Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Security Center Virus


  • This topic is locked This topic is locked
19 replies to this topic

#1 JD3

JD3

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 25 February 2012 - 09:42 PM

Hi there,

Back in December I hit on a link that downloaded the Windows Security Center malware/virus to my computer. To remove it, I ran Malwarebyte's Anti-Malware Scan which seemed to remove the virus and allowed me to get online again. However, I am not certain all traces are gone and have not been getting on any sites/doing anything that requires a password, credit card number, etc. I just want to be sure it's all gone so I can begin using my computer fully again.

Before I read the directions for posting in this forum I had already run ComboFix as well. So I am attaching the Malwarebyte's log, the DDS log, the GMER log and the ComboFix log.

Here is the DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_27
Run by user at 17:11:49 on 2012-02-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.414 [GMT -8:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://tvlistings.zap2it.com/tvlistings/ZCGrid.do
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: E-Zsoft VideoDownloaderToolBar: {4322a444-92f8-4c3e-bd4c-013ba51e2871} - c:\program files\versalsoft\internetdownload\VDTB.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: E-Zsoft VideoDownloaderToolBar: {4322a444-92f8-4c3e-bd4c-013ba51e2871} - c:\program files\versalsoft\internetdownload\VDTB.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector10\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector10" updatewithcreateonce "software\cyberlink\powerdirector\10.0"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
IE: Download by Versalsoft Internet Download - c:\program files\versalsoft\internetdownload\adddownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{150EC818-0697-43C3-BA46-DD3043907DF4} : DhcpNameServer = 192.168.1.1 192.168.1.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\touqsprb.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-3 652872]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-3 20464]
S3 yeddef;YEDDEF driver;c:\windows\system32\drivers\yeddef.sys --> c:\windows\system32\drivers\yeddef.sys [?]
.
=============== Created Last 30 ================
.
2012-02-15 06:27:30 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 06:27:30 3072 ------w- c:\windows\system32\iacenc.dll
.
==================== Find3M ====================
.
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-19 08:53:33 667136 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:53:33 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-12-19 08:53:32 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-12-16 13:16:31 369664 ----a-w- c:\windows\system32\html.iec
2011-12-10 23:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-05 03:08:31 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-12-05 03:08:31 348160 ----a-w- c:\windows\system32\msvcr71.dll
.
============= FINISH: 17:12:44.09 ===============


Thank you for any help you can give me!!!!!

Sincerely,

JD3

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:45 PM

Posted 26 February 2012 - 02:34 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 JD3

JD3
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 27 February 2012 - 12:34 AM

Hi Gringo,

I already ran ComboFix. The log is attached above.

JD3

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:45 PM

Posted 27 February 2012 - 12:52 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 JD3

JD3
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 27 February 2012 - 01:36 AM

Hi Gringo,

Here is the TDSKiller log:

