Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess Rootkit TCP/IP continually detected


  • This topic is locked This topic is locked
17 replies to this topic

#1 frenchfry

frenchfry

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 04 April 2012 - 02:59 PM

Continually getting messages that ZeroAccess Rootkit has been detected by combofix whenever I run it, however it never seems to clean the infection.

I also get a message from yorkyt.exe that it has found bad/infected files but likewise, it never seems to fix the problem.

I've run malwarebytes, securitycheck, tdsskiller and none of them are picking anything up.

Firefox has been running a little slower than normal and also I've gotten a popup to install flash, a few times when starting aol instand messenger (I already have flash installed), but that's the extent of what seems to be off now. I'm concerned something might still be lingering and worried about the possibility of a keylogger.

Attached Files



BC AdBot (Login to Remove)

 


#2 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:03:10 AM

Posted 09 April 2012 - 10:53 AM

Hello frenchfry,

My name is ratman and and I will be helping you with your computer problems.

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:

  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.

====================================================================================

I want you to run TDSSKiller:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe from Kaspersky's website and not TDSSKiller.zip.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

===================================================================================



We need to create an OTL Report
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

====================================================================================


In your next reply, please copy/paste the contents of the following:
  • TDSSKiller Log
  • OTL.txt
  • Extra.txt


How is your machine behaving now?
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#3 frenchfry

frenchfry
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 10 April 2012 - 05:28 PM

Hello ratman. PC seems to be running the same as it used to, or I should say as slow as it used to always run since it's fairly old. Still getting random popups to install flash player, adobe reader, divX, etc... But I finally decided to click on the popup update buttons and no viruses picked up by malwarebyes, tddskiller. Malwarebytes said it stopped an incoming IP from czech republic (213.226.197.243) and another one from england (I don't have the ip handy) while my PC was merely idling. No idea what that was about.

I'm not seeing a "Extra.txt" being created, I searched my PC for it several times as well as redid the scan several times and redownloaded OTL.

Attached Files



#4 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:03:10 AM

Posted 11 April 2012 - 06:29 AM

Hello frenchfry,

I'd like to see the contents of a previous Combofix report. Can you copy/paste (please don't attach logs - makes more difficult to read) contents of C:\qoobox\ComboFix4.txt 2012-04-03 12:42 in your next reply.

=================================================================================

I'd like you to run a scan with aswMBR
Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

====================================================================================

I'd like you to do another scan with Malwarebytes (ensure latest virus definitions are installed) and copy/paste log in your next reply.

=====================================================================================

In your next reply, please copy/paste the contents of the following:
  • aswMBR Log
  • MBAM.log
  • C:\qoobox\ComboFix4.txt 2012-04-03 12:42

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#5 frenchfry

frenchfry
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 11 April 2012 - 10:06 AM

Combofix

ComboFix 12-04-02.01 - h 04/03/2012 8:36.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1673 [GMT -4:00]
Running from: c:\documents and settings\h\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-03 to 2012-04-03 )))))))))))))))))))))))))))))))
.
.
2012-04-03 12:35 . 2012-04-03 12:35 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C1277AAE-FE8D-4756-950C-1259C1276B55}\offreg.dll
2012-04-03 09:22 . 2012-04-03 09:22 -------- d-----w- c:\program files\Common Files\Java
2012-03-29 20:02 . 2012-04-03 09:39 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-29 19:40 . 2012-03-29 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D562BF000435DB527ED81DD151FC84
2012-03-28 23:36 . 2012-03-28 23:36 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2012-03-09 03:11 . 2012-03-09 03:11 -------- d-----w- c:\documents and settings\h\Application Data\Canon
2012-03-09 03:11 . 2012-03-23 19:17 -------- d-----w- c:\documents and settings\h\Local Settings\Application Data\CANON_INC
2012-03-09 01:35 . 2012-03-09 01:35 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2012-03-09 01:33 . 2012-03-09 01:36 -------- d-----w- c:\program files\Canon
2012-03-09 01:32 . 2012-03-09 01:32 -------- d-----w- c:\program files\Common Files\Canon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-03 09:21 . 2011-04-28 02:54 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-03 09:21 . 2011-04-28 02:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-29 20:18 . 2006-02-28 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-03-14 02:15 . 2011-04-29 22:19 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-03 09:22 . 2006-02-28 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2011-04-28 06:41 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-11 19:06 . 2012-02-16 06:02 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2011-01-21 14:24 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-03_12.20.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-03 12:35 . 2012-04-03 12:35 16384 c:\windows\Temp\Perflib_Perfdata_4f4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-08-13 33656832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1386776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PGPtray.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PGPtray.exe.lnk
backup=c:\windows\pss\PGPtray.exe.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2011-01-05 17:11 4321112 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Riot Games\\League of Legends\\lol.launcher.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Diablo III Beta\\Diablo III.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58066:TCP"= 58066:TCP:Pando Media Booster
"58066:UDP"= 58066:UDP:Pando Media Booster
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"8382:TCP"= 8382:TCP:League of Legends Launcher
"8382:UDP"= 8382:UDP:League of Legends Launcher
"6976:TCP"= 6976:TCP:League of Legends Launcher
"6976:UDP"= 6976:UDP:League of Legends Launcher
"6901:TCP"= 6901:TCP:League of Legends Launcher
"6901:UDP"= 6901:UDP:League of Legends Launcher
"8383:TCP"= 8383:TCP:League of Legends Launcher
"8383:UDP"= 8383:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
"6906:TCP"= 6906:TCP:League of Legends Launcher
"6906:UDP"= 6906:UDP:League of Legends Launcher
.
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [1/20/2011 11:11 PM 12184]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [1/21/2011 10:34 AM 1381632]
S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]
S3 hwmobile;Huawei CDMA Handset USB Modem and USB Serial;c:\windows\system32\drivers\hwusbser.sys [6/21/2011 12:28 AM 101376]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
dlcq_device
vaiomediaplatform-musicserver-appserver
vvoice
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\documents and settings\h\Application Data\Mozilla\Firefox\Profiles\avwcgn1t.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-03 08:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(648)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Completion time: 2012-04-03 08:42:45
ComboFix-quarantined-files.txt 2012-04-03 12:42
ComboFix2.txt 2012-04-03 12:21
.
Pre-Run: 829,408,948,224 bytes free
Post-Run: 829,409,239,040 bytes free
.
- - End Of File - - 4328F21C395258745C89ABC1E9A0A810




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-11 09:43:01
-----------------------------
09:43:01.046 OS Version: Windows 5.1.2600 Service Pack 3
09:43:01.046 Number of processors: 2 586 0x6B01
09:43:01.046 ComputerName: G-C740AEF45E2C4 UserName: h
09:43:03.875 Initialize success
09:45:00.703 AVAST engine defs: 12041100
10:15:43.109 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10
10:15:43.109 Disk 0 Vendor: ST31000528AS CC46 Size: 953869MB BusType: 3
10:15:43.140 Disk 0 MBR read successfully
10:15:43.140 Disk 0 MBR scan
10:15:43.156 Disk 0 Windows XP default MBR code
10:15:43.156 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953859 MB offset 63
10:15:43.156 Disk 0 scanning sectors +1953504000
10:15:43.234 Disk 0 scanning C:\WINDOWS\system32\drivers
10:15:52.140 Service scanning
10:16:02.000 Modules scanning
10:16:05.437 Disk 0 trace - called modules:
10:16:05.484 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
10:16:05.484 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a71bab8]
10:16:05.484 3 CLASSPNP.SYS[b80f8fd7] -> nt!IofCallDriver -> \Device\00000063[0x8a79ddf8]
10:16:05.484 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-10[0x8a7d54d0]
10:16:06.656 AVAST engine scan C:\WINDOWS
10:16:41.578 AVAST engine scan C:\WINDOWS\system32
10:19:28.015 AVAST engine scan C:\WINDOWS\system32\drivers
10:20:06.171 AVAST engine scan C:\Documents and Settings\h
10:24:31.093 AVAST engine scan C:\Documents and Settings\All Users
10:28:17.703 Scan finished successfully
10:56:15.906 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
10:56:15.906 The log file has been saved successfully to "C:\aswMBR.txt"


Mbam.log

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.11.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
h :: G-C740AEF45E2C4 [administrator]

Protection: Enabled

4/11/2012 8:59:12 AM
mbam-log-2012-04-11 (08-59-12).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 247362
Time elapsed: 41 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\System Volume Information\_restore{3453A5E3-2DBB-413D-A437-8076AC8027AD}\RP17\A0003266.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DBBK\947D3742504E40E9E1DF231E6C865D8B (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

^that detection seems to be related to this 2012/04/10 12:22:48 -0400 G-C740AEF45E2C4 h DETECTION C:\Documents and Settings\h\Desktop\yorkyt.exe Trojan.Agent ALLOW
but yorkyt.exe is a program designed to remove zeroacess rootkits that I had ran, so it should be a false positive.

I can post the logs that show the ip addresses mbam blocks, however, I'm not sure if that's relevant or means anything since most of the time it's just blocking benign file sharing websites.

*actually, malwarebytes keeps blocking this ip address, 213.226.197.243, continually get the message that it's being blocked when idling my web browser at google or wherever, doesn't matter. not sure if this means anything.

Edited by frenchfry, 11 April 2012 - 12:00 PM.


#6 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:03:10 AM

Posted 12 April 2012 - 08:35 AM

Hello frenchfry,

MBAM may be blocking IP addresses from any p2p programs running in the background. Try uninstalling uTorrent to see if this makes any difference.

I am seeing no signs of ZeroAccess rootkit now. I would like you to do another scan with ComboFix and copy/paste it's log in your next reply. Does ComboFix mention ZeroAccess?

========================================================================================

I'd like us to scan your machine with ESET OnlineScan
  • Right click on the following link and open ESET OnlineScan in a new window.ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


In your next reply, please copy/paste the contents of the following:
  • ESETScan
  • C:\Combofix.txt
How is your machine running now?

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#7 frenchfry

frenchfry
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 13 April 2012 - 01:03 PM

Yes, combofix has always said it detects a "ZeroAccess Rootkit inserted into the tcp/ip stack" every single time I've run it. It did the same again when I ran combofix just now.

The exact message I always get when running combofix "You are infected with Rootkit.ZeroAccess! It has inserted itself into the tcp/ip stack. This is a particularly difficult infection."

It then goes through the motions of attempting to fix the "infection" although, nothing ever changes and I will always get that message again when running combofix.



ComboFix 12-04-13.01 - h 04/13/2012 12:47:39.7.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1687 [GMT -4:00]
Running from: c:\documents and settings\h\Desktop\antiv\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-13 to 2012-04-13 )))))))))))))))))))))))))))))))
.
.
2012-04-13 16:47 . 2012-04-13 16:47 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2CE72891-51C8-4AC4-9F62-D1B2D2ED6621}\offreg.dll
2012-04-13 11:44 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2CE72891-51C8-4AC4-9F62-D1B2D2ED6621}\mpengine.dll
2012-04-13 04:04 . 2012-04-13 04:04 -------- d-----w- c:\program files\ESET
2012-04-13 02:21 . 2012-04-13 02:21 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-05 12:34 . 2012-04-05 12:48 -------- d-----w- C:\emuvbalink
2012-04-04 17:23 . 2012-04-10 19:01 -------- d-----w- c:\windows\system32\DBBK
2012-04-04 15:49 . 2012-04-04 15:49 -------- d-----w- c:\program files\Common Files\Java
2012-04-04 15:49 . 2012-04-04 15:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-04 15:49 . 2012-04-04 15:49 -------- d-----w- c:\program files\Java
2012-04-04 15:31 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-04 15:31 . 2012-04-10 22:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2012-04-03 15:02 . 2012-04-03 15:02 -------- d-----w- c:\documents and settings\h\Application Data\Malwarebytes
2012-04-03 15:01 . 2012-04-03 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-04-03 14:31 . 2012-04-03 14:31 -------- d-----w- c:\documents and settings\h\Application Data\FixZeroAccess
2012-04-03 10:32 . 2008-05-29 23:42 60416 ----a-w- c:\windows\system32\antiwpa.dll
2012-04-03 10:14 . 2008-04-13 19:18 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2012-04-03 10:14 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-03-29 20:02 . 2012-04-10 19:31 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-29 19:40 . 2012-03-29 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D562BF000435DB527ED81DD151FC84
2012-03-28 23:36 . 2012-03-28 23:36 -------- d-s---w- c:\documents and settings\NetworkService\UserData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 02:21 . 2011-06-23 04:12 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 15:49 . 2011-04-28 02:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-29 20:18 . 2006-02-28 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-03-14 02:15 . 2011-04-29 22:19 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-29 14:10 . 2006-02-28 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2006-02-28 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-28 18:50 . 2006-02-28 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 18:50 . 2006-02-28 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-02-28 18:50 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-02-28 13:50 . 2006-02-28 12:00 369664 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:22 . 2006-02-28 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2011-04-28 06:41 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-03_12.20.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-06 11:20 . 2007-02-17 14:21 63488 c:\windows\xcacls.exe
+ 2012-04-13 16:46 . 2012-04-13 16:46 16384 c:\windows\Temp\Perflib_Perfdata_250.dat
+ 2006-02-28 12:00 . 2012-02-28 18:50 37888 c:\windows\system32\url.dll
- 2006-02-28 12:00 . 2011-12-19 08:53 37888 c:\windows\system32\url.dll
- 2006-02-28 12:00 . 2012-03-19 11:37 67740 c:\windows\system32\perfc009.dat
+ 2006-02-28 12:00 . 2012-04-11 07:04 67740 c:\windows\system32\perfc009.dat
+ 2011-06-21 18:18 . 2012-02-28 18:50 37888 c:\windows\system32\dllcache\url.dll
- 2011-06-21 18:18 . 2011-12-19 08:53 37888 c:\windows\system32\dllcache\url.dll
+ 2006-02-28 12:00 . 2012-02-28 18:50 81920 c:\windows\system32\dllcache\ieencode.dll
- 2006-02-28 12:00 . 2011-12-19 08:53 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2012-04-11 07:07 . 2012-04-11 07:07 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\36124bfc4baaa1c2063d699e77324080\System.Web.DynamicData.Design.ni.dll
+ 2012-04-11 07:03 . 2012-04-11 07:03 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-02-16 08:05 . 2012-02-16 08:05 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-04-11 07:03 . 2012-04-11 07:03 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-02-16 08:05 . 2012-02-16 08:05 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-04-11 07:04 . 2012-04-11 07:04 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-02-16 08:06 . 2012-02-16 08:06 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-04-11 07:04 . 2012-04-11 07:04 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2012-02-16 08:06 . 2012-02-16 08:06 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2012-02-16 08:06 . 2012-02-16 08:06 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-04-11 07:04 . 2012-04-11 07:04 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-04-11 07:04 . 2012-04-11 07:04 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2012-02-16 08:06 . 2012-02-16 08:06 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-04-11 07:04 . 2012-04-11 07:04 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2012-02-16 08:06 . 2012-02-16 08:06 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-04-11 07:04 . 2012-04-11 07:04 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-02-16 08:06 . 2012-02-16 08:06 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-04-11 07:04 . 2012-04-11 07:04 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2012-02-16 08:05 . 2012-02-16 08:05 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-04-11 07:03 . 2012-04-11 07:03 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2012-02-16 08:05 . 2012-02-16 08:05 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2012-02-16 08:06 . 2012-02-16 08:06 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-04-11 07:03 . 2012-04-11 07:03 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-02-16 08:06 . 2012-02-16 08:06 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-04-11 07:04 . 2012-04-11 07:04 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-02-16 08:05 . 2012-02-16 08:05 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-04-11 07:03 . 2012-04-11 07:03 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-04-11 07:03 . 2012-04-11 07:03 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2012-02-16 08:05 . 2012-02-16 08:05 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2012-02-16 08:06 . 2012-02-16 08:06 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-04-11 07:04 . 2012-04-11 07:04 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-04-11 07:04 . 2012-04-11 07:04 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-02-16 08:06 . 2012-02-16 08:06 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-04-11 07:04 . 2012-04-11 07:04 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2012-02-16 08:06 . 2012-02-16 08:06 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2012-02-16 08:05 . 2012-02-16 08:05 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-04-11 07:03 . 2012-04-11 07:03 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2012-02-16 08:06 . 2012-02-16 08:06 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-04-11 07:04 . 2012-04-11 07:04 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2012-02-16 08:06 . 2012-02-16 08:06 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2012-04-11 07:04 . 2012-04-11 07:04 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2006-02-28 12:00 . 2011-12-19 08:53 633344 c:\windows\system32\urlmon.dll
+ 2006-02-28 12:00 . 2012-02-28 18:50 633344 c:\windows\system32\urlmon.dll
+ 2006-02-28 12:00 . 2012-04-11 07:04 432784 c:\windows\system32\perfh009.dat
- 2006-02-28 12:00 . 2012-03-19 11:37 432784 c:\windows\system32\perfh009.dat
+ 2011-01-21 02:12 . 2012-04-09 00:26 253032 c:\windows\system32\nvdrsdb1.bin
+ 2011-01-21 02:12 . 2012-04-09 00:26 253032 c:\windows\system32\nvdrsdb0.bin
+ 2006-02-28 12:00 . 2012-02-28 18:50 532480 c:\windows\system32\mstime.dll
- 2006-02-28 12:00 . 2011-12-19 08:53 532480 c:\windows\system32\mstime.dll
- 2006-02-28 12:00 . 2011-12-19 08:53 449536 c:\windows\system32\mshtmled.dll
+ 2006-02-28 12:00 . 2012-02-28 18:50 449536 c:\windows\system32\mshtmled.dll
+ 2012-04-13 02:21 . 2012-04-13 02:21 353440 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe
+ 2012-04-13 02:21 . 2012-04-13 02:21 424608 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.dll
+ 2012-04-10 16:47 . 2012-04-10 16:47 245408 c:\windows\system32\Macromed\Flash\FlashUtil10zc_Plugin.exe
+ 2012-04-13 02:21 . 2012-04-13 02:21 253600 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-04-04 15:49 . 2012-04-04 15:49 157472 c:\windows\system32\javaws.exe
- 2012-04-03 09:22 . 2012-04-03 09:21 157472 c:\windows\system32\javaws.exe
- 2012-04-03 09:22 . 2012-04-03 09:21 149280 c:\windows\system32\javaw.exe
+ 2012-04-04 15:49 . 2012-04-04 15:49 149280 c:\windows\system32\javaw.exe
+ 2012-04-04 15:49 . 2012-04-04 15:49 149280 c:\windows\system32\java.exe
- 2012-04-03 09:22 . 2012-04-03 09:21 149280 c:\windows\system32\java.exe
+ 2006-02-28 12:00 . 2012-02-28 18:50 251904 c:\windows\system32\iepeers.dll
- 2006-02-28 12:00 . 2011-12-19 08:53 251904 c:\windows\system32\iepeers.dll
- 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2009-12-24 06:59 . 2012-02-29 14:10 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2010-04-16 16:09 . 2012-02-28 18:50 667136 c:\windows\system32\dllcache\wininet.dll
- 2010-04-16 16:09 . 2011-12-19 08:53 667136 c:\windows\system32\dllcache\wininet.dll
+ 2010-04-16 16:09 . 2012-02-28 18:50 633344 c:\windows\system32\dllcache\urlmon.dll
- 2010-04-16 16:09 . 2011-12-19 08:53 633344 c:\windows\system32\dllcache\urlmon.dll
+ 2010-11-05 05:05 . 2012-02-28 18:50 532480 c:\windows\system32\dllcache\mstime.dll
- 2010-11-05 05:05 . 2011-12-19 08:53 532480 c:\windows\system32\dllcache\mstime.dll
- 2010-11-05 05:05 . 2011-12-19 08:53 449536 c:\windows\system32\dllcache\mshtmled.dll
+ 2010-11-05 05:05 . 2012-02-28 18:50 449536 c:\windows\system32\dllcache\mshtmled.dll
+ 2012-02-29 14:10 . 2012-02-29 14:10 148480 c:\windows\system32\dllcache\imagehlp.dll
+ 2010-04-16 16:09 . 2012-02-28 18:50 251904 c:\windows\system32\dllcache\iepeers.dll
- 2010-04-16 16:09 . 2011-12-19 08:53 251904 c:\windows\system32\dllcache\iepeers.dll
+ 2012-01-31 07:38 . 2012-01-31 07:38 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2012-04-04 15:49 . 2012-04-04 15:49 203776 c:\windows\Installer\cee2af.msi
+ 2012-04-04 15:49 . 2012-04-04 15:49 901120 c:\windows\Installer\cee2a9.msi
+ 2012-02-03 03:56 . 2012-02-03 03:56 963584 c:\windows\Installer\1f01c5b.msp
+ 2012-04-11 07:05 . 2012-04-11 07:05 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\5be064066858620a8aa628fca459a888\WindowsFormsIntegration.ni.dll
+ 2012-04-11 07:07 . 2012-04-11 07:07 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\1107b3a711bab40c83e2561ba2431d62\System.Web.Routing.ni.dll
+ 2012-04-11 07:07 . 2012-04-11 07:07 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\d7c8c294920cfe79765215e242308d28\System.Web.Extensions.Design.ni.dll
+ 2012-04-11 07:07 . 2012-04-11 07:07 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\5176923a8264305118a299419e1c7bde\System.Web.Entity.ni.dll
+ 2012-04-11 07:07 . 2012-04-11 07:07 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d746c0f0ed36226efb2e0115de42cdd6\System.Web.Entity.Design.ni.dll
+ 2012-04-11 07:07 . 2012-04-11 07:07 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\df5542604898c9ea3fda32c8619ae0e5\System.Web.DynamicData.ni.dll
+ 2012-04-11 07:07 . 2012-04-11 07:07 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\b9c8715157536097b489132574ad5c17\System.Web.Abstractions.ni.dll
+ 2012-04-11 07:07 . 2012-04-11 07:07 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e433394df8d44e43690a855e403555\System.ServiceProcess.ni.dll
+ 2012-04-11 07:05 . 2012-04-11 07:05 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\cc2cd3bc46c9c2b30e47281e404a3230\System.Drawing.Design.ni.dll
+ 2012-04-11 07:07 . 2012-04-11 07:07 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\8d6cd6a93f679608d52b6c874088b963\AspNetMMCExt.ni.dll
+ 2012-04-11 07:03 . 2012-04-11 07:03 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-02-16 08:05 . 2012-02-16 08:05 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-02-16 08:05 . 2012-02-16 08:05 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-04-11 07:03 . 2012-04-11 07:03 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-04-11 07:04 . 2012-04-11 07:04 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-02-16 08:06 . 2012-02-16 08:06 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-02-16 08:06 . 2012-02-16 08:06 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-04-11 07:04 . 2012-04-11 07:04 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-04-11 07:04 . 2012-04-11 07:04 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-02-16 08:06 . 2012-02-16 08:06 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-04-11 07:04 . 2012-04-11 07:04 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-02-16 08:06 . 2012-02-16 08:06 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-04-11 07:04 . 2012-04-11 07:04 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-02-16 08:06 . 2012-02-16 08:06 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-04-11 07:04 . 2012-04-11 07:04 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-02-16 08:06 . 2012-02-16 08:06 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-04-11 07:04 . 2012-04-11 07:04 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-04-11 07:04 . 2012-04-11 07:04 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-02-16 08:06 . 2012-02-16 08:06 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-02-16 08:05 . 2012-02-16 08:05 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-04-11 07:03 . 2012-04-11 07:03 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-02-16 08:06 . 2012-02-16 08:06 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-04-11 07:04 . 2012-04-11 07:04 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-04-11 07:04 . 2012-04-11 07:04 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-02-16 08:06 . 2012-02-16 08:06 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-02-16 08:06 . 2012-02-16 08:06 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-04-11 07:04 . 2012-04-11 07:04 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-02-16 08:06 . 2012-02-16 08:06 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-04-11 07:04 . 2012-04-11 07:04 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-02-16 08:06 . 2012-02-16 08:06 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-04-11 07:04 . 2012-04-11 07:04 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-04-11 07:04 . 2012-04-11 07:04 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-02-16 08:06 . 2012-02-16 08:06 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-02-16 08:06 . 2012-02-16 08:06 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-04-11 07:04 . 2012-04-11 07:04 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-02-16 08:06 . 2012-02-16 08:06 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-04-11 07:04 . 2012-04-11 07:04 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-02-16 08:06 . 2012-02-16 08:06 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-04-11 07:04 . 2012-04-11 07:04 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-04-11 07:04 . 2012-04-11 07:04 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2012-02-16 08:06 . 2012-02-16 08:06 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2012-02-16 08:05 . 2012-02-16 08:05 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-04-11 07:03 . 2012-04-11 07:03 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2012-02-16 08:06 . 2012-02-16 08:06 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-04-11 07:04 . 2012-04-11 07:04 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-02-16 08:06 . 2012-02-16 08:06 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-04-11 07:04 . 2012-04-11 07:04 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-02-16 08:06 . 2012-02-16 08:06 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-04-11 07:04 . 2012-04-11 07:04 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-02-16 08:06 . 2012-02-16 08:06 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-04-11 07:04 . 2012-04-11 07:04 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2006-02-28 12:00 . 2011-12-19 08:53 1510400 c:\windows\system32\shdocvw.dll
+ 2006-02-28 12:00 . 2012-02-28 18:50 1510400 c:\windows\system32\shdocvw.dll
+ 2006-02-28 12:00 . 2012-02-28 18:50 3087872 c:\windows\system32\mshtml.dll
+ 2012-04-10 16:47 . 2012-04-10 16:47 6277280 c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2010-04-16 16:09 . 2011-12-19 08:53 1510400 c:\windows\system32\dllcache\shdocvw.dll
+ 2010-04-16 16:09 . 2012-02-28 18:50 1510400 c:\windows\system32\dllcache\shdocvw.dll
+ 2010-04-16 16:09 . 2012-02-28 18:50 3087872 c:\windows\system32\dllcache\mshtml.dll
+ 2010-04-16 16:09 . 2012-02-28 18:50 1025024 c:\windows\system32\dllcache\browseui.dll
- 2010-04-16 16:09 . 2011-12-19 08:53 1025024 c:\windows\system32\dllcache\browseui.dll
+ 2006-02-28 12:00 . 2012-02-28 18:50 1025024 c:\windows\system32\browseui.dll
- 2006-02-28 12:00 . 2011-12-19 08:53 1025024 c:\windows\system32\browseui.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 1189004 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JSByteCodeWin.bin
+ 2012-04-11 07:08 . 2012-04-11 07:08 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\d31d2eb0a862d3c1d3561be5f1570c3e\System.WorkflowServices.ni.dll
+ 2012-04-11 07:08 . 2012-04-11 07:08 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\53c2336db392bfa5484850780048e37a\System.Workflow.ComponentModel.ni.dll
+ 2012-04-11 07:07 . 2012-04-11 07:07 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\f243723cda77dd647b250dd9c42c35e2\System.Workflow.Activities.ni.dll
+ 2012-04-11 07:07 . 2012-04-11 07:07 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\d1dacd5cb445b242b70bf7d606464293\System.Web.Mobile.ni.dll
+ 2012-04-11 07:07 . 2012-04-11 07:07 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6acbb8bb1a43fab0fdcf55bedd1fbcc3\System.Web.Extensions.ni.dll
+ 2012-04-11 07:05 . 2012-04-11 07:05 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\44d507a702c1623810e094adf751f687\System.Printing.ni.dll
+ 2012-04-11 07:05 . 2012-04-11 07:05 1591808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\System.Drawing.ni.dll
+ 2012-04-11 07:07 . 2012-04-11 07:07 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3d253a2235f7c03630003bc1fbaf34a3\System.Deployment.ni.dll
+ 2012-04-11 07:05 . 2012-04-11 07:05 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\c73e109dbac6b099786cc68fe36e3d0b\ReachFramework.ni.dll
+ 2012-04-11 07:05 . 2012-04-11 07:05 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\20d72aeac1109863b77532d37d3f4fa2\PresentationUI.ni.dll
+ 2012-04-11 07:07 . 2012-04-11 07:07 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ec4a3f74cb80c9b9581d778e8645b2c\Microsoft.VisualBasic.ni.dll
+ 2012-04-11 07:07 . 2012-04-11 07:07 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\876b7280cf4e81fd65b120f60d38a7d9\Microsoft.Build.Tasks.ni.dll
+ 2012-04-11 07:07 . 2012-04-11 07:07 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\64ba53308e90fa3837fe47977e2d37b6\Microsoft.Build.Tasks.v3.5.ni.dll
- 2012-02-16 08:06 . 2012-02-16 08:06 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-04-11 07:04 . 2012-04-11 07:04 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-04-11 07:04 . 2012-04-11 07:04 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-02-16 08:06 . 2012-02-16 08:06 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-02-16 08:05 . 2012-02-16 08:05 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-04-11 07:03 . 2012-04-11 07:03 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-02-16 08:05 . 2012-02-16 08:05 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-04-11 07:03 . 2012-04-11 07:03 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-04-11 07:03 . 2012-04-11 07:03 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2012-02-16 08:05 . 2012-02-16 08:05 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2012-02-16 08:06 . 2012-02-16 08:06 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-04-11 07:04 . 2012-04-11 07:04 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-02-16 08:06 . 2012-02-16 08:06 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-04-11 07:04 . 2012-04-11 07:04 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-01-28 04:21 . 2012-04-11 07:00 55154568 c:\windows\system32\MRT.exe
+ 2012-04-04 13:32 . 2012-04-04 13:32 16613376 c:\windows\Installer\9ed787.msp
+ 2012-04-11 07:05 . 2012-04-11 07:05 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f\System.Windows.Forms.ni.dll
+ 2012-04-11 07:07 . 2012-04-11 07:07 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\db1d2470de43ffcb6f562277208d56e5\System.Web.ni.dll
+ 2012-04-11 07:05 . 2012-04-11 07:05 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\561138d8d199861578c197c4d24e3934\System.Design.ni.dll
+ 2012-04-11 07:05 . 2012-04-11 07:05 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\029d1d9e6495065aa4f38bcf2315ee8c\PresentationFramework.ni.dll
+ 2012-04-11 07:05 . 2012-04-11 07:05 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\0a059ecfca6e421629a8298b03a7814c\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-08-13 33656832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1386776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PGPtray.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PGPtray.exe.lnk
backup=c:\windows\pss\PGPtray.exe.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2011-01-05 17:11 4321112 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Riot Games\\League of Legends\\lol.launcher.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58066:TCP"= 58066:TCP:Pando Media Booster
"58066:UDP"= 58066:UDP:Pando Media Booster
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"8382:TCP"= 8382:TCP:League of Legends Launcher
"8382:UDP"= 8382:UDP:League of Legends Launcher
"6976:TCP"= 6976:TCP:League of Legends Launcher
"6976:UDP"= 6976:UDP:League of Legends Launcher
"6901:TCP"= 6901:TCP:League of Legends Launcher
"6901:UDP"= 6901:UDP:League of Legends Launcher
"8383:TCP"= 8383:TCP:League of Legends Launcher
"8383:UDP"= 8383:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
"6906:TCP"= 6906:TCP:League of Legends Launcher
"6906:UDP"= 6906:UDP:League of Legends Launcher
.
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [1/20/2011 11:11 PM 12184]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/4/2012 11:31 AM 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/4/2012 11:31 AM 22344]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [1/21/2011 10:34 AM 1381632]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/12/2012 10:21 PM 253600]
S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]
S3 hwmobile;Huawei CDMA Handset USB Modem and USB Serial;c:\windows\system32\drivers\hwusbser.sys [6/21/2011 12:28 AM 101376]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
dlcq_device
vaiomediaplatform-musicserver-appserver
vvoice
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 02:21]
.
2012-04-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\documents and settings\h\Application Data\Mozilla\Firefox\Profiles\avwcgn1t.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-13 12:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(648)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Completion time: 2012-04-13 12:55:05
ComboFix-quarantined-files.txt 2012-04-13 16:55
ComboFix2.txt 2012-04-04 18:07
ComboFix3.txt 2012-04-03 14:49
ComboFix4.txt 2012-04-03 12:42
ComboFix5.txt 2012-04-04 18:09
.
Pre-Run: 833,401,925,632 bytes free
Post-Run: 838,827,323,392 bytes free
.
- - End Of File - - 0A165A144E12F6A942C7552C55FB11B6



