Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer infested. Please help


  • This topic is locked This topic is locked
16 replies to this topic

#1 AgentCormac

AgentCormac

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 25 April 2012 - 09:38 AM

Please help. AVG detects the following viruses on my machine. PSW.Agent.AUET, ASJX, ARMW and Generic9RDX. After cleanup they keep reappearing.


Combo log:

ComboFix 12-04-25.01 - Shed 25/04/2012 10:59:48.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.532 [GMT 1:00]
Running from: c:\documents and settings\Shed\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Shed\Application Data\Mozilla\Firefox\Profiles\rremc8xw.default\weave\toFetch
c:\documents and settings\Shed\Application Data\Mozilla\Firefox\Profiles\rremc8xw.default\weave\toFetch\clients.json
c:\documents and settings\Shed\Application Data\Mozilla\Firefox\Profiles\rremc8xw.default\weave\toFetch\tabs.json
c:\documents and settings\Shed\Start Menu\Programs\AntiVirus System 2011
c:\documents and settings\Shed\Start Menu\Programs\AntiVirus System 2011\Help AntiVirus System 2011.lnk
c:\documents and settings\Shed\Start Menu\Programs\AntiVirus System 2011\How to Activate AntiVirus System 2011.lnk
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Installr\Cache\files.ini
c:\windows\system32\Cache
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\SET6C0.tmp
c:\windows\system32\SET6CC.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
.
.
((((((((((((((((((((((((( Files Created from 2012-03-25 to 2012-04-25 )))))))))))))))))))))))))))))))
.
.
2012-04-23 12:09 . 2012-04-23 12:09 12600 ----a-w- c:\windows\system32\drivers\PROCEXP111.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-07 15:40 . 2011-05-15 10:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\apps\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nForce Tray Options"="sstray.exe" [2002-11-13 73728]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-09-04 2524416]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"iTunesHelper"="d:\apps\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Shed\Start Menu\Programs\Startup\
Mozilla Firefox.lnk - d:\apps\Mozilla Firefox\firefox.exe [2009-1-6 924632]
PeerBlock.lnk - d:\apps\PeerBlock\peerblock.exe [2010-1-26 1867888]
µTorrent.lnk - d:\apps\uTorrent\uTorrent.exe [2009-1-6 741240]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\apps\\uTorrent\\uTorrent.exe"=
"d:\\apps\\Mozilla Firefox\\firefox.exe"=
"d:\\Java\\jdk1.6.0_11\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Calibre2\\calibre.exe"=
"d:\\apps\\VLC\\vlc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\apps\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"d:\\apps\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"d:\\apps\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"d:\\apps\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 16:27 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 03:48 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 03:48 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07/09/2010 03:49 295248]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [16/05/2011 10:34 218688]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [27/12/2009 15:01 154416]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [27/12/2009 14:59 33072]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 07:25 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02/08/2011 07:09 192776]
R2 LogWatch;Event Log Watch;c:\windows\LogWatNT.exe [08/06/2000 19:15 50176]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 21:42 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 21:42 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 21:42 16720]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [17/12/2009 16:02 101680]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [15/07/2011 18:08 113456]
R3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [02/06/2011 11:56 136176]
S3 8lt6m.sys;8lt6m.sys;\??\c:\windows\system32\drivers\8lt6m.sys --> c:\windows\system32\drivers\8lt6m.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [02/06/2011 11:56 136176]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [09/07/2011 11:52 34608]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - xcpip
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:57]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-02 10:56]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-02 10:56]
.
2011-07-03 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 15:07]
.
2012-04-24 c:\windows\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_BIG-BLUE_Mark.job
- c:\windows\system32\mobsync.exe [2001-08-23 05:42]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Shed\Application Data\Mozilla\Firefox\Profiles\rremc8xw.default\
FF - prefs.js: browser.search.selectedEngine - Google UK
FF - prefs.js: browser.startup.homepage - hxxp://www.thepiratebay.com|http://eztv.it/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
------- File Associations -------
.
.txt=UEStudio.txt
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
SafeBoot-klmdb.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-25 11:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="DF4D6012A19F8F6AD854EF870A51D5A134531078CD17BE694D562B6C7ECA95CB35A70BA01BC6B5F79B774A282E1D66AB93211D2231DC8331A4F563FAC6E7FEE1271D0A3D435C2CC9FAFDC6F5888A57CD81499528A575BA647378114A59F23363FCF9975E56CAD25832573B9258713977CDF88BF292CC400CBFEC262C64077C9011D09E5FE3FE833E91B5308034338FBADCA344FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A2D97226D213B555A2D97226D213B5557E8342FB20E2D984AF5A02C38DAE86D32B7B0E8B5C7DCB47FD1C078B1A940E1753B426453E898EEE55D32EA4D5C26E6E1B43F8EABEC93C7E3007886B70E411F8A7222F965510BD96B8B049DA393B0F38F6CE7BCABFD595FD13D2121FF23308A32CD2E47F58BEB2BB35024922A2F371B262D39E356434C12032F8601E5FE8617079A4D082DFEFFA550B272AA9A25C650DE756ECA5540B72F300C3ACCF187E4DEA09C77E96A412E80DDD586A176DF9FDB07133F6105D929A3DD153B816A20240D4394001A506AA91BE341D8C81D9641236D017CFD5F01873F4DF1DC93FA817F4A14C68ED9088CED0FD7A541774E5C83DEC39858FD2A27D78C44966A89379F2E67BE8EB5FAAD02B44107E2F14EF2F675FD7C456D0522D386A0E0ECCA04C055FD83D194CF138AB7D4D6C75B413E87A929AACED343695EB514DE2143F0417E1BCCF77CCDD4876071B93C2F5BC2747B03456D5961C5FD1DFE4E80BA402A597CA7B93EE54C90814F4E980737BF6E5E55BC83DF103E1F531AE26C9026EAC5FE19C22319DE60CD9B42E654115E36469962D603F545B2DA65021D83FF7012A8D805ACB7B2E9FF6EBED8C9DC87075DAD21C779F1003ABF71FBEA357DECF523B11F2292587817B2DEF4B8F354D82D504C1AE34BD25B964101403470DFE21BC734FA95272AC2DDE291CCC59E3497D115DDFFAFE073AE45A9ABD1541FDBDB7FBBAAE8A45880AF88D36A863B1737AC79539D5A0955CCEA7C58C56E3E93D7A13B34D1D71925200E034F655F882C563F839BCD1B2DE32A6D8C2B09D4DBE75D86667390D29714E3396DFDE61655BCBC8E030E2083AE090C783D126582A6063C11A81636FF73A0D0DFD04B7947A6E8C377F17F82FB34813FDE5D8604EBF935860C84D04C010EB38BA2F769DB77994A57B0AED1F800E64EBD7719D2549CD41B9A5427F27FA1EA7862E78F100181A46C527EA98CD3BAEA9DC294E4E111B84777F4589AB2B1F3E34C89B5794A60787A3AE90BF5C4D236CB04089567B90170865B838D64B443383FADFFC8360A85B60EF38D359E63BFC13B301D298976793F261063916BBFB3F740AC20EE23C72EEB711CE4C3DC5099563139F2555FDABEB51621D4A66BE2BCE8993"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(956)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(6140)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
d:\apps\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\system32\oodag.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AVG\AVG2012\avgui.exe
.
**************************************************************************
.
Completion time: 2012-04-25 11:23:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-25 10:23
.
Pre-Run: 1,434,288,128 bytes free
Post-Run: 2,013,548,544 bytes free
.
- - End Of File - - 5FD854EC9D980021D50938C03C029CC8