22:00:51.0720 4132 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
22:00:52.0157 4132 ============================================================
22:00:52.0157 4132 Current date / time: 2012/02/26 22:00:52.0157
22:00:52.0157 4132 SystemInfo:
22:00:52.0157 4132
22:00:52.0157 4132 OS Version: 5.1.2600 ServicePack: 3.0
22:00:52.0157 4132 Product type: Workstation
22:00:52.0157 4132 ComputerName: NEWUSER
22:00:52.0157 4132 UserName: user
22:00:52.0157 4132 Windows directory: C:\WINDOWS
22:00:52.0157 4132 System windows directory: C:\WINDOWS
22:00:52.0157 4132 Processor architecture: Intel x86
22:00:52.0157 4132 Number of processors: 2
22:00:52.0157 4132 Page size: 0x1000
22:00:52.0157 4132 Boot type: Normal boot
22:00:52.0157 4132 ============================================================
22:00:54.0532 4132 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:00:54.0657 4132 \Device\Harddisk0\DR0:
22:00:54.0673 4132 MBR used
22:00:54.0673 4132 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0xD63325D
22:00:54.0673 4132 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xD642D61, BlocksNum 0x4A796BD
22:00:54.0782 4132 Initialize success
22:00:54.0782 4132 ============================================================
22:00:58.0767 4312 ============================================================
22:00:58.0767 4312 Scan started
22:00:58.0767 4312 Mode: Manual;
22:00:58.0767 4312 ============================================================
22:00:59.0314 4312 Abiosdsk - ok
22:00:59.0329 4312 abp480n5 - ok
22:00:59.0392 4312 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:00:59.0407 4312 ACPI - ok
22:00:59.0454 4312 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:00:59.0454 4312 ACPIEC - ok
22:00:59.0454 4312 adpu160m - ok
22:00:59.0501 4312 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:00:59.0501 4312 aec - ok
22:00:59.0548 4312 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:00:59.0548 4312 AFD - ok
22:00:59.0548 4312 Aha154x - ok
22:00:59.0564 4312 aic78u2 - ok
22:00:59.0579 4312 aic78xx - ok
22:00:59.0595 4312 AliIde - ok
22:00:59.0611 4312 amsint - ok
22:00:59.0626 4312 asc - ok
22:00:59.0642 4312 asc3350p - ok
22:00:59.0642 4312 asc3550 - ok
22:00:59.0720 4312 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:00:59.0720 4312 AsyncMac - ok
22:00:59.0736 4312 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:00:59.0736 4312 atapi - ok
22:00:59.0751 4312 Atdisk - ok
22:00:59.0782 4312 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:00:59.0782 4312 Atmarpc - ok
22:00:59.0829 4312 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:00:59.0829 4312 audstub - ok
22:00:59.0876 4312 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:00:59.0876 4312 Beep - ok
22:00:59.0892 4312 bvrp_pci - ok
22:00:59.0907 4312 catchme - ok
22:00:59.0970 4312 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:00:59.0970 4312 cbidf2k - ok
22:00:59.0970 4312 cd20xrnt - ok
22:01:00.0017 4312 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:01:00.0017 4312 Cdaudio - ok
22:01:00.0048 4312 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:01:00.0048 4312 Cdfs - ok
22:01:00.0079 4312 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:01:00.0079 4312 Cdrom - ok
22:01:00.0126 4312 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
22:01:00.0126 4312 cercsr6 - ok
22:01:00.0126 4312 Changer - ok
22:01:00.0157 4312 CmdIde - ok
22:01:00.0173 4312 Cpqarray - ok
22:01:00.0189 4312 dac2w2k - ok
22:01:00.0204 4312 dac960nt - ok
22:01:00.0236 4312 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:01:00.0236 4312 Disk - ok
22:01:00.0298 4312 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:01:00.0329 4312 dmboot - ok
22:01:00.0345 4312 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:01:00.0345 4312 dmio - ok
22:01:00.0376 4312 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:01:00.0376 4312 dmload - ok
22:01:00.0407 4312 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:01:00.0407 4312 DMusic - ok
22:01:00.0470 4312 dpti2o - ok
22:01:00.0501 4312 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:01:00.0501 4312 drmkaud - ok
22:01:00.0564 4312 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:01:00.0564 4312 E100B - ok
22:01:00.0626 4312 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:01:00.0626 4312 Fastfat - ok
22:01:00.0657 4312 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
22:01:00.0657 4312 Fdc - ok
22:01:00.0689 4312 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:01:00.0689 4312 Fips - ok
22:01:00.0689 4312 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:01:00.0689 4312 Flpydisk - ok
22:01:00.0736 4312 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:01:00.0736 4312 FltMgr - ok
22:01:00.0751 4312 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:01:00.0751 4312 Fs_Rec - ok
22:01:00.0782 4312 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:01:00.0782 4312 Ftdisk - ok
22:01:00.0829 4312 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:01:00.0829 4312 GEARAspiWDM - ok
22:01:00.0876 4312 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:01:00.0876 4312 Gpc - ok
22:01:00.0923 4312 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:01:00.0939 4312 HDAudBus - ok
22:01:00.0954 4312 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:01:00.0954 4312 hidusb - ok
22:01:00.0986 4312 hpn - ok
22:01:01.0032 4312 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
22:01:01.0032 4312 HSFHWBS2 - ok
22:01:01.0079 4312 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
22:01:01.0095 4312 HSF_DP - ok
22:01:01.0157 4312 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:01:01.0157 4312 HTTP - ok
22:01:01.0173 4312 i2omgmt - ok
22:01:01.0189 4312 i2omp - ok
22:01:01.0251 4312 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
22:01:01.0298 4312 ialm - ok
22:01:01.0345 4312 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:01:01.0345 4312 Imapi - ok
22:01:01.0361 4312 ini910u - ok
22:01:01.0376 4312 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:01:01.0376 4312 IntelIde - ok
22:01:01.0407 4312 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:01:01.0407 4312 intelppm - ok
22:01:01.0470 4312 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:01:01.0470 4312 Ip6Fw - ok
22:01:01.0517 4312 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:01:01.0517 4312 IpFilterDriver - ok
22:01:01.0564 4312 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:01:01.0564 4312 IpInIp - ok
22:01:01.0595 4312 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:01:01.0595 4312 IpNat - ok
22:01:01.0626 4312 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:01:01.0626 4312 IPSec - ok
22:01:01.0657 4312 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:01:01.0657 4312 IRENUM - ok
22:01:01.0657 4312 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:01:01.0673 4312 isapnp - ok
22:01:01.0704 4312 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:01:01.0704 4312 Kbdclass - ok
22:01:01.0704 4312 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:01:01.0704 4312 kbdhid - ok
22:01:01.0736 4312 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:01:01.0736 4312 kmixer - ok
22:01:01.0782 4312 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:01:01.0782 4312 KSecDD - ok
22:01:01.0798 4312 lbrtfdc - ok
22:01:01.0829 4312 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
22:01:01.0829 4312 MBAMProtector - ok
22:01:01.0861 4312 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:01:01.0861 4312 mdmxsdk - ok
22:01:01.0892 4312 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
22:01:01.0907 4312 MHNDRV - ok
22:01:01.0907 4312 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:01:01.0923 4312 mnmdd - ok
22:01:01.0954 4312 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:01:01.0954 4312 Modem - ok
22:01:01.0986 4312 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
22:01:02.0001 4312 MODEMCSA - ok
22:01:02.0001 4312 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:01:02.0001 4312 Mouclass - ok
22:01:02.0048 4312 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:01:02.0048 4312 mouhid - ok
22:01:02.0064 4312 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:01:02.0064 4312 MountMgr - ok
22:01:02.0079 4312 mraid35x - ok
22:01:02.0095 4312 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:01:02.0095 4312 MRxDAV - ok
22:01:02.0157 4312 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:01:02.0157 4312 MRxSmb - ok
22:01:02.0189 4312 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:01:02.0189 4312 Msfs - ok
22:01:02.0236 4312 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:01:02.0236 4312 MSKSSRV - ok
22:01:02.0282 4312 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:01:02.0282 4312 MSPCLOCK - ok
22:01:02.0298 4312 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:01:02.0298 4312 MSPQM - ok
22:01:02.0345 4312 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:01:02.0345 4312 mssmbios - ok
22:01:02.0392 4312 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:01:02.0392 4312 Mup - ok
22:01:02.0423 4312 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:01:02.0439 4312 NDIS - ok
22:01:02.0486 4312 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:01:02.0486 4312 NdisTapi - ok
22:01:02.0517 4312 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:01:02.0517 4312 Ndisuio - ok
22:01:02.0532 4312 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:01:02.0532 4312 NdisWan - ok
22:01:02.0564 4312 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:01:02.0564 4312 NDProxy - ok
22:01:02.0595 4312 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:01:02.0595 4312 NetBIOS - ok
22:01:02.0611 4312 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:01:02.0626 4312 NetBT - ok
22:01:02.0673 4312 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:01:02.0673 4312 Npfs - ok
22:01:02.0704 4312 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:01:02.0704 4312 Ntfs - ok
22:01:02.0767 4312 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:01:02.0767 4312 Null - ok
22:01:02.0814 4312 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:01:02.0814 4312 NwlnkFlt - ok
22:01:02.0829 4312 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:01:02.0829 4312 NwlnkFwd - ok
22:01:02.0861 4312 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
22:01:02.0876 4312 Parport - ok
22:01:02.0876 4312 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:01:02.0876 4312 PartMgr - ok
22:01:02.0907 4312 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:01:02.0907 4312 ParVdm - ok
22:01:02.0923 4312 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:01:02.0923 4312 PCI - ok
22:01:02.0939 4312 PCIDump - ok
22:01:02.0970 4312 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
22:01:02.0970 4312 PCIIde - ok
22:01:03.0001 4312 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:01:03.0001 4312 Pcmcia - ok
22:01:03.0017 4312 PDCOMP - ok
22:01:03.0017 4312 PDFRAME - ok
22:01:03.0032 4312 PDRELI - ok
22:01:03.0048 4312 PDRFRAME - ok
22:01:03.0064 4312 perc2 - ok
22:01:03.0064 4312 perc2hib - ok
22:01:03.0142 4312 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:01:03.0142 4312 PptpMiniport - ok
22:01:03.0189 4312 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:01:03.0189 4312 PSched - ok
22:01:03.0220 4312 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:01:03.0220 4312 Ptilink - ok
22:01:03.0267 4312 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:01:03.0267 4312 PxHelp20 - ok
22:01:03.0267 4312 ql1080 - ok
22:01:03.0282 4312 Ql10wnt - ok
22:01:03.0298 4312 ql12160 - ok
22:01:03.0314 4312 ql1240 - ok
22:01:03.0314 4312 ql1280 - ok
22:01:03.0329 4312 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:01:03.0329 4312 RasAcd - ok
22:01:03.0361 4312 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:01:03.0361 4312 Rasl2tp - ok
22:01:03.0376 4312 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:01:03.0376 4312 RasPppoe - ok
22:01:03.0392 4312 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:01:03.0392 4312 Raspti - ok
22:01:03.0407 4312 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:01:03.0407 4312 Rdbss - ok
22:01:03.0423 4312 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:01:03.0423 4312 RDPCDD - ok
22:01:03.0470 4312 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:01:03.0470 4312 rdpdr - ok
22:01:03.0501 4312 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:01:03.0501 4312 RDPWD - ok
22:01:03.0564 4312 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:01:03.0564 4312 redbook - ok
22:01:03.0642 4312 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:01:03.0642 4312 Secdrv - ok
22:01:03.0689 4312 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
22:01:03.0689 4312 Serial - ok
22:01:03.0736 4312 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:01:03.0736 4312 Sfloppy - ok
22:01:03.0751 4312 Simbad - ok
22:01:03.0751 4312 Sparrow - ok
22:01:03.0782 4312 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:01:03.0782 4312 splitter - ok
22:01:03.0814 4312 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:01:03.0814 4312 sr - ok
22:01:03.0845 4312 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:01:03.0845 4312 Srv - ok
22:01:03.0907 4312 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
22:01:03.0923 4312 STHDA - ok
22:01:03.0954 4312 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:01:03.0954 4312 swenum - ok
22:01:04.0001 4312 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:01:04.0001 4312 swmidi - ok
22:01:04.0017 4312 symc810 - ok
22:01:04.0017 4312 symc8xx - ok
22:01:04.0032 4312 sym_hi - ok
22:01:04.0048 4312 sym_u3 - ok
22:01:04.0064 4312 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:01:04.0064 4312 sysaudio - ok
22:01:04.0126 4312 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:01:04.0142 4312 Tcpip - ok
22:01:04.0189 4312 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:01:04.0189 4312 TDPIPE - ok
22:01:04.0204 4312 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:01:04.0204 4312 TDTCP - ok
22:01:04.0251 4312 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:01:04.0251 4312 TermDD - ok
22:01:04.0298 4312 TosIde - ok
22:01:04.0345 4312 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:01:04.0345 4312 Udfs - ok
22:01:04.0361 4312 ultra - ok
22:01:04.0392 4312 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:01:04.0392 4312 Update - ok
22:01:04.0454 4312 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:01:04.0454 4312 usbccgp - ok
22:01:04.0470 4312 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:01:04.0486 4312 usbehci - ok
22:01:04.0486 4312 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:01:04.0486 4312 usbhub - ok
22:01:04.0548 4312 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:01:04.0548 4312 usbprint - ok
22:01:04.0595 4312 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:01:04.0595 4312 usbscan - ok
22:01:04.0611 4312 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:01:04.0626 4312 usbstor - ok
22:01:04.0642 4312 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:01:04.0657 4312 usbuhci - ok
22:01:04.0673 4312 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:01:04.0673 4312 VgaSave - ok
22:01:04.0689 4312 ViaIde - ok
22:01:04.0704 4312 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:01:04.0704 4312 VolSnap - ok
22:01:04.0736 4312 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:01:04.0736 4312 Wanarp - ok
22:01:04.0736 4312 WDICA - ok
22:01:04.0767 4312 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:01:04.0767 4312 wdmaud - ok
22:01:04.0829 4312 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:01:04.0861 4312 winachsf - ok
22:01:04.0907 4312 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:01:04.0907 4312 WS2IFSL - ok
22:01:04.0954 4312 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:01:04.0954 4312 WudfPf - ok
22:01:04.0970 4312 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:01:04.0970 4312 WudfRd - ok
22:01:04.0986 4312 yeddef - ok
22:01:05.0001 4312 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:01:05.0142 4312 \Device\Harddisk0\DR0 - ok
22:01:05.0157 4312 Boot (0x1200) (488aa96d62da73bff95f26dc5b1dba80) \Device\Harddisk0\DR0\Partition0
22:01:05.0157 4312 \Device\Harddisk0\DR0\Partition0 - ok
22:01:05.0189 4312 Boot (0x1200) (9c406703840cc9aecc79906ef81250e1) \Device\Harddisk0\DR0\Partition1
22:01:05.0189 4312 \Device\Harddisk0\DR0\Partition1 - ok
22:01:05.0189 4312 ============================================================
22:01:05.0189 4312 Scan finished
22:01:05.0189 4312 ============================================================
22:01:05.0204 4316 Detected object count: 0
22:01:05.0204 4316 Actual detected object count: 0



