Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with malware - keylogger - need help removing it


  • This topic is locked This topic is locked
15 replies to this topic

#1 Robo112

Robo112

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 05 March 2012 - 09:54 AM

Hello,

Turns out I have been kelogged. I have successfully secured my financial information, and avast along with spybot seem to have taken care of the problem. However, to be on the safeside I'd like you guys to check out my logs.

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_31
Run by Bednar at 15:47:47 on 2012-03-05
Microsoft Windows 7 Ultimate   6.1.7601.1.1250.48.1033.18.4095.1845 [GMT 1:00]
.
SP: Spybot - Search && Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\hasplms.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files (x86)\Tlen7\tlen7.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\ Firefox\firefox.exe
C:\Program Files (x86)\ Firefox\plugin-container.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\ Firefox\plugin-container.exe
E:\Gry zainstalowane\Steam\Steam.exe
C:\Windows\system32\wbengine.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.pl/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: ExplorerBHO Class: {449d0d6e-2412-4e61-b68f-1cb625cd9e52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Classic Explorer Bar: {553891b7-a0d5-4526-be18-d3ce461d6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
uRun: [Tlen.pl] C:\Program Files (x86)\Tlen7\tlen7.exe
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&ksportuj do programu Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B82BC090-4E16-4380-8D54-6E633FA74B94} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C626F82E-C793-4987-86ED-CBC657F5369E} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C86F2467-DB95-46AB-9CD0-DF415CCFA2CA} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C86F2467-DB95-46AB-9CD0-DF415CCFA2CA}\C696E6B6379737 : DhcpNameServer = 62.233.233.233 87.204.204.204
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: SDWinLogon - SDWinLogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:     AcroIEHelperStub - No File
BHO-X64: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bednar\AppData\Roaming\Mozilla\Firefox\Profiles\hjpzpduk.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Bednar\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 aksdf;aksdf;\??\C:\Windows\system32\drivers\aksdf.sys --> C:\Windows\system32\drivers\aksdf.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 hasplms;Sentinel HASP License Manager;C:\Windows\system32\hasplms.exe  -run --> C:\Windows\system32\hasplms.exe  -run [?]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-3-3 1181104]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-3-3 1185704]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-3-3 166528]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-2-23 2886528]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Usługa Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-26 136176]
S3 gupdatem;Usługa Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-26 136176]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-03-05 12:00:54	--------	d-----w-	C:\ProcAlyzer Dumps
2012-03-05 11:57:59	--------	d-----w-	C:\ProgramData\DAEMON Tools Lite
2012-03-05 11:57:28	--------	d-----w-	C:\ProgramData\Spybot - Search & Destroy
2012-03-04 23:12:01	--------	d-----w-	C:\Users\Bednar\AppData\Roaming\LockHunter
2012-03-04 23:11:46	--------	d-----w-	C:\Program Files\LockHunter
2012-03-04 17:05:24	--------	d-----w-	C:\Users\Bednar\AppData\Roaming\Malwarebytes
2012-03-03 17:21:49	17272	----a-w-	C:\Windows\System32\sdnclean64.exe
2012-03-03 17:21:45	--------	d-----w-	C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-03-02 10:26:01	8643640	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3B4E3B67-6375-400B-A88D-82E96EB32DAB}\mpengine.dll
2012-02-28 00:26:34	--------	d-----w-	C:\Program Files (x86)\Hero Editor
2012-02-28 00:26:28	249856	------w-	C:\Windows\Setup1.exe
2012-02-28 00:26:22	73216	----a-w-	C:\Windows\ST6UNST.EXE
2012-02-18 15:13:15	--------	d-----w-	C:\Users\Bednar\AppData\Local\dxhr
2012-02-18 15:11:58	--------	d-----w-	C:\Users\Bednar\AppData\Local\28050
2012-02-16 02:00:36	--------	d-----w-	C:\Program Files (x86)\Microsoft Visual Studio 8
2012-02-16 01:22:50	509952	----a-w-	C:\Windows\System32\ntshrui.dll
2012-02-16 01:22:50	442880	----a-w-	C:\Windows\SysWow64\ntshrui.dll
2012-02-16 01:22:48	515584	----a-w-	C:\Windows\System32\timedate.cpl
2012-02-16 01:22:48	478720	----a-w-	C:\Windows\SysWow64\timedate.cpl
2012-02-16 01:22:47	3145728	----a-w-	C:\Windows\System32\win32k.sys
2012-02-16 01:22:46	498688	----a-w-	C:\Windows\System32\drivers\afd.sys
2012-02-16 01:22:43	690688	----a-w-	C:\Windows\SysWow64\msvcrt.dll
2012-02-16 01:22:43	634880	----a-w-	C:\Windows\System32\msvcrt.dll
2012-02-15 23:17:54	--------	d-----w-	C:\Program Files (x86)\AMD APP
2012-02-14 21:16:01	4323256	----a-w-	C:\Windows\SysWow64\GameMon.des
2012-02-14 21:15:47	5174	----a-w-	C:\Windows\SysWow64\nppt9x.vxd
2012-02-14 21:15:47	4682	----a-w-	C:\Windows\SysWow64\npptNT2.sys
2012-02-14 21:15:15	--------	d-----w-	C:\Program Files\Common Files\INCA Shared
2012-02-13 16:55:34	--------	d-----w-	C:\Users\Bednar\AppData\Local\PMB Files
2012-02-13 16:55:29	--------	d-----w-	C:\Program Files (x86)\Pando Networks
2012-02-13 16:55:25	--------	d-----w-	C:\Users\Bednar\AppData\Local\Pando_Temp
2012-02-13 16:53:38	--------	d-----w-	C:\Users\Bednar\AppData\Local\assembly
2012-02-12 17:42:45	--------	d-----w-	C:\Program Files (x86)\ Firefox
2012-02-06 10:27:16	33856	---ha-w-	C:\Windows\System32\hamachi.sys
.
==================== Find3M  ====================
.
2012-03-04 15:09:48	472808	----a-w-	C:\Windows\SysWow64\deployJava1.dll
2012-02-19 11:55:15	414368	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-13 18:24:18	466456	----a-w-	C:\Windows\System32\wrap_oal.dll
2012-02-13 18:24:18	444952	----a-w-	C:\Windows\SysWow64\wrap_oal.dll
2012-02-13 18:24:18	122904	----a-w-	C:\Windows\System32\OpenAL32.dll
2012-02-13 18:24:18	109080	----a-w-	C:\Windows\SysWow64\OpenAL32.dll
2012-01-29 04:10:42	279656	------w-	C:\Windows\System32\MpSigStub.exe
2012-01-17 21:49:07	0	----a-w-	C:\Windows\SysWow64\ConduitEngine.tmp
2011-12-18 15:03:50	525544	----a-w-	C:\Windows\System32\deployJava1.dll
2011-12-14 07:11:03	2308096	----a-w-	C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30	1390080	----a-w-	C:\Windows\System32\wininet.dll
2011-12-14 07:03:38	1493504	----a-w-	C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28	2382848	----a-w-	C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54	1798656	----a-w-	C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18	1127424	----a-w-	C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58	1427456	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04	2382848	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2011-12-08 00:18:29	18960	----a-w-	C:\Windows\System32\drivers\LNonPnP.sys
2011-12-06 14:55:48	53248	----a-w-	C:\Windows\SysWow64\CSVer.dll
.
============= FINISH: 15:48:10,07 ===============

GMER : not available. I am on a 64 bit win7 ultimate and most of the options are greyed out.

If you need anything else, please let me know.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 AM

Posted 09 March 2012 - 02:56 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Robo112

Robo112
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 09 March 2012 - 07:19 AM

Hello, here is the combofix log. also I didn't run into any problems during the scan. The computer runs fine; what I would like to know is whether I can safely use financial sites without anyone logging my passwords :)

ComboFix 12-03-09.05 - Bednar 2012-03-09 12:49:03.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.48.1033.18.4095.2324 [GMT 1:00]
Uruchomiony z: c:\users\Bednar\Desktop\ComboFix.exe
SP: Spybot - Search && Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Utworzono nowy punkt przywracania
.
.
((((((((((((((((((((((((( Pliki utworzone od 2012-02-09 do 2012-03-09 )))))))))))))))))))))))))))))))
.
.
2012-03-09 11:52 . 2012-03-09 11:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-08 21:39 . 2012-03-08 21:39 -------- d-----w- C:\Boot
2012-03-06 15:39 . 2012-03-07 12:48 -------- d-----w- C:\ProgramData
2012-03-06 15:30 . 2012-03-07 12:47 -------- d-----w- c:\program files\Unlocker
2012-03-06 15:29 . 2012-03-06 15:29 -------- d-----w- c:\program files (x86)\Common Files\Windows Driver Foundation
2012-03-06 15:29 . 2012-03-06 15:29 -------- d-----w- c:\program files (x86)\Media Center Programs
2012-03-06 15:29 . 2012-03-06 15:29 -------- d-----w- c:\program files (x86)\Macromedia
2012-03-06 15:29 . 2012-03-06 15:29 -------- d-----w- c:\program files (x86)\Intel Corporation
2012-03-05 20:47 . 2012-03-05 20:50 -------- d-----w- C:\xampp
2012-03-04 23:12 . 2012-03-04 23:12 -------- d-----w- c:\users\Bednar\AppData\Roaming\LockHunter
2012-03-04 17:05 . 2012-03-04 17:05 -------- d-----w- c:\users\Bednar\AppData\Roaming\Malwarebytes
2012-03-04 15:10 . 2012-03-04 15:10 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-04 15:09 . 2012-03-04 15:09 -------- d-----w- c:\program files (x86)\Java
2012-03-03 17:21 . 2009-01-25 11:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2012-03-03 17:21 . 2012-03-03 17:22 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2012-02-28 00:26 . 2012-02-28 00:26 249856 ------w- c:\windows\Setup1.exe
2012-02-28 00:26 . 2012-02-28 00:26 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-02-26 07:14 . 2012-02-26 07:14 -------- d-----w- c:\program files (x86)\Google
2012-02-18 15:13 . 2012-02-18 15:53 -------- d-----w- c:\users\Bednar\AppData\Local\dxhr
2012-02-18 15:11 . 2012-02-18 15:11 -------- d-----w- c:\users\Bednar\AppData\Local\28050
2012-02-16 02:00 . 2012-02-16 02:00 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-02-16 01:22 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 01:22 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-16 01:22 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 01:22 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-16 01:22 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 01:22 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-16 01:22 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 01:22 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-15 23:17 . 2012-02-15 23:17 -------- d-----w- c:\program files (x86)\AMD APP
2012-02-14 21:16 . 2011-03-28 19:51 4323256 ----a-w- c:\windows\SysWow64\GameMon.des
2012-02-14 21:15 . 2005-01-02 21:43 4682 ----a-w- c:\windows\SysWow64\npptNT2.sys
2012-02-14 21:15 . 2003-07-19 06:17 5174 ----a-w- c:\windows\SysWow64\nppt9x.vxd
2012-02-14 21:15 . 2012-02-14 21:15 -------- d-----w- c:\program files\Common Files\INCA Shared
2012-02-13 16:55 . 2012-02-24 13:55 -------- d-----w- c:\users\Bednar\AppData\Local\PMB Files
2012-02-13 16:55 . 2012-02-13 16:55 -------- d-----w- c:\program files (x86)\Pando Networks
2012-02-13 16:55 . 2012-02-13 16:55 -------- d-----w- c:\users\Bednar\AppData\Local\Pando_Temp
2012-02-13 16:53 . 2012-03-04 16:00 -------- d-----w- c:\users\Bednar\AppData\Local\assembly
2012-02-12 17:42 . 2012-02-18 11:34 -------- d-----w- c:\program files (x86)\ Firefox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-04 15:09 . 2011-06-28 19:43 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-23 08:18 . 2010-02-10 06:18 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-19 11:55 . 2011-06-20 18:50 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-13 18:24 . 2011-11-01 19:48 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-02-13 18:24 . 2011-11-01 19:48 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-02-13 18:24 . 2011-11-01 19:48 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-02-13 18:24 . 2011-11-01 19:48 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-01-17 21:49 . 2012-01-17 21:49 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp
2011-12-18 15:03 . 2011-12-18 15:03 525544 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2011-03-31 19:45 501760 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tlen.pl"="c:\program files (x86)\Tlen7\tlen7.exe" [2011-04-11 82432]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-05 343168]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-02-07 3865504]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Usługa Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26 136176]
R3 dump_wmimmc;dump_wmimmc;e:\gry zainstalowane\NCSoft\Lineage II\system\GameGuard\dump_wmimmc.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Classic\safedrv.sys [x]
R3 gupdatem;Usługa Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26 136176]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-02-07 1181104]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-02-07 1185704]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-02-07 166528]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [x]
.
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26 07:14]
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26 07:14]
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3886483897-863331433-1063582742-1000Core.job
- c:\users\Bednar\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-17 01:34]
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3886483897-863331433-1063582742-1000UA.job
- c:\users\Bednar\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-17 01:34]
.
2012-03-09 c:\windows\Tasks\Windows Driver Foundation.job
- c:\program files (x86)\Common Files\Windows Driver Foundation\WUDFHost.exe [2012-03-06 15:29]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2011-03-31 19:46 625152 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2011-03-31 98304]
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.pl/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Bednar\AppData\Roaming\Mozilla\Firefox\Profiles\hjpzpduk.default\
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3886483897-863331433-1063582742-1000\Software\SecuROM\License information*]
"datasecu"=hex:a7,ed,e1,83,95,9e,06,3e,41,24,b3,fe,32,10,6d,30,a2,a1,c4,54,93,
c8,1e,01,22,b0,bc,14,8b,8d,88,e6,a8,9b,2d,7d,f2,a4,27,aa,b3,27,f1,d9,9c,a8,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\hasplms.exe
.
**************************************************************************
.
Czas ukończenia: 2012-03-09 12:56:47 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2012-03-09 11:56
.
Przed: 14 691 188 736 bytes free
Po: 14 589 431 808 bytes free
.
- - End Of File - - B49B0DE38CB6292002B0EB3F2238EA50