ESET found nothing. Blank .txt file.

Edited by frenchfry, 13 April 2012 - 01:05 PM.


#8 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:03:10 AM

Posted 14 April 2012 - 11:08 AM

Hello frenchfry,

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

In your next reply, please copy/paste the contents of the following:
  • FSS.txt

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#9 frenchfry

frenchfry
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 14 April 2012 - 06:07 PM

Farbar Service Scanner Version: 01-03-2012
Ran by h (administrator) on 14-04-2012 at 19:05:38
Running from "C:\Documents and Settings\h\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) irda(10) NetBT(6) PSched(7) Tcpip(4)
0x10000000050000000100000002000000030000000400000008000000090000000B0000000C0000000D0000000E0000000F0000001000000006000000070000000A000000
IpSec Tag value is correct.

**** End of log ****

#10 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:03:10 AM

Posted 15 April 2012 - 08:27 AM

Hi,

ZeroAccess has been removed, only concerned about message from ComboFix.

Can you try the following please:
  • Click Start, select Run and type cmd in the Open box and press Enter
  • In the command prompt window that opens, type the following commands, each followed by Enter:
  • netsh int ip reset reset.log
  • netsh winsock reset catalog
Reboot your machine.

Are you still seeing the same error message from ComboFix?
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#11 frenchfry

frenchfry
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 16 April 2012 - 03:00 PM

Yes

#12 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:03:10 AM

Posted 16 April 2012 - 05:33 PM

Hello frenchfry,

I need you to run a CFScript:.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

DirLook::
c:\windows\system32\DBBK

File::
%systemroot%\system32\TOSHIBASoftModem.dll
%systemroot%\system32\SWNC5E00.dll

Driver::
vaiomediaplatform-musicserver-appserver
vvoice
dlcq_device

NetSvc::
vaiomediaplatform-musicserver-appserver
vvoice
dlcq_device


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

==============================================================================



In your next reply, please copy/paste the contents of the following:
  • C:\ComboFix.txt
How is your machine now?

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#13 frenchfry

frenchfry
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 18 April 2012 - 10:56 PM

I don't know if there is any correlation but combofix seems to always mess up my java, necessitating a reinstall for certain things to run.