DDS log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12
Run by Shed at 14:21:00 on 2012-04-25
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.343 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\LogWatNT.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\system32\oodag.exe
D:\apps\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
D:\apps\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Shed\Desktop\qyzfepro.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [DAEMON Tools Lite] "d:\apps\daemon tools lite\DTLite.exe" -autorun
mRun: [nForce Tray Options] sstray.exe /r
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [OODefragTray] c:\windows\system32\oodtray.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "d:\apps\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\shed\startm~1\programs\startup\mozill~1.lnk - d:\apps\mozilla firefox\firefox.exe
StartupFolder: c:\docume~1\shed\startm~1\programs\startup\peerbl~1.lnk - d:\apps\peerblock\peerblock.exe
StartupFolder: c:\docume~1\shed\startm~1\programs\startup\torren~1.lnk - d:\apps\utorrent\uTorrent.exe
DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
TCP: Interfaces\{5A70AF3D-CFB2-4C8E-8958-562C70F5B564} : DhcpNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\shed\application data\mozilla\firefox\profiles\rremc8xw.default\
FF - prefs.js: browser.search.selectedEngine - Google UK
FF - prefs.js: browser.startup.homepage - hxxp://www.thepiratebay.com|http://eztv.it/
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: d:\apps\acrobat 10.0\acrobat\air\nppdf32.dll
FF - plugin: d:\apps\acrobat 10.0\acrobat\browser\nppdf32.dll
FF - plugin: d:\apps\itunes\mozilla plugins\npitunes.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 295248]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-5-16 218688]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-12-27 154416]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-12-27 33072]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 LogWatch;Event Log Watch;c:\windows\LogWatNT.exe [2000-6-8 50176]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-12-17 101680]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2011-7-15 113456]
R3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
R3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-2 136176]
S3 8lt6m.sys;8lt6m.sys;\??\c:\windows\system32\drivers\8lt6m.sys --> c:\windows\system32\drivers\8lt6m.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-2 136176]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2011-7-9 34608]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.txt=UEStudio.txt
.
=============== Created Last 30 ================
.
2012-04-25 09:30:14 -------- d-sha-r- C:\cmdcons
2012-04-25 09:25:47 98816 ----a-w- c:\windows\sed.exe
2012-04-25 09:25:47 518144 ----a-w- c:\windows\SWREG.exe
2012-04-25 09:25:47 256000 ----a-w- c:\windows\PEV.exe
2012-04-25 09:25:47 208896 ----a-w- c:\windows\MBR.exe
2012-04-23 12:09:35 12600 ----a-w- c:\windows\system32\drivers\PROCEXP111.SYS
.
==================== Find3M ====================
.
2012-03-07 15:40:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 14:24:12.18 ===============



GMER log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-25 15:45:24
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 IC35L090AVV207-0 rev.V23OA63A
Running: qyzfepro.exe; Driver: C:\DOCUME~1\Shed\LOCALS~1\Temp\fxrcqpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB7D14F3C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB7D14FE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB7D15080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB7D1511C]

---- Kernel code sections - GMER 1.0.15 ----

? RGRCZ@J@ The filename, directory name, or volume label syntax is incorrect. !
init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xF76C8A0C]
.text C:\WINDOWS\System32\DRIVERS\ati2mtag.sys section is writeable [0xF6805000, 0x1B601E, 0xE8000020]
? system32\drivers\xpsec.sys The system cannot find the path specified. !
? system32\drivers\xcpip.sys The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\winlogon.exe[956] Secur32.dll!LsaLogonUser 77FE33F1 5 Bytes JMP 01472C81
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2488] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E09D85
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2488] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E098B1
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2488] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E09C37
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2488] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E09A03
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2488] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E09AD6
.text C:\Program Files\iPod\bin\iPodService.exe[2520] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00BE9D85
.text C:\Program Files\iPod\bin\iPodService.exe[2520] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BE98B1
.text C:\Program Files\iPod\bin\iPodService.exe[2520] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00BE9C37
.text C:\Program Files\iPod\bin\iPodService.exe[2520] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00BE9A03
.text C:\Program Files\iPod\bin\iPodService.exe[2520] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00BE9AD6
.text C:\Program Files\AVG\AVG2012\avgtray.exe[2816] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 03039D85
.text C:\Program Files\AVG\AVG2012\avgtray.exe[2816] WS2_32.dll!send 71AB4C27 5 Bytes JMP 030398B1
.text C:\Program Files\AVG\AVG2012\avgtray.exe[2816] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 03039C37
.text C:\Program Files\AVG\AVG2012\avgtray.exe[2816] WS2_32.dll!recv 71AB676F 5 Bytes JMP 03039A03
.text C:\Program Files\AVG\AVG2012\avgtray.exe[2816] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 03039AD6
.text D:\apps\iTunes\iTunesHelper.exe[2888] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 02989D85
.text D:\apps\iTunes\iTunesHelper.exe[2888] WS2_32.dll!send 71AB4C27 5 Bytes JMP 029898B1
.text D:\apps\iTunes\iTunesHelper.exe[2888] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 02989C37
.text D:\apps\iTunes\iTunesHelper.exe[2888] WS2_32.dll!recv 71AB676F 5 Bytes JMP 02989A03
.text D:\apps\iTunes\iTunesHelper.exe[2888] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 02989AD6
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3340] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E39D85
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3340] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E398B1
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3340] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E39C37
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3340] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E39A03
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3340] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E39AD6
.text D:\apps\Mozilla Firefox\firefox.exe[3368] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 011D64D0 D:\apps\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\AVG\AVG2012\avgwdsvc.exe[3408] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 03979D85
.text C:\Program Files\AVG\AVG2012\avgwdsvc.exe[3408] WS2_32.dll!send 71AB4C27 5 Bytes JMP 039798B1
.text C:\Program Files\AVG\AVG2012\avgwdsvc.exe[3408] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 03979C37
.text C:\Program Files\AVG\AVG2012\avgwdsvc.exe[3408] WS2_32.dll!recv 71AB676F 5 Bytes JMP 03979A03
.text C:\Program Files\AVG\AVG2012\avgwdsvc.exe[3408] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 03979AD6
.text C:\WINDOWS\System32\alg.exe[3456] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00B29D85
.text C:\WINDOWS\System32\alg.exe[3456] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B298B1
.text C:\WINDOWS\System32\alg.exe[3456] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00B29C37
.text C:\WINDOWS\System32\alg.exe[3456] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00B29A03
.text C:\WINDOWS\System32\alg.exe[3456] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B29AD6
.text C:\WINDOWS\Explorer.EXE[3552] USER32.dll!DisplayExitWindowsWarnings 7E459F91 5 Bytes JMP 00D62A93
.text C:\WINDOWS\Explorer.EXE[3552] SHELL32.dll!SHFileOperationW 7CA708E4 5 Bytes JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll
.text C:\WINDOWS\Explorer.EXE[3552] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00C79D85
.text C:\WINDOWS\Explorer.EXE[3552] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C798B1
.text C:\WINDOWS\Explorer.EXE[3552] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00C79C37
.text C:\WINDOWS\Explorer.EXE[3552] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00C79A03
.text C:\WINDOWS\Explorer.EXE[3552] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00C79AD6
.text C:\Program Files\Bonjour\mDNSResponder.exe[3560] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00A69D85
.text C:\Program Files\Bonjour\mDNSResponder.exe[3560] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00A698B1
.text C:\Program Files\Bonjour\mDNSResponder.exe[3560] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00A69C37
.text C:\Program Files\Bonjour\mDNSResponder.exe[3560] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00A69A03
.text C:\Program Files\Bonjour\mDNSResponder.exe[3560] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00A69AD6
.text C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[3916] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 020C9D85
.text C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[3916] WS2_32.dll!send 71AB4C27 5 Bytes JMP 020C98B1
.text C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[3916] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 020C9C37
.text C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[3916] WS2_32.dll!recv 71AB676F 5 Bytes JMP 020C9A03
.text C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[3916] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 020C9AD6

