run" and after 20 minutes it still had not done anything. I've had to leave that computer for now (I'll be able check on it in a couple hours).

I'm logged in as the administrator and did disable my antivirus.

Is this normal?

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:55 AM

Posted 01 March 2012 - 10:27 AM

Hi,

no it's not. It means that malware is preventing ComboFix from running successfully. I would like to mention that in this case reformatting is likely the safest way to go. We can still clean this, but the infection is a very complicated and elaborate infection that'll keep us occupied for a while and, due to it's backdoor caracter, there will always be a small chance that the PC remains compromised.

Let me know which way you want to go. If you want to clean, do you have an Ubuntu live-cd at hand, by chance?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 aparrish

aparrish
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 01 March 2012 - 06:03 PM

Hy Myrti,

I figured I'd give combofix another try in safe mode and it worked. It did popup a message about the type of rootkit it found - zeroaccess - and that it had messed with the ip stack and if I had trouble accessing the internet, to restart the computer and if I still had poblems, to rerun combofix. I'm not having a problem accessing the internet, however I still can not see other computers on the network. I am still able to communicate with the time clock, so we're no worse for wear. I was able to fix the ping issue by copying ping.exe from another computer and putting it in the system32 folder. The combofix file is below.

Please let me know our next step. I'm not opposed to reformatting if that's what we have to do, I'm just trying to avoid it if possible. I do not have a Ubunto Live cd. Is this something I can download for foree?

Thanks!!!