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 AM

Posted 09 March 2012 - 08:32 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Robo112

Robo112
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 09 March 2012 - 09:03 AM

Hello again,



TDSSKiller didn't find any threats :

14:51:28.0786 3744 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
14:51:28.0875 3744 ============================================================
14:51:28.0875 3744 Current date / time: 2012/03/09 14:51:28.0875
14:51:28.0875 3744 SystemInfo:
14:51:28.0875 3744
14:51:28.0875 3744 OS Version: 6.1.7601 ServicePack: 1.0
14:51:28.0875 3744 Product type: Workstation
14:51:28.0875 3744 ComputerName: BEDNAR-PC
14:51:28.0875 3744 UserName: Bednar
14:51:28.0875 3744 Windows directory: C:\Windows
14:51:28.0875 3744 System windows directory: C:\Windows
14:51:28.0875 3744 Running under WOW64
14:51:28.0875 3744 Processor architecture: Intel x64
14:51:28.0875 3744 Number of processors: 2
14:51:28.0875 3744 Page size: 0x1000
14:51:28.0875 3744 Boot type: Normal boot
14:51:28.0875 3744 ============================================================
14:51:29.0599 3744 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:51:29.0625 3744 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:51:29.0711 3744 \Device\Harddisk0\DR0:
14:51:29.0712 3744 MBR used
14:51:29.0712 3744 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x61A8000
14:51:29.0712 3744 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x61A8800, BlocksNum 0x341DD000
14:51:29.0712 3744 \Device\Harddisk1\DR1:
14:51:29.0712 3744 MBR used
14:51:29.0712 3744 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
14:51:29.0789 3744 Initialize success
14:51:29.0789 3744 ============================================================
14:51:31.0224 3008 ============================================================
14:51:31.0224 3008 Scan started
14:51:31.0224 3008 Mode: Manual;
14:51:31.0224 3008 ============================================================
14:51:32.0057 3008 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:51:32.0061 3008 1394ohci - ok
14:51:32.0103 3008 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:51:32.0110 3008 ACPI - ok
14:51:32.0139 3008 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:51:32.0140 3008 AcpiPmi - ok
14:51:32.0179 3008 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:51:32.0207 3008 adp94xx - ok
14:51:32.0233 3008 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:51:32.0239 3008 adpahci - ok
14:51:32.0262 3008 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:51:32.0266 3008 adpu320 - ok
14:51:32.0307 3008 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:51:32.0313 3008 AFD - ok
14:51:32.0337 3008 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:51:32.0339 3008 agp440 - ok
14:51:32.0373 3008 aksdf (94c0972b06c75456ed574dd46417b1d8) C:\Windows\system32\drivers\aksdf.sys
14:51:32.0375 3008 aksdf - ok
14:51:32.0418 3008 aksfridge (7b0bc062ca6abab23f88ea483b5a538e) C:\Windows\system32\drivers\aksfridge.sys
14:51:32.0421 3008 aksfridge - ok
14:51:32.0443 3008 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:51:32.0445 3008 aliide - ok
14:51:32.0469 3008 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:51:32.0471 3008 amdide - ok
14:51:32.0495 3008 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:51:32.0497 3008 AmdK8 - ok
14:51:32.0685 3008 amdkmdag (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
14:51:32.0833 3008 amdkmdag - ok
14:51:32.0867 3008 amdkmdap (b9e1c7b7f1865f99b16ff2e1bb94edb6) C:\Windows\system32\DRIVERS\atikmpag.sys
14:51:32.0868 3008 amdkmdap - ok
14:51:32.0890 3008 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:51:32.0892 3008 AmdPPM - ok
14:51:32.0912 3008 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:51:32.0915 3008 amdsata - ok
14:51:32.0939 3008 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:51:32.0943 3008 amdsbs - ok
14:51:32.0963 3008 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:51:32.0965 3008 amdxata - ok
14:51:32.0989 3008 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:51:32.0991 3008 AppID - ok
14:51:33.0032 3008 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:51:33.0034 3008 arc - ok
14:51:33.0056 3008 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:51:33.0058 3008 arcsas - ok
14:51:33.0093 3008 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:51:33.0094 3008 AsyncMac - ok
14:51:33.0122 3008 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:51:33.0122 3008 atapi - ok
14:51:33.0168 3008 AtiHDAudioService (230cf51113cd4b830b3bfd09b0d4c066) C:\Windows\system32\drivers\AtihdW76.sys
14:51:33.0169 3008 AtiHDAudioService - ok
14:51:33.0351 3008 atikmdag (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
14:51:33.0392 3008 atikmdag - ok
14:51:33.0477 3008 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:51:33.0499 3008 b06bdrv - ok
14:51:33.0529 3008 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:51:33.0534 3008 b57nd60a - ok
14:51:33.0556 3008 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:51:33.0558 3008 Beep - ok
14:51:33.0586 3008 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:51:33.0587 3008 blbdrive - ok
14:51:33.0620 3008 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:51:33.0623 3008 bowser - ok
14:51:33.0639 3008 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:51:33.0641 3008 BrFiltLo - ok
14:51:33.0656 3008 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:51:33.0658 3008 BrFiltUp - ok
14:51:33.0686 3008 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:51:33.0688 3008 BridgeMP - ok
14:51:33.0715 3008 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:51:33.0721 3008 Brserid - ok
14:51:33.0740 3008 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:51:33.0742 3008 BrSerWdm - ok
14:51:33.0759 3008 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:51:33.0761 3008 BrUsbMdm - ok
14:51:33.0776 3008 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:51:33.0778 3008 BrUsbSer - ok
14:51:33.0806 3008 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:51:33.0808 3008 BTHMODEM - ok
14:51:33.0831 3008 catchme - ok
14:51:33.0853 3008 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:51:33.0856 3008 cdfs - ok
14:51:33.0887 3008 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:51:33.0890 3008 cdrom - ok
14:51:33.0939 3008 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:51:33.0941 3008 circlass - ok
14:51:33.0969 3008 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:51:33.0976 3008 CLFS - ok
14:51:34.0005 3008 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:51:34.0006 3008 CmBatt - ok
14:51:34.0037 3008 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:51:34.0039 3008 cmdide - ok
14:51:34.0072 3008 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:51:34.0080 3008 CNG - ok
14:51:34.0100 3008 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:51:34.0102 3008 Compbatt - ok
14:51:34.0129 3008 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:51:34.0131 3008 CompositeBus - ok
14:51:34.0145 3008 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:51:34.0147 3008 crcdisk - ok
14:51:34.0232 3008 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
14:51:34.0241 3008 CSC - ok
14:51:34.0272 3008 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:51:34.0274 3008 DfsC - ok
14:51:34.0298 3008 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:51:34.0300 3008 discache - ok
14:51:34.0321 3008 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:51:34.0323 3008 Disk - ok
14:51:34.0361 3008 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:51:34.0362 3008 drmkaud - ok
14:51:34.0402 3008 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:51:34.0404 3008 dtsoftbus01 - ok
14:51:34.0434 3008 dump_wmimmc - ok
14:51:34.0482 3008 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:51:34.0487 3008 DXGKrnl - ok
14:51:34.0520 3008 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
14:51:34.0524 3008 E1G60 - ok
14:51:34.0589 3008 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:51:34.0641 3008 ebdrv - ok
14:51:34.0669 3008 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:51:34.0685 3008 elxstor - ok
14:51:34.0707 3008 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:51:34.0708 3008 ErrDev - ok
14:51:34.0742 3008 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:51:34.0746 3008 exfat - ok
14:51:34.0768 3008 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:51:34.0773 3008 fastfat - ok
14:51:34.0798 3008 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:51:34.0799 3008 fdc - ok
14:51:34.0821 3008 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:51:34.0823 3008 FileInfo - ok
14:51:34.0838 3008 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:51:34.0840 3008 Filetrace - ok
14:51:34.0859 3008 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:51:34.0860 3008 flpydisk - ok
14:51:34.0900 3008 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:51:34.0906 3008 FltMgr - ok
14:51:34.0940 3008 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:51:34.0942 3008 FsDepends - ok
14:51:34.0958 3008 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:51:34.0960 3008 Fs_Rec - ok
14:51:34.0998 3008 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:51:35.0003 3008 fvevol - ok
14:51:35.0030 3008 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:51:35.0032 3008 gagp30kx - ok
14:51:35.0061 3008 GGSAFERDriver - ok
14:51:35.0131 3008 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
14:51:35.0133 3008 hamachi - ok
14:51:35.0176 3008 hardlock (78fad9117e4527f2ca82259da10f40bd) C:\Windows\system32\drivers\hardlock.sys
14:51:35.0182 3008 hardlock - ok
14:51:35.0200 3008 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:51:35.0202 3008 hcw85cir - ok
14:51:35.0237 3008 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:51:35.0244 3008 HdAudAddService - ok
14:51:35.0276 3008 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:51:35.0278 3008 HDAudBus - ok
14:51:35.0296 3008 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:51:35.0297 3008 HidBatt - ok
14:51:35.0319 3008 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:51:35.0322 3008 HidBth - ok
14:51:35.0337 3008 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:51:35.0339 3008 HidIr - ok
14:51:35.0379 3008 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:51:35.0380 3008 HidUsb - ok
14:51:35.0404 3008 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:51:35.0406 3008 HpSAMD - ok
14:51:35.0452 3008 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:51:35.0469 3008 HTTP - ok
14:51:35.0496 3008 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:51:35.0498 3008 hwpolicy - ok
14:51:35.0536 3008 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:51:35.0538 3008 i8042prt - ok
14:51:35.0569 3008 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:51:35.0577 3008 iaStorV - ok
14:51:35.0602 3008 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:51:35.0604 3008 iirsp - ok
14:51:35.0621 3008 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:51:35.0623 3008 intelide - ok
14:51:35.0644 3008 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:51:35.0645 3008 intelppm - ok
14:51:35.0671 3008 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:51:35.0673 3008 IpFilterDriver - ok
14:51:35.0701 3008 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:51:35.0703 3008 IPMIDRV - ok
14:51:35.0726 3008 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:51:35.0729 3008 IPNAT - ok
14:51:35.0747 3008 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:51:35.0749 3008 IRENUM - ok
14:51:35.0765 3008 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:51:35.0767 3008 isapnp - ok
14:51:35.0791 3008 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:51:35.0796 3008 iScsiPrt - ok
14:51:35.0821 3008 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:51:35.0822 3008 kbdclass - ok
14:51:35.0844 3008 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:51:35.0845 3008 kbdhid - ok
14:51:35.0874 3008 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:51:35.0878 3008 KSecDD - ok
14:51:35.0902 3008 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:51:35.0905 3008 KSecPkg - ok
14:51:35.0924 3008 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:51:35.0925 3008 ksthunk - ok
14:51:35.0979 3008 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
14:51:35.0980 3008 LHidFilt - ok
14:51:36.0001 3008 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:51:36.0003 3008 lltdio - ok
14:51:36.0026 3008 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
14:51:36.0026 3008 LMouFilt - ok
14:51:36.0053 3008 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:51:36.0056 3008 LSI_FC - ok
14:51:36.0081 3008 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:51:36.0084 3008 LSI_SAS - ok
14:51:36.0105 3008 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:51:36.0107 3008 LSI_SAS2 - ok
14:51:36.0140 3008 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:51:36.0143 3008 LSI_SCSI - ok
14:51:36.0176 3008 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:51:36.0210 3008 luafv - ok
14:51:36.0235 3008 LUsbFilt (29c733e1de824670dc9315cfc9bdbcd3) C:\Windows\system32\Drivers\LUsbFilt.Sys
14:51:36.0236 3008 LUsbFilt - ok
14:51:36.0253 3008 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:51:36.0254 3008 megasas - ok
14:51:36.0279 3008 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:51:36.0284 3008 MegaSR - ok
14:51:36.0304 3008 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:51:36.0306 3008 Modem - ok
14:51:36.0337 3008 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:51:36.0338 3008 monitor - ok
14:51:36.0357 3008 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:51:36.0358 3008 mouclass - ok
14:51:36.0379 3008 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:51:36.0381 3008 mouhid - ok
14:51:36.0412 3008 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:51:36.0415 3008 mountmgr - ok
14:51:36.0429 3008 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:51:36.0432 3008 mpio - ok
14:51:36.0448 3008 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:51:36.0450 3008 mpsdrv - ok
14:51:36.0488 3008 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:51:36.0492 3008 MRxDAV - ok
14:51:36.0525 3008 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:51:36.0528 3008 mrxsmb - ok
14:51:36.0559 3008 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:51:36.0564 3008 mrxsmb10 - ok
14:51:36.0590 3008 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:51:36.0594 3008 mrxsmb20 - ok
14:51:36.0619 3008 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:51:36.0621 3008 msahci - ok
14:51:36.0642 3008 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:51:36.0645 3008 msdsm - ok
14:51:36.0676 3008 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:51:36.0678 3008 Msfs - ok
14:51:36.0698 3008 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:51:36.0700 3008 mshidkmdf - ok
14:51:36.0718 3008 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:51:36.0719 3008 msisadrv - ok
14:51:36.0747 3008 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:51:36.0748 3008 MSKSSRV - ok
14:51:36.0769 3008 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:51:36.0772 3008 MSPCLOCK - ok
14:51:36.0788 3008 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:51:36.0791 3008 MSPQM - ok
14:51:36.0824 3008 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:51:36.0831 3008 MsRPC - ok
14:51:36.0857 3008 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:51:36.0857 3008 mssmbios - ok
14:51:36.0876 3008 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:51:36.0877 3008 MSTEE - ok
14:51:36.0895 3008 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:51:36.0896 3008 MTConfig - ok
14:51:36.0923 3008 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
14:51:36.0923 3008 MTsensor - ok
14:51:36.0944 3008 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:51:36.0946 3008 Mup - ok
14:51:36.0988 3008 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:51:36.0994 3008 NativeWifiP - ok
14:51:37.0039 3008 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:51:37.0044 3008 NDIS - ok
14:51:37.0062 3008 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:51:37.0064 3008 NdisCap - ok
14:51:37.0076 3008 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:51:37.0078 3008 NdisTapi - ok
14:51:37.0103 3008 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:51:37.0105 3008 Ndisuio - ok
14:51:37.0132 3008 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:51:37.0136 3008 NdisWan - ok
14:51:37.0158 3008 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:51:37.0160 3008 NDProxy - ok
14:51:37.0174 3008 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:51:37.0176 3008 NetBIOS - ok
14:51:37.0195 3008 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:51:37.0200 3008 NetBT - ok
14:51:37.0268 3008 netr7364 (7b3a86cda73b3e89fd69666c4329c3b7) C:\Windows\system32\DRIVERS\netr7364.sys
14:51:37.0285 3008 netr7364 - ok
14:51:37.0313 3008 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:51:37.0316 3008 nfrd960 - ok
14:51:37.0337 3008 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:51:37.0339 3008 Npfs - ok
14:51:37.0373 3008 NPPTNT2 - ok
14:51:37.0394 3008 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:51:37.0396 3008 nsiproxy - ok
14:51:37.0444 3008 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:51:37.0453 3008 Ntfs - ok
14:51:37.0470 3008 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:51:37.0471 3008 Null - ok
14:51:37.0511 3008 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:51:37.0514 3008 nvraid - ok
14:51:37.0538 3008 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:51:37.0541 3008 nvstor - ok
14:51:37.0561 3008 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:51:37.0564 3008 nv_agp - ok
14:51:37.0591 3008 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:51:37.0593 3008 ohci1394 - ok
14:51:37.0633 3008 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:51:37.0635 3008 Parport - ok
14:51:37.0650 3008 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:51:37.0652 3008 partmgr - ok
14:51:37.0684 3008 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:51:37.0687 3008 pci - ok
14:51:37.0714 3008 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:51:37.0716 3008 pciide - ok
14:51:37.0739 3008 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:51:37.0743 3008 pcmcia - ok
14:51:37.0763 3008 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:51:37.0765 3008 pcw - ok
14:51:37.0792 3008 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:51:37.0802 3008 PEAUTH - ok
14:51:37.0846 3008 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:51:37.0849 3008 PptpMiniport - ok
14:51:37.0864 3008 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:51:37.0866 3008 Processor - ok
14:51:37.0887 3008 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:51:37.0890 3008 Psched - ok
14:51:37.0930 3008 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:51:37.0958 3008 ql2300 - ok
14:51:37.0995 3008 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:51:37.0998 3008 ql40xx - ok
14:51:38.0015 3008 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:51:38.0017 3008 QWAVEdrv - ok
14:51:38.0030 3008 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:51:38.0031 3008 RasAcd - ok
14:51:38.0060 3008 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:51:38.0062 3008 RasAgileVpn - ok
14:51:38.0091 3008 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:51:38.0094 3008 Rasl2tp - ok
14:51:38.0126 3008 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:51:38.0129 3008 RasPppoe - ok
14:51:38.0148 3008 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:51:38.0151 3008 RasSstp - ok
14:51:38.0180 3008 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:51:38.0204 3008 rdbss - ok
14:51:38.0231 3008 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:51:38.0233 3008 rdpbus - ok
14:51:38.0338 3008 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:51:38.0366 3008 RDPCDD - ok
14:51:38.0396 3008 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
14:51:38.0400 3008 RDPDR - ok
14:51:38.0417 3008 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:51:38.0418 3008 RDPENCDD - ok
14:51:38.0436 3008 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:51:38.0437 3008 RDPREFMP - ok
14:51:38.0474 3008 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
14:51:38.0499 3008 RdpVideoMiniport - ok
14:51:38.0530 3008 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
14:51:38.0534 3008 RDPWD - ok
14:51:38.0565 3008 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:51:38.0569 3008 rdyboost - ok
14:51:38.0610 3008 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:51:38.0613 3008 rspndr - ok
14:51:38.0663 3008 RTHDMIAzAudService (c20f64fcd5e2b40310a1774495877acd) C:\Windows\system32\drivers\RtHDMIVX.sys
14:51:38.0664 3008 RTHDMIAzAudService - ok
14:51:38.0687 3008 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
14:51:38.0689 3008 s3cap - ok
14:51:38.0712 3008 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:51:38.0715 3008 sbp2port - ok
14:51:38.0747 3008 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:51:38.0748 3008 scfilter - ok
14:51:38.0795 3008 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:51:38.0797 3008 secdrv - ok
14:51:38.0826 3008 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:51:38.0828 3008 Serenum - ok
14:51:38.0844 3008 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:51:38.0846 3008 Serial - ok
14:51:38.0880 3008 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:51:38.0881 3008 sermouse - ok
14:51:38.0911 3008 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:51:38.0913 3008 sffdisk - ok
14:51:38.0931 3008 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:51:38.0933 3008 sffp_mmc - ok
14:51:38.0945 3008 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:51:38.0946 3008 sffp_sd - ok
14:51:38.0964 3008 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:51:38.0965 3008 sfloppy - ok
14:51:38.0984 3008 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:51:38.0986 3008 SiSRaid2 - ok
14:51:39.0009 3008 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:51:39.0012 3008 SiSRaid4 - ok
14:51:39.0034 3008 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:51:39.0037 3008 Smb - ok
14:51:39.0060 3008 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:51:39.0061 3008 spldr - ok
14:51:39.0102 3008 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:51:39.0110 3008 srv - ok
14:51:39.0151 3008 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:51:39.0159 3008 srv2 - ok
14:51:39.0189 3008 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:51:39.0192 3008 srvnet - ok
14:51:39.0230 3008 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:51:39.0232 3008 stexstor - ok
14:51:39.0266 3008 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
14:51:39.0268 3008 storflt - ok
14:51:39.0296 3008 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
14:51:39.0298 3008 storvsc - ok
14:51:39.0317 3008 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:51:39.0318 3008 swenum - ok
14:51:39.0339 3008 Synth3dVsc - ok
14:51:39.0380 3008 tap0901 (f0b9d3ed88e56d3cd713dff21e42aaf0) C:\Windows\system32\DRIVERS\tap0901.sys
14:51:39.0381 3008 tap0901 - ok
14:51:39.0442 3008 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:51:39.0452 3008 Tcpip - ok
14:51:39.0498 3008 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:51:39.0505 3008 TCPIP6 - ok
14:51:39.0526 3008 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:51:39.0527 3008 tcpipreg - ok
14:51:39.0544 3008 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:51:39.0545 3008 TDPIPE - ok
14:51:39.0557 3008 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
14:51:39.0558 3008 TDTCP - ok
14:51:39.0586 3008 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:51:39.0587 3008 tdx - ok
14:51:39.0613 3008 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:51:39.0613 3008 TermDD - ok
14:51:39.0648 3008 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:51:39.0649 3008 tssecsrv - ok
14:51:39.0678 3008 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:51:39.0680 3008 TsUsbFlt - ok
14:51:39.0691 3008 tsusbhub - ok
14:51:39.0730 3008 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:51:39.0733 3008 tunnel - ok
14:51:39.0752 3008 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:51:39.0754 3008 uagp35 - ok
14:51:39.0786 3008 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:51:39.0792 3008 udfs - ok
14:51:39.0817 3008 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:51:39.0820 3008 uliagpkx - ok
14:51:39.0837 3008 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
14:51:39.0839 3008 umbus - ok
14:51:39.0869 3008 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:51:39.0871 3008 UmPass - ok
14:51:39.0906 3008 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:51:39.0909 3008 usbccgp - ok
14:51:39.0932 3008 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:51:39.0935 3008 usbcir - ok
14:51:39.0962 3008 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:51:39.0964 3008 usbehci - ok
14:51:39.0998 3008 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:51:40.0004 3008 usbhub - ok
14:51:40.0034 3008 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:51:40.0035 3008 usbohci - ok
14:51:40.0065 3008 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:51:40.0067 3008 usbprint - ok
14:51:40.0101 3008 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:51:40.0103 3008 usbscan - ok
14:51:40.0129 3008 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:51:40.0131 3008 USBSTOR - ok
14:51:40.0157 3008 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
14:51:40.0159 3008 usbuhci - ok
14:51:40.0184 3008 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:51:40.0190 3008 vdrvroot - ok
14:51:40.0218 3008 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:51:40.0220 3008 vga - ok
14:51:40.0249 3008 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:51:40.0251 3008 VgaSave - ok
14:51:40.0263 3008 VGPU - ok
14:51:40.0288 3008 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:51:40.0293 3008 vhdmp - ok
14:51:40.0314 3008 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:51:40.0316 3008 viaide - ok
14:51:40.0340 3008 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
14:51:40.0344 3008 vmbus - ok
14:51:40.0367 3008 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
14:51:40.0369 3008 VMBusHID - ok
14:51:40.0388 3008 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:51:40.0391 3008 volmgr - ok
14:51:40.0422 3008 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:51:40.0429 3008 volmgrx - ok
14:51:40.0456 3008 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:51:40.0462 3008 volsnap - ok
14:51:40.0497 3008 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:51:40.0501 3008 vsmraid - ok
14:51:40.0523 3008 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:51:40.0525 3008 vwifibus - ok
14:51:40.0542 3008 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:51:40.0544 3008 vwififlt - ok
14:51:40.0565 3008 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:51:40.0567 3008 WacomPen - ok
14:51:40.0587 3008 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:51:40.0590 3008 WANARP - ok
14:51:40.0594 3008 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:51:40.0594 3008 Wanarpv6 - ok
14:51:40.0618 3008 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:51:40.0620 3008 Wd - ok
14:51:40.0646 3008 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:51:40.0663 3008 Wdf01000 - ok
14:51:40.0707 3008 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:51:40.0708 3008 WfpLwf - ok
14:51:40.0724 3008 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:51:40.0726 3008 WIMMount - ok
14:51:40.0783 3008 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:51:40.0785 3008 WmiAcpi - ok
14:51:40.0809 3008 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:51:40.0811 3008 ws2ifsl - ok
14:51:40.0843 3008 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:51:40.0846 3008 WudfPf - ok
14:51:40.0866 3008 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:51:40.0870 3008 WUDFRd - ok
14:51:40.0902 3008 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:51:40.0952 3008 \Device\Harddisk0\DR0 - ok
14:51:40.0954 3008 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
14:51:40.0956 3008 \Device\Harddisk1\DR1 - ok
14:51:40.0968 3008 Boot (0x1200) (6ed1b9e539613bae3684d543e4a09a14) \Device\Harddisk0\DR0\Partition0
14:51:40.0971 3008 \Device\Harddisk0\DR0\Partition0 - ok
14:51:40.0986 3008 Boot (0x1200) (99f99a48b4112a394ac657b221dc7d00) \Device\Harddisk0\DR0\Partition1
14:51:40.0989 3008 \Device\Harddisk0\DR0\Partition1 - ok
14:51:40.0991 3008 Boot (0x1200) (32aac0d7bbde1b74e80b76daa76936b9) \Device\Harddisk1\DR1\Partition0
14:51:40.0992 3008 \Device\Harddisk1\DR1\Partition0 - ok
14:51:40.0993 3008 ============================================================
14:51:40.0993 3008 Scan finished
14:51:40.0993 3008 ============================================================
14:51:41.0001 3084 Detected object count: 0
14:51:41.0001 3084 Actual detected object count: 0


aswMBR log :