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device owAZEVAoRGRCZ \Device\Ide\IdePort0 RGRCZ@J@
Device owAZEVAoRGRCZ \Device\Ide\IdeDeviceP0T0L0-4 RGRCZ@J@
Device owAZEVAoRGRCZ \Device\Ide\IdePort1 RGRCZ@J@
Device owAZEVAoRGRCZ \Device\Ide\IdeDeviceP0T1L0-c RGRCZ@J@
Device owAZEVAoRGRCZ \Device\Ide\IdeDeviceP1T0L0-18 RGRCZ@J@
Device owAZEVAoRGRCZ \Device\Ide\IdeDeviceP1T1L0-20 RGRCZ@J@

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\mbr \Device\mbr F79E1CDE

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a310
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00158315a310 (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Documents and Settings\All Users\Documents\Pinnacle\Content\MotionTitles\-Looks\Standard\01 \x2013 Soft Shadow Looks.ixLook 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG11.00.00.01WORKSTATION DF4D6012A19F8F6AD854EF870A51D5A134531078CD17BE694D562B6C7ECA95CB35A70BA01BC6B5F79B774A282E1D66AB93211D2231DC8331A4F563FAC6E7FEE1271D0A3D435C2CC9FAFDC6F5888A57CD81499528A575BA647378114A59F23363FCF9975E56CAD25832573B9258713977CDF88BF292CC400CBFEC262C64077C9011D09E5FE3FE833E91B5308034338FBADCA344FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A2D97226D213B555A2D97226D213B5557E8342FB20E2D984AF5A02C38DAE86D32B7B0E8B5C7DCB47FD1C078B1A940E1753B426453E898EEE55D32EA4D5C26E6E1B43F8EABEC93C7E3007886B70E411F8A7222F965510BD96B8B049DA393B0F38F6CE7BCABFD595FD13D2121FF23308A32CD2E47F58BEB2BB35024922A2F371B262D39E356434C12032F8601E5FE8617079A4D082DFEFFA550B272AA9A25C650DE756ECA5540B72F300C3ACCF187E4DEA09C77E96A412E80DDD586A176DF9FDB07133F6105D929A3DD153B816A20240D4394001A506AA91BE341D8C81D9641236D017CFD5F01873F4DF1DC93FA817F4A14C68ED9088CED0FD7A541774E5C83DEC39858FD2A27D78C44966A89379F2E67BE8EB5FAAD02B44107E2F14EF2F675FD7C456D0522D386A0E0ECCA04C0
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xB2 0x46 0x9A 0xE2 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List@File3 E:\Acoustica Mixcraft v5.2 build 151+Patch\Slickinator.txt
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List@File4 \\Nas1\Volume_1\installs\IDM Ultra Edit Studio v10.30.0 - English By Adrian Dennis\IDM.UltraCompare.Professional.v7.20.0.1007-Keygen-CORE+Portable\IDM.UltraCompare.Professional.v7.20.0.1007-Keygen-CORE+Portable.txt

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:51 PM

Posted 27 April 2012 - 06:38 PM

Hi

Please run the following:


Please download HelpAsst_mebroot_fix.exe and save it to your desktop.
Close out all other open programs and windows.
Double click the file to run it and follow any prompts.
If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer.
Upon restarting, please wait about 5 minutes, click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !
When it completes, a log will open.
Please post the contents of that log.


*In the event the tool does not detect an mbr infection and completes, click Start>Run and type the following bolded command, then hit Enter.

mbr -f

Now, please do the Start>Run>mbr -f command a second time.
Now shut down the computer (do not restart, but shut it down), wait a few minutes then start it back up.
Give it about 5 minutes, then click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !
When it completes, a log will open.
Please post the contents of that log.

**Important note to Dell users - fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not allow the tool to execute mbr -f nor execute the command manually, and you will either need to restore your computer to a factory state or allow your computer to remain having an infected mbr (the latter not recommended).

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 AgentCormac

AgentCormac
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 28 April 2012 - 05:24 AM

Hi CatByte.

Thanks for your help.

Running HelpAsst_mebroot_fix.exe reported no infections. However the result of running mbr -f was:

C:\Documents and Settings\Mark>mbr -f
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer
.net
Windows 5.1.2600 Disk: IC35L090AVV207-0 rev.V23OA63A -> Harddisk0\DR0 ->

device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: error reading MBR


All my drives look OK in explorer and work correctly. The machine did not reboot as expected. I tried to run the following command anyway to see if I could get a log:

C:\Documents and Settings\Mark>helpasst -mbrt
'helpasst' is not recognized as an internal or external command,
operable program or batch file.


What should I try now?

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:51 PM

Posted 28 April 2012 - 07:56 AM

double post

Edited by CatByte, 28 April 2012 - 07:57 AM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:51 PM

Posted 28 April 2012 - 07:57 AM

Please run the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System is found then ensure Delete is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT


Please download Listparts
Run the tool,
check the "list BCD" box

click "Scan" and post the log (Result.txt) it makes.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 AgentCormac

AgentCormac
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 29 April 2012 - 04:24 PM

Hi CatByte.

I think we (you) might be making some progress now.

