Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Search Redirect


  • This topic is locked This topic is locked
52 replies to this topic

#1 cra2

cra2

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 08 March 2012 - 01:03 AM

Win XP.
Firefox 10.0.2.

Suddenly saw "internet security center" hijack.
Couldn't run .exe's and it kept telling me I needed to run their scan.
Ignored it and ran Malware Bytes & Search and Destroy in and out of safe mode.
Saw one report that said "blaster.worm" was found.
Searched for and found Symantec's blasterworm fix and ran it.
Didn't find anything.
Anyways... .exe's are working, and some browsing is fine (if I type the URL directly into the browser).
But when I click on google search results, I often get redirects to other sites.

Came here.
Ran Defogger and DDS.
Here are the DDS files in next post.

Edited by cra2, 08 March 2012 - 01:04 AM.


BC AdBot (Login to Remove)

 


#2 cra2

cra2
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 08 March 2012 - 01:06 AM

DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Work at 0:51:03 on 2012-03-08
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1018 [GMT -5:00]
.
AV: AVG *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Symantec AntiVirus Corporate Edition *Disabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
svchost.exe
C:\Program Files\ActivIdentity\ActivClient\acachsrv.exe
C:\Program Files\ActivIdentity\ActivClient\acautoup.exe
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {6E13D095-45C3-4271-9475-F3B48227DD9F} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Gadwin PrintScreen] c:\program files\gadwin systems\printscreen\PrintScreen.exe /nosplash
uRun: [14jsro1hvs] c:\documents and settings\work\14jsro1hvs.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [DLBXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBXtime.dll,_RunDLLEntry@16
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Regedit32] c:\windows\system32\regedit.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F3CF1801-2106-49CA-8FF4-7C0038CE406C} : DhcpNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 87.229.126.50 www.google.com
Hosts: 87.229.126.51 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\work\application data\mozilla\firefox\profiles\l7uh8fdz.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z065&partner_id=287&product_id=463&affiliate_id=&channel=9007&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110703&user_guid=FA56456F86A74845BEE9899503D0CD87&machine_id=444ec5a3db53b4516c0d21a844d87211&browser=FF&os=win&os_version=5.1-x86-SP2&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\work\application data\mozilla\firefox\profiles\l7uh8fdz.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
FF - component: c:\documents and settings\work\application data\mozilla\firefox\profiles\l7uh8fdz.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - component: c:\documents and settings\work\application data\mozilla\firefox\profiles\l7uh8fdz.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\documents and settings\work\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-12 97928]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-12-28 239168]
R2 acachsrv;ActivClient Authentication Service;c:\program files\actividentity\activclient\acachsrv.exe [2006-11-10 74240]
R2 acautoup;ActivClient Auto-Update Service;c:\program files\actividentity\activclient\acautoup.exe [2006-11-10 26624]
R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2006-11-10 129536]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-12 76040]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-12-10 255600]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-12-10 243312]
R2 D-Link SharePort Helper;D-Link SharePort Helper;c:\program files\d-link\shareport utility\Spnuhelper.exe [2011-7-29 40960]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2004-12-30 1107784]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-7-24 102400]
R3 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [2010-5-6 246920]
S1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-1-3 26824]
S1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-16 135664]
S2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-12-10 87664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-16 135664]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110502.002\naveng.sys [2011-5-6 86136]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110502.002\navex15.sys [2011-5-6 1393144]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2004-12-30 153416]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [2009-10-25 57600]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-11-1 11520]
S4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-5 875288]
S4 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-5 231704]
.
=============== Created Last 30 ================
.
2012-03-07 05:25:14 43352 ----a-w- c:\windows\system32\drivers\2022c335c630114.sys
2012-03-07 03:56:50 20952 ----a-w- c:\documents and settings\work\14jsro1hvs.exe
.
==================== Find3M ====================
.
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-29 02:07:07 239168 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2006-05-03 16:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 17:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 19:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-07 04:00:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
============= FINISH: 0:54:12.17 ===============

Edited by cra2, 08 March 2012 - 01:08 AM.


#3 cra2

cra2
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 08 March 2012 - 01:18 AM

I would attach the DDS Attach file but every time I browse for it and click OK, it doesn't show up in this post.
Do you want me to copy/paste the contents right into post?

Edited by cra2, 08 March 2012 - 01:19 AM.


#4 cra2

cra2
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 08 March 2012 - 01:24 AM

Here's the TDSS killer log:

01:20:19.0578 5328 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
01:20:20.0078 5328 ============================================================
01:20:20.0078 5328 Current date / time: 2012/03/08 01:20:20.0078
01:20:20.0078 5328 SystemInfo:
01:20:20.0078 5328
01:20:20.0078 5328 OS Version: 5.1.2600 ServicePack: 3.0
01:20:20.0078 5328 Product type: Workstation
01:20:20.0078 5328 ComputerName: CHARLES
01:20:20.0078 5328 UserName: Work
01:20:20.0078 5328 Windows directory: C:\WINDOWS
01:20:20.0078 5328 System windows directory: C:\WINDOWS
01:20:20.0078 5328 Processor architecture: Intel x86
01:20:20.0078 5328 Number of processors: 2
01:20:20.0078 5328 Page size: 0x1000
01:20:20.0078 5328 Boot type: Normal boot
01:20:20.0078 5328 ============================================================
01:20:24.0125 5328 !crdlk
01:20:24.0203 5328 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
01:20:24.0203 5328 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
01:20:24.0218 5328 Drive \Device\Harddisk2\DR4 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
01:20:24.0218 5328 Drive \Device\Harddisk3\DR6 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
01:20:24.0234 5328 \Device\Harddisk0\DR0:
01:20:24.0234 5328 Invalid mbr signature
01:20:24.0234 5328 \Device\Harddisk1\DR1:
01:20:24.0234 5328 MBR used
01:20:24.0234 5328 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1D1C4542
01:20:24.0234 5328 \Device\Harddisk2\DR4:
01:20:24.0234 5328 MBR used
01:20:24.0234 5328 \Device\Harddisk3\DR6:
01:20:24.0234 5328 MBR used
01:20:24.0234 5328 \Device\Harddisk3\DR6\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02
01:20:24.0234 5328 Initialize success
01:20:24.0234 5328 ============================================================
01:22:19.0921 7432 ============================================================
01:22:19.0921 7432 Scan started
01:22:19.0921 7432 Mode: Manual;
01:22:19.0921 7432 ============================================================
01:22:20.0265 7432 Suspicious service (NoAccess): 2022c335c630114
01:22:20.0328 7432 2022c335c630114 ( LockedService.Multi.Generic ) - warning
01:22:20.0328 7432 2022c335c630114 - detected LockedService.Multi.Generic (1)
01:22:20.0406 7432 61883 - ok
01:22:20.0468 7432 Abiosdsk - ok
01:22:20.0531 7432 abp480n5 - ok
01:22:20.0796 7432 ACPI - ok
01:22:20.0875 7432 ACPIEC - ok
01:22:20.0937 7432 adpu160m - ok
01:22:21.0015 7432 aec - ok
01:22:21.0078 7432 AFD - ok
01:22:21.0156 7432 Aha154x - ok
01:22:21.0218 7432 aic78u2 - ok
01:22:21.0281 7432 aic78xx - ok
01:22:21.0343 7432 ALCXWDM - ok
01:22:21.0531 7432 AliIde - ok
01:22:21.0609 7432 AmdK8 - ok
01:22:21.0671 7432 amsint - ok
01:22:21.0812 7432 Arp1394 - ok
01:22:21.0875 7432 asc - ok
01:22:21.0937 7432 asc3350p - ok
01:22:22.0015 7432 asc3550 - ok
01:22:22.0187 7432 AsyncMac - ok
01:22:22.0250 7432 atapi - ok
01:22:22.0328 7432 Atdisk - ok
01:22:22.0375 7432 Atmarpc - ok
01:22:22.0531 7432 audstub - ok
01:22:22.0593 7432 Avc - ok
01:22:22.0656 7432 AVCSTRM - ok
01:22:22.0828 7432 AvgLdx86 - ok
01:22:22.0890 7432 AvgMfx86 - ok
01:22:22.0968 7432 AvgTdiX - ok
01:22:23.0062 7432 Beep - ok
01:22:23.0250 7432 catchme - ok
01:22:23.0312 7432 cbidf2k - ok
01:22:23.0375 7432 CCDECODE - ok
01:22:23.0625 7432 cd20xrnt - ok
01:22:23.0687 7432 Cdaudio - ok
01:22:23.0765 7432 Cdfs - ok
01:22:23.0859 7432 Cdrom - ok
01:22:23.0968 7432 Changer - ok
01:22:24.0265 7432 CmdIde - ok
01:22:24.0437 7432 Cpqarray - ok
01:22:24.0593 7432 CrystalSysInfo - ok
01:22:24.0734 7432 dac2w2k - ok
01:22:24.0812 7432 dac960nt - ok
01:22:25.0109 7432 Disk - ok
01:22:25.0296 7432 dmboot - ok
01:22:25.0359 7432 dmio - ok
01:22:25.0421 7432 dmload - ok
01:22:25.0546 7432 DMusic - ok
01:22:25.0796 7432 dpti2o - ok
01:22:25.0875 7432 drmkaud - ok
01:22:25.0937 7432 dtsoftbus01 - ok
01:22:26.0296 7432 Fastfat - ok
01:22:26.0437 7432 Fdc - ok
01:22:26.0500 7432 FilterService - ok
01:22:26.0562 7432 Fips - ok
01:22:26.0640 7432 Flpydisk - ok
01:22:26.0703 7432 FltMgr - ok
01:22:26.0906 7432 Fs_Rec - ok
01:22:26.0984 7432 Ftdisk - ok
01:22:27.0125 7432 GMSIPCI - ok
01:22:27.0187 7432 Gpc - ok
01:22:27.0515 7432 hidusb - ok
01:22:27.0656 7432 hpn - ok
01:22:27.0718 7432 HTTP - ok
01:22:27.0890 7432 i2omgmt - ok
01:22:27.0953 7432 i2omp - ok
01:22:28.0015 7432 i8042prt - ok
01:22:28.0234 7432 Imapi - ok
01:22:28.0390 7432 ini910u - ok
01:22:28.0484 7432 IntelIde - ok
01:22:28.0546 7432 Ip6Fw - ok
01:22:28.0609 7432 IpFilterDriver - ok
01:22:28.0656 7432 IpInIp - ok
01:22:28.0750 7432 IpNat - ok
01:22:28.0828 7432 IPSec - ok
01:22:28.0890 7432 IRENUM - ok
01:22:28.0984 7432 isapnp - ok
01:22:29.0156 7432 Kbdclass - ok
01:22:29.0218 7432 kbdhid - ok
01:22:29.0281 7432 kmixer - ok
01:22:29.0343 7432 KSecDD - ok
01:22:29.0515 7432 lbrtfdc - ok
01:22:29.0703 7432 Lvckap - ok
01:22:29.0765 7432 lvmvdrv - ok
01:22:29.0812 7432 lvpopflt - ok
01:22:29.0921 7432 LVPr2Mon - ok
01:22:29.0968 7432 LVPrcMon - ok
01:22:30.0125 7432 LVUSBSta - ok
01:22:30.0187 7432 LVUVC - ok
01:22:30.0312 7432 mnmdd - ok
01:22:30.0437 7432 Modem - ok
01:22:30.0500 7432 Mouclass - ok
01:22:30.0578 7432 MountMgr - ok
01:22:30.0640 7432 mraid35x - ok
01:22:30.0703 7432 MRxDAV - ok
01:22:30.0765 7432 MRxSmb - ok
01:22:30.0937 7432 MSDV - ok
01:22:31.0000 7432 Msfs - ok
01:22:31.0156 7432 MSKSSRV - ok
01:22:31.0218 7432 MSPCLOCK - ok
01:22:31.0281 7432 MSPQM - ok
01:22:31.0343 7432 mssmbios - ok
01:22:31.0406 7432 MSTAPE - ok
01:22:31.0484 7432 MSTEE - ok
01:22:31.0546 7432 Mup - ok
01:22:31.0609 7432 NABTSFEC - ok
01:22:31.0765 7432 NAVENG - ok
01:22:31.0828 7432 NAVEX15 - ok
01:22:31.0921 7432 NDIS - ok
01:22:32.0000 7432 NdisIP - ok
01:22:32.0046 7432 NdisTapi - ok
01:22:32.0109 7432 Ndisuio - ok
01:22:32.0171 7432 NdisWan - ok
01:22:32.0250 7432 NDProxy - ok
01:22:32.0296 7432 NetBIOS - ok
01:22:32.0359 7432 NetBT - ok
01:22:32.0796 7432 NIC1394 - ok
01:22:32.0921 7432 Npfs - ok
01:22:32.0984 7432 Ntfs - ok
01:22:33.0171 7432 Null - ok
01:22:33.0234 7432 nv - ok
01:22:33.0296 7432 nvata - ok
01:22:33.0359 7432 NVENETFD - ok
01:22:33.0421 7432 nvnetbus - ok
01:22:33.0546 7432 NwlnkFlt - ok
01:22:33.0593 7432 NwlnkFwd - ok
01:22:33.0656 7432 ohci1394 - ok
01:22:33.0828 7432 Parport - ok
01:22:33.0937 7432 PartMgr - ok
01:22:34.0015 7432 ParVdm - ok
01:22:34.0093 7432 PCI - ok
01:22:34.0171 7432 PCIDump - ok
01:22:34.0234 7432 PCIIde - ok
01:22:34.0312 7432 Pcmcia - ok
01:22:34.0390 7432 PDCOMP - ok
01:22:34.0437 7432 PDFRAME - ok
01:22:34.0500 7432 PDRELI - ok
01:22:34.0562 7432 PDRFRAME - ok
01:22:34.0625 7432 perc2 - ok
01:22:34.0687 7432 perc2hib - ok
01:22:35.0000 7432 PptpMiniport - ok
01:22:35.0062 7432 Processor - ok
01:22:35.0218 7432 Ptilink - ok
01:22:35.0296 7432 PxHelp20 - ok
01:22:35.0359 7432 ql1080 - ok
01:22:35.0437 7432 Ql10wnt - ok
01:22:35.0500 7432 ql12160 - ok
01:22:35.0562 7432 ql1240 - ok
01:22:35.0640 7432 ql1280 - ok
01:22:35.0703 7432 RasAcd - ok
01:22:35.0812 7432 Rasl2tp - ok
01:22:35.0921 7432 RasPppoe - ok
01:22:35.0984 7432 Raspti - ok
01:22:36.0046 7432 Rdbss - ok
01:22:36.0125 7432 RDPCDD - ok
01:22:36.0203 7432 rdpdr - ok
01:22:36.0281 7432 RDPWD - ok
01:22:36.0406 7432 redbook - ok
01:22:36.0953 7432 SAVRT - ok
01:22:37.0015 7432 SAVRTPEL - ok
01:22:37.0093 7432 sbp2port - ok
01:22:37.0265 7432 SCR3XX2K - ok
01:22:37.0375 7432 Secdrv - ok
01:22:37.0609 7432 serenum - ok
01:22:37.0687 7432 Serial - ok
01:22:37.0843 7432 Sfloppy - ok
01:22:38.0078 7432 Simbad - ok
01:22:38.0156 7432 SLIP - ok
01:22:38.0312 7432 Sparrow - ok
01:22:38.0375 7432 splitter - ok
01:22:38.0531 7432 sr - ok
01:22:38.0656 7432 Srv - ok
01:22:38.0828 7432 streamip - ok
01:22:38.0906 7432 swenum - ok
01:22:38.0968 7432 swmidi - ok
01:22:39.0140 7432 sxuptp - ok
01:22:39.0265 7432 symc810 - ok
01:22:39.0343 7432 symc8xx - ok
01:22:39.0406 7432 SymEvent - ok
01:22:39.0484 7432 SYMREDRV - ok
01:22:39.0546 7432 SYMTDI - ok
01:22:39.0609 7432 sym_hi - ok
01:22:39.0687 7432 sym_u3 - ok
01:22:39.0750 7432 sysaudio - ok
01:22:39.0984 7432 Tcpip - ok
01:22:40.0046 7432 TDPIPE - ok
01:22:40.0109 7432 TDTCP - ok
01:22:40.0171 7432 TermDD - ok
01:22:40.0437 7432 TosIde - ok
01:22:40.0609 7432 Udfs - ok
01:22:40.0671 7432 ultra - ok
01:22:40.0750 7432 Update - ok
01:22:41.0015 7432 usbaudio - ok
01:22:41.0078 7432 usbccgp - ok
01:22:41.0140 7432 usbehci - ok
01:22:41.0203 7432 usbhub - ok
01:22:41.0265 7432 usbohci - ok
01:22:41.0328 7432 usbprint - ok
01:22:41.0390 7432 usbscan - ok
01:22:41.0453 7432 USBSTOR - ok
01:22:41.0531 7432 VgaSave - ok
01:22:41.0593 7432 ViaIde - ok
01:22:41.0656 7432 VolSnap - ok
01:22:41.0906 7432 Wanarp - ok
01:22:42.0046 7432 WDC_SAM - ok
01:22:42.0109 7432 WDICA - ok
01:22:42.0156 7432 wdmaud - ok
01:22:42.0234 7432 WD_FireWire_HID - ok
01:22:42.0812 7432 WpdUsb - ok
01:22:42.0984 7432 WSTCODEC - ok
01:22:43.0125 7432 WudfPf - ok
01:22:43.0187 7432 WudfRd - ok
01:22:43.0453 7432 XUIF - ok
01:22:43.0531 7432 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
01:22:43.0718 7432 \Device\Harddisk0\DR0 - ok
01:22:43.0750 7432 MBR (0x1B8) (bbb0a0725ad66f38b1a32135f3cb55d6) \Device\Harddisk1\DR1
01:22:43.0750 7432 \Device\Harddisk1\DR1 - ok
01:22:43.0750 7432 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR4
01:22:43.0750 7432 \Device\Harddisk2\DR4 - ok
01:22:44.0234 7432 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk3\DR6
01:22:44.0234 7432 \Device\Harddisk3\DR6 - ok
01:22:44.0234 7432 Boot (0x1200) (815ef120ed2e1c293dfe869c8c1d37e5) \Device\Harddisk1\DR1\Partition0
01:22:44.0234 7432 \Device\Harddisk1\DR1\Partition0 - ok
01:22:44.0234 7432 Boot (0x1200) (fdb654999ce514b23dc658b620a13371) \Device\Harddisk3\DR6\Partition0
01:22:44.0234 7432 \Device\Harddisk3\DR6\Partition0 - ok
01:22:44.0234 7432 ============================================================
01:22:44.0234 7432 Scan finished
01:22:44.0234 7432 ============================================================
01:22:44.0234 7468 Detected object count: 1
01:22:44.0234 7468 Actual detected object count: 1
01:23:03.0750 7468 2022c335c630114 ( LockedService.Multi.Generic ) - skipped by user
01:23:03.0750 7468 2022c335c630114 ( LockedService.Multi.Generic ) - User select action: Skip