Here is the aswMBR log:
aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-26 22:09:18
-----------------------------
22:09:18.282 OS Version: Windows 5.1.2600 Service Pack 3
22:09:18.282 Number of processors: 2 586 0x409
22:09:18.282 ComputerName: NEWUSER UserName: user
22:09:19.751 Initialize success
22:11:06.626 AVAST engine defs: 12022604
22:11:27.611 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
22:11:27.611 Disk 0 Vendor: WDC_WD1600JS-75NCB2 10.02E03 Size: 152587MB BusType: 3
22:11:27.626 Disk 0 MBR read successfully
22:11:27.626 Disk 0 MBR scan
22:11:27.673 Disk 0 Windows XP default MBR code
22:11:27.673 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 31 MB offset 63
22:11:27.704 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 109670 MB offset 64260
22:11:27.720 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 38130 MB offset 224669025
22:11:27.736 Disk 0 Partition 4 00 DB CP/M / CTOS MSDOS5.0 4753 MB offset 302760990
22:11:27.751 Disk 0 scanning sectors +312496380
22:11:27.829 Disk 0 scanning C:\WINDOWS\system32\drivers
22:11:38.767 Service scanning
22:11:52.782 Modules scanning
22:11:58.970 Disk 0 trace - called modules:
22:11:59.032 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
22:11:59.032 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d5fab8]
22:11:59.032 3 CLASSPNP.SYS[f75befd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x86d98d98]
22:11:59.907 AVAST engine scan C:\WINDOWS
22:12:20.939 AVAST engine scan C:\WINDOWS\system32
22:15:09.454 AVAST engine scan C:\WINDOWS\system32\drivers
22:15:26.173 AVAST engine scan C:\Documents and Settings\user
22:23:59.392 AVAST engine scan C:\Documents and Settings\All Users
22:24:29.579 Scan finished successfully
22:33:29.845 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\Desktop\MBR.dat"
22:33:29.845 The log file has been saved successfully to "C:\Documents and Settings\user\Desktop\aswMBR.txt"

Thank you for taking the time to do this!!!

JD3

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:45 PM

Posted 27 February 2012 - 02:36 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:45 PM

Posted 02 March 2012 - 12:07 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:45 PM

Posted 05 March 2012 - 01:36 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:45 PM

Posted 11 March 2012 - 08:25 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:45 PM

Posted 11 March 2012 - 08:30 PM

This topic has been re-opened at the request of the person who originally posted.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 JD3

JD3
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 13 March 2012 - 12:26 AM

Gringo,

Thank you for reopening the topic. It tried to drag the CFScript into Combofix.exe but then this showed up (please see attached screen shots). Said no at first and did it again. Then said yes. Icon disappeared to the right, nothing opened, nothing else happened. Combofix icon didn’t return.

Should I go back and reload Combofix from the original site?

Cynda

Attached Files



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:45 PM

Posted 13 March 2012 - 12:45 AM

go ahead and delete the old one and download a new one from here


Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 JD3

JD3
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 14 March 2012 - 04:58 PM

Hi Gringo,

Here is the Combofix log from the scan I just did:

ComboFix 12-03-14.01 - user 03/14/2012 14:41:31.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.478 [GMT -7:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-14 to 2012-03-14 )))))))))))))))))))))))))))))))
.
.
2012-02-15 06:27 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 06:27 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 16:53 . 2004-08-10 11:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-19 08:53 . 2006-03-04 03:33 667136 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:53 . 2004-08-10 11:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-12-19 08:53 . 2004-08-10 11:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-12-16 13:16 . 2004-08-10 11:00 369664 ----a-w- c:\windows\system32\html.iec
2011-09-10 00:21 . 2011-09-10 00:21 28472 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2011-09-10 00:21 . 2011-09-10 00:21 185224 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2011-09-10 00:21 . 2011-09-10 00:21 99208 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2012-02-25 19:48 . 2011-11-12 03:35 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-21_01.34.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-14 21:08 . 2012-03-14 21:08 16384 c:\windows\Temp\Perflib_Perfdata_26c.dat
- 2004-08-10 11:00 . 2011-11-01 20:35 37888 c:\windows\system32\url.dll
+ 2004-08-10 11:00 . 2011-12-19 08:53 37888 c:\windows\system32\url.dll
+ 2012-03-11 04:05 . 2009-02-27 11:42 66440 c:\windows\system32\spool\drivers\w32x86\msonpui.dll
+ 2010-07-15 01:20 . 2009-02-27 11:42 66440 c:\windows\system32\spool\drivers\w32x86\3\msonpui.dll
+ 2011-10-12 12:43 . 2010-07-05 13:15 17272 c:\windows\system32\spmsg.dll
- 2011-10-12 12:43 . 2010-12-21 19:36 17272 c:\windows\system32\spmsg.dll
+ 2004-08-10 11:00 . 2012-03-11 23:46 71488 c:\windows\system32\perfc009.dat
+ 2004-08-10 11:00 . 2011-11-18 12:35 60416 c:\windows\system32\packager.exe
+ 2010-07-15 01:21 . 2009-02-27 11:42 31640 c:\windows\system32\msonpmon.dll
+ 2004-08-10 11:00 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll
- 2004-08-10 11:00 . 2008-04-14 00:11 23040 c:\windows\system32\mciseq.dll
- 2011-06-21 18:18 . 2011-11-01 20:35 37888 c:\windows\system32\dllcache\url.dll
+ 2011-06-21 18:18 . 2011-12-19 08:53 37888 c:\windows\system32\dllcache\url.dll
+ 2011-11-18 12:35 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe
+ 2011-10-14 14:47 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll
- 2004-08-10 11:00 . 2011-11-01 20:35 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-10 11:00 . 2011-12-19 08:53 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2011-12-25 11:49 . 2011-12-25 11:49 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2011-12-25 19:07 . 2011-12-25 19:07 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2011-07-08 21:00 . 2011-07-08 21:00 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2011-07-07 19:04 . 2011-07-07 19:04 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2011-12-25 06:55 . 2011-12-25 06:55 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2011-12-25 06:55 . 2011-12-25 06:55 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2011-07-07 19:04 . 2011-07-07 19:04 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2011-12-25 06:55 . 2011-12-25 06:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2011-07-07 19:03 . 2011-07-07 19:03 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2011-07-07 20:09 . 2011-07-07 20:09 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2011-12-25 07:49 . 2011-12-25 07:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2011-07-07 20:09 . 2011-07-07 20:09 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2011-12-25 07:49 . 2011-12-25 07:49 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2010-07-15 01:21 . 2011-12-14 06:41 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-07-15 01:21 . 2012-03-11 04:05 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-07-15 01:21 . 2011-12-14 06:41 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-07-15 01:21 . 2012-03-11 04:05 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-07-15 01:21 . 2011-12-14 06:41 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-07-15 01:21 . 2012-03-11 04:05 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-06-26 03:38 . 2011-10-13 03:06 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-06-26 03:38 . 2012-02-16 08:57 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2009-02-26 20:09 . 2009-02-26 20:09 10120 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\XLCALL32.DLL
+ 2009-02-27 01:43 . 2009-02-27 01:43 71520 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\XL12CNVP.DLL
+ 2009-02-27 00:45 . 2009-02-27 00:45 20808 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\WRD12EXE.EXE
+ 2006-07-24 17:50 . 2006-07-24 17:50 47920 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\VBAME.DLL
+ 2009-02-26 22:24 . 2009-02-26 22:24 71536 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\ONFILTER.DLL
+ 2009-02-26 22:24 . 2009-02-26 22:24 97680 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\ONENOTEM.EXE
+ 2006-07-24 17:50 . 2006-07-24 17:50 92976 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\MSADDNDR.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 56192 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACECNFLT.EXE
+ 2012-02-02 22:48 . 2012-02-02 22:48 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_5164e63b\System.Drawing.Design.dll
+ 2012-02-02 22:48 . 2012-02-02 22:48 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_c5aa4aab\CustomMarshalers.dll
+ 2012-02-25 20:38 . 2012-02-25 20:38 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\dab766b18e6fe0a8f53a93c56be7b40e\System.Windows.Presentation.ni.dll
+ 2012-02-25 20:37 . 2012-02-25 20:37 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\31b65443e56a470d199f293085576e05\System.Web.DynamicData.Design.ni.dll
+ 2012-02-25 20:35 . 2012-02-25 20:35 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\89dfd3999ad1d72c59243d7b4bf40d5a\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-16 07:08 . 2012-02-16 07:08 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3aa4296d4aa01fe0533de2c15f818d5f\PresentationFontCache.ni.exe
+ 2012-02-16 07:07 . 2012-02-16 07:07 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\820acb71782d9cd006800b3ac7e1ca53\PresentationCFFRasterizer.ni.dll
+ 2012-02-25 20:37 . 2012-02-25 20:37 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\d07f0222f62dbed7898a6e2e909d407a\Microsoft.Vsa.ni.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-02-02 22:47 . 2012-02-02 22:47 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-10-13 03:01 . 2011-10-13 03:01 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-03-11 04:04 . 2012-03-11 04:04 11144 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
+ 2012-03-11 04:04 . 2012-03-11 04:04 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
- 2010-07-17 03:02 . 2010-07-17 03:02 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2012-02-02 22:48 . 2008-04-14 00:11 23040 c:\windows\$NtUninstallKB2598479$\mciseq.dll
+ 2012-02-02 22:43 . 2008-04-14 00:12 58368 c:\windows\$NtUninstallKB2584146$\packager.exe
+ 2012-02-02 22:51 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2646524\update\spcustom.dll
+ 2012-02-02 22:51 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2646524\spmsg.dll
+ 2012-02-02 22:51 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2631813\update\spcustom.dll
+ 2012-02-02 22:51 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2631813\spmsg.dll
+ 2012-02-02 22:43 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2603381\update\spcustom.dll
+ 2012-02-02 22:43 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2603381\spmsg.dll
+ 2012-02-02 22:48 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2598479\update\spcustom.dll
+ 2012-02-02 22:48 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2598479\spmsg.dll
+ 2011-10-14 14:45 . 2011-10-14 14:45 23040 c:\windows\$hf_mig$\KB2598479\SP3QFE\mciseq.dll
+ 2012-02-02 22:51 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2585542\update\spcustom.dll
+ 2012-02-02 22:51 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2585542\spmsg.dll
+ 2012-02-02 22:43 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2584146\update\spcustom.dll