Ran TDSKiller which found a virus (Sinowal.B) which was cure and TDLFS which was deleted. See logs:

TDSKiller log:


22:13:17.0156 4928 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
22:13:19.0156 4928 ============================================================
22:13:19.0156 4928 Current date / time: 2012/04/29 22:13:19.0156
22:13:19.0156 4928 SystemInfo:
22:13:19.0156 4928
22:13:19.0156 4928 OS Version: 5.1.2600 ServicePack: 3.0
22:13:19.0156 4928 Product type: Workstation
22:13:19.0156 4928 ComputerName: BIG-BLUE
22:13:19.0156 4928 UserName: Mark
22:13:19.0156 4928 Windows directory: C:\WINDOWS
22:13:19.0156 4928 System windows directory: C:\WINDOWS
22:13:19.0156 4928 Processor architecture: Intel x86
22:13:19.0156 4928 Number of processors: 1
22:13:19.0156 4928 Page size: 0x1000
22:13:19.0156 4928 Boot type: Normal boot
22:13:19.0156 4928 ============================================================
22:14:27.0500 4928 Drive \Device\Harddisk0\DR0 - Size: 0x132C570000 (76.69 Gb), SectorSize: 0x200, Cylinders: 0x271B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:14:27.0703 4928 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xEC93D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000054
22:14:27.0828 4928 Drive \Device\Harddisk2\DR2 - Size: 0x262AE80000 (152.67 Gb), SectorSize: 0x200, Cylinders: 0x4DD9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:14:28.0125 4928 ============================================================
22:14:28.0125 4928 \Device\Harddisk0\DR0:
22:14:29.0125 4928 MBR partitions:
22:14:29.0125 4928 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x995C65B
22:14:29.0125 4928 \Device\Harddisk1\DR1:
22:14:29.0234 4928 MBR partitions:
22:14:29.0234 4928 \Device\Harddisk2\DR2:
22:14:29.0234 4928 MBR partitions:
22:14:29.0234 4928 ============================================================
22:14:34.0750 4928 C: <-> \Device\Harddisk0\DR0\Partition0
22:14:34.0750 4928 ============================================================
22:14:34.0750 4928 Initialize success
22:14:34.0750 4928 ============================================================
22:15:15.0890 4516 ============================================================
22:15:15.0890 4516 Scan started
22:15:15.0890 4516 Mode: Manual; TDLFS;
22:15:15.0890 4516 ============================================================
22:15:17.0375 4516 8lt6m.sys - ok
22:15:17.0375 4516 Abiosdsk - ok
22:15:17.0406 4516 abp480n5 - ok
22:15:17.0578 4516 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:15:17.0625 4516 ACPI - ok
22:15:17.0671 4516 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:15:17.0671 4516 ACPIEC - ok
22:15:17.0718 4516 adpu160m - ok
22:15:17.0796 4516 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:15:17.0859 4516 aec - ok
22:15:17.0984 4516 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:15:18.0031 4516 AFD - ok
22:15:18.0046 4516 Aha154x - ok
22:15:18.0078 4516 aic78u2 - ok
22:15:18.0109 4516 aic78xx - ok
22:15:18.0187 4516 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
22:15:18.0218 4516 Alerter - ok
22:15:18.0265 4516 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
22:15:18.0281 4516 ALG - ok
22:15:18.0296 4516 AliIde - ok
22:15:18.0375 4516 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
22:15:18.0390 4516 AmdK7 - ok
22:16:28.0750 4516 AMDPCI - ok
22:16:30.0046 4516 amsint - ok
22:16:30.0593 4516 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:16:30.0593 4516 Apple Mobile Device - ok
22:16:31.0046 4516 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
22:16:31.0125 4516 AppMgmt - ok
22:16:32.0296 4516 AR5523 (92637b97f57c1669d521a54482c4579c) C:\WINDOWS\system32\DRIVERS\WG11TND5.sys
22:16:32.0843 4516 AR5523 - ok
22:16:32.0968 4516 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:16:32.0968 4516 Arp1394 - ok
22:16:32.0984 4516 asc - ok
22:16:33.0000 4516 asc3350p - ok
22:16:33.0046 4516 asc3550 - ok
22:16:33.0593 4516 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:16:33.0781 4516 aspnet_state - ok
22:16:33.0828 4516 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:16:33.0828 4516 AsyncMac - ok
22:16:33.0953 4516 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:16:33.0968 4516 atapi - ok
22:16:33.0984 4516 Atdisk - ok
22:16:35.0734 4516 Ati HotKey Poller (eca673779ecd27d674953d692fe070f6) C:\WINDOWS\System32\Ati2evxx.exe
22:16:35.0875 4516 Ati HotKey Poller - ok
22:16:37.0171 4516 ATI Smart (1428c586bb318e1404575834e428addd) C:\WINDOWS\system32\ati2sgag.exe
22:16:37.0328 4516 ATI Smart - ok
22:16:45.0093 4516 ati2mtag (15b2fe76e2eceb98c49ed52311a6f26f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:16:46.0796 4516 ati2mtag - ok
22:16:48.0593 4516 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:16:48.0593 4516 Atmarpc - ok
22:16:48.0687 4516 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
22:16:48.0703 4516 AudioSrv - ok
22:16:48.0750 4516 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:16:48.0750 4516 audstub - ok
22:16:57.0453 4516 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
22:16:59.0187 4516 AVGIDSAgent - ok
22:17:00.0687 4516 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
22:17:00.0687 4516 AVGIDSDriver - ok
22:17:00.0765 4516 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
22:17:00.0765 4516 AVGIDSEH - ok
22:17:00.0812 4516 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
22:17:00.0828 4516 AVGIDSFilter - ok
22:17:00.0937 4516 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
22:17:00.0937 4516 AVGIDSShim - ok
22:17:01.0328 4516 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
22:17:01.0343 4516 Avgldx86 - ok
22:17:01.0515 4516 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
22:17:01.0515 4516 Avgmfx86 - ok
22:17:01.0687 4516 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
22:17:01.0687 4516 Avgrkx86 - ok
22:17:02.0546 4516 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
22:17:02.0593 4516 Avgtdix - ok
22:17:03.0031 4516 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
22:17:03.0031 4516 avgwd - ok
22:17:03.0109 4516 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:17:03.0109 4516 Beep - ok
22:17:04.0265 4516 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
22:17:04.0953 4516 BITS - ok
22:17:05.0500 4516 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
22:17:05.0546 4516 Bonjour Service - ok
22:17:05.0609 4516 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
22:17:05.0640 4516 Browser - ok
22:17:05.0718 4516 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
22:17:05.0718 4516 BthEnum - ok
22:17:05.0796 4516 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
22:17:05.0796 4516 BthPan - ok
22:17:06.0000 4516 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
22:17:06.0000 4516 BTHPORT - ok
22:17:06.0062 4516 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll
22:17:06.0078 4516 BthServ - ok
22:17:06.0125 4516 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
22:17:06.0125 4516 BTHUSB - ok
22:17:06.0125 4516 catchme - ok
22:17:06.0187 4516 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:17:06.0203 4516 cbidf2k - ok
22:17:06.0203 4516 cd20xrnt - ok
22:17:06.0250 4516 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:17:06.0250 4516 Cdaudio - ok
22:17:06.0484 4516 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:17:06.0500 4516 Cdfs - ok
22:17:06.0546 4516 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:17:06.0546 4516 Cdrom - ok
22:17:06.0562 4516 Changer - ok
22:17:06.0593 4516 cisvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
22:17:06.0593 4516 cisvc - ok
22:17:06.0625 4516 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
22:17:06.0625 4516 ClipSrv - ok
22:17:06.0812 4516 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:17:06.0968 4516 clr_optimization_v2.0.50727_32 - ok
22:17:07.0093 4516 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:17:07.0093 4516 clr_optimization_v4.0.30319_32 - ok
22:17:07.0109 4516 CmdIde - ok
22:17:07.0125 4516 COMSysApp - ok
22:17:07.0156 4516 Cpqarray - ok
22:17:07.0296 4516 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
22:17:07.0328 4516 CryptSvc - ok
22:17:07.0328 4516 dac2w2k - ok
22:17:07.0359 4516 dac960nt - ok
22:17:07.0828 4516 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:17:07.0968 4516 DcomLaunch - ok