#5 cra2

cra2
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 08 March 2012 - 07:45 AM

Definitely still redirecting.
This morning I clicked on a google result and instead it tried to go here:
findsearchengineresults.com

#6 cra2

cra2
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 09 March 2012 - 07:44 AM

Just ran eset online scanner.
It said it found over a dozen things.
Here's the log:

C:\Documents and Settings\Work\Local Settings\temp\128C.tmp a variant of Win32/Kryptik.ACFW trojan cleaned by deleting - quarantined
C:\Documents and Settings\Work\My Documents\Downloads\cnet_PrintScreen46_Setup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\Work\My Documents\Downloads\SoftonicDownloader25726.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
C:\Documents and Settings\Work\My Documents\Downloads\SoftonicDownloader95419.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\All Users.WINDOWS\Application Data\MouseManagerVerifier.dll.vir a variant of Win32/Kryptik.UAE trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Work\Application Data\Mozilla\Firefox\Profiles\hp3f4cfa.default\extensions\{2666e4fc-cc17-4d02-9b34-ebd4a1522535}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Work\Application Data\Mozilla\Firefox\Profiles\hp3f4cfa.default\extensions\{2666e4fc-cc17-4d02-9b34-ebd4a1522535}\chrome\xulcache.jar.vir JS/Agent.NDO trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Work\Application Data\Mozilla\Firefox\Profiles\l7uh8fdz.default\extensions\{2666e4fc-cc17-4d02-9b34-ebd4a1522535}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Work\Application Data\Mozilla\Firefox\Profiles\l7uh8fdz.default\extensions\{2666e4fc-cc17-4d02-9b34-ebd4a1522535}\chrome\xulcache.jar.vir JS/Agent.NDO trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\Toolbar32.dll.vir a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe.vir a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
F:\utilities\kazaa-lite.exe probably a variant of Win32/Agent.COPKWSR trojan deleted - quarantined
F:\utilities\NeroBurningRomUltra63117\Keygen-nru63.exe probably a variant of Win32/Agent.HFSVJGT trojan cleaned by deleting - quarantined
F:\utilities\Fruity Loops Studio Producer Edition XXL v604\Fruity Loops Studio Producer Edition XXL v6.04 [WwW.LiMiTeDiVx.CoM][LMD-T34M Flint]\PATCHER.EXE probably a variant of Win32/Hupigon.IBYGMMS trojan deleted - quarantined
F:\work\web\wordpress\themes\HealthIcedmate\footer.php PHP/Kryptik.AB trojan cleaned by deleting - quarantined
F:\work\web\wordpress\themes\greenlight\template.php PHP/Kryptik.AB trojan cleaned by deleting - quarantined
F:\_backup\chuck_aug_2k5\GAMER\My Documents\utilities\kazaa-lite.exe probably a variant of Win32/Agent.COPKWSR trojan deleted - quarantined
F:\_backup\chuck_aug_2k5\GAMER\My Documents\utilities\NeroBurningRomUltra63117\Keygen-nru63.exe probably a variant of Win32/Agent.HFSVJGT trojan cleaned by deleting - quarantined
Operating memory multiple threats

#7 cra2

cra2
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 09 March 2012 - 07:46 AM

Now I just noticed that symantec anti-virus is failing to load auto-protect.
I right-click it in the sys tray and choose "enable" and it thinks a second then a pop-up says, "auto-protect failed to load."
Guess the virus disabled it and is preventing it from re-starting somehow.

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:55 AM

Posted 09 March 2012 - 07:44 PM

will gladly paypal $$ for fast help !!

the help you receive here is free :)

Please run the following:


  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool.
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.



NEXT


Please re-run TDSSKiller, but this time
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • As we are only looking for a log of what is on the machine right now > choose to skip whatever is found
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 cra2

cra2
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 09 March 2012 - 10:17 PM

here's the aswmbr file.
but there was no .dat file created on the desktop.
I've arranged by date and the last file was the included .txt file, and the one before that is the aswmbr download itself.

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-09 20:53:19
-----------------------------
20:53:19.873 OS Version: Windows 5.1.2600 Service Pack 3
20:53:19.873 Number of processors: 2 586 0x4B02
20:53:19.873 ComputerName: CHARLES UserName: Work
20:53:22.686 Initialze error C0000001 - driver not loaded
20:56:10.186 AVAST engine defs: 12030900
20:58:04.436 Service scanning
20:58:06.092 Service 2022c335c630114 C:\WINDOWS\System32\Drivers\2022c335c630114.sys **HIDDEN**
20:58:18.358 Service GMSIPCI E:\INSTALL\GMSIPCI.SYS **LOCKED** 21
20:58:50.889 Modules scanning
20:58:50.889 Disk 0 trace - called modules:
20:58:50.889
20:58:53.639 AVAST engine scan C:\WINDOWS
20:59:21.983 AVAST engine scan C:\WINDOWS\system32
21:05:48.889 AVAST engine scan C:\WINDOWS\system32\drivers
21:06:18.420 AVAST engine scan C:\Documents and Settings\Work
21:07:08.748 File: C:\Documents and Settings\Work\14jsro1hvs.exe **INFECTED** Win32:Crypt-LUB [Trj]
21:10:22.545 File: C:\Documents and Settings\Work\Local Settings\temp\12A0.tmp **INFECTED** Win32:Alureon-ARD [Trj]
21:14:19.139 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS
21:15:25.545 Scan finished successfully
22:02:01.061 The log file has been saved successfully to "C:\Documents and Settings\Work\Desktop\aswMBR.txt"

#10 cra2

cra2
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 09 March 2012 - 10:20 PM

Here's the TDSSKiller "full report" (available from within the program):