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-09 14:54:11
-----------------------------
14:54:11.160 OS Version: Windows x64 6.1.7601 Service Pack 1
14:54:11.160 Number of processors: 2 586 0x1706
14:54:11.161 ComputerName: BEDNAR-PC UserName: Bednar
14:54:11.681 Initialize success
14:56:15.632 AVAST engine defs: 12030801
14:56:41.965 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
14:56:41.967 Disk 0 Vendor: ST3500320AS SD15 Size: 476940MB BusType: 3
14:56:41.968 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-6
14:56:41.970 Disk 1 Vendor: SAMSUNG_HD103UJ 1AA01113 Size: 953869MB BusType: 3
14:56:41.986 Disk 0 MBR read successfully
14:56:41.988 Disk 0 MBR scan
14:56:41.991 Disk 0 Windows 7 default MBR code
14:56:42.001 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 50000 MB offset 2048
14:56:42.019 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 426938 MB offset 102402048
14:56:42.054 Disk 0 scanning C:\Windows\system32\drivers
14:56:50.694 Service scanning
14:57:04.650 Modules scanning
14:57:04.656 Disk 0 trace - called modules:
14:57:04.675 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:57:04.679 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c16630]
14:57:04.684 3 CLASSPNP.SYS[fffff880019a043f] -> nt!IofCallDriver -> [0xfffffa800474e520]
14:57:04.688 5 ACPI.sys[fffff88000f987a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa800474a680]
14:57:05.324 AVAST engine scan C:\Windows
14:57:06.815 AVAST engine scan C:\Windows\system32
14:59:30.747 AVAST engine scan C:\Windows\system32\drivers
14:59:40.126 AVAST engine scan C:\Users\Bednar
15:01:37.279 AVAST engine scan C:\ProgramData
15:01:38.624 Scan finished successfully
15:01:50.166 Disk 0 MBR has been saved successfully to "C:\Users\Bednar\Desktop\MBR.dat"
15:01:50.170 The log file has been saved successfully to "C:\Users\Bednar\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 AM

Posted 09 March 2012 - 01:25 PM

Hello


these reports are looking fine - I have not seen anything to worry about


:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

File::
c:\windows\SysWow64\ConduitEngine.tmp

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 AM

Posted 12 March 2012 - 01:51 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Robo112

Robo112
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 13 March 2012 - 01:47 PM

Hello, I am sorry it took me so long but I was buried ears deep in work :(

No problems during scan

Here is the report :