ComboFix 12-03-01.01 - Administrator 03/01/2012 17:11:42.2.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.990.752 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB19910$
c:\windows\$NtUninstallKB19910$\2848056327\@
c:\windows\$NtUninstallKB19910$\2848056327\cfg.ini
c:\windows\$NtUninstallKB19910$\2848056327\Desktop.ini
c:\windows\$NtUninstallKB19910$\2848056327\L\iahonoel
c:\windows\$NtUninstallKB19910$\2848056327\oemid
c:\windows\$NtUninstallKB19910$\2848056327\U\00000001.@
c:\windows\$NtUninstallKB19910$\2848056327\U\00000002.@
c:\windows\$NtUninstallKB19910$\2848056327\U\00000004.@
c:\windows\$NtUninstallKB19910$\2848056327\U\80000000.@
c:\windows\$NtUninstallKB19910$\2848056327\U\80000004.@
c:\windows\$NtUninstallKB19910$\2848056327\U\80000032.@
c:\windows\$NtUninstallKB19910$\2848056327\version
c:\windows\$NtUninstallKB19910$\496190555
c:\windows\system32\ELacpi.dll
c:\windows\system32\SET395.tmp
c:\windows\system32\SET396.tmp
c:\windows\system32\wkscfgsrv.dll
.
c:\windows\system32\drivers\Serial.sys was missing
Restored copy from - c:\windows\system32\dllcache\Serial.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_HpqKbFiltr
-------\Service_HpqKbFiltr
.
.
((((((((((((((((((((((((( Files Created from 2012-02-01 to 2012-03-01 )))))))))))))))))))))))))))))))
.
.
2012-03-01 21:48 . 2012-03-01 21:48 17920 ----a-w- c:\windows\system32\ping.exe
2012-03-01 21:48 . 2012-03-01 21:48 17920 ----a-w- c:\windows\system32\dllcache\ping.exe
2012-02-24 16:36 . 2012-02-24 21:50 82433 ----a-w- c:\windows\system32\Mh126dL2.com_
2012-02-24 13:04 . 2012-02-24 13:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PCHealth
2012-02-24 12:41 . 2012-02-24 12:41 -------- d-----w- c:\documents and settings\phaccounting\Local Settings\Application Data\PCHealth
2012-02-24 12:39 . 2012-02-24 12:39 5484 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-02-23 13:01 . 2012-02-23 14:40 -------- d-----w- c:\windows\ie8updates
2012-02-23 12:56 . 2012-02-23 12:56 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2012-02-22 18:43 . 2011-07-15 13:29 456320 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2012-02-22 18:42 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2012-02-22 18:42 . 2011-12-17 19:46 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2012-02-22 18:42 . 2011-12-17 19:46 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-02-22 18:42 . 2011-12-17 19:46 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2012-02-22 18:42 . 2011-12-17 19:46 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2012-02-22 18:42 . 2011-12-17 19:46 2000384 ------w- c:\windows\system32\dllcache\iertutil.dll
2012-02-22 18:42 . 2011-12-17 19:46 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2012-02-22 18:41 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2012-02-22 18:40 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-22 18:40 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-02-22 14:54 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2012-02-22 14:53 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2012-02-22 14:53 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2012-02-22 14:53 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2012-02-22 14:52 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2012-02-22 14:52 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2012-02-22 14:51 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2012-02-22 14:51 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2012-02-22 14:49 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2012-02-22 14:49 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2012-02-22 14:43 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2012-02-22 14:42 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2012-02-22 14:37 . 2010-12-09 15:15 718336 ------w- c:\windows\system32\dllcache\ntdll.dll
2012-02-22 14:37 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2012-02-22 14:34 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2012-02-22 14:34 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2012-02-22 13:51 . 2008-04-13 20:15 64512 ----a-w- c:\windows\system32\dllcache\serial.sys
2012-02-22 13:51 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-22 13:51 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\dllcache\netbt.sys
2012-02-21 14:15 . 2012-02-21 14:15 -------- d-----w- c:\documents and settings\phaccounting\Application Data\SUPERAntiSpyware.com
2012-02-08 21:17 . 2012-02-08 21:17 -------- d-----w- c:\documents and settings\phaccounting\Application Data\Malwarebytes
2012-02-08 18:11 . 2012-02-08 18:11 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-08 18:11 . 2012-02-08 18:11 -------- d-----w- c:\program files\Trend Micro
2012-02-08 13:27 . 2012-02-08 16:03 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-02-06 13:50 . 2012-02-06 13:50 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2012-02-05 14:20 . 2012-03-01 21:29 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-01 02:30 . 2011-12-15 11:52 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-01 02:30 . 2011-12-15 11:52 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-02-01 02:30 . 2011-12-15 11:52 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-02-01 02:30 . 2011-12-15 11:52 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-01-16 17:42 . 2012-01-16 17:42 125888 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2012-01-16 17:42 . 2012-01-16 17:42 89472 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2012-01-16 17:42 . 2012-01-16 17:42 31960 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2012-01-12 16:53 . 2004-08-11 21:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2004-08-11 21:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-11 21:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2004-08-11 21:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-11 21:00 385024 ------w- c:\windows\system32\html.iec
2011-12-10 20:24 . 2011-03-31 17:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-07 23:22 . 2011-12-15 11:52 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2011-12-07 23:21 . 2011-12-15 11:52 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2010-09-01 13:38 . 2010-09-01 13:38 451 ------w- c:\program files\090120109382043.bat
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-22_14.31.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-19 03:51 . 2011-04-19 03:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll
+ 2004-08-11 21:00 . 2008-05-09 10:53 90112 c:\windows\system32\wshext.dll
- 2004-08-11 21:00 . 2008-04-14 00:12 90112 c:\windows\system32\wshext.dll
+ 2004-08-11 21:00 . 2009-06-25 08:25 54272 c:\windows\system32\wdigest.dll
+ 2007-07-03 14:46 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe
+ 2004-08-11 21:00 . 2009-06-12 12:31 80896 c:\windows\system32\tlntsess.exe
+ 2004-08-11 21:00 . 2009-06-12 12:31 76288 c:\windows\system32\telnet.exe
- 2004-08-11 21:00 . 2008-04-14 00:12 75776 c:\windows\system32\strmfilt.dll
+ 2004-08-11 21:00 . 2009-10-21 05:38 75776 c:\windows\system32\strmfilt.dll
+ 2004-08-11 21:00 . 2010-08-27 05:57 99840 c:\windows\system32\srvsvc.dll
+ 2004-08-11 21:00 . 2010-08-17 13:17 58880 c:\windows\system32\spoolsv.exe
+ 2004-08-11 21:00 . 2009-06-25 08:25 56832 c:\windows\system32\secur32.dll
+ 2004-08-11 21:00 . 2009-02-06 10:39 35328 c:\windows\system32\sc.exe
- 2004-08-11 21:00 . 2008-04-14 00:12 79872 c:\windows\system32\raschap.dll
+ 2004-08-11 21:00 . 2009-10-12 13:38 79872 c:\windows\system32\raschap.dll
+ 2010-03-31 05:16 . 2010-03-31 05:16 99176 c:\windows\system32\PresentationHostProxy.dll
+ 2004-08-11 21:00 . 2012-02-24 12:39 80180 c:\windows\system32\perfc009.dat
+ 2004-08-11 21:00 . 2011-11-18 12:35 60416 c:\windows\system32\packager.exe
+ 2004-08-11 21:00 . 2011-09-26 16:41 20480 c:\windows\system32\oleaccrc.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 49488 c:\windows\system32\netfxperf.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 11600 c:\windows\system32\mui\0409\mscorees.dll
- 2004-08-11 21:11 . 2008-04-14 00:12 91648 c:\windows\system32\mtxoci.dll
+ 2004-08-11 21:11 . 2008-06-12 14:23 91648 c:\windows\system32\mtxoci.dll
+ 2004-08-11 21:00 . 2008-06-12 14:23 66560 c:\windows\system32\mtxclu.dll
- 2004-08-11 21:00 . 2008-04-14 00:12 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-04 04:56 . 2009-11-27 17:11 17920 c:\windows\system32\msyuv.dll
+ 2004-08-11 21:00 . 2009-11-27 16:07 28672 c:\windows\system32\msvidc32.dll
+ 2004-08-11 21:00 . 2009-11-27 16:07 11264 c:\windows\system32\msrle32.dll
- 2004-08-11 21:00 . 2008-04-14 00:12 11264 c:\windows\system32\msrle32.dll
+ 2004-08-11 21:00 . 2011-12-17 19:46 66560 c:\windows\system32\mshtmled.dll
- 2004-08-11 21:00 . 2009-03-08 08:31 66560 c:\windows\system32\mshtmled.dll
+ 2009-03-08 08:31 . 2011-12-17 19:46 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 08:31 . 2009-03-08 08:31 55296 c:\windows\system32\msfeedsbs.dll
- 2004-08-11 21:11 . 2008-04-14 00:11 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-11 21:11 . 2008-06-12 14:23 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-11 21:00 . 2008-06-24 16:43 74240 c:\windows\system32\mscms.dll
+ 2004-08-11 21:00 . 2009-09-04 21:03 58880 c:\windows\system32\msasn1.dll
- 2004-08-11 21:00 . 2008-04-14 00:11 23040 c:\windows\system32\mciseq.dll
+ 2004-08-11 21:00 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll
- 2004-08-11 21:00 . 2009-03-08 08:33 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-11 21:00 . 2011-12-17 19:46 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-04 04:56 . 2009-11-27 16:07 48128 c:\windows\system32\iyuv_32.dll
+ 2004-08-11 21:12 . 2010-11-18 18:12 81920 c:\windows\system32\isign32.dll
- 2004-08-11 21:12 . 2008-04-14 00:11 81920 c:\windows\system32\isign32.dll
- 2004-08-11 21:00 . 2008-04-14 00:11 80384 c:\windows\system32\iccvid.dll
+ 2004-08-11 21:00 . 2010-06-17 14:03 80384 c:\windows\system32\iccvid.dll
+ 2004-08-11 21:00 . 2009-10-21 05:38 25088 c:\windows\system32\httpapi.dll
+ 2004-08-11 21:00 . 2009-10-15 16:28 81920 c:\windows\system32\fontsub.dll
+ 2004-08-11 21:00 . 2010-11-02 15:17 40960 c:\windows\system32\drivers\ndproxy.sys
+ 2004-08-11 21:00 . 2011-07-08 14:02 10496 c:\windows\system32\drivers\ndistapi.sys
+ 2004-08-11 21:00 . 2009-06-24 11:18 92928 c:\windows\system32\drivers\ksecdd.sys
- 2004-08-11 21:00 . 2008-04-14 00:11 45568 c:\windows\system32\dnsrslvr.dll
+ 2004-08-11 21:00 . 2009-04-20 17:17 45568 c:\windows\system32\dnsrslvr.dll
+ 2008-05-09 10:53 . 2008-05-09 10:53 90112 c:\windows\system32\dllcache\wshext.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\system32\dllcache\wdigest.dll
+ 2009-06-12 12:31 . 2009-06-12 12:31 80896 c:\windows\system32\dllcache\tlntsess.exe
+ 2009-06-12 12:31 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe
+ 2009-10-21 05:38 . 2009-10-21 05:38 75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2010-08-27 05:57 . 2010-08-27 05:57 99840 c:\windows\system32\dllcache\srvsvc.dll
+ 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
+ 2009-06-25 08:25 . 2009-06-25 08:25 56832 c:\windows\system32\dllcache\secur32.dll
+ 2010-01-04 19:43 . 2009-02-06 10:39 35328 c:\windows\system32\dllcache\sc.exe
+ 2009-10-12 13:38 . 2009-10-12 13:38 79872 c:\windows\system32\dllcache\raschap.dll
+ 2011-11-18 12:35 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe
+ 2011-09-26 16:41 . 2011-09-26 16:41 20480 c:\windows\system32\dllcache\oleaccrc.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 28672 c:\windows\system32\dllcache\msvidc32.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 11264 c:\windows\system32\dllcache\msrle32.dll
- 2009-03-08 08:31 . 2009-03-08 08:31 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-03-08 08:31 . 2011-12-17 19:46 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2008-06-24 16:43 . 2008-06-24 16:43 74240 c:\windows\system32\dllcache\mscms.dll
+ 2009-09-04 21:03 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2011-10-14 14:47 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll
+ 2009-03-08 08:34 . 2011-12-17 19:46 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys
+ 2009-03-08 08:33 . 2011-12-17 19:46 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-03-08 08:33 . 2009-03-08 08:33 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\system32\dllcache\iyuv_32.dll
+ 2010-11-18 18:12 . 2010-11-18 18:12 81920 c:\windows\system32\dllcache\isign32.dll
+ 2009-10-21 05:38 . 2009-10-21 05:38 25088 c:\windows\system32\dllcache\httpapi.dll
+ 2009-04-20 17:17 . 2009-04-20 17:17 45568 c:\windows\system32\dllcache\dnsrslvr.dll
+ 2011-10-28 05:31 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2010-01-13 14:01 . 2010-01-13 14:01 86016 c:\windows\system32\dllcache\cabview.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll
+ 2010-03-05 14:37 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2004-08-11 21:00 . 2011-10-28 05:31 33280 c:\windows\system32\csrsrv.dll
+ 2004-08-11 21:00 . 2010-01-13 14:01 86016 c:\windows\system32\cabview.dll
- 2004-08-11 21:00 . 2008-04-14 00:11 84992 c:\windows\system32\avifil32.dll
+ 2004-08-11 21:00 . 2009-11-27 16:07 84992 c:\windows\system32\avifil32.dll
- 2004-08-11 21:00 . 2008-04-14 00:11 58880 c:\windows\system32\atl.dll
+ 2004-08-11 21:00 . 2009-07-17 19:01 58880 c:\windows\system32\atl.dll
+ 2004-08-11 21:00 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll
- 2008-07-29 23:16 . 2008-07-29 23:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2010-04-08 04:48 . 2010-04-08 04:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2011-12-25 08:49 . 2011-12-25 08:49 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2009-11-07 06:07 . 2009-11-07 06:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13688 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13664 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13696 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2012-02-23 14:40 . 2009-03-08 08:33 12288 c:\windows\ie8updates\KB2647516-IE8\xpshims.dll
+ 2012-02-23 14:40 . 2009-03-08 08:31 66560 c:\windows\ie8updates\KB2647516-IE8\mshtmled.dll
+ 2012-02-23 14:40 . 2009-03-08 08:31 55296 c:\windows\ie8updates\KB2647516-IE8\msfeedsbs.dll
+ 2012-02-23 14:40 . 2009-03-08 08:34 43008 c:\windows\ie8updates\KB2647516-IE8\licmgr10.dll
+ 2012-02-23 14:40 . 2009-03-08 08:33 25600 c:\windows\ie8updates\KB2647516-IE8\jsproxy.dll
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2012-02-24 12:43 . 2012-02-24 12:43 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll
+ 2012-02-23 15:46 . 2012-02-23 15:46 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\1a6a41920e0c8ca59bf06809469e6cd4\UIAutomationProvider.ni.dll
+ 2012-02-24 13:29 . 2012-02-24 13:29 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\dab766b18e6fe0a8f53a93c56be7b40e\System.Windows.Presentation.ni.dll
+ 2012-02-24 13:28 . 2012-02-24 13:28 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d2d42544dcd07f3a5c4b34937bbf5e93\System.Web.DynamicData.Design.ni.dll
+ 2012-02-23 13:22 . 2012-02-23 13:22 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\0609e808ec417cd747dc0c5763eb17c4\System.Web.DynamicData.Design.ni.dll
+ 2012-02-23 13:19 . 2012-02-23 13:19 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\b39bbd6ccd8816c39f4079caeb442859\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-24 13:24 . 2012-02-24 13:24 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\6aea6ba30c1224780a8c86a635b3e359\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-24 13:24 . 2012-02-24 13:24 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\e6a9cd66d11a21776dbf425e8e28099c\System.AddIn.Contract.ni.dll
+ 2012-02-23 15:50 . 2012-02-23 15:50 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\6b24c33c2656e79ce0b9a50f6d162bf1\System.AddIn.Contract.ni.dll
+ 2012-02-24 12:38 . 2012-02-24 12:38 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\5c54472013a24bbead942a6a8e048b17\PresentationFontCache.ni.exe
+ 2012-02-23 13:12 . 2012-02-23 13:12 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3667e6cbe4da4876a6cff51dc5a87f9b\PresentationFontCache.ni.exe
+ 2012-02-23 16:01 . 2012-02-23 16:01 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\6430f5f1ca6ff945609c2e17f6735840\PresentationCFFRasterizer.ni.dll
+ 2012-02-23 13:11 . 2012-02-23 13:11 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\1fe775a3b66fcb2e297c13fa65e3852b\PresentationCFFRasterizer.ni.dll
+ 2012-02-23 13:21 . 2012-02-23 13:21 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\cea735b5f28a6e095a0f1536d03781e4\Microsoft.Vsa.ni.dll
+ 2012-02-24 13:26 . 2012-02-24 13:26 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\cd7ee140d4df033e912a90f8a53d8354\Microsoft.Vsa.ni.dll
+ 2012-02-23 13:19 . 2012-02-23 13:19 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\6ce3c7afe7ca0e0aa27e83545d837cdd\Microsoft.SqlServer.CustomControls.ni.dll
+ 2012-02-24 13:23 . 2012-02-24 13:23 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\4a5ff083558270ec0bca91779cbb934d\Microsoft.SqlServer.CustomControls.ni.dll
+ 2012-02-24 13:22 . 2012-02-24 13:22 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\aefe683674c97a998f4e908c1a7ee7c6\Microsoft.Build.Framework.ni.dll
+ 2012-02-24 13:23 . 2012-02-24 13:23 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\845eef4d09f28da6ee05d99f93c90f6e\Microsoft.Build.Framework.ni.dll
+ 2012-02-23 15:49 . 2012-02-23 15:49 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\6591f60c6ab5d03d06fe21cf103df837\Microsoft.Build.Framework.ni.dll
+ 2012-02-23 15:49 . 2012-02-23 15:49 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\2205ad4b96d0eb269289865f8a32cbd1\Microsoft.Build.Framework.ni.dll
+ 2012-02-23 15:49 . 2012-02-23 15:49 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\c01cb66fcaae8fca40fd8d9b65013fba\dfsvc.ni.exe
+ 2012-02-24 13:22 . 2012-02-24 13:22 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\ab7ce2d94ca725c3889a4e3c1ee88ece\dfsvc.ni.exe
+ 2012-02-24 13:20 . 2012-02-24 13:20 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
+ 2012-02-23 15:47 . 2012-02-23 15:47 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\16411d7718f5eb3b447e082e6af5ea20\Accessibility.ni.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-02-23 13:11 . 2012-02-23 13:11 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2011-06-15 13:08 . 2011-06-15 13:08 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-02-23 12:55 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB975467\update\spcustom.dll