22:18:13.0233 13528 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
22:18:13.0670 13528 ============================================================
22:18:13.0670 13528 Current date / time: 2012/03/09 22:18:13.0670
22:18:13.0670 13528 SystemInfo:
22:18:13.0670 13528
22:18:13.0670 13528 OS Version: 5.1.2600 ServicePack: 3.0
22:18:13.0670 13528 Product type: Workstation
22:18:13.0670 13528 ComputerName: CHARLES
22:18:13.0670 13528 UserName: Work
22:18:13.0670 13528 Windows directory: C:\WINDOWS
22:18:13.0670 13528 System windows directory: C:\WINDOWS
22:18:13.0670 13528 Processor architecture: Intel x86
22:18:13.0670 13528 Number of processors: 2
22:18:13.0670 13528 Page size: 0x1000
22:18:13.0670 13528 Boot type: Normal boot
22:18:13.0670 13528 ============================================================
22:18:20.0530 13528 !crdlk
22:18:20.0592 13528 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
22:18:20.0592 13528 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
22:18:20.0623 13528 Drive \Device\Harddisk2\DR4 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:18:20.0639 13528 Drive \Device\Harddisk3\DR6 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:18:27.0592 13528 \Device\Harddisk0\DR0:
22:18:27.0592 13528 Invalid mbr signature
22:18:27.0592 13528 \Device\Harddisk1\DR1:
22:18:27.0592 13528 MBR used
22:18:27.0592 13528 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1D1C4542
22:18:27.0592 13528 \Device\Harddisk2\DR4:
22:18:27.0592 13528 MBR used
22:18:27.0592 13528 \Device\Harddisk3\DR6:
22:18:27.0592 13528 MBR used
22:18:27.0592 13528 \Device\Harddisk3\DR6\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02
22:18:27.0592 13528 Initialize success
22:18:27.0592 13528 ============================================================
22:18:56.0889 6832 ============================================================
22:18:56.0889 6832 Scan started
22:18:56.0889 6832 Mode: Manual; TDLFS;
22:18:56.0889 6832 ============================================================
22:18:57.0108 6832 Suspicious service (NoAccess): 2022c335c630114
22:18:57.0186 6832 2022c335c630114 ( LockedService.Multi.Generic ) - warning
22:18:57.0186 6832 2022c335c630114 - detected LockedService.Multi.Generic (1)
22:18:57.0264 6832 61883 - ok
22:18:57.0327 6832 Abiosdsk - ok
22:18:57.0389 6832 abp480n5 - ok
22:18:57.0655 6832 ACPI - ok
22:18:57.0717 6832 ACPIEC - ok
22:18:57.0780 6832 adpu160m - ok
22:18:57.0858 6832 aec - ok
22:18:57.0952 6832 AFD - ok
22:18:58.0014 6832 Aha154x - ok
22:18:58.0077 6832 aic78u2 - ok
22:18:58.0155 6832 aic78xx - ok
22:18:58.0202 6832 ALCXWDM - ok
22:18:58.0389 6832 AliIde - ok
22:18:58.0483 6832 AmdK8 - ok
22:18:58.0545 6832 amsint - ok
22:18:58.0686 6832 Arp1394 - ok
22:18:58.0748 6832 asc - ok
22:18:58.0811 6832 asc3350p - ok
22:18:58.0873 6832 asc3550 - ok
22:18:59.0061 6832 AsyncMac - ok
22:18:59.0139 6832 atapi - ok
22:18:59.0202 6832 Atdisk - ok
22:18:59.0264 6832 Atmarpc - ok
22:18:59.0420 6832 audstub - ok
22:18:59.0498 6832 Avc - ok
22:18:59.0561 6832 AVCSTRM - ok
22:18:59.0733 6832 AvgLdx86 - ok
22:18:59.0795 6832 AvgMfx86 - ok
22:18:59.0858 6832 AvgTdiX - ok
22:18:59.0983 6832 Beep - ok
22:19:00.0186 6832 catchme - ok
22:19:00.0248 6832 cbidf2k - ok
22:19:00.0327 6832 CCDECODE - ok
22:19:00.0561 6832 cd20xrnt - ok
22:19:00.0623 6832 Cdaudio - ok
22:19:00.0702 6832 Cdfs - ok
22:19:00.0780 6832 Cdrom - ok
22:19:00.0889 6832 Changer - ok
22:19:01.0202 6832 CmdIde - ok
22:19:01.0373 6832 Cpqarray - ok
22:19:01.0530 6832 CrystalSysInfo - ok
22:19:01.0639 6832 dac2w2k - ok
22:19:01.0717 6832 dac960nt - ok
22:19:02.0014 6832 Disk - ok
22:19:02.0186 6832 dmboot - ok
22:19:02.0248 6832 dmio - ok
22:19:02.0311 6832 dmload - ok
22:19:02.0436 6832 DMusic - ok
22:19:02.0686 6832 dpti2o - ok
22:19:02.0733 6832 drmkaud - ok
22:19:02.0795 6832 dtsoftbus01 - ok
22:19:03.0202 6832 Fastfat - ok
22:19:03.0327 6832 Fdc - ok
22:19:03.0389 6832 FilterService - ok
22:19:03.0452 6832 Fips - ok
22:19:03.0530 6832 Flpydisk - ok
22:19:03.0592 6832 FltMgr - ok
22:19:03.0780 6832 Fs_Rec - ok
22:19:03.0858 6832 Ftdisk - ok
22:19:03.0983 6832 GMSIPCI - ok
22:19:04.0061 6832 Gpc - ok
22:19:04.0405 6832 hidusb - ok
22:19:04.0545 6832 hpn - ok
22:19:04.0623 6832 HTTP - ok
22:19:04.0764 6832 i2omgmt - ok
22:19:04.0842 6832 i2omp - ok
22:19:04.0905 6832 i8042prt - ok
22:19:05.0123 6832 Imapi - ok
22:19:05.0327 6832 ini910u - ok
22:19:05.0405 6832 IntelIde - ok
22:19:05.0467 6832 Ip6Fw - ok
22:19:05.0530 6832 IpFilterDriver - ok
22:19:05.0577 6832 IpInIp - ok
22:19:05.0670 6832 IpNat - ok
22:19:05.0733 6832 IPSec - ok
22:19:05.0795 6832 IRENUM - ok
22:19:05.0889 6832 isapnp - ok
22:19:06.0045 6832 Kbdclass - ok
22:19:06.0123 6832 kbdhid - ok
22:19:06.0202 6832 kmixer - ok
22:19:06.0264 6832 KSecDD - ok
22:19:06.0452 6832 lbrtfdc - ok
22:19:06.0623 6832 Lvckap - ok
22:19:06.0686 6832 lvmvdrv - ok
22:19:06.0748 6832 lvpopflt - ok
22:19:06.0827 6832 LVPr2Mon - ok
22:19:06.0889 6832 LVPrcMon - ok
22:19:07.0014 6832 LVUSBSta - ok
22:19:07.0077 6832 LVUVC - ok
22:19:07.0217 6832 mnmdd - ok
22:19:07.0342 6832 Modem - ok
22:19:07.0420 6832 Mouclass - ok
22:19:07.0483 6832 MountMgr - ok
22:19:07.0561 6832 mraid35x - ok
22:19:07.0608 6832 MRxDAV - ok
22:19:07.0670 6832 MRxSmb - ok
22:19:07.0842 6832 MSDV - ok
22:19:07.0905 6832 Msfs - ok
22:19:08.0030 6832 MSKSSRV - ok
22:19:08.0092 6832 MSPCLOCK - ok
22:19:08.0170 6832 MSPQM - ok
22:19:08.0233 6832 mssmbios - ok
22:19:08.0295 6832 MSTAPE - ok
22:19:08.0373 6832 MSTEE - ok
22:19:08.0452 6832 Mup - ok
22:19:08.0498 6832 NABTSFEC - ok
22:19:08.0655 6832 NAVENG - ok
22:19:08.0702 6832 NAVEX15 - ok
22:19:08.0780 6832 NDIS - ok
22:19:08.0842 6832 NdisIP - ok
22:19:08.0905 6832 NdisTapi - ok
22:19:08.0967 6832 Ndisuio - ok
22:19:09.0030 6832 NdisWan - ok
22:19:09.0092 6832 NDProxy - ok
22:19:09.0170 6832 NetBIOS - ok
22:19:09.0233 6832 NetBT - ok
22:19:09.0686 6832 NIC1394 - ok
22:19:09.0811 6832 Npfs - ok
22:19:09.0873 6832 Ntfs - ok
22:19:10.0045 6832 Null - ok
22:19:10.0108 6832 nv - ok
22:19:10.0202 6832 nvata - ok
22:19:10.0264 6832 NVENETFD - ok
22:19:10.0342 6832 nvnetbus - ok
22:19:10.0467 6832 NwlnkFlt - ok
22:19:10.0514 6832 NwlnkFwd - ok
22:19:10.0577 6832 ohci1394 - ok
22:19:10.0764 6832 Parport - ok
22:19:10.0827 6832 PartMgr - ok
22:19:10.0905 6832 ParVdm - ok
22:19:10.0983 6832 PCI - ok
22:19:11.0045 6832 PCIDump - ok
22:19:11.0123 6832 PCIIde - ok
22:19:11.0233 6832 Pcmcia - ok
22:19:11.0280 6832 PDCOMP - ok
22:19:11.0342 6832 PDFRAME - ok
22:19:11.0405 6832 PDRELI - ok
22:19:11.0452 6832 PDRFRAME - ok
22:19:11.0514 6832 perc2 - ok
22:19:11.0577 6832 perc2hib - ok
22:19:11.0873 6832 PptpMiniport - ok
22:19:11.0936 6832 Processor - ok
22:19:12.0077 6832 Ptilink - ok
22:19:12.0170 6832 PxHelp20 - ok
22:19:12.0233 6832 ql1080 - ok
22:19:12.0295 6832 Ql10wnt - ok
22:19:12.0358 6832 ql12160 - ok
22:19:12.0436 6832 ql1240 - ok
22:19:12.0498 6832 ql1280 - ok
22:19:12.0561 6832 RasAcd - ok
22:19:12.0670 6832 Rasl2tp - ok
22:19:12.0795 6832 RasPppoe - ok
22:19:12.0842 6832 Raspti - ok
22:19:12.0905 6832 Rdbss - ok
22:19:12.0983 6832 RDPCDD - ok
22:19:13.0061 6832 rdpdr - ok
22:19:13.0139 6832 RDPWD - ok
22:19:13.0248 6832 redbook - ok
22:19:13.0795 6832 SAVRT - ok
22:19:13.0858 6832 SAVRTPEL - ok
22:19:13.0920 6832 sbp2port - ok
22:19:14.0108 6832 SCR3XX2K - ok
22:19:14.0202 6832 Secdrv - ok
22:19:14.0452 6832 serenum - ok
22:19:14.0530 6832 Serial - ok
22:19:14.0702 6832 Sfloppy - ok
22:19:14.0920 6832 Simbad - ok
22:19:14.0983 6832 SLIP - ok
22:19:15.0139 6832 Sparrow - ok
22:19:15.0202 6832 splitter - ok
22:19:15.0405 6832 sr - ok
22:19:15.0514 6832 Srv - ok
22:19:15.0686 6832 streamip - ok
22:19:15.0764 6832 swenum - ok
22:19:15.0811 6832 swmidi - ok
22:19:15.0983 6832 sxuptp - ok
22:19:16.0108 6832 symc810 - ok
22:19:16.0170 6832 symc8xx - ok
22:19:16.0248 6832 SymEvent - ok
22:19:16.0327 6832 SYMREDRV - ok
22:19:16.0389 6832 SYMTDI - ok
22:19:16.0452 6832 sym_hi - ok
22:19:16.0514 6832 sym_u3 - ok
22:19:16.0577 6832 sysaudio - ok
22:19:16.0795 6832 Tcpip - ok
22:19:16.0858 6832 TDPIPE - ok
22:19:16.0920 6832 TDTCP - ok
22:19:16.0983 6832 TermDD - ok
22:19:17.0233 6832 TosIde - ok
22:19:17.0405 6832 Udfs - ok
22:19:17.0467 6832 ultra - ok
22:19:17.0545 6832 Update - ok
22:19:17.0795 6832 usbaudio - ok
22:19:17.0858 6832 usbccgp - ok
22:19:17.0920 6832 usbehci - ok
22:19:17.0983 6832 usbhub - ok
22:19:18.0045 6832 usbohci - ok
22:19:18.0092 6832 usbprint - ok
22:19:18.0170 6832 usbscan - ok
22:19:18.0217 6832 USBSTOR - ok
22:19:18.0311 6832 VgaSave - ok
22:19:18.0389 6832 ViaIde - ok
22:19:18.0452 6832 VolSnap - ok
22:19:18.0702 6832 Wanarp - ok
22:19:18.0811 6832 WDC_SAM - ok
22:19:18.0873 6832 WDICA - ok
22:19:18.0936 6832 wdmaud - ok
22:19:18.0998 6832 WD_FireWire_HID - ok
22:19:19.0608 6832 WpdUsb - ok
22:19:19.0764 6832 WSTCODEC - ok
22:19:19.0889 6832 WudfPf - ok
22:19:19.0952 6832 WudfRd - ok
22:19:20.0217 6832 XUIF - ok
22:19:20.0295 6832 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:19:20.0530 6832 \Device\Harddisk0\DR0 - ok
22:19:20.0545 6832 MBR (0x1B8) (bbb0a0725ad66f38b1a32135f3cb55d6) \Device\Harddisk1\DR1
22:19:20.0592 6832 \Device\Harddisk1\DR1 - ok
22:19:20.0592 6832 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR4
22:19:20.0733 6832 \Device\Harddisk2\DR4 - ok
22:19:20.0733 6832 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk3\DR6
22:19:20.0858 6832 \Device\Harddisk3\DR6 - ok
22:19:20.0873 6832 Boot (0x1200) (3f8f26276efba4a2b9d9b1ea4243db2a) \Device\Harddisk1\DR1\Partition0
22:19:20.0873 6832 \Device\Harddisk1\DR1\Partition0 - ok
22:19:20.0873 6832 Boot (0x1200) (fdb654999ce514b23dc658b620a13371) \Device\Harddisk3\DR6\Partition0
22:19:20.0873 6832 \Device\Harddisk3\DR6\Partition0 - ok
22:19:20.0873 6832 ============================================================
22:19:20.0873 6832 Scan finished
22:19:20.0873 6832 ============================================================
22:19:20.0889 6872 Detected object count: 1
22:19:20.0889 6872 Actual detected object count: 1
22:19:37.0670 6872 2022c335c630114 ( LockedService.Multi.Generic ) - skipped by user
22:19:37.0670 6872 2022c335c630114 ( LockedService.Multi.Generic ) - User select action: Skip

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:55 AM

Posted 09 March 2012 - 10:27 PM

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 cra2

cra2
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 10 March 2012 - 06:24 PM