ComboFix 12-03-09.05 - Bednar 2012-03-13 19:35:03.4.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.48.1033.18.4095.2047 [GMT 1:00]
Uruchomiony z: c:\users\Bednar\Desktop\ComboFix.exe
Użyto następujących komend :: c:\users\Bednar\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\SysWow64\ConduitEngine.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\ConduitEngine.tmp
.
.
((((((((((((((((((((((((( Pliki utworzone od 2012-02-13 do 2012-03-13 )))))))))))))))))))))))))))))))
.
.
2012-03-13 18:39 . 2012-03-13 18:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-13 17:43 . 2012-03-13 17:51 -------- d-----w- c:\program files (x86)\Microsoft Works
2012-03-13 17:42 . 2012-03-13 17:42 -------- d-----w- c:\windows\PCHEALTH
2012-03-13 17:41 . 2012-03-13 17:41 -------- d-----w- c:\windows\SHELLNEW
2012-03-13 17:40 . 2012-03-13 17:40 -------- d-----r- C:\MSOCache
2012-03-13 17:06 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-13 17:06 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-13 17:06 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 17:03 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 17:03 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 17:03 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 17:03 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 17:03 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 17:03 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 17:02 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-13 17:02 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 17:02 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 17:02 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 17:02 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-08 21:39 . 2012-03-08 21:39 -------- d-----w- C:\Boot
2012-03-06 15:39 . 2012-03-13 18:31 -------- d-----w- C:\ProgramData
2012-03-06 15:30 . 2012-03-07 12:47 -------- d-----w- c:\program files\Unlocker
2012-03-06 15:29 . 2012-03-06 15:29 -------- d-----w- c:\program files (x86)\Common Files\Windows Driver Foundation
2012-03-06 15:29 . 2012-03-06 15:29 -------- d-----w- c:\program files (x86)\Media Center Programs
2012-03-06 15:29 . 2012-03-06 15:29 -------- d-----w- c:\program files (x86)\Macromedia
2012-03-06 15:29 . 2012-03-06 15:29 -------- d-----w- c:\program files (x86)\Intel Corporation
2012-03-05 20:47 . 2012-03-05 20:50 -------- d-----w- C:\xampp
2012-03-04 23:12 . 2012-03-04 23:12 -------- d-----w- c:\users\Bednar\AppData\Roaming\LockHunter
2012-03-04 17:05 . 2012-03-04 17:05 -------- d-----w- c:\users\Bednar\AppData\Roaming\Malwarebytes
2012-03-04 15:10 . 2012-03-04 15:10 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-04 15:09 . 2012-03-04 15:09 -------- d-----w- c:\program files (x86)\Java
2012-03-03 17:21 . 2012-03-09 16:25 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2012-02-28 00:26 . 2012-02-28 00:26 249856 ------w- c:\windows\Setup1.exe
2012-02-28 00:26 . 2012-02-28 00:26 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-02-26 07:14 . 2012-02-26 07:14 -------- d-----w- c:\program files (x86)\Google
2012-02-18 15:13 . 2012-02-18 15:53 -------- d-----w- c:\users\Bednar\AppData\Local\dxhr
2012-02-18 15:11 . 2012-02-18 15:11 -------- d-----w- c:\users\Bednar\AppData\Local\28050
2012-02-16 01:22 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 01:22 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-16 01:22 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 01:22 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-16 01:22 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-16 01:22 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 01:22 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-15 23:17 . 2012-02-15 23:17 -------- d-----w- c:\program files (x86)\AMD APP
2012-02-14 21:16 . 2011-03-28 19:51 4323256 ----a-w- c:\windows\SysWow64\GameMon.des
2012-02-14 21:15 . 2005-01-02 21:43 4682 ----a-w- c:\windows\SysWow64\npptNT2.sys
2012-02-14 21:15 . 2003-07-19 06:17 5174 ----a-w- c:\windows\SysWow64\nppt9x.vxd
2012-02-14 21:15 . 2012-02-14 21:15 -------- d-----w- c:\program files\Common Files\INCA Shared
2012-02-13 16:55 . 2012-02-24 13:55 -------- d-----w- c:\users\Bednar\AppData\Local\PMB Files
2012-02-13 16:55 . 2012-02-13 16:55 -------- d-----w- c:\program files (x86)\Pando Networks
2012-02-13 16:55 . 2012-02-13 16:55 -------- d-----w- c:\users\Bednar\AppData\Local\Pando_Temp
2012-02-13 16:53 . 2012-03-04 16:00 -------- d-----w- c:\users\Bednar\AppData\Local\assembly
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-10 17:01 . 2011-06-20 18:50 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-07 00:15 . 2011-11-20 20:39 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-04 15:09 . 2011-06-28 19:43 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-23 08:18 . 2010-02-10 06:18 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-13 18:24 . 2011-11-01 19:48 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-02-13 18:24 . 2011-11-01 19:48 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-02-13 18:24 . 2011-11-01 19:48 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-02-13 18:24 . 2011-11-01 19:48 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-12-18 15:03 . 2011-12-18 15:03 525544 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-09_11.53.58 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-07-24 08:50 . 2006-07-24 08:50 47920 c:\windows\SysWOW64\VBAME.DLL
+ 2006-07-24 09:50 . 2006-07-24 09:50 47920 c:\windows\SysWOW64\VBAME.DLL
+ 2006-07-24 09:50 . 2006-07-24 09:50 39728 c:\windows\SysWOW64\SCP32.DLL
- 2006-07-24 08:50 . 2006-07-24 08:50 39728 c:\windows\SysWOW64\SCP32.DLL
- 2006-10-26 11:10 . 2006-10-26 11:10 33088 c:\windows\SysWOW64\FM20ENU.DLL
+ 2006-10-26 12:10 . 2006-10-26 12:10 33088 c:\windows\SysWOW64\FM20ENU.DLL
- 2009-07-14 04:54 . 2012-03-09 11:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-13 18:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-09 11:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-13 18:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-13 18:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-09 11:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-10 06:25 . 2012-03-13 18:26 47766 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-13 18:26 43198 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-19 18:17 . 2012-03-13 18:26 13076 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3886483897-863331433-1063582742-1000_UserData.bin
+ 2009-07-14 05:30 . 2012-03-09 16:19 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2012-02-15 23:16 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2012-03-09 16:19 . 2012-02-23 15:54 12368 c:\windows\system32\DriverStore\FileRepository\aswndispt.inf_amd64_neutral_f73b19d2ccf2ed02\aswNdis.sys
+ 2009-07-14 04:46 . 2012-03-13 18:25 80296 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-03-17 19:00 . 2011-03-17 19:00 90624 c:\windows\Installer\4e5a1.msp
+ 2012-03-13 17:44 . 2012-03-13 18:35 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-06-20 15:29 . 2012-02-16 02:00 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2012-03-13 17:44 . 2012-03-13 18:35 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2011-06-20 15:29 . 2012-02-16 02:00 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2012-03-13 17:44 . 2012-03-13 18:35 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2011-06-20 15:29 . 2012-02-16 02:00 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2006-07-24 09:50 . 2006-07-24 09:50 47920 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\VBAME.DLL
+ 2009-03-04 16:24 . 2009-03-04 16:24 54088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\SCANOST.EXE
+ 2009-03-04 16:24 . 2009-03-04 16:24 75608 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\RM.DLL
+ 2009-03-04 16:24 . 2009-03-04 16:24 38240 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\RECALL.DLL
+ 2009-03-04 16:24 . 2009-03-04 16:24 52072 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OUTLVBA.DLL
+ 2006-07-24 09:50 . 2006-07-24 09:50 92976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSADDNDR.DLL
+ 2009-03-04 16:24 . 2009-03-04 16:24 34192 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\DUMPSTER.DLL
+ 2009-03-04 16:24 . 2009-03-04 16:24 87392 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\DLGSETP.DLL
+ 2006-10-26 20:17 . 2006-10-26 20:17 11072 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XLCALL32.DLL
- 2006-10-26 19:17 . 2006-10-26 19:17 11072 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XLCALL32.DLL
+ 2006-10-26 20:13 . 2006-10-26 20:13 72472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XL12CNVP.DLL
- 2006-10-26 19:13 . 2006-10-26 19:13 72472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XL12CNVP.DLL
+ 2006-10-27 14:11 . 2006-10-27 14:11 21264 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12EXE.EXE
- 2006-10-27 13:11 . 2006-10-27 13:11 21264 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12EXE.EXE
- 2011-06-20 15:29 . 2011-06-20 15:29 12096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WORDPOL.DLL
+ 2012-03-13 17:43 . 2012-03-13 17:43 12096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WORDPOL.DLL
- 2011-06-20 15:29 . 2011-06-20 15:29 12080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VBIDEPOL.DLL
+ 2012-03-13 17:43 . 2012-03-13 17:43 12080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VBIDEPOL.DLL
- 2011-06-20 15:29 . 2011-06-20 15:29 64288 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VBIDEPIA.DLL
+ 2012-03-13 17:42 . 2012-03-13 17:42 64288 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VBIDEPIA.DLL
- 2006-10-26 17:59 . 2006-10-26 17:59 15672 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SMARTTAGINSTALL.EXE
+ 2006-10-26 18:59 . 2006-10-26 18:59 15672 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SMARTTAGINSTALL.EXE
+ 2006-10-26 18:49 . 2006-10-26 18:49 34104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SETLANG.EXE
- 2006-10-26 17:49 . 2006-10-26 17:49 34104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SETLANG.EXE
+ 2006-10-26 19:55 . 2006-10-26 19:55 55056 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCANOST.EXE
- 2006-10-26 18:55 . 2006-10-26 18:55 55056 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCANOST.EXE
- 2006-10-26 18:55 . 2006-10-26 18:55 76576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\RM.DLL
+ 2006-10-26 19:55 . 2006-10-26 19:55 76576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\RM.DLL
- 2006-10-26 18:12 . 2006-10-26 18:12 40424 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REFIEBAR.DLL
+ 2006-10-26 19:12 . 2006-10-26 19:12 40424 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REFIEBAR.DLL
- 2006-10-26 19:13 . 2006-10-26 19:13 38168 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REFEDIT.DLL
+ 2006-10-26 20:13 . 2006-10-26 20:13 38168 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REFEDIT.DLL
+ 2006-10-26 19:55 . 2006-10-26 19:55 39208 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\RECALL.DLL
- 2006-10-26 18:55 . 2006-10-26 18:55 39208 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\RECALL.DLL
+ 2012-03-13 17:43 . 2012-03-13 17:43 12112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTPOL.DLL
- 2011-06-20 15:29 . 2011-06-20 15:29 12112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTPOL.DLL
- 2006-10-26 18:55 . 2006-10-26 18:55 53048 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLVBA.DLL
+ 2006-10-26 19:55 . 2006-10-26 19:55 53048 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLVBA.DLL
+ 2006-10-27 14:16 . 2006-10-27 14:16 46864 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLRPC.DLL
- 2006-10-27 13:16 . 2006-10-27 13:16 46864 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLRPC.DLL
+ 2006-10-27 14:16 . 2006-10-27 14:16 31000 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLACCT.DLL
- 2006-10-27 13:16 . 2006-10-27 13:16 31000 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLACCT.DLL
+ 2006-10-26 18:59 . 2006-10-26 18:59 46936 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OSETUPPS.DLL
- 2006-10-26 17:59 . 2006-10-26 17:59 46936 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OSETUPPS.DLL
- 2006-10-26 17:59 . 2006-10-26 17:59 16728 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMUOPTINPS.DLL
+ 2006-10-26 18:59 . 2006-10-26 18:59 16728 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMUOPTINPS.DLL
- 2006-10-26 18:00 . 2006-10-26 18:00 23392 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISCTRL.DLL
+ 2006-10-26 19:00 . 2006-10-26 19:00 23392 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISCTRL.DLL
- 2006-10-27 13:11 . 2006-10-27 13:11 54680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFRHD.DLL
+ 2006-10-27 14:11 . 2006-10-27 14:11 54680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFRHD.DLL
- 2011-06-20 15:29 . 2011-06-20 15:29 11544 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFICEPL.DLL
+ 2012-03-13 17:43 . 2012-03-13 17:43 11544 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFICEPL.DLL
- 2006-10-26 18:12 . 2006-10-26 18:12 16192 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\NPOFF12.DLL
+ 2006-10-26 19:12 . 2006-10-26 19:12 16192 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\NPOFF12.DLL
- 2006-10-26 18:12 . 2006-10-26 18:12 65824 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\NAME.DLL
+ 2006-10-26 19:12 . 2006-10-26 19:12 65824 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\NAME.DLL
+ 2012-03-13 17:43 . 2012-03-13 17:43 12104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTAGPOL.DLL
- 2011-06-20 15:29 . 2011-06-20 15:29 12104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTAGPOL.DLL
- 2011-06-20 15:29 . 2011-06-20 15:29 20280 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTAGPIA.DLL
+ 2012-03-13 17:42 . 2012-03-13 17:42 20280 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTAGPIA.DLL
+ 2006-10-26 18:59 . 2006-10-26 18:59 43832 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSSH.DLL
- 2006-10-26 17:59 . 2006-10-26 17:59 43832 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSSH.DLL
- 2006-10-27 13:26 . 2006-10-27 13:26 35152 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOSTYLE.DLL
+ 2006-10-27 14:26 . 2006-10-27 14:26 35152 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOSTYLE.DLL
+ 2006-10-26 18:52 . 2006-10-26 18:52 66368 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOMSE.DLL
- 2006-10-26 17:52 . 2006-10-26 17:52 66368 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOMSE.DLL
+ 2006-10-26 19:12 . 2006-10-26 19:12 67896 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOHTMED.EXE
- 2006-10-26 18:12 . 2006-10-26 18:12 67896 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOHTMED.EXE
+ 2006-10-27 14:01 . 2006-10-27 14:01 76088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOHEV.DLL
- 2006-10-27 13:01 . 2006-10-27 13:01 76088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOHEV.DLL
+ 2006-10-26 20:13 . 2006-10-26 20:13 26936 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOEURO.DLL
- 2006-10-26 19:13 . 2006-10-26 19:13 26936 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOEURO.DLL
+ 2006-10-26 18:48 . 2006-10-26 18:48 14664 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOCFU.DLL
- 2006-10-26 17:48 . 2006-10-26 17:48 14664 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOCFU.DLL