+ 2012-02-23 12:55 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB975467\spmsg.dll
+ 2012-02-23 14:48 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB975025\update\spcustom.dll
+ 2012-02-23 14:48 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB975025\spmsg.dll
+ 2012-02-23 14:46 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974571\update\spcustom.dll
+ 2012-02-23 14:46 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974571\spmsg.dll
+ 2009-09-04 20:57 . 2009-09-04 20:57 58880 c:\windows\$hf_mig$\KB974571\SP3QFE\msasn1.dll
+ 2012-02-23 14:17 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974392\update\spcustom.dll
+ 2012-02-23 14:17 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974392\spmsg.dll
+ 2012-02-23 15:27 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974318\update\spcustom.dll
+ 2012-02-23 15:27 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974318\spmsg.dll
+ 2009-10-12 13:28 . 2009-10-12 13:28 79872 c:\windows\$hf_mig$\KB974318\SP3QFE\raschap.dll
+ 2012-02-23 15:08 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974112\update\spcustom.dll
+ 2012-02-23 15:08 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974112\spmsg.dll
+ 2012-02-23 13:13 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973815\update\spcustom.dll
+ 2012-02-23 13:13 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973815\spmsg.dll
+ 2012-02-23 14:44 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973507\update\spcustom.dll
+ 2012-02-23 14:44 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973507\spmsg.dll
+ 2009-07-17 19:25 . 2009-07-17 19:25 58880 c:\windows\$hf_mig$\KB973507\SP3QFE\atl.dll
+ 2012-02-23 15:16 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971657\update\spcustom.dll
+ 2012-02-23 15:16 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971657\spmsg.dll
+ 2012-02-23 15:25 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB969059\update\spcustom.dll
+ 2012-02-23 15:25 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB969059\spmsg.dll
+ 2012-02-23 12:54 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB968389\update\spcustom.dll
+ 2012-02-23 12:54 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB968389\spmsg.dll
+ 2009-06-25 08:41 . 2009-06-25 08:41 54272 c:\windows\$hf_mig$\KB968389\SP3QFE\wdigest.dll
+ 2009-06-25 08:41 . 2009-06-25 08:41 56832 c:\windows\$hf_mig$\KB968389\SP3QFE\secur32.dll
+ 2009-06-24 10:28 . 2009-06-24 10:28 92928 c:\windows\$hf_mig$\KB968389\SP3QFE\ksecdd.sys
+ 2012-02-23 15:01 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB961501\update\spcustom.dll
+ 2012-02-23 15:01 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB961501\spmsg.dll
+ 2012-02-23 15:48 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB960859\update\spcustom.dll
+ 2012-02-23 15:48 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB960859\spmsg.dll
+ 2009-06-12 12:03 . 2009-06-12 12:03 80896 c:\windows\$hf_mig$\KB960859\SP3QFE\tlntsess.exe
+ 2009-06-12 12:03 . 2009-06-12 12:03 76288 c:\windows\$hf_mig$\KB960859\SP3QFE\telnet.exe
+ 2012-02-23 13:14 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB960803\update\spcustom.dll
+ 2012-02-23 13:14 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB960803\spmsg.dll
+ 2012-02-23 15:55 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB959426\update\spcustom.dll
+ 2012-02-23 15:55 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB959426\spmsg.dll
+ 2009-02-04 09:12 . 2009-02-04 09:12 56832 c:\windows\$hf_mig$\KB959426\SP3QFE\secur32.dll
+ 2012-02-23 14:47 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB952004\update\spcustom.dll
+ 2012-02-23 14:47 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB952004\spmsg.dll
+ 2008-06-12 14:09 . 2008-06-12 14:09 91648 c:\windows\$hf_mig$\KB952004\SP3QFE\mtxoci.dll
+ 2008-06-12 14:09 . 2008-06-12 14:09 66560 c:\windows\$hf_mig$\KB952004\SP3QFE\mtxclu.dll
+ 2008-06-12 14:09 . 2008-06-12 14:09 58880 c:\windows\$hf_mig$\KB952004\SP3QFE\msdtclog.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2001-08-18 02:36 . 2009-11-27 16:07 8704 c:\windows\system32\tsbyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\system32\dllcache\tsbyuv.dll
- 2007-08-16 18:50 . 2012-02-21 14:02 1878 c:\windows\krxl997.dat
+ 2007-08-16 18:50 . 2012-03-01 13:26 1878 c:\windows\krxl997.dat
+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-06-15 12:28 . 2011-06-15 12:28 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-06-15 12:28 . 2011-06-15 12:28 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll
+ 2004-08-11 21:00 . 2008-05-08 11:24 155648 c:\windows\system32\wscript.exe
- 2004-08-11 21:00 . 2008-04-14 00:12 155648 c:\windows\system32\wscript.exe
- 2004-08-11 21:00 . 2008-04-14 00:12 485376 c:\windows\system32\wmspdmod.dll
+ 2004-08-11 21:00 . 2009-04-03 17:15 485376 c:\windows\system32\wmspdmod.dll
+ 2004-08-11 21:00 . 2009-07-12 17:21 233472 c:\windows\system32\wmpdxm.dll
- 2004-08-11 21:00 . 2008-04-14 00:12 233472 c:\windows\system32\wmpdxm.dll
- 2004-08-11 21:00 . 2008-04-14 00:12 132096 c:\windows\system32\wkssvc.dll
+ 2004-08-11 21:00 . 2009-06-10 06:14 132096 c:\windows\system32\wkssvc.dll
+ 2004-08-11 21:00 . 2009-12-24 06:59 177664 c:\windows\system32\wintrust.dll
+ 2004-08-11 21:00 . 2011-11-25 21:57 293376 c:\windows\system32\winsrv.dll
- 2004-08-11 21:00 . 2008-04-14 00:12 293376 c:\windows\system32\winsrv.dll
- 2004-08-11 21:00 . 2008-04-14 00:12 176128 c:\windows\system32\winmm.dll
+ 2004-08-11 21:00 . 2011-10-14 14:47 176128 c:\windows\system32\winmm.dll
+ 2004-08-11 21:00 . 2011-11-16 14:21 354816 c:\windows\system32\winhttp.dll
+ 2004-08-11 21:11 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2004-08-11 21:11 . 2009-02-09 12:10 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2004-08-11 21:11 . 2009-02-09 12:10 473600 c:\windows\system32\wbem\fastprox.dll
+ 2004-08-11 21:00 . 2011-03-04 06:37 420864 c:\windows\system32\vbscript.dll
- 2004-08-11 21:00 . 2008-04-14 00:12 406016 c:\windows\system32\usp10.dll
+ 2004-08-11 21:00 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll
- 2004-08-11 21:00 . 2009-03-08 08:34 105984 c:\windows\system32\url.dll
+ 2004-08-11 21:00 . 2011-12-17 19:46 105984 c:\windows\system32\url.dll
+ 2008-07-29 23:59 . 2011-09-26 16:41 611328 c:\windows\system32\uiautomationcore.dll
+ 2004-08-11 21:00 . 2010-08-27 08:02 119808 c:\windows\system32\t2embed.dll
+ 2004-08-11 21:00 . 2009-08-26 08:00 247326 c:\windows\system32\strmdll.dll
- 2004-08-11 21:00 . 2008-10-03 10:15 247326 c:\windows\system32\strmdll.dll
- 2004-08-11 21:00 . 2008-04-14 00:12 135168 c:\windows\system32\shsvcs.dll
+ 2004-08-11 21:00 . 2009-07-27 23:17 135168 c:\windows\system32\shsvcs.dll
- 2004-08-11 21:00 . 2008-04-14 00:12 474112 c:\windows\system32\shlwapi.dll
+ 2004-08-11 21:00 . 2009-12-08 09:23 474112 c:\windows\system32\shlwapi.dll
+ 2004-08-11 21:00 . 2011-01-21 14:44 439296 c:\windows\system32\shimgvw.dll
+ 2004-08-11 21:00 . 2009-02-06 11:11 110592 c:\windows\system32\services.exe
- 2004-08-11 21:00 . 2008-04-14 00:12 172032 c:\windows\system32\scrrun.dll
+ 2004-08-11 21:00 . 2008-05-09 10:53 172032 c:\windows\system32\scrrun.dll
- 2004-08-11 21:00 . 2008-04-14 00:12 180224 c:\windows\system32\scrobj.dll
+ 2004-08-11 21:00 . 2008-05-09 10:53 180224 c:\windows\system32\scrobj.dll
+ 2004-08-11 21:00 . 2011-11-16 14:21 152064 c:\windows\system32\schannel.dll
+ 2004-08-11 21:00 . 2011-02-09 13:53 270848 c:\windows\system32\sbe.dll
- 2004-08-11 21:00 . 2008-04-14 00:12 270848 c:\windows\system32\sbe.dll
+ 2004-08-11 21:00 . 2009-02-09 12:10 401408 c:\windows\system32\rpcss.dll
+ 2004-08-11 21:00 . 2010-08-16 08:45 590848 c:\windows\system32\rpcrt4.dll
+ 2004-08-11 21:00 . 2009-10-12 13:38 149504 c:\windows\system32\rastls.dll
- 2004-08-11 21:00 . 2008-04-14 00:12 386048 c:\windows\system32\qdvd.dll
+ 2004-08-11 21:00 . 2011-11-03 15:28 386048 c:\windows\system32\qdvd.dll
+ 2010-03-31 05:10 . 2010-03-31 05:10 295264 c:\windows\system32\PresentationHost.exe
+ 2004-08-11 21:00 . 2012-02-24 12:39 467156 c:\windows\system32\perfh009.dat
- 2004-08-11 21:00 . 2008-04-14 00:12 284160 c:\windows\system32\pdh.dll
+ 2004-08-11 21:00 . 2009-03-06 14:22 284160 c:\windows\system32\pdh.dll
+ 2004-08-11 21:00 . 2010-12-20 17:32 551936 c:\windows\system32\oleaut32.dll
- 2004-08-11 21:00 . 2008-04-14 00:12 551936 c:\windows\system32\oleaut32.dll
+ 2004-08-11 21:00 . 2011-09-26 16:41 220160 c:\windows\system32\oleacc.dll
+ 2004-08-11 21:00 . 2010-11-09 14:52 249856 c:\windows\system32\odbc32.dll
- 2004-08-11 21:00 . 2008-04-14 00:12 249856 c:\windows\system32\odbc32.dll
+ 2004-08-11 21:00 . 2011-12-17 19:46 206848 c:\windows\system32\occache.dll
+ 2004-08-11 21:00 . 2009-10-13 10:30 270336 c:\windows\system32\oakley.dll
- 2004-08-11 21:00 . 2008-04-14 00:12 270336 c:\windows\system32\oakley.dll
+ 2004-08-11 21:00 . 2010-12-09 15:15 718336 c:\windows\system32\ntdll.dll
+ 2004-08-11 21:00 . 2008-10-15 16:34 337408 c:\windows\system32\netapi32.dll
- 2004-08-11 21:00 . 2008-04-14 00:12 337408 c:\windows\system32\netapi32.dll
- 2004-08-11 21:00 . 2008-04-14 00:12 245248 c:\windows\system32\mswsock.dll
+ 2004-08-11 21:00 . 2008-06-20 16:02 245248 c:\windows\system32\mswsock.dll
+ 2004-08-11 21:00 . 2009-08-05 09:01 204800 c:\windows\system32\mswebdvd.dll
+ 2004-08-11 21:00 . 2009-09-11 14:18 136192 c:\windows\system32\msv1_0.dll
- 2004-08-11 21:11 . 2008-04-14 00:12 677888 c:\windows\system32\mstsc.exe
+ 2004-08-11 21:11 . 2011-01-27 11:57 677888 c:\windows\system32\mstsc.exe
+ 2004-08-11 21:00 . 2011-12-17 19:46 611840 c:\windows\system32\mstime.dll
- 2004-08-11 21:00 . 2009-03-08 08:32 611840 c:\windows\system32\mstime.dll
- 2004-08-11 21:11 . 2008-04-14 00:12 343040 c:\windows\system32\mspaint.exe
+ 2004-08-11 21:11 . 2009-12-16 18:43 343040 c:\windows\system32\mspaint.exe
+ 2009-03-08 08:32 . 2011-12-17 19:46 602112 c:\windows\system32\msfeeds.dll
- 2004-08-11 21:11 . 2008-04-14 00:11 161792 c:\windows\system32\msdtcuiu.dll
+ 2004-08-11 21:11 . 2008-06-12 14:23 161792 c:\windows\system32\msdtcuiu.dll
+ 2004-08-11 21:11 . 2008-06-12 14:23 956928 c:\windows\system32\msdtctm.dll
- 2004-08-11 21:11 . 2008-04-14 00:11 956928 c:\windows\system32\msdtctm.dll
+ 2004-08-11 21:11 . 2008-06-12 14:23 428032 c:\windows\system32\msdtcprx.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 297808 c:\windows\system32\mscoree.dll
+ 2004-08-11 21:00 . 2010-04-05 16:54 384512 c:\windows\system32\mp4sdmod.dll
- 2004-08-11 21:00 . 2008-04-14 00:11 384512 c:\windows\system32\mp4sdmod.dll
+ 2004-08-11 21:00 . 2011-02-08 13:33 974848 c:\windows\system32\mfc42u.dll
+ 2004-08-11 21:00 . 2011-02-08 13:33 978944 c:\windows\system32\mfc42.dll
+ 2004-08-11 21:00 . 2010-09-18 06:53 953856 c:\windows\system32\mfc40u.dll
+ 2004-08-11 21:00 . 2010-09-18 06:53 954368 c:\windows\system32\mfc40.dll
+ 2004-08-11 21:00 . 2010-12-20 17:26 730112 c:\windows\system32\lsasrv.dll
- 2004-08-11 21:00 . 2008-04-14 00:12 103936 c:\windows\system32\logagent.exe
+ 2004-08-11 21:00 . 2008-06-10 08:11 103936 c:\windows\system32\logagent.exe
+ 2004-08-11 21:00 . 2009-05-07 15:32 345600 c:\windows\system32\localspl.dll
- 2004-08-11 21:00 . 2008-04-14 00:11 989696 c:\windows\system32\kernel32.dll
+ 2004-08-11 21:00 . 2009-03-21 14:06 989696 c:\windows\system32\kernel32.dll
+ 2004-08-11 21:00 . 2010-12-22 12:34 301568 c:\windows\system32\kerberos.dll
- 2004-08-11 21:00 . 2009-03-08 08:33 726528 c:\windows\system32\jscript.dll
+ 2004-08-11 21:00 . 2011-03-04 06:37 726528 c:\windows\system32\jscript.dll
+ 2004-08-11 21:12 . 2011-10-10 14:22 692736 c:\windows\system32\inetcomm.dll
+ 2004-08-11 21:00 . 2011-12-17 19:46 184320 c:\windows\system32\iepeers.dll
+ 2004-08-11 21:00 . 2011-12-17 19:46 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-11 21:00 . 2011-12-16 12:23 174080 c:\windows\system32\ie4uinit.exe
+ 2004-08-11 21:00 . 2008-10-23 12:36 286720 c:\windows\system32\gdi32.dll
+ 2004-08-11 21:11 . 2011-02-11 13:25 229888 c:\windows\system32\fxscover.exe
+ 2004-08-11 21:06 . 2012-02-24 12:26 289296 c:\windows\system32\FNTCACHE.DAT
- 2004-08-11 21:06 . 2011-06-15 13:14 289296 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-11 21:00 . 2008-07-07 20:26 253952 c:\windows\system32\es.dll
+ 2004-08-11 21:00 . 2011-10-18 11:13 186880 c:\windows\system32\encdec.dll
- 2004-08-11 21:00 . 2008-04-14 00:11 186880 c:\windows\system32\encdec.dll
+ 2004-08-11 21:00 . 2010-02-11 12:02 226880 c:\windows\system32\drivers\tcpip6.sys
+ 2004-08-11 21:00 . 2008-06-20 11:51 361600 c:\windows\system32\drivers\tcpip.sys
+ 2004-08-11 21:00 . 2011-02-17 13:18 357888 c:\windows\system32\drivers\srv.sys
+ 2004-08-11 21:00 . 2008-05-08 14:02 203136 c:\windows\system32\drivers\rmcast.sys
+ 2004-08-11 21:11 . 2011-06-24 14:10 139656 c:\windows\system32\drivers\rdpwd.sys
- 2004-08-11 21:11 . 2008-04-14 00:13 139656 c:\windows\system32\drivers\rdpwd.sys
+ 2004-08-11 21:00 . 2011-04-21 13:37 105472 c:\windows\system32\drivers\mup.sys
+ 2007-07-03 14:30 . 2011-07-15 13:29 456320 c:\windows\system32\drivers\mrxsmb.sys
+ 2004-08-04 03:00 . 2009-10-20 16:20 265728 c:\windows\system32\drivers\http.sys
+ 2008-06-11 13:15 . 2008-06-13 11:05 272128 c:\windows\system32\drivers\bthport.sys
+ 2004-08-11 21:00 . 2011-08-17 13:49 138496 c:\windows\system32\drivers\afd.sys
+ 2004-08-11 21:00 . 2011-03-03 06:55 149504 c:\windows\system32\dnsapi.dll
+ 2008-05-08 11:24 . 2008-05-08 11:24 155648 c:\windows\system32\dllcache\wscript.exe
+ 2010-01-04 19:43 . 2010-07-12 12:55 218112 c:\windows\system32\dllcache\wordpad.exe
+ 2010-01-04 20:13 . 2009-04-03 17:15 485376 c:\windows\system32\dllcache\wmspdmod.dll
- 2010-01-04 20:13 . 2008-04-14 00:12 485376 c:\windows\system32\dllcache\wmspdmod.dll
- 2010-01-04 20:13 . 2008-04-14 00:12 233472 c:\windows\system32\dllcache\wmpdxm.dll
+ 2010-01-04 20:13 . 2009-07-12 17:21 233472 c:\windows\system32\dllcache\wmpdxm.dll
+ 2010-01-04 19:43 . 2009-02-06 10:10 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2010-01-04 19:43 . 2009-02-09 12:10 453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2011-04-26 11:07 . 2011-11-25 21:57 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2011-10-14 14:47 . 2011-10-14 14:47 176128 c:\windows\system32\dllcache\winmm.dll
+ 2008-04-21 06:44 . 2011-12-17 19:46 916992 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:30 . 2011-11-16 14:21 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2009-03-08 08:33 . 2011-04-30 03:01 758784 c:\windows\system32\dllcache\vgx.dll
+ 2009-03-08 08:33 . 2011-03-04 06:37 420864 c:\windows\system32\dllcache\vbscript.dll
+ 2010-04-16 15:36 . 2010-04-16 15:36 406016 c:\windows\system32\dllcache\usp10.dll
- 2009-03-08 08:34 . 2009-03-08 08:34 105984 c:\windows\system32\dllcache\url.dll
+ 2009-03-08 08:34 . 2011-12-17 19:46 105984 c:\windows\system32\dllcache\url.dll
+ 2010-01-04 19:49 . 2009-06-21 21:44 153088 c:\windows\system32\dllcache\triedit.dll
+ 2008-06-20 11:08 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2008-06-20 11:51 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\tcpip.sys
- 2006-08-21 13:52 . 2008-10-03 10:15 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2006-08-21 13:52 . 2009-08-26 08:00 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2011-02-17 13:18 . 2011-02-17 13:18 357888 c:\windows\system32\dllcache\srv.sys
+ 2009-07-27 23:17 . 2009-07-27 23:17 135168 c:\windows\system32\dllcache\shsvcs.dll
+ 2009-01-07 22:20 . 2009-12-08 09:23 474112 c:\windows\system32\dllcache\shlwapi.dll
- 2009-01-07 22:20 . 2009-01-07 22:20 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2011-01-21 14:44 . 2011-01-21 14:44 439296 c:\windows\system32\dllcache\shimgvw.dll
+ 2010-01-04 19:43 . 2009-02-06 11:11 110592 c:\windows\system32\dllcache\services.exe
+ 2008-05-09 10:53 . 2008-05-09 10:53 172032 c:\windows\system32\dllcache\scrrun.dll
+ 2008-05-09 10:53 . 2008-05-09 10:53 180224 c:\windows\system32\dllcache\scrobj.dll
+ 2009-06-25 08:25 . 2011-11-16 14:21 152064 c:\windows\system32\dllcache\schannel.dll
+ 2011-02-09 13:53 . 2011-02-09 13:53 270848 c:\windows\system32\dllcache\sbe.dll
+ 2010-01-04 19:43 . 2009-02-09 12:10 401408 c:\windows\system32\dllcache\rpcss.dll
+ 2009-10-12 13:38 . 2009-10-12 13:38 149504 c:\windows\system32\dllcache\rastls.dll
+ 2011-11-03 15:28 . 2011-11-03 15:28 386048 c:\windows\system32\dllcache\qdvd.dll
+ 2010-01-04 19:43 . 2009-03-06 14:22 284160 c:\windows\system32\dllcache\pdh.dll
+ 2010-12-20 17:32 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll
+ 2011-09-26 16:41 . 2011-09-26 16:41 220160 c:\windows\system32\dllcache\oleacc.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 249856 c:\windows\system32\dllcache\odbc32.dll
+ 2009-03-08 08:34 . 2011-12-17 19:46 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-10-13 10:30 . 2009-10-13 10:30 270336 c:\windows\system32\dllcache\oakley.dll
+ 2008-06-20 16:02 . 2008-06-20 16:02 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2009-08-05 09:01 . 2009-08-05 09:01 204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2009-06-25 08:25 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2009-03-08 08:32 . 2011-12-17 19:46 611840 c:\windows\system32\dllcache\mstime.dll
- 2009-03-08 08:32 . 2009-03-08 08:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-12-16 18:43 . 2009-12-16 18:43 343040 c:\windows\system32\dllcache\mspaint.exe
+ 2010-11-09 14:52 . 2010-11-09 14:52 102400 c:\windows\system32\dllcache\msjro.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 200704 c:\windows\system32\dllcache\msadox.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 180224 c:\windows\system32\dllcache\msadomd.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 143360 c:\windows\system32\dllcache\msadco.dll
+ 2008-08-14 03:17 . 2008-05-01 14:33 331776 c:\windows\system32\dllcache\msadce.dll
- 2008-08-14 03:17 . 2008-05-01 14:30 331776 c:\windows\system32\dllcache\msadce.dll
+ 2008-04-14 00:11 . 2010-04-05 16:54 384512 c:\windows\system32\dllcache\mp4sdmod.dll
- 2008-04-14 00:11 . 2008-04-14 00:11 384512 c:\windows\system32\dllcache\mp4sdmod.dll
+ 2007-07-03 14:46 . 2011-02-08 13:33 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2011-02-08 13:33 . 2011-02-08 13:33 978944 c:\windows\system32\dllcache\mfc42.dll