+ 2012-02-02 22:43 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2584146\spmsg.dll
+ 2011-11-18 12:41 . 2011-11-18 12:41 60416 c:\windows\$hf_mig$\KB2584146\SP3QFE\packager.exe
+ 2012-02-15 10:50 . 2012-02-15 10:50 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-10-20 07:59 . 2011-10-20 07:59 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-02-02 22:13 . 2011-11-03 18:17 4608 c:\windows\$hf_mig$\KB2603381\update\customaddreg.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2004-08-10 11:00 . 2011-11-25 21:57 293376 c:\windows\system32\winsrv.dll
- 2004-08-10 11:00 . 2011-06-20 17:44 293376 c:\windows\system32\winsrv.dll
- 2004-08-10 11:00 . 2008-04-14 00:12 176128 c:\windows\system32\winmm.dll
+ 2004-08-10 11:00 . 2011-10-14 14:47 176128 c:\windows\system32\winmm.dll
+ 2004-08-10 11:00 . 2011-11-16 14:21 354816 c:\windows\system32\winhttp.dll
- 2004-08-10 11:00 . 2009-08-25 09:17 354816 c:\windows\system32\winhttp.dll
+ 2006-03-18 11:09 . 2011-12-19 08:53 633344 c:\windows\system32\urlmon.dll
- 2006-03-18 11:09 . 2011-11-01 20:35 633344 c:\windows\system32\urlmon.dll
+ 2012-03-11 04:05 . 2009-02-27 11:42 863128 c:\windows\system32\spool\drivers\w32x86\msonpdrv.dll
+ 2010-07-15 01:20 . 2009-02-27 11:42 863128 c:\windows\system32\spool\drivers\w32x86\3\msonpdrv.dll
+ 2004-08-10 11:00 . 2011-11-16 14:21 152064 c:\windows\system32\schannel.dll
- 2004-08-10 11:00 . 2008-04-14 00:12 386048 c:\windows\system32\qdvd.dll
+ 2004-08-10 11:00 . 2011-11-03 15:28 386048 c:\windows\system32\qdvd.dll
+ 2004-08-10 11:00 . 2012-03-11 23:46 441552 c:\windows\system32\perfh009.dat
- 2006-03-04 03:33 . 2011-11-01 20:35 532480 c:\windows\system32\mstime.dll
+ 2006-03-04 03:33 . 2011-12-19 08:53 532480 c:\windows\system32\mstime.dll
+ 2006-03-04 03:33 . 2011-12-19 08:53 449536 c:\windows\system32\mshtmled.dll
- 2006-03-04 03:33 . 2011-11-01 20:35 449536 c:\windows\system32\mshtmled.dll
- 2006-03-04 03:33 . 2011-11-01 20:35 251904 c:\windows\system32\iepeers.dll
+ 2006-03-04 03:33 . 2011-12-19 08:53 251904 c:\windows\system32\iepeers.dll
- 2010-06-10 13:39 . 2011-12-15 05:50 539240 c:\windows\system32\FNTCACHE.DAT
+ 2010-06-10 13:39 . 2012-02-16 07:06 539240 c:\windows\system32\FNTCACHE.DAT
- 2010-06-18 17:45 . 2011-06-20 17:44 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2010-06-18 17:45 . 2011-11-25 21:57 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2011-10-14 14:47 . 2011-10-14 14:47 176128 c:\windows\system32\dllcache\winmm.dll
+ 2010-04-16 16:09 . 2011-12-19 08:53 667136 c:\windows\system32\dllcache\wininet.dll
- 2010-04-16 16:09 . 2011-11-01 20:35 667136 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:30 . 2011-11-16 14:21 354816 c:\windows\system32\dllcache\winhttp.dll
- 2008-12-16 12:30 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
- 2010-04-16 16:09 . 2011-11-01 20:35 633344 c:\windows\system32\dllcache\urlmon.dll
+ 2010-04-16 16:09 . 2011-12-19 08:53 633344 c:\windows\system32\dllcache\urlmon.dll
+ 2008-12-05 06:54 . 2011-11-16 14:21 152064 c:\windows\system32\dllcache\schannel.dll
+ 2011-11-03 15:28 . 2011-11-03 15:28 386048 c:\windows\system32\dllcache\qdvd.dll
- 2010-11-05 05:05 . 2011-11-01 20:35 532480 c:\windows\system32\dllcache\mstime.dll
+ 2010-11-05 05:05 . 2011-12-19 08:53 532480 c:\windows\system32\dllcache\mstime.dll
+ 2010-09-09 14:16 . 2011-12-19 08:53 449536 c:\windows\system32\dllcache\mshtmled.dll
- 2010-09-09 14:16 . 2011-11-01 20:35 449536 c:\windows\system32\dllcache\mshtmled.dll
+ 2010-04-16 16:09 . 2011-12-19 08:53 251904 c:\windows\system32\dllcache\iepeers.dll
- 2010-04-16 16:09 . 2011-11-01 20:35 251904 c:\windows\system32\dllcache\iepeers.dll
+ 2011-12-25 11:49 . 2011-12-25 11:49 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2011-12-25 06:55 . 2011-12-25 06:55 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2011-07-07 19:04 . 2011-07-07 19:04 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2011-12-25 06:53 . 2011-12-25 06:53 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2011-07-07 19:01 . 2011-07-07 19:01 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2011-12-25 07:49 . 2011-12-25 07:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2011-07-07 20:09 . 2011-07-07 20:09 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2011-12-25 13:40 . 2011-12-25 13:40 819200 c:\windows\Installer\1f6f19.msp
- 2010-07-15 01:21 . 2011-12-14 06:41 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-07-15 01:21 . 2012-03-11 04:05 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-07-15 01:21 . 2012-03-11 04:05 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2010-07-15 01:21 . 2011-12-14 06:41 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-07-15 01:21 . 2012-03-11 04:05 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2010-07-15 01:21 . 2011-12-14 06:41 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2010-07-15 01:21 . 2011-12-14 06:41 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-07-15 01:21 . 2012-03-11 04:05 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2012-03-11 04:01 . 2012-03-11 04:01 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2010-07-17 03:01 . 2010-07-17 03:01 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2007-06-08 02:51 . 2007-06-08 02:51 465800 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\OUTLFLTR.DLL
+ 2008-03-19 13:27 . 2008-03-19 13:27 661536 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\OGALEGIT.DLL
+ 2006-07-24 17:50 . 2006-07-24 17:50 125744 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\MSSTDFMT.DLL
+ 2008-10-25 13:18 . 2008-10-25 13:18 172880 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\IEAWSDC.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 764800 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACECNF.DLL
+ 2005-08-05 20:06 . 2011-11-02 17:25 107008 c:\windows\ehome\mstvcapn.dll
+ 2012-02-02 22:48 . 2012-02-02 22:48 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_49825cda\System.Drawing.dll
+ 2012-02-02 22:49 . 2012-02-02 22:49 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_8b67124d\System.Drawing.Design.dll
+ 2012-02-02 22:49 . 2012-02-02 22:49 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_875c95a7\CustomMarshalers.dll
+ 2012-02-25 20:35 . 2012-02-25 20:35 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\edc5691acfb65ac37f49de2ec497083a\WsatConfig.ni.exe
+ 2012-02-16 07:11 . 2012-02-16 07:11 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\4ad8369d6a60765d7e9b43cdf9023f41\WindowsFormsIntegration.ni.dll
+ 2012-02-16 07:11 . 2012-02-16 07:11 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\68f4157e570c77df653057c0583395bd\UIAutomationClient.ni.dll
+ 2012-02-25 20:38 . 2012-02-25 20:38 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c2a12bd4056b44f8005a7eb3af161e6a\System.Xml.Linq.ni.dll
+ 2012-02-25 20:37 . 2012-02-25 20:37 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\fc63b434b2f253cd27625487f7b02ac0\System.Web.Routing.ni.dll
+ 2012-02-25 20:38 . 2012-02-25 20:38 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\67877f896b2b0e42286e838fe307f3fd\System.Web.RegularExpressions.ni.dll
+ 2012-02-25 20:37 . 2012-02-25 20:37 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\86650d4fb220f94f25bb5da42a03d454\System.Web.Extensions.Design.ni.dll
+ 2012-02-25 20:37 . 2012-02-25 20:37 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\654465871e547e131668874de7c60b8c\System.Web.Entity.ni.dll
+ 2012-02-25 20:37 . 2012-02-25 20:37 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f0d6895f6e709d425cb5da6053c603d2\System.Web.Entity.Design.ni.dll
+ 2012-02-25 20:37 . 2012-02-25 20:37 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3f3b7dc7208e302e39a2dfb5b2cb953b\System.Web.DynamicData.ni.dll
+ 2012-02-25 20:37 . 2012-02-25 20:37 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\e9cddd213343f15d611b14620d649bb0\System.Web.Abstractions.ni.dll
+ 2012-02-25 20:37 . 2012-02-25 20:37 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f25d114cb629d1f512f98883c6535a75\System.Transactions.ni.dll
+ 2012-02-25 20:37 . 2012-02-25 20:37 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
+ 2012-02-25 20:35 . 2012-02-25 20:35 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\5fb9981f4147b537b53be9d58bf4e9b4\System.Security.ni.dll