- 2006-10-26 17:59 . 2006-10-26 17:59 19768 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSMH.DLL
+ 2006-10-26 18:59 . 2006-10-26 18:59 19768 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSMH.DLL
+ 2006-10-26 18:52 . 2006-10-26 18:52 48424 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSE7.EXE
- 2006-10-26 17:52 . 2006-10-26 17:52 48424 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSE7.EXE
- 2006-10-26 19:18 . 2006-10-26 19:18 66880 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSAEXP30.DLL
+ 2006-10-26 20:18 . 2006-10-26 20:18 66880 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSAEXP30.DLL
- 2006-10-26 18:55 . 2006-10-26 18:55 21312 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MLSHEXT.DLL
+ 2006-10-26 19:55 . 2006-10-26 19:55 21312 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MLSHEXT.DLL
- 2006-10-26 18:12 . 2006-10-26 18:12 89400 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\METCONV.DLL
+ 2006-10-26 19:12 . 2006-10-26 19:12 89400 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\METCONV.DLL
- 2011-06-20 15:29 . 2011-06-20 15:29 12096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GRAPHPOL.DLL
+ 2012-03-13 17:43 . 2012-03-13 17:43 12096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GRAPHPOL.DLL
+ 2012-03-13 17:42 . 2012-03-13 17:42 12096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXCELPOL.DLL
- 2011-06-20 15:29 . 2011-06-20 15:29 12096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXCELPOL.DLL
- 2006-10-26 18:55 . 2006-10-26 18:55 35160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DUMPSTER.DLL
+ 2006-10-26 19:55 . 2006-10-26 19:55 35160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DUMPSTER.DLL
+ 2006-10-26 19:55 . 2006-10-26 19:55 87344 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DLGSETP.DLL
- 2006-10-26 18:55 . 2006-10-26 18:55 87344 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DLGSETP.DLL
+ 2006-10-26 20:30 . 2006-10-26 20:30 65312 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\COLLIMP.DLL
- 2006-10-26 19:30 . 2006-10-26 19:30 65312 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\COLLIMP.DLL
- 2006-10-26 18:12 . 2006-10-26 18:12 53576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\AUTHZAX.DLL
+ 2006-10-26 19:12 . 2006-10-26 19:12 53576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\AUTHZAX.DLL
- 2006-10-26 18:13 . 2006-10-26 18:13 56120 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACERCLR.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 56120 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACERCLR.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODTXT.DLL
- 2006-10-26 18:13 . 2006-10-26 18:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODTXT.DLL
- 2006-10-26 18:13 . 2006-10-26 18:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODPDX.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODPDX.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODEXL.DLL
- 2006-10-26 18:13 . 2006-10-26 18:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODEXL.DLL
- 2006-10-26 18:13 . 2006-10-26 18:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODDBS.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODDBS.DLL
- 2006-10-27 13:00 . 2006-10-27 13:00 47976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEERR.DLL
+ 2006-10-27 14:00 . 2006-10-27 14:00 47976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEERR.DLL
+ 2006-10-26 20:18 . 2006-10-26 20:18 94016 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACCOLK.DLL
- 2006-10-26 19:18 . 2006-10-26 19:18 94016 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACCOLK.DLL
+ 2012-03-13 17:43 . 2012-03-13 17:43 16384 c:\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
- 2011-06-20 15:29 . 2011-06-20 15:29 16384 c:\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
- 2011-06-20 22:51 . 2011-06-20 22:51 10576 c:\windows\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
+ 2012-03-13 17:51 . 2012-03-13 17:51 10576 c:\windows\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
- 2011-06-20 22:51 . 2011-06-20 22:51 11112 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
+ 2012-03-13 17:51 . 2012-03-13 17:51 11112 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
+ 2012-03-13 17:51 . 2012-03-13 17:51 11128 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
- 2011-06-20 22:51 . 2011-06-20 22:51 11136 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll
+ 2012-03-13 17:51 . 2012-03-13 17:51 11136 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll
- 2011-06-20 22:51 . 2011-06-20 22:51 11152 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll
+ 2012-03-13 17:52 . 2012-03-13 17:52 11152 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll
- 2011-06-20 15:29 . 2011-06-20 15:29 12632 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2012-03-13 17:43 . 2012-03-13 17:43 12632 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2012-03-13 17:43 . 2012-03-13 17:43 12104 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Outlook.dll
- 2011-06-20 15:29 . 2011-06-20 15:29 12104 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Outlook.dll
- 2011-06-20 22:51 . 2011-06-20 22:51 11128 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll
+ 2012-03-13 17:51 . 2012-03-13 17:51 11128 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll
+ 2012-03-13 17:51 . 2012-03-13 17:51 11144 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll
- 2011-06-20 22:51 . 2011-06-20 22:51 11144 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll
+ 2012-03-13 17:42 . 2012-03-13 17:42 12104 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Access.dll
- 2011-06-20 15:29 . 2011-06-20 15:29 12104 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Access.dll
- 2011-11-04 14:39 . 2011-11-04 14:39 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2012-03-13 17:51 . 2012-03-13 17:51 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2012-03-13 17:43 . 2012-03-13 17:43 13312 c:\windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
- 2011-06-20 15:29 . 2011-06-20 15:29 13312 c:\windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
+ 2012-03-13 17:51 . 2012-03-13 17:51 19320 c:\windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
- 2011-06-20 22:51 . 2011-06-20 22:51 19320 c:\windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
+ 2012-03-13 17:42 . 2012-03-13 17:42 35648 c:\windows\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2012-03-13 17:42 . 2012-03-13 17:42 80696 c:\windows\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll
- 2011-06-20 15:29 . 2011-06-20 15:29 80696 c:\windows\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll
- 2011-06-20 15:29 . 2011-06-20 15:29 65536 c:\windows\assembly\GAC\dao\10.0.4504.0__31bf3856ad364e35\DAO.DLL
+ 2012-03-13 17:43 . 2012-03-13 17:43 65536 c:\windows\assembly\GAC\dao\10.0.4504.0__31bf3856ad364e35\DAO.DLL
+ 2011-11-14 04:17 . 2012-03-13 18:23 3320 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-03-09 11:53 . 2012-03-09 11:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-13 18:41 . 2012-03-13 18:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-09 11:53 . 2012-03-09 11:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-13 18:41 . 2012-03-13 18:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-06-20 15:29 . 2011-06-20 15:29 4096 c:\windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
+ 2012-03-13 17:43 . 2012-03-13 17:43 4096 c:\windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
+ 2012-03-13 17:43 . 2012-03-13 17:43 4608 c:\windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll
- 2011-06-20 15:29 . 2011-06-20 15:29 4608 c:\windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll
- 2006-10-26 11:45 . 2006-10-26 11:45 293376 c:\windows\SysWOW64\WISPTIS.EXE
+ 2006-10-26 12:45 . 2006-10-26 12:45 293376 c:\windows\SysWOW64\WISPTIS.EXE
+ 2006-07-24 09:50 . 2006-07-24 09:50 125744 c:\windows\SysWOW64\MSSTDFMT.DLL
+ 2012-03-10 17:01 . 2012-03-10 17:01 250528 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe
+ 2012-03-10 17:01 . 2012-03-10 17:01 335520 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.dll
- 2012-03-04 22:15 . 2012-03-08 12:40 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-03-04 22:15 . 2012-03-13 13:04 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 02:36 . 2012-03-10 16:40 655092 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-02-29 06:16 655092 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-02-29 06:16 121964 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-03-10 16:40 121964 c:\windows\system32\perfc009.dat
+ 2012-03-10 17:01 . 2012-03-10 17:01 465568 c:\windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.exe
+ 2012-03-10 17:01 . 2012-03-10 17:01 376480 c:\windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.dll
+ 2012-03-13 18:40 . 2012-03-13 18:41 433640 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 05:30 . 2012-02-15 23:16 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-03-09 16:19 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-02-15 23:15 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-03-09 16:19 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:01 . 2012-03-09 11:52 407948 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-13 18:40 407948 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-13 17:40 . 2012-03-13 17:40 847872 c:\windows\Installer\4e382.msi
+ 2012-03-13 17:40 . 2012-03-13 17:40 503808 c:\windows\Installer\4e35e.msi
+ 2012-03-13 17:40 . 2012-03-13 17:40 507904 c:\windows\Installer\4e357.msi
+ 2012-03-13 17:40 . 2012-03-13 17:40 515072 c:\windows\Installer\4e34f.msi
+ 2012-03-13 17:40 . 2012-03-13 17:40 506368 c:\windows\Installer\4e348.msi
+ 2012-03-13 17:40 . 2012-03-13 17:40 505344 c:\windows\Installer\4e341.msi
+ 2011-03-17 19:03 . 2011-03-17 19:03 308736 c:\windows\Installer\4a443.msp
+ 2010-08-04 14:13 . 2010-08-04 14:13 686080 c:\windows\Installer\4a375.msp
+ 2009-05-26 17:53 . 2009-05-26 17:53 579072 c:\windows\Installer\4a277.msp
+ 2010-07-23 00:03 . 2010-07-23 00:03 338432 c:\windows\Installer\4a231.msp
+ 2012-03-13 17:50 . 2012-03-13 17:50 217864 c:\windows\Installer\{90120000-006E-0415-0000-0000000FF1CE}\misc.exe
- 2011-11-04 14:33 . 2011-11-04 14:33 217864 c:\windows\Installer\{90120000-006E-0415-0000-0000000FF1CE}\misc.exe
- 2011-06-20 15:29 . 2012-02-16 02:00 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2012-03-13 17:44 . 2012-03-13 18:35 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2011-06-20 15:29 . 2012-02-16 02:00 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2012-03-13 17:44 . 2012-03-13 18:35 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2011-06-20 15:29 . 2012-02-16 02:00 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2012-03-13 17:44 . 2012-03-13 18:35 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2011-06-20 15:29 . 2012-02-16 02:00 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2012-03-13 17:44 . 2012-03-13 18:35 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2012-03-13 17:44 . 2012-03-13 18:35 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2011-06-20 15:29 . 2012-02-16 02:00 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2011-06-20 15:29 . 2012-02-16 02:00 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2012-03-13 17:44 . 2012-03-13 18:35 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2011-06-20 15:29 . 2012-02-16 02:00 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2012-03-13 17:44 . 2012-03-13 18:35 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-04-03 17:11 . 2009-04-03 17:11 408424 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\WINWORD.EXE
+ 2009-03-06 01:37 . 2009-03-06 01:37 501640 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\SOA.DLL
+ 2009-03-04 16:24 . 2009-03-04 16:24 282032 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\SCNPST64.DLL
+ 2009-03-04 16:24 . 2009-03-04 16:24 273320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\SCNPST32.DLL
+ 2009-03-06 01:06 . 2009-03-06 01:06 407904 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\RTFHTML.DLL
+ 2009-03-04 16:24 . 2009-03-04 16:24 420696 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PSTPRX32.DLL
+ 2012-03-13 17:52 . 2012-03-13 17:52 350064 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PPTPIA.DLL
+ 2009-04-03 17:04 . 2009-04-03 17:04 521064 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\POWERPNT.EXE
+ 2008-11-20 23:49 . 2008-11-20 23:49 169360 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OUTLPH.DLL
+ 2009-03-06 01:05 . 2009-03-06 01:05 593288 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OUTLMIME.DLL
+ 2008-10-30 20:24 . 2008-10-30 20:24 137552 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OUTLCTL.DLL
+ 2009-03-06 03:55 . 2009-03-06 03:55 194448 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OMSXP32.DLL
+ 2009-03-06 03:55 . 2009-03-06 03:55 661888 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OMSMAIN.DLL
+ 2009-03-04 16:24 . 2009-03-04 16:24 253808 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OLKFSTUB.DLL
+ 2006-07-24 09:50 . 2006-07-24 09:50 125744 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSSTDFMT.DLL
+ 2008-11-04 03:13 . 2008-11-04 03:13 118128 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSCONV97.DLL
+ 2009-03-04 16:24 . 2009-03-04 16:24 340304 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MIMEDIR.DLL
+ 2009-03-04 16:24 . 2009-03-04 16:24 138072 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\IMPMAIL.DLL
+ 2008-11-20 23:48 . 2008-11-20 23:48 116600 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\EMABLT32.DLL
+ 2009-03-06 01:05 . 2009-03-06 01:05 127336 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\CONTAB32.DLL
+ 2008-10-26 05:26 . 2008-10-26 05:26 162680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACCWIZ.DLL
+ 2006-10-26 19:49 . 2006-10-26 19:49 509200 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12CVR.DLL
- 2006-10-26 18:49 . 2006-10-26 18:49 509200 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12CVR.DLL
+ 2012-03-13 17:42 . 2012-03-13 17:42 781104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WORDPIA.DLL
- 2011-06-20 15:29 . 2011-06-20 15:29 781104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WORDPIA.DLL
+ 2006-10-27 14:23 . 2006-10-27 14:23 347432 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WINWORD.EXE
- 2006-10-27 13:23 . 2006-10-27 13:23 347432 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WINWORD.EXE
+ 2006-07-28 14:21 . 2006-07-28 14:21 277320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SSGEN.DLL
- 2006-07-28 13:21 . 2006-07-28 13:21 277320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SSGEN.DLL
+ 2006-10-26 20:18 . 2006-10-26 20:18 502608 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SOA.DLL
- 2006-10-26 19:18 . 2006-10-26 19:18 502608 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SOA.DLL
- 2006-10-26 18:06 . 2006-10-26 18:06 439600 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SETUP.EXE
+ 2006-10-26 19:06 . 2006-10-26 19:06 439600 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SETUP.EXE
- 2006-10-26 18:13 . 2006-10-26 18:13 503624 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SELFCERT.EXE
+ 2006-10-26 19:13 . 2006-10-26 19:13 503624 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SELFCERT.EXE