+ 2009-06-25 08:25 . 2010-12-20 17:26 730112 c:\windows\system32\dllcache\lsasrv.dll
- 2008-06-10 06:31 . 2008-04-14 00:12 103936 c:\windows\system32\dllcache\logagent.exe
+ 2008-06-10 06:31 . 2008-06-10 08:11 103936 c:\windows\system32\dllcache\logagent.exe
+ 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\system32\dllcache\localspl.dll
+ 2011-01-27 11:57 . 2011-01-27 11:57 677888 c:\windows\system32\dllcache\lhmstsc.exe
+ 2009-03-21 14:06 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\kernel32.dll
+ 2009-06-25 08:25 . 2010-12-22 12:34 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2009-03-08 08:33 . 2011-03-04 06:37 726528 c:\windows\system32\dllcache\jscript.dll
- 2009-03-08 08:33 . 2009-03-08 08:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2010-01-29 15:01 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2009-03-08 08:31 . 2011-12-17 19:46 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2009-03-08 18:09 . 2011-12-17 19:46 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 08:32 . 2011-12-16 12:23 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\system32\dllcache\http.sys
+ 2008-10-23 12:36 . 2008-10-23 12:36 286720 c:\windows\system32\dllcache\gdi32.dll
+ 2011-02-11 13:25 . 2011-02-11 13:25 229888 c:\windows\system32\dllcache\fxscover.exe
+ 2010-01-04 19:43 . 2009-02-09 12:10 473600 c:\windows\system32\dllcache\fastprox.dll
+ 2008-07-07 20:26 . 2008-07-07 20:26 253952 c:\windows\system32\dllcache\es.dll
+ 2011-10-18 11:13 . 2011-10-18 11:13 186880 c:\windows\system32\dllcache\encdec.dll
+ 2011-03-03 06:55 . 2011-03-03 06:55 149504 c:\windows\system32\dllcache\dnsapi.dll
+ 2008-05-07 09:07 . 2008-05-07 09:07 135168 c:\windows\system32\dllcache\cscript.exe
+ 2011-09-28 07:06 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll
+ 2011-02-15 12:56 . 2011-02-15 12:56 290432 c:\windows\system32\dllcache\atmfd.dll
+ 2008-10-16 14:43 . 2011-08-17 13:49 138496 c:\windows\system32\dllcache\afd.sys
+ 2010-01-04 19:43 . 2009-02-09 12:10 617472 c:\windows\system32\dllcache\advapi32.dll
+ 2010-01-04 19:54 . 2009-11-21 15:51 471552 c:\windows\system32\dllcache\aclayers.dll
+ 2010-02-12 04:33 . 2010-02-12 04:33 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2004-08-11 21:00 . 2008-05-07 09:07 135168 c:\windows\system32\cscript.exe
- 2004-08-11 21:00 . 2008-04-14 00:11 599040 c:\windows\system32\crypt32.dll
+ 2004-08-11 21:00 . 2011-09-28 07:06 599040 c:\windows\system32\crypt32.dll
+ 2004-08-11 21:00 . 2010-08-23 16:12 617472 c:\windows\system32\comctl32.dll
- 2004-08-11 21:00 . 2008-04-14 00:11 617472 c:\windows\system32\comctl32.dll
+ 2004-08-11 21:00 . 2011-02-15 12:56 290432 c:\windows\system32\atmfd.dll
+ 2004-08-11 21:00 . 2009-02-09 12:10 617472 c:\windows\system32\advapi32.dll
- 2004-08-11 21:00 . 2008-04-14 00:11 617472 c:\windows\system32\advapi32.dll
+ 2004-08-11 21:00 . 2010-02-12 04:33 100864 c:\windows\system32\6to4svc.dll
+ 2011-02-11 13:25 . 2011-02-11 13:25 229888 c:\windows\ServicePackFiles\ServicePackCache\i386\fxscover.exe
- 2004-08-11 21:12 . 2008-04-14 00:12 744448 c:\windows\pchealth\helpctr\binaries\helpsvc.exe
+ 2004-08-11 21:12 . 2010-06-14 14:31 744448 c:\windows\pchealth\helpctr\binaries\helpsvc.exe
+ 2010-03-31 05:16 . 2010-03-31 05:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2010-04-08 04:48 . 2010-04-08 04:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
- 2008-07-29 23:16 . 2008-07-29 23:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-04-08 04:48 . 2010-04-08 04:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2011-12-25 08:49 . 2011-12-25 08:49 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2008-07-25 15:17 . 2008-07-25 15:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-02-09 17:22 . 2010-02-09 17:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2011-07-07 10:18 . 2011-07-07 10:18 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-03-25 11:15 . 2011-03-25 11:15 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-07-07 10:18 . 2011-07-07 10:18 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2010-02-25 05:14 . 2010-02-25 05:14 543232 c:\windows\Installer\4dc38e4.msp
+ 2012-02-23 15:28 . 2012-02-23 15:28 223744 c:\windows\Installer\4c3f4e.msi
+ 2011-12-25 10:40 . 2011-12-25 10:40 819200 c:\windows\Installer\3afa87.msp
+ 2012-02-23 14:40 . 2009-03-08 08:34 914944 c:\windows\ie8updates\KB2647516-IE8\wininet.dll
+ 2012-02-23 14:40 . 2009-03-08 08:34 105984 c:\windows\ie8updates\KB2647516-IE8\url.dll
+ 2012-02-23 14:40 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2647516-IE8\spuninst\updspapi.dll
+ 2012-02-23 14:40 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2647516-IE8\spuninst\spuninst.exe
+ 2012-02-23 14:40 . 2009-03-08 08:34 109568 c:\windows\ie8updates\KB2647516-IE8\occache.dll
+ 2012-02-23 14:40 . 2009-03-08 08:32 611840 c:\windows\ie8updates\KB2647516-IE8\mstime.dll
+ 2012-02-23 14:40 . 2009-03-08 08:32 594432 c:\windows\ie8updates\KB2647516-IE8\msfeeds.dll
+ 2012-02-23 14:40 . 2009-03-08 08:33 246784 c:\windows\ie8updates\KB2647516-IE8\ieproxy.dll
+ 2012-02-23 14:40 . 2009-03-08 08:31 183808 c:\windows\ie8updates\KB2647516-IE8\iepeers.dll
+ 2012-02-23 14:40 . 2009-03-08 08:35 742912 c:\windows\ie8updates\KB2647516-IE8\iedvtool.dll
+ 2012-02-23 14:40 . 2009-03-08 18:09 391536 c:\windows\ie8updates\KB2647516-IE8\iedkcs32.dll
+ 2012-02-23 14:40 . 2009-03-08 08:32 173056 c:\windows\ie8updates\KB2647516-IE8\ie4uinit.exe
+ 2012-02-23 13:01 . 2009-03-08 08:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll
+ 2012-02-23 13:01 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll
+ 2012-02-23 13:01 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
+ 2012-02-23 13:02 . 2009-03-08 08:33 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
+ 2012-02-23 13:02 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
+ 2012-02-23 13:02 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
+ 2012-02-23 13:02 . 2009-03-08 08:33 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll
+ 2012-02-22 18:43 . 2011-07-15 13:29 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\Driver Cache\i386\http.sys
+ 2012-02-22 14:54 . 2008-06-13 11:05 272128 c:\windows\Driver Cache\i386\bthport.sys
+ 2012-02-24 13:22 . 2012-02-24 13:22 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\8739c3efe173cc066955cc3aea14973f\WsatConfig.ni.exe
+ 2012-02-23 13:18 . 2012-02-23 13:18 321024 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\34143889955745e167e8ffdd86c04049\WsatConfig.ni.exe
+ 2012-02-23 13:15 . 2012-02-23 13:15 239616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f07bac751123d76acd1a1dc9fc228ee4\WindowsFormsIntegration.ni.dll
+ 2012-02-24 12:43 . 2012-02-24 12:43 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\096ecf69c6b6e2bf7e9b80f6a3785089\WindowsFormsIntegration.ni.dll
+ 2012-02-24 12:43 . 2012-02-24 12:43 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f102afdffdbe2565bcedb7fa0626b865\UIAutomationTypes.ni.dll
+ 2012-02-23 15:46 . 2012-02-23 15:46 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\06fd1ec81210aa42dbd119c309485d3a\UIAutomationTypes.ni.dll
+ 2012-02-23 13:15 . 2012-02-23 13:15 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\f5ca829dfd6b63b068c0ae890315f979\UIAutomationClient.ni.dll
+ 2012-02-24 12:43 . 2012-02-24 12:43 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\9517d3cf9ed261dfb774a62fee88991e\UIAutomationClient.ni.dll
+ 2012-02-23 14:58 . 2012-02-23 14:58 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP31E.tmp\UIAutomationClient.dll
+ 2012-02-23 14:55 . 2012-02-23 14:55 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP23D.tmp\AspNetMMCExt.dll
+ 2012-02-23 13:23 . 2012-02-23 13:23 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\be131b709afcacdcddcfb1e8c0d0487e\System.Xml.Linq.ni.dll
+ 2012-02-24 13:30 . 2012-02-24 13:30 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\9b35eca0aa8458fedd149e5e0baf8c75\System.Xml.Linq.ni.dll
+ 2012-02-24 13:28 . 2012-02-24 13:28 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\fc6a501868a90caa18bb089d824a7ef1\System.Web.Routing.ni.dll
+ 2012-02-23 13:22 . 2012-02-23 13:22 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\7869894915cc69937dedbb6571f98025\System.Web.Routing.ni.dll
+ 2012-02-24 13:29 . 2012-02-24 13:29 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\537435788b79ce8c6c8a938b2ec8d9db\System.Web.RegularExpressions.ni.dll
+ 2012-02-23 13:22 . 2012-02-23 13:22 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\4ddc48f3a9e6da0a995a0119eb82bdb2\System.Web.RegularExpressions.ni.dll
+ 2012-02-23 13:22 . 2012-02-23 13:22 858112 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\fd98f28d3d2703a4c6ece1157bc31344\System.Web.Extensions.Design.ni.dll
+ 2012-02-24 13:29 . 2012-02-24 13:29 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\be0a18158f12cc6b3292615faf94f035\System.Web.Extensions.Design.ni.dll
+ 2012-02-23 13:22 . 2012-02-23 13:22 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\f33694ed4c8e8976050d36067dd8c269\System.Web.Entity.ni.dll
+ 2012-02-24 13:28 . 2012-02-24 13:28 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\52b9d74a3b155fd3558d58248a59397d\System.Web.Entity.ni.dll
+ 2012-02-23 13:22 . 2012-02-23 13:22 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d5172aef08701b5e1974b0b843a0cad4\System.Web.Entity.Design.ni.dll
+ 2012-02-24 13:28 . 2012-02-24 13:28 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\0f5b9581932d9df4bbf0861c731c986c\System.Web.Entity.Design.ni.dll
+ 2012-02-23 13:22 . 2012-02-23 13:22 542720 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\e0336eb11d55a76b82d13d8cee84330b\System.Web.DynamicData.ni.dll
+ 2012-02-24 13:28 . 2012-02-24 13:28 544768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\0d617c185e38905772d5a1f39542bd63\System.Web.DynamicData.ni.dll
+ 2012-02-23 13:22 . 2012-02-23 13:22 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\ae20f65d40fd9395b5b710774bc7d3b8\System.Web.Abstractions.ni.dll
+ 2012-02-24 13:28 . 2012-02-24 13:28 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\237d75fcb1974b73ffd08a8cb4e25125\System.Web.Abstractions.ni.dll
+ 2012-02-24 13:27 . 2012-02-24 13:27 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\c1fcd30108fc02b92b78745458fe330c\System.Transactions.ni.dll
+ 2012-02-23 13:21 . 2012-02-23 13:21 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\57d919884c565e88ee78f3ba89b80492\System.Transactions.ni.dll
+ 2012-02-23 13:21 . 2012-02-23 13:21 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\f550c0c0823bb480e3e0abd28def3652\System.ServiceProcess.ni.dll
+ 2012-02-24 13:27 . 2012-02-24 13:27 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d4a5aced0ec83076368bad3f7277da5f\System.ServiceProcess.ni.dll
+ 2012-02-23 13:18 . 2012-02-23 13:18 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\ce08ff8fe3f49b71bc97b4f9cab34248\System.Security.ni.dll
+ 2012-02-24 13:23 . 2012-02-24 13:23 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\142e2b633a002e749dbd9d697dbf3f4f\System.Security.ni.dll
+ 2012-02-24 13:26 . 2012-02-24 13:26 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\92c6b8de56bcc3ae29933061103b5018\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-24 13:26 . 2012-02-24 13:26 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\fbe32fc1ca4628b182d461d52488d2fb\System.Net.ni.dll
+ 2012-02-23 13:21 . 2012-02-23 13:21 620032 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\7915b2ae85967cb2a97b1d3c743f2479\System.Net.ni.dll
+ 2012-02-24 13:26 . 2012-02-24 13:26 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\acc5ec6c04f1eff1029f88e339c98e47\System.Management.ni.dll
+ 2012-02-23 13:21 . 2012-02-23 13:21 997888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\6f69f3837692947b97353b2c26865250\System.Management.ni.dll
+ 2012-02-24 13:26 . 2012-02-24 13:26 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\a9c3f3ecde3db4007ff0cc971f2175e1\System.Management.Instrumentation.ni.dll
+ 2012-02-23 13:21 . 2012-02-23 13:21 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\8f135dc47ca41e505139cfc8b433ef19\System.Management.Instrumentation.ni.dll
+ 2012-02-24 13:26 . 2012-02-24 13:26 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\5a1d31eaa62be9253c10b9b2dcb88376\System.IO.Log.ni.dll
+ 2012-02-23 13:16 . 2012-02-23 13:16 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\53e76af3718a206d89d627061eab36b9\System.IO.Log.ni.dll
+ 2012-02-23 13:18 . 2012-02-23 13:18 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\6a1a992b8ab45f336a74d60ed2d730d5\System.IdentityModel.Selectors.ni.dll
+ 2012-02-24 13:26 . 2012-02-24 13:26 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\42bbdb73aa5ca58ba254fd95f44aec27\System.IdentityModel.Selectors.ni.dll
+ 2012-02-24 13:26 . 2012-02-24 13:26 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\d0908fdd3b9f4abd0ded7727be80f764\System.EnterpriseServices.Wrapper.dll
+ 2012-02-24 13:26 . 2012-02-24 13:26 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\d0908fdd3b9f4abd0ded7727be80f764\System.EnterpriseServices.ni.dll
+ 2012-02-23 13:21 . 2012-02-23 13:21 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\094a01db75df5ae2164ac51ea6cde056\System.EnterpriseServices.Wrapper.dll
+ 2012-02-23 13:21 . 2012-02-23 13:21 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\094a01db75df5ae2164ac51ea6cde056\System.EnterpriseServices.ni.dll
+ 2012-02-24 12:41 . 2012-02-24 12:41 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\8586bca55944ec7ed123544470b9b300\System.Drawing.Design.ni.dll
+ 2012-02-23 13:14 . 2012-02-23 13:14 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\0e1b58f95c4b31adceafba865d899d41\System.Drawing.Design.ni.dll
+ 2012-02-23 13:21 . 2012-02-23 13:21 880640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f1c28ae58d71610ef92482e50ec5299b\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-23 13:21 . 2012-02-23 13:21 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\bea849864ccec3c8440854b58323fffc\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-24 13:26 . 2012-02-24 13:26 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8f68873ba4fc4d602b1dd826e45871c7\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-24 13:26 . 2012-02-24 13:26 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\49329b120e018a7807489b0a0ae5011d\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-23 13:20 . 2012-02-23 13:20 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e0d82136eb5c4d98cb168b857787db4c\System.Data.Services.Design.ni.dll
+ 2012-02-24 13:25 . 2012-02-24 13:25 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\c793e72367006a825e1246ed80c9e0a9\System.Data.Services.Design.ni.dll
+ 2012-02-24 13:25 . 2012-02-24 13:25 940032 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\9c9b3a11c1cbf64c3c89e06ac6ac7b18\System.Data.Services.Client.ni.dll
+ 2012-02-23 13:20 . 2012-02-23 13:20 939520 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\5cdd3a0d05572607fa399a204816a21b\System.Data.Services.Client.ni.dll
+ 2012-02-23 13:20 . 2012-02-23 13:20 755200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\a6452c67645a351e98aa05d1d2441b78\System.Data.Entity.Design.ni.dll
+ 2012-02-24 13:25 . 2012-02-24 13:25 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\42b2913585eaee4519b7aabf97688fc1\System.Data.Entity.Design.ni.dll
+ 2012-02-24 13:24 . 2012-02-24 13:24 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\c71837f67173397809b2cbac81a4e62f\System.Data.DataSetExtensions.ni.dll
+ 2012-02-23 13:19 . 2012-02-23 13:19 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\10ac8a64861ff8d04ab918e28d49d763\System.Data.DataSetExtensions.ni.dll
+ 2012-02-23 13:18 . 2012-02-23 13:18 970752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\dc9065ff99f71d8955dece30eb917f23\System.Configuration.ni.dll
+ 2012-02-24 13:23 . 2012-02-24 13:23 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\64bf8d2f963138ede81700b9fd525547\System.Configuration.ni.dll
+ 2012-02-24 13:26 . 2012-02-24 13:26 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\aa793a219ccc513949cdc1ba6e0b9190\System.Configuration.Install.ni.dll
+ 2012-02-23 13:21 . 2012-02-23 13:21 140800 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\29cf30e3b1f5ff4541d5431e29e7c034\System.Configuration.Install.ni.dll
+ 2012-02-24 13:24 . 2012-02-24 13:24 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\f06a96c69c03e92f4463591c37907e15\System.AddIn.ni.dll
+ 2012-02-23 13:19 . 2012-02-23 13:19 632832 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\af5e62a1172ea714f663aa4eba1383fb\System.AddIn.ni.dll
+ 2012-02-24 13:22 . 2012-02-24 13:22 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\7b70c30f242feb9b9595e379955b1bef\SMSvcHost.ni.exe
+ 2012-02-23 13:18 . 2012-02-23 13:18 365056 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6f07a4de6e7a68cef97f516d69cf89cc\SMSvcHost.ni.exe
+ 2012-02-24 13:24 . 2012-02-24 13:24 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\b12d7f65b012145ef4aeec8c0e5faa27\SMDiagnostics.ni.dll
+ 2012-02-23 13:18 . 2012-02-23 13:18 255488 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\585a448ee3cb87102ae71e304f58d542\SMDiagnostics.ni.dll
+ 2012-02-24 13:22 . 2012-02-24 13:22 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\ffec53447013e7391b467f7b8c7d7512\ServiceModelReg.ni.exe
+ 2012-02-23 13:18 . 2012-02-23 13:18 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\6e785ac02f2a8692f7a03c5aa18179d3\ServiceModelReg.ni.exe
+ 2012-02-23 15:54 . 2012-02-23 15:54 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b36b537e7659b38bbb586cf045226d38\PresentationFramework.Royale.ni.dll
+ 2012-02-23 15:54 . 2012-02-23 15:54 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6b490142aee730477a260ca08410cc78\PresentationFramework.Classic.ni.dll
+ 2012-02-23 15:54 . 2012-02-23 15:54 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\63c8dcb30a58ff1c3cf8296cb414d546\PresentationFramework.Luna.ni.dll
+ 2012-02-24 12:40 . 2012-02-24 12:40 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\52015457bc28e7a9a563d9eab8ab0015\PresentationFramework.Royale.ni.dll
+ 2012-02-24 12:40 . 2012-02-24 12:40 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\46a680814559114706a33282e9df4b7a\PresentationFramework.Classic.ni.dll