ComboFix 12-03-10.01 - Work 03/10/2012 7:49.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1526 [GMT -5:00]
Running from: c:\documents and settings\Work\Desktop\ComboFix.exe
AV: AVG *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Symantec AntiVirus Corporate Edition *Disabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
c:\documents and settings\Work\14jsro1hvs.exe
c:\documents and settings\Work\WINDOWS
c:\windows\system32\drivers\2022c335c630114.sys
c:\windows\system32\PowerToyReadme.htm
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_2022c335c630114
-------\Service_2022c335c630114
.
.
((((((((((((((((((((((((( Files Created from 2012-02-10 to 2012-03-10 )))))))))))))))))))))))))))))))
.
.
2012-03-09 03:43 . 2012-03-09 03:43 -------- d-----w- c:\program files\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 16:53 . 2004-08-04 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-29 02:07 . 2011-12-29 02:07 239168 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-12-17 19:46 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-02-17 22:41 . 2012-02-16 22:46 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 16:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 17:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 19:30 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-07 04:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-19_01.38.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-10 12:37 . 2012-03-10 12:37 16384 c:\windows\Temp\Perflib_Perfdata_79c.dat
+ 2012-03-10 13:21 . 2012-03-10 13:21 16384 c:\windows\Temp\Perflib_Perfdata_1d8.dat
+ 2007-07-18 12:42 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe
- 2007-07-18 12:42 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe
+ 2004-08-04 12:00 . 2012-03-10 13:38 66352 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2011-11-18 12:35 60416 c:\windows\system32\packager.exe
+ 2004-08-04 12:00 . 2011-12-17 19:46 66560 c:\windows\system32\mshtmled.dll
- 2004-08-04 12:00 . 2011-08-22 23:48 66560 c:\windows\system32\mshtmled.dll
+ 2007-08-13 23:54 . 2011-12-17 19:46 55296 c:\windows\system32\msfeedsbs.dll
- 2007-08-13 23:54 . 2011-08-22 23:48 55296 c:\windows\system32\msfeedsbs.dll
- 2004-08-04 12:00 . 2008-04-14 00:11 23040 c:\windows\system32\mciseq.dll
+ 2004-08-04 12:00 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll
+ 2011-11-22 15:50 . 2011-11-22 15:50 98304 c:\windows\system32\Macromed\Shockwave 10\SwOnce.dll
- 2010-10-22 11:46 . 2010-10-22 11:46 98304 c:\windows\system32\Macromed\Shockwave 10\SwOnce.dll
- 2010-10-22 11:46 . 2010-10-22 11:46 86016 c:\windows\system32\Macromed\Shockwave 10\SwMenuX.dll
+ 2011-11-22 15:50 . 2011-11-22 15:50 86016 c:\windows\system32\Macromed\Shockwave 10\SwMenuX.dll
+ 2011-11-22 15:50 . 2011-11-22 15:50 77824 c:\windows\system32\Macromed\Shockwave 10\SwInit.exe
- 2010-10-22 11:46 . 2010-10-22 11:46 77824 c:\windows\system32\Macromed\Shockwave 10\SwInit.exe
+ 2011-11-22 15:50 . 2011-11-22 15:50 64512 c:\windows\system32\Macromed\Shockwave 10\gcapi_dll.dll
+ 2011-11-22 15:50 . 2011-11-22 15:50 24576 c:\windows\system32\Macromed\Shockwave 10\DynaPlayer.dll
- 2010-10-22 11:46 . 2010-10-22 11:46 24576 c:\windows\system32\Macromed\Shockwave 10\DynaPlayer.dll
- 2004-08-04 12:00 . 2011-08-22 23:48 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-04 12:00 . 2011-12-17 19:46 25600 c:\windows\system32\jsproxy.dll
+ 2010-05-03 00:21 . 2011-12-10 20:24 20464 c:\windows\system32\drivers\mbam.sys
- 2010-10-31 19:53 . 2011-08-22 23:48 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-10-31 19:53 . 2011-12-17 19:46 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2004-08-04 12:00 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
- 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
+ 2011-11-18 12:35 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe
+ 2004-08-04 12:00 . 2011-12-17 19:46 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2004-08-04 12:00 . 2011-08-22 23:48 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-12-24 20:52 . 2011-12-17 19:46 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-12-24 20:52 . 2011-08-22 23:48 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2011-10-14 14:47 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll
- 2004-08-04 12:00 . 2011-08-22 23:48 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2004-08-04 12:00 . 2011-12-17 19:46 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2004-08-04 12:00 . 2011-08-22 23:48 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 12:00 . 2011-12-17 19:46 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-12-14 07:08 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2009-12-14 07:08 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2004-08-04 12:00 . 2011-10-28 05:31 33280 c:\windows\system32\csrsrv.dll
- 2004-08-04 12:00 . 2011-04-26 11:07 33280 c:\windows\system32\csrsrv.dll
+ 2011-12-25 08:49 . 2011-12-25 08:49 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2012-02-01 13:35 . 2012-02-01 13:35 22016 c:\windows\Installer\a71488d.msi
+ 2011-12-29 02:27 . 2011-12-29 02:27 10134 c:\windows\Installer\{E914A24F-2412-4374-B420-86D21D6D444A}\ARPPRODUCTICON.exe
- 2011-09-16 07:08 . 2011-09-16 07:08 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2012-03-01 08:02 . 2012-03-01 08:02 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2007-11-18 19:34 . 2012-02-16 08:01 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-11-18 19:34 . 2011-10-16 07:00 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-11-18 19:34 . 2011-10-16 07:00 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-11-18 19:34 . 2012-02-16 08:01 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-11-18 19:34 . 2012-02-16 08:01 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-11-18 19:34 . 2011-10-16 07:00 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-11-18 19:34 . 2011-10-16 07:00 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-11-18 19:34 . 2012-02-16 08:01 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-11-18 19:34 . 2012-02-16 08:01 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2007-11-18 19:34 . 2011-10-16 07:00 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2007-11-18 19:34 . 2012-02-16 08:01 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2007-11-18 19:34 . 2011-10-16 07:00 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2009-02-26 17:06 . 2009-02-26 17:06 16712 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PXBPROXY.DLL
+ 2009-02-26 17:06 . 2009-02-26 17:06 68488 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PXBCOM.EXE
+ 2012-02-16 08:04 . 2011-11-04 19:20 12800 c:\windows\ie8updates\KB2647516-IE8\xpshims.dll
+ 2012-02-16 08:04 . 2011-11-04 19:20 66560 c:\windows\ie8updates\KB2647516-IE8\mshtmled.dll
+ 2012-02-16 08:04 . 2011-11-04 19:20 55296 c:\windows\ie8updates\KB2647516-IE8\msfeedsbs.dll
+ 2012-02-16 08:04 . 2011-11-04 19:20 43520 c:\windows\ie8updates\KB2647516-IE8\licmgr10.dll
+ 2012-02-16 08:04 . 2011-11-04 19:20 25600 c:\windows\ie8updates\KB2647516-IE8\jsproxy.dll
+ 2011-12-15 08:10 . 2011-08-22 23:48 12800 c:\windows\ie8updates\KB2618444-IE8\xpshims.dll
+ 2011-12-15 08:10 . 2011-08-22 23:48 66560 c:\windows\ie8updates\KB2618444-IE8\mshtmled.dll
+ 2011-12-15 08:10 . 2011-08-22 23:48 55296 c:\windows\ie8updates\KB2618444-IE8\msfeedsbs.dll
+ 2011-12-15 08:10 . 2011-08-22 23:48 43520 c:\windows\ie8updates\KB2618444-IE8\licmgr10.dll
+ 2011-12-15 08:10 . 2011-08-22 23:48 25600 c:\windows\ie8updates\KB2618444-IE8\jsproxy.dll
+ 2012-02-16 08:53 . 2012-02-16 08:53 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\dab766b18e6fe0a8f53a93c56be7b40e\System.Windows.Presentation.ni.dll
+ 2012-02-16 08:53 . 2012-02-16 08:53 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\31b65443e56a470d199f293085576e05\System.Web.DynamicData.Design.ni.dll
+ 2012-02-16 08:52 . 2012-02-16 08:52 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\89dfd3999ad1d72c59243d7b4bf40d5a\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-16 08:33 . 2012-02-16 08:33 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3aa4296d4aa01fe0533de2c15f818d5f\PresentationFontCache.ni.exe
+ 2012-02-16 08:28 . 2012-02-16 08:28 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\820acb71782d9cd006800b3ac7e1ca53\PresentationCFFRasterizer.ni.dll
+ 2012-02-16 08:53 . 2012-02-16 08:53 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\d07f0222f62dbed7898a6e2e909d407a\Microsoft.Vsa.ni.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-02-16 08:20 . 2012-02-16 08:20 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-02-16 08:20 . 2012-02-16 08:20 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-02-16 08:21 . 2012-02-16 08:21 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-02-16 08:21 . 2012-02-16 08:21 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-02-16 08:21 . 2012-02-16 08:21 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-02-16 08:21 . 2012-02-16 08:21 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-02-16 08:21 . 2012-02-16 08:21 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-02-16 08:21 . 2012-02-16 08:21 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-02-16 08:20 . 2012-02-16 08:20 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-02-16 08:20 . 2012-02-16 08:20 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-02-16 08:21 . 2012-02-16 08:21 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-02-16 08:21 . 2012-02-16 08:21 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-02-16 08:20 . 2012-02-16 08:20 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-12-15 08:03 . 2011-07-08 13:49 46080 c:\windows\$NtUninstallKB2633952$\tzchange.exe
+ 2011-12-15 08:03 . 2011-11-08 14:58 16896 c:\windows\$NtUninstallKB2633952$\spuninst\tzchange.dll
+ 2011-12-15 08:02 . 2011-04-26 11:07 33280 c:\windows\$NtUninstallKB2620712$\csrsrv.dll
+ 2012-01-11 08:13 . 2008-04-14 00:11 23040 c:\windows\$NtUninstallKB2598479$\mciseq.dll
+ 2012-01-11 08:01 . 2008-04-14 00:12 58368 c:\windows\$NtUninstallKB2584146$\packager.exe
+ 2012-01-11 08:35 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2646524\update\spcustom.dll
+ 2012-01-11 08:35 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2646524\spmsg.dll
+ 2011-11-12 08:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2641690\update\spcustom.dll
+ 2011-11-12 08:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2641690\spmsg.dll
+ 2011-12-15 08:11 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2639417\update\spcustom.dll
+ 2011-12-15 08:11 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2639417\spmsg.dll
+ 2011-12-15 08:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2633171\update\spcustom.dll
+ 2011-12-14 11:57 . 2011-10-26 10:50 16896 c:\windows\$hf_mig$\KB2633171\update\mpsyschk.dll
+ 2011-12-15 08:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2633171\spmsg.dll
+ 2012-01-11 08:34 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2631813\update\spcustom.dll
+ 2012-01-11 08:34 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2631813\spmsg.dll
+ 2011-12-15 08:11 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2624667\update\spcustom.dll
+ 2011-12-15 08:11 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2624667\spmsg.dll
+ 2011-12-15 08:02 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2620712\update\spcustom.dll
+ 2011-12-15 08:02 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2620712\spmsg.dll
+ 2011-10-28 05:31 . 2011-10-28 05:31 33280 c:\windows\$hf_mig$\KB2620712\SP3QFE\csrsrv.dll
+ 2011-12-15 08:02 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2619339\update\spcustom.dll
+ 2011-12-15 08:02 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2619339\spmsg.dll
+ 2011-12-15 08:02 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2618451\update\spcustom.dll
+ 2011-12-15 08:02 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2618451\spmsg.dll
+ 2011-12-15 08:10 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2618444-IE8\update\spcustom.dll
+ 2011-12-15 08:10 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2618444-IE8\spmsg.dll
+ 2011-12-14 11:56 . 2011-11-04 19:19 12800 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\xpshims.dll
+ 2011-12-14 11:57 . 2011-11-04 19:19 66560 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\mshtmled.dll
+ 2011-12-14 11:57 . 2011-11-04 19:19 55296 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\msfeedsbs.dll
+ 2011-12-14 11:57 . 2011-11-04 19:19 43520 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\licmgr10.dll
+ 2011-12-14 11:57 . 2011-11-04 19:19 25600 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\jsproxy.dll
+ 2012-01-11 08:02 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2603381\update\spcustom.dll
+ 2012-01-11 08:02 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2603381\spmsg.dll
+ 2012-01-11 08:13 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2598479\update\spcustom.dll
+ 2012-01-11 08:13 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2598479\spmsg.dll
+ 2011-10-14 14:45 . 2011-10-14 14:45 23040 c:\windows\$hf_mig$\KB2598479\SP3QFE\mciseq.dll
+ 2012-01-26 08:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2585542\update\spcustom.dll
+ 2012-01-26 08:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2585542\spmsg.dll
+ 2012-01-11 08:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2584146\update\spcustom.dll
+ 2012-01-11 08:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2584146\spmsg.dll
+ 2011-11-18 12:41 . 2011-11-18 12:41 60416 c:\windows\$hf_mig$\KB2584146\SP3QFE\packager.exe
+ 2011-11-09 08:07 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2544893-v2\update\spcustom.dll
+ 2011-11-09 08:07 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2544893-v2\spmsg.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-02-16 08:20 . 2012-02-16 08:20 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2011-12-29 02:27 . 2011-12-29 02:27 8854 c:\windows\Installer\{E914A24F-2412-4374-B420-86D21D6D444A}\Uninstall_LEGO_Star__E914A24F24124374B42086D21D6D444A.exe
- 2007-11-18 19:34 . 2011-10-16 07:00 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-11-18 19:34 . 2012-02-16 08:01 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2012-02-16 08:20 . 2012-02-16 08:20 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-02-16 08:21 . 2012-02-16 08:21 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-10-16 07:12 . 2011-10-16 07:12 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-02-16 08:20 . 2012-02-16 08:20 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-02-16 08:20 . 2012-02-16 08:20 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-01-10 20:03 . 2011-11-03 18:17 4608 c:\windows\$hf_mig$\KB2603381\update\customaddreg.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-02-16 08:21 . 2012-02-16 08:21 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-02-16 08:21 . 2012-02-16 08:21 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-11-25 16:22 . 1996-04-29 13:20 289280 c:\windows\uninst.exe
- 2011-10-19 01:35 . 2009-04-30 20:01 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
+ 2012-03-10 13:20 . 2009-04-30 20:01 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
+ 2004-08-04 12:00 . 2011-11-25 21:57 293376 c:\windows\system32\winsrv.dll
- 2004-08-04 12:00 . 2011-06-20 17:44 293376 c:\windows\system32\winsrv.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 176128 c:\windows\system32\winmm.dll
+ 2004-08-04 12:00 . 2011-10-14 14:47 176128 c:\windows\system32\winmm.dll
+ 2004-08-04 12:00 . 2011-11-16 14:21 354816 c:\windows\system32\winhttp.dll
- 2004-08-04 12:00 . 2009-08-25 09:17 354816 c:\windows\system32\winhttp.dll
+ 2004-08-04 12:00 . 2011-12-17 19:46 105984 c:\windows\system32\url.dll
- 2004-08-04 12:00 . 2011-08-22 23:48 105984 c:\windows\system32\url.dll
+ 2004-08-04 12:00 . 2011-11-16 14:21 152064 c:\windows\system32\schannel.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 386048 c:\windows\system32\qdvd.dll
+ 2004-08-04 12:00 . 2011-11-03 15:28 386048 c:\windows\system32\qdvd.dll