ComboFix 12-04-18.02 - h 04/18/2012 23:42:31.9.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1747 [GMT -4:00]
Running from: c:\documents and settings\h\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\h\Desktop\antiv\CFScript.txt.txt
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
FILE ::
"c:\windows\system32\SWNC5E00.dll"
"c:\windows\system32\TOSHIBASoftModem.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DLCQ_DEVICE
-------\Legacy_VAIOMEDIAPLATFORM-MUSICSERVER-APPSERVER
-------\Legacy_VVOICE
-------\Service_vaiomediaplatform-musicserver-appserver
-------\Service_vvoice
.
.
((((((((((((((((((((((((( Files Created from 2012-03-19 to 2012-04-19 )))))))))))))))))))))))))))))))
.
.
2012-04-16 14:35 . 2012-04-16 14:35 -------- d-----w- c:\documents and settings\Administrator
2012-04-15 18:27 . 2012-04-19 03:51 -------- d-----w- c:\program files\Steam
2012-04-13 04:04 . 2012-04-13 04:04 -------- d-----w- c:\program files\ESET
2012-04-13 02:21 . 2012-04-13 02:21 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-05 12:34 . 2012-04-05 12:48 -------- d-----w- C:\emuvbalink
2012-04-04 17:23 . 2012-04-10 19:01 -------- d-----w- c:\windows\system32\DBBK
2012-04-04 15:49 . 2012-04-04 15:49 -------- d-----w- c:\program files\Common Files\Java
2012-04-04 15:49 . 2012-04-04 15:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-04 15:49 . 2012-04-04 15:49 -------- d-----w- c:\program files\Java
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2012-04-03 15:02 . 2012-04-03 15:02 -------- d-----w- c:\documents and settings\h\Application Data\Malwarebytes
2012-04-03 15:01 . 2012-04-03 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-04-03 14:31 . 2012-04-03 14:31 -------- d-----w- c:\documents and settings\h\Application Data\FixZeroAccess
2012-04-03 10:32 . 2008-05-29 23:42 60416 ----a-w- c:\windows\system32\antiwpa.dll
2012-04-03 10:14 . 2008-04-13 19:18 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2012-04-03 10:14 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-03-29 20:02 . 2012-04-10 19:31 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-29 19:40 . 2012-03-29 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D562BF000435DB527ED81DD151FC84
2012-03-28 23:36 . 2012-03-28 23:36 -------- d-s---w- c:\documents and settings\NetworkService\UserData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 02:21 . 2011-06-23 04:12 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 15:49 . 2011-04-28 02:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-29 20:18 . 2006-02-28 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-29 14:10 . 2006-02-28 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2006-02-28 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-28 18:50 . 2006-02-28 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 18:50 . 2006-02-28 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-02-28 18:50 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-02-28 13:50 . 2006-02-28 12:00 369664 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:22 . 2006-02-28 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2011-04-28 06:41 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\system32\DBBK ----
.
2012-04-10 19:01 . 2012-04-10 19:01 3117048 ----a-w- c:\windows\system32\DBBK\F0DCD148AAB06EC29D7EB2DE1CA07476
2012-04-10 19:01 . 2012-04-10 19:01 13824 ----a-w- c:\windows\system32\DBBK\F92E1076C42FCD6DB3D72D8CFE9816D5
2012-04-10 19:01 . 2012-04-10 19:01 903672 ----a-w- c:\windows\system32\DBBK\DABFEEC15B9E7427723B0308D2948DF2
2012-04-10 19:01 . 2012-04-10 19:01 6836669 ----a-w- c:\windows\system32\DBBK\B5127318571A8AA8F66D1AED66E8FC1B
2012-04-10 19:01 . 2012-04-10 19:01 470 ----a-w- c:\windows\system32\DBBK\79F2353815EC514DC62B20B91F084344
2012-04-10 19:01 . 2012-04-10 19:01 693 ----a-w- c:\windows\system32\DBBK\81CB679DFBD8AA582A2E5B647D25185A
2012-04-10 19:01 . 2012-04-10 19:01 755 ----a-w- c:\windows\system32\DBBK\66532206BA19246F79A703678CF0479F
2012-04-04 17:43 . 2012-04-04 17:43 46592 ----a-w- c:\windows\system32\DBBK\B63B4053B8F025D290326A49784F0BA9
2012-04-04 17:43 . 2012-04-04 17:43 31744 ----a-w- c:\windows\system32\DBBK\78E824973A67192DD52A720083B0318D
2012-04-04 17:43 . 2012-04-04 17:43 278528 ----a-w- c:\windows\system32\DBBK\D9DC1EE68466A3023D094694F37B5DC8
2012-04-04 17:43 . 2012-04-04 17:43 19968 ----a-w- c:\windows\system32\DBBK\7BECD62D950174417987353869FFD1F8
2012-04-04 17:43 . 2012-04-04 17:43 77824 ----a-w- c:\windows\system32\DBBK\59B5902DE78621E7ED90C89579024974
2012-04-04 17:43 . 2012-04-04 17:43 151552 ----a-w- c:\windows\system32\DBBK\D529CF9C5947F35D93B22658178C0197
2012-04-04 17:43 . 2012-04-04 17:43 8192 ----a-w- c:\windows\system32\DBBK\8EC78028DA1AA8432EC50953A36182C6
2012-04-04 17:43 . 2012-04-04 17:43 149280 ----a-w- c:\windows\system32\DBBK\554E6CE596BBA78D581560A4F00B8333
2012-04-04 17:43 . 2012-04-04 17:43 126976 ----a-w- c:\windows\system32\DBBK\EFBBE3005DFBC4B740804B2DE2118B17
2012-04-04 17:43 . 2012-04-04 17:43 16896 ----a-w- c:\windows\system32\DBBK\54405A2FAC6A9A494C055F92EA3D72FF
2012-04-04 17:43 . 2012-04-04 17:43 323584 ----a-w- c:\windows\system32\DBBK\52991F4748C6FDAA4BFCB83BBB1C250A
2012-04-04 17:43 . 2012-04-04 17:43 77824 ----a-w- c:\windows\system32\DBBK\C42C71D8376DE670A5054F47F9150653
2012-04-04 17:43 . 2012-04-04 17:43 143360 ----a-w- c:\windows\system32\DBBK\3959A4C6DD8FF8B50602C482A22DBD5A
2012-04-04 17:43 . 2012-04-04 17:43 2732032 ----a-w- c:\windows\system32\DBBK\BD3C0ABD9EE3562A49F458D9FB491C6D
2012-04-04 17:43 . 2012-04-04 17:43 1216512 ----a-w- c:\windows\system32\DBBK\C354183F2F9187513718E3505BD32727
2012-04-04 17:43 . 2012-04-04 17:43 6802435 ----a-w- c:\windows\system32\DBBK\276AA3B961C732D581E071D00C61B92A
2012-04-04 17:42 . 2012-04-04 17:42 470 ----a-w- c:\windows\system32\DBBK\880578256313BF32B676FBBD3EDC0E46
2012-04-04 17:42 . 2012-04-04 17:42 755 ----a-w- c:\windows\system32\DBBK\E0B9F2EFF11A3FD8E44B045C77EB9FC9
2012-04-04 17:31 . 2012-04-04 17:31 63488 ----a-w- c:\windows\system32\DBBK\5EF12E329823947A06F1B06AA0196F83
2012-04-04 17:31 . 2012-04-04 17:31 129024 ----a-w- c:\windows\system32\DBBK\295D21F14C335B53CB8154E5B1F892B9
2012-04-04 17:31 . 2012-04-04 17:31 52224 ----a-w- c:\windows\system32\DBBK\C7E39EA41233E9F5B86C8DA3A9F1E4A8
2012-04-04 17:31 . 2012-04-04 17:31 185856 ----a-w- c:\windows\system32\DBBK\1EBAFEB9A3FBDC41B8D9C7F0F687AD91
2012-04-04 17:31 . 2012-04-04 17:31 249856 ----a-w- c:\windows\system32\DBBK\3CB78C17BB664637787C9A1C98F79C38
2012-04-04 17:31 . 2012-04-04 17:31 53248 ----a-w- c:\windows\system32\DBBK\7E699FF5F59B5D9DE5390E3C34C67CF5
2012-04-04 17:31 . 2012-04-04 17:31 186368 ----a-w- c:\windows\system32\DBBK\76A9A3CBEADD68CC57CDA5E1D7448235
2012-04-04 17:31 . 2012-04-04 17:31 88576 ----a-w- c:\windows\system32\DBBK\AD188BE7BDF94E8DF4CA0A55C00A5073
2012-04-04 17:31 . 2012-04-04 17:31 435200 ----a-w- c:\windows\system32\DBBK\156F64A3345BD23C600655FB4D10BC08
2012-04-04 17:31 . 2012-04-04 17:31 291328 ----a-w- c:\windows\system32\DBBK\0102140028FAD045756796E1C685D695
2012-04-04 17:31 . 2012-04-04 17:31 33792 ----a-w- c:\windows\system32\DBBK\986B1FF5814366D71E0AC5755C88F2D3
2012-04-04 17:31 . 2012-04-04 17:31 15872 ----a-w- c:\windows\system32\DBBK\6100A808600F44D999CEBDEF8841C7A3
2012-04-04 17:31 . 2012-04-04 17:31 61440 ----a-w- c:\windows\system32\DBBK\8878BD685E490239777BFE51320B88E9
2012-04-04 17:31 . 2012-04-04 17:31 33792 ----a-w- c:\windows\system32\DBBK\2187855A7703ADEF0CEF9EE4285182CC
2012-04-04 17:31 . 2012-04-04 17:31 132096 ----a-w- c:\windows\system32\DBBK\0F0F6E687E5E15579EF4DA8DD6945814
2012-04-04 17:31 . 2012-04-04 17:31 23552 ----a-w- c:\windows\system32\DBBK\57EDEC2E5F59F0335E92F35184BC8631
2012-04-04 17:31 . 2012-04-04 17:31 25088 ----a-w- c:\windows\system32\DBBK\FB8F8EEC8D9C2157789472DD61CDC78B
2012-04-04 17:31 . 2012-04-04 17:31 245760 ----a-w- c:\windows\system32\DBBK\ED5A816D8E11E03F1937AC3C56826EE4
2012-04-04 17:31 . 2012-04-04 17:31 409088 ----a-w- c:\windows\system32\DBBK\574738F61FCA2935F5265DC4E5691314
2012-04-04 17:31 . 2012-04-04 17:31 80896 ----a-w- c:\windows\system32\DBBK\AC5DF42FE314C1446B1DAD237BFCFFE0
2012-04-04 17:31 . 2012-04-04 17:31 44032 ----a-w- c:\windows\system32\DBBK\36468087E22C57A83DF758B3F90DF73F
2012-04-04 17:31 . 2012-04-04 17:31 14336 ----a-w- c:\windows\system32\DBBK\2DE1190196EE9555DB548A57622022EB
2012-04-04 17:31 . 2012-04-04 17:31 17408 ----a-w- c:\windows\system32\DBBK\A9A3DAA780CA6C9671A19D52456705B4
2012-04-04 17:31 . 2012-04-04 17:31 1211216 ----a-w- c:\windows\system32\DBBK\E45989C127C0476A937D6BEAA6E28211
2012-04-04 17:31 . 2012-04-04 17:31 341328 ----a-w- c:\windows\system32\DBBK\8D58C34EA1304DAB6D8B16925265B5AA
2012-04-04 17:31 . 2012-04-04 17:31 99840 ----a-w- c:\windows\system32\DBBK\774348DE1DEA6262E06BFE1906D13D4D
2012-04-04 17:31 . 2012-04-04 17:31 64512 ----a-w- c:\windows\system32\DBBK\C14350FC0D47D806699C4F907FC6785B
2012-04-04 17:31 . 2012-04-04 17:31 107800 ----a-w- c:\windows\system32\DBBK\36C232F708498895585BC8C71BBC7440
2012-04-04 17:31 . 2012-04-04 17:31 64280 ----a-w- c:\windows\system32\DBBK\9208DEBD98447FDBF23D35E93B5EED0C
2012-04-04 17:31 . 2012-04-04 17:31 99096 ----a-w- c:\windows\system32\DBBK\2AEB1F8DCF9FA2E6FDDDDC3B68A6AFF5
2012-04-04 17:31 . 2012-04-04 17:31 293144 ----a-w- c:\windows\system32\DBBK\204C1704D4EB3F3C9443E74F044A6EDD
2012-04-04 17:31 . 2012-04-04 17:31 28424 ----a-w- c:\windows\system32\DBBK\B3C157A66ECDBCD3570E2DA139225589
2012-04-04 17:31 . 2012-04-04 17:31 346904 ----a-w- c:\windows\system32\DBBK\35C16BEBD1EB95C655D7CEC0476D1028
2012-04-04 17:31 . 2012-04-04 17:31 197632 ----a-w- c:\windows\system32\DBBK\459A04CCA068CAB8799C2F84068C222D
2012-04-04 17:31 . 2012-04-04 17:31 296216 ----a-w- c:\windows\system32\DBBK\D7531363DC675435D999971440695757
2012-04-04 17:31 . 2012-04-04 17:31 91648 ----a-w- c:\windows\system32\DBBK\2CD77B980B2CC3D655589A2E315AAB57
2012-04-04 17:31 . 2012-04-04 17:31 156672 ----a-w- c:\windows\system32\DBBK\C730F70351D950DDA7388C9A9763CF54
2012-04-04 17:31 . 2012-04-04 17:31 86 ----a-w- c:\windows\system32\DBBK\D8555A09D5862497F4156E9E4CCC808B
2012-04-04 17:31 . 2012-04-04 17:31 725784 ----a-w- c:\windows\system32\DBBK\DA52E84AEA182DB1DFF5D404BC3EF44A
2012-04-04 17:31 . 2012-04-04 17:31 272152 ----a-w- c:\windows\system32\DBBK\AE25E436747E699AD17629C3EA00D5A5
2012-04-04 17:31 . 2012-04-04 17:31 5632 ----a-w- c:\windows\system32\DBBK\8BCD11D38FCE43A519246A91CC40DE6A
2012-04-04 17:31 . 2012-04-04 17:31 268056 ----a-w- c:\windows\system32\DBBK\747264F6348E2A649E3327FB95CD06B0
2012-04-04 17:31 . 2012-04-04 17:31 4096 ----a-w- c:\windows\system32\DBBK\9B9F1C38D559047B8AC0DBA2D5FEBDE9
2012-04-04 17:31 . 2012-04-04 17:31 134936 ----a-w- c:\windows\system32\DBBK\21C69F683E4E7160AFDBA335751727EE
2012-04-04 17:31 . 2012-04-04 17:31 149784 ----a-w- c:\windows\system32\DBBK\70F184FAAC13D523BEB4B78734A7A530
2012-04-04 17:31 . 2012-04-04 17:31 501528 ----a-w- c:\windows\system32\DBBK\F391DAFB242C185F1601A3E77B81920F
2012-04-04 17:31 . 2012-04-04 17:31 24856 ----a-w- c:\windows\system32\DBBK\5F93C59E5C774C7D3EB27B19D7CC85F7
2012-04-04 17:31 . 2012-04-04 17:31 173336 ----a-w- c:\windows\system32\DBBK\3F4F5760B2B6ED32348C9C84B4F6E4B7
2012-04-04 17:31 . 2012-04-04 17:31 32896 ----a-w- c:\windows\system32\DBBK\731F22BA402EE4B62748ADAF6363C182
2012-04-04 17:31 . 2012-04-04 17:31 207640 ----a-w- c:\windows\system32\DBBK\6625E790B65A73A60E8FD60028AC785E
2012-04-04 17:30 . 2012-04-04 17:30 134936 ----a-w- c:\windows\system32\DBBK\72F8A43932061A68F57E8B13E49F5C55
2012-04-04 17:30 . 2012-04-04 17:30 159048 ----a-w- c:\windows\system32\DBBK\58A14C45A5CD2528F10A889E7B0C3FC2
2012-04-04 17:30 . 2012-04-04 17:30 32024 ----a-w- c:\windows\system32\DBBK\27D1B8167C7B542E66F8CDDB36BECE6E
2012-04-04 17:30 . 2012-04-04 17:30 110080 ----a-w- c:\windows\system32\DBBK\0DA85218E92526972A821587E6A8BF8F
2012-04-04 17:30 . 2012-04-04 17:30 877848 ----a-w- c:\windows\system32\DBBK\FA20159A61ECDF77F971A2C4A86E8676
2012-04-04 17:30 . 2012-04-04 17:30 53584 ----a-w- c:\windows\system32\DBBK\FBFCA1A574D47EE575448B719CBBF2E4
2012-04-04 17:30 . 2012-04-04 17:30 7168 ----a-w- c:\windows\system32\DBBK\3CBA2210FA39C6ED7895634842E930DD
2012-04-04 17:30 . 2012-04-04 17:30 31000 ----a-w- c:\windows\system32\DBBK\FE28EF2586249866AE340E13FE7FF510
2012-04-04 17:30 . 2012-04-04 17:30 105752 ----a-w- c:\windows\system32\DBBK\F38194CE99067D0C47E46F8BB7226106
2012-04-04 17:30 . 2012-04-04 17:30 135448 ----a-w- c:\windows\system32\DBBK\D6FE22825A8FEBB3845CBA424DED3142
2012-04-04 17:30 . 2012-04-04 17:30 70936 ----a-w- c:\windows\system32\DBBK\4A4ED4960F264036DF15E6618D9E2080
2012-04-04 17:30 . 2012-04-04 17:30 569680 ----a-w- c:\windows\system32\DBBK\4C39358EBDD2FFCD9132A30E1EC31E16
2012-04-04 17:30 . 2012-04-04 17:30 653136 ----a-w- c:\windows\system32\DBBK\CDBE9690CF2B8409FACAD94FAC9479C9
2012-04-04 17:30 . 2012-04-04 17:30 539136 ----a-w- c:\windows\system32\DBBK\855F6333E3A4DFC6F3C8B0520C261FCD
2012-04-04 17:30 . 2012-04-04 17:30 6801341 ----a-w- c:\windows\system32\DBBK\461DD68F3593CC0F58DE00FA699E31BD
2012-04-04 17:30 . 2012-04-04 17:30 427264 ----a-w- c:\windows\system32\DBBK\C423D80FF32F94D5C4546003E6FBEDBB
2012-04-04 17:30 . 2012-04-04 17:30 3781960 ----a-w- c:\windows\system32\DBBK\CA6ADE4F7761BB15B3325356DC3B82BB
2012-04-04 17:30 . 2012-04-04 17:30 81920 ----a-w- c:\windows\system32\DBBK\BE06457208DC0661819EAF30E2A1CA25
2012-04-04 17:30 . 2012-04-04 17:30 122648 ----a-w- c:\windows\system32\DBBK\39FDB5D60A48B581C6C6068525202924
2012-04-04 17:30 . 2012-04-04 17:30 254696 ----a-w- c:\windows\system32\DBBK\98A078F838A70F84E1BD490D7C7675F4
2012-04-04 17:30 . 2012-04-04 17:30 39704 ----a-w- c:\windows\system32\DBBK\E7DFAC66C455E2B7E86FC5D87F35A275
2012-04-04 17:30 . 2012-04-04 17:30 1748992 ----a-w- c:\windows\system32\DBBK\33D9B7BB7BA323BAFE489DF033DAC824
2012-04-04 17:30 . 2012-04-04 17:30 2502248 ----a-w- c:\windows\system32\DBBK\B48CE3137255E871E6134730E41A3CF7
2012-04-04 17:30 . 2012-04-04 17:30 1386776 ----a-w- c:\windows\system32\DBBK\03C640DA6C828D34CE4CFA67006096EF
2012-04-04 17:30 . 2012-04-04 17:30 196416 ----a-w- c:\windows\system32\DBBK\D475BBD6FEF8DB2DDE0DA7CCFD2C9042
2012-04-04 17:30 . 2012-04-04 17:30 997920 ----a-w- c:\windows\system32\DBBK\D0EBE8F93C70FCA792E241CE268BC837
2012-04-04 17:30 . 2012-04-04 17:30 1753192 ----a-w- c:\windows\system32\DBBK\3A3F869C699417FDF272F5206F8244A9
2012-04-04 17:30 . 2012-04-04 17:30 84992 ----a-w- c:\windows\system32\DBBK\5652F6CE1D9E9D8068B9D29BC21B5409
2012-04-04 17:30 . 2012-04-04 17:30 111208 ----a-w- c:\windows\system32\DBBK\0E2752B270F5A68D459F7927A81B5AFA
2012-04-04 17:30 . 2012-04-04 17:30 122880 ----a-w- c:\windows\system32\DBBK\0B467F470CC9918FDCEEDCFD7DC4D697
2012-04-04 17:30 . 2012-04-04 17:30 367616 ----a-w- c:\windows\system32\DBBK\4D83ED8BDDEC431FC8AD907B47CFB6E3
2012-04-04 17:30 . 2012-04-04 17:30 33280 ----a-w- c:\windows\system32\DBBK\037B1E7798960E0420003D05BB577EE6
2012-04-04 17:30 . 2012-04-04 17:30 33656832 ----a-w- c:\windows\system32\DBBK\49FAD5322456CCCDEB09F63A83EC9AA1
2012-04-04 17:30 . 2012-04-04 17:30 658432 ----a-w- c:\windows\system32\DBBK\401A8C0BE0BAA7D7A470F0942244152D
2012-04-04 17:30 . 2012-04-04 17:30 29184 ----a-w- c:\windows\system32\DBBK\231A0B0E3BA7ABFE469A8262FAA1FD71
2012-04-04 17:30 . 2012-04-04 17:30 121856 ----a-w- c:\windows\system32\DBBK\50512FC9B7878E3C2C147BC17326A7DB
2012-04-04 17:30 . 2012-04-04 17:30 276480 ----a-w- c:\windows\system32\DBBK\E535E0A413655208D7180154150881C6
2012-04-04 17:30 . 2012-04-04 17:30 150528 ----a-w- c:\windows\system32\DBBK\30DEAF54A9755BB8546168CFE8A6B5E1
2012-04-04 17:30 . 2012-04-04 17:30 71680 ----a-w- c:\windows\system32\DBBK\0A5679B3714EDAB99E357057EE88FCA6
2012-04-04 17:30 . 2012-04-04 17:30 265728 ----a-w- c:\windows\system32\DBBK\F80A415EF82CD06FFAF0D971528EAD38
2012-04-04 17:30 . 2012-04-04 17:30 34816 ----a-w- c:\windows\system32\DBBK\3D075865DCC26931972F6476AD0497BE
2012-04-04 17:30 . 2012-04-04 17:30 133632 ----a-w- c:\windows\system32\DBBK\93C088C2AEB2F23E720BDA7E32BD5117
2012-04-04 17:30 . 2012-04-04 17:30 143360 ----a-w- c:\windows\system32\DBBK\A70A2D85AD143D6BB823C246CEB699A5
2012-04-04 17:30 . 2012-04-04 17:30 19968 ----a-w- c:\windows\system32\DBBK\2DC5A8019E2387987905F77C664E4BE2
2012-04-04 17:30 . 2012-04-04 17:30 28672 ----a-w- c:\windows\system32\DBBK\91790D6749EBED90E2C40479C0A91879
2012-04-04 17:30 . 2012-04-04 17:30 1358848 ----a-w- c:\windows\system32\DBBK\E837FDBB92E9873E538395B623F45462
2012-04-04 17:30 . 2012-04-04 17:30 178176 ----a-w- c:\windows\system32\DBBK\880F7ED2DF24DB14AF96C6D797958796
2012-04-04 17:30 . 2012-04-04 17:30 44032 ----a-w- c:\windows\system32\DBBK\572334E13E0D4C8A2986CCA2A736DCE5
2012-04-04 17:30 . 2012-04-04 17:30 1172480 ----a-w- c:\windows\system32\DBBK\0AD792A78419867BF5D750853D80FA11
2012-04-04 17:30 . 2012-04-04 17:30 423936 ----a-w- c:\windows\system32\DBBK\A693A49A67673F2C8D76797EA9A628D0
2012-04-04 17:30 . 2012-04-04 17:30 185344 ----a-w- c:\windows\system32\DBBK\4306FA2F1099D7C606139255FDB62B19
2012-04-04 17:30 . 2012-04-04 17:30 58880 ----a-w- c:\windows\system32\DBBK\6895427873D6C37A6D6DA7C3DB37DA14
2012-04-04 17:30 . 2012-04-04 17:30 56200 ----a-w- c:\windows\system32\DBBK\163DB46B803E4C83C444A026FF17D269
2012-04-04 17:30 . 2012-04-04 17:30 227840 ----a-w- c:\windows\system32\DBBK\798A9E6828997EEF4517ADA8A2259831