+ 2012-02-24 12:39 . 2012-02-24 12:39 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2713754549b1114c9152d33efe5f72c7\PresentationFramework.Aero.ni.dll
+ 2012-02-24 12:40 . 2012-02-24 12:40 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1552f18ca434c1dca6d082df476d089a\PresentationFramework.Luna.ni.dll
+ 2012-02-23 15:54 . 2012-02-23 15:54 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0e3393c460ebc48dbcbbb29ff414bbdf\PresentationFramework.Aero.ni.dll
+ 2012-02-23 13:18 . 2012-02-23 13:18 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\abea03c3065d7826386e83079befa9d0\MSBuild.ni.exe
+ 2012-02-24 13:22 . 2012-02-24 13:22 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\1ff58d8f13a7377baf17bc5ce6a2851b\MSBuild.ni.exe
+ 2012-02-23 13:18 . 2012-02-23 13:18 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\d031794ff0f915c727d42bf104cef755\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-24 13:24 . 2012-02-24 13:24 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\7f2f94f7067ab9378fa6fdc6ba00fe6d\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-23 13:19 . 2012-02-23 13:19 530432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\f01b3e69dd9f23114c0a03ad8a64c444\Microsoft.SqlServer.GridControl.ni.dll
+ 2012-02-24 13:24 . 2012-02-24 13:24 989184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\cff69255016b22d8a92cfdd94ebef59f\Microsoft.SqlServer.WizardFrameworkLite.ni.dll
+ 2012-02-23 13:19 . 2012-02-23 13:19 989184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\a40037995b7a80dafd22722cb5b74eb4\Microsoft.SqlServer.WizardFrameworkLite.ni.dll
+ 2012-02-24 13:24 . 2012-02-24 13:24 355840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\8a9996ec94c35b7ccf7bc4d9fbc5ba78\Microsoft.SqlServer.Setup.ni.dll
+ 2012-02-24 13:23 . 2012-02-24 13:23 530432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\642eddcff4bbb45e50afc36fc1c59aa3\Microsoft.SqlServer.GridControl.ni.dll
+ 2012-02-23 13:19 . 2012-02-23 13:19 355840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\5946128c231602f89c3f975c013f03da\Microsoft.SqlServer.Setup.ni.dll
+ 2012-02-24 13:23 . 2012-02-24 13:23 231936 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.NetEnterp#\b569eaeef97428c08b53d4a44f14c9ba\Microsoft.NetEnterpriseServers.ExceptionMessageBox.ni.dll
+ 2012-02-23 13:19 . 2012-02-23 13:19 231936 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.NetEnterp#\25c307d225b4471013b9cb4f0d459028\Microsoft.NetEnterpriseServers.ExceptionMessageBox.ni.dll
+ 2012-02-24 13:23 . 2012-02-24 13:23 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\9c94b11af2b38b4d499cf0cf5fa7bff6\Microsoft.Build.Utilities.ni.dll
+ 2012-02-23 13:19 . 2012-02-23 13:19 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\6628b22266a5b44f0bce174e8b9e6d2e\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-02-24 13:23 . 2012-02-24 13:23 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\345be03d6db6284ab583176961621feb\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-02-23 13:19 . 2012-02-23 13:19 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\2023c59db9fb458ffbfbd5e13a9a1a38\Microsoft.Build.Utilities.ni.dll
+ 2012-02-24 13:23 . 2012-02-24 13:23 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\fff2a81921f4c1055b2c0dcc6bd57c37\Microsoft.Build.Engine.ni.dll
+ 2012-02-23 13:18 . 2012-02-23 13:18 838656 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\dceae8bba55dfcc93d87d7e67a514615\Microsoft.Build.Engine.ni.dll
+ 2012-02-23 13:18 . 2012-02-23 13:18 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\4d4cab2cc434f7714c95fbf0a37ed43c\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-02-24 13:23 . 2012-02-24 13:23 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\24d8a0953cc50d5991a196ffbd09d92d\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-02-24 13:23 . 2012-02-24 13:23 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll
+ 2012-02-23 15:49 . 2012-02-23 15:49 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\15b6aa8e4c6281f499e6f14051dc410e\CustomMarshalers.ni.dll
+ 2012-02-24 13:22 . 2012-02-24 13:22 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\fdfdbc1328e1a99901b8dec6f2412a49\ComSvcConfig.ni.exe
+ 2012-02-23 13:17 . 2012-02-23 13:17 409600 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\ae6aae73fc695a61cb4144eeffa1f890\ComSvcConfig.ni.exe
+ 2012-02-24 13:20 . 2012-02-24 13:20 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\235744ab690abe31ec2382d1866348a3\AspNetMMCExt.ni.dll
+ 2012-02-23 13:18 . 2012-02-23 13:18 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\16ecd58ea1795a05973d33ab71d7f0a3\AspNetMMCExt.ni.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-02-23 13:11 . 2012-02-23 13:11 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-02-23 13:11 . 2012-02-23 13:11 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-06-15 13:07 . 2011-06-15 13:07 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2012-02-23 13:11 . 2012-02-23 13:11 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2004-08-11 21:00 . 2009-11-21 15:51 471552 c:\windows\AppPatch\aclayers.dll
+ 2012-02-23 12:55 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975467\update\updspapi.dll
+ 2012-02-23 12:55 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975467\update\update.exe
+ 2012-02-23 12:55 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB975467\spuninst.exe
+ 2009-09-11 14:13 . 2009-09-11 14:13 136704 c:\windows\$hf_mig$\KB975467\SP3QFE\msv1_0.dll
+ 2012-02-23 14:48 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975025\update\updspapi.dll
+ 2012-02-23 14:48 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975025\update\update.exe
+ 2012-02-23 14:48 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB975025\spuninst.exe
+ 2012-02-23 14:46 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974571\update\updspapi.dll
+ 2012-02-23 14:46 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974571\update\update.exe
+ 2012-02-23 14:46 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974571\spuninst.exe
+ 2012-02-23 14:17 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974392\update\updspapi.dll
+ 2012-02-23 14:17 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974392\update\update.exe
+ 2012-02-23 14:17 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974392\spuninst.exe
+ 2009-10-13 10:38 . 2009-10-13 10:38 270336 c:\windows\$hf_mig$\KB974392\SP3QFE\oakley.dll
+ 2012-02-23 15:27 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974318\update\updspapi.dll
+ 2012-02-23 15:27 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974318\update\update.exe
+ 2012-02-23 15:27 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974318\spuninst.exe
+ 2009-10-12 13:28 . 2009-10-12 13:28 150016 c:\windows\$hf_mig$\KB974318\SP3QFE\rastls.dll
+ 2012-02-23 15:08 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974112\update\updspapi.dll
+ 2012-02-23 15:08 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974112\update\update.exe
+ 2012-02-23 15:08 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974112\spuninst.exe
+ 2009-08-26 08:03 . 2009-08-26 08:03 247326 c:\windows\$hf_mig$\KB974112\SP3QFE\strmdll.dll
+ 2012-02-23 13:13 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973815\update\updspapi.dll
+ 2012-02-23 13:13 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB973815\update\update.exe
+ 2012-02-23 13:13 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB973815\spuninst.exe
+ 2009-08-05 08:52 . 2009-08-05 08:52 204800 c:\windows\$hf_mig$\KB973815\SP3QFE\mswebdvd.dll
+ 2012-02-23 14:44 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973507\update\updspapi.dll
+ 2012-02-23 14:44 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB973507\update\update.exe
+ 2012-02-23 14:44 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB973507\spuninst.exe
+ 2012-02-23 15:16 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB971657\update\updspapi.dll
+ 2012-02-23 15:16 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB971657\update\update.exe
+ 2012-02-23 15:16 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971657\spuninst.exe
+ 2009-06-10 06:17 . 2009-06-10 06:17 134144 c:\windows\$hf_mig$\KB971657\SP3QFE\wkssvc.dll
+ 2012-02-23 15:25 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB969059\update\updspapi.dll
+ 2012-02-23 15:25 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB969059\update\update.exe
+ 2012-02-23 15:25 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB969059\spuninst.exe
+ 2012-02-23 12:54 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB968389\update\updspapi.dll
+ 2012-02-23 12:54 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB968389\update\update.exe
+ 2012-02-23 12:54 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB968389\spuninst.exe
+ 2009-06-25 08:41 . 2009-06-25 08:41 147456 c:\windows\$hf_mig$\KB968389\SP3QFE\schannel.dll
+ 2009-06-25 08:41 . 2009-06-25 08:41 136704 c:\windows\$hf_mig$\KB968389\SP3QFE\msv1_0.dll
+ 2009-06-26 09:41 . 2009-06-26 09:41 730112 c:\windows\$hf_mig$\KB968389\SP3QFE\lsasrv.dll
+ 2009-06-25 08:41 . 2009-06-25 08:41 301568 c:\windows\$hf_mig$\KB968389\SP3QFE\kerberos.dll
+ 2012-02-23 15:01 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB961501\update\updspapi.dll
+ 2012-02-23 15:01 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB961501\update\update.exe
+ 2012-02-23 15:01 . 2008-07-09 07:38 231288 c:\windows\$hf_mig$\KB961501\spuninst.exe
+ 2009-05-07 15:14 . 2009-05-07 15:14 346112 c:\windows\$hf_mig$\KB961501\SP3QFE\localspl.dll
+ 2012-02-23 15:48 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB960859\update\updspapi.dll
+ 2012-02-23 15:48 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB960859\update\update.exe
+ 2012-02-23 15:48 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB960859\spuninst.exe
+ 2012-02-23 13:14 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB960803\update\updspapi.dll
+ 2012-02-23 13:14 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB960803\update\update.exe
+ 2012-02-23 13:14 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB960803\spuninst.exe
+ 2008-12-16 12:22 . 2008-12-16 12:22 354304 c:\windows\$hf_mig$\KB960803\SP3QFE\winhttp.dll
+ 2012-02-23 15:55 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB959426\update\updspapi.dll
+ 2012-02-23 15:55 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB959426\update\update.exe
+ 2012-02-23 15:55 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB959426\spuninst.exe
+ 2009-03-21 13:59 . 2009-03-21 13:59 991744 c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
+ 2012-02-23 14:47 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB952004\update\updspapi.dll
+ 2012-02-23 14:47 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB952004\update\update.exe
+ 2012-02-23 14:47 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB952004\spuninst.exe
+ 2008-06-12 14:09 . 2008-06-12 14:09 161792 c:\windows\$hf_mig$\KB952004\SP3QFE\msdtcuiu.dll
+ 2008-06-12 14:09 . 2008-06-12 14:09 956928 c:\windows\$hf_mig$\KB952004\SP3QFE\msdtctm.dll
+ 2008-06-12 14:09 . 2008-06-12 14:09 428032 c:\windows\$hf_mig$\KB952004\SP3QFE\msdtcprx.dll
+ 2012-02-22 14:49 . 2010-10-23 00:51 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll
+ 2012-02-22 14:53 . 2010-08-23 16:12 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 3781960 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 3766600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll
+ 2004-08-11 21:00 . 2010-04-08 19:03 2113536 c:\windows\system32\WMVCore.dll
+ 2004-08-11 21:00 . 2010-08-26 22:16 4886528 c:\windows\system32\wmp.dll
+ 2004-08-11 21:00 . 2008-06-10 11:11 1053696 c:\windows\system32\WMNetmgr.dll
+ 2004-08-11 21:00 . 2011-12-17 19:46 1212416 c:\windows\system32\urlmon.dll
+ 2004-08-11 21:00 . 2011-01-21 14:44 8462336 c:\windows\system32\shell32.dll
+ 2004-08-11 21:00 . 2009-07-17 16:22 1435648 c:\windows\system32\query.dll
- 2004-08-11 21:00 . 2008-04-14 00:12 1435648 c:\windows\system32\query.dll
+ 2004-08-11 21:00 . 2011-11-03 15:28 1292288 c:\windows\system32\quartz.dll
+ 2004-08-11 21:00 . 2011-11-01 16:07 1288704 c:\windows\system32\ole32.dll
+ 2004-08-11 21:00 . 2011-10-25 13:37 2148864 c:\windows\system32\ntoskrnl.exe
+ 2004-08-04 02:59 . 2011-10-25 12:52 2027008 c:\windows\system32\ntkrnlpa.exe
+ 2008-08-30 01:06 . 2009-07-31 15:05 1372672 c:\windows\system32\msxml6.dll
+ 2004-08-11 21:00 . 2010-06-14 07:41 1172480 c:\windows\system32\msxml3.dll
+ 2004-08-11 21:11 . 2011-02-02 07:58 2067456 c:\windows\system32\mstscax.dll
+ 2004-08-11 21:00 . 2011-12-17 19:46 5979136 c:\windows\system32\mshtml.dll
+ 2009-03-08 08:32 . 2011-12-17 19:46 2000384 c:\windows\system32\iertutil.dll
+ 2006-12-07 21:02 . 2010-04-08 19:03 2113536 c:\windows\system32\dllcache\WMVCore.dll
+ 2010-01-04 20:13 . 2010-08-26 22:16 4886528 c:\windows\system32\dllcache\wmp.dll
+ 2008-06-10 23:18 . 2008-06-10 11:11 1053696 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2012-01-12 16:53 . 2012-01-12 16:53 1859968 c:\windows\system32\dllcache\win32k.sys
+ 2009-03-08 08:34 . 2011-12-17 19:46 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2009-07-27 23:17 . 2011-01-21 14:44 8462336 c:\windows\system32\dllcache\shell32.dll
+ 2009-07-17 16:22 . 2009-07-17 16:22 1435648 c:\windows\system32\dllcache\query.dll
+ 2009-11-27 17:11 . 2011-11-03 15:28 1292288 c:\windows\system32\dllcache\quartz.dll
+ 2010-07-16 12:05 . 2011-11-01 16:07 1288704 c:\windows\system32\dllcache\ole32.dll
+ 2011-10-25 13:33 . 2011-10-25 13:33 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2011-10-25 12:52 . 2011-10-25 12:52 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2011-10-25 12:52 . 2011-10-25 12:52 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2011-10-25 13:37 . 2011-10-25 13:37 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2010-01-04 20:12 . 2009-07-31 15:05 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2007-07-03 14:45 . 2010-06-14 07:41 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2009-06-10 14:19 . 2009-06-10 14:19 2066432 c:\windows\system32\dllcache\mstscax.dll
+ 2010-01-29 15:01 . 2010-01-29 15:01 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2008-04-21 06:44 . 2011-12-17 19:46 5979136 c:\windows\system32\dllcache\mshtml.dll
+ 2011-02-02 07:58 . 2011-02-02 07:58 2067456 c:\windows\system32\dllcache\lhmstscx.dll
+ 2009-11-07 06:06 . 2009-11-07 06:06 1130824 c:\windows\system32\dfshim.dll
+ 2010-04-08 04:48 . 2010-04-08 04:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2011-03-25 11:15 . 2011-03-25 11:15 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2008-07-25 15:17 . 2008-07-25 15:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2011-12-25 08:50 . 2011-12-25 08:50 5246976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2011-10-26 08:39 . 2011-10-26 08:39 3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-07-07 10:18 . 2011-07-07 10:18 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2011-07-07 10:18 . 2011-07-07 10:18 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2010-04-12 03:17 . 2010-04-12 03:17 2607104 c:\windows\Installer\4dc38f0.msp
+ 2010-04-12 03:17 . 2010-04-12 03:17 4210688 c:\windows\Installer\4dc38ef.msp
+ 2011-10-31 03:54 . 2011-10-31 03:54 2748416 c:\windows\Installer\4c3f5e.msp
+ 2009-11-09 05:25 . 2009-11-09 05:25 1935360 c:\windows\Installer\28c0cf.msp
+ 2011-12-26 14:59 . 2011-12-26 14:59 4368896 c:\windows\Installer\28c0b5.msp
+ 2012-02-23 14:40 . 2009-03-08 08:34 1206784 c:\windows\ie8updates\KB2647516-IE8\urlmon.dll
+ 2012-02-23 14:40 . 2009-03-08 08:41 5937152 c:\windows\ie8updates\KB2647516-IE8\mshtml.dll
+ 2012-02-23 14:40 . 2009-03-08 08:32 1985024 c:\windows\ie8updates\KB2647516-IE8\iertutil.dll
+ 2011-10-25 13:33 . 2011-10-25 13:33 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2011-10-25 12:52 . 2011-10-25 12:52 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2011-10-25 12:52 . 2011-10-25 12:52 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2011-10-25 13:37 . 2011-10-25 13:37 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2012-02-23 13:11 . 2012-02-23 13:11 3311104 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\deaafb445937fede481141b9b49e7e34\WindowsBase.ni.dll
+ 2012-02-23 16:01 . 2012-02-23 16:01 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4ca0afba91eb6597d289503059706672\WindowsBase.ni.dll
+ 2012-02-23 13:15 . 2012-02-23 13:15 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\dd5f494311dc57a9d31b2892be930e42\UIAutomationClientsideProviders.ni.dll
+ 2012-02-24 12:43 . 2012-02-24 12:43 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\9d845bc0bcbc2030049984fab04ebff2\UIAutomationClientsideProviders.ni.dll
+ 2012-02-23 13:11 . 2012-02-23 13:11 7948288 c:\windows\assembly\NativeImages_v2.0.50727_32\System\857b7d64acb4a36c734d7beaeef7068f\System.ni.dll
+ 2012-02-23 16:01 . 2012-02-23 16:01 7953408 c:\windows\assembly\NativeImages_v2.0.50727_32\System\12637de2619ee65d57c529f6c786dce1\System.ni.dll
+ 2012-02-24 12:43 . 2012-02-24 12:43 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9cf4a4fdd044bf3f033ae4fa26bdd796\System.Xml.ni.dll
+ 2012-02-23 13:15 . 2012-02-23 13:15 5449728 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9790e82f52035bfb2e35682d640e62f4\System.Xml.ni.dll
+ 2012-02-24 13:30 . 2012-02-24 13:30 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e84b55704ff69572d895bfa0b6b9dc84\System.WorkflowServices.ni.dll
+ 2012-02-23 13:23 . 2012-02-23 13:23 1355264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\3a1dbbee7e808a3709a865f77544cd78\System.WorkflowServices.ni.dll
+ 2012-02-24 13:29 . 2012-02-24 13:29 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\ca870af891241c57669046d7335753a4\System.Workflow.Runtime.ni.dll
+ 2012-02-23 13:23 . 2012-02-23 13:23 1904128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\3e012a3ee0e30783db61fe8792efad8b\System.Workflow.Runtime.ni.dll
+ 2012-02-23 13:23 . 2012-02-23 13:23 4510720 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\b9db64e57073bb47c4761c8abfe0e10b\System.Workflow.ComponentModel.ni.dll
+ 2012-02-24 13:29 . 2012-02-24 13:29 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\8043a47cd154a40a386a67b06b900458\System.Workflow.ComponentModel.ni.dll