+ 2004-08-04 12:00 . 2012-03-10 13:38 429402 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2011-08-22 23:48 206848 c:\windows\system32\occache.dll
+ 2004-08-04 12:00 . 2011-12-17 19:46 206848 c:\windows\system32\occache.dll
- 2004-08-04 12:00 . 2011-08-22 23:48 611840 c:\windows\system32\mstime.dll
+ 2004-08-04 12:00 . 2011-12-17 19:46 611840 c:\windows\system32\mstime.dll
- 2007-08-13 23:54 . 2011-08-22 23:48 602112 c:\windows\system32\msfeeds.dll
+ 2007-08-13 23:54 . 2011-12-17 19:46 602112 c:\windows\system32\msfeeds.dll
+ 2011-11-22 15:50 . 2011-11-22 15:50 279992 c:\windows\system32\Macromed\Shockwave 10\SymCCIS.dll
- 2010-10-22 11:46 . 2010-10-22 11:46 180224 c:\windows\system32\Macromed\Shockwave 10\Proj.dll
+ 2011-11-22 15:50 . 2011-11-22 15:50 180224 c:\windows\system32\Macromed\Shockwave 10\Proj.dll
+ 2011-11-22 15:50 . 2011-11-22 15:50 475136 c:\windows\system32\Macromed\Shockwave 10\PluginPing.dll
- 2010-10-22 11:46 . 2010-10-22 11:46 475136 c:\windows\system32\Macromed\Shockwave 10\PluginPing.dll
- 2010-10-22 11:46 . 2010-10-22 11:46 339968 c:\windows\system32\Macromed\Shockwave 10\Plugin.dll
+ 2011-11-22 15:50 . 2011-11-22 15:50 339968 c:\windows\system32\Macromed\Shockwave 10\Plugin.dll
+ 2011-11-22 15:50 . 2011-11-22 15:50 606208 c:\windows\system32\Macromed\Shockwave 10\iml32X.dll
- 2010-10-22 11:46 . 2010-10-22 11:46 606208 c:\windows\system32\Macromed\Shockwave 10\iml32X.dll
+ 2011-11-22 15:50 . 2011-11-22 15:50 929792 c:\windows\system32\Macromed\Shockwave 10\gi.dll
+ 2011-11-22 15:50 . 2011-11-22 15:50 471040 c:\windows\system32\Macromed\Shockwave 10\Control.dll
- 2010-10-22 11:46 . 2010-10-22 11:46 471040 c:\windows\system32\Macromed\Shockwave 10\Control.dll
+ 2011-11-11 21:00 . 2011-11-11 21:00 247968 c:\windows\system32\Macromed\Flash\FlashUtil11e_Plugin.exe
+ 2011-10-20 15:58 . 2011-10-03 09:06 157472 c:\windows\system32\javaws.exe
+ 2011-10-20 15:58 . 2011-10-03 09:06 145184 c:\windows\system32\javaw.exe
- 2010-10-31 17:54 . 2010-09-15 08:50 145184 c:\windows\system32\javaw.exe
- 2010-10-31 17:54 . 2010-09-15 08:50 145184 c:\windows\system32\java.exe
+ 2011-10-20 15:58 . 2011-10-03 09:06 145184 c:\windows\system32\java.exe
+ 2007-11-16 21:20 . 2011-10-10 14:22 692736 c:\windows\system32\inetcomm.dll
- 2007-11-16 21:20 . 2011-05-02 15:31 692736 c:\windows\system32\inetcomm.dll
- 2004-08-04 12:00 . 2011-08-22 23:48 184320 c:\windows\system32\iepeers.dll
+ 2004-08-04 12:00 . 2011-12-17 19:46 184320 c:\windows\system32\iepeers.dll
+ 2004-08-04 12:00 . 2011-12-17 19:46 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-04 12:00 . 2011-08-22 23:48 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-04 12:00 . 2011-08-22 11:56 174080 c:\windows\system32\ie4uinit.exe
+ 2004-08-04 12:00 . 2011-12-16 12:23 174080 c:\windows\system32\ie4uinit.exe
- 2007-11-16 16:08 . 2011-10-16 07:32 256656 c:\windows\system32\FNTCACHE.DAT
+ 2007-11-16 16:08 . 2012-02-16 08:45 256656 c:\windows\system32\FNTCACHE.DAT
- 2004-08-04 12:00 . 2011-02-09 13:53 186880 c:\windows\system32\encdec.dll
+ 2004-08-04 12:00 . 2011-10-18 11:13 186880 c:\windows\system32\encdec.dll
+ 2011-04-26 11:07 . 2011-11-25 21:57 293376 c:\windows\system32\dllcache\winsrv.dll
- 2011-04-26 11:07 . 2011-06-20 17:44 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2011-10-14 14:47 . 2011-10-14 14:47 176128 c:\windows\system32\dllcache\winmm.dll
+ 2004-08-04 12:00 . 2011-12-17 19:46 916992 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:30 . 2011-11-16 14:21 354816 c:\windows\system32\dllcache\winhttp.dll
- 2008-12-16 12:30 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
- 2004-08-04 12:00 . 2011-08-22 23:48 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-04 12:00 . 2011-12-17 19:46 105984 c:\windows\system32\dllcache\url.dll
+ 2008-12-05 06:54 . 2011-11-16 14:21 152064 c:\windows\system32\dllcache\schannel.dll
+ 2011-11-03 15:28 . 2011-11-03 15:28 386048 c:\windows\system32\dllcache\qdvd.dll
- 2004-08-04 12:00 . 2011-08-22 23:48 206848 c:\windows\system32\dllcache\occache.dll
+ 2004-08-04 12:00 . 2011-12-17 19:46 206848 c:\windows\system32\dllcache\occache.dll
- 2004-08-04 12:00 . 2011-08-22 23:48 611840 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 12:00 . 2011-12-17 19:46 611840 c:\windows\system32\dllcache\mstime.dll
- 2007-12-24 20:52 . 2011-08-22 23:48 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2007-12-24 20:52 . 2011-12-17 19:46 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2010-01-29 15:01 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2010-01-29 15:01 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2010-10-31 19:52 . 2011-08-22 23:48 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2010-10-31 19:52 . 2011-12-17 19:46 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2004-08-04 12:00 . 2011-12-17 19:46 184320 c:\windows\system32\dllcache\iepeers.dll
- 2004-08-04 12:00 . 2011-08-22 23:48 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-10-31 19:53 . 2011-08-22 23:48 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-10-31 19:53 . 2011-12-17 19:46 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2004-08-04 12:00 . 2011-12-17 19:46 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2004-08-04 12:00 . 2011-08-22 23:48 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-04 12:00 . 2011-12-16 12:23 174080 c:\windows\system32\dllcache\ie4uinit.exe
- 2004-08-04 12:00 . 2011-08-22 11:56 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2011-02-09 13:53 . 2011-10-18 11:13 186880 c:\windows\system32\dllcache\encdec.dll
- 2011-02-09 13:53 . 2011-02-09 13:53 186880 c:\windows\system32\dllcache\encdec.dll
+ 2011-09-03 10:17 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll
- 2011-09-03 10:17 . 2011-09-09 09:12 599040 c:\windows\system32\dllcache\crypt32.dll
+ 2010-10-31 17:54 . 2011-10-03 09:06 472808 c:\windows\system32\deployJava1.dll
- 2010-10-31 17:54 . 2010-09-15 08:50 472808 c:\windows\system32\deployJava1.dll
- 2004-08-04 12:00 . 2011-09-09 09:12 599040 c:\windows\system32\crypt32.dll
+ 2004-08-04 12:00 . 2011-09-28 07:06 599040 c:\windows\system32\crypt32.dll
+ 2011-12-25 08:49 . 2011-12-25 08:49 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2011-11-24 19:18 . 1997-07-14 22:42 314880 c:\windows\IsUninst.exe
+ 2011-10-20 15:58 . 2011-10-20 15:58 203776 c:\windows\Installer\77b7778.msi
+ 2011-12-25 10:40 . 2011-12-25 10:40 819200 c:\windows\Installer\25760e55.msp
+ 2007-11-18 19:34 . 2012-02-16 08:01 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-11-18 19:34 . 2011-10-16 07:00 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-11-18 19:34 . 2012-02-16 08:01 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-11-18 19:34 . 2011-10-16 07:00 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-11-18 19:34 . 2011-10-16 07:00 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-11-18 19:34 . 2012-02-16 08:01 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-11-18 19:34 . 2011-10-16 07:00 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-11-18 19:34 . 2012-02-16 08:01 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-11-18 19:34 . 2012-02-16 08:01 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-11-18 19:34 . 2011-10-16 07:00 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-11-18 19:34 . 2011-10-16 07:00 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-11-18 19:34 . 2012-02-16 08:01 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 103848 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlrShim.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2012-02-16 08:04 . 2011-11-04 19:20 916992 c:\windows\ie8updates\KB2647516-IE8\wininet.dll
+ 2012-02-16 08:04 . 2011-11-04 19:20 105984 c:\windows\ie8updates\KB2647516-IE8\url.dll
+ 2012-02-16 08:04 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2647516-IE8\spuninst\updspapi.dll
+ 2012-02-16 08:04 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2647516-IE8\spuninst\spuninst.exe
+ 2012-02-16 08:04 . 2011-11-04 19:20 206848 c:\windows\ie8updates\KB2647516-IE8\occache.dll
+ 2012-02-16 08:04 . 2011-11-04 19:20 611840 c:\windows\ie8updates\KB2647516-IE8\mstime.dll
+ 2012-02-16 08:04 . 2011-11-04 19:20 602112 c:\windows\ie8updates\KB2647516-IE8\msfeeds.dll
+ 2012-02-16 08:04 . 2011-11-04 19:20 247808 c:\windows\ie8updates\KB2647516-IE8\ieproxy.dll
+ 2012-02-16 08:04 . 2011-11-04 19:20 184320 c:\windows\ie8updates\KB2647516-IE8\iepeers.dll
+ 2012-02-16 08:04 . 2011-11-04 19:20 743424 c:\windows\ie8updates\KB2647516-IE8\iedvtool.dll
+ 2012-02-16 08:04 . 2011-11-04 19:20 387584 c:\windows\ie8updates\KB2647516-IE8\iedkcs32.dll
+ 2012-02-16 08:04 . 2011-11-04 11:24 174080 c:\windows\ie8updates\KB2647516-IE8\ie4uinit.exe
+ 2011-12-15 08:10 . 2011-08-22 23:48 916480 c:\windows\ie8updates\KB2618444-IE8\wininet.dll
+ 2011-12-15 08:10 . 2011-08-22 23:48 105984 c:\windows\ie8updates\KB2618444-IE8\url.dll
+ 2011-12-15 08:10 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2618444-IE8\spuninst\updspapi.dll
+ 2011-12-15 08:10 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2618444-IE8\spuninst\spuninst.exe
+ 2011-12-15 08:10 . 2011-08-22 23:48 206848 c:\windows\ie8updates\KB2618444-IE8\occache.dll
+ 2011-12-15 08:10 . 2011-08-22 23:48 611840 c:\windows\ie8updates\KB2618444-IE8\mstime.dll
+ 2011-12-15 08:10 . 2011-08-22 23:48 602112 c:\windows\ie8updates\KB2618444-IE8\msfeeds.dll
+ 2011-12-15 08:10 . 2011-08-22 23:48 247808 c:\windows\ie8updates\KB2618444-IE8\ieproxy.dll
+ 2011-12-15 08:10 . 2011-08-22 23:48 184320 c:\windows\ie8updates\KB2618444-IE8\iepeers.dll
+ 2011-12-15 08:10 . 2011-08-22 23:48 743424 c:\windows\ie8updates\KB2618444-IE8\iedvtool.dll
+ 2011-12-15 08:10 . 2011-08-22 23:48 387584 c:\windows\ie8updates\KB2618444-IE8\iedkcs32.dll
+ 2011-12-15 08:10 . 2011-08-22 11:56 174080 c:\windows\ie8updates\KB2618444-IE8\ie4uinit.exe
+ 2012-02-16 08:52 . 2012-02-16 08:52 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\edc5691acfb65ac37f49de2ec497083a\WsatConfig.ni.exe
+ 2012-02-16 08:49 . 2012-02-16 08:49 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\4ad8369d6a60765d7e9b43cdf9023f41\WindowsFormsIntegration.ni.dll
+ 2012-02-16 08:49 . 2012-02-16 08:49 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\68f4157e570c77df653057c0583395bd\UIAutomationClient.ni.dll
+ 2012-02-16 08:54 . 2012-02-16 08:54 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c2a12bd4056b44f8005a7eb3af161e6a\System.Xml.Linq.ni.dll
+ 2012-02-16 08:53 . 2012-02-16 08:53 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\fc63b434b2f253cd27625487f7b02ac0\System.Web.Routing.ni.dll
+ 2012-02-16 08:48 . 2012-02-16 08:48 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\67877f896b2b0e42286e838fe307f3fd\System.Web.RegularExpressions.ni.dll
+ 2012-02-16 08:53 . 2012-02-16 08:53 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\86650d4fb220f94f25bb5da42a03d454\System.Web.Extensions.Design.ni.dll
+ 2012-02-16 08:53 . 2012-02-16 08:53 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\654465871e547e131668874de7c60b8c\System.Web.Entity.ni.dll
+ 2012-02-16 08:53 . 2012-02-16 08:53 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f0d6895f6e709d425cb5da6053c603d2\System.Web.Entity.Design.ni.dll
+ 2012-02-16 08:53 . 2012-02-16 08:53 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3f3b7dc7208e302e39a2dfb5b2cb953b\System.Web.DynamicData.ni.dll
+ 2012-02-16 08:53 . 2012-02-16 08:53 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\e9cddd213343f15d611b14620d649bb0\System.Web.Abstractions.ni.dll
+ 2012-02-16 08:38 . 2012-02-16 08:38 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f25d114cb629d1f512f98883c6535a75\System.Transactions.ni.dll
+ 2012-02-16 08:48 . 2012-02-16 08:48 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
+ 2012-02-16 08:27 . 2012-02-16 08:27 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\5fb9981f4147b537b53be9d58bf4e9b4\System.Security.ni.dll
+ 2012-02-16 08:32 . 2012-02-16 08:32 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1335dd98ce5ce22ad1f51cc274ca5a1d\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-16 08:39 . 2012-02-16 08:39 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c14e58265386feb509cc61bb5e8dd296\System.Runtime.Remoting.ni.dll
+ 2012-02-16 08:53 . 2012-02-16 08:53 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\a4b2b1ee81acd843970d9a81b281f1c1\System.Net.ni.dll
+ 2012-02-16 08:54 . 2012-02-16 08:54 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\ab7515dcbeff3f7d9533902e98278283\System.Messaging.ni.dll
+ 2012-02-16 08:53 . 2012-02-16 08:53 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
+ 2012-02-16 08:53 . 2012-02-16 08:53 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e3436edde657a5111d39d5b2eecf9715\System.Management.Instrumentation.ni.dll
+ 2012-02-16 08:51 . 2012-02-16 08:51 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\974ded7dd3bca225a1b90de778846c78\System.IO.Log.ni.dll
+ 2012-02-16 08:51 . 2012-02-16 08:51 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\01eba24390736a59c39becd825b5756e\System.IdentityModel.Selectors.ni.dll
+ 2012-02-16 08:39 . 2012-02-16 08:39 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.Wrapper.dll
+ 2012-02-16 08:39 . 2012-02-16 08:39 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.ni.dll
+ 2012-02-16 08:48 . 2012-02-16 08:48 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\e9ae7ae6d1e9edc7aaf819889cd1c692\System.Drawing.Design.ni.dll
+ 2012-02-16 08:48 . 2012-02-16 08:48 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\78a370dc153011708dd9e4cb0e606bfc\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-16 08:53 . 2012-02-16 08:53 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\6e644fc7464d9fe23fc9cd6001296f2f\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-16 08:53 . 2012-02-16 08:53 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\bac39be66bb9f987c1948b766833f8e6\System.Data.Services.Client.ni.dll
+ 2012-02-16 08:53 . 2012-02-16 08:53 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\2b5ecd231320e57010043c408783d80b\System.Data.Services.Design.ni.dll
+ 2012-02-16 08:53 . 2012-02-16 08:53 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\4ac9ac2326720485aefd4d79d2024945\System.Data.Entity.Design.ni.dll
+ 2012-02-16 08:52 . 2012-02-16 08:52 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\d504d550fd0a6994fcb1466ea7be92af\System.Data.DataSetExtensions.ni.dll
+ 2012-02-16 08:26 . 2012-02-16 08:26 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
+ 2012-02-16 08:48 . 2012-02-16 08:48 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\28637135c6939e74450bbbf110b12643\System.Configuration.Install.ni.dll
+ 2012-02-16 08:52 . 2012-02-16 08:52 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\958b5c0114d664ab5ba72575c301e2ea\System.AddIn.ni.dll
+ 2012-02-16 08:52 . 2012-02-16 08:52 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\4dcff3b0e79fc27e31549bb2af00efb5\SMSvcHost.ni.exe
+ 2012-02-16 08:52 . 2012-02-16 08:52 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\bd3bfd5b6ef659dac4d6cccb34577d33\SMDiagnostics.ni.dll
+ 2012-02-16 08:52 . 2012-02-16 08:52 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\edec83be646eb52204c991371751a428\ServiceModelReg.ni.exe
+ 2012-02-16 08:49 . 2012-02-16 08:49 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\52015457bc28e7a9a563d9eab8ab0015\PresentationFramework.Royale.ni.dll
+ 2012-02-16 08:49 . 2012-02-16 08:49 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\46a680814559114706a33282e9df4b7a\PresentationFramework.Classic.ni.dll
+ 2012-02-16 08:48 . 2012-02-16 08:48 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2713754549b1114c9152d33efe5f72c7\PresentationFramework.Aero.ni.dll
+ 2012-02-16 08:49 . 2012-02-16 08:49 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1552f18ca434c1dca6d082df476d089a\PresentationFramework.Luna.ni.dll
+ 2012-02-16 08:52 . 2012-02-16 08:52 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7c51497b188c82e2ccbe6315549ce023\MSBuild.ni.exe