2012-04-04 17:30 . 2012-04-04 17:30 622592 ----a-w- c:\windows\system32\DBBK\37A62C6092AADD2EFDE0468DD8818E99
2012-04-04 17:30 . 2012-04-04 17:30 1481728 ----a-w- c:\windows\system32\DBBK\10F1BC2CA8162E1F743B0CEB420DBDF5
2012-04-04 17:30 . 2012-04-04 17:30 389120 ----a-w- c:\windows\system32\DBBK\6D778E0F95447E6546553EEEA709D03C
2012-04-04 17:30 . 2012-04-04 17:30 44544 ----a-w- c:\windows\system32\DBBK\8C515081584A38AA007909CD02020B3D
2012-04-04 17:30 . 2012-04-04 17:30 707448 ----a-w- c:\windows\system32\DBBK\A26E0A6A7EBB45815A3583E170C27031
2012-04-04 17:30 . 2012-04-04 17:30 78648 ----a-w- c:\windows\system32\DBBK\853B04D34363ED260D0F89A09DB9B323
2012-04-04 17:30 . 2012-04-04 17:30 1081416 ----a-w- c:\windows\system32\DBBK\D3B6D02F0D95A62DFBAE7D7EA404DB59
2012-04-04 17:30 . 2012-04-04 17:30 652360 ----a-w- c:\windows\system32\DBBK\056B19651BD7B7CE5F89A3AC46DBDC08
2012-04-04 17:30 . 2012-04-04 17:30 228520 ----a-w- c:\windows\system32\DBBK\574C4419F1634E0DBA09FA920AB837FF
2012-04-04 17:30 . 2012-04-04 17:30 20464 ----a-w- c:\windows\system32\DBBK\B7CA8CC3F978201856B6AB82F40953C3
2012-04-04 17:30 . 2012-04-04 17:30 71680 ----a-w- c:\windows\system32\DBBK\6404807ABC7AF52FA3792697AE638B50
2012-04-04 17:30 . 2012-04-04 17:30 75264 ----a-w- c:\windows\system32\DBBK\EE4C651A217B01D636B5364AC77DA892
2012-04-04 17:30 . 2012-04-04 17:30 11776 ----a-w- c:\windows\system32\DBBK\B41D53899E37CC43DA85DA19998BEE81
2012-04-04 17:30 . 2012-04-04 17:30 102400 ----a-w- c:\windows\system32\DBBK\22DD6D7D4BFE2B8CE705CC950C8AEA4C
2012-04-04 17:30 . 2012-04-04 17:30 89088 ----a-w- c:\windows\system32\DBBK\EEE7F12D9FF46F68FBC0DA059A359E9E
2012-04-04 17:30 . 2012-04-04 17:30 16896 ----a-w- c:\windows\system32\DBBK\F26385E8BA4549B5186B774EC0E45D86
2012-04-04 17:30 . 2012-04-04 17:30 45568 ----a-w- c:\windows\system32\DBBK\AE0382AD9C73D343D85E1A50C80B7C20
2012-04-04 17:30 . 2012-04-04 17:30 15360 ----a-w- c:\windows\system32\DBBK\222DE7F5EDB9DDBE628384A1A8BE59CE
2012-04-04 17:30 . 2012-04-04 17:30 47104 ----a-w- c:\windows\system32\DBBK\5D3D1AB0EF4EA55B731863050482C111
2012-04-04 17:30 . 2012-04-04 17:30 345600 ----a-w- c:\windows\system32\DBBK\AA897735D5AB916297A6823A9B2D61B1
2012-04-04 17:30 . 2012-04-04 17:30 75264 ----a-w- c:\windows\system32\DBBK\79E3A8C328E7E569C32B0998377D9742
2012-04-04 17:30 . 2012-04-04 17:30 47104 ----a-w- c:\windows\system32\DBBK\D26451B540720A7313A9BCBE794DAF62
2012-04-04 17:30 . 2012-04-04 17:30 575704 ----a-w- c:\windows\system32\DBBK\009758CC06B7F55B4A4D16A66E243C24
2012-04-04 17:30 . 2012-04-04 17:30 273920 ----a-w- c:\windows\system32\DBBK\26D881D27CBE51D3614E68D7313EA026
2012-04-04 17:30 . 2012-04-04 17:30 453120 ----a-w- c:\windows\system32\DBBK\071143F687B4F887E21461CA6CC7EB29
2012-04-04 17:30 . 2012-04-04 17:30 53472 ----a-w- c:\windows\system32\DBBK\62BB79160F86CD962F312C68C6239BFD
2012-04-04 17:30 . 2012-04-04 17:30 95232 ----a-w- c:\windows\system32\DBBK\3273D1565BF30225C115B480A3BB2C9D
2012-04-04 17:30 . 2012-04-04 17:30 178176 ----a-w- c:\windows\system32\DBBK\942A17D2901A31EA68627CBFFCD268CC
2012-04-04 17:30 . 2012-04-04 17:30 43520 ----a-w- c:\windows\system32\DBBK\010472D0AE758227C6F6E6933549C219
2012-04-04 17:30 . 2012-04-04 17:30 44768 ----a-w- c:\windows\system32\DBBK\5BD1234E11B39C63BBA87022AF6D43C2
2012-04-04 17:30 . 2012-04-04 17:30 35552 ----a-w- c:\windows\system32\DBBK\1D326842006C4BE77ECD848CF89F01AB
2012-04-04 17:30 . 2012-04-04 17:30 473600 ----a-w- c:\windows\system32\DBBK\378A0AEFB11D8B0DC8C27B9F7604B88D
2012-04-04 17:30 . 2012-04-04 17:30 247808 ----a-w- c:\windows\system32\DBBK\E4616430709F440CF1809D88DC2366EA
2012-04-04 17:30 . 2012-04-04 17:30 531456 ----a-w- c:\windows\system32\DBBK\F0BF811622F2DD6C8E26EE4600D83731
2012-04-04 17:30 . 2012-04-04 17:30 77824 ----a-w- c:\windows\system32\DBBK\A06CE3399D16DB864F55FAEB1F1927A9
2012-04-04 17:30 . 2012-04-04 17:30 214528 ----a-w- c:\windows\system32\DBBK\D95C71052E5EF63B55997FB31483D02F
2012-04-04 17:30 . 2012-04-04 17:30 18944 ----a-w- c:\windows\system32\DBBK\205ADD80FF8099B1A8101EB490B933D1
2012-04-04 17:30 . 2012-04-04 17:30 2561536 ----a-w- c:\windows\system32\DBBK\7051068AB8839B3485F462B4975B2806
2012-04-04 17:30 . 2012-04-04 17:30 45792960 ----a-w- c:\windows\system32\DBBK\169CAF7FF0E4C7AC58B3C2AFF9FE6F21
2012-04-04 17:30 . 2012-04-04 17:30 735744 ----a-w- c:\windows\system32\DBBK\CD82CA42949578C09D276354352498FE
2012-04-04 17:30 . 2012-04-04 17:30 58880 ----a-w- c:\windows\system32\DBBK\F51EBB6FC536A6B2D588FD668D3A8249
2012-04-04 17:30 . 2012-04-04 17:30 66560 ----a-w- c:\windows\system32\DBBK\36795A645EAA47FE31D2A8F136A2C69B
2012-04-04 17:30 . 2012-04-04 17:30 58368 ----a-w- c:\windows\system32\DBBK\DF82E222578DBE59FCBBD69A02E4C806
2012-04-04 17:30 . 2012-04-04 17:30 60416 ----a-w- c:\windows\system32\DBBK\690D97864735E8ECD87F55777E266690
2012-04-04 17:30 . 2012-04-04 17:30 1267200 ----a-w- c:\windows\system32\DBBK\ED0C0DF222209E43AD9AFBF3FE87DDE0
2012-04-04 17:30 . 2012-04-04 17:30 14033088 ----a-w- c:\windows\system32\DBBK\EADBBC834E47EB338C47442B64FE295B
2012-04-04 17:30 . 2012-04-04 17:30 2843136 ----a-w- c:\windows\system32\DBBK\D3F72D50DE53F9F1F55240115AF4D42E
2012-04-04 17:30 . 2012-04-04 17:30 80896 ----a-w- c:\windows\system32\DBBK\7C278E6408D1DCE642230C0585A854D5
2012-04-04 17:30 . 2012-04-04 17:30 29696 ----a-w- c:\windows\system32\DBBK\B85E95679B5ADC12311BCD3F5385D623
2012-04-04 17:30 . 2012-04-04 17:30 60416 ----a-w- c:\windows\system32\DBBK\F9D3C78CFE15271D80790677C893CE45
2012-04-04 17:30 . 2012-04-04 17:30 354816 ----a-w- c:\windows\system32\DBBK\684559A03CBC1D05BA120A18B0D8BA5D
2012-04-04 17:30 . 2012-04-04 17:30 1929952 ----a-w- c:\windows\system32\DBBK\6298277B73C77FA99106B271A7525163
2012-04-04 17:30 . 2012-04-04 17:30 331264 ----a-w- c:\windows\system32\DBBK\83F41D0D89645D7235C051AB1D9523AC
2012-04-04 17:30 . 2012-04-04 17:30 357888 ----a-w- c:\windows\system32\DBBK\47DDFC2F003F7F9F0592C6874962A2E7
2012-04-04 17:30 . 2012-04-04 17:30 6656 ----a-w- c:\windows\system32\DBBK\35321FB577CDC98CE3EB3A3EB9E4610A
2012-04-04 17:30 . 2012-04-04 17:30 430592 ----a-w- c:\windows\system32\DBBK\ACACB8B14E66109B8ACD6644B5574B9A
2012-04-04 17:30 . 2012-04-04 17:30 138752 ----a-w- c:\windows\system32\DBBK\FEDE68BF80052BAD393AFD5C2E60DCB0
2012-04-04 17:30 . 2012-04-04 17:30 144896 ----a-w- c:\windows\system32\DBBK\2D0E4ED081963804CCC196A0929275B5
2012-04-04 17:30 . 2012-04-04 17:30 90112 ----a-w- c:\windows\system32\DBBK\55BCA12F7F523D35CA3CB833C725F54E
2012-04-04 17:30 . 2012-04-04 17:30 96768 ----a-w- c:\windows\system32\DBBK\22D89D84E8E081CDA529DBF8C0255A38
2012-04-04 17:30 . 2012-04-04 17:30 26624 ----a-w- c:\windows\system32\DBBK\ABFB673B24A9B3287761D497529FB5B9
2012-04-04 17:30 . 2012-04-04 17:30 171008 ----a-w- c:\windows\system32\DBBK\3805DF0AC4296A34BA4BF93B346CC378
2012-04-04 17:30 . 2012-04-04 17:30 25088 ----a-w- c:\windows\system32\DBBK\ACDAFCD14EC0ECE89198503746A5C147
2012-04-04 17:30 . 2012-04-04 17:30 34304 ----a-w- c:\windows\system32\DBBK\853D0D0C6F02D7BFDF1CF99DD7553732
2012-04-04 17:30 . 2012-04-04 17:30 32256 ----a-w- c:\windows\system32\DBBK\248712EA6BA17B9FF0C542A3828375DD
2012-04-04 17:30 . 2012-04-04 17:30 74240 ----a-w- c:\windows\system32\DBBK\4AC2FA4A6F0DF2511BAC13393C06EFF1
2012-04-04 17:30 . 2012-04-04 17:30 39424 ----a-w- c:\windows\system32\DBBK\7FDD5D0684ECA8C1F68B4D99D124DCD0
2012-04-04 17:30 . 2012-04-04 17:30 171008 ----a-w- c:\windows\system32\DBBK\20FD44370267CCD0A64A1B31861C21D2
2012-04-04 17:30 . 2012-04-04 17:30 16896 ----a-w- c:\windows\system32\DBBK\5F0CE62E0831CF972EC6949FD3E37DA7
2012-04-04 17:30 . 2012-04-04 17:30 270336 ----a-w- c:\windows\system32\DBBK\C5FF8682EADA5B3B27A865F1C3EF9270
2012-04-04 17:30 . 2012-04-04 17:30 18944 ----a-w- c:\windows\system32\DBBK\CBE612E2BB6A10E3563336191EDA1250
2012-04-04 17:30 . 2012-04-04 17:30 333824 ----a-w- c:\windows\system32\DBBK\8BAD69CBAC032D4BBACFCE0306174C30
2012-04-04 17:30 . 2012-04-04 17:30 183808 ----a-w- c:\windows\system32\DBBK\332760FBA1655FCFD35BD6F4FD871300
2012-04-04 17:30 . 2012-04-04 17:30 99840 ----a-w- c:\windows\system32\DBBK\3A7C3CBE5D96B8AE96CE81F0B22FB527
2012-04-04 17:30 . 2012-04-04 17:30 12184 ----a-w- c:\windows\system32\DBBK\5644ACFA1B281CE2212353552147D1A0
2012-04-04 17:30 . 2012-04-04 17:30 24576 ----a-w- c:\windows\system32\DBBK\369F7B1A4F358B976176556A1A331F36
2012-04-04 17:30 . 2012-04-04 17:30 284160 ----a-w- c:\windows\system32\DBBK\62CF83A6989312A0DD39BBFFB3D1C166
2012-04-04 17:30 . 2012-04-04 17:30 20992 ----a-w- c:\windows\system32\DBBK\8973122796E3B5D6B5900FC186E55FEA
2012-04-04 17:30 . 2012-04-04 17:30 21504 ----a-w- c:\windows\system32\DBBK\DEB04DA35CC871B6D309B77E1443C796
2012-04-04 17:30 . 2012-04-04 17:30 38400 ----a-w- c:\windows\system32\DBBK\4FCCA060DFE0C51A09DD5C3843888BCD
2012-04-04 17:30 . 2012-04-04 17:30 253952 ----a-w- c:\windows\system32\DBBK\D4991D98F2DB73C60D042F1AEF79EFAE
2012-04-04 17:30 . 2012-04-04 17:30 348160 ----a-w- c:\windows\system32\DBBK\86F1895AE8C5E8B17D99ECE768A70732
2012-04-04 17:30 . 2012-04-04 17:30 23040 ----a-w- c:\windows\system32\DBBK\BC93B4A066477954555966D77FEC9ECB
2012-04-04 17:30 . 2012-04-04 17:30 194560 ----a-w- c:\windows\system32\DBBK\00709952D444EAE14DBBD30D36FBAE0F
2012-04-04 17:30 . 2012-04-04 17:30 153376 ----a-w- c:\windows\system32\DBBK\0A5709543986843D37A92290B7838340
2012-04-04 17:30 . 2012-04-04 17:30 62464 ----a-w- c:\windows\system32\DBBK\3D4E199942E29207970E04315D02AD3B
2012-04-04 17:30 . 2012-04-04 17:30 6582328 ----a-w- c:\windows\system32\DBBK\F4DD9E29CAB8110C976B9200E8067BC2
2012-04-04 17:30 . 2012-04-04 17:30 6784 ----a-w- c:\windows\system32\DBBK\70E98B3FD8E963A6A46A2E6247E0BEA1
2012-04-04 17:30 . 2012-04-04 17:30 22528 ----a-w- c:\windows\system32\DBBK\67156D5A9AC356DC99D7BCCB388E3316
2012-04-04 17:30 . 2012-04-04 17:30 68096 ----a-w- c:\windows\system32\DBBK\77A354E28153AD2D5E120A5A8687BC06
2012-04-04 17:30 . 2012-04-04 17:30 180608 ----a-w- c:\windows\system32\DBBK\11D42BB6206F33FBB3BA0288D3EF81BD
2012-04-04 17:30 . 2012-04-04 17:30 2676624 ----a-w- c:\windows\system32\DBBK\8BCA18AAB6B2F56D8B44127FEA3B5A3D
2012-04-04 17:30 . 2012-04-04 17:30 48896400 ----a-w- c:\windows\system32\DBBK\B2EE0675149E0902EEC7D998981EF6D9
2012-04-04 17:30 . 2012-04-04 17:30 3276 ----a-w- c:\windows\system32\DBBK\C634AFCB0EA281F43DC007BFD8999418
2012-04-04 17:30 . 2012-04-04 17:30 152 ----a-w- c:\windows\system32\DBBK\195140D82D94DF5FAD823EC118EE3F21
2012-04-04 17:30 . 2012-04-04 17:30 282 ----a-w- c:\windows\system32\DBBK\65FC72B885B67AC91B1D32D4D39ABD51
2012-04-04 17:30 . 2012-04-04 17:30 470 ----a-w- c:\windows\system32\DBBK\A776C2E4BE88E7F52299310C1490C5CA
2012-04-04 17:30 . 2012-04-04 17:30 552 ----a-w- c:\windows\system32\DBBK\E3DE4EB20C48F0162FCEE0E0716D34E0
2012-04-04 17:30 . 2012-04-04 17:30 20 ----a-w- c:\windows\system32\DBBK\529584EC24AB8643D97E43EB2C0BFA6F
2012-04-04 17:30 . 2012-04-04 17:30 757 ----a-w- c:\windows\system32\DBBK\FF02F93955179F9A4F28656740A994A1
2012-04-04 17:30 . 2012-04-04 17:30 2227784 ----a-w- c:\windows\system32\DBBK\A2C2EC01306A666C4372BB7A06659B5D
2012-04-04 17:30 . 2012-04-04 17:30 472136 ----a-w- c:\windows\system32\DBBK\82F9764EBE2EF590CD2B3BEB234E5671
2012-04-04 17:30 . 2012-04-04 17:30 18944 ----a-w- c:\windows\system32\DBBK\5C12660A97822F6E61576943B49AAAD6
2012-04-04 17:30 . 2012-04-04 17:30 460872 ----a-w- c:\windows\system32\DBBK\60D0647A2DC2D397B84D0AFB0808F85D
2012-04-04 17:30 . 2012-04-04 17:30 20480 ----a-w- c:\windows\system32\DBBK\9A3BD5F55AADFF859539142F6328A66E
2012-04-04 17:30 . 2012-04-04 17:30 2944 ----a-w- c:\windows\system32\DBBK\8F5FCFF8E8848AFAC920905FBD9D33C8
2012-04-04 17:30 . 2012-04-04 17:30 172416 ----a-w- c:\windows\system32\DBBK\692BCF44383D056AED41B045A323D378
2012-04-04 17:30 . 2012-04-04 17:30 52864 ----a-w- c:\windows\system32\DBBK\8A208DFCF89792A484E76C40E5F50B45
2012-04-04 17:30 . 2012-04-04 17:30 56576 ----a-w- c:\windows\system32\DBBK\8CE882BCC6CF8A62F2B2323D95CB3D01
2012-04-04 17:30 . 2012-04-04 17:30 142592 ----a-w- c:\windows\system32\DBBK\8BED39E3C35D6A489438B8141717A557
2012-04-04 17:30 . 2012-04-04 17:30 98304 ----a-w- c:\windows\system32\DBBK\912B67BB8249925A5C972FC5839EAE09
2012-04-04 17:30 . 2012-04-04 17:30 6272 ----a-w- c:\windows\system32\DBBK\AB8B92451ECB048A4D1DE7C3FFCB4A9F
2012-04-04 17:30 . 2012-04-04 17:30 60800 ----a-w- c:\windows\system32\DBBK\8B83F3ED0F1688B4958F77CD6D2BF290
2012-04-04 17:30 . 2012-04-04 17:30 83072 ----a-w- c:\windows\system32\DBBK\6768ACF64B18196494413695F0C3A00F
2012-04-04 17:30 . 2012-04-04 17:30 385536 ----a-w- c:\windows\system32\DBBK\A314EEA2A503A8E04085201E436384A5
2012-04-04 17:30 . 2012-04-04 17:30 23552 ----a-w- c:\windows\system32\DBBK\680B56A8B62D1BCF4A0B2AAAD03D88E4
2012-04-04 17:30 . 2012-04-04 17:30 135168 ----a-w- c:\windows\system32\DBBK\B4ED498E3BFEE64E952BC44FC6057DB8
2012-04-04 17:30 . 2012-04-04 17:30 1114512 ----a-w- c:\windows\system32\DBBK\94545E8136FE024D84F3C33B4E07D210
2012-04-04 17:30 . 2012-04-04 17:30 1025024 ----a-w- c:\windows\system32\DBBK\99A4C177D9942B536C0F15448A14BB93
2012-04-04 17:30 . 2012-04-04 17:30 132096 ----a-w- c:\windows\system32\DBBK\A8888A5327621856C0CEC4E385F69309
2012-04-04 17:30 . 2012-04-04 17:30 1033728 ----a-w- c:\windows\system32\DBBK\12896823FB95BFB3DC9B46BCAEDC9923
2012-04-04 17:30 . 2012-04-04 17:30 42496 ----a-w- c:\windows\system32\DBBK\DEF7A7882BEC100FE0B2CE2549188F9D
2012-04-04 17:30 . 2012-04-04 17:30 13887888 ----a-w- c:\windows\system32\DBBK\49879EB299644E4EDB4F50119E56B22B
2012-04-04 17:30 . 2012-04-04 17:30 58880 ----a-w- c:\windows\system32\DBBK\60784F891563FB1B767F70117FC2428F
2012-04-04 17:30 . 2012-04-04 17:30 6656 ----a-w- c:\windows\system32\DBBK\E47E364C96467FD54FA44D59F927C3AB
2012-04-04 17:30 . 2012-04-04 17:30 192512 ----a-w- c:\windows\system32\DBBK\0A9A7365A1CA4319AA7C1D6CD8E4EAFA
2012-04-04 17:30 . 2012-04-04 17:30 26112 ----a-w- c:\windows\system32\DBBK\A93AEE1928A9D7CE3E16D24EC7380F89
2012-04-04 17:30 . 2012-04-04 17:30 52736 ----a-w- c:\windows\system32\DBBK\767FF54A552732CE772C2302025FA82F
2012-04-04 17:30 . 2012-04-04 17:30 126976 ----a-w- c:\windows\system32\DBBK\5DB625E7D095604010CF84DE2D8ACFA6
2012-04-04 17:30 . 2012-04-04 17:30 40960 ----a-w- c:\windows\system32\DBBK\ABC4206543450C0666D152F4B65833B8
2012-04-04 17:30 . 2012-04-04 17:30 144384 ----a-w- c:\windows\system32\DBBK\CA04959077AFE36369D37B3504740C87
2012-04-04 17:30 . 2012-04-04 17:30 163840 ----a-w- c:\windows\system32\DBBK\235892E493845D64D890163CFEF90E97
2012-04-04 17:30 . 2012-04-04 17:30 9216 ----a-w- c:\windows\system32\DBBK\4E8F3230BAC8C1CAADF01A8C728E1C5C
2012-04-04 17:30 . 2012-04-04 17:30 1703936 ----a-w- c:\windows\system32\DBBK\062F837C1FBDB6A0A75F82EFC2EE8E74
2012-04-04 17:30 . 2012-04-04 17:30 103424 ----a-w- c:\windows\system32\DBBK\3E2F3E2F4A82B7FAE23BAB864FB0F837
2012-04-04 17:30 . 2012-04-04 17:30 326656 ----a-w- c:\windows\system32\DBBK\085ED2E391A871C7BAE87E0228B546BA
2012-04-04 17:30 . 2012-04-04 17:30 198144 ----a-w- c:\windows\system32\DBBK\13E67B55B3ABD7BF3FE7AAE5A0F9A9DE
2012-04-04 17:30 . 2012-04-04 17:30 79872 ----a-w- c:\windows\system32\DBBK\56CE97FF94B7662A300D359CD6F4D601
2012-04-04 17:30 . 2012-04-04 17:30 433664 ----a-w- c:\windows\system32\DBBK\C1FAEA15E41F62D7BFA7FBC395C24BA6
2012-04-04 17:30 . 2012-04-04 17:30 181760 ----a-w- c:\windows\system32\DBBK\00AABF131B4823785818DB99A075A313
2012-04-04 17:30 . 2012-04-04 17:30 61440 ----a-w- c:\windows\system32\DBBK\4DEF926F6A0545AE486A03C84F2EE482
2012-04-04 17:30 . 2012-04-04 17:30 237056 ----a-w- c:\windows\system32\DBBK\92C4F48B62B0B876194584C3FF09CCB6
2012-04-04 17:30 . 2012-04-04 17:30 87040 ----a-w- c:\windows\system32\DBBK\EA5B8BECA3F279C757578CD7F1E95855
2012-04-04 17:30 . 2012-04-04 17:30 149504 ----a-w- c:\windows\system32\DBBK\A39BE37C9237DB5F1990D61B268EA555
2012-04-04 17:30 . 2012-04-04 17:30 8192 ----a-w- c:\windows\system32\DBBK\52778FCE46E510B60F513B8882A65CD6
2012-04-04 17:30 . 2012-04-04 17:30 28160 ----a-w- c:\windows\system32\DBBK\49CC4533CE897CB2E93C1E84A818FDE5
2012-04-04 17:30 . 2012-04-04 17:30 6881616 ----a-w- c:\windows\system32\DBBK\1C9B06FF129DB305D8C70554F47C679B
2012-04-04 17:30 . 2012-04-04 17:30 1082368 ----a-w- c:\windows\system32\DBBK\F5B754CDEA20BBB3A31E16A776EDE6D6
2012-04-04 17:30 . 2012-04-04 17:30 26112 ----a-w- c:\windows\system32\DBBK\8E2CC37BA87D8F681066E0E9C8A19F73
2012-04-04 17:30 . 2012-04-04 17:30 143360 ----a-w- c:\windows\system32\DBBK\0D84657DBF93DB98673DEFDF2B29E25A
2012-04-04 17:30 . 2012-04-04 17:30 76800 ----a-w- c:\windows\system32\DBBK\8AE93AACC648921BAACB8602991AC4B3
2012-04-04 17:30 . 2012-04-04 17:30 58880 ----a-w- c:\windows\system32\DBBK\224FB925C641DA16CEB6D60F40CA4C75
2012-04-04 17:30 . 2012-04-04 17:30 193536 ----a-w- c:\windows\system32\DBBK\2CDAE321B8E878A278BA2D2FA013060B
2012-04-04 17:30 . 2012-04-04 17:30 30720 ----a-w- c:\windows\system32\DBBK\E6EF7BC927D9F8F9BA1584BFC39E0C6F
2012-04-04 17:30 . 2012-04-04 17:30 116224 ----a-w- c:\windows\system32\DBBK\2D65D56C2F8B6CC5EBFF8E7200C30304
2012-04-04 17:30 . 2012-04-04 17:30 5632 ----a-w- c:\windows\system32\DBBK\7B0770526801F05D58C51A3DFB87B4BD
2012-04-04 17:30 . 2012-04-04 17:30 44032 ----a-w- c:\windows\system32\DBBK\876CCF164E08D6B903CD14398E056DD2
2012-04-04 17:30 . 2012-04-04 17:30 22016 ----a-w- c:\windows\system32\DBBK\A7E06854EA2A20AEE8EC32BD8C754298