22:17:08.0046 4516 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
22:17:08.0093 4516 Dhcp - ok
22:17:08.0125 4516 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:17:08.0125 4516 Disk - ok
22:17:08.0125 4516 dmadmin - ok
22:17:08.0843 4516 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:17:08.0906 4516 dmboot - ok
22:17:09.0046 4516 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:17:09.0062 4516 dmio - ok
22:17:09.0109 4516 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:17:09.0109 4516 dmload - ok
22:17:09.0140 4516 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
22:17:09.0140 4516 dmserver - ok
22:17:09.0234 4516 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:17:09.0234 4516 DMusic - ok
22:17:09.0328 4516 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
22:17:09.0343 4516 Dnscache - ok
22:17:09.0500 4516 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
22:17:09.0546 4516 Dot3svc - ok
22:17:09.0687 4516 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
22:17:09.0734 4516 Dot4 - ok
22:17:09.0750 4516 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
22:17:09.0750 4516 Dot4Print - ok
22:17:09.0765 4516 dpti2o - ok
22:17:09.0796 4516 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:17:09.0796 4516 drmkaud - ok
22:17:09.0875 4516 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
22:17:09.0875 4516 EapHost - ok
22:17:10.0000 4516 EL90Xbc (b61eaf446adf55cc0d0d5c5bbd3d1cae) C:\WINDOWS\system32\DRIVERS\el90Xbc5.SYS
22:17:10.0000 4516 EL90Xbc - ok
22:17:10.0015 4516 EntDrv51 - ok
22:17:10.0062 4516 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
22:17:10.0078 4516 ERSvc - ok
22:17:10.0296 4516 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:17:10.0312 4516 Eventlog - ok
22:17:10.0625 4516 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
22:17:10.0718 4516 EventSystem - ok
22:17:10.0843 4516 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:17:10.0890 4516 Fastfat - ok
22:17:11.0031 4516 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:17:11.0062 4516 FastUserSwitchingCompatibility - ok
22:17:11.0125 4516 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:17:11.0125 4516 Fdc - ok
22:17:11.0187 4516 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:17:11.0218 4516 Fips - ok
22:17:11.0265 4516 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:17:11.0265 4516 Flpydisk - ok
22:17:11.0359 4516 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:17:11.0359 4516 FltMgr - ok
22:17:11.0734 4516 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:17:11.0734 4516 FontCache3.0.0.0 - ok
22:17:11.0796 4516 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:17:11.0812 4516 Fs_Rec - ok
22:17:11.0968 4516 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:17:11.0984 4516 Ftdisk - ok
22:17:12.0031 4516 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
22:17:12.0031 4516 gameenum - ok
22:17:12.0109 4516 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
22:17:12.0109 4516 GEARAspiWDM - ok
22:17:12.0187 4516 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:17:12.0203 4516 Gpc - ok
22:17:12.0515 4516 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
22:17:12.0515 4516 gupdate - ok
22:17:12.0515 4516 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
22:17:12.0515 4516 gupdatem - ok
22:17:12.0625 4516 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:17:12.0640 4516 helpsvc - ok
22:17:12.0765 4516 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
22:17:12.0765 4516 HidServ - ok
22:17:12.0796 4516 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:17:12.0796 4516 hidusb - ok
22:17:12.0875 4516 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
22:17:12.0890 4516 hkmsvc - ok
22:17:12.0906 4516 hpn - ok
22:17:12.0921 4516 hpt3xx - ok
22:17:13.0140 4516 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:17:13.0171 4516 HTTP - ok
22:17:13.0312 4516 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
22:17:13.0359 4516 HTTPFilter - ok
22:17:13.0625 4516 i2omgmt - ok
22:17:13.0656 4516 i2omp - ok
22:17:14.0078 4516 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:17:14.0078 4516 i8042prt - ok
22:17:18.0093 4516 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:17:18.0359 4516 idsvc - ok
22:17:18.0859 4516 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:17:18.0890 4516 Imapi - ok
22:17:19.0968 4516 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
22:17:19.0968 4516 ImapiService - ok
22:17:19.0984 4516 ini910u - ok
22:17:20.0015 4516 IntelIde - ok
22:17:20.0078 4516 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:17:20.0093 4516 ip6fw - ok
22:17:20.0156 4516 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:17:20.0156 4516 IpFilterDriver - ok
22:17:20.0203 4516 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:17:20.0203 4516 IpInIp - ok
22:17:20.0296 4516 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:17:20.0312 4516 IpNat - ok
22:17:21.0812 4516 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
22:17:21.0875 4516 iPod Service - ok
22:17:21.0937 4516 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:17:21.0937 4516 IPSec - ok
22:17:21.0968 4516 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:17:21.0968 4516 IRENUM - ok
22:17:22.0015 4516 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:17:22.0015 4516 isapnp - ok
22:17:22.0078 4516 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:17:22.0078 4516 Kbdclass - ok
22:17:22.0125 4516 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:17:22.0125 4516 kbdhid - ok
22:17:22.0250 4516 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:17:22.0265 4516 kmixer - ok
22:17:22.0343 4516 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:17:22.0390 4516 KSecDD - ok
22:17:22.0828 4516 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
22:17:22.0859 4516 lanmanserver - ok
22:17:22.0953 4516 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
22:17:22.0984 4516 lanmanworkstation - ok
22:17:23.0000 4516 lbrtfdc - ok
22:17:23.0062 4516 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
22:17:23.0078 4516 LmHosts - ok
22:17:23.0156 4516 LogWatch (495cb30967059f48f75f56af85137bd2) C:\WINDOWS\LogWatNT.exe
22:17:23.0812 4516 LogWatch - ok
22:17:23.0953 4516 LPDSVC (32933b07fc16d9f778bee12545fa1b1a) C:\WINDOWS\System32\tcpsvcs.exe
22:17:23.0953 4516 LPDSVC - ok
22:17:24.0140 4516 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
22:17:24.0171 4516 MarvinBus - ok
22:17:24.0281 4516 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
22:17:24.0296 4516 Messenger - ok
22:17:24.0343 4516 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:17:24.0359 4516 mnmdd - ok
22:17:24.0718 4516 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
22:17:24.0718 4516 mnmsrvc - ok
22:17:24.0765 4516 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:17:24.0765 4516 Modem - ok
22:17:24.0796 4516 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:17:24.0796 4516 Mouclass - ok
22:17:24.0843 4516 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:17:24.0843 4516 mouhid - ok
22:17:24.0875 4516 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:17:24.0890 4516 MountMgr - ok
22:17:24.0890 4516 mraid35x - ok
22:17:24.0984 4516 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:17:24.0984 4516 MRxDAV - ok
22:17:25.0843 4516 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:17:25.0890 4516 MRxSmb - ok
22:17:25.0937 4516 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
22:17:25.0937 4516 MSDTC - ok
22:17:25.0984 4516 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:17:25.0984 4516 Msfs - ok
22:17:26.0000 4516 MSIServer - ok
22:17:26.0031 4516 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:17:26.0031 4516 MSKSSRV - ok
22:17:26.0046 4516 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:17:26.0046 4516 MSPCLOCK - ok
22:17:26.0062 4516 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:17:26.0062 4516 MSPQM - ok
22:17:26.0093 4516 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:17:26.0093 4516 mssmbios - ok
22:17:26.0140 4516 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
22:17:26.0140 4516 ms_mpu401 - ok
22:17:26.0203 4516 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:17:26.0234 4516 Mup - ok