+ 2012-02-16 08:52 . 2012-02-16 08:52 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f0f6dd614d294295c5d8386cc4192034\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-16 08:28 . 2012-02-16 08:28 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\fd1338828beec8737fed8f50f4fcc567\Microsoft.Build.Utilities.ni.dll
+ 2012-02-16 08:52 . 2012-02-16 08:52 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\0d5f999c4b7e51151548c37c676c1b8e\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-02-16 08:52 . 2012-02-16 08:52 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\792168ce8fe03a3db43e12cf736cf91e\Microsoft.Build.Engine.ni.dll
+ 2012-02-16 08:52 . 2012-02-16 08:52 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\0a5277c34ddc1f55df1defb4231e814f\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-02-16 08:51 . 2012-02-16 08:51 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a8df37aadb089f1f34d3d2f103966fbc\ComSvcConfig.ni.exe
+ 2012-02-16 08:51 . 2012-02-16 08:51 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\25ce400b547f517258c8afb0480390ea\AspNetMMCExt.ni.dll
+ 2012-02-16 08:20 . 2012-02-16 08:20 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-02-16 08:20 . 2012-02-16 08:20 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-02-16 08:21 . 2012-02-16 08:21 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-02-16 08:21 . 2012-02-16 08:21 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-02-16 08:21 . 2012-02-16 08:21 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-02-16 08:21 . 2012-02-16 08:21 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-02-16 08:21 . 2012-02-16 08:21 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-02-16 08:21 . 2012-02-16 08:21 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-02-16 08:21 . 2012-02-16 08:21 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-02-16 08:21 . 2012-02-16 08:21 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-02-16 08:20 . 2012-02-16 08:20 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-10-16 07:13 . 2011-10-16 07:13 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-02-16 08:21 . 2012-02-16 08:21 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-10-16 07:13 . 2011-10-16 07:13 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-02-16 08:21 . 2012-02-16 08:21 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-02-16 08:21 . 2012-02-16 08:21 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-02-16 08:21 . 2012-02-16 08:21 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-02-16 08:21 . 2012-02-16 08:21 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-02-16 08:21 . 2012-02-16 08:21 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-02-16 08:21 . 2012-02-16 08:21 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-02-16 08:21 . 2012-02-16 08:21 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-02-16 08:21 . 2012-02-16 08:21 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-02-16 08:21 . 2012-02-16 08:21 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-02-16 08:20 . 2012-02-16 08:20 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-02-16 08:21 . 2012-02-16 08:21 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-02-16 08:21 . 2012-02-16 08:21 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-02-16 08:21 . 2012-02-16 08:21 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-02-16 08:21 . 2012-02-16 08:21 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-01-11 08:35 . 2011-06-20 17:44 293376 c:\windows\$NtUninstallKB2646524$\winsrv.dll
+ 2012-01-11 08:35 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2646524$\spuninst\updspapi.dll
+ 2012-01-11 08:35 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2646524$\spuninst\spuninst.exe
+ 2011-11-12 08:01 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2641690$\spuninst\updspapi.dll
+ 2011-11-12 08:01 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2641690$\spuninst\spuninst.exe
+ 2011-11-12 08:01 . 2011-09-09 09:12 599040 c:\windows\$NtUninstallKB2641690$\crypt32.dll
+ 2011-12-15 08:11 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2639417$\spuninst\updspapi.dll
+ 2011-12-15 08:11 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2639417$\spuninst\spuninst.exe
+ 2011-12-15 08:03 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2633952$\spuninst\updspapi.dll
+ 2011-12-15 08:03 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2633952$\spuninst\spuninst.exe
+ 2011-12-15 08:01 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2633171$\spuninst\updspapi.dll
+ 2011-12-15 08:01 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2633171$\spuninst\spuninst.exe
+ 2012-01-11 08:34 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2631813$\spuninst\updspapi.dll
+ 2012-01-11 08:34 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2631813$\spuninst\spuninst.exe
+ 2012-01-11 08:34 . 2008-04-14 00:12 386048 c:\windows\$NtUninstallKB2631813$\qdvd.dll
+ 2011-12-15 08:11 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2624667$\spuninst\updspapi.dll
+ 2011-12-15 08:11 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2624667$\spuninst\spuninst.exe
+ 2011-12-15 08:02 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2620712$\spuninst\updspapi.dll
+ 2011-12-15 08:02 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2620712$\spuninst\spuninst.exe
+ 2011-12-15 08:02 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2619339$\spuninst\updspapi.dll
+ 2011-12-15 08:02 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2619339$\spuninst\spuninst.exe
+ 2011-12-15 08:02 . 2011-02-09 13:53 186880 c:\windows\$NtUninstallKB2619339$\encdec.dll
+ 2011-12-15 08:02 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2618451$\spuninst\updspapi.dll
+ 2011-12-15 08:02 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2618451$\spuninst\spuninst.exe
+ 2012-01-11 08:02 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2603381$\spuninst\updspapi.dll
+ 2012-01-11 08:02 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2603381$\spuninst\spuninst.exe
+ 2012-01-11 08:13 . 2008-04-14 00:12 176128 c:\windows\$NtUninstallKB2598479$\winmm.dll
+ 2012-01-11 08:13 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2598479$\spuninst\updspapi.dll
+ 2012-01-11 08:13 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2598479$\spuninst\spuninst.exe
+ 2012-01-26 08:01 . 2009-08-25 09:17 354816 c:\windows\$NtUninstallKB2585542$\winhttp.dll
+ 2012-01-26 08:01 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2585542$\spuninst\updspapi.dll
+ 2012-01-26 08:01 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2585542$\spuninst\spuninst.exe
+ 2012-01-26 08:01 . 2011-04-29 17:25 151552 c:\windows\$NtUninstallKB2585542$\schannel.dll
+ 2012-01-11 08:01 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2584146$\spuninst\updspapi.dll
+ 2012-01-11 08:01 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2584146$\spuninst\spuninst.exe
+ 2011-11-09 08:07 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2544893-v2$\spuninst\updspapi.dll
+ 2011-11-09 08:07 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2544893-v2$\spuninst\spuninst.exe
+ 2011-11-09 08:07 . 2011-05-02 15:31 692736 c:\windows\$NtUninstallKB2544893-v2$\inetcomm.dll
+ 2012-01-11 08:35 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2646524\update\updspapi.dll
+ 2012-01-11 08:35 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2646524\update\update.exe
+ 2012-01-11 08:35 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2646524\spuninst.exe
+ 2011-11-25 21:56 . 2011-11-25 21:56 293376 c:\windows\$hf_mig$\KB2646524\SP3QFE\winsrv.dll
+ 2011-11-12 08:01 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2641690\update\updspapi.dll
+ 2011-11-12 08:01 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2641690\update\update.exe
+ 2011-11-12 08:01 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2641690\spuninst.exe
+ 2011-09-28 07:05 . 2011-09-28 07:05 599552 c:\windows\$hf_mig$\KB2641690\SP3QFE\crypt32.dll
+ 2011-12-15 08:11 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2639417\update\updspapi.dll
+ 2011-12-15 08:11 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2639417\update\update.exe
+ 2011-12-15 08:11 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2639417\spuninst.exe
+ 2011-12-15 08:01 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2633171\update\updspapi.dll
+ 2011-12-15 08:01 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2633171\update\update.exe
+ 2011-12-15 08:01 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2633171\spuninst.exe
+ 2012-01-11 08:34 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2631813\update\updspapi.dll
+ 2012-01-11 08:34 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2631813\update\update.exe
+ 2012-01-11 08:34 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2631813\spuninst.exe
+ 2011-11-03 15:27 . 2011-11-03 15:27 386048 c:\windows\$hf_mig$\KB2631813\SP3QFE\qdvd.dll
+ 2011-12-15 08:11 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2624667\update\updspapi.dll
+ 2011-12-15 08:11 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2624667\update\update.exe
+ 2011-12-15 08:11 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2624667\spuninst.exe
+ 2011-12-15 08:02 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2620712\update\updspapi.dll
+ 2011-12-15 08:02 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2620712\update\update.exe
+ 2011-12-15 08:02 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2620712\spuninst.exe
+ 2011-12-15 08:02 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2619339\update\updspapi.dll
+ 2011-12-15 08:02 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2619339\update\update.exe
+ 2011-12-15 08:02 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2619339\spuninst.exe
+ 2011-10-18 11:12 . 2011-10-18 11:12 186880 c:\windows\$hf_mig$\KB2619339\SP3QFE\encdec.dll
+ 2011-12-15 08:02 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2618451\update\updspapi.dll
+ 2011-12-15 08:02 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2618451\update\update.exe
+ 2011-12-15 08:02 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2618451\spuninst.exe
+ 2011-12-15 08:10 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2618444-IE8\update\updspapi.dll
+ 2011-12-15 08:10 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2618444-IE8\update\update.exe
+ 2011-12-15 08:10 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2618444-IE8\spuninst.exe
+ 2011-12-14 11:56 . 2011-11-04 19:19 919552 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\wininet.dll
+ 2011-12-14 11:56 . 2011-11-04 19:19 105984 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\url.dll
+ 2011-12-14 11:57 . 2011-11-04 19:19 206848 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\occache.dll
+ 2011-12-14 11:57 . 2011-11-04 19:19 611840 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\mstime.dll
+ 2011-12-14 11:57 . 2011-11-04 19:19 602112 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\msfeeds.dll
+ 2011-12-14 11:56 . 2011-11-04 19:19 247808 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\ieproxy.dll
+ 2011-12-14 11:57 . 2011-11-04 19:19 184320 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\iepeers.dll
+ 2011-12-14 11:57 . 2011-11-04 19:19 743424 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\iedvtool.dll
+ 2011-12-14 11:56 . 2011-11-04 19:19 387584 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\iedkcs32.dll
+ 2011-12-14 11:56 . 2011-10-25 12:01 174080 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\ie4uinit.exe
+ 2012-01-11 08:02 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2603381\update\updspapi.dll
+ 2012-01-11 08:02 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2603381\update\update.exe
+ 2012-01-11 08:02 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2603381\spuninst.exe
+ 2012-01-11 08:13 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2598479\update\updspapi.dll
+ 2012-01-11 08:13 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2598479\update\update.exe
+ 2012-01-11 08:13 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2598479\spuninst.exe
+ 2011-10-14 14:45 . 2011-10-14 14:45 176128 c:\windows\$hf_mig$\KB2598479\SP3QFE\winmm.dll
+ 2012-01-26 08:01 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2585542\update\updspapi.dll
+ 2012-01-26 08:01 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2585542\update\update.exe
+ 2012-01-26 08:01 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2585542\spuninst.exe
+ 2011-11-16 14:20 . 2011-11-16 14:20 354816 c:\windows\$hf_mig$\KB2585542\SP3QFE\winhttp.dll
+ 2011-11-16 14:20 . 2011-11-16 14:20 152064 c:\windows\$hf_mig$\KB2585542\SP3QFE\schannel.dll
+ 2012-01-11 08:01 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2584146\update\updspapi.dll
+ 2012-01-11 08:01 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2584146\update\update.exe
+ 2012-01-11 08:01 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2584146\spuninst.exe
+ 2011-11-09 08:07 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2544893-v2\update\updspapi.dll
+ 2011-11-09 08:07 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2544893-v2\update\update.exe
+ 2011-11-09 08:07 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2544893-v2\spuninst.exe
+ 2011-10-10 14:21 . 2011-10-10 14:21 692736 c:\windows\$hf_mig$\KB2544893-v2\SP3QFE\inetcomm.dll
+ 2004-08-04 12:00 . 2011-12-17 19:46 1212416 c:\windows\system32\urlmon.dll
- 2004-08-04 12:00 . 2011-08-22 23:48 1212416 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2011-11-03 15:28 1292288 c:\windows\system32\quartz.dll
+ 2004-08-04 12:00 . 2011-11-01 16:07 1288704 c:\windows\system32\ole32.dll
+ 2004-08-04 12:00 . 2011-10-25 13:37 2148864 c:\windows\system32\ntoskrnl.exe
- 2004-08-04 12:00 . 2010-12-09 13:42 2148864 c:\windows\system32\ntoskrnl.exe
+ 2004-08-03 22:59 . 2011-10-25 12:52 2027008 c:\windows\system32\ntkrnlpa.exe
- 2004-08-03 22:59 . 2010-12-09 13:07 2027008 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-04 12:00 . 2011-12-17 19:46 5979136 c:\windows\system32\mshtml.dll
+ 2011-11-22 15:50 . 2011-11-22 15:50 1503232 c:\windows\system32\Macromed\Shockwave 10\dirapiX.dll
+ 2010-01-27 01:07 . 2011-11-11 21:00 8527008 c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2007-08-13 23:34 . 2011-08-22 23:48 2000384 c:\windows\system32\iertutil.dll
+ 2007-08-13 23:34 . 2011-12-17 19:46 2000384 c:\windows\system32\iertutil.dll
+ 2010-05-02 05:22 . 2012-01-12 16:53 1859968 c:\windows\system32\dllcache\win32k.sys
- 2004-08-04 12:00 . 2011-08-22 23:48 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 12:00 . 2011-12-17 19:46 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2009-11-27 17:11 . 2011-11-03 15:28 1292288 c:\windows\system32\dllcache\quartz.dll
+ 2010-07-16 12:05 . 2011-11-01 16:07 1288704 c:\windows\system32\dllcache\ole32.dll
- 2010-10-31 19:06 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2010-10-31 19:06 . 2011-10-25 13:33 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
- 2010-10-31 19:06 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2010-10-31 19:06 . 2011-10-25 12:52 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-07 23:02 . 2011-10-25 12:52 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-02-07 23:02 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2010-10-31 19:06 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2010-10-31 19:06 . 2011-10-25 13:37 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2004-08-04 12:00 . 2011-12-17 19:46 5979136 c:\windows\system32\dllcache\mshtml.dll
+ 2007-12-24 20:52 . 2011-12-17 19:46 2000384 c:\windows\system32\dllcache\iertutil.dll
- 2007-12-24 20:52 . 2011-08-22 23:48 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2011-12-25 08:50 . 2011-12-25 08:50 5246976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2011-10-26 08:39 . 2011-10-26 08:39 3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-10-20 16:04 . 2011-10-20 16:04 2295808 c:\windows\Installer\77b783e.msi
+ 2011-11-03 18:31 . 2011-11-03 18:31 5525504 c:\windows\Installer\493449a1.msp
+ 2011-12-29 02:26 . 2011-12-29 02:26 5087744 c:\windows\Installer\46c9a9c9.msi