2012-04-04 17:30 . 2012-04-04 17:30 11264 ----a-w- c:\windows\system32\DBBK\DF6551E4C4C46655A0C76194F1FCEA5D
2012-04-04 17:30 . 2012-04-04 17:30 483840 ----a-w- c:\windows\system32\DBBK\81DC3F549F44B1C1FFF022DEC9ECF30B
2012-04-04 17:30 . 2012-04-04 17:30 295424 ----a-w- c:\windows\system32\DBBK\FF3477C03BE7201C294C35F684B3479F
2012-04-04 17:30 . 2012-04-04 17:30 13824 ----a-w- c:\windows\system32\DBBK\A7DB739AE99A796D91580147E919CC59
2012-04-04 17:30 . 2012-04-04 17:30 92672 ----a-w- c:\windows\system32\DBBK\2CC34E8BB667EEF78899546E12649196
2012-04-04 17:30 . 2012-04-04 17:30 16896 ----a-w- c:\windows\system32\DBBK\5D43C9A33F18C707BA169AFDA88BDF30
2012-04-04 17:30 . 2012-04-04 17:30 64592 ----a-w- c:\windows\system32\DBBK\E530E95DBFE0EA51159D1F7C81DB6B98
2012-04-04 17:30 . 2012-04-04 17:30 414080 ----a-w- c:\windows\system32\DBBK\7A63B08C8E9F3A057A81E3B29D29C407
2012-04-04 17:30 . 2012-04-04 17:30 19456 ----a-w- c:\windows\system32\DBBK\E2092F0A1D7ABC243F9C2362483D150D
2012-04-04 17:30 . 2012-04-04 17:30 101888 ----a-w- c:\windows\system32\DBBK\515A7FAE2070C2B0242B2353443E2F11
2012-04-04 17:30 . 2012-04-04 17:30 4190352 ----a-w- c:\windows\system32\DBBK\8E356DA331BA56B7EB1FF16B66D8F50D
2012-04-04 17:30 . 2012-04-04 17:30 45568 ----a-w- c:\windows\system32\DBBK\5F7E24FA9EAB896051FFB87F840730D2
2012-04-04 17:30 . 2012-04-04 17:30 126976 ----a-w- c:\windows\system32\DBBK\5E38D7684A49CACFB752B046357E0589
2012-04-04 17:30 . 2012-04-04 17:30 14592 ----a-w- c:\windows\system32\DBBK\F927A4434C5028758A842943EF1A3849
2012-04-04 17:30 . 2012-04-04 17:30 88192 ----a-w- c:\windows\system32\DBBK\ACA5E7B54409F9CB5EED97ED0C81120E
2012-04-04 17:30 . 2012-04-04 17:30 161024 ----a-w- c:\windows\system32\DBBK\96E6931ECC73B103B1A00A84416DADA9
2012-04-04 17:30 . 2012-04-04 17:30 9088 ----a-w- c:\windows\system32\DBBK\797F458071A9C679D13B6A9257AC32DC
2012-04-04 17:30 . 2012-04-04 17:30 538496 ----a-w- c:\windows\system32\DBBK\12B9C4FA0D4735A1873FED4083B75748
2012-04-04 17:30 . 2012-04-04 17:30 925568 ----a-w- c:\windows\system32\DBBK\F614AB3F0AF8DEFE7AD91BE2BA483603
2012-04-04 17:30 . 2012-04-04 17:30 11736 ----a-w- c:\windows\system32\DBBK\CFCE43B70CA0CC4DCC8ADB62B792B173
2012-04-04 17:30 . 2012-04-04 17:30 7680 ----a-w- c:\windows\system32\DBBK\6F9BEF24C578D5D6740E080BEDD6A448
2012-04-04 17:30 . 2012-04-04 17:30 16896 ----a-w- c:\windows\system32\DBBK\D72B9EC3337B247A666F098F3D6B43DE
2012-04-04 17:30 . 2012-04-04 17:30 19456 ----a-w- c:\windows\system32\DBBK\4E3D06D6E68EEDB52565080F55B460D3
2012-04-04 17:30 . 2012-04-04 17:30 344064 ----a-w- c:\windows\system32\DBBK\3CB32D3B8CBE79899D63280BB7A83CD9
2012-04-04 17:30 . 2012-04-04 17:30 245248 ----a-w- c:\windows\system32\DBBK\943337D786A56729263071623BBB9DE5
2012-04-04 17:30 . 2012-04-04 17:30 56320 ----a-w- c:\windows\system32\DBBK\6D4FEB43EE538FC5428CC7F0565AA656
2012-04-04 17:30 . 2012-04-04 17:30 2897920 ----a-w- c:\windows\system32\DBBK\16403217AB6FC5C30C14C6B12098AD4B
2012-04-04 17:30 . 2012-04-04 17:30 118784 ----a-w- c:\windows\system32\DBBK\549290DBC280C887681D7652978DBBE0
2012-04-04 17:30 . 2012-04-04 17:30 14336 ----a-w- c:\windows\system32\DBBK\27C6D03BCDB8CFEB96B716F3D8BE3E18
2012-04-04 17:30 . 2012-04-04 17:30 68096 ----a-w- c:\windows\system32\DBBK\E5EDBD51476DB5001ABF5C82AE5C3DD1
2012-04-04 17:30 . 2012-04-04 17:30 792064 ----a-w- c:\windows\system32\DBBK\1280A158C722FA95A80FB7AEBE78FA7D
2012-04-04 17:30 . 2012-04-04 17:30 498688 ----a-w- c:\windows\system32\DBBK\F137A0CA70003DB20448D540651FA003
2012-04-04 17:30 . 2012-04-04 17:30 401408 ----a-w- c:\windows\system32\DBBK\6B27A5C03DFB94B4245739065431322C
2012-04-04 17:30 . 2012-04-04 17:30 220160 ----a-w- c:\windows\system32\DBBK\20200EE3CFE10E9F0C028D8653BE11C6
2012-04-04 17:30 . 2012-04-04 17:30 304128 ----a-w- c:\windows\system32\DBBK\3D41A9326F0376FC73AF961DD23B1FB1
2012-04-04 17:30 . 2012-04-04 17:30 4608 ----a-w- c:\windows\system32\DBBK\AFFC87E2501FCE8F09D4C10BA6421CCF
2012-04-04 17:30 . 2012-04-04 17:30 514560 ----a-w- c:\windows\system32\DBBK\2081A5B5E4ABA206A0A8A1A97DF0FB23
2012-04-04 17:30 . 2012-04-04 17:30 6766592 ----a-w- c:\windows\system32\DBBK\60B8EA7642CEFDBFB85CFAFBAE4BE816
2012-04-04 17:30 . 2012-04-04 17:30 1958400 ----a-w- c:\windows\system32\DBBK\3DA3F03E76A6D9630C148EFE0FC74230
2012-04-04 17:30 . 2012-04-04 17:30 146432 ----a-w- c:\windows\system32\DBBK\BD83ABA61E8ACCC8D9FFB869F29418CE
2012-04-04 17:30 . 2012-04-04 17:30 13880424 ----a-w- c:\windows\system32\DBBK\229EF72A47F7EF9233F3A52FA519E01B
2012-04-04 17:30 . 2012-04-04 17:30 17408 ----a-w- c:\windows\system32\DBBK\50A166237A0FA771261275A405646CC0
2012-04-04 17:30 . 2012-04-04 17:30 156776 ----a-w- c:\windows\system32\DBBK\A8C1E6FF53FB0628A302843EA5FA5AB6
2012-04-04 17:30 . 2012-04-04 17:30 181248 ----a-w- c:\windows\system32\DBBK\A86BB5E61BF3E39B62AB4C7E7085A084
2012-04-04 17:30 . 2012-04-04 17:30 18432 ----a-w- c:\windows\system32\DBBK\0E2735281FBB9A764D5584C2A5DCBA59
2012-04-04 17:30 . 2012-04-04 17:30 99328 ----a-w- c:\windows\system32\DBBK\02988B904C386B500CD08639C4C20EEA
2012-04-04 17:30 . 2012-04-04 17:30 208384 ----a-w- c:\windows\system32\DBBK\54DAE3EA34802B4ED9AE1C6B1209FA56
2012-04-04 17:30 . 2012-04-04 17:30 54272 ----a-w- c:\windows\system32\DBBK\3AAF9B35939FF9E58CCD18D41655C2FC
2012-04-04 17:30 . 2012-04-04 17:30 175104 ----a-w- c:\windows\system32\DBBK\54AF4B1D5459500EF0937F6D33B1914F
2012-04-04 17:30 . 2012-04-04 17:30 407040 ----a-w- c:\windows\system32\DBBK\1B7F071C51B77C272875C3A23E1E4550
2012-04-04 17:30 . 2012-04-04 17:30 94720 ----a-w- c:\windows\system32\DBBK\AF07DC9B7CC455629E732340C7B15F3A
2012-04-04 17:30 . 2012-04-04 17:30 136192 ----a-w- c:\windows\system32\DBBK\517561A1113B04E51D936CD018DE1C1F
2012-04-04 17:30 . 2012-04-04 17:30 301568 ----a-w- c:\windows\system32\DBBK\A525C96C51D55111FDF3BEA9FFFFC7AE
2012-04-04 17:30 . 2012-04-04 17:30 290432 ----a-w- c:\windows\system32\DBBK\1E644E3533DCE2B580A663AE1ACBD539
2012-04-04 17:30 . 2012-04-04 17:30 488 ----a-w- c:\windows\system32\DBBK\5D76C3FB736514E1D7C88791E7322784
2012-04-04 17:30 . 2012-04-04 17:30 48128 ----a-w- c:\windows\system32\DBBK\C6BB1D1500DB4A0E224CB65E6C7E8A80
2012-04-04 17:30 . 2012-04-04 17:30 290816 ----a-w- c:\windows\system32\DBBK\A4388DF80E52695AE92EE5F3F61F1619
2012-04-04 17:30 . 2012-04-04 17:30 68608 ----a-w- c:\windows\system32\DBBK\3D76DD0CBC536E0F8C45D23ED230BEB2
2012-04-04 17:30 . 2012-04-04 17:30 152064 ----a-w- c:\windows\system32\DBBK\A645A78FCDABAD67067324D7E6CD9F79
2012-04-04 17:30 . 2012-04-04 17:30 61440 ----a-w- c:\windows\system32\DBBK\7A660EDC0757849DF5F8706FB6E9F740
2012-04-04 17:30 . 2012-04-04 17:30 86016 ----a-w- c:\windows\system32\DBBK\F24B12786D60A17008319E3F2AEE7799
2012-04-04 17:30 . 2012-04-04 17:30 218624 ----a-w- c:\windows\system32\DBBK\7A2CC3719B255E6B5D74396183B7715B
2012-04-04 17:30 . 2012-04-04 17:30 71680 ----a-w- c:\windows\system32\DBBK\2098AB52BD5316E59AA36F3437B13BE6
2012-04-04 17:30 . 2012-04-04 17:30 176128 ----a-w- c:\windows\system32\DBBK\4A953F13942867BA8FB41F141EC1B80C
2012-04-04 17:30 . 2012-04-04 17:30 1852928 ----a-w- c:\windows\system32\DBBK\310C15FD8358B2C4CD7A5B98A112883F
2012-04-04 17:30 . 2012-04-04 17:30 33280 ----a-w- c:\windows\system32\DBBK\17A1D675C12BBF80CAAC54A4855C41D0
2012-04-04 17:30 . 2012-04-04 17:30 415744 ----a-w- c:\windows\system32\DBBK\F05B8CDB7FE0E55DCCFB1D946CE80064
2012-04-04 17:30 . 2012-04-04 17:30 64000 ----a-w- c:\windows\system32\DBBK\8329A39D5A402A75A74301D6A62ECDA1
2012-04-04 17:30 . 2012-04-04 17:30 39424 ----a-w- c:\windows\system32\DBBK\EA9EE60B408878E5F2012F9C783836DB
2012-04-04 17:30 . 2012-04-04 17:30 65024 ----a-w- c:\windows\system32\DBBK\1F03103598BD817B1078DAB1326DDE11
2012-04-04 17:30 . 2012-04-04 17:30 149504 ----a-w- c:\windows\system32\DBBK\389496118B3B03C2328024AF320132AC
2012-04-04 17:30 . 2012-04-04 17:30 123392 ----a-w- c:\windows\system32\DBBK\2EDFC2A8893435723AD80481803C6D5C
2012-04-04 17:30 . 2012-04-04 17:30 314880 ----a-w- c:\windows\system32\DBBK\B24A42A413E694AD73FDFB7FBD492C31
2012-04-04 17:30 . 2012-04-04 17:30 67072 ----a-w- c:\windows\system32\DBBK\EC4C0D9BFD9F7E33F8B395AD54E13063
2012-04-04 17:30 . 2012-04-04 17:30 730112 ----a-w- c:\windows\system32\DBBK\BD31DC6DBE9333C4FBD4BDF0899F2160
2012-04-04 17:30 . 2012-04-04 17:30 413696 ----a-w- c:\windows\system32\DBBK\F404830F3CD9BF8F2515E489C0CDA297
2012-04-04 17:30 . 2012-04-04 17:30 13312 ----a-w- c:\windows\system32\DBBK\BF2466B3E18E970D8A976FB95FC1CA85
2012-04-04 17:30 . 2012-04-04 17:30 36352 ----a-w- c:\windows\system32\DBBK\EC29A79F1E76DC509E24D401F29D0678
2012-04-04 17:30 . 2012-04-04 17:30 110592 ----a-w- c:\windows\system32\DBBK\65DF52F5B8B6E9BBD183505225C37315
2012-04-04 17:29 . 2012-04-04 17:29 140288 ----a-w- c:\windows\system32\DBBK\6B5DB6789177A4FD0DEBC248041D0739
2012-04-04 17:29 . 2012-04-04 17:29 5120 ----a-w- c:\windows\system32\DBBK\96E1C926F22EE1BFBAE82901A35F6BF3
2012-04-04 17:29 . 2012-04-04 17:29 135168 ----a-w- c:\windows\system32\DBBK\99BC0B50F511924348BE19C7C7313BBF
2012-04-04 17:29 . 2012-04-04 17:29 94208 ----a-w- c:\windows\system32\DBBK\6B7C6B32F8E84D56C6260D684019FEA2
2012-04-04 17:29 . 2012-04-04 17:29 749 ----a-w- c:\windows\system32\DBBK\5A5CFF37F1BD0F86B9BDAAD7A9445882
2012-04-04 17:29 . 2012-04-04 17:29 1054208 ----a-w- c:\windows\system32\DBBK\736B12B725AEB2B07F0241A9F680CB10
2012-04-04 17:29 . 2012-04-04 17:29 713216 ----a-w- c:\windows\system32\DBBK\694503348B586E99D56C0E30AB5B3EF8
2012-04-04 17:29 . 2012-04-04 17:29 249856 ----a-w- c:\windows\system32\DBBK\40B0F98BAD16AD5DEF894E88C3EF8014
2012-04-04 17:29 . 2012-04-04 17:29 997376 ----a-w- c:\windows\system32\DBBK\D7B7A57C0E57C836F18CF12A4C62A1CA
2012-04-04 17:29 . 2012-04-04 17:29 5632 ----a-w- c:\windows\system32\DBBK\56C5B179FE3308B655EB6208C3256FEC
2012-04-04 17:29 . 2012-04-04 17:29 82432 ----a-w- c:\windows\system32\DBBK\2CCC474EB85CEAA3E1FA1726580A3E5A
2012-04-04 17:29 . 2012-04-04 17:29 19968 ----a-w- c:\windows\system32\DBBK\9789E95E1D88EEB4B922BF3EA7779C28
2012-04-04 17:29 . 2012-04-04 17:29 53760 ----a-w- c:\windows\system32\DBBK\430CEB794F6E6EF8AC86958C242366D6
2012-04-04 17:29 . 2012-04-04 17:29 985088 ----a-w- c:\windows\system32\DBBK\24192246760E0E64435522E246B1D6C2
2012-04-04 17:29 . 2012-04-04 17:29 23040 ----a-w- c:\windows\system32\DBBK\9CFCB3CA3D83B4EAA133F0644A2C6F31
2012-04-04 17:29 . 2012-04-04 17:29 49664 ----a-w- c:\windows\system32\DBBK\AF11C591F2F4AFF4A6CF699D376F618B
2012-04-04 17:29 . 2012-04-04 17:29 27648 ----a-w- c:\windows\system32\DBBK\FCFA1C55971CC229D353B3A15ACCD995
2012-04-04 17:29 . 2012-04-04 17:29 17920 ----a-w- c:\windows\system32\DBBK\013C1148C1EC025596896E093F60F608
2012-04-04 17:29 . 2012-04-04 17:29 62464 ----a-w- c:\windows\system32\DBBK\714705F29A917993536A6AB2DEDB0B7F
2012-04-04 17:29 . 2012-04-04 17:29 507904 ----a-w- c:\windows\system32\DBBK\ED0EF0A136DEC83DF69F04118870003E
2012-04-04 17:29 . 2012-04-04 17:29 9344 ----a-w- c:\windows\system32\DBBK\ECB7591870F8BFB1A4C17B718AD5A4AA
2012-04-04 17:29 . 2012-04-04 17:29 6397824 ----a-w- c:\windows\system32\DBBK\82173D3AAAB2AE8A9BE61B45173E1659
2012-04-04 17:29 . 2012-04-04 17:29 3328 ----a-w- c:\windows\system32\DBBK\A73F5D6705B1D820C19B18782E176EFD
2012-04-04 17:29 . 2012-04-04 17:29 71168 ----a-w- c:\windows\system32\DBBK\AC7280566A7BB85CB3291F04DDC1198E
2012-04-04 17:29 . 2012-04-04 17:29 293376 ----a-w- c:\windows\system32\DBBK\8C7DCA4B158BF16894120786A7A5F366
2012-04-04 17:29 . 2012-04-04 17:29 52736 ----a-w- c:\windows\system32\DBBK\42F1F4C0AFB08410E5F02D4B13EBB623
2012-04-04 17:29 . 2012-04-04 17:29 33280 ----a-w- c:\windows\system32\DBBK\DD40363ABAD230A84C5E2178B11EFA88
2012-04-04 17:29 . 2012-04-04 17:29 6144 ----a-w- c:\windows\system32\DBBK\44F275C64738EA2056E3D9580C23B60F
2012-04-04 17:29 . 2012-04-04 17:29 17664 ----a-w- c:\windows\system32\DBBK\9A10AACBFDC4922715375FB4065EC930
2012-04-04 17:29 . 2012-04-04 17:29 10496 ----a-w- c:\windows\system32\DBBK\FE97D0343ACFDEBDD578FC67CC91FA87
2012-04-04 17:29 . 2012-04-04 17:29 1860096 ----a-w- c:\windows\system32\DBBK\4C1CA2B98543ADF66C032E301F936D54
2012-04-04 17:29 . 2012-04-04 17:29 63744 ----a-w- c:\windows\system32\DBBK\C885B02847F5D2FD45A24E219ED93B32
2012-04-04 17:29 . 2012-04-04 17:29 177664 ----a-w- c:\windows\system32\DBBK\AEADC4FE32D6D60F36D9B9ACE5C642A2
2012-04-04 17:29 . 2012-04-04 17:29 337408 ----a-w- c:\windows\system32\DBBK\318230E845919255EF3C5D5E1E863631
2012-04-04 17:29 . 2012-04-04 17:29 58880 ----a-w- c:\windows\system32\DBBK\04D898830DF96A17A20FD35D7590F87E
2012-04-04 17:29 . 2012-04-04 17:29 512512 ----a-w- c:\windows\system32\DBBK\6E4BE11D50F8A8DE2BAD644C9C9DE8D3
2012-04-04 17:29 . 2012-04-04 17:29 727040 ----a-w- c:\windows\system32\DBBK\43D13C80EBEC0135A3611E0F616F179B
2012-04-04 17:29 . 2012-04-04 17:29 125952 ----a-w- c:\windows\system32\DBBK\CF492D7E9AF1C628B3536D20EF6F5CC7
2012-04-04 17:29 . 2012-04-04 17:29 599040 ----a-w- c:\windows\system32\DBBK\A90E118F12D355F9946DFB30A8F94609
2012-04-04 17:29 . 2012-04-04 17:29 1510400 ----a-w- c:\windows\system32\DBBK\05BE013E0A9E5BE60870E885CB703832
2012-04-04 17:29 . 2012-04-04 17:29 56832 ----a-w- c:\windows\system32\DBBK\5357826C8A8DD6A07F17C48BB45BE46E
2012-04-04 17:29 . 2012-04-04 17:29 264192 ----a-w- c:\windows\system32\DBBK\045DF7AE14CAAED71338916D6FB66812
2012-04-04 17:29 . 2012-04-04 17:29 420864 ----a-w- c:\windows\system32\DBBK\681B807E53BDADA337735C28C0E48A1B
2012-04-04 17:29 . 2012-04-04 17:29 343040 ----a-w- c:\windows\system32\DBBK\355EDBB4D412B01F1740C17E3F50FA00
2012-04-04 17:29 . 2012-04-04 17:29 59904 ----a-w- c:\windows\system32\DBBK\DD7BD97FB8BD800963789158A5E4B41D
2012-04-04 17:29 . 2012-04-04 17:29 474112 ----a-w- c:\windows\system32\DBBK\C448A248B743F5FB935C787A5D97268B
2012-04-04 17:29 . 2012-04-04 17:29 172032 ----a-w- c:\windows\system32\DBBK\0492CF5870F0E616B0C71695A433D162
2012-04-04 17:29 . 2012-04-04 17:29 617472 ----a-w- c:\windows\system32\DBBK\93AFB83FBC1F9443CAC722FCA63D73BF
2012-04-04 17:29 . 2012-04-04 17:29 667136 ----a-w- c:\windows\system32\DBBK\B701B7DF6B9B243B155523B5F868A90A
2012-04-04 17:29 . 2012-04-04 17:29 18944 ----a-w- c:\windows\system32\DBBK\C7CE131408739B0B3A318BE2D0032719
2012-04-04 17:29 . 2012-04-04 17:29 578560 ----a-w- c:\windows\system32\DBBK\B26B135FF1B9F60C9388B4A7D16F600B
2012-04-04 17:29 . 2012-04-04 17:29 37888 ----a-w- c:\windows\system32\DBBK\48A53D8257EE18C06D4503F3D752439F
2012-04-04 17:29 . 2012-04-04 17:29 633344 ----a-w- c:\windows\system32\DBBK\E9733011B6B1E34F19A07DD143403025
2012-04-04 17:29 . 2012-04-04 17:29 8462336 ----a-w- c:\windows\system32\DBBK\E86423AA9AA8C382AF02B94A058DC2AA
2012-04-04 17:29 . 2012-04-04 17:29 590848 ----a-w- c:\windows\system32\DBBK\D4502F124289A31976130CCCB014C9AA
2012-04-04 17:29 . 2012-04-04 17:29 37376 ----a-w- c:\windows\system32\DBBK\86440EDFF27095E03741AEDC5752AA51
2012-04-04 17:29 . 2012-04-04 17:29 69120 ----a-w- c:\windows\system32\DBBK\AE9543F20FCC1E7BCAA13051CC076147
2012-04-04 17:29 . 2012-04-04 17:29 22016 ----a-w- c:\windows\system32\DBBK\D8361BEAB7109AB8B069F7F5028E37B1
2012-04-04 17:29 . 2012-04-04 17:29 551936 ----a-w- c:\windows\system32\DBBK\1B2BE5777F69A71778F52FFEE1C798D6
2012-04-04 17:29 . 2012-04-04 17:29 74752 ----a-w- c:\windows\system32\DBBK\FA1B9CAE64B23C950DA3D96ABBF23BD0
2012-04-04 17:29 . 2012-04-04 17:29 1288704 ----a-w- c:\windows\system32\DBBK\6BAD1BED9872E62049E487FB91AE2F3A
2012-04-04 17:29 . 2012-04-04 17:29 2560 ----a-w- c:\windows\system32\DBBK\C3200506FB212A0F4FB736A80E646C40
2012-04-04 17:29 . 2012-04-04 17:29 989696 ----a-w- c:\windows\system32\DBBK\B921FB870C9AC0D509B2CCABBBBE95F3
2012-04-04 17:29 . 2012-04-04 17:29 276992 ----a-w- c:\windows\system32\DBBK\86987A5000DFA3EBE2275C0456BCF2FE
2012-04-04 17:29 . 2012-04-04 17:29 286720 ----a-w- c:\windows\system32\DBBK\8B1F3320AEBB536E021A5014409862DE
2012-04-04 17:29 . 2012-04-04 17:29 144384 ----a-w- c:\windows\system32\DBBK\CA648BD638245EB83F971FF71B031BEC
2012-04-04 17:29 . 2012-04-04 17:29 617472 ----a-w- c:\windows\system32\DBBK\E76F8807070ED04E7408A86D6D3A6137
2012-04-04 17:29 . 2012-04-04 17:29 1614848 ----a-w- c:\windows\system32\DBBK\9DD07AF82244867CA36681EA2D29CE79
2012-04-04 17:29 . 2012-04-04 17:29 588800 ----a-w- c:\windows\system32\DBBK\23043C91A0F9DFB4B9E9F87B680863B4
2012-04-04 17:29 . 2012-04-04 17:29 26368 ----a-w- c:\windows\system32\DBBK\A32426D9B14A089EAA1D922E0C5801A9
2012-04-04 17:29 . 2012-04-04 17:29 50688 ----a-w- c:\windows\system32\DBBK\5F816C1F539266D2D4C78694239DA0B5
2012-04-04 17:29 . 2012-04-04 17:29 44544 ----a-w- c:\windows\system32\DBBK\D45926117EB9FA946A6AF572FBE1CAA3
2012-04-04 17:29 . 2012-04-04 17:29 456320 ----a-w- c:\windows\system32\DBBK\7D304A5EB4344EBEEAB53A2FE3FFB9F0
2012-04-04 17:29 . 2012-04-04 17:29 175744 ----a-w- c:\windows\system32\DBBK\7AD224AD1A1437FE28D89CF22B17780A
2012-04-04 17:29 . 2012-04-04 17:29 34688 ----a-w- c:\windows\system32\DBBK\5D81CF9A2F1A3A756B66CF684911CDF0
2012-04-04 17:29 . 2012-04-04 17:29 138496 ----a-w- c:\windows\system32\DBBK\1E44BC1E83D8FD2305F8D452DB109CF9
2012-04-04 17:29 . 2012-04-04 17:29 12032 ----a-w- c:\windows\system32\DBBK\6ABE6E225ADB5A751622A9CC3BC19CE8
2012-04-04 17:29 . 2012-04-04 17:29 34560 ----a-w- c:\windows\system32\DBBK\E20B95BAEDB550F32DD489265C1DA1F6