22:17:26.0437 4516 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
22:17:26.0531 4516 napagent - ok
22:17:26.0609 4516 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:17:26.0671 4516 NDIS - ok
22:17:26.0703 4516 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:17:26.0703 4516 NdisTapi - ok
22:17:26.0765 4516 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:17:26.0765 4516 Ndisuio - ok
22:17:26.0812 4516 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:17:26.0812 4516 NdisWan - ok
22:17:26.0843 4516 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:17:26.0859 4516 NDProxy - ok
22:17:26.0890 4516 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:17:26.0890 4516 NetBIOS - ok
22:17:26.0953 4516 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:17:26.0984 4516 NetBT - ok
22:17:27.0062 4516 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:17:27.0062 4516 NetDDE - ok
22:17:27.0062 4516 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:17:27.0078 4516 NetDDEdsdm - ok
22:17:27.0109 4516 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:17:27.0109 4516 Netlogon - ok
22:17:27.0187 4516 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
22:17:27.0250 4516 Netman - ok
22:17:27.0640 4516 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:17:27.0640 4516 NetTcpPortSharing - ok
22:17:27.0687 4516 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:17:27.0687 4516 NIC1394 - ok
22:17:27.0796 4516 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
22:17:27.0828 4516 Nla - ok
22:17:28.0015 4516 NMIndexingService (a328a46d87bb92ce4d8a4528e9d84787) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
22:17:28.0031 4516 NMIndexingService - ok
22:17:28.0078 4516 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:17:28.0093 4516 Npfs - ok
22:17:28.0281 4516 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:17:28.0546 4516 Ntfs - ok
22:17:28.0593 4516 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
22:17:28.0593 4516 NtLmSsp - ok
22:17:28.0796 4516 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
22:17:28.0921 4516 NtmsSvc - ok
22:17:28.0968 4516 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:17:28.0968 4516 Null - ok
22:17:29.0031 4516 nvax (c940418d48b98359e9ccbad695e5f530) C:\WINDOWS\system32\drivers\nvax.sys
22:17:29.0031 4516 nvax - ok
22:17:29.0078 4516 NVENET (fbe448efa5484a256528e1d02b959bbc) C:\WINDOWS\system32\DRIVERS\NVENET.sys
22:17:29.0078 4516 NVENET - ok
22:17:29.0250 4516 nvnforce (b000a8b4946f786a56c7b020620b3a46) C:\WINDOWS\system32\drivers\nvapu.sys
22:17:29.0281 4516 nvnforce - ok
22:17:29.0328 4516 nv_agp (db36442c20793c53b4128eb85f9a3d32) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
22:17:29.0328 4516 nv_agp - ok
22:17:29.0359 4516 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:17:29.0359 4516 NwlnkFlt - ok
22:17:29.0375 4516 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:17:29.0375 4516 NwlnkFwd - ok
22:17:30.0218 4516 O&O Defrag (1d9baf4448f947536772a62acd8e7945) C:\WINDOWS\system32\oodag.exe
22:17:30.0390 4516 O&O Defrag - ok
22:17:30.0484 4516 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:17:30.0484 4516 ohci1394 - ok
22:17:30.0609 4516 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:17:30.0609 4516 ose - ok
22:17:30.0671 4516 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:17:30.0671 4516 Parport - ok
22:17:30.0687 4516 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:17:30.0703 4516 PartMgr - ok
22:17:30.0765 4516 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:17:30.0765 4516 ParVdm - ok
22:17:30.0796 4516 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:17:30.0796 4516 PCI - ok
22:17:30.0812 4516 PCIDump - ok
22:17:30.0828 4516 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:17:30.0828 4516 PCIIde - ok
22:17:30.0890 4516 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:17:30.0937 4516 Pcmcia - ok
22:17:30.0937 4516 PDCOMP - ok
22:17:30.0953 4516 PDFRAME - ok
22:17:30.0984 4516 PDRELI - ok
22:17:31.0000 4516 PDRFRAME - ok
22:17:31.0000 4516 perc2 - ok
22:17:31.0015 4516 perc2hib - ok
22:17:31.0109 4516 pfc (957b82ec80ad7ead64e5e47df6b0dc40) C:\WINDOWS\system32\drivers\pfc.sys
22:17:31.0109 4516 pfc - ok
22:17:31.0109 4516 pgfilter - ok
22:17:31.0203 4516 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:17:31.0218 4516 PlugPlay - ok
22:17:31.0250 4516 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:17:31.0265 4516 PolicyAgent - ok
22:17:31.0312 4516 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:17:31.0312 4516 PptpMiniport - ok
22:17:31.0343 4516 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
22:17:31.0343 4516 Processor - ok
22:17:31.0359 4516 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:17:31.0359 4516 ProtectedStorage - ok
22:17:31.0468 4516 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:17:31.0468 4516 Ptilink - ok
22:17:31.0468 4516 ql1080 - ok
22:17:31.0484 4516 Ql10wnt - ok
22:17:31.0500 4516 ql12160 - ok
22:17:31.0515 4516 ql1240 - ok
22:17:31.0531 4516 ql1280 - ok
22:17:31.0546 4516 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:17:31.0546 4516 RasAcd - ok
22:17:31.0625 4516 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
22:17:31.0640 4516 RasAuto - ok
22:17:31.0687 4516 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:17:31.0687 4516 Rasl2tp - ok
22:17:31.0828 4516 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
22:17:31.0875 4516 RasMan - ok
22:17:31.0921 4516 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:17:31.0921 4516 RasPppoe - ok
22:17:31.0937 4516 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:17:31.0937 4516 Raspti - ok
22:17:32.0031 4516 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:17:32.0031 4516 Rdbss - ok
22:17:32.0046 4516 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:17:32.0046 4516 RDPCDD - ok
22:17:32.0140 4516 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:17:32.0140 4516 rdpdr - ok
22:17:32.0203 4516 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
22:17:32.0250 4516 RDPWD - ok
22:17:32.0328 4516 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
22:17:32.0390 4516 RDSessMgr - ok
22:17:32.0515 4516 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:17:32.0515 4516 redbook - ok
22:17:32.0562 4516 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
22:17:32.0578 4516 RemoteAccess - ok
22:17:32.0625 4516 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
22:17:32.0640 4516 RemoteRegistry - ok
22:17:32.0703 4516 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
22:17:32.0703 4516 RFCOMM - ok
22:17:32.0750 4516 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
22:17:32.0750 4516 RpcLocator - ok
22:17:32.0937 4516 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
22:17:32.0937 4516 RpcSs - ok
22:17:33.0031 4516 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
22:17:33.0031 4516 RSVP - ok
22:17:33.0078 4516 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:17:33.0078 4516 SamSs - ok
22:17:33.0140 4516 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
22:17:33.0140 4516 SCardSvr - ok
22:17:33.0234 4516 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
22:17:33.0296 4516 Schedule - ok
22:17:33.0343 4516 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:17:33.0343 4516 Secdrv - ok
22:17:33.0375 4516 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
22:17:33.0375 4516 seclogon - ok
22:17:33.0593 4516 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
22:17:33.0609 4516 SENS - ok
22:17:33.0640 4516 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:17:33.0640 4516 serenum - ok
22:17:33.0687 4516 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:17:33.0687 4516 Serial - ok
22:17:33.0750 4516 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
22:17:33.0750 4516 Sfloppy - ok
22:17:33.0921 4516 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
22:17:34.0031 4516 SharedAccess - ok
22:17:34.0109 4516 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:17:34.0109 4516 ShellHWDetection - ok
22:17:34.0125 4516 Simbad - ok
22:17:34.0171 4516 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
22:17:34.0171 4516 SONYPVU1 - ok
22:17:34.0171 4516 Sparrow - ok