+ 2012-02-25 20:37 . 2012-02-25 20:37 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1335dd98ce5ce22ad1f51cc274ca5a1d\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-25 20:37 . 2012-02-25 20:37 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\a4b2b1ee81acd843970d9a81b281f1c1\System.Net.ni.dll
+ 2012-02-25 20:37 . 2012-02-25 20:37 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
+ 2012-02-25 20:37 . 2012-02-25 20:37 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e3436edde657a5111d39d5b2eecf9715\System.Management.Instrumentation.ni.dll
+ 2012-02-25 20:34 . 2012-02-25 20:34 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\974ded7dd3bca225a1b90de778846c78\System.IO.Log.ni.dll
+ 2012-02-25 20:34 . 2012-02-25 20:34 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\01eba24390736a59c39becd825b5756e\System.IdentityModel.Selectors.ni.dll
+ 2012-02-25 20:37 . 2012-02-25 20:37 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.Wrapper.dll
+ 2012-02-25 20:37 . 2012-02-25 20:37 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.ni.dll
+ 2012-02-16 07:10 . 2012-02-16 07:10 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\e9ae7ae6d1e9edc7aaf819889cd1c692\System.Drawing.Design.ni.dll
+ 2012-02-25 20:37 . 2012-02-25 20:37 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\78a370dc153011708dd9e4cb0e606bfc\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-25 20:37 . 2012-02-25 20:37 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\6e644fc7464d9fe23fc9cd6001296f2f\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-25 20:37 . 2012-02-25 20:37 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\bac39be66bb9f987c1948b766833f8e6\System.Data.Services.Client.ni.dll
+ 2012-02-25 20:37 . 2012-02-25 20:37 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\2b5ecd231320e57010043c408783d80b\System.Data.Services.Design.ni.dll
+ 2012-02-25 20:36 . 2012-02-25 20:36 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\4ac9ac2326720485aefd4d79d2024945\System.Data.Entity.Design.ni.dll
+ 2012-02-25 20:35 . 2012-02-25 20:35 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\d504d550fd0a6994fcb1466ea7be92af\System.Data.DataSetExtensions.ni.dll
+ 2012-02-25 20:35 . 2012-02-25 20:35 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
+ 2012-02-25 20:37 . 2012-02-25 20:37 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\28637135c6939e74450bbbf110b12643\System.Configuration.Install.ni.dll
+ 2012-02-25 20:35 . 2012-02-25 20:35 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\958b5c0114d664ab5ba72575c301e2ea\System.AddIn.ni.dll
+ 2012-02-25 20:35 . 2012-02-25 20:35 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\4dcff3b0e79fc27e31549bb2af00efb5\SMSvcHost.ni.exe
+ 2012-02-25 20:35 . 2012-02-25 20:35 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\bd3bfd5b6ef659dac4d6cccb34577d33\SMDiagnostics.ni.dll
+ 2012-02-25 20:35 . 2012-02-25 20:35 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\edec83be646eb52204c991371751a428\ServiceModelReg.ni.exe
+ 2012-02-16 07:09 . 2012-02-16 07:09 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\52015457bc28e7a9a563d9eab8ab0015\PresentationFramework.Royale.ni.dll
+ 2012-02-16 07:09 . 2012-02-16 07:09 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\46a680814559114706a33282e9df4b7a\PresentationFramework.Classic.ni.dll
+ 2012-02-16 07:09 . 2012-02-16 07:09 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2713754549b1114c9152d33efe5f72c7\PresentationFramework.Aero.ni.dll
+ 2012-02-16 07:09 . 2012-02-16 07:09 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1552f18ca434c1dca6d082df476d089a\PresentationFramework.Luna.ni.dll
+ 2012-02-25 20:35 . 2012-02-25 20:35 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7c51497b188c82e2ccbe6315549ce023\MSBuild.ni.exe
+ 2012-02-25 20:35 . 2012-02-25 20:35 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f0f6dd614d294295c5d8386cc4192034\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-25 20:35 . 2012-02-25 20:35 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\fd1338828beec8737fed8f50f4fcc567\Microsoft.Build.Utilities.ni.dll
+ 2012-02-25 20:35 . 2012-02-25 20:35 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\0d5f999c4b7e51151548c37c676c1b8e\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-02-25 20:35 . 2012-02-25 20:35 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\792168ce8fe03a3db43e12cf736cf91e\Microsoft.Build.Engine.ni.dll
+ 2012-02-25 20:35 . 2012-02-25 20:35 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\0a5277c34ddc1f55df1defb4231e814f\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-02-25 20:35 . 2012-02-25 20:35 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a8df37aadb089f1f34d3d2f103966fbc\ComSvcConfig.ni.exe
+ 2012-02-25 20:34 . 2012-02-25 20:34 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\25ce400b547f517258c8afb0480390ea\AspNetMMCExt.ni.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-03-11 04:04 . 2012-03-11 04:04 870256 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
- 2010-07-17 03:03 . 2010-07-17 03:03 870256 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2012-03-11 04:04 . 2012-03-11 04:04 149368 c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2012-02-02 22:51 . 2011-06-20 17:44 293376 c:\windows\$NtUninstallKB2646524$\winsrv.dll
+ 2012-02-02 22:51 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2646524$\spuninst\updspapi.dll
+ 2012-02-02 22:51 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2646524$\spuninst\spuninst.exe
+ 2012-02-02 22:51 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2631813$\spuninst\updspapi.dll
+ 2012-02-02 22:51 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2631813$\spuninst\spuninst.exe
+ 2012-02-02 22:51 . 2008-04-14 00:12 386048 c:\windows\$NtUninstallKB2631813$\qdvd.dll
+ 2012-02-02 22:42 . 2010-12-21 19:36 382840 c:\windows\$NtUninstallKB2628259$\spuninst\updspapi.dll
+ 2012-02-02 22:42 . 2010-12-21 19:36 231288 c:\windows\$NtUninstallKB2628259$\spuninst\spuninst.exe
+ 2012-02-02 22:42 . 2005-08-05 20:06 105984 c:\windows\$NtUninstallKB2628259$\mstvcapn.dll
+ 2012-02-02 22:43 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2603381$\spuninst\updspapi.dll
+ 2012-02-02 22:43 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2603381$\spuninst\spuninst.exe
+ 2012-02-02 22:48 . 2008-04-14 00:12 176128 c:\windows\$NtUninstallKB2598479$\winmm.dll
+ 2012-02-02 22:48 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2598479$\spuninst\updspapi.dll
+ 2012-02-02 22:48 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2598479$\spuninst\spuninst.exe
+ 2012-02-02 22:51 . 2009-08-25 09:17 354816 c:\windows\$NtUninstallKB2585542$\winhttp.dll
+ 2012-02-02 22:51 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2585542$\spuninst\updspapi.dll
+ 2012-02-02 22:51 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2585542$\spuninst\spuninst.exe
+ 2012-02-02 22:51 . 2011-04-29 17:25 151552 c:\windows\$NtUninstallKB2585542$\schannel.dll
+ 2012-02-02 22:43 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2584146$\spuninst\updspapi.dll
+ 2012-02-02 22:43 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2584146$\spuninst\spuninst.exe
+ 2012-02-02 22:51 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2646524\update\updspapi.dll
+ 2012-02-02 22:51 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2646524\update\update.exe
+ 2012-02-02 22:51 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2646524\spuninst.exe
+ 2011-11-25 21:56 . 2011-11-25 21:56 293376 c:\windows\$hf_mig$\KB2646524\SP3QFE\winsrv.dll
+ 2012-02-02 22:51 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2631813\update\updspapi.dll
+ 2012-02-02 22:51 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2631813\update\update.exe
+ 2012-02-02 22:51 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2631813\spuninst.exe
+ 2011-11-03 15:27 . 2011-11-03 15:27 386048 c:\windows\$hf_mig$\KB2631813\SP3QFE\qdvd.dll
+ 2012-02-02 22:43 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2603381\update\updspapi.dll
+ 2012-02-02 22:43 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2603381\update\update.exe