2012-04-04 17:29 . 2012-04-04 17:29 152832 ----a-w- c:\windows\system32\DBBK\CC748EA12C6EFFDE940EE98098BF96BB
2012-04-04 17:29 . 2012-04-04 17:29 162816 ----a-w- c:\windows\system32\DBBK\74B2B2F5BEA5E9A3DC021D685551BD3D
2012-04-04 17:29 . 2012-04-04 17:29 361600 ----a-w- c:\windows\system32\DBBK\9AEFA14BD6B182D61E3119FA5F436D3D
2012-04-04 17:29 . 2012-04-04 17:29 39064 ----a-w- c:\windows\system32\DBBK\053DBCC1082FDF74AB145A71917A6556
2012-04-04 17:29 . 2012-04-04 17:29 41240 ----a-w- c:\windows\system32\DBBK\05D6B85ECC3204931923AB7940B9596E
2012-04-04 17:29 . 2012-04-04 17:29 75264 ----a-w- c:\windows\system32\DBBK\23C74D75E36E7158768DD63D92789A91
2012-04-04 17:29 . 2012-04-04 17:29 12160 ----a-w- c:\windows\system32\DBBK\B1C303E17FB9D46E87A98E4BA6769685
2012-04-04 17:29 . 2012-04-04 17:29 8832 ----a-w- c:\windows\system32\DBBK\FE0D99D6F31E4FAD8159F690D68DED9C
2012-04-04 17:29 . 2012-04-04 17:29 30848 ----a-w- c:\windows\system32\DBBK\3182D64AE053D6FB034F44B6DEF8034A
2012-04-04 17:29 . 2012-04-04 17:29 19072 ----a-w- c:\windows\system32\DBBK\C941EA2454BA8350021D774DAF0F1027
2012-04-04 17:29 . 2012-04-04 17:29 4224 ----a-w- c:\windows\system32\DBBK\4912D5B403614CE99C28420F75353332
2012-04-04 17:29 . 2012-04-04 17:29 4224 ----a-w- c:\windows\system32\DBBK\4AE068242760A1FB6E1A44BF4E16AFA6
2012-04-04 17:29 . 2012-04-04 17:29 32128 ----a-w- c:\windows\system32\DBBK\173F317CE0DB8E21322E71B7E60A27E8
2012-04-04 17:29 . 2012-04-04 17:29 20992 ----a-w- c:\windows\system32\DBBK\0D3A8FAFCEACD8B7625CD549757A7DF1
2012-04-04 17:29 . 2012-04-04 17:29 14592 ----a-w- c:\windows\system32\DBBK\9EF487A186DEA361AA06913A75B3FA99
2012-04-04 17:29 . 2012-04-04 17:29 36864 ----a-w- c:\windows\system32\DBBK\1AF592532532A402ED7C060F6954004F
2012-04-04 17:29 . 2012-04-04 17:29 24960 ----a-w- c:\windows\system32\DBBK\96ECCF28FDBF1B2CC12725818A63628D
2012-04-04 17:29 . 2012-04-04 17:29 10368 ----a-w- c:\windows\system32\DBBK\CCF82C5EC8A7326C3066DE870C06DAF1
2012-04-04 17:29 . 2012-04-04 17:29 2944 ----a-w- c:\windows\system32\DBBK\73C1E1F395918BC2C6DD67AF7591A3AD
2012-04-04 17:29 . 2012-04-04 17:29 4224 ----a-w- c:\windows\system32\DBBK\DA1F27D85E0D1525F6621372E7B685E9
2012-04-04 17:29 . 2012-04-04 17:29 444136 ----a-w- c:\windows\system32\DBBK\D918617B46457B9AC28027722E30F647
2012-04-04 17:29 . 2012-04-04 17:29 7936 ----a-w- c:\windows\system32\DBBK\3E1E2BD4F39B0E2B7DC4F4D2BCC2779A
2012-04-04 17:29 . 2012-04-04 17:29 37608 ----a-w- c:\windows\system32\DBBK\399C974DDA25FD3E59F22BAB787F662B
2012-04-04 17:29 . 2012-04-04 17:29 30360 ----a-w- c:\windows\system32\DBBK\95DAB70D56BBAC7DDB7E6D0017D71369
2012-04-04 17:29 . 2012-04-04 17:29 18688 ----a-w- c:\windows\system32\DBBK\C1B486A7658353D33A10CC15211A873B
2012-04-04 17:29 . 2012-04-04 17:29 165648 ----a-w- c:\windows\system32\DBBK\FEE0BADED54222E9F1DAE9541212AAB1
2012-04-04 17:29 . 2012-04-04 17:29 11392 ----a-w- c:\windows\system32\DBBK\8E6B8C671615D126FDC553D1E2DE5562
2012-04-04 17:29 . 2012-04-04 17:29 60160 ----a-w- c:\windows\system32\DBBK\6CB08593487F5701D2D2254E693EAFCE
2012-04-04 17:29 . 2012-04-04 17:29 146048 ----a-w- c:\windows\system32\DBBK\E82A496C3961EFC6828B508C310CE98F
2012-04-04 17:29 . 2012-04-04 17:29 1381632 ----a-w- c:\windows\system32\DBBK\3CF5FAF72B43BC9BC196A98946F53A0E
2012-04-04 17:29 . 2012-04-04 17:29 59520 ----a-w- c:\windows\system32\DBBK\1AB3CDDE553B6E064D2E754EFE20285C
2012-04-04 17:29 . 2012-04-04 17:29 4736 ----a-w- c:\windows\system32\DBBK\596EB39B50D6EBD9B734DC4AE0544693
2012-04-04 17:29 . 2012-04-04 17:29 54400 ----a-w- c:\windows\system32\DBBK\70217A23470F4BB4C8FB4ABE06813081
2012-04-04 17:29 . 2012-04-04 17:29 20480 ----a-w- c:\windows\system32\DBBK\9D27E7B80BFCDF1CDD9B555862D5E7F0
2012-04-04 17:29 . 2012-04-04 17:29 40960 ----a-w- c:\windows\system32\DBBK\9282BD12DFB069D3889EB3FCC1000A9B
2012-04-04 17:29 . 2012-04-04 17:29 384768 ----a-w- c:\windows\system32\DBBK\402DDC88356B1BAC0EE3DD1580C76A31
2012-04-04 17:29 . 2012-04-04 17:29 15488 ----a-w- c:\windows\system32\DBBK\AF5F4F3F14A8EA2C26DE30F7A1E17136
2012-04-04 17:29 . 2012-04-04 17:29 23040 ----a-w- c:\windows\system32\DBBK\35C9E97194C8CFB8430125F8DBC34D04
2012-04-04 17:29 . 2012-04-04 17:29 4352 ----a-w- c:\windows\system32\DBBK\3941D127AEF12E93ADDF6FE6EE027E0F
2012-04-04 17:29 . 2012-04-04 17:29 24576 ----a-w- c:\windows\system32\DBBK\463C1EC80CD17420A542B7F36A36F128
2012-04-04 17:29 . 2012-04-04 17:29 35072 ----a-w- c:\windows\system32\DBBK\0A02C63C8B144BD8C86B103DEE7C86A2
2012-04-04 17:29 . 2012-04-04 17:29 17792 ----a-w- c:\windows\system32\DBBK\80D317BD1C3DBC5D4FE7B1678C60CADD
2012-04-04 17:29 . 2012-04-04 17:29 40840 ----a-w- c:\windows\system32\DBBK\88155247177638048422893737429D9E
2012-04-04 17:29 . 2012-04-04 17:29 16512 ----a-w- c:\windows\system32\DBBK\FDBB1D60066FCFBB7452FD8F9829B242
2012-04-04 17:29 . 2012-04-04 17:29 69120 ----a-w- c:\windows\system32\DBBK\09298EC810B07E5D582CB3A3F9255424
2012-04-04 17:29 . 2012-04-04 17:29 41472 ----a-w- c:\windows\system32\DBBK\5BC962F2654137C9909C3D4603587DEE
2012-04-04 17:29 . 2012-04-04 17:29 48384 ----a-w- c:\windows\system32\DBBK\EFEEC01B1D3CF84F16DDD24D9D9D8F99
2012-04-04 17:29 . 2012-04-04 17:29 10496 ----a-w- c:\windows\system32\DBBK\0109C4F3850DFBAB279542515386AE22
2012-04-04 17:29 . 2012-04-04 17:29 91520 ----a-w- c:\windows\system32\DBBK\EDC1531A49C80614B2CFDA43CA8659AB
2012-04-04 17:29 . 2012-04-04 17:29 19072 ----a-w- c:\windows\system32\DBBK\0539D5E53587F82D1B4FD74C5BE205CF
2012-04-04 17:29 . 2012-04-04 17:29 51328 ----a-w- c:\windows\system32\DBBK\11B4A627BC9614B885C4969BFA5FF8A6
2012-04-04 17:29 . 2012-04-04 17:29 19584 ----a-w- c:\windows\system32\DBBK\0207D26DDF796A193CCD9F83047BB5FC
2012-04-04 17:29 . 2012-04-04 17:29 3072 ----a-w- c:\windows\system32\DBBK\D9F724AA26C010A217C97606B160ED68
2012-04-04 17:29 . 2012-04-04 17:29 81664 ----a-w- c:\windows\system32\DBBK\E28726B72C46821A28830E077D39A55B
2012-04-04 17:29 . 2012-04-04 17:29 9888672 ----a-w- c:\windows\system32\DBBK\18C9B152DA7BEA76B2F9E4B6412E0AAF
2012-04-04 17:29 . 2012-04-04 17:29 953088 ----a-w- c:\windows\system32\DBBK\64AE76D852626AA18F282AAF3C7C7CD0
2012-04-04 17:29 . 2012-04-04 17:29 22016 ----a-w- c:\windows\system32\DBBK\BE8513730653384939A4D2D977C81027
2012-04-04 17:29 . 2012-04-04 17:29 141056 ----a-w- c:\windows\system32\DBBK\0753515F78DF7F271A5E61C20BCD36A1
2012-04-04 17:29 . 2012-04-04 17:29 57600 ----a-w- c:\windows\system32\DBBK\F828DD7E1419B6653894A8F97A0094C5
2012-04-04 17:29 . 2012-04-04 17:29 42112 ----a-w- c:\windows\system32\DBBK\083A052659F5310DD8B6A6CB05EDCF8E
2012-04-04 17:29 . 2012-04-04 17:29 62976 ----a-w- c:\windows\system32\DBBK\1F4260CC5B42272D71F79E570A27A4FE
2012-04-04 17:29 . 2012-04-04 17:29 144384 ----a-w- c:\windows\system32\DBBK\573C7D0A32852B48F3058CFD8026F511
2012-04-04 17:29 . 2012-04-04 17:29 30208 ----a-w- c:\windows\system32\DBBK\65DCF09D0E37D4C6B11B5B0B76D470A7
2012-04-04 17:29 . 2012-04-04 17:29 143872 ----a-w- c:\windows\system32\DBBK\791912E524CC2CC6F50B5F2B52D1EB71
2012-04-04 17:29 . 2012-04-04 17:29 17152 ----a-w- c:\windows\system32\DBBK\0DAECCE65366EA32B162F85F07C6753B
2012-04-04 17:29 . 2012-04-04 17:29 80128 ----a-w- c:\windows\system32\DBBK\5575FAF8F97CE5E713D108C2A58D7C7C
2012-04-04 17:29 . 2012-04-04 17:29 18688 ----a-w- c:\windows\system32\DBBK\0501F0B9AB08425F8C0EACBDCC04AA32
2012-04-04 17:29 . 2012-04-04 17:29 11264 ----a-w- c:\windows\system32\DBBK\C93C9FF7B04D772627A3646D89F7BF89
2012-04-04 17:29 . 2012-04-04 17:29 15744 ----a-w- c:\windows\system32\DBBK\0F29512CCD6BEAD730039FB4BD2C85CE
2012-04-04 17:29 . 2012-04-04 17:29 64512 ----a-w- c:\windows\system32\DBBK\CCA207A8896D4C6A0C9CE29A4AE411A7
2012-04-04 17:29 . 2012-04-04 17:29 27392 ----a-w- c:\windows\system32\DBBK\92CDD60B6730B9F50F6A1A0C1F8CDC81
2012-04-04 17:29 . 2012-04-10 19:00 182656 ----a-w- c:\windows\system32\DBBK\1DF7F42665C94B825322FAE71721130D
2012-04-04 17:29 . 2012-04-10 19:00 59272 ----a-w- c:\windows\system32\DBBK\998242A4EDE6992396A90585CC121F2C
2012-04-04 17:29 . 2012-04-10 19:00 105472 ----a-w- c:\windows\system32\DBBK\DE6A75F5C270E756C5508D94B6CF68F5
2012-04-04 17:29 . 2012-04-10 19:00 36352 ----a-w- c:\windows\system32\DBBK\044452051F3E02E7963599FC8F4F3E25
2012-04-04 17:29 . 2012-04-10 19:00 52352 ----a-w- c:\windows\system32\DBBK\4C8FCB5CC53AAB716D810740FE59D025
2012-04-04 17:29 . 2012-04-10 19:00 125056 ----a-w- c:\windows\system32\DBBK\6AC26732762483366C3969C9E4D2259D
2012-04-04 17:29 . 2012-04-10 19:00 73472 ----a-w- c:\windows\system32\DBBK\76BB022C2FB6902FD5BDD4F78FC13A5D
2012-04-04 17:29 . 2012-04-10 19:00 574976 ----a-w- c:\windows\system32\DBBK\78A08DD6A8D65E697C18E1DB01C5CDCA
2012-04-04 17:29 . 2012-04-10 19:00 96512 ----a-w- c:\windows\system32\DBBK\9F3A2F5AA6875C72BF062C712CFA2674
2012-04-04 17:29 . 2012-04-10 19:00 42368 ----a-w- c:\windows\system32\DBBK\A80B9A0BAD1B73637DBCBBA7DF72D3FD
2012-04-04 17:29 . 2012-04-10 19:00 129792 ----a-w- c:\windows\system32\DBBK\B2CF4B0786F8212CB92ED2B50C6DB6B0
2012-04-04 17:29 . 2012-04-10 19:00 92928 ----a-w- c:\windows\system32\DBBK\B467646C54CC746128904E1654C750C1
2012-04-04 17:29 . 2012-04-10 19:00 19712 ----a-w- c:\windows\system32\DBBK\BEB3BA25197665D82EC7065B724171C6
2012-04-04 17:29 . 2012-04-10 19:00 45648 ----a-w- c:\windows\system32\DBBK\E42E3433DBB4CFFE8FDD91EAB29AEA8E
2012-04-04 17:29 . 2012-04-10 19:00 49536 ----a-w- c:\windows\system32\DBBK\FE47DD8FE6D7768FF94EBEC6C74B2719
2012-04-04 17:29 . 2012-04-10 19:00 37248 ----a-w- c:\windows\system32\DBBK\05A299EC56E52649B1CF2FC52D20F2D7
2012-04-04 17:29 . 2012-04-10 19:00 4352 ----a-w- c:\windows\system32\DBBK\2F31B7F954BED437F2C75026C65CAF7B
2012-04-04 17:29 . 2012-04-10 19:00 24960 ----a-w- c:\windows\system32\DBBK\52E60F29221D0D1AC16737E8DBF7C3E9
2012-04-04 17:29 . 2012-04-10 19:00 187776 ----a-w- c:\windows\system32\DBBK\8FD99680A539792A30E97944FDAECF17
2012-04-04 17:29 . 2012-04-10 19:00 68224 ----a-w- c:\windows\system32\DBBK\A219903CCF74233761D92BEF471A07B1
2012-04-04 17:29 . 2012-04-10 19:00 3328 ----a-w- c:\windows\system32\DBBK\CCF5F451BB1A5A2A522A76E670000FF0
2012-04-04 17:29 . 2012-04-10 19:00 27528 ----a-w- c:\windows\system32\DBBK\718FB269AF435683E8ADBD5D2B36CF1A
2012-04-04 17:29 . 2012-04-10 19:00 230792 ----a-w- c:\windows\system32\DBBK\74E4977F832D3AEE33AAA2647BFE81BB
2012-04-04 17:29 . 2012-04-10 19:00 9096 ----a-w- c:\windows\system32\DBBK\C91F0B434B6F95A7EEC71361D166DFBF
2012-04-04 17:29 . 2012-04-10 19:00 3072 ----a-w- c:\windows\system32\DBBK\12DCA4373B9B0B3CFE505B0025BEB952
2012-04-04 17:29 . 2012-04-10 19:00 7040 ----a-w- c:\windows\system32\DBBK\945FBB881AE927A44DFD96440F2F4F44
2012-04-04 17:29 . 2012-04-04 17:29 35840 ----a-w- c:\windows\system32\DBBK\A32BEBAF723557681BFC6BD93E98BD26
2012-04-04 17:29 . 2012-04-10 19:00 20744 ----a-w- c:\windows\system32\DBBK\B41CB3AA2E0AAE024B4FB316FE440BE4
2012-04-04 17:29 . 2012-04-10 19:00 12288 ----a-w- c:\windows\system32\DBBK\CC306BF581446D5E443EAE5B3BB900F0
2012-04-04 17:29 . 2012-04-04 17:29 718336 ----a-w- c:\windows\system32\DBBK\F8F0D25CA553E39DDE485D8FC7FCCE89
.
.
((((((((((((((((((((((((((((( SnapShot_2012-04-13_16.53.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-07 07:19 . 2007-11-07 07:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2007-11-07 06:19 . 2007-11-07 06:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
- 2008-07-29 11:07 . 2008-07-29 11:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
- 2008-07-29 11:07 . 2008-07-29 11:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2012-04-19 03:50 . 2012-04-19 03:50 16384 c:\windows\Temp\Perflib_Perfdata_1fc.dat
- 2012-01-25 19:15 . 2012-01-25 19:15 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2012-04-15 21:14 . 2012-04-15 21:14 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2012-01-25 19:15 . 2012-01-25 19:15 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2012-04-15 21:14 . 2012-04-15 21:14 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
- 2008-07-29 08:54 . 2008-07-29 08:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 07:54 . 2008-07-29 07:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
- 2012-01-25 19:15 . 2012-01-25 19:15 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2012-04-15 21:14 . 2012-04-15 21:14 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2012-01-25 19:15 . 2012-01-25 19:15 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2012-04-15 21:14 . 2012-04-15 21:14 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2012-01-25 19:15 . 2012-01-25 19:15 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2012-04-15 21:14 . 2012-04-15 21:14 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2012-01-25 19:15 . 2012-01-25 19:15 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2012-04-15 21:14 . 2012-04-15 21:14 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2012-04-15 21:14 . 2012-04-15 21:14 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2012-01-25 19:15 . 2012-01-25 19:15 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2012-01-25 19:15 . 2012-01-25 19:15 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-04-15 21:14 . 2012-04-15 21:14 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-04-15 21:14 . 2012-04-15 21:14 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-01-25 19:15 . 2012-01-25 19:15 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-01-25 19:15 . 2012-01-25 19:15 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-04-15 21:14 . 2012-04-15 21:14 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-04-15 21:14 . 2012-04-15 21:14 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-01-25 19:15 . 2012-01-25 19:15 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-01-25 19:15 . 2012-01-25 19:15 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-04-15 21:14 . 2012-04-15 21:14 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-04-15 21:14 . 2012-04-15 21:14 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-01-25 19:15 . 2012-01-25 19:15 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-01-25 19:15 . 2012-01-25 19:15 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-04-15 21:14 . 2012-04-15 21:14 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-01-25 19:15 . 2012-01-25 19:15 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-04-15 21:14 . 2012-04-15 21:14 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-01-25 19:15 . 2012-01-25 19:15 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2012-04-15 21:14 . 2012-04-15 21:14 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2012-04-15 18:27 . 2012-04-15 18:27 1065984 c:\windows\Installer\9d4ca0.msi
+ 2012-04-15 21:14 . 2012-04-15 21:14 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-01-25 19:15 . 2012-01-25 19:15 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-01-25 19:15 . 2012-01-25 19:15 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-04-15 21:14 . 2012-04-15 21:14 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2012-04-15 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-08-13 33656832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1386776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PGPtray.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PGPtray.exe.lnk
backup=c:\windows\pss\PGPtray.exe.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2011-01-05 17:11 4321112 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Riot Games\\League of Legends\\lol.launcher.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 3\\iw5sp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 3\\iw5mp.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58066:TCP"= 58066:TCP:Pando Media Booster
"58066:UDP"= 58066:UDP:Pando Media Booster
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"8382:TCP"= 8382:TCP:League of Legends Launcher
"8382:UDP"= 8382:UDP:League of Legends Launcher
"6976:TCP"= 6976:TCP:League of Legends Launcher
"6976:UDP"= 6976:UDP:League of Legends Launcher
"6901:TCP"= 6901:TCP:League of Legends Launcher
"6901:UDP"= 6901:UDP:League of Legends Launcher
"8383:TCP"= 8383:TCP:League of Legends Launcher
"8383:UDP"= 8383:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
"6906:TCP"= 6906:TCP:League of Legends Launcher
"6906:UDP"= 6906:UDP:League of Legends Launcher
.
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [1/20/2011 11:11 PM 12184]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [1/21/2011 10:34 AM 1381632]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/12/2012 10:21 PM 253600]
S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]
S3 hwmobile;Huawei CDMA Handset USB Modem and USB Serial;c:\windows\system32\drivers\hwusbser.sys [6/21/2011 12:28 AM 101376]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 02:21]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\documents and settings\h\Application Data\Mozilla\Firefox\Profiles\avwcgn1t.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-18 23:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(648)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2012-04-18 23:53:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-19 03:53
ComboFix2.txt 2012-04-13 16:55
ComboFix3.txt 2012-04-04 18:07
ComboFix4.txt 2012-04-03 14:49
ComboFix5.txt 2012-04-15 14:26
.
Pre-Run: 821,756,837,888 bytes free
Post-Run: 823,360,442,368 bytes free
.
- - End Of File - - B11633F5C11A2EB0E1B4B44E5B970969