22:17:34.0218 4516 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:17:34.0218 4516 splitter - ok
22:17:34.0281 4516 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:17:34.0281 4516 Spooler - ok
22:17:34.0312 4516 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:17:34.0312 4516 sr - ok
22:17:34.0578 4516 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
22:17:34.0640 4516 srservice - ok
22:17:34.0796 4516 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:17:34.0843 4516 Srv - ok
22:17:34.0921 4516 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
22:17:34.0953 4516 SSDPSRV - ok
22:17:35.0109 4516 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
22:17:35.0140 4516 stisvc - ok
22:17:35.0156 4516 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:17:35.0156 4516 swenum - ok
22:17:35.0187 4516 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:17:35.0187 4516 swmidi - ok
22:17:35.0203 4516 SwPrv - ok
22:17:35.0218 4516 symc810 - ok
22:17:35.0234 4516 symc8xx - ok
22:17:35.0250 4516 sym_hi - ok
22:17:35.0250 4516 sym_u3 - ok
22:17:35.0296 4516 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:17:35.0296 4516 sysaudio - ok
22:17:35.0359 4516 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
22:17:35.0359 4516 SysmonLog - ok
22:17:35.0625 4516 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
22:17:35.0703 4516 TapiSrv - ok
22:17:35.0859 4516 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:17:35.0921 4516 Tcpip - ok
22:17:35.0968 4516 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:17:35.0984 4516 TDPIPE - ok
22:17:36.0015 4516 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:17:36.0015 4516 TDTCP - ok
22:17:36.0062 4516 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:17:36.0062 4516 TermDD - ok
22:17:36.0203 4516 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
22:17:36.0281 4516 TermService - ok
22:17:36.0390 4516 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:17:36.0390 4516 Themes - ok
22:17:36.0578 4516 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
22:17:36.0593 4516 TlntSvr - ok
22:17:36.0593 4516 TosIde - ok
22:17:36.0671 4516 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
22:17:36.0703 4516 TrkWks - ok
22:17:36.0750 4516 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:17:36.0765 4516 Udfs - ok
22:17:36.0781 4516 ultra - ok
22:17:36.0937 4516 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:17:37.0062 4516 Update - ok
22:17:37.0156 4516 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
22:17:37.0218 4516 upnphost - ok
22:17:37.0234 4516 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
22:17:37.0234 4516 UPS - ok
22:17:37.0296 4516 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:17:37.0296 4516 USBAAPL - ok
22:17:37.0312 4516 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:17:37.0328 4516 usbehci - ok
22:17:37.0390 4516 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:17:37.0390 4516 usbhub - ok
22:17:37.0406 4516 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:17:37.0421 4516 usbohci - ok
22:17:37.0562 4516 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:17:37.0562 4516 usbprint - ok
22:17:37.0609 4516 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:17:37.0609 4516 usbscan - ok
22:17:37.0625 4516 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:17:37.0625 4516 USBSTOR - ok
22:17:37.0718 4516 VBoxDrv (fbc88ad8c79880ac987a67f4ffb1dddf) C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys
22:17:37.0734 4516 VBoxDrv - ok
22:17:37.0781 4516 VBoxNetAdp (2d1d7dfbf0b5e93f4bf3d73c57b1ce70) C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
22:17:37.0781 4516 VBoxNetAdp - ok
22:17:37.0843 4516 VBoxNetFlt (02a746d80f929c146a2480e377d07f95) C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys
22:17:37.0843 4516 VBoxNetFlt - ok
22:17:37.0890 4516 VBoxUSB (bd0a488ad85d2936859888a55af3158e) C:\WINDOWS\system32\Drivers\VBoxUSB.sys
22:17:37.0890 4516 VBoxUSB - ok
22:17:37.0921 4516 VBoxUSBMon (64d26ce37ab1cd12360d344ba624aeaf) C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys
22:17:37.0921 4516 VBoxUSBMon - ok
22:17:37.0984 4516 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:17:37.0984 4516 VgaSave - ok
22:17:38.0000 4516 ViaIde - ok
22:17:38.0015 4516 VMnetAdapter - ok
22:17:38.0062 4516 vncmirror (3b8f222b23917c041e4da29ccc57e7d0) C:\WINDOWS\system32\DRIVERS\vncmirror.sys
22:17:38.0062 4516 vncmirror - ok
22:17:38.0109 4516 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:17:38.0125 4516 VolSnap - ok
22:17:38.0281 4516 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
22:17:38.0296 4516 VSS - ok
22:17:38.0375 4516 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
22:17:38.0578 4516 W32Time - ok
22:17:38.0609 4516 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:17:38.0625 4516 Wanarp - ok
22:17:38.0625 4516 WDICA - ok
22:17:38.0703 4516 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:17:38.0703 4516 wdmaud - ok
22:17:38.0781 4516 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
22:17:38.0796 4516 WebClient - ok
22:17:38.0937 4516 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:17:38.0984 4516 winmgmt - ok
22:17:39.0000 4516 WinVNC4 - ok
22:17:39.0046 4516 WmdmPmSN (482069cda24aa0e94b1351e30eb3d01f) C:\WINDOWS\system32\MsPMSNSv.dll
22:17:39.0046 4516 WmdmPmSN - ok
22:17:39.0375 4516 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
22:17:39.0546 4516 Wmi - ok
22:17:39.0625 4516 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
22:17:39.0625 4516 WmiApSrv - ok
22:17:40.0015 4516 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:17:40.0156 4516 WPFFontCache_v0400 - ok
22:17:40.0250 4516 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:17:40.0250 4516 WS2IFSL - ok
22:17:40.0328 4516 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
22:17:40.0343 4516 wscsvc - ok
22:17:40.0375 4516 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
22:17:40.0406 4516 wuauserv - ok
22:17:40.0703 4516 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
22:17:40.0859 4516 WZCSVC - ok
22:17:40.0859 4516 xcpip - ok
22:17:40.0937 4516 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
22:17:41.0046 4516 xmlprov - ok
22:17:41.0062 4516 xpsec - ok
22:17:41.0125 4516 MBR (0x1B8) (f381baacfc1778337c007982b0c32d82) \Device\Harddisk0\DR0
22:17:41.0125 4516 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
22:17:41.0125 4516 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
22:17:41.0156 4516 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:17:41.0156 4516 \Device\Harddisk0\DR0 - detected TDSS File System (1)
22:17:41.0171 4516 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
22:17:41.0234 4516 \Device\Harddisk1\DR1 - ok
22:17:41.0265 4516 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
22:17:41.0328 4516 \Device\Harddisk2\DR2 - ok
22:17:41.0328 4516 Boot (0x1200) (242e5904b3426aca695380142f060a1d) \Device\Harddisk0\DR0\Partition0
22:17:41.0343 4516 \Device\Harddisk0\DR0\Partition0 - ok
22:17:41.0343 4516 ============================================================
22:17:41.0343 4516 Scan finished
22:17:41.0343 4516 ============================================================
22:17:41.0359 4508 Detected object count: 2
22:17:41.0359 4508 Actual detected object count: 2
22:19:01.0125 4508 \Device\Harddisk0\DR0\# - copied to quarantine
22:19:01.0125 4508 \Device\Harddisk0\DR0 - copied to quarantine
22:19:01.0171 4508 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot
22:19:01.0203 4508 \Device\Harddisk0\DR0 - ok
22:19:01.0203 4508 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure
22:19:01.0234 4508 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
22:19:01.0250 4508 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
22:19:01.0250 4508 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
22:19:01.0250 4508 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
22:19:01.0265 4508 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
22:19:01.0296 4508 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
22:19:01.0312 4508 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
22:19:01.0312 4508 \Device\Harddisk0\DR0\TDLFS - deleted
22:19:01.0312 4508 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
22:19:07.0218 4284 Deinitialize success