+ 2012-02-02 22:43 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2603381\spuninst.exe
+ 2012-02-02 22:48 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2598479\update\updspapi.dll
+ 2012-02-02 22:48 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2598479\update\update.exe
+ 2012-02-02 22:48 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2598479\spuninst.exe
+ 2011-10-14 14:45 . 2011-10-14 14:45 176128 c:\windows\$hf_mig$\KB2598479\SP3QFE\winmm.dll
+ 2012-02-02 22:51 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2585542\update\updspapi.dll
+ 2012-02-02 22:51 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2585542\update\update.exe
+ 2012-02-02 22:51 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2585542\spuninst.exe
+ 2011-11-16 14:20 . 2011-11-16 14:20 354816 c:\windows\$hf_mig$\KB2585542\SP3QFE\winhttp.dll
+ 2011-11-16 14:20 . 2011-11-16 14:20 152064 c:\windows\$hf_mig$\KB2585542\SP3QFE\schannel.dll
+ 2012-02-02 22:43 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2584146\update\updspapi.dll
+ 2012-02-02 22:43 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2584146\update\update.exe
+ 2012-02-02 22:43 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2584146\spuninst.exe
+ 2006-03-30 09:16 . 2011-12-19 08:53 1510400 c:\windows\system32\shdocvw.dll
- 2006-03-30 09:16 . 2011-11-01 20:35 1510400 c:\windows\system32\shdocvw.dll
+ 2004-08-10 11:00 . 2011-11-03 15:28 1292288 c:\windows\system32\quartz.dll
- 2006-03-23 17:32 . 2011-11-03 15:51 3087360 c:\windows\system32\mshtml.dll
+ 2006-03-23 17:32 . 2011-12-19 08:53 3087360 c:\windows\system32\mshtml.dll
+ 2011-07-07 10:28 . 2011-07-07 10:28 1193320 c:\windows\system32\FM20.DLL
+ 2010-05-02 05:22 . 2012-01-12 16:53 1859968 c:\windows\system32\dllcache\win32k.sys
+ 2010-04-16 16:09 . 2011-12-19 08:53 1510400 c:\windows\system32\dllcache\shdocvw.dll
- 2010-04-16 16:09 . 2011-11-01 20:35 1510400 c:\windows\system32\dllcache\shdocvw.dll
+ 2010-06-11 01:07 . 2011-11-03 15:28 1292288 c:\windows\system32\dllcache\quartz.dll
+ 2010-04-16 16:09 . 2011-12-19 08:53 3087360 c:\windows\system32\dllcache\mshtml.dll
- 2010-04-16 16:09 . 2011-11-03 15:51 3087360 c:\windows\system32\dllcache\mshtml.dll
- 2010-04-16 16:09 . 2011-11-01 20:35 1025024 c:\windows\system32\dllcache\browseui.dll
+ 2010-04-16 16:09 . 2011-12-19 08:53 1025024 c:\windows\system32\dllcache\browseui.dll
+ 2006-03-04 03:33 . 2011-12-19 08:53 1025024 c:\windows\system32\browseui.dll
- 2006-03-04 03:33 . 2011-11-01 20:35 1025024 c:\windows\system32\browseui.dll
+ 2011-12-25 11:50 . 2011-12-25 11:50 5246976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2011-10-26 11:39 . 2011-10-26 11:39 3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-12-25 19:07 . 2011-12-25 19:07 2064384 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2011-12-25 19:06 . 2011-12-25 19:06 1269760 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2011-07-08 20:59 . 2011-07-08 20:59 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2011-12-25 19:06 . 2011-12-25 19:06 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2011-12-25 06:54 . 2011-12-25 06:54 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2011-07-07 19:02 . 2011-07-07 19:02 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2011-12-25 06:53 . 2011-12-25 06:53 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2011-07-07 19:02 . 2011-07-07 19:02 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2011-07-08 20:59 . 2011-07-08 20:59 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2011-12-25 19:06 . 2011-12-25 19:06 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2011-10-31 06:54 . 2011-10-31 06:54 2748416 c:\windows\Installer\f18e86.msp
+ 2011-12-26 17:59 . 2011-12-26 17:59 4368896 c:\windows\Installer\1f6ef8.msp
+ 2011-09-16 02:40 . 2011-09-16 02:40 7959552 c:\windows\Installer\1044b5e.msp
- 2010-07-15 01:21 . 2011-12-14 06:41 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-07-15 01:21 . 2012-03-11 04:05 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-10-10 06:10 . 2009-10-10 06:10 2594632 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\VBE6.DLL
+ 2006-10-27 03:25 . 2006-10-27 03:25 2172688 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\PSRCHFEA.DLL
+ 2012-02-02 22:48 . 2012-02-02 22:48 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_e845afa7\System.dll
+ 2012-02-02 22:49 . 2012-02-02 22:49 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_d24b2ef5\System.dll
+ 2012-02-02 22:49 . 2012-02-02 22:49 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_dc9b1ae6\System.Xml.dll
+ 2012-02-02 22:48 . 2012-02-02 22:48 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_4ba728ae\System.Xml.dll
+ 2012-02-02 22:49 . 2012-02-02 22:49 7917568 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_79ddbde2\System.Windows.Forms.dll
+ 2012-02-02 22:48 . 2012-02-02 22:48 3035136 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_494d1c24\System.Windows.Forms.dll
+ 2012-02-02 22:49 . 2012-02-02 22:49 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_737d6081\System.Drawing.dll
+ 2012-02-02 22:49 . 2012-02-02 22:49 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_ca827e83\System.Design.dll
+ 2012-02-02 22:48 . 2012-02-02 22:48 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_377cf1b3\System.Design.dll
+ 2012-02-02 22:48 . 2012-02-02 22:48 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_aa7efb6d\mscorlib.dll
+ 2012-02-02 22:49 . 2012-02-02 22:49 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_7644099e\mscorlib.dll
+ 2012-02-16 07:07 . 2012-02-16 07:07 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\174c2f776741812aed02c337bbcd1dae\WindowsBase.ni.dll
+ 2012-02-16 07:11 . 2012-02-16 07:11 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\94f5164ff4f664c5e4e7fb4c3af1abad\UIAutomationClientsideProviders.ni.dll
+ 2012-02-16 07:07 . 2012-02-16 07:07 7953408 c:\windows\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
+ 2012-02-16 07:11 . 2012-02-16 07:11 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
+ 2012-02-25 20:38 . 2012-02-25 20:38 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\c4c671c737b553db8e07664816475333\System.WorkflowServices.ni.dll
+ 2012-02-25 20:38 . 2012-02-25 20:38 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\248ea47105ff4af6ee75e6fdd5b450a1\System.Workflow.Runtime.ni.dll
+ 2012-02-25 20:38 . 2012-02-25 20:38 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\80a288b6611668160334668cc2608e4a\System.Workflow.ComponentModel.ni.dll
+ 2012-02-25 20:38 . 2012-02-25 20:38 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\4c27548df5897320840ee0d65db38742\System.Workflow.Activities.ni.dll
+ 2012-02-25 20:38 . 2012-02-25 20:38 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e9ba004858dcdb5958d86f26f043f85a\System.Web.Services.ni.dll
+ 2012-02-25 20:38 . 2012-02-25 20:38 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\030cde14924eefebc06c240dbfe093a4\System.Web.Mobile.ni.dll
+ 2012-02-25 20:37 . 2012-02-25 20:37 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6379c8ca8ae11effb415139990923ff1\System.Web.Extensions.ni.dll
+ 2012-02-16 07:10 . 2012-02-16 07:10 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\e456140d5d6c43d7383bd36d3f9e12c6\System.Speech.ni.dll
+ 2012-02-25 20:37 . 2012-02-25 20:37 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\285dfbf2380436e187cb624bd1cd4683\System.ServiceModel.Web.ni.dll
+ 2012-02-25 20:34 . 2012-02-25 20:34 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f2532204217dc10f152afd077b09927c\System.Runtime.Serialization.ni.dll
+ 2012-02-16 07:10 . 2012-02-16 07:10 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\d51e6bb07124a1d780d1e024858e0dc1\System.Printing.ni.dll
+ 2012-02-25 20:34 . 2012-02-25 20:34 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\8ef05061cd205c4f2a8583d97f32a603\System.IdentityModel.ni.dll
+ 2012-02-16 07:10 . 2012-02-16 07:10 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
+ 2012-02-25 20:37 . 2012-02-25 20:37 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\77d0e93f024055d04c07cc2700b4c590\System.DirectoryServices.ni.dll
+ 2012-02-25 20:37 . 2012-02-25 20:37 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\707a05a7d5a8d99dd56d1d50311a60d2\System.Deployment.ni.dll