Edited by frenchfry, 19 April 2012 - 03:04 AM.


#14 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:03:10 AM

Posted 21 April 2012 - 09:40 AM

Hello frenchfry,

I need you to run a CFScript:.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

ClearJavaCache::

Folder::
c:\windows\system32\DBBK


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

==============================================================================



In your next reply, please copy/paste the contents of the following:
  • C:\ComboFix.txt
How is your machine behaving now? Is ComboFix still giving you ZeroAccess warning?

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#15 frenchfry

frenchfry
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 22 April 2012 - 02:35 PM

It still detected the zeroaccess rootkit, saying the same thing as before. I don't understand what's getting detected, whether it's a remnant of the virus that could potentially cause some issues or just a false positive?

ComboFix 12-04-18.02 - h 04/22/2012 4:15.10.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1738 [GMT -4:00]
Running from: c:\documents and settings\h\Desktop\antiv\ComboFix.exe
Command switches used :: c:\documents and settings\h\Desktop\antiv\CFScript.txt
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\DBBK
c:\windows\system32\DBBK\00709952D444EAE14DBBD30D36FBAE0F
c:\windows\system32\DBBK\009758CC06B7F55B4A4D16A66E243C24
c:\windows\system32\DBBK\00AABF131B4823785818DB99A075A313
c:\windows\system32\DBBK\0102140028FAD045756796E1C685D695
c:\windows\system32\DBBK\010472D0AE758227C6F6E6933549C219
c:\windows\system32\DBBK\0109C4F3850DFBAB279542515386AE22
c:\windows\system32\DBBK\013C1148C1EC025596896E093F60F608
c:\windows\system32\DBBK\0207D26DDF796A193CCD9F83047BB5FC
c:\windows\system32\DBBK\02988B904C386B500CD08639C4C20EEA
c:\windows\system32\DBBK\037B1E7798960E0420003D05BB577EE6
c:\windows\system32\DBBK\03C640DA6C828D34CE4CFA67006096EF
c:\windows\system32\DBBK\044452051F3E02E7963599FC8F4F3E25
c:\windows\system32\DBBK\045DF7AE14CAAED71338916D6FB66812
c:\windows\system32\DBBK\0492CF5870F0E616B0C71695A433D162
c:\windows\system32\DBBK\04D898830DF96A17A20FD35D7590F87E
c:\windows\system32\DBBK\0501F0B9AB08425F8C0EACBDCC04AA32
c:\windows\system32\DBBK\0539D5E53587F82D1B4FD74C5BE205CF
c:\windows\system32\DBBK\053DBCC1082FDF74AB145A71917A6556
c:\windows\system32\DBBK\056B19651BD7B7CE5F89A3AC46DBDC08
c:\windows\system32\DBBK\05A299EC56E52649B1CF2FC52D20F2D7
c:\windows\system32\DBBK\05BE013E0A9E5BE60870E885CB703832
c:\windows\system32\DBBK\05D6B85ECC3204931923AB7940B9596E
c:\windows\system32\DBBK\062F837C1FBDB6A0A75F82EFC2EE8E74
c:\windows\system32\DBBK\071143F687B4F887E21461CA6CC7EB29
c:\windows\system32\DBBK\0753515F78DF7F271A5E61C20BCD36A1
c:\windows\system32\DBBK\083A052659F5310DD8B6A6CB05EDCF8E
c:\windows\system32\DBBK\085ED2E391A871C7BAE87E0228B546BA
c:\windows\system32\DBBK\09298EC810B07E5D582CB3A3F9255424
c:\windows\system32\DBBK\0A02C63C8B144BD8C86B103DEE7C86A2
c:\windows\system32\DBBK\0A5679B3714EDAB99E357057EE88FCA6
c:\windows\system32\DBBK\0A5709543986843D37A92290B7838340
c:\windows\system32\DBBK\0A9A7365A1CA4319AA7C1D6CD8E4EAFA
c:\windows\system32\DBBK\0AD792A78419867BF5D750853D80FA11
c:\windows\system32\DBBK\0B467F470CC9918FDCEEDCFD7DC4D697
c:\windows\system32\DBBK\0D3A8FAFCEACD8B7625CD549757A7DF1
c:\windows\system32\DBBK\0D84657DBF93DB98673DEFDF2B29E25A
c:\windows\system32\DBBK\0DA85218E92526972A821587E6A8BF8F
c:\windows\system32\DBBK\0DAECCE65366EA32B162F85F07C6753B
c:\windows\system32\DBBK\0E2735281FBB9A764D5584C2A5DCBA59
c:\windows\system32\DBBK\0E2752B270F5A68D459F7927A81B5AFA
c:\windows\system32\DBBK\0F0F6E687E5E15579EF4DA8DD6945814
c:\windows\system32\DBBK\0F29512CCD6BEAD730039FB4BD2C85CE
c:\windows\system32\DBBK\10F1BC2CA8162E1F743B0CEB420DBDF5
c:\windows\system32\DBBK\11B4A627BC9614B885C4969BFA5FF8A6
c:\windows\system32\DBBK\11D42BB6206F33FBB3BA0288D3EF81BD
c:\windows\system32\DBBK\1280A158C722FA95A80FB7AEBE78FA7D
c:\windows\system32\DBBK\12896823FB95BFB3DC9B46BCAEDC9923
c:\windows\system32\DBBK\12B9C4FA0D4735A1873FED4083B75748
c:\windows\system32\DBBK\12DCA4373B9B0B3CFE505B0025BEB952
c:\windows\system32\DBBK\13E67B55B3ABD7BF3FE7AAE5A0F9A9DE
c:\windows\system32\DBBK\156F64A3345BD23C600655FB4D10BC08
c:\windows\system32\DBBK\163DB46B803E4C83C444A026FF17D269
c:\windows\system32\DBBK\16403217AB6FC5C30C14C6B12098AD4B
c:\windows\system32\DBBK\169CAF7FF0E4C7AC58B3C2AFF9FE6F21
c:\windows\system32\DBBK\173F317CE0DB8E21322E71B7E60A27E8
c:\windows\system32\DBBK\17A1D675C12BBF80CAAC54A4855C41D0
c:\windows\system32\DBBK\18C9B152DA7BEA76B2F9E4B6412E0AAF
c:\windows\system32\DBBK\195140D82D94DF5FAD823EC118EE3F21
c:\windows\system32\DBBK\1AB3CDDE553B6E064D2E754EFE20285C
c:\windows\system32\DBBK\1AF592532532A402ED7C060F6954004F
c:\windows\system32\DBBK\1B2BE5777F69A71778F52FFEE1C798D6
c:\windows\system32\DBBK\1B7F071C51B77C272875C3A23E1E4550
c:\windows\system32\DBBK\1C9B06FF129DB305D8C70554F47C679B
c:\windows\system32\DBBK\1D326842006C4BE77ECD848CF89F01AB
c:\windows\system32\DBBK\1DF7F42665C94B825322FAE71721130D
c:\windows\system32\DBBK\1E44BC1E83D8FD2305F8D452DB109CF9
c:\windows\system32\DBBK\1E644E3533DCE2B580A663AE1ACBD539
c:\windows\system32\DBBK\1EBAFEB9A3FBDC41B8D9C7F0F687AD91
c:\windows\system32\DBBK\1F03103598BD817B1078DAB1326DDE11
c:\windows\system32\DBBK\1F4260CC5B42272D71F79E570A27A4FE
c:\windows\system32\DBBK\20200EE3CFE10E9F0C028D8653BE11C6
c:\windows\system32\DBBK\204C1704D4EB3F3C9443E74F044A6EDD
c:\windows\system32\DBBK\205ADD80FF8099B1A8101EB490B933D1
c:\windows\system32\DBBK\2081A5B5E4ABA206A0A8A1A97DF0FB23
c:\windows\system32\DBBK\2098AB52BD5316E59AA36F3437B13BE6
c:\windows\system32\DBBK\20FD44370267CCD0A64A1B31861C21D2
c:\windows\system32\DBBK\2187855A7703ADEF0CEF9EE4285182CC
c:\windows\system32\DBBK\21C69F683E4E7160AFDBA335751727EE
c:\windows\system32\DBBK\222DE7F5EDB9DDBE628384A1A8BE59CE
c:\windows\system32\DBBK\224FB925C641DA16CEB6D60F40CA4C75
c:\windows\system32\DBBK\229EF72A47F7EF9233F3A52FA519E01B
c:\windows\system32\DBBK\22D89D84E8E081CDA529DBF8C0255A38
c:\windows\system32\DBBK\22DD6D7D4BFE2B8CE705CC950C8AEA4C
c:\windows\system32\DBBK\23043C91A0F9DFB4B9E9F87B680863B4
c:\windows\system32\DBBK\231A0B0E3BA7ABFE469A8262FAA1FD71
c:\windows\system32\DBBK\235892E493845D64D890163CFEF90E97
c:\windows\system32\DBBK\23C74D75E36E7158768DD63D92789A91
c:\windows\system32\DBBK\24192246760E0E64435522E246B1D6C2
c:\windows\system32\DBBK\248712EA6BA17B9FF0C542A3828375DD
c:\windows\system32\DBBK\26D881D27CBE51D3614E68D7313EA026
c:\windows\system32\DBBK\276AA3B961C732D581E071D00C61B92A
c:\windows\system32\DBBK\27C6D03BCDB8CFEB96B716F3D8BE3E18
c:\windows\system32\DBBK\27D1B8167C7B542E66F8CDDB36BECE6E
c:\windows\system32\DBBK\295D21F14C335B53CB8154E5B1F892B9
c:\windows\system32\DBBK\2AEB1F8DCF9FA2E6FDDDDC3B68A6AFF5
c:\windows\system32\DBBK\2CC34E8BB667EEF78899546E12649196
c:\windows\system32\DBBK\2CCC474EB85CEAA3E1FA1726580A3E5A
c:\windows\system32\DBBK\2CD77B980B2CC3D655589A2E315AAB57
c:\windows\system32\DBBK\2CDAE321B8E878A278BA2D2FA013060B
c:\windows\system32\DBBK\2D0E4ED081963804CCC196A0929275B5
c:\windows\system32\DBBK\2D65D56C2F8B6CC5EBFF8E7200C30304
c:\windows\system32\DBBK\2DC5A8019E2387987905F77C664E4BE2
c:\windows\system32\DBBK\2DE1190196EE9555DB548A57622022EB
c:\windows\system32\DBBK\2EDFC2A8893435723AD80481803C6D5C
c:\windows\system32\DBBK\2F31B7F954BED437F2C75026C65CAF7B
c:\windows\system32\DBBK\30DEAF54A9755BB8546168CFE8A6B5E1
c:\windows\system32\DBBK\310C15FD8358B2C4CD7A5B98A112883F
c:\windows\system32\DBBK\318230E845919255EF3C5D5E1E863631
c:\windows\system32\DBBK\3182D64AE053D6FB034F44B6DEF8034A
c:\windows\system32\DBBK\3273D1565BF30225C115B480A3BB2C9D
c:\windows\system32\DBBK\332760FBA1655FCFD35BD6F4FD871300
c:\windows\system32\DBBK\33D9B7BB7BA323BAFE489DF033DAC824
c:\windows\system32\DBBK\35321FB577CDC98CE3EB3A3EB9E4610A
c:\windows\system32\DBBK\355EDBB4D412B01F1740C17E3F50FA00
c:\windows\system32\DBBK\35C16BEBD1EB95C655D7CEC0476D1028
c:\windows\system32\DBBK\35C9E97194C8CFB8430125F8DBC34D04
c:\windows\system32\DBBK\36468087E22C57A83DF758B3F90DF73F
c:\windows\system32\DBBK\36795A645EAA47FE31D2A8F136A2C69B
c:\windows\system32\DBBK\369F7B1A4F358B976176556A1A331F36
c:\windows\system32\DBBK\36C232F708498895585BC8C71BBC7440
c:\windows\system32\DBBK\378A0AEFB11D8B0DC8C27B9F7604B88D
c:\windows\system32\DBBK\37A62C6092AADD2EFDE0468DD8818E99
c:\windows\system32\DBBK\3805DF0AC4296A34BA4BF93B346CC378
c:\windows\system32\DBBK\389496118B3B03C2328024AF320132AC
c:\windows\system32\DBBK\3941D127AEF12E93ADDF6FE6EE027E0F
c:\windows\system32\DBBK\3959A4C6DD8FF8B50602C482A22DBD5A
c:\windows\system32\DBBK\399C974DDA25FD3E59F22BAB787F662B
c:\windows\system32\DBBK\39FDB5D60A48B581C6C6068525202924
c:\windows\system32\DBBK\3A3F869C699417FDF272F5206F8244A9
c:\windows\system32\DBBK\3A7C3CBE5D96B8AE96CE81F0B22FB527
c:\windows\system32\DBBK\3AAF9B35939FF9E58CCD18D41655C2FC
c:\windows\system32\DBBK\3CB32D3B8CBE79899D63280BB7A83CD9
c:\windows\system32\DBBK\3CB78C17BB664637787C9A1C98F79C38
c:\windows\system32\DBBK\3CBA2210FA39C6ED7895634842E930DD
c:\windows\system32\DBBK\3CF5FAF72B43BC9BC196A98946F53A0E
c:\windows\system32\DBBK\3D075865DCC26931972F6476AD0497BE
c:\windows\system32\DBBK\3D41A9326F0376FC73AF961DD23B1FB1
c:\windows\system32\DBBK\3D4E199942E29207970E04315D02AD3B
c:\windows\system32\DBBK\3D76DD0CBC536E0F8C45D23ED230BEB2
c:\windows\system32\DBBK\3DA3F03E76A6D9630C148EFE0FC74230
c:\windows\system32\DBBK\3E1E2BD4F39B0E2B7DC4F4D2BCC2779A
c:\windows\system32\DBBK\3E2F3E2F4A82B7FAE23BAB864FB0F837
c:\windows\system32\DBBK\3F4F5760B2B6ED32348C9C84B4F6E4B7
c:\windows\system32\DBBK\401A8C0BE0BAA7D7A470F0942244152D
c:\windows\system32\DBBK\402DDC88356B1BAC0EE3DD1580C76A31
c:\windows\system32\DBBK\40B0F98BAD16AD5DEF894E88C3EF8014
c:\windows\system32\DBBK\42F1F4C0AFB08410E5F02D4B13EBB623
c:\windows\system32\DBBK\4306FA2F1099D7C606139255FDB62B19
c:\windows\system32\DBBK\430CEB794F6E6EF8AC86958C242366D6
c:\windows\system32\DBBK\43D13C80EBEC0135A3611E0F616F179B
c:\windows\system32\DBBK\44F275C64738EA2056E3D9580C23B60F
c:\windows\system32\DBBK\459A04CCA068CAB8799C2F84068C222D
c:\windows\system32\DBBK\461DD68F3593CC0F58DE00FA699E31BD
c:\windows\system32\DBBK\463C1EC80CD17420A542B7F36A36F128
c:\windows\system32\DBBK\47DDFC2F003F7F9F0592C6874962A2E7
c:\windows\system32\DBBK\48A53D8257EE18C06D4503F3D752439F
c:\windows\system32\DBBK\4912D5B403614CE99C28420F75353332
c:\windows\system32\DBBK\49879EB299644E4EDB4F50119E56B22B
c:\windows\system32\DBBK\49CC4533CE897CB2E93C1E84A818FDE5
c:\windows\system32\DBBK\49FAD5322456CCCDEB09F63A83EC9AA1
c:\windows\system32\DBBK\4A4ED4960F264036DF15E6618D9E2080
c:\windows\system32\DBBK\4A953F13942867BA8FB41F141EC1B80C
c:\windows\system32\DBBK\4AC2FA4A6F0DF2511BAC13393C06EFF1
c:\windows\system32\DBBK\4AE068242760A1FB6E1A44BF4E16AFA6
c:\windows\system32\DBBK\4C1CA2B98543ADF66C032E301F936D54
c:\windows\system32\DBBK\4C39358EBDD2FFCD9132A30E1EC31E16
c:\windows\system32\DBBK\4C8FCB5CC53AAB716D810740FE59D025
c:\windows\system32\DBBK\4D83ED8BDDEC431FC8AD907B47CFB6E3
c:\windows\system32\DBBK\4DEF926F6A0545AE486A03C84F2EE482
c:\windows\system32\DBBK\4E3D06D6E68EEDB52565080F55B460D3
c:\windows\system32\DBBK\4E8F3230BAC8C1CAADF01A8C728E1C5C
c:\windows\system32\DBBK\4FCCA060DFE0C51A09DD5C3843888BCD
c:\windows\system32\DBBK\50512FC9B7878E3C2C147BC17326A7DB
c:\windows\system32\DBBK\50A166237A0FA771261275A405646CC0
c:\windows\system32\DBBK\515A7FAE2070C2B0242B2353443E2F11
c:\windows\system32\DBBK\517561A1113B04E51D936CD018DE1C1F
c:\windows\system32\DBBK\52778FCE46E510B60F513B8882A65CD6
c:\windows\system32\DBBK\529584EC24AB8643D97E43EB2C0BFA6F
c:\windows\system32\DBBK\52991F4748C6FDAA4BFCB83BBB1C250A
c:\windows\system32\DBBK\52E60F29221D0D1AC16737E8DBF7C3E9
c:\windows\system32\DBBK\5357826C8A8DD6A07F17C48BB45BE46E
c:\windows\system32\DBBK\54405A2FAC6A9A494C055F92EA3D72FF
c:\windows\system32\DBBK\549290DBC280C887681D7652978DBBE0
c:\windows\system32\DBBK\54AF4B1D5459500EF0937F6D33B1914F
c:\windows\system32\DBBK\54DAE3EA34802B4ED9AE1C6B1209FA56
c:\windows\system32\DBBK\554E6CE596BBA78D581560A4F00B8333
c:\windows\system32\DBBK\5575FAF8F97CE5E713D108C2A58D7C7C
c:\windows\system32\DBBK\55BCA12F7F523D35CA3CB833C725F54E
c:\windows\system32\DBBK\5644ACFA1B281CE2212353552147D1A0
c:\windows\system32\DBBK\5652F6CE1D9E9D8068B9D29BC21B5409
c:\windows\system32\DBBK\56C5B179FE3308B655EB6208C3256FEC
c:\windows\system32\DBBK\56CE97FF94B7662A300D359CD6F4D601
c:\windows\system32\DBBK\572334E13E0D4C8A2986CCA2A736DCE5
c:\windows\system32\DBBK\573C7D0A32852B48F3058CFD8026F511
c:\windows\system32\DBBK\574738F61FCA2935F5265DC4E5691314
c:\windows\system32\DBBK\574C4419F1634E0DBA09FA920AB837FF
c:\windows\system32\DBBK\57EDEC2E5F59F0335E92F35184BC8631
c:\windows\system32\DBBK\58A14C45A5CD2528F10A889E7B0C3FC2
c:\windows\system32\DBBK\596EB39B50D6EBD9B734DC4AE0544693
c:\windows\system32\DBBK\59B5902DE78621E7ED90C89579024974
c:\windows\system32\DBBK\5A5CFF37F1BD0F86B9BDAAD7A9445882
c:\windows\system32\DBBK\5BC962F2654137C9909C3D4603587DEE
c:\windows\system32\DBBK\5BD1234E11B39C63BBA87022AF6D43C2
c:\windows\system32\DBBK\5C12660A97822F6E61576943B49AAAD6
c:\windows\system32\DBBK\5D3D1AB0EF4EA55B731863050482C111
c:\windows\system32\DBBK\5D43C9A33F18C707BA169AFDA88BDF30
c:\windows\system32\DBBK\5D76C3FB736514E1D7C88791E7322784
c:\windows\system32\DBBK\5D81CF9A2F1A3A756B66CF684911CDF0
c:\windows\system32\DBBK\5DB625E7D095604010CF84DE2D8ACFA6
c:\windows\system32\DBBK\5E38D7684A49CACFB752B046357E0589
c:\windows\system32\DBBK\5EF12E329823947A06F1B06AA0196F83
c:\windows\system32\DBBK\5F0CE62E0831CF972EC6949FD3E37DA7
c:\windows\system32\DBBK\5F7E24FA9EAB896051FFB87F840730D2
c:\windows\system32\DBBK\5F816C1F539266D2D4C78694239DA0B5
c:\windows\system32\DBBK\5F93C59E5C774C7D3EB27B19D7CC85F7
c:\windows\system32\DBBK\60784F891563FB1B767F70117FC2428F
c:\windows\system32\DBBK\60B8EA7642CEFDBFB85CFAFBAE4BE816
c:\windows\system32\DBBK\60D0647A2DC2D397B84D0AFB0808F85D
c:\windows\system32\DBBK\6100A808600F44D999CEBDEF8841C7A3
c:\windows\system32\DBBK\6298277B73C77FA99106B271A7525163
c:\windows\system32\DBBK\62BB79160F86CD962F312C68C6239BFD
c:\windows\system32\DBBK\62CF83A6989312A0DD39BBFFB3D1C166
c:\windows\system32\DBBK\6404807ABC7AF52FA3792697AE638B50
c:\windows\system32\DBBK\64AE76D852626AA18F282AAF3C7C7CD0
c:\windows\system32\DBBK\65DCF09D0E37D4C6B11B5B0B76D470A7
c:\windows\system32\DBBK\65DF52F5B8B6E9BBD183505225C37315
c:\windows\system32\DBBK\65FC72B885B67AC91B1D32D4D39ABD51
c:\windows\system32\DBBK\6625E790B65A73A60E8FD60028AC785E
c:\windows\system32\DBBK\66532206BA19246F79A703678CF0479F
c:\windows\system32\DBBK\67156D5A9AC356DC99D7BCCB388E3316
c:\windows\system32\DBBK\6768ACF64B18196494413695F0C3A00F
c:\windows\system32\DBBK\680B56A8B62D1BCF4A0B2AAAD03D88E4
c:\windows\system32\DBBK\681B807E53BDADA337735C28C0E48A1B
c:\windows\system32\DBBK\684559A03CBC1D05BA120A18B0D8BA5D
c:\windows\system32\DBBK\6895427873D6C37A6D6DA7C3DB37DA14
c:\windows\system32\DBBK\690D97864735E8ECD87F55777E266690
c:\windows\system32\DBBK\692BCF44383D056AED41B045A323D378
c:\windows\system32\DBBK\694503348B586E99D56C0E30AB5B3EF8
c:\windows\system32\DBBK\6ABE6E225ADB5A751622A9CC3BC19CE8
c:\windows\system32\DBBK\6AC26732762483366C3969C9E4D2259D
c:\windows\system32\DBBK\6B27A5C03DFB94B4245739065431322C
c:\windows\system32\DBBK\6B5DB6789177A4FD0DEBC248041D0739
c:\windows\system32\DBBK\6B7C6B32F8E84D56C6260D684019FEA2
c:\windows\system32\DBBK\6BAD1BED9872E62049E487FB91AE2F3A
c:\windows\system32\DBBK\6CB08593487F5701D2D2254E693EAFCE
c:\windows\system32\DBBK\6D4FEB43EE538FC5428CC7F0565AA656
c:\windows\system32\DBBK\6D778E0F95447E6546553EEEA709D03C
c:\windows\system32\DBBK\6E4BE11D50F8A8DE2BAD644C9C9DE8D3
c:\windows\system32\DBBK\6F9BEF24C578D5D6740E080BEDD6A448
c:\windows\system32\DBBK\70217A23470F4BB4C8FB4ABE06813081
c:\windows\system32\DBBK\7051068AB8839B3485F462B4975B2806
c:\windows\system32\DBBK\70E98B3FD8E963A6A46A2E6247E0BEA1
c:\windows\system32\DBBK\70F184FAAC13D523BEB4B78734A7A530
c:\windows\system32\DBBK\714705F29A917993536A6AB2DEDB0B7F
c:\windows\system32\DBBK\718FB269AF435683E8ADBD5D2B36CF1A
c:\windows\system32\DBBK\72F8A43932061A68F57E8B13E49F5C55
c:\windows\system32\DBBK\731F22BA402EE4B62748ADAF6363C182
c:\windows\system32\DBBK\736B12B725AEB2B07F0241A9F680CB10
c:\windows\system32\DBBK\73C1E1F395918BC2C6DD67AF7591A3AD
c:\windows\system32\DBBK\747264F6348E2A649E3327FB95CD06B0
c:\windows\system32\DBBK\74B2B2F5BEA5E9A3DC021D685551BD3D
c:\windows\system32\DBBK\74E4977F832D3AEE33AAA2647BFE81BB
c:\windows\system32\DBBK\767FF54A552732CE772C2302025FA82F
c:\windows\system32\DBBK\76A9A3CBEADD68CC57CDA5E1D7448235
c:\windows\system32\DBBK\76BB022C2FB6902FD5BDD4F78FC13A5D
c:\windows\system32\DBBK\774348DE1DEA6262E06BFE1906D13D4D
c:\windows\system32\DBBK\77A354E28153AD2D5E120A5A8687BC06
c:\windows\system32\DBBK\78A08DD6A8D65E697C18E1DB01C5CDCA
c:\windows\system32\DBBK\78E824973A67192DD52A720083B0318D
c:\windows\system32\DBBK\791912E524CC2CC6F50B5F2B52D1EB71
c:\windows\system32\DBBK\797F458071A9C679D13B6A9257AC32DC
c:\windows\system32\DBBK\798A9E6828997EEF4517ADA8A2259831
c:\windows\system32\DBBK\79E3A8C328E7E569C32B0998377D9742
c:\windows\system32\DBBK\79F2353815EC514DC62B20B91F084344
c:\windows\system32\DBBK\7A2CC3719B255E6B5D74396183B7715B
c:\windows\system32\DBBK\7A63B08C8E9F3A057A81E3B29D29C407
c:\windows\system32\DBBK\7A660EDC0757849DF5F8706FB6E9F740
c:\windows\system32\DBBK\7AD224AD1A1437FE28D89CF22B17780A
c:\windows\system32\DBBK\7B0770526801F05D58C51A3DFB87B4BD
c:\windows\system32\DBBK\7BECD62D950174417987353869FFD1F8
c:\windows\system32\DBBK\7C278E6408D1DCE642230C0585A854D5
c:\windows\system32\DBBK\7D304A5EB4344EBEEAB53A2FE3FFB9F0
c:\windows\system32\DBBK\7E699FF5F59B5D9DE5390E3C34C67CF5
c:\windows\system32\DBBK\7FDD5D0684ECA8C1F68B4D99D124DCD0
c:\windows\system32\DBBK\80D317BD1C3DBC5D4FE7B1678C60CADD
c:\windows\system32\DBBK\81CB679DFBD8AA582A2E5B647D25185A
c:\windows\system32\DBBK\81DC3F549F44B1C1FFF022DEC9ECF30B
c:\windows\system32\DBBK\82173D3AAAB2AE8A9BE61B45173E1659
c:\windows\system32\DBBK\82F9764EBE2EF590CD2B3BEB234E5671
c:\windows\system32\DBBK\8329A39D5A402A75A74301D6A62ECDA1
c:\windows\system32\DBBK\83F41D0D89645D7235C051AB1D9523AC
c:\windows\system32\DBBK\853B04D34363ED260D0F89A09DB9B323
c:\windows\system32\DBBK\853D0D0C6F02D7BFDF1CF99DD7553732
c:\windows\system32\DBBK\855F6333E3A4DFC6F3C8B0520C261FCD
c:\windows\system32\DBBK\86440EDFF27095E03741AEDC5752AA51
c:\windows\system32\DBBK\86987A5000DFA3EBE2275C0456BCF2FE
c:\windows\system32\DBBK\86F1895AE8C5E8B17D99ECE768A70732
c:\windows\system32\DBBK\876CCF164E08D6B903CD14398E056DD2
c:\windows\system32\DBBK\880578256313BF32B676FBBD3EDC0E46
c:\windows\system32\DBBK\880F7ED2DF24DB14AF96C6D797958796
c:\windows\system32\DBBK\88155247177638048422893737429D9E
c:\windows\system32\DBBK\8878BD685E490239777BFE51320B88E9
c:\windows\system32\DBBK\8973122796E3B5D6B5900FC186E55FEA
c:\windows\system32\DBBK\8A208DFCF89792A484E76C40E5F50B45
c:\windows\system32\DBBK\8AE93AACC648921BAACB8602991AC4B3
c:\windows\system32\DBBK\8B1F3320AEBB536E021A5014409862DE
c:\windows\system32\DBBK\8B83F3ED0F1688B4958F77CD6D2BF290
c:\windows\system32\DBBK\8BAD69CBAC032D4BBACFCE0306174C30
c:\windows\system32\DBBK\8BCA18AAB6B2F56D8B44127FEA3B5A3D
c:\windows\system32\DBBK\8BCD11D38FCE43A519246A91CC40DE6A
c:\windows\system32\DBBK\8BED39E3C35D6A489438B8141717A557
c:\windows\system32\DBBK\8C515081584A38AA007909CD02020B3D
c:\windows\system32\DBBK\8C7DCA4B158BF16894120786A7A5F366
c:\windows\system32\DBBK\8CE882BCC6CF8A62F2B2323D95CB3D01
c:\windows\system32\DBBK\8D58C34EA1304DAB6D8B16925265B5AA
c:\windows\system32\DBBK\8E2CC37BA87D8F681066E0E9C8A19F73
c:\windows\system32\DBBK\8E356DA331BA56B7EB1FF16B66D8F50D
c:\windows\system32\DBBK\8E6B8C671615D126FDC553D1E2DE5562
c:\windows\system32\DBBK\8EC78028DA1AA8432EC50953A36182C6
c:\windows\system32\DBBK\8F5FCFF8E8848AFAC920905FBD9D33C8
c:\windows\system32\DBBK\8FD99680A539792A30E97944FDAECF17
c:\windows\system32\DBBK\912B67BB8249925A5C972FC5839EAE09
c:\windows\system32\DBBK\91790D6749EBED90E2C40479C0A91879
c:\windows\system32\DBBK\9208DEBD98447FDBF23D35E93B5EED0C
c:\windows\system32\DBBK\9282BD12DFB069D3889EB3FCC1000A9B
c:\windows\system32\DBBK\92C4F48B62B0B876194584C3FF09CCB6
c:\windows\system32\DBBK\92CDD60B6730B9F50F6A1A0C1F8CDC81
c:\windows\system32\DBBK\93AFB83FBC1F9443CAC722FCA63D73BF
c:\windows\system32\DBBK\93C088C2AEB2F23E720BDA7E32BD5117
c:\windows\system32\DBBK\942A17D2901A31EA68627CBFFCD268CC