+ 2012-02-24 13:29 . 2012-02-24 13:29 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\cc949255e13eb3e0a4211814dd1c0dd4\System.Workflow.Activities.ni.dll
+ 2012-02-23 13:23 . 2012-02-23 13:23 2989568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\c2e574524226403369c3f97b09fe48ce\System.Workflow.Activities.ni.dll
+ 2012-02-24 13:29 . 2012-02-24 13:29 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e34c7421644c217f896c3371d291d84e\System.Web.Services.ni.dll
+ 2012-02-23 13:22 . 2012-02-23 13:22 1840128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\b4ee1aca042beb1ea075699f02a37028\System.Web.Services.ni.dll
+ 2012-02-24 13:29 . 2012-02-24 13:29 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\82e18f2d07edeb54d3caba6a9d095ac9\System.Web.Mobile.ni.dll
+ 2012-02-23 13:22 . 2012-02-23 13:22 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\05297c6a38719ab01598bad2a6a61446\System.Web.Mobile.ni.dll
+ 2012-02-24 13:28 . 2012-02-24 13:28 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\9f9831c5d427d2385365046d0cc673a1\System.Web.Extensions.ni.dll
+ 2012-02-23 13:22 . 2012-02-23 13:22 2400256 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\74bf96fb70f4fb8b823d7294b2fad47b\System.Web.Extensions.ni.dll
+ 2012-02-24 12:42 . 2012-02-24 12:42 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\df0947e2fa4ce3156190bbcc405916bb\System.Speech.ni.dll
+ 2012-02-23 13:14 . 2012-02-23 13:14 1912832 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2a182a36c6a415349c25b5159232ddaf\System.Speech.ni.dll
+ 2012-02-24 13:27 . 2012-02-24 13:27 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ddb371943daa3c8f9333b3f43ac47c5b\System.ServiceModel.Web.ni.dll
+ 2012-02-23 13:21 . 2012-02-23 13:21 1705984 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\08596945284a2042de2a6462f5ef0d10\System.ServiceModel.Web.ni.dll
+ 2012-02-23 13:16 . 2012-02-23 13:16 2344960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\fc13437e24444f59e3eb71a036ef523a\System.Runtime.Serialization.ni.dll
+ 2012-02-24 13:26 . 2012-02-24 13:26 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\ae1ad323e0634c4beb6e0cb1a45ee2c8\System.Runtime.Serialization.ni.dll
+ 2012-02-23 13:14 . 2012-02-23 13:14 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\d5dcdd391aed514a43edda6281863ca7\System.Printing.ni.dll
+ 2012-02-24 12:42 . 2012-02-24 12:42 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\50c3fc100ba3621fad7698ff2fc6ac00\System.Printing.ni.dll
+ 2012-02-24 13:26 . 2012-02-24 13:26 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c83b71ebf9f45d8ce02aa0cb2a557306\System.IdentityModel.ni.dll
+ 2012-02-23 13:16 . 2012-02-23 13:16 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\a9b9d214926801e2213fafdd7071e956\System.IdentityModel.ni.dll
+ 2012-02-24 12:41 . 2012-02-24 12:41 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3877aa44425b257edad57137c5a2e21\System.Drawing.ni.dll
+ 2012-02-23 13:14 . 2012-02-23 13:14 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6a1bfdc29f6d9fbe2acaee4fc8469484\System.Drawing.ni.dll
+ 2012-02-23 13:21 . 2012-02-23 13:21 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\67bdde137c743ae3b9f7e1c660d515cc\System.DirectoryServices.ni.dll
+ 2012-02-24 13:26 . 2012-02-24 13:26 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\1af095ac130f585527b60abd230b4558\System.DirectoryServices.ni.dll
+ 2012-02-24 13:25 . 2012-02-24 13:25 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\b399049f64feb94dfd492b755b1391e7\System.Deployment.ni.dll
+ 2012-02-23 13:20 . 2012-02-23 13:20 1800704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\5ea7cd97ab50396a4473a66a90c8ede9\System.Deployment.ni.dll
+ 2012-02-23 13:13 . 2012-02-23 13:13 6614016 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\5caf97d2defc67b6027c7f5a6968c9b7\System.Data.ni.dll
+ 2012-02-24 12:40 . 2012-02-24 12:40 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\0aacf518f032079557bc36a2eef2ccea\System.Data.ni.dll
+ 2012-02-23 13:18 . 2012-02-23 13:18 2508800 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\e75776a6b02c299ebd520945f1e35ce8\System.Data.SqlXml.ni.dll
+ 2012-02-24 13:23 . 2012-02-24 13:23 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\7307e58d4f972fc9260ab3fd78174489\System.Data.SqlXml.ni.dll
+ 2012-02-24 13:25 . 2012-02-24 13:25 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\e3b1c8876a12a329f48bd816a9aee6ea\System.Data.Services.ni.dll
+ 2012-02-23 13:20 . 2012-02-23 13:20 1326080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\009a8a8ae05ccb695220dc951d8f9773\System.Data.Services.ni.dll
+ 2012-02-24 12:40 . 2012-02-24 12:40 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\e96ce573ad6de68e05f1e122c6d78d82\System.Data.Linq.ni.dll
+ 2012-02-23 13:13 . 2012-02-23 13:13 2510848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\cbc83f52257eeb37ebedc3f7e2651414\System.Data.Linq.ni.dll
+ 2012-02-24 13:25 . 2012-02-24 13:25 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\ec0a61ccc465b880eb89587595241531\System.Data.Entity.ni.dll
+ 2012-02-23 13:20 . 2012-02-23 13:20 9903104 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\2e83ea97fdbb6f00eb560ab854de0c91\System.Data.Entity.ni.dll
+ 2012-02-23 13:13 . 2012-02-23 13:13 2294784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dc68da08aae1260e7d18570ad7e474c6\System.Core.ni.dll
+ 2012-02-24 12:40 . 2012-02-24 12:40 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c54577f8280781a7fdfab0768a5e57dc\System.Core.ni.dll
+ 2012-02-23 13:13 . 2012-02-23 13:13 2125824 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\a4ec4a6c15f54c1cbfd43be93d4ba5d7\ReachFramework.ni.dll
+ 2012-02-24 12:40 . 2012-02-24 12:40 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\38813fbedb0f7db266f398505d3d9de6\ReachFramework.ni.dll
+ 2012-02-24 12:40 . 2012-02-24 12:40 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a8ed72c762477ddbfd4260eb56413128\PresentationUI.ni.dll
+ 2012-02-23 13:13 . 2012-02-23 13:13 1656832 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\4bced20d2e111b6822828c0197adb02d\PresentationUI.ni.dll
+ 2012-02-23 16:01 . 2012-02-23 16:01 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\e87f0d1b4e317448a7c2765adfee8ac7\PresentationBuildTasks.ni.dll
+ 2012-02-23 13:11 . 2012-02-23 13:11 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\33495c3775bb0d6dc649824a4da48bd2\PresentationBuildTasks.ni.dll
+ 2012-02-23 13:19 . 2012-02-23 13:19 1711104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\520b9511d34590f600dff0f5196c2675\Microsoft.VisualBasic.ni.dll
+ 2012-02-24 13:24 . 2012-02-24 13:24 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2c3009961961efc6793e53bd415cf157\Microsoft.VisualBasic.ni.dll
+ 2012-02-23 13:18 . 2012-02-23 13:18 1092608 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f3227a6ee65fc5bb0d7c10c6825d2a05\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-24 13:24 . 2012-02-24 13:24 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\30e6e5306fc4bf34ece0eb839ce657e4\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-24 13:26 . 2012-02-24 13:26 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\f8d8d7998c4368b3eb6a7e845a1f9a58\Microsoft.JScript.ni.dll
+ 2012-02-23 13:21 . 2012-02-23 13:21 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\a6f51e207f228c2b2e5bbc93db1bc04a\Microsoft.JScript.ni.dll
+ 2012-02-24 13:23 . 2012-02-24 13:23 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\98a69006d7f172a222fdb6ad9422e18d\Microsoft.Build.Tasks.ni.dll
+ 2012-02-23 13:19 . 2012-02-23 13:19 1620480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\8d6d9329489c9846b17bb4dca326f16c\Microsoft.Build.Tasks.ni.dll
+ 2012-02-23 13:19 . 2012-02-23 13:19 1965568 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\1e649a6eb2c5d8d5d36d7ddb6d8c4b62\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-02-24 13:23 . 2012-02-24 13:23 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\04d930f8e11a4f443fdefee368364d53\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-02-24 13:23 . 2012-02-24 13:23 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\edd4a4a46ce7a080b0610ee78cf85a0a\Microsoft.Build.Engine.ni.dll
+ 2012-02-23 13:18 . 2012-02-23 13:18 1886208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\2e183a89902261ce0e1132d86a97bfe8\Microsoft.Build.Engine.ni.dll
+ 2012-02-23 14:58 . 2012-02-23 14:58 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-02-23 15:09 . 2012-02-23 15:09 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2011-06-15 13:10 . 2011-06-15 13:10 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-02-23 13:11 . 2012-02-23 13:11 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-02-23 14:58 . 2012-02-23 14:58 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-06-15 12:28 . 2011-06-15 12:28 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-02-23 14:58 . 2012-02-23 14:58 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2011-06-15 13:08 . 2011-06-15 13:08 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-02-23 15:59 . 2012-02-23 15:59 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-07-17 16:01 . 2009-07-17 16:01 1435648 c:\windows\$hf_mig$\KB969059\SP3QFE\query.dll
+ 2007-07-09 16:47 . 2012-01-27 04:20 52550552 c:\windows\system32\MRT.exe
+ 2009-03-08 08:39 . 2011-12-18 19:46 11082240 c:\windows\system32\ieframe.dll
+ 2011-12-18 19:46 . 2011-12-18 19:46 11082240 c:\windows\system32\dllcache\ieframe.dll
+ 2010-04-12 03:17 . 2010-04-12 03:17 14599680 c:\windows\Installer\4dc38fe.msp
+ 2011-03-28 08:27 . 2011-03-28 08:27 15456256 c:\windows\Installer\4c3f66.msp
+ 2011-07-12 01:43 . 2011-07-12 01:43 11641344 c:\windows\Installer\4c3f57.msp
+ 2010-03-31 06:23 . 2010-03-31 06:23 15638528 c:\windows\Installer\28c0db.msp
+ 2012-02-23 14:40 . 2009-03-08 08:39 11063808 c:\windows\ie8updates\KB2647516-IE8\ieframe.dll
+ 2012-02-23 13:14 . 2012-02-23 13:14 12428800 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\a0633e5617f6301a2422a72ab90b5de2\System.Windows.Forms.ni.dll
+ 2012-02-24 12:43 . 2012-02-24 12:43 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\891e536eaeebb1c3ea4a2b199f3b739b\System.Windows.Forms.ni.dll
+ 2012-02-23 13:22 . 2012-02-23 13:22 11796480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\47eb8696e47a035e9a613a2d0cc7ac45\System.Web.ni.dll
+ 2012-02-24 13:28 . 2012-02-24 13:28 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\1cb3849720ed4eb09c75725675a3ef31\System.Web.ni.dll
+ 2012-02-23 13:17 . 2012-02-23 13:17 17400320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\fcd81c0ecb8f7c4bfb76339cc0d3b4c5\System.ServiceModel.ni.dll
+ 2012-02-24 13:27 . 2012-02-24 13:27 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8e7f82f9057e72af8128bc62440537c8\System.ServiceModel.ni.dll
+ 2012-02-24 12:41 . 2012-02-24 12:41 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\42756ca7ab21a2d028b9e4133ee5e237\System.Design.ni.dll
+ 2012-02-23 13:14 . 2012-02-23 13:14 10681344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\18a247b793f9a8c426e9679995ff4611\System.Design.ni.dll
+ 2012-02-23 13:13 . 2012-02-23 13:13 14320640 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc1c8bb3fffaf17048fe0d83a7357bda\PresentationFramework.ni.dll
+ 2012-02-24 12:39 . 2012-02-24 12:39 14472704 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\71a1bbccb497becb2d419f99366bb6fd\PresentationFramework.ni.dll
+ 2012-02-24 12:38 . 2012-02-24 12:38 13095424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\ae49626b4c8a410643418a3c9a8c57fd\PresentationCore.ni.dll
+ 2012-02-23 13:12 . 2012-02-23 13:12 12213248 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\9b9f6b7800067b7cd1096bfd9bbe9728\PresentationCore.ni.dll
+ 2012-02-24 12:28 . 2012-02-24 12:28 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\76b383d94081a33e09c774405d99a451\PresentationCore.ni.dll
+ 2012-02-23 15:41 . 2012-02-23 15:41 11489280 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\d4faf04f2ecbfa295d7208d926ebbbc1\mscorlib.ni.dll
+ 2012-02-23 16:00 . 2012-02-23 16:00 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.exe" [2011-05-31 240288]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2012-01-03 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-02-01 02:30 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NecUsb3Sevice]
USB3Nw32.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\USB3Nw32]
USB3Nw32.dll [BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-15 02:38 623992 ------w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 00:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-05-18 15:00 136176 ----atw- c:\documents and settings\phaccounting\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CaCCProvSP"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [7/3/2007 9:31 AM 3456]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1/16/2012 12:18 PM 326688]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [1/16/2012 12:18 PM 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [1/16/2012 12:18 PM 656320]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [1/16/2012 12:18 PM 252712]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 12:48 PM 116608]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [1/16/2012 12:18 PM 184536]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 1:25 PM 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67664]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [12/7/2011 6:21 PM 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/16/2011 2:10 PM 12856]
S2 NecUsb;USB Service;c:\windows\System32\svchost.exe -k NecUsbSevice [8/11/2004 4:00 PM 14336]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [1/16/2012 12:18 PM 162200]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [1/11/2012 4:54 PM 2984832]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/9/2012 7:48 AM 106104]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [1/16/2012 12:42 PM 89472]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [1/16/2012 12:42 PM 125888]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [1/16/2012 12:18 PM 70664]
S3 PSEXESVC;PsExec;c:\windows\PSEXESVC.EXE [11/9/2009 5:11 AM 53248]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
NecUsbSevice REG_MULTI_SZ NecUsb
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
HpqKbFiltr
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-01 c:\windows\Tasks\At10.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-03-01 c:\windows\Tasks\At12.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-03-01 c:\windows\Tasks\At14.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-03-01 c:\windows\Tasks\At16.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-02-29 c:\windows\Tasks\At18.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-03-01 c:\windows\Tasks\At2.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-02-29 c:\windows\Tasks\At20.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-02-29 c:\windows\Tasks\At22.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-02-29 c:\windows\Tasks\At24.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-02-29 c:\windows\Tasks\At26.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-02-29 c:\windows\Tasks\At28.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-02-29 c:\windows\Tasks\At30.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-02-29 c:\windows\Tasks\At32.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-03-01 c:\windows\Tasks\At34.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-02-29 c:\windows\Tasks\At36.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-02-29 c:\windows\Tasks\At38.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-03-01 c:\windows\Tasks\At4.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-03-01 c:\windows\Tasks\At40.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-02-29 c:\windows\Tasks\At42.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-03-01 c:\windows\Tasks\At44.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-03-01 c:\windows\Tasks\At46.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-03-01 c:\windows\Tasks\At48.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-03-01 c:\windows\Tasks\At6.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-03-01 c:\windows\Tasks\At8.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1142955711-545866328-314601362-1851Core.job
- c:\documents and settings\phaccounting\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-18 15:00]
.
2012-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1142955711-545866328-314601362-1851UA.job
- c:\documents and settings\phaccounting\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-18 15:00]
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1142955711-545866328-314601362-500Core.job
- c:\documents and settings\administrator.OHENRY\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-05 19:36]
.
2012-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1142955711-545866328-314601362-500UA.job
- c:\documents and settings\administrator.OHENRY\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-05 19:36]
.
2012-02-23 c:\windows\Tasks\PXAcctBackup.job
- c:\windows\system32\ntbackup.exe [2004-08-11 00:12]
.
.
------- Supplementary Scan -------
.
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: 192.168.3.15
Trusted Zone: synergymms.com
TCP: Interfaces\{B8003625-1E27-4EED-A16F-086414B31779}: NameServer = 192.168.3.22,24.25.5.61
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-01 17:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,82,c6,bb,3a,91,23,00,46,99,c2,9e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,82,c6,bb,3a,91,23,00,46,99,c2,9e,\
.
[HKEY_USERS\S-1-5-21-1074564116-3638092115-3834490600-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,26,50,ec,56,da,21,46,9a,8a,54,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,26,50,ec,56,da,21,46,9a,8a,54,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(712)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(508)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
.
**************************************************************************
.
Completion time: 2012-03-01 17:41:44 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-01 22:41
ComboFix2.txt 2012-02-22 14:48
.
Pre-Run: 47,475,781,632 bytes free
Post-Run: 48,050,020,352 bytes free
.
- - End Of File - - 79D0E12A6CEB52C838836656154DC332