- 2006-10-26 18:55 . 2006-10-26 18:55 272744 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST64.DLL
+ 2006-10-26 19:55 . 2006-10-26 19:55 272744 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST64.DLL
- 2006-10-26 18:55 . 2006-10-26 18:55 263520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST32.DLL
+ 2006-10-26 19:55 . 2006-10-26 19:55 263520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST32.DLL
- 2006-10-27 13:16 . 2006-10-27 13:16 408880 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\RTFHTML.DLL
+ 2006-10-27 14:16 . 2006-10-27 14:16 408880 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\RTFHTML.DLL
+ 2006-10-26 19:55 . 2006-10-26 19:55 413472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PSTPRX32.DLL
- 2006-10-26 18:55 . 2006-10-26 18:55 413472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PSTPRX32.DLL
+ 2012-03-13 17:42 . 2012-03-13 17:42 248632 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTPIA.DLL
- 2011-06-20 15:29 . 2011-06-20 15:29 248632 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTPIA.DLL
- 2006-10-26 19:07 . 2006-10-26 19:07 368968 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPSLAX.DLL
+ 2006-10-26 20:07 . 2006-10-26 20:07 368968 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPSLAX.DLL
+ 2006-10-27 14:04 . 2006-10-27 14:04 465200 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\POWERPNT.EXE
- 2006-10-27 13:04 . 2006-10-27 13:04 465200 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\POWERPNT.EXE
- 2006-10-26 19:30 . 2006-10-26 19:30 482088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PORTCONN.DLL
+ 2006-10-26 20:30 . 2006-10-26 20:30 482088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PORTCONN.DLL
- 2006-10-27 13:16 . 2006-10-27 13:16 176976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLPH.DLL
+ 2006-10-27 14:16 . 2006-10-27 14:16 176976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLPH.DLL
- 2006-10-27 13:16 . 2006-10-27 13:16 594256 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLMIME.DLL
+ 2006-10-27 14:16 . 2006-10-27 14:16 594256 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLMIME.DLL
- 2006-07-26 16:53 . 2006-07-26 16:53 459080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL
+ 2006-07-26 17:53 . 2006-07-26 17:53 459080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL
+ 2006-10-27 14:16 . 2006-10-27 14:16 138512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLCTL.DLL
- 2006-10-27 13:16 . 2006-10-27 13:16 138512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLCTL.DLL
- 2006-10-26 18:34 . 2006-10-26 18:34 192848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSXP32.DLL
+ 2006-10-26 19:34 . 2006-10-26 19:34 192848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSXP32.DLL
+ 2006-10-26 19:34 . 2006-10-26 19:34 660792 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSMAIN.DLL
- 2006-10-26 18:34 . 2006-10-26 18:34 660792 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSMAIN.DLL
+ 2006-10-26 19:55 . 2006-10-26 19:55 254776 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OLKFSTUB.DLL
- 2006-10-26 18:55 . 2006-10-26 18:55 254776 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OLKFSTUB.DLL
- 2006-10-26 18:00 . 2006-10-26 18:00 285008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISGRAPH.DLL
+ 2006-10-26 19:00 . 2006-10-26 19:00 285008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISGRAPH.DLL
- 2006-10-26 18:00 . 2006-10-26 18:00 998208 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISAPP.DLL
+ 2006-10-26 19:00 . 2006-10-26 19:00 998208 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISAPP.DLL
+ 2006-10-26 19:00 . 2006-10-26 19:00 274744 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OIS.EXE
- 2006-10-26 18:00 . 2006-10-26 18:00 274744 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OIS.EXE
+ 2006-10-20 07:37 . 2006-10-20 07:37 637744 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OGALEGIT.DLL
- 2006-10-20 06:37 . 2006-10-20 06:37 637744 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OGALEGIT.DLL
+ 2012-03-13 17:42 . 2012-03-13 17:42 416544 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFICE.DLL
- 2011-06-20 15:29 . 2011-06-20 15:29 416544 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFICE.DLL
- 2006-10-26 18:06 . 2006-10-26 18:06 232816 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ODEPLOY.EXE
+ 2006-10-26 19:06 . 2006-10-26 19:06 232816 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ODEPLOY.EXE
+ 2006-10-26 18:55 . 2006-10-26 18:55 538904 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORES.DLL
- 2006-10-26 17:55 . 2006-10-26 17:55 538904 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORES.DLL
- 2006-10-26 17:55 . 2006-10-26 17:55 145688 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORE.EXE
+ 2006-10-26 18:55 . 2006-10-26 18:55 145688 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORE.EXE
- 2006-10-26 17:55 . 2006-10-26 17:55 832800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORDB.EXE
+ 2006-10-26 18:55 . 2006-10-26 18:55 832800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORDB.EXE
- 2006-10-26 11:56 . 2006-10-26 11:56 505136 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSSOAP30.DLL
+ 2006-10-26 12:56 . 2006-10-26 12:56 505136 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSSOAP30.DLL
- 2006-10-26 17:50 . 2006-10-26 17:50 672024 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSQRY32.EXE
+ 2006-10-26 18:50 . 2006-10-26 18:50 672024 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSQRY32.EXE
+ 2006-10-26 13:47 . 2006-10-26 13:47 727840 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPROOF6.DLL
- 2006-10-26 12:47 . 2006-10-26 12:47 727840 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPROOF6.DLL
+ 2006-10-26 12:56 . 2006-10-26 12:56 436520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSORUN.DLL
- 2006-10-26 11:56 . 2006-10-26 11:56 436520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSORUN.DLL
+ 2006-10-26 19:12 . 2006-10-26 19:12 428816 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSODCW.DLL
- 2006-10-26 18:12 . 2006-10-26 18:12 428816 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSODCW.DLL
+ 2006-10-27 13:59 . 2006-10-27 13:59 161080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOCF.DLL
- 2006-10-27 12:59 . 2006-10-27 12:59 161080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOCF.DLL
+ 2006-10-26 12:58 . 2006-10-26 12:58 117552 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSCONV97.DLL
- 2006-10-26 11:58 . 2006-10-26 11:58 117552 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSCONV97.DLL
- 2006-10-26 11:58 . 2006-10-26 11:58 290576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSCDM.DLL
+ 2006-10-26 12:58 . 2006-10-26 12:58 290576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSCDM.DLL
- 2006-10-26 17:52 . 2006-10-26 17:52 460616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MODHELP.DLL
+ 2006-10-26 18:52 . 2006-10-26 18:52 460616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MODHELP.DLL
- 2006-10-26 18:55 . 2006-10-26 18:55 340248 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MIMEDIR.DLL
+ 2006-10-26 19:55 . 2006-10-26 19:55 340248 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MIMEDIR.DLL
- 2006-10-26 17:55 . 2006-10-26 17:55 828704 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MEDCAT.DLL
+ 2006-10-26 18:55 . 2006-10-26 18:55 828704 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MEDCAT.DLL
- 2006-10-26 18:55 . 2006-10-26 18:55 138024 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IMPMAIL.DLL
+ 2006-10-26 19:55 . 2006-10-26 19:55 138024 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IMPMAIL.DLL
- 2006-10-26 18:00 . 2006-10-26 18:00 178488 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IETAG.DLL
+ 2006-10-26 19:00 . 2006-10-26 19:00 178488 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IETAG.DLL
- 2006-10-26 18:12 . 2006-10-26 18:12 173328 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IEAWSDC.DLL
+ 2006-10-26 19:12 . 2006-10-26 19:12 173328 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IEAWSDC.DLL
+ 2012-03-13 17:42 . 2012-03-13 17:42 150320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GRAPHPIA.DLL
- 2011-06-20 15:29 . 2011-06-20 15:29 150320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GRAPHPIA.DLL
+ 2006-10-27 14:09 . 2006-10-27 14:09 983376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FPWEC.DLL
- 2006-10-27 13:09 . 2006-10-27 13:09 983376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FPWEC.DLL
- 2006-10-26 18:55 . 2006-10-26 18:55 154960 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ENVELOPE.DLL
+ 2006-10-26 19:55 . 2006-10-26 19:55 154960 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ENVELOPE.DLL
+ 2006-10-26 19:55 . 2006-10-26 19:55 116544 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EMABLT32.DLL
- 2006-10-26 18:55 . 2006-10-26 18:55 116544 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EMABLT32.DLL
+ 2006-10-26 18:48 . 2006-10-26 18:48 434528 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DWTRIG20.EXE
- 2006-10-26 17:48 . 2006-10-26 17:48 434528 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DWTRIG20.EXE
+ 2006-10-26 19:12 . 2006-10-26 19:12 106824 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DSSM.EXE
- 2006-10-26 18:12 . 2006-10-26 18:12 106824 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DSSM.EXE
- 2006-10-26 18:12 . 2006-10-26 18:12 189760 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONTACTPICKER.DLL
+ 2006-10-26 19:12 . 2006-10-26 19:12 189760 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONTACTPICKER.DLL
- 2006-10-27 13:16 . 2006-10-27 13:16 133936 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONTAB32.DLL
+ 2006-10-27 14:16 . 2006-10-27 14:16 133936 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONTAB32.DLL
- 2006-10-26 17:59 . 2006-10-26 17:59 205616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CLVIEW.EXE
+ 2006-10-26 18:59 . 2006-10-26 18:59 205616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CLVIEW.EXE
- 2006-10-27 13:41 . 2006-10-27 13:41 399640 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CDLMSO.DLL
+ 2006-10-27 14:41 . 2006-10-27 14:41 399640 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CDLMSO.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 371568 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEXBE.DLL
- 2006-10-26 18:13 . 2006-10-26 18:13 371568 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEXBE.DLL
- 2006-10-27 13:40 . 2006-10-27 13:40 208760 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEWSS.DLL
+ 2006-10-27 14:40 . 2006-10-27 14:40 208760 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEWSS.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 826232 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEWDAT.DLL
- 2006-10-26 18:13 . 2006-10-26 18:13 826232 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEWDAT.DLL
- 2006-10-26 18:13 . 2006-10-26 18:13 224104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACETXT.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 224104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACETXT.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 551800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEREP.DLL
- 2006-10-26 18:13 . 2006-10-26 18:13 551800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEREP.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 289648 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACER3X.DLL
- 2006-10-26 18:13 . 2006-10-26 18:13 289648 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACER3X.DLL
- 2006-10-26 18:13 . 2006-10-26 18:13 260976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACER2X.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 260976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACER2X.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 392048 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEPDE.DLL
- 2006-10-26 18:13 . 2006-10-26 18:13 392048 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEPDE.DLL
+ 2006-10-27 14:00 . 2006-10-27 14:00 387960 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL
- 2006-10-27 13:00 . 2006-10-27 13:00 387960 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL
- 2006-10-26 18:13 . 2006-10-26 18:13 279352 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODBC.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 279352 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODBC.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 207736 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACELTS.DLL
- 2006-10-26 18:13 . 2006-10-26 18:13 207736 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACELTS.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 629616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEEXCL.DLL
- 2006-10-26 18:13 . 2006-10-26 18:13 629616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEEXCL.DLL
- 2006-10-26 18:13 . 2006-10-26 18:13 338800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEEXCH.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 338800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEEXCH.DLL
+ 2006-10-27 14:00 . 2006-10-27 14:00 191360 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEES.DLL
- 2006-10-27 13:00 . 2006-10-27 13:00 191360 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEES.DLL
+ 2006-10-27 14:00 . 2006-10-27 14:00 576376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEDAO.DLL
- 2006-10-27 13:00 . 2006-10-27 13:00 576376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEDAO.DLL
- 2006-10-26 19:18 . 2006-10-26 19:18 162616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACCWIZ.DLL
+ 2006-10-26 20:18 . 2006-10-26 20:18 162616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACCWIZ.DLL
- 2006-10-27 13:00 . 2006-10-27 13:00 576376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACACEDAO.DLL
+ 2006-10-27 14:00 . 2006-10-27 14:00 576376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACACEDAO.DLL
- 2011-06-20 22:51 . 2011-06-20 22:51 423784 c:\windows\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2012-03-13 17:51 . 2012-03-13 17:51 423784 c:\windows\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL
- 2011-06-20 15:29 . 2011-06-20 15:29 229376 c:\windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
+ 2012-03-13 17:43 . 2012-03-13 17:43 229376 c:\windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
+ 2012-03-13 17:42 . 2012-03-13 17:42 371496 c:\windows\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
- 2011-06-20 15:29 . 2011-06-20 15:29 371496 c:\windows\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
+ 2012-03-13 17:51 . 2012-03-13 17:51 870256 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
- 2011-11-04 14:39 . 2011-11-04 14:39 870256 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
- 2011-11-04 14:39 . 2011-11-04 14:39 350080 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2012-03-13 18:35 . 2012-03-13 18:35 350080 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2012-03-13 17:42 . 2012-03-13 17:42 920376 c:\windows\assembly\GAC\Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
- 2011-06-20 15:29 . 2011-06-20 15:29 920376 c:\windows\assembly\GAC\Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