c:\windows\system32\DBBK\943337D786A56729263071623BBB9DE5
c:\windows\system32\DBBK\94545E8136FE024D84F3C33B4E07D210
c:\windows\system32\DBBK\945FBB881AE927A44DFD96440F2F4F44
c:\windows\system32\DBBK\95DAB70D56BBAC7DDB7E6D0017D71369
c:\windows\system32\DBBK\96E1C926F22EE1BFBAE82901A35F6BF3
c:\windows\system32\DBBK\96E6931ECC73B103B1A00A84416DADA9
c:\windows\system32\DBBK\96ECCF28FDBF1B2CC12725818A63628D
c:\windows\system32\DBBK\9789E95E1D88EEB4B922BF3EA7779C28
c:\windows\system32\DBBK\986B1FF5814366D71E0AC5755C88F2D3
c:\windows\system32\DBBK\98A078F838A70F84E1BD490D7C7675F4
c:\windows\system32\DBBK\998242A4EDE6992396A90585CC121F2C
c:\windows\system32\DBBK\99A4C177D9942B536C0F15448A14BB93
c:\windows\system32\DBBK\99BC0B50F511924348BE19C7C7313BBF
c:\windows\system32\DBBK\9A10AACBFDC4922715375FB4065EC930
c:\windows\system32\DBBK\9A3BD5F55AADFF859539142F6328A66E
c:\windows\system32\DBBK\9AEFA14BD6B182D61E3119FA5F436D3D
c:\windows\system32\DBBK\9B9F1C38D559047B8AC0DBA2D5FEBDE9
c:\windows\system32\DBBK\9CFCB3CA3D83B4EAA133F0644A2C6F31
c:\windows\system32\DBBK\9D27E7B80BFCDF1CDD9B555862D5E7F0
c:\windows\system32\DBBK\9DD07AF82244867CA36681EA2D29CE79
c:\windows\system32\DBBK\9EF487A186DEA361AA06913A75B3FA99
c:\windows\system32\DBBK\9F3A2F5AA6875C72BF062C712CFA2674
c:\windows\system32\DBBK\A06CE3399D16DB864F55FAEB1F1927A9
c:\windows\system32\DBBK\A219903CCF74233761D92BEF471A07B1
c:\windows\system32\DBBK\A26E0A6A7EBB45815A3583E170C27031
c:\windows\system32\DBBK\A2C2EC01306A666C4372BB7A06659B5D
c:\windows\system32\DBBK\A314EEA2A503A8E04085201E436384A5
c:\windows\system32\DBBK\A32426D9B14A089EAA1D922E0C5801A9
c:\windows\system32\DBBK\A32BEBAF723557681BFC6BD93E98BD26
c:\windows\system32\DBBK\A39BE37C9237DB5F1990D61B268EA555
c:\windows\system32\DBBK\A4388DF80E52695AE92EE5F3F61F1619
c:\windows\system32\DBBK\A525C96C51D55111FDF3BEA9FFFFC7AE
c:\windows\system32\DBBK\A645A78FCDABAD67067324D7E6CD9F79
c:\windows\system32\DBBK\A693A49A67673F2C8D76797EA9A628D0
c:\windows\system32\DBBK\A70A2D85AD143D6BB823C246CEB699A5
c:\windows\system32\DBBK\A73F5D6705B1D820C19B18782E176EFD
c:\windows\system32\DBBK\A776C2E4BE88E7F52299310C1490C5CA
c:\windows\system32\DBBK\A7DB739AE99A796D91580147E919CC59
c:\windows\system32\DBBK\A7E06854EA2A20AEE8EC32BD8C754298
c:\windows\system32\DBBK\A80B9A0BAD1B73637DBCBBA7DF72D3FD
c:\windows\system32\DBBK\A86BB5E61BF3E39B62AB4C7E7085A084
c:\windows\system32\DBBK\A8888A5327621856C0CEC4E385F69309
c:\windows\system32\DBBK\A8C1E6FF53FB0628A302843EA5FA5AB6
c:\windows\system32\DBBK\A90E118F12D355F9946DFB30A8F94609
c:\windows\system32\DBBK\A93AEE1928A9D7CE3E16D24EC7380F89
c:\windows\system32\DBBK\A9A3DAA780CA6C9671A19D52456705B4
c:\windows\system32\DBBK\AA897735D5AB916297A6823A9B2D61B1
c:\windows\system32\DBBK\AB8B92451ECB048A4D1DE7C3FFCB4A9F
c:\windows\system32\DBBK\ABC4206543450C0666D152F4B65833B8
c:\windows\system32\DBBK\ABFB673B24A9B3287761D497529FB5B9
c:\windows\system32\DBBK\AC5DF42FE314C1446B1DAD237BFCFFE0
c:\windows\system32\DBBK\AC7280566A7BB85CB3291F04DDC1198E
c:\windows\system32\DBBK\ACA5E7B54409F9CB5EED97ED0C81120E
c:\windows\system32\DBBK\ACACB8B14E66109B8ACD6644B5574B9A
c:\windows\system32\DBBK\ACDAFCD14EC0ECE89198503746A5C147
c:\windows\system32\DBBK\AD188BE7BDF94E8DF4CA0A55C00A5073
c:\windows\system32\DBBK\AE0382AD9C73D343D85E1A50C80B7C20
c:\windows\system32\DBBK\AE25E436747E699AD17629C3EA00D5A5
c:\windows\system32\DBBK\AE9543F20FCC1E7BCAA13051CC076147
c:\windows\system32\DBBK\AEADC4FE32D6D60F36D9B9ACE5C642A2
c:\windows\system32\DBBK\AF07DC9B7CC455629E732340C7B15F3A
c:\windows\system32\DBBK\AF11C591F2F4AFF4A6CF699D376F618B
c:\windows\system32\DBBK\AF5F4F3F14A8EA2C26DE30F7A1E17136
c:\windows\system32\DBBK\AFFC87E2501FCE8F09D4C10BA6421CCF
c:\windows\system32\DBBK\B1C303E17FB9D46E87A98E4BA6769685
c:\windows\system32\DBBK\B24A42A413E694AD73FDFB7FBD492C31
c:\windows\system32\DBBK\B26B135FF1B9F60C9388B4A7D16F600B
c:\windows\system32\DBBK\B2CF4B0786F8212CB92ED2B50C6DB6B0
c:\windows\system32\DBBK\B2EE0675149E0902EEC7D998981EF6D9
c:\windows\system32\DBBK\B3C157A66ECDBCD3570E2DA139225589
c:\windows\system32\DBBK\B41CB3AA2E0AAE024B4FB316FE440BE4
c:\windows\system32\DBBK\B41D53899E37CC43DA85DA19998BEE81
c:\windows\system32\DBBK\B467646C54CC746128904E1654C750C1
c:\windows\system32\DBBK\B48CE3137255E871E6134730E41A3CF7
c:\windows\system32\DBBK\B4ED498E3BFEE64E952BC44FC6057DB8
c:\windows\system32\DBBK\B5127318571A8AA8F66D1AED66E8FC1B
c:\windows\system32\DBBK\B63B4053B8F025D290326A49784F0BA9
c:\windows\system32\DBBK\B701B7DF6B9B243B155523B5F868A90A
c:\windows\system32\DBBK\B7CA8CC3F978201856B6AB82F40953C3
c:\windows\system32\DBBK\B85E95679B5ADC12311BCD3F5385D623
c:\windows\system32\DBBK\B921FB870C9AC0D509B2CCABBBBE95F3
c:\windows\system32\DBBK\BC93B4A066477954555966D77FEC9ECB
c:\windows\system32\DBBK\BD31DC6DBE9333C4FBD4BDF0899F2160
c:\windows\system32\DBBK\BD3C0ABD9EE3562A49F458D9FB491C6D
c:\windows\system32\DBBK\BD83ABA61E8ACCC8D9FFB869F29418CE
c:\windows\system32\DBBK\BE06457208DC0661819EAF30E2A1CA25
c:\windows\system32\DBBK\BE8513730653384939A4D2D977C81027
c:\windows\system32\DBBK\BEB3BA25197665D82EC7065B724171C6
c:\windows\system32\DBBK\BF2466B3E18E970D8A976FB95FC1CA85
c:\windows\system32\DBBK\C14350FC0D47D806699C4F907FC6785B
c:\windows\system32\DBBK\C1B486A7658353D33A10CC15211A873B
c:\windows\system32\DBBK\C1FAEA15E41F62D7BFA7FBC395C24BA6
c:\windows\system32\DBBK\C3200506FB212A0F4FB736A80E646C40
c:\windows\system32\DBBK\C354183F2F9187513718E3505BD32727
c:\windows\system32\DBBK\C423D80FF32F94D5C4546003E6FBEDBB
c:\windows\system32\DBBK\C42C71D8376DE670A5054F47F9150653
c:\windows\system32\DBBK\C448A248B743F5FB935C787A5D97268B
c:\windows\system32\DBBK\C5FF8682EADA5B3B27A865F1C3EF9270
c:\windows\system32\DBBK\C634AFCB0EA281F43DC007BFD8999418
c:\windows\system32\DBBK\C6BB1D1500DB4A0E224CB65E6C7E8A80
c:\windows\system32\DBBK\C730F70351D950DDA7388C9A9763CF54
c:\windows\system32\DBBK\C7CE131408739B0B3A318BE2D0032719
c:\windows\system32\DBBK\C7E39EA41233E9F5B86C8DA3A9F1E4A8
c:\windows\system32\DBBK\C885B02847F5D2FD45A24E219ED93B32
c:\windows\system32\DBBK\C91F0B434B6F95A7EEC71361D166DFBF
c:\windows\system32\DBBK\C93C9FF7B04D772627A3646D89F7BF89
c:\windows\system32\DBBK\C941EA2454BA8350021D774DAF0F1027
c:\windows\system32\DBBK\CA04959077AFE36369D37B3504740C87
c:\windows\system32\DBBK\CA648BD638245EB83F971FF71B031BEC
c:\windows\system32\DBBK\CA6ADE4F7761BB15B3325356DC3B82BB
c:\windows\system32\DBBK\CBE612E2BB6A10E3563336191EDA1250
c:\windows\system32\DBBK\CC306BF581446D5E443EAE5B3BB900F0
c:\windows\system32\DBBK\CC748EA12C6EFFDE940EE98098BF96BB
c:\windows\system32\DBBK\CCA207A8896D4C6A0C9CE29A4AE411A7
c:\windows\system32\DBBK\CCF5F451BB1A5A2A522A76E670000FF0
c:\windows\system32\DBBK\CCF82C5EC8A7326C3066DE870C06DAF1
c:\windows\system32\DBBK\CD82CA42949578C09D276354352498FE
c:\windows\system32\DBBK\CDBE9690CF2B8409FACAD94FAC9479C9
c:\windows\system32\DBBK\CF492D7E9AF1C628B3536D20EF6F5CC7
c:\windows\system32\DBBK\CFCE43B70CA0CC4DCC8ADB62B792B173
c:\windows\system32\DBBK\D0EBE8F93C70FCA792E241CE268BC837
c:\windows\system32\DBBK\D26451B540720A7313A9BCBE794DAF62
c:\windows\system32\DBBK\D3B6D02F0D95A62DFBAE7D7EA404DB59
c:\windows\system32\DBBK\D3F72D50DE53F9F1F55240115AF4D42E
c:\windows\system32\DBBK\D4502F124289A31976130CCCB014C9AA
c:\windows\system32\DBBK\D45926117EB9FA946A6AF572FBE1CAA3
c:\windows\system32\DBBK\D475BBD6FEF8DB2DDE0DA7CCFD2C9042
c:\windows\system32\DBBK\D4991D98F2DB73C60D042F1AEF79EFAE
c:\windows\system32\DBBK\D529CF9C5947F35D93B22658178C0197
c:\windows\system32\DBBK\D6FE22825A8FEBB3845CBA424DED3142
c:\windows\system32\DBBK\D72B9EC3337B247A666F098F3D6B43DE
c:\windows\system32\DBBK\D7531363DC675435D999971440695757
c:\windows\system32\DBBK\D7B7A57C0E57C836F18CF12A4C62A1CA
c:\windows\system32\DBBK\D8361BEAB7109AB8B069F7F5028E37B1
c:\windows\system32\DBBK\D8555A09D5862497F4156E9E4CCC808B
c:\windows\system32\DBBK\D918617B46457B9AC28027722E30F647
c:\windows\system32\DBBK\D95C71052E5EF63B55997FB31483D02F
c:\windows\system32\DBBK\D9DC1EE68466A3023D094694F37B5DC8
c:\windows\system32\DBBK\D9F724AA26C010A217C97606B160ED68
c:\windows\system32\DBBK\DA1F27D85E0D1525F6621372E7B685E9
c:\windows\system32\DBBK\DA52E84AEA182DB1DFF5D404BC3EF44A
c:\windows\system32\DBBK\DABFEEC15B9E7427723B0308D2948DF2
c:\windows\system32\DBBK\DD40363ABAD230A84C5E2178B11EFA88
c:\windows\system32\DBBK\DD7BD97FB8BD800963789158A5E4B41D
c:\windows\system32\DBBK\DE6A75F5C270E756C5508D94B6CF68F5
c:\windows\system32\DBBK\DEB04DA35CC871B6D309B77E1443C796
c:\windows\system32\DBBK\DEF7A7882BEC100FE0B2CE2549188F9D
c:\windows\system32\DBBK\DF6551E4C4C46655A0C76194F1FCEA5D
c:\windows\system32\DBBK\DF82E222578DBE59FCBBD69A02E4C806
c:\windows\system32\DBBK\E0B9F2EFF11A3FD8E44B045C77EB9FC9
c:\windows\system32\DBBK\E2092F0A1D7ABC243F9C2362483D150D
c:\windows\system32\DBBK\E20B95BAEDB550F32DD489265C1DA1F6
c:\windows\system32\DBBK\E28726B72C46821A28830E077D39A55B
c:\windows\system32\DBBK\E3DE4EB20C48F0162FCEE0E0716D34E0
c:\windows\system32\DBBK\E42E3433DBB4CFFE8FDD91EAB29AEA8E
c:\windows\system32\DBBK\E45989C127C0476A937D6BEAA6E28211
c:\windows\system32\DBBK\E4616430709F440CF1809D88DC2366EA
c:\windows\system32\DBBK\E47E364C96467FD54FA44D59F927C3AB
c:\windows\system32\DBBK\E530E95DBFE0EA51159D1F7C81DB6B98
c:\windows\system32\DBBK\E535E0A413655208D7180154150881C6
c:\windows\system32\DBBK\E5EDBD51476DB5001ABF5C82AE5C3DD1
c:\windows\system32\DBBK\E6EF7BC927D9F8F9BA1584BFC39E0C6F
c:\windows\system32\DBBK\E76F8807070ED04E7408A86D6D3A6137
c:\windows\system32\DBBK\E7DFAC66C455E2B7E86FC5D87F35A275
c:\windows\system32\DBBK\E82A496C3961EFC6828B508C310CE98F
c:\windows\system32\DBBK\E837FDBB92E9873E538395B623F45462
c:\windows\system32\DBBK\E86423AA9AA8C382AF02B94A058DC2AA
c:\windows\system32\DBBK\E9733011B6B1E34F19A07DD143403025
c:\windows\system32\DBBK\EA5B8BECA3F279C757578CD7F1E95855
c:\windows\system32\DBBK\EA9EE60B408878E5F2012F9C783836DB
c:\windows\system32\DBBK\EADBBC834E47EB338C47442B64FE295B
c:\windows\system32\DBBK\EC29A79F1E76DC509E24D401F29D0678
c:\windows\system32\DBBK\EC4C0D9BFD9F7E33F8B395AD54E13063
c:\windows\system32\DBBK\ECB7591870F8BFB1A4C17B718AD5A4AA
c:\windows\system32\DBBK\ED0C0DF222209E43AD9AFBF3FE87DDE0
c:\windows\system32\DBBK\ED0EF0A136DEC83DF69F04118870003E
c:\windows\system32\DBBK\ED5A816D8E11E03F1937AC3C56826EE4
c:\windows\system32\DBBK\EDC1531A49C80614B2CFDA43CA8659AB
c:\windows\system32\DBBK\EE4C651A217B01D636B5364AC77DA892
c:\windows\system32\DBBK\EEE7F12D9FF46F68FBC0DA059A359E9E
c:\windows\system32\DBBK\EFBBE3005DFBC4B740804B2DE2118B17
c:\windows\system32\DBBK\EFEEC01B1D3CF84F16DDD24D9D9D8F99
c:\windows\system32\DBBK\F05B8CDB7FE0E55DCCFB1D946CE80064
c:\windows\system32\DBBK\F0BF811622F2DD6C8E26EE4600D83731
c:\windows\system32\DBBK\F0DCD148AAB06EC29D7EB2DE1CA07476
c:\windows\system32\DBBK\F137A0CA70003DB20448D540651FA003
c:\windows\system32\DBBK\F24B12786D60A17008319E3F2AEE7799
c:\windows\system32\DBBK\F26385E8BA4549B5186B774EC0E45D86
c:\windows\system32\DBBK\F38194CE99067D0C47E46F8BB7226106
c:\windows\system32\DBBK\F391DAFB242C185F1601A3E77B81920F
c:\windows\system32\DBBK\F404830F3CD9BF8F2515E489C0CDA297
c:\windows\system32\DBBK\F4DD9E29CAB8110C976B9200E8067BC2
c:\windows\system32\DBBK\F51EBB6FC536A6B2D588FD668D3A8249
c:\windows\system32\DBBK\F5B754CDEA20BBB3A31E16A776EDE6D6
c:\windows\system32\DBBK\F614AB3F0AF8DEFE7AD91BE2BA483603
c:\windows\system32\DBBK\F80A415EF82CD06FFAF0D971528EAD38
c:\windows\system32\DBBK\F828DD7E1419B6653894A8F97A0094C5
c:\windows\system32\DBBK\F8F0D25CA553E39DDE485D8FC7FCCE89
c:\windows\system32\DBBK\F927A4434C5028758A842943EF1A3849
c:\windows\system32\DBBK\F92E1076C42FCD6DB3D72D8CFE9816D5
c:\windows\system32\DBBK\F9D3C78CFE15271D80790677C893CE45
c:\windows\system32\DBBK\FA1B9CAE64B23C950DA3D96ABBF23BD0
c:\windows\system32\DBBK\FA20159A61ECDF77F971A2C4A86E8676
c:\windows\system32\DBBK\FB8F8EEC8D9C2157789472DD61CDC78B
c:\windows\system32\DBBK\FBFCA1A574D47EE575448B719CBBF2E4
c:\windows\system32\DBBK\FCFA1C55971CC229D353B3A15ACCD995
c:\windows\system32\DBBK\FDBB1D60066FCFBB7452FD8F9829B242
c:\windows\system32\DBBK\FE0D99D6F31E4FAD8159F690D68DED9C
c:\windows\system32\DBBK\FE28EF2586249866AE340E13FE7FF510
c:\windows\system32\DBBK\FE47DD8FE6D7768FF94EBEC6C74B2719
c:\windows\system32\DBBK\FE97D0343ACFDEBDD578FC67CC91FA87
c:\windows\system32\DBBK\FEDE68BF80052BAD393AFD5C2E60DCB0
c:\windows\system32\DBBK\FEE0BADED54222E9F1DAE9541212AAB1
c:\windows\system32\DBBK\FF02F93955179F9A4F28656740A994A1
c:\windows\system32\DBBK\FF3477C03BE7201C294C35F684B3479F
.
.
((((((((((((((((((((((((( Files Created from 2012-03-22 to 2012-04-22 )))))))))))))))))))))))))))))))
.
.
2012-04-19 04:05 . 2012-04-19 04:05 -------- d-----w- c:\documents and settings\h\Application Data\OpenOffice.org
2012-04-19 04:01 . 2012-04-19 04:01 -------- d-----w- c:\program files\OpenOffice.org 3
2012-04-16 14:35 . 2012-04-16 14:35 -------- d-----w- c:\documents and settings\Administrator
2012-04-15 18:27 . 2012-04-22 03:50 -------- d-----w- c:\program files\Steam
2012-04-13 04:04 . 2012-04-13 04:04 -------- d-----w- c:\program files\ESET
2012-04-13 02:21 . 2012-04-13 02:21 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-05 12:34 . 2012-04-05 12:48 -------- d-----w- C:\emuvbalink
2012-04-04 15:49 . 2012-04-04 15:49 -------- d-----w- c:\program files\Common Files\Java
2012-04-04 15:49 . 2012-04-19 08:03 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-04 15:49 . 2012-04-19 08:03 -------- d-----w- c:\program files\Java
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2012-04-03 15:02 . 2012-04-03 15:02 -------- d-----w- c:\documents and settings\h\Application Data\Malwarebytes
2012-04-03 15:01 . 2012-04-03 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-04-03 14:31 . 2012-04-03 14:31 -------- d-----w- c:\documents and settings\h\Application Data\FixZeroAccess
2012-04-03 10:32 . 2008-05-29 23:42 60416 ----a-w- c:\windows\system32\antiwpa.dll
2012-04-03 10:14 . 2008-04-13 19:18 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2012-04-03 10:14 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-03-29 20:02 . 2012-04-10 19:31 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-29 19:40 . 2012-03-29 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D562BF000435DB527ED81DD151FC84
2012-03-28 23:36 . 2012-03-28 23:36 -------- d-s---w- c:\documents and settings\NetworkService\UserData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-19 08:03 . 2011-04-28 02:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-13 02:21 . 2011-06-23 04:12 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-29 20:18 . 2006-02-28 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-29 14:10 . 2006-02-28 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2006-02-28 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-28 18:50 . 2006-02-28 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 18:50 . 2006-02-28 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-02-28 18:50 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-02-28 13:50 . 2006-02-28 12:00 369664 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:22 . 2006-02-28 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2011-04-28 06:41 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-04-19_03.50.49 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
- 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
- 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2012-04-22 08:15 . 2012-04-22 08:15 16384 c:\windows\Temp\Perflib_Perfdata_558.dat
+ 2012-04-19 04:01 . 2012-04-19 04:01 11264 c:\windows\assembly\GAC_MSIL\cli_basetypes\1.0.18.0__ce2cb7e279207b9e\cli_basetypes.dll
+ 2012-04-19 04:01 . 2012-04-19 04:01 64000 c:\windows\assembly\GAC_32\cli_cppuhelper\1.0.21.0__ce2cb7e279207b9e\cli_cppuhelper.dll
+ 2012-04-19 04:01 . 2012-04-19 04:01 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_uretypes\7.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_uretypes.dll
+ 2012-04-19 04:01 . 2012-04-19 04:01 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_ure\21.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_ure.dll
+ 2012-04-19 04:01 . 2012-04-19 04:01 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_oootypes\7.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_oootypes.dll
+ 2012-04-19 04:01 . 2012-04-19 04:01 3072 c:\windows\assembly\GAC_MSIL\policy.1.0.cli_basetypes\18.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_basetypes.dll
+ 2012-04-19 04:01 . 2012-04-19 04:01 7680 c:\windows\assembly\GAC_MSIL\cli_ure\1.0.21.0__ce2cb7e279207b9e\cli_ure.dll
+ 2012-04-19 04:01 . 2012-04-19 04:01 3072 c:\windows\assembly\GAC_32\policy.1.0.cli_cppuhelper\21.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_cppuhelper.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
- 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2012-04-19 08:04 . 2012-04-19 08:03 157472 c:\windows\system32\javaws.exe
- 2012-04-04 15:49 . 2012-04-04 15:49 157472 c:\windows\system32\javaws.exe
- 2012-04-04 15:49 . 2012-04-04 15:49 149280 c:\windows\system32\javaw.exe
+ 2012-04-19 08:04 . 2012-04-19 08:03 149280 c:\windows\system32\javaw.exe
- 2012-04-04 15:49 . 2012-04-04 15:49 149280 c:\windows\system32\java.exe
+ 2012-04-19 08:04 . 2012-04-19 08:03 149280 c:\windows\system32\java.exe
+ 2011-01-21 09:16 . 2012-04-19 17:22 122136 c:\windows\system32\FNTCACHE.DAT
+ 2012-04-19 08:03 . 2012-04-19 08:03 902656 c:\windows\Installer\e7b00c.msi
+ 2012-04-19 04:00 . 2012-04-19 04:00 677376 c:\windows\Installer\8c1c7.msi
+ 2012-04-19 04:01 . 2012-04-19 04:01 118784 c:\windows\assembly\GAC_MSIL\cli_uretypes\1.0.7.0__ce2cb7e279207b9e\cli_uretypes.dll
+ 2012-04-19 04:01 . 2012-04-19 04:01 892928 c:\windows\assembly\GAC_MSIL\cli_oootypes\1.0.7.0__ce2cb7e279207b9e\cli_oootypes.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2012-04-19 04:02 . 2012-04-19 04:02 2991104 c:\windows\Installer\8c1cc.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2012-04-15 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-08-13 33656832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1386776]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\documents and settings\h\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PGPtray.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PGPtray.exe.lnk
backup=c:\windows\pss\PGPtray.exe.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2011-01-05 17:11 4321112 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Riot Games\\League of Legends\\lol.launcher.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 3\\iw5sp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 3\\iw5mp.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58066:TCP"= 58066:TCP:Pando Media Booster
"58066:UDP"= 58066:UDP:Pando Media Booster
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"8382:TCP"= 8382:TCP:League of Legends Launcher
"8382:UDP"= 8382:UDP:League of Legends Launcher
"6976:TCP"= 6976:TCP:League of Legends Launcher
"6976:UDP"= 6976:UDP:League of Legends Launcher
"6901:TCP"= 6901:TCP:League of Legends Launcher
"6901:UDP"= 6901:UDP:League of Legends Launcher
"8383:TCP"= 8383:TCP:League of Legends Launcher
"8383:UDP"= 8383:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
"6906:TCP"= 6906:TCP:League of Legends Launcher
"6906:UDP"= 6906:UDP:League of Legends Launcher
.
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [1/20/2011 11:11 PM 12184]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [1/21/2011 10:34 AM 1381632]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/12/2012 10:21 PM 253600]
S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]
S3 hwmobile;Huawei CDMA Handset USB Modem and USB Serial;c:\windows\system32\drivers\hwusbser.sys [6/21/2011 12:28 AM 101376]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 02:21]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\documents and settings\h\Application Data\Mozilla\Firefox\Profiles\avwcgn1t.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-22 04:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(640)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Completion time: 2012-04-22 04:24:12
ComboFix-quarantined-files.txt 2012-04-22 08:24
ComboFix2.txt 2012-04-19 03:53
ComboFix3.txt 2012-04-13 16:55
ComboFix4.txt 2012-04-04 18:07
ComboFix5.txt 2012-04-22 08:09
.
Pre-Run: 820,041,969,664 bytes free
Post-Run: 822,460,297,216 bytes free
.
- - End Of File - - 7DF4CC7C3BB4588E78746409DF5E8D47




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users