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:55 AM

Posted 02 March 2012 - 06:14 AM

Hi,

yes it's a free alternative operating system, which we would have used to disable the infection enough to be able to run ComboFix. Since ComboFix ran in safe mode, I think this is likely not necessary.

Can you please go to virustotal.com and upload the following two files one after another:
c:\windows\system32\Mh126dL2.com_
C:\windows\system32\USB3Nw32.dll

Link me to the results in your next reply. (If you can't find the file let me know)

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 aparrish

aparrish
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 02 March 2012 - 09:50 AM

Hi Myrti,

c:\windows\system32\Mh126dL2.com_ analysis link is
https://www.virustotal.com/file/ce982422b7742c7a4be50784206a176ceb7f4ac8f6d3ff93caaa6d450d5381f7/analysis/
C:\windows\system32\USB3Nw32.dll - I can't find the file. I did a search of the c: drive and it did not find the file anyplace.

Additionally, the Symantec auto-protect had 2 entries last night. I'm not able to find the complete log but did write everything down. The first line for each category pertains to the 9:12:36 time stamp. The 2nd line for each is for the 9:12:08 time stamp. Several categories had the same info so I just listed it once (apologies if this is confusing):
date/time:
3/1/12 9:12:36 pm
3/1/12 9:12:08 pm

risk:
trogan.adn.2

action:
cleaned by deletion
partial (non critical failure)

file name:
combofix.exe (and the icon has been removed from the desktop)

risk type:
file

original location:
c:\documents and settings\administrator\desktop

computer:
helsinki

current location:
deleted
c:\documents and settings\administrator\desktop

primary act:
clean security risk

secondary act:
quarantine

logged by:
auto-protect scan

action description:
file was deleted successfully
risk was partially removed

Edited by aparrish, 02 March 2012 - 09:51 AM.


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:55 AM

Posted 03 March 2012 - 07:55 AM

well what we have here is a classic false positive. Symantec is detecting ComboFix as malicious, when it really isn't. Unfortunately it's not unusual this happens and we always work hard to get them to resolve these false positives quickly (but they don't always answer quickly).

Please download a fresh copy of ComboFix (and disable your ant virus protection before downloading it, as it likely will otherwise quarantine the file immediately)

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\Mh126dL2.com_
netsvc::
HpqKbFiltr
driver::
NecUsb
registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NecUsbSevice=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\USB3Nw32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NecUsb3Sevice]
AtJob::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 aparrish

aparrish
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 05 March 2012 - 04:30 PM

Hi Myrti,

I was able to run combofix in regular mode so hopefully that means we're getting somewhere.

Below is the combofix log.