+ 2011-12-06 20:22 . 2011-12-06 20:22 5519360 c:\windows\Installer\25949bff.msp
+ 2011-12-26 14:59 . 2011-12-26 14:59 4368896 c:\windows\Installer\25760e4c.msp
+ 2011-10-31 03:54 . 2011-10-31 03:54 2748416 c:\windows\Installer\24ee4414.msp
+ 2012-01-25 19:55 . 2012-01-25 19:55 5520384 c:\windows\Installer\24dfc830.msp
+ 2011-11-01 18:34 . 2011-11-01 18:34 1552384 c:\windows\Installer\15308dbf.msp
+ 2011-11-01 18:34 . 2011-11-01 18:34 2531840 c:\windows\Installer\15308db5.msp
+ 2011-11-17 15:55 . 2011-11-17 15:55 5522944 c:\windows\Installer\15308dab.msp
+ 2011-11-11 21:16 . 2011-11-11 21:16 8458240 c:\windows\Installer\15308d94.msp
+ 2011-06-06 16:55 . 2011-06-06 16:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2012-02-16 08:04 . 2011-11-04 19:20 1212416 c:\windows\ie8updates\KB2647516-IE8\urlmon.dll
+ 2012-02-16 08:04 . 2011-11-04 19:20 5978112 c:\windows\ie8updates\KB2647516-IE8\mshtml.dll
+ 2012-02-16 08:04 . 2011-11-04 19:20 2000384 c:\windows\ie8updates\KB2647516-IE8\iertutil.dll
+ 2011-12-15 08:10 . 2011-08-22 23:48 1212416 c:\windows\ie8updates\KB2618444-IE8\urlmon.dll
+ 2011-12-15 08:10 . 2011-10-03 08:35 5971456 c:\windows\ie8updates\KB2618444-IE8\mshtml.dll
+ 2011-12-15 08:10 . 2011-08-22 23:48 2000384 c:\windows\ie8updates\KB2618444-IE8\iertutil.dll
+ 2010-10-31 19:06 . 2011-10-25 13:33 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2010-10-31 19:06 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2010-10-31 19:06 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2010-10-31 19:06 . 2011-10-25 12:52 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-07 23:02 . 2011-10-25 12:52 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-02-07 23:02 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2010-10-31 19:06 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-10-31 19:06 . 2011-10-25 13:37 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2012-02-16 08:29 . 2012-02-16 08:29 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\174c2f776741812aed02c337bbcd1dae\WindowsBase.ni.dll
+ 2012-02-16 08:49 . 2012-02-16 08:49 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\94f5164ff4f664c5e4e7fb4c3af1abad\UIAutomationClientsideProviders.ni.dll
+ 2012-02-16 08:25 . 2012-02-16 08:25 7953408 c:\windows\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
+ 2012-02-16 08:26 . 2012-02-16 08:26 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
+ 2012-02-16 08:54 . 2012-02-16 08:54 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\c4c671c737b553db8e07664816475333\System.WorkflowServices.ni.dll
+ 2012-02-16 08:54 . 2012-02-16 08:54 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\248ea47105ff4af6ee75e6fdd5b450a1\System.Workflow.Runtime.ni.dll
+ 2012-02-16 08:54 . 2012-02-16 08:54 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\80a288b6611668160334668cc2608e4a\System.Workflow.ComponentModel.ni.dll
+ 2012-02-16 08:53 . 2012-02-16 08:53 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\4c27548df5897320840ee0d65db38742\System.Workflow.Activities.ni.dll
+ 2012-02-16 08:47 . 2012-02-16 08:47 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e9ba004858dcdb5958d86f26f043f85a\System.Web.Services.ni.dll
+ 2012-02-16 08:53 . 2012-02-16 08:53 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\030cde14924eefebc06c240dbfe093a4\System.Web.Mobile.ni.dll
+ 2012-02-16 08:53 . 2012-02-16 08:53 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6379c8ca8ae11effb415139990923ff1\System.Web.Extensions.ni.dll
+ 2012-02-16 08:49 . 2012-02-16 08:49 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\e456140d5d6c43d7383bd36d3f9e12c6\System.Speech.ni.dll
+ 2012-02-16 08:53 . 2012-02-16 08:53 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\285dfbf2380436e187cb624bd1cd4683\System.ServiceModel.Web.ni.dll
+ 2012-02-16 08:51 . 2012-02-16 08:51 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f2532204217dc10f152afd077b09927c\System.Runtime.Serialization.ni.dll
+ 2012-02-16 08:37 . 2012-02-16 08:37 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\d51e6bb07124a1d780d1e024858e0dc1\System.Printing.ni.dll
+ 2012-02-16 08:51 . 2012-02-16 08:51 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\8ef05061cd205c4f2a8583d97f32a603\System.IdentityModel.ni.dll
+ 2012-02-16 08:31 . 2012-02-16 08:31 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
+ 2012-02-16 08:37 . 2012-02-16 08:37 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\77d0e93f024055d04c07cc2700b4c590\System.DirectoryServices.ni.dll
+ 2012-02-16 08:31 . 2012-02-16 08:31 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\707a05a7d5a8d99dd56d1d50311a60d2\System.Deployment.ni.dll
+ 2012-02-16 08:38 . 2012-02-16 08:38 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll
+ 2012-02-16 08:27 . 2012-02-16 08:27 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\857300fa64d09c69125451fd8894f3da\System.Data.SqlXml.ni.dll
+ 2012-02-16 08:53 . 2012-02-16 08:53 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\e9d4a1fb13572c769ddd9b86e55baab4\System.Data.Services.ni.dll
+ 2012-02-16 08:48 . 2012-02-16 08:48 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\3f2e74586111fb32d5edc059f709fa94\System.Data.OracleClient.ni.dll
+ 2012-02-16 08:49 . 2012-02-16 08:49 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3d9c33f71d15a3e2e240092a244eba3\System.Data.Linq.ni.dll
+ 2012-02-16 08:53 . 2012-02-16 08:53 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\424160369b301ccd1b6fd86265611955\System.Data.Entity.ni.dll
+ 2012-02-16 08:49 . 2012-02-16 08:49 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\0a6d6717e76be12295711ff02c7aa1d4\System.Core.ni.dll
+ 2012-02-16 08:37 . 2012-02-16 08:37 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\33cdfb4c322a528260016ac759230501\ReachFramework.ni.dll
+ 2012-02-16 08:36 . 2012-02-16 08:36 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a6def83aee1aaf3336675ce58ac09013\PresentationUI.ni.dll
+ 2012-02-16 08:25 . 2012-02-16 08:25 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\59cd6ce5a254006179eee92952cd2272\PresentationBuildTasks.ni.dll
+ 2012-02-16 08:52 . 2012-02-16 08:52 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\96e485c02ad346a2bd26a635e7fcb023\Microsoft.VisualBasic.ni.dll
+ 2012-02-16 08:52 . 2012-02-16 08:52 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f7071f9a1c0523540f6aa7f11c302fb6\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-16 08:53 . 2012-02-16 08:53 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\806b1d127ed3e906db972751e87585c4\Microsoft.JScript.ni.dll
+ 2012-02-16 08:52 . 2012-02-16 08:52 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\912789fd859e0887e10a935cade08e72\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-02-16 08:52 . 2012-02-16 08:52 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\6c1d3eec78906cc2a2ecffb013114c50\Microsoft.Build.Tasks.ni.dll
+ 2012-02-16 08:52 . 2012-02-16 08:52 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d6edd4b4619a9052d3dfe50c3067d5e0\Microsoft.Build.Engine.ni.dll
+ 2012-02-16 08:21 . 2012-02-16 08:21 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-02-16 08:21 . 2012-02-16 08:21 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-10-16 07:13 . 2011-10-16 07:13 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-02-16 08:20 . 2012-02-16 08:20 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-08-14 07:15 . 2011-08-14 07:15 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-11 08:12 . 2012-01-11 08:12 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-02-16 08:20 . 2012-02-16 08:20 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-02-16 08:20 . 2012-02-16 08:20 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-02-16 08:21 . 2012-02-16 08:21 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-02-16 08:21 . 2012-02-16 08:21 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-10-16 07:12 . 2011-10-16 07:12 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-12-15 08:11 . 2011-09-06 13:20 1858944 c:\windows\$NtUninstallKB2639417$\win32k.sys
+ 2011-12-15 08:01 . 2010-12-09 13:42 2148864 c:\windows\$NtUninstallKB2633171$\ntoskrnl.exe
+ 2011-12-15 08:01 . 2010-12-09 13:07 2027008 c:\windows\$NtUninstallKB2633171$\ntkrpamp.exe
+ 2011-12-15 08:01 . 2010-12-09 13:07 2027008 c:\windows\$NtUninstallKB2633171$\ntkrnlpa.exe
+ 2011-12-15 08:01 . 2010-12-09 13:42 2148864 c:\windows\$NtUninstallKB2633171$\ntkrnlmp.exe
+ 2012-01-11 08:34 . 2010-02-05 18:27 1291776 c:\windows\$NtUninstallKB2631813$\quartz.dll
+ 2011-12-15 08:11 . 2010-07-16 12:05 1288192 c:\windows\$NtUninstallKB2624667$\ole32.dll
+ 2011-11-23 13:29 . 2011-11-23 13:29 1868544 c:\windows\$hf_mig$\KB2639417\SP3QFE\win32k.sys
+ 2011-10-25 13:34 . 2011-10-25 13:34 2192768 c:\windows\$hf_mig$\KB2633171\SP3QFE\ntoskrnl.exe
+ 2011-10-25 12:52 . 2011-10-25 12:52 2027008 c:\windows\$hf_mig$\KB2633171\SP3QFE\ntkrpamp.exe
+ 2011-10-25 12:52 . 2011-10-25 12:52 2069376 c:\windows\$hf_mig$\KB2633171\SP3QFE\ntkrnlpa.exe
+ 2011-10-25 13:38 . 2011-10-25 13:38 2148864 c:\windows\$hf_mig$\KB2633171\SP3QFE\ntkrnlmp.exe
+ 2011-11-03 15:27 . 2011-11-03 15:27 1292288 c:\windows\$hf_mig$\KB2631813\SP3QFE\quartz.dll
+ 2011-11-01 16:05 . 2011-11-01 16:05 1289216 c:\windows\$hf_mig$\KB2624667\SP3QFE\ole32.dll
+ 2011-12-14 11:56 . 2011-11-04 19:19 1214464 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\urlmon.dll
+ 2011-12-14 11:56 . 2011-11-04 19:19 5978624 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\mshtml.dll
+ 2011-12-14 11:56 . 2011-11-04 19:19 2001408 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\iertutil.dll
+ 2007-11-21 03:00 . 2012-02-16 08:07 52550552 c:\windows\system32\MRT.exe
+ 2007-08-13 23:54 . 2011-12-18 19:46 11082240 c:\windows\system32\ieframe.dll
+ 2007-12-24 20:52 . 2011-12-18 19:46 11082240 c:\windows\system32\dllcache\ieframe.dll
+ 2012-01-03 17:58 . 2012-01-03 17:58 15929344 c:\windows\Installer\e5e4055.msp
+ 2011-09-05 21:51 . 2011-09-05 21:51 13135872 c:\windows\Installer\77b783f.msp
+ 2011-09-15 23:37 . 2011-09-15 23:37 38176256 c:\windows\Installer\47f21570.msp
+ 2011-06-06 16:55 . 2011-06-06 16:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
+ 2012-02-16 08:04 . 2011-11-04 19:20 11081728 c:\windows\ie8updates\KB2647516-IE8\ieframe.dll
+ 2011-12-15 08:10 . 2011-08-23 21:48 11081728 c:\windows\ie8updates\KB2618444-IE8\ieframe.dll
+ 2012-02-16 08:32 . 2012-02-16 08:32 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
+ 2012-02-16 08:47 . 2012-02-16 08:47 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll
+ 2012-02-16 08:51 . 2012-02-16 08:51 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1cdcd6d97627d345d5ff446e6ec88b97\System.ServiceModel.ni.dll
+ 2012-02-16 08:47 . 2012-02-16 08:48 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\7c8f8fb506c32500acc1b6190d054f26\System.Design.ni.dll
+ 2012-02-16 08:35 . 2012-02-16 08:35 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5060105fb9e169399fe45600b1e9215e\PresentationFramework.ni.dll
+ 2012-02-16 08:30 . 2012-02-16 08:30 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\0665bba8c9962deadc418881eb3a2a2a\PresentationCore.ni.dll
+ 2011-11-05 19:19 . 2011-11-05 19:19 11083776 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2011-05-03 487424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-12-10 67184]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-12-30 120640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2006-11-10 275968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-07 13902440]
"DLBXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [2007-02-22 73728]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lbjhfha]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-02-15 01:32 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 03:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\WINDOWS\\system32\\dlbxcoms.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Documents and Settings\\download\\ALICE\\alice.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\D-Link\\SharePort Utility\\Connect.exe"=
"c:\\Program Files\\Infogrames\\Putt Putt Goes to the Moon\\puttmoon.exe"=
"c:\\Program Files\\Infogrames\\Putt Putt Travels Through the Time\\puttttt.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19540:UDP"= 19540:UDP:SXUPTP
.
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/12/2008 9:14 PM 97928]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [12/28/2011 9:07 PM 239168]
R2 acachsrv;ActivClient Authentication Service;c:\program files\ActivIdentity\ActivClient\acachsrv.exe [11/10/2006 12:29 PM 74240]
R2 acautoup;ActivClient Auto-Update Service;c:\program files\ActivIdentity\ActivClient\acautoup.exe [11/10/2006 12:29 PM 26624]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [11/10/2006 12:29 PM 129536]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/12/2008 9:14 PM 76040]
R2 D-Link SharePort Helper;D-Link SharePort Helper;c:\program files\D-Link\SharePort Utility\Spnuhelper.exe [7/29/2011 8:51 PM 40960]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [7/24/2008 3:22 PM 102400]
R3 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [5/6/2010 8:49 PM 246920]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/16/2009 11:36 PM 135664]
S3 CFcatchme;CFcatchme;\??\c:\combofix\CFcatchme.sys --> c:\combofix\CFcatchme.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/16/2009 11:36 PM 135664]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [12/30/2004 1:19 PM 153416]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [10/25/2009 4:44 AM 57600]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [11/1/2009 3:22 PM 11520]
S4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/5/2008 8:54 AM 875288]
S4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/5/2008 8:54 AM 231704]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-17 04:35]
.
2012-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-17 04:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 192.168.0.1
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Work\Application Data\Mozilla\Firefox\Profiles\l7uh8fdz.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z065&partner_id=287&product_id=463&affiliate_id=&channel=9007&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110703&user_guid=FA56456F86A74845BEE9899503D0CD87&machine_id=444ec5a3db53b4516c0d21a844d87211&browser=FF&os=win&os_version=5.1-x86-SP2&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{6E13D095-45C3-4271-9475-F3B48227DD9F} - (no file)
HKCU-Run-14jsro1hvs - c:\documents and settings\Work\14jsro1hvs.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-10 08:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_SP1604N rev.TM100-30 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x89C4D2C6
user & kernel MBR OK
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1454471165-789336058-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:66,b0,18,b7,81,e5,5c,e9,13,34,e2,59,aa,15,ea,15,87,10,fe,5c,4c,1b,5e,
c3,7b,8b,b8,94,34,e6,01,cb,46,39,c1,dc,44,00,0c,84,61,90,12,ab,ef,02,84,60,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
[HKEY_USERS\S-1-5-21-1454471165-789336058-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:0c,00,8c,0c,34,19,0b,b6,a9,f3,de,61,79,da,e2,d0,15,41,80,af,78,
92,f7,19,db,31,87,48,0b,3e,f5,73,5a,b3,ca,61,c7,46,63,68,bb,87,6d,6e,b6,cc,\
"rkeysecu"=hex:cf,fd,36,ed,8f,83,8f,67,d5,d5,68,a4,04,da,e7,c7
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(540)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(608)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(4072)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\system32\dlbxcoms.exe
c:\program files\FolderSize\FolderSizeSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\WgaTray.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
.
**************************************************************************
.
Completion time: 2012-03-10 08:47:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-10 13:46
ComboFix2.txt 2011-10-19 12:06
ComboFix3.txt 2011-10-19 01:45
.
Pre-Run: 104,557,236,224 bytes free
Post-Run: 103,448,358,912 bytes free
.
- - End Of File - - 74EE41D3246210A0EB0ED5F7DF205CB0