+ 2012-02-16 07:09 . 2012-02-16 07:09 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll
+ 2012-02-25 20:35 . 2012-02-25 20:35 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\857300fa64d09c69125451fd8894f3da\System.Data.SqlXml.ni.dll
+ 2012-02-25 20:36 . 2012-02-25 20:36 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\e9d4a1fb13572c769ddd9b86e55baab4\System.Data.Services.ni.dll
+ 2012-02-16 07:10 . 2012-02-16 07:10 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3d9c33f71d15a3e2e240092a244eba3\System.Data.Linq.ni.dll
+ 2012-02-25 20:36 . 2012-02-25 20:36 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\424160369b301ccd1b6fd86265611955\System.Data.Entity.ni.dll
+ 2012-02-16 07:09 . 2012-02-16 07:09 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\0a6d6717e76be12295711ff02c7aa1d4\System.Core.ni.dll
+ 2012-02-16 07:09 . 2012-02-16 07:09 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\33cdfb4c322a528260016ac759230501\ReachFramework.ni.dll
+ 2012-02-16 07:09 . 2012-02-16 07:09 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a6def83aee1aaf3336675ce58ac09013\PresentationUI.ni.dll
+ 2012-02-16 07:07 . 2012-02-16 07:07 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\59cd6ce5a254006179eee92952cd2272\PresentationBuildTasks.ni.dll
+ 2012-02-25 20:35 . 2012-02-25 20:35 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\96e485c02ad346a2bd26a635e7fcb023\Microsoft.VisualBasic.ni.dll
+ 2012-02-25 20:35 . 2012-02-25 20:35 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f7071f9a1c0523540f6aa7f11c302fb6\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-25 20:37 . 2012-02-25 20:37 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\806b1d127ed3e906db972751e87585c4\Microsoft.JScript.ni.dll
+ 2012-02-25 20:35 . 2012-02-25 20:35 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\912789fd859e0887e10a935cade08e72\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-02-25 20:35 . 2012-02-25 20:35 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\6c1d3eec78906cc2a2ecffb013114c50\Microsoft.Build.Tasks.ni.dll
+ 2012-02-25 20:35 . 2012-02-25 20:35 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d6edd4b4619a9052d3dfe50c3067d5e0\Microsoft.Build.Engine.ni.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-10-20 07:50 . 2011-10-20 07:50 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-02-02 22:48 . 2012-02-02 22:48 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-10-20 07:59 . 2011-10-20 07:59 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-02-15 10:50 . 2012-02-15 10:50 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-02-02 22:47 . 2012-02-02 22:47 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2011-10-13 03:01 . 2011-10-13 03:01 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2012-02-02 22:47 . 2012-02-02 22:47 2064384 c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-02-02 22:47 . 2012-02-02 22:47 1269760 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-03-11 04:04 . 2012-03-11 04:04 1279864 c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2012-02-02 22:51 . 2010-02-05 18:27 1291776 c:\windows\$NtUninstallKB2631813$\quartz.dll
+ 2011-11-03 15:27 . 2011-11-03 15:27 1292288 c:\windows\$hf_mig$\KB2631813\SP3QFE\quartz.dll
+ 2010-07-15 02:48 . 2012-02-15 10:46 52550552 c:\windows\system32\MRT.exe
+ 2011-12-27 01:02 . 2011-12-27 01:02 12482048 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2656353\M2656353Uninstall.msp
+ 2012-02-16 08:56 . 2012-02-16 08:56 20333056 c:\windows\Installer\650be5.msp
+ 2011-12-26 17:02 . 2011-12-26 17:02 19677184 c:\windows\Installer\1f6f12.msp
+ 2011-09-16 02:39 . 2011-09-16 02:39 11163136 c:\windows\Installer\1044b54.msp
+ 2011-09-16 02:38 . 2011-09-16 02:38 10838528 c:\windows\Installer\1044b48.msp
+ 2011-09-16 02:37 . 2011-09-16 02:37 34428416 c:\windows\Installer\1044a16.msp
+ 2011-09-16 02:37 . 2011-09-16 02:37 16691712 c:\windows\Installer\1044a02.msp
+ 2012-02-16 07:11 . 2012-02-16 07:11 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
+ 2012-02-25 20:37 . 2012-02-25 20:37 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll
+ 2012-02-25 20:35 . 2012-02-25 20:35 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1cdcd6d97627d345d5ff446e6ec88b97\System.ServiceModel.ni.dll
+ 2012-02-16 07:10 . 2012-02-16 07:10 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\7c8f8fb506c32500acc1b6190d054f26\System.Design.ni.dll
+ 2012-02-16 07:08 . 2012-02-16 07:08 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5060105fb9e169399fe45600b1e9215e\PresentationFramework.ni.dll
+ 2012-02-16 07:07 . 2012-02-16 07:07 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\0665bba8c9962deadc418881eb3a2a2a\PresentationCore.ni.dll
+ 2011-09-16 02:34 . 2011-09-16 02:34 428804608 c:\windows\Installer\1044b3d.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-24 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-24 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-24 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector10\MUITransfer\MUIStartMenu.exe" [2010-09-17 222504]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-12-05 296056]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/3/2012 6:40 PM 652872]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/3/2012 6:40 PM 20464]
S3 yeddef;YEDDEF driver;c:\windows\system32\Drivers\yeddef.sys --> c:\windows\system32\Drivers\yeddef.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-117609710-1085031214-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-09 00:14]
.
2012-03-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-117609710-1085031214-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-09 00:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://tvlistings.zap2it.com/tvlistings/ZCGrid.do
uInternet Settings,ProxyOverride = *.local
IE: Download by Versalsoft Internet Download - c:\program files\Versalsoft\InternetDownload\adddownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\touqsprb.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-14 14:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4028)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-03-14 14:52:22
ComboFix-quarantined-files.txt 2012-03-14 21:52
ComboFix2.txt 2012-01-21 01:40
.
Pre-Run: 82,537,799,680 bytes free
Post-Run: 82,707,181,568 bytes free
.
- - End Of File - - 43FA01A9FA0B6C2971B0A512558EC798

Thank you!

JD3

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:45 PM

Posted 14 March 2012 - 05:10 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.3.3
Java™ 6 Update 27
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 JD3

JD3
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 14 March 2012 - 06:35 PM

Hi Gringo,

Thanks again for helping me!!! I am copying and pasting both logs into this reply and attaching them as well in case they are needed that way.

Here is the MBAM log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.14.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
user :: NEWUSER [administrator]

Protection: Enabled

3/14/2012 4:09:06 PM
mbam-log-2012-03-14 (16-09-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 175779
Time elapsed: 5 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Here is the HiJack This log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:29:33 PM, on 3/14/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tvlistings.zap2it.com/tvlistings/ZCGrid.do
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\Versalsoft\InternetDownload\VDTB.dll (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\Versalsoft\InternetDownload\VDTB.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector10\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector10" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\10.0"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O8 - Extra context menu item: Download by Versalsoft Internet Download - C:\Program Files\Versalsoft\InternetDownload\adddownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 6429 bytes

The computer seems to be running fine. I'm just paranoid to fully use it (online banking, bill paying, etc.) until I know it is completely cleaned up.

I await your next instructions. : )

JD3

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users