ComboFix 12-03-04.02 - Administrator 03/05/2012 15:54:04.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.990.547 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
FILE ::
"c:\windows\system32\Mh126dL2.com_"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\dllcache\dlimport.exe
.
c:\windows\system32\drivers\Serial.sys was missing
Restored copy from - c:\windows\system32\dllcache\Serial.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NECUSB
-------\Service_NecUsb
.
.
((((((((((((((((((((((((( Files Created from 2012-02-05 to 2012-03-05 )))))))))))))))))))))))))))))))
.
.
2012-03-05 21:11 . 2008-04-13 20:15 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2012-03-05 21:11 . 2008-04-13 20:15 64512 ----a-w- c:\windows\system32\dllcache\serial.sys
2012-03-01 21:48 . 2012-03-01 21:48 17920 ----a-w- c:\windows\system32\ping.exe
2012-03-01 21:48 . 2012-03-01 21:48 17920 ----a-w- c:\windows\system32\dllcache\ping.exe
2012-02-24 16:36 . 2012-02-24 21:50 82433 ----a-w- c:\windows\system32\Mh126dL2.com_
2012-02-24 13:04 . 2012-02-24 13:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PCHealth
2012-02-24 12:41 . 2012-02-24 12:41 -------- d-----w- c:\documents and settings\phaccounting\Local Settings\Application Data\PCHealth
2012-02-24 12:39 . 2012-02-24 12:39 5484 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-02-23 13:01 . 2012-02-23 14:40 -------- d-----w- c:\windows\ie8updates
2012-02-23 12:56 . 2012-02-23 12:56 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2012-02-22 18:43 . 2011-07-15 13:29 456320 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2012-02-22 18:42 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2012-02-22 18:42 . 2011-12-17 19:46 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2012-02-22 18:42 . 2011-12-17 19:46 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-02-22 18:42 . 2011-12-17 19:46 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2012-02-22 18:42 . 2011-12-17 19:46 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2012-02-22 18:42 . 2011-12-17 19:46 2000384 ------w- c:\windows\system32\dllcache\iertutil.dll
2012-02-22 18:42 . 2011-12-17 19:46 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2012-02-22 18:41 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2012-02-22 18:40 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-22 18:40 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-02-22 14:54 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2012-02-22 14:53 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2012-02-22 14:53 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2012-02-22 14:53 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2012-02-22 14:52 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2012-02-22 14:52 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2012-02-22 14:51 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2012-02-22 14:51 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2012-02-22 14:49 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2012-02-22 14:49 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2012-02-22 14:43 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2012-02-22 14:42 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2012-02-22 14:37 . 2010-12-09 15:15 718336 ------w- c:\windows\system32\dllcache\ntdll.dll
2012-02-22 14:37 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2012-02-22 14:34 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2012-02-22 14:34 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2012-02-22 13:51 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-22 13:51 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\dllcache\netbt.sys
2012-02-21 14:15 . 2012-02-21 14:15 -------- d-----w- c:\documents and settings\phaccounting\Application Data\SUPERAntiSpyware.com
2012-02-08 21:17 . 2012-02-08 21:17 -------- d-----w- c:\documents and settings\phaccounting\Application Data\Malwarebytes
2012-02-08 18:11 . 2012-02-08 18:11 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-08 18:11 . 2012-02-08 18:11 -------- d-----w- c:\program files\Trend Micro
2012-02-08 13:27 . 2012-02-08 16:03 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-02-06 13:50 . 2012-02-06 13:50 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2012-02-05 14:20 . 2012-03-01 21:29 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-01 02:30 . 2011-12-15 11:52 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-01 02:30 . 2011-12-15 11:52 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-02-01 02:30 . 2011-12-15 11:52 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-02-01 02:30 . 2011-12-15 11:52 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-01-16 17:42 . 2012-01-16 17:42 125888 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2012-01-16 17:42 . 2012-01-16 17:42 89472 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2012-01-16 17:42 . 2012-01-16 17:42 31960 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2012-01-12 16:53 . 2004-08-11 21:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2004-08-11 21:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-11 21:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2004-08-11 21:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-11 21:00 385024 ------w- c:\windows\system32\html.iec
2011-12-10 20:24 . 2011-03-31 17:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-07 23:22 . 2011-12-15 11:52 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2011-12-07 23:21 . 2011-12-15 11:52 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2010-09-01 13:38 . 2010-09-01 13:38 451 ------w- c:\program files\090120109382043.bat
.
.
((((((((((((((((((((((((((((( SnapShot_2012-03-01_22.36.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-02 02:06 . 2012-03-02 02:06 16384 c:\windows\temp\Perflib_Perfdata_6c8.dat
+ 2007-07-09 13:22 . 2012-03-03 16:28 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-07-09 13:22 . 2012-01-18 17:22 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-03-03 16:28 . 2012-03-03 16:28 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2007-08-16 18:50 . 2012-03-05 13:59 1878 c:\windows\krxl997.dat
- 2007-08-16 18:50 . 2012-03-01 13:26 1878 c:\windows\krxl997.dat
+ 2007-07-09 13:22 . 2012-03-03 16:28 131072 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-07-09 13:22 . 2012-01-18 17:22 131072 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.exe" [2011-05-31 240288]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2012-01-03 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-02-01 02:30 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-15 02:38 623992 ------w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 00:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-05-18 15:00 136176 ----atw- c:\documents and settings\phaccounting\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CaCCProvSP"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [7/3/2007 9:31 AM 3456]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1/16/2012 12:18 PM 326688]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [1/16/2012 12:18 PM 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [1/16/2012 12:18 PM 656320]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [1/16/2012 12:18 PM 252712]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [1/16/2012 12:18 PM 184536]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 1:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 12:48 PM 116608]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [12/7/2011 6:21 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/16/2011 2:10 PM 12856]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [1/16/2012 12:18 PM 162200]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [1/11/2012 4:54 PM 2984832]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/9/2012 7:48 AM 106104]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [1/16/2012 12:42 PM 89472]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [1/16/2012 12:42 PM 125888]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [1/16/2012 12:18 PM 70664]
S3 PSEXESVC;PsExec;c:\windows\PSEXESVC.EXE [11/9/2009 5:11 AM 53248]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
NecUsbSevice REG_MULTI_SZ NecUsb
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-02 c:\windows\Tasks\At10.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-03-02 c:\windows\Tasks\At12.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-03-02 c:\windows\Tasks\At14.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-03-02 c:\windows\Tasks\At16.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-03-05 c:\windows\Tasks\At18.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-03-02 c:\windows\Tasks\At2.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-03-05 c:\windows\Tasks\At20.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-03-05 c:\windows\Tasks\At22.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-03-05 c:\windows\Tasks\At24.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-03-05 c:\windows\Tasks\At26.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-03-05 c:\windows\Tasks\At28.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-03-05 c:\windows\Tasks\At30.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-02-29 c:\windows\Tasks\At32.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-03-01 c:\windows\Tasks\At34.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-03-01 c:\windows\Tasks\At36.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-03-01 c:\windows\Tasks\At38.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-03-02 c:\windows\Tasks\At4.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-03-02 c:\windows\Tasks\At40.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-03-02 c:\windows\Tasks\At42.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-03-02 c:\windows\Tasks\At44.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-03-02 c:\windows\Tasks\At46.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-03-02 c:\windows\Tasks\At48.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-03-02 c:\windows\Tasks\At6.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-03-02 c:\windows\Tasks\At8.job
- c:\windows\system32\Mh126dL2.com_ [2012-02-24 21:50]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1142955711-545866328-314601362-1851Core.job
- c:\documents and settings\phaccounting\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-18 15:00]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1142955711-545866328-314601362-1851UA.job
- c:\documents and settings\phaccounting\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-18 15:00]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1142955711-545866328-314601362-500Core.job
- c:\documents and settings\administrator.OHENRY\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-05 19:36]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1142955711-545866328-314601362-500UA.job
- c:\documents and settings\administrator.OHENRY\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-05 19:36]
.
2012-02-23 c:\windows\Tasks\PXAcctBackup.job
- c:\windows\system32\ntbackup.exe [2004-08-11 00:12]
.
.
------- Supplementary Scan -------
.
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: 192.168.3.15
Trusted Zone: synergymms.com
TCP: Interfaces\{B8003625-1E27-4EED-A16F-086414B31779}: NameServer = 192.168.3.22,24.25.5.61
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-05 16:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,82,c6,bb,3a,91,23,00,46,99,c2,9e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,82,c6,bb,3a,91,23,00,46,99,c2,9e,\
.
[HKEY_USERS\S-1-5-21-1074564116-3638092115-3834490600-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,26,50,ec,56,da,21,46,9a,8a,54,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,26,50,ec,56,da,21,46,9a,8a,54,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(796)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\msv1_0.dll
.
- - - - - - - > 'explorer.exe'(1508)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\TeamViewer\Version7\TeamViewer.exe
c:\program files\TeamViewer\Version7\tv_w32.exe
c:\program files\Symantec\Symantec Endpoint Protection\SescLU.exe
c:\program files\Symantec\LiveUpdate\luall.exe
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
.
**************************************************************************
.
Completion time: 2012-03-05 16:27:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-05 21:27
ComboFix2.txt 2012-02-22 14:48
.
Pre-Run: 47,572,992,000 bytes free
Post-Run: 47,203,852,288 bytes free
.
- - End Of File - - 7860C626001618E7E6D5F869684E95C7

#12 aparrish

aparrish
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 05 March 2012 - 04:36 PM

And just after I posted that, my auto-protect popped up with this:
date/time:
3/5/12 4:35:48pm

risk:
downloader

action:
cleaned by deletion

file name:
Mh126dL2.com_

risk type:
file

original location:
c:\windows\system32\

computer:
helsinki

user:
system

status:
deleted

current location:
deleted

primary act:
clean security risk

secondary act:
quarantine

logged by:
auto-protect scan

action description:
file was deleted successfully

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:55 AM

Posted 05 March 2012 - 06:21 PM

Hi,

yes that was one of the files, I wanted to remove. Let's see if the file got recreated:

Open notepad and copy/paste the text in the quotebox below into it:

http://www.bleepingcomputer.com/forums/topic443964.html
Collect::
c:\windows\system32\Mh126dL2.com_
AtJob::

Save this as CFScript.txt


Posted Image


Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 aparrish

aparrish
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 06 March 2012 - 04:14 PM

Hi,

I followed the instructions but if an additional message box appeared, it disappeared quickly. I have looked at c:\windows\system32\ and do not see a Mh126dL2.com_ file.

Combofix log:
ComboFix 12-03-04.02 - Administrator 03/06/2012 15:36:29.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.990.446 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-06 to 2012-03-06 )))))))))))))))))))))))))))))))
.
.
2012-03-05 21:11 . 2008-04-13 20:15 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2012-03-05 21:11 . 2008-04-13 20:15 64512 ----a-w- c:\windows\system32\dllcache\serial.sys
2012-03-01 21:48 . 2012-03-01 21:48 17920 ----a-w- c:\windows\system32\ping.exe
2012-03-01 21:48 . 2012-03-01 21:48 17920 ----a-w- c:\windows\system32\dllcache\ping.exe
2012-02-24 13:04 . 2012-02-24 13:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PCHealth
2012-02-24 12:41 . 2012-02-24 12:41 -------- d-----w- c:\documents and settings\phaccounting\Local Settings\Application Data\PCHealth
2012-02-24 12:39 . 2012-02-24 12:39 5484 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-02-23 13:01 . 2012-02-23 14:40 -------- d-----w- c:\windows\ie8updates
2012-02-23 12:56 . 2012-02-23 12:56 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2012-02-22 18:43 . 2011-07-15 13:29 456320 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2012-02-22 18:42 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2012-02-22 18:42 . 2011-12-17 19:46 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2012-02-22 18:42 . 2011-12-17 19:46 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-02-22 18:42 . 2011-12-17 19:46 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2012-02-22 18:42 . 2011-12-17 19:46 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2012-02-22 18:42 . 2011-12-17 19:46 2000384 ------w- c:\windows\system32\dllcache\iertutil.dll
2012-02-22 18:42 . 2011-12-17 19:46 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2012-02-22 18:41 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2012-02-22 18:40 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-22 18:40 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-02-22 14:54 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2012-02-22 14:53 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2012-02-22 14:53 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2012-02-22 14:53 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2012-02-22 14:52 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2012-02-22 14:52 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2012-02-22 14:51 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2012-02-22 14:51 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2012-02-22 14:49 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2012-02-22 14:49 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2012-02-22 14:43 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2012-02-22 14:42 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2012-02-22 14:37 . 2010-12-09 15:15 718336 ------w- c:\windows\system32\dllcache\ntdll.dll
2012-02-22 14:37 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2012-02-22 14:34 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2012-02-22 14:34 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2012-02-22 13:51 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-22 13:51 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\dllcache\netbt.sys
2012-02-21 14:15 . 2012-02-21 14:15 -------- d-----w- c:\documents and settings\phaccounting\Application Data\SUPERAntiSpyware.com
2012-02-08 21:17 . 2012-02-08 21:17 -------- d-----w- c:\documents and settings\phaccounting\Application Data\Malwarebytes
2012-02-08 18:11 . 2012-02-08 18:11 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-08 18:11 . 2012-02-08 18:11 -------- d-----w- c:\program files\Trend Micro
2012-02-08 13:27 . 2012-02-08 16:03 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-02-06 13:50 . 2012-02-06 13:50 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 21:29 . 2012-02-05 14:20 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-01 02:30 . 2011-12-15 11:52 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-01 02:30 . 2011-12-15 11:52 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-02-01 02:30 . 2011-12-15 11:52 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-02-01 02:30 . 2011-12-15 11:52 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-01-16 17:42 . 2012-01-16 17:42 125888 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2012-01-16 17:42 . 2012-01-16 17:42 89472 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2012-01-16 17:42 . 2012-01-16 17:42 31960 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2012-01-12 16:53 . 2004-08-11 21:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2004-08-11 21:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-11 21:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2004-08-11 21:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-11 21:00 385024 ------w- c:\windows\system32\html.iec
2011-12-10 20:24 . 2011-03-31 17:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-07 23:22 . 2011-12-15 11:52 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2011-12-07 23:21 . 2011-12-15 11:52 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2010-09-01 13:38 . 2010-09-01 13:38 451 ------w- c:\program files\090120109382043.bat
.
.
((((((((((((((((((((((((((((( SnapShot_2012-03-01_22.36.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-05 21:33 . 2012-03-05 21:33 16384 c:\windows\temp\Perflib_Perfdata_5b4.dat
+ 2007-07-09 13:22 . 2012-03-03 16:28 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-07-09 13:22 . 2012-01-18 17:22 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-08-16 18:50 . 2012-03-06 13:47 1878 c:\windows\krxl997.dat
- 2007-08-16 18:50 . 2012-03-01 13:26 1878 c:\windows\krxl997.dat
+ 2007-07-09 13:22 . 2012-03-03 16:28 131072 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-07-09 13:22 . 2012-01-18 17:22 131072 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.exe" [2011-05-31 240288]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2012-01-03 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-02-01 02:30 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NecUsb3Sevice]
USB3Nw32.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\USB3Nw32]
USB3Nw32.dll [BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-15 02:38 623992 ------w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 00:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-05-18 15:00 136176 ----atw- c:\documents and settings\phaccounting\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CaCCProvSP"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [7/3/2007 9:31 AM 3456]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1/16/2012 12:18 PM 326688]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [1/16/2012 12:18 PM 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [1/16/2012 12:18 PM 656320]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [1/16/2012 12:18 PM 252712]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [1/16/2012 12:18 PM 184536]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 1:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 12:48 PM 116608]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [12/7/2011 6:21 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/16/2011 2:10 PM 12856]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [1/16/2012 12:18 PM 162200]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [1/11/2012 4:54 PM 2984832]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/9/2012 7:48 AM 106104]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [1/16/2012 12:42 PM 89472]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [1/16/2012 12:42 PM 125888]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [1/16/2012 12:18 PM 70664]
S3 PSEXESVC;PsExec;c:\windows\PSEXESVC.EXE [11/9/2009 5:11 AM 53248]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
NecUsbSevice REG_MULTI_SZ NecUsb
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1142955711-545866328-314601362-1851Core.job
- c:\documents and settings\phaccounting\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-18 15:00]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1142955711-545866328-314601362-1851UA.job
- c:\documents and settings\phaccounting\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-18 15:00]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1142955711-545866328-314601362-500Core.job
- c:\documents and settings\administrator.OHENRY\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-05 19:36]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1142955711-545866328-314601362-500UA.job
- c:\documents and settings\administrator.OHENRY\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-05 19:36]
.
2012-02-23 c:\windows\Tasks\PXAcctBackup.job
- c:\windows\system32\ntbackup.exe [2004-08-11 00:12]
.
.
------- Supplementary Scan -------
.
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: 192.168.3.15
Trusted Zone: synergymms.com
TCP: Interfaces\{B8003625-1E27-4EED-A16F-086414B31779}: NameServer = 192.168.3.22,24.25.5.61
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-06 15:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,82,c6,bb,3a,91,23,00,46,99,c2,9e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,82,c6,bb,3a,91,23,00,46,99,c2,9e,\
.
[HKEY_USERS\S-1-5-21-1074564116-3638092115-3834490600-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,26,50,ec,56,da,21,46,9a,8a,54,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,26,50,ec,56,da,21,46,9a,8a,54,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(792)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(1844)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\program files\TeamViewer\Version7\TeamViewer.exe
c:\program files\TeamViewer\Version7\tv_w32.exe
.
**************************************************************************
.
Completion time: 2012-03-06 16:08:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-06 21:08
ComboFix2.txt 2012-02-22 14:48
.
Pre-Run: 47,536,791,552 bytes free
Post-Run: 47,527,120,896 bytes free
.
- - End Of File - - E925562D06C8E72796F62FFF1FFCDB50

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:55 AM

Posted 06 March 2012 - 05:53 PM

Hi,

there's still something going on. Some of the entries that we deleted have reappeared.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NecUsbSevice=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NecUsb3Sevice]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\USB3Nw32]
Driver::
NecUsb


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Please download SystemLook from jpshortstuff and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click the SystemLook and copy/paste the following into the box
    :filefind
    USB3Nw32.dll
    :reg
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] 
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NecUSB
    :regfind
    NecUSB
  • Hit the Look button. Let it finish the scan
  • A log will then pop-up to your Desktop.. Post the content of the log here in your next reply

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users