#13 cra2

cra2
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 10 March 2012 - 06:29 PM

Just tried a google search.
The firefox plugin No Scripts wouldn't even let search results show.
At the bottom it said something about Scripts Partially Allowed (google.com/gstatic.com).

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:55 AM

Posted 10 March 2012 - 08:55 PM

Please disable the "no scripts" until we are finished cleaning


Please do the following:

Note: Please allow ComboFix to update if it asks to do so.


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lbjhfha]

File::
C:\Documents and Settings\Work\Local Settings\temp\12A0.tmp

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT



Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 cra2

cra2
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 10 March 2012 - 10:40 PM

ComboFix 12-03-10.01 - Work 03/10/2012 22:22:16.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1317 [GMT -5:00]
Running from: c:\documents and settings\Work\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Work\Desktop\CFScript.txt
AV: AVG *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Symantec AntiVirus Corporate Edition *Disabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
FILE ::
"c:\documents and settings\Work\Local Settings\temp\12A0.tmp"
.
.
((((((((((((((((((((((((( Files Created from 2012-02-11 to 2012-03-11 )))))))))))))))))))))))))))))))
.
.
2012-03-09 03:43 . 2012-03-09 03:43 -------- d-----w- c:\program files\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 16:53 . 2004-08-04 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-29 02:07 . 2011-12-29 02:07 239168 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-12-17 19:46 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-02-17 22:41 . 2012-02-16 22:46 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 16:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 17:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 19:30 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-07 04:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2011-05-03 487424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-12-10 67184]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-12-30 120640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2006-11-10 275968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-07 13902440]
"DLBXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [2007-02-22 73728]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-02-15 01:32 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 03:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\WINDOWS\\system32\\dlbxcoms.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Documents and Settings\\download\\ALICE\\alice.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\D-Link\\SharePort Utility\\Connect.exe"=
"c:\\Program Files\\Infogrames\\Putt Putt Goes to the Moon\\puttmoon.exe"=
"c:\\Program Files\\Infogrames\\Putt Putt Travels Through the Time\\puttttt.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19540:UDP"= 19540:UDP:SXUPTP
.
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/12/2008 9:14 PM 97928]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [12/28/2011 9:07 PM 239168]
R2 acachsrv;ActivClient Authentication Service;c:\program files\ActivIdentity\ActivClient\acachsrv.exe [11/10/2006 12:29 PM 74240]
R2 acautoup;ActivClient Auto-Update Service;c:\program files\ActivIdentity\ActivClient\acautoup.exe [11/10/2006 12:29 PM 26624]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [11/10/2006 12:29 PM 129536]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/12/2008 9:14 PM 76040]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [7/24/2008 3:22 PM 102400]
R3 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [5/6/2010 8:49 PM 246920]
S2 D-Link SharePort Helper;D-Link SharePort Helper;c:\program files\D-Link\SharePort Utility\Spnuhelper.exe [7/29/2011 8:51 PM 40960]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/16/2009 11:36 PM 135664]
S3 CFcatchme;CFcatchme;\??\c:\combofix\CFcatchme.sys --> c:\combofix\CFcatchme.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/16/2009 11:36 PM 135664]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [12/30/2004 1:19 PM 153416]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [10/25/2009 4:44 AM 57600]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [11/1/2009 3:22 PM 11520]
S4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/5/2008 8:54 AM 875288]
S4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/5/2008 8:54 AM 231704]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-17 04:35]
.
2012-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-17 04:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 192.168.0.1
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Work\Application Data\Mozilla\Firefox\Profiles\l7uh8fdz.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z065&partner_id=287&product_id=463&affiliate_id=&channel=9007&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110703&user_guid=FA56456F86A74845BEE9899503D0CD87&machine_id=444ec5a3db53b4516c0d21a844d87211&browser=FF&os=win&os_version=5.1-x86-SP2&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-10 22:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_SP1604N rev.TM100-30 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x89C4D2C6
user & kernel MBR OK
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1454471165-789336058-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:66,b0,18,b7,81,e5,5c,e9,13,34,e2,59,aa,15,ea,15,87,10,fe,5c,4c,1b,5e,
c3,7b,8b,b8,94,34,e6,01,cb,46,39,c1,dc,44,00,0c,84,61,90,12,ab,ef,02,84,60,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
[HKEY_USERS\S-1-5-21-1454471165-789336058-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:0c,00,8c,0c,34,19,0b,b6,a9,f3,de,61,79,da,e2,d0,15,41,80,af,78,
92,f7,19,db,31,87,48,0b,3e,f5,73,5a,b3,ca,61,c7,46,63,68,bb,87,6d,6e,b6,cc,\
"rkeysecu"=hex:cf,fd,36,ed,8f,83,8f,67,d5,d5,68,a4,04,da,e7,c7
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(540)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(608)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1136)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-03-10 22:38:49
ComboFix-quarantined-files.txt 2012-03-11 03:38
ComboFix2.txt 2012-03-10 13:47
ComboFix3.txt 2011-10-19 12:06
ComboFix4.txt 2011-10-19 01:45
.
Pre-Run: 103,461,871,616 bytes free
Post-Run: 103,443,423,232 bytes free
.
- - End Of File - - 3143526CEFAF6B8B1E9FF87F82F75ED8




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users