+ 2012-03-13 17:51 . 2012-03-13 17:51 149352 c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2012-03-13 17:43 . 2012-03-13 17:43 110592 c:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
- 2011-06-20 15:29 . 2011-06-20 15:29 110592 c:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
+ 2009-07-14 04:45 . 2012-03-13 18:24 5783024 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-02-16 13:27 5783024 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-06-20 19:56 . 2012-03-13 18:40 2695980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3886483897-863331433-1063582742-1000-12288.dat
+ 2009-02-25 18:08 . 2009-02-25 18:08 8311808 c:\windows\Installer\4e584.msp
+ 2009-04-04 13:22 . 2009-04-04 13:22 1605632 c:\windows\Installer\4e563.msp
+ 2009-04-04 16:10 . 2009-04-04 16:10 9926144 c:\windows\Installer\4e55a.msp
+ 2009-04-04 16:05 . 2009-04-04 16:05 7999488 c:\windows\Installer\4e542.msp
+ 2012-02-29 22:45 . 2012-02-29 22:45 4989440 c:\windows\Installer\4e3a3.msp
+ 2012-03-13 17:40 . 2012-03-13 17:40 1643008 c:\windows\Installer\4e37a.msi
+ 2012-03-13 17:40 . 2012-03-13 17:40 1656320 c:\windows\Installer\4e373.msi
+ 2012-03-13 17:40 . 2012-03-13 17:40 1656320 c:\windows\Installer\4e36c.msi
+ 2012-03-13 17:40 . 2012-03-13 17:40 1655296 c:\windows\Installer\4e365.msi
+ 2012-03-13 17:40 . 2012-03-13 17:40 2348544 c:\windows\Installer\4e33a.msi
+ 2012-03-13 17:40 . 2012-03-13 17:40 1650176 c:\windows\Installer\4e333.msi
+ 2012-03-13 17:40 . 2012-03-13 17:40 1644032 c:\windows\Installer\4e32c.msi
+ 2012-03-13 17:40 . 2012-03-13 17:40 2026496 c:\windows\Installer\4e325.msi
+ 2012-03-13 17:40 . 2012-03-13 17:40 1716224 c:\windows\Installer\4e31e.msi
+ 2012-03-13 17:40 . 2012-03-13 17:40 2395136 c:\windows\Installer\4e317.msi
+ 2011-08-10 16:43 . 2011-08-10 16:43 3795968 c:\windows\Installer\4a42c.msp
+ 2011-11-01 12:34 . 2011-11-01 12:34 4250112 c:\windows\Installer\4a414.msp
+ 2011-04-29 11:28 . 2011-04-29 11:28 1995264 c:\windows\Installer\4a3eb.msp
+ 2011-06-21 10:59 . 2011-06-21 10:59 1764352 c:\windows\Installer\4a3d3.msp
+ 2010-02-21 00:03 . 2010-02-21 00:03 4472832 c:\windows\Installer\4a3bc.msp
+ 2010-08-13 17:02 . 2010-08-13 17:02 2545664 c:\windows\Installer\4a3a5.msp
+ 2011-08-10 16:42 . 2011-08-10 16:42 7070208 c:\windows\Installer\4a38d.msp
+ 2010-08-13 17:00 . 2010-08-13 17:00 9404928 c:\windows\Installer\4a35d.msp
+ 2009-08-05 06:49 . 2009-08-05 06:49 3457024 c:\windows\Installer\4a343.msp
+ 2010-03-24 17:54 . 2010-03-24 17:54 3126272 c:\windows\Installer\4a32b.msp
+ 2010-03-24 17:54 . 2010-03-24 17:54 2516992 c:\windows\Installer\4a32a.msp
+ 2009-07-27 03:31 . 2009-07-27 03:31 3738624 c:\windows\Installer\4a311.msp
+ 2011-11-01 12:34 . 2011-11-01 12:34 2247168 c:\windows\Installer\4a2f9.msp
+ 2010-05-20 18:57 . 2010-05-20 18:57 4989952 c:\windows\Installer\4a2e0.msp
+ 2010-05-20 18:57 . 2010-05-20 18:57 5907456 c:\windows\Installer\4a2df.msp
+ 2011-11-11 15:14 . 2011-11-11 15:14 9096192 c:\windows\Installer\4a2be.msp
+ 2011-11-01 12:34 . 2011-11-01 12:34 4225536 c:\windows\Installer\4a2a6.msp
+ 2009-10-16 06:08 . 2009-10-16 06:08 2237952 c:\windows\Installer\4a28f.msp
+ 2011-11-01 12:34 . 2011-11-01 12:34 2531840 c:\windows\Installer\4a260.msp
+ 2009-08-18 12:08 . 2009-08-18 12:08 1373696 c:\windows\Installer\4a248.msp
+ 2010-08-04 14:12 . 2010-08-04 14:12 1004544 c:\windows\Installer\4a219.msp
+ 2011-11-11 15:15 . 2011-11-11 15:15 1795584 c:\windows\Installer\4a1ea.msp
+ 2011-07-27 06:39 . 2011-07-27 06:39 9892352 c:\windows\Installer\4a1d2.msp
+ 2011-11-11 15:16 . 2011-11-11 15:16 8458240 c:\windows\Installer\4a1b5.msp
+ 2012-03-13 17:44 . 2012-03-13 18:35 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2011-06-20 15:29 . 2012-02-16 02:00 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2011-06-20 15:29 . 2012-02-16 02:00 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2012-03-13 17:44 . 2012-03-13 18:35 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-04-03 16:57 . 2009-04-03 16:57 4671320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\WRD12CNV.DLL
+ 2008-08-25 21:50 . 2008-08-25 21:50 2585592 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\VBE6.DLL
+ 2008-11-10 01:41 . 2008-11-10 01:41 2014584 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PPTVIEW.EXE
+ 2009-04-03 17:04 . 2009-04-03 17:04 8468840 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PPCORE.DLL
+ 2009-03-06 01:05 . 2009-03-06 01:05 2964336 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OLMAPI32.DLL
+ 2009-02-05 10:36 . 2009-02-05 10:36 1640800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OGL.DLL
+ 2009-04-03 17:21 . 2009-04-03 17:21 8543096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OARTCONV.DLL
+ 2009-03-06 03:26 . 2009-03-06 03:26 5291376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\IPEDITOR.DLL
+ 2009-04-02 20:44 . 2009-04-02 20:44 2532224 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GRAPH.EXE
- 2006-10-27 13:11 . 2006-10-27 13:11 4235560 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12CNV.DLL
+ 2006-10-27 14:11 . 2006-10-27 14:11 4235560 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12CNV.DLL
+ 2006-09-29 23:42 . 2006-09-29 23:42 2583344 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VBE6.DLL
- 2006-09-29 22:42 . 2006-09-29 22:42 2583344 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VBE6.DLL
- 2006-10-27 12:57 . 2006-10-27 12:57 2330968 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\STSLIST.DLL
+ 2006-10-27 13:57 . 2006-10-27 13:57 2330968 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\STSLIST.DLL
+ 2006-10-26 18:52 . 2006-10-26 18:52 2012480 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTVIEW.EXE
- 2006-10-26 17:52 . 2006-10-26 17:52 2012480 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTVIEW.EXE
- 2006-10-27 13:04 . 2006-10-27 13:04 7980848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPCORE.DLL
+ 2006-10-27 14:04 . 2006-10-27 14:04 7980848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPCORE.DLL
- 2006-09-15 14:25 . 2006-09-15 14:25 3611416 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT
+ 2006-09-15 15:25 . 2006-09-15 15:25 3611416 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT
- 2006-10-26 18:07 . 2006-10-26 18:07 6536992 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OSETUP.DLL
+ 2006-10-26 19:07 . 2006-10-26 19:07 6536992 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OSETUP.DLL
- 2006-10-27 13:16 . 2006-10-27 13:16 2939704 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OLMAPI32.DLL
+ 2006-10-27 14:16 . 2006-10-27 14:16 2939704 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OLMAPI32.DLL
- 2006-10-27 13:18 . 2006-10-27 13:18 1658152 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OGL.DLL
+ 2006-10-27 14:18 . 2006-10-27 14:18 1658152 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OGL.DLL
+ 2006-10-26 19:14 . 2006-10-26 19:14 7033152 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFOWC.DLL
- 2006-10-26 18:14 . 2006-10-26 18:14 7033152 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFOWC.DLL
+ 2006-10-26 19:42 . 2006-10-26 19:42 8423224 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OARTCONV.DLL
- 2006-10-26 18:42 . 2006-10-26 18:42 8423224 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OARTCONV.DLL
+ 2006-10-26 13:47 . 2006-10-26 13:47 1512304 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\NLSD0000.DLL
- 2006-10-26 12:47 . 2006-10-26 12:47 1512304 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\NLSD0000.DLL
+ 2006-10-26 19:00 . 2006-10-26 19:00 6635320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSORES.DLL
- 2006-10-26 18:00 . 2006-10-26 18:00 6635320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSORES.DLL
- 2006-10-27 13:10 . 2006-10-27 13:10 5281592 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPEDITOR.DLL
+ 2006-10-27 14:10 . 2006-10-27 14:10 5281592 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPEDITOR.DLL
+ 2006-10-26 19:02 . 2006-10-26 19:02 2526520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GRAPH.EXE
- 2006-10-26 18:02 . 2006-10-26 18:02 2526520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GRAPH.EXE
+ 2006-10-26 18:21 . 2006-10-26 18:21 1682232 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL
- 2006-10-26 17:21 . 2006-10-26 17:21 1682232 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL
- 2006-10-26 12:10 . 2006-10-26 12:10 1190688 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FM20.DLL
+ 2006-10-26 13:10 . 2006-10-26 13:10 1190688 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FM20.DLL
- 2011-06-20 15:29 . 2011-06-20 15:29 1276720 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXCELPIA.DLL
+ 2012-03-13 17:42 . 2012-03-13 17:42 1276720 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXCELPIA.DLL
+ 2006-10-27 14:00 . 2006-10-27 14:00 1751904 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACECORE.DLL
- 2006-10-27 13:00 . 2006-10-27 13:00 1751904 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACECORE.DLL
- 2006-10-26 12:05 . 2006-10-26 12:05 1165584 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACCICONS.EXE
+ 2006-10-26 13:05 . 2006-10-26 13:05 1165584 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACCICONS.EXE
+ 2012-03-13 17:51 . 2012-03-13 17:51 1279848 c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2012-03-13 17:42 . 2012-03-13 17:42 1612592 c:\windows\assembly\GAC\Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll
- 2011-06-20 15:29 . 2011-06-20 15:29 1612592 c:\windows\assembly\GAC\Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll
+ 2012-03-13 17:43 . 2012-03-13 17:43 8007680 c:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
- 2011-06-20 15:29 . 2011-06-20 15:29 8007680 c:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
- 2009-07-14 02:34 . 2012-02-16 13:25 11010048 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-03-13 17:15 11010048 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-02-10 06:16 . 2012-03-13 17:04 56297240 c:\windows\system32\MRT.exe
+ 2009-04-14 03:23 . 2009-04-14 03:23 12037120 c:\windows\Installer\4e598.msp
+ 2009-04-14 02:48 . 2009-04-14 02:48 14414848 c:\windows\Installer\4e58e.msp
+ 2009-04-14 03:58 . 2009-04-14 03:58 18073088 c:\windows\Installer\4e56d.msp
+ 2009-04-04 16:09 . 2009-04-04 16:09 10874880 c:\windows\Installer\4e54e.msp
+ 2009-04-04 13:21 . 2009-04-04 13:21 20328448 c:\windows\Installer\4e3d4.msp
+ 2009-04-04 13:20 . 2009-04-04 13:20 14159872 c:\windows\Installer\4e3b0.msp
+ 2012-03-13 17:40 . 2012-03-13 17:40 18183680 c:\windows\Installer\4e38b.msi
+ 2011-07-27 06:37 . 2011-07-27 06:37 11592192 c:\windows\Installer\4a210.msp
+ 2010-07-23 00:04 . 2010-07-23 00:04 11395072 c:\windows\Installer\4a19d.msp
+ 2009-04-03 17:01 . 2009-04-03 17:01 15108448 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\XL12CNV.EXE
+ 2009-04-03 17:11 . 2009-04-03 17:11 17740136 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\WWLIB.DLL
+ 2009-03-06 01:06 . 2009-03-06 01:06 12707696 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OUTLOOK.EXE
+ 2009-04-03 17:21 . 2009-04-03 17:21 16037736 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OART.DLL
+ 2009-04-03 17:46 . 2009-04-03 17:46 17314688 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSO.DLL
+ 2009-03-06 01:37 . 2009-03-06 01:37 10222432 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSACCESS.EXE
+ 2009-04-03 17:11 . 2009-04-03 17:11 18330984 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\EXCEL.EXE
- 2006-10-26 19:13 . 2006-10-26 19:13 14674216 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XL12CNV.EXE
+ 2006-10-26 20:13 . 2006-10-26 20:13 14674216 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XL12CNV.EXE
- 2006-10-27 13:23 . 2006-10-27 13:23 17483560 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WWLIB.DLL
+ 2006-10-27 14:23 . 2006-10-27 14:23 17483560 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WWLIB.DLL
- 2006-10-27 13:16 . 2006-10-27 13:16 12813096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLOOK.EXE
+ 2006-10-27 14:16 . 2006-10-27 14:16 12813096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLOOK.EXE
- 2006-10-27 13:14 . 2006-10-27 13:14 14151456 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OART.DLL
+ 2006-10-27 14:14 . 2006-10-27 14:14 14151456 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OART.DLL
- 2006-10-27 13:26 . 2006-10-27 13:26 16870712 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSO.DLL
+ 2006-10-27 14:26 . 2006-10-27 14:26 16870712 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSO.DLL
- 2006-10-27 13:01 . 2006-10-27 13:01 10371880 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSACCESS.EXE
+ 2006-10-27 14:01 . 2006-10-27 14:01 10371880 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSACCESS.EXE
+ 2006-10-27 14:07 . 2006-10-27 14:07 17891112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXCEL.EXE
- 2006-10-27 13:07 . 2006-10-27 13:07 17891112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXCEL.EXE
+ 2009-04-04 16:08 . 2009-04-04 16:08 343058432 c:\windows\Installer\4e533.msp
.
-- Migawka wyzerowana --
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2011-03-31 19:45 501760 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tlen.pl"="c:\program files (x86)\Tlen7\tlen7.exe" [2011-04-11 82432]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-05 343168]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Usługa Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26 136176]
R3 dump_wmimmc;dump_wmimmc;e:\gry zainstalowane\NCSoft\Lineage II\system\GameGuard\dump_wmimmc.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Classic\safedrv.sys [x]
R3 gupdatem;Usługa Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26 136176]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [x]
.
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26 07:14]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26 07:14]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3886483897-863331433-1063582742-1000Core.job
- c:\users\Bednar\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-17 01:34]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3886483897-863331433-1063582742-1000UA.job
- c:\users\Bednar\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-17 01:34]
.
2012-03-13 c:\windows\Tasks\Windows Driver Foundation.job
- c:\program files (x86)\Common Files\Windows Driver Foundation\WUDFHost.exe [2012-03-06 15:29]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2011-03-31 19:46 625152 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2011-03-31 98304]
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.pl/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Bednar\AppData\Roaming\Mozilla\Firefox\Profiles\hjpzpduk.default\
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3886483897-863331433-1063582742-1000\Software\SecuROM\License information*]
"datasecu"=hex:a7,ed,e1,83,95,9e,06,3e,41,24,b3,fe,32,10,6d,30,a2,a1,c4,54,93,
c8,1e,01,22,b0,bc,14,8b,8d,88,e6,a8,9b,2d,7d,f2,a4,27,aa,b3,27,f1,d9,9c,a8,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\hasplms.exe
.
**************************************************************************
.
Czas ukończenia: 2012-03-13 19:44:52 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2012-03-13 18:44
ComboFix2.txt 2012-03-09 11:56
.
Przed: 11 593 453 568 bytes free
Po: 11 264 827 392 bytes free
.
- - End Of File - - 1372EF4DD78D4328C154F2BE686E79C0

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 AM

Posted 13 March 2012 - 04:29 PM

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Robo112

Robo112
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 13 March 2012 - 07:14 PM

hello again. There weren't any problems :)

MBAM log :

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.13.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bednar :: BEDNAR-PC [administrator]

2012-03-14 01:07:04
mbam-log-2012-03-14 (01-07-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 190356
Time elapsed: 2 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


HiJack this log :

ogfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:13:51, on 2012-03-14
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Tlen7\tlen7.exe
C:\Program Files (x86)\ Firefox\plugin-container.exe
E:\Gry zainstalowane\Steam\Steam.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\ Firefox\firefox.exe
C:\Program Files (x86)\ Firefox\plugin-container.exe
C:\Program Files (x86)\ Firefox\plugin-container.exe
C:\Program Files (x86)\HiJackthis\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Tlen.pl] C:\Program Files (x86)\Tlen7\tlen7.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {64964764-1101-4bbd-8891-B56B1A53B9B3} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Encrypting File System (EFS) (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Fax - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Usługa Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Sentinel HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: CNG Key Isolation (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Software Protection (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: Interactive Services Detection (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Credential Manager (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Virtual Disk (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: Block Level Backup Engine Service (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WMI Performance Adapter (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6955 bytes

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 AM

Posted 13 March 2012 - 09:55 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Tlen.pl] C:\Program Files (x86)\Tlen7\tlen7.exe
      O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Robo112

Robo112
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 14 March 2012 - 11:03 AM

Eset found the following (after 1,5h of scanning) :

E:\Nauka\Angielski\englishteststore_collections\clickmap_appliances_test01.zip probably a variant of Win32/Agent.BAIXGLA trojan
E:\Tools\Unlocker1.9.1-x64.exe a variant of Win32/Toolbar.Babylon application


I didn't remove tlen.exe from start-up because it's a program I use and I want it to start with windows.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 AM

Posted 14 March 2012 - 03:04 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "E:\Nauka\Angielski\englishteststore_collections\clickmap_appliances_test01.zip"
    del /f /s /q "E:\Tools\Unlocker1.9.1-x64.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop.

:DeFogger:

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Robo112

Robo112
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 15 March 2012 - 09:34 PM

thanks for your help :) I don't have any more questions and I am really grateful for your time.

Best regards,

rob

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 AM

Posted 15 March 2012 - 09:59 PM

you are more than welcome and glad I was able to help


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users