Listparts log:

ListParts by Farbar Version: 12-03-2012 03
Ran by Mark (administrator) on 29-04-2012 at 22:27:52
Windows XP (X86)
Running From: C:\Documents and Settings\Mark\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 37%
Total physical RAM: 1023.49 MB
Available physical RAM: 640.33 MB
Total Pagefile: 6998.83 MB
Available Pagefile: 6632.71 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.43 MB

======================= Partitions =========================

2 Drive c: (Kryten) (Fixed) (Total:76.68 GB) (Free:1.05 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive d: (Apps) (Fixed) (Total:152.66 GB) (Free:68.45 GB) NTFS
4 Drive e: (Data) (Fixed) (Total:465.76 GB) (Free:260.24 GB) NTFS
6 Drive z: (Volume_1) (Network) (Total:3663.69 GB) (Free:2760.59 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 77 GB 0 B
Disk 1 Online 466 GB 0 B
Disk 2 Online 153 GB 0 B *

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 77 GB 32 KB
======================================================================================================

Disk: 0
The disk management services could not complete the operation.

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 466 GB 32 KB
======================================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Data NTFS Partition 466 GB Healthy Pagefile
======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Dynamic Data 153 GB 32 KB
======================================================================================================

Disk: 2
The disk management services could not complete the operation.

======================================================================================================

****** End Of Log ******

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:51 PM

Posted 29 April 2012 - 07:09 PM

very good,

Please re-run comboFix, allow it to update if it asks to do so (remember to disable your security programs

NEXT

Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish


NEXT

Please advise how the computer is running and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 AgentCormac

AgentCormac
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 01 May 2012 - 11:40 AM

Hi CatByte.

I have followed your instructions. Eset has still found infections. Computer still sluggish. Please find the logs below:

Combo fix log:

ComboFix 12-04-29.02 - Mark 30/04/2012 11:25:15.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.528 [GMT 1:00]
Running from: c:\documents and settings\Shed\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Mark\2gweorjqjutp92vjy9gake
c:\documents and settings\Mark\Application Data\Adobe\plugs
c:\documents and settings\Mark\Application Data\Adobe\shed
c:\documents and settings\Mark\Application Data\Adobe\shed\thr1.chm
c:\documents and settings\Shed\My Documents\gmer.log
C:\Documents
c:\windows\_detmp.2
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\sstray.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-30 )))))))))))))))))))))))))))))))
.
.
2012-04-29 21:19 . 2012-04-29 21:19 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-28 10:24 . 2012-04-28 10:24 -------- d-----w- C:\HelpAsst_backup
2012-04-27 21:52 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-04-27 21:44 . 2012-01-09 16:20 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-04-27 21:44 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-04-27 21:43 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-04-27 21:43 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-04-27 21:35 . 2012-04-28 09:39 -------- d--h--w- c:\windows\$hf_mig$
2012-04-25 15:00 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2012-04-23 12:09 . 2012-04-23 12:09 12600 ----a-w- c:\windows\system32\drivers\PROCEXP111.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-07 15:40 . 2011-05-15 10:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01 . 2001-08-23 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2001-08-23 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:08 . 2001-08-23 12:00 178176 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:08 . 2001-08-23 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2009-01-08 21:47 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:22 . 2001-08-23 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-25_10.13.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-18 21:51 . 2011-04-18 21:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll
+ 2011-04-18 21:51 . 2011-04-18 21:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll
+ 2011-04-18 21:51 . 2011-04-18 21:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll
+ 2011-04-18 21:51 . 2011-04-18 21:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll
+ 2011-04-18 21:51 . 2011-04-18 21:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll
+ 2011-04-18 21:51 . 2011-04-18 21:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll
+ 2011-04-18 21:51 . 2011-04-18 21:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll
+ 2011-04-18 21:51 . 2011-04-18 21:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll
+ 2011-04-18 21:51 . 2011-04-18 21:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
+ 2011-04-18 21:51 . 2011-04-18 21:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll
+ 2011-04-18 21:51 . 2011-04-18 21:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll
+ 2011-04-18 21:51 . 2011-04-18 21:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll
+ 2011-04-18 21:51 . 2011-04-18 21:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll
+ 2011-04-18 21:51 . 2011-04-18 21:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll
+ 2011-05-13 19:17 . 2011-05-13 19:17 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920\vcomp.dll
+ 2011-05-13 18:45 . 2011-05-13 18:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll
+ 2011-05-13 18:45 . 2011-05-13 18:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll
+ 2011-05-13 18:45 . 2011-05-13 18:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll
+ 2011-05-13 18:45 . 2011-05-13 18:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll
+ 2011-05-13 18:45 . 2011-05-13 18:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll
+ 2011-05-13 18:45 . 2011-05-13 18:45 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
+ 2011-05-13 18:45 . 2011-05-13 18:45 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll
+ 2011-05-13 18:45 . 2011-05-13 18:45 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll
+ 2011-05-13 18:45 . 2011-05-13 18:45 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll
+ 2011-05-14 00:06 . 2011-05-14 00:06 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll
+ 2011-05-14 00:23 . 2011-05-14 00:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll
+ 2011-05-13 17:37 . 2011-05-13 17:37 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll
+ 2009-01-09 18:39 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe
- 2009-01-09 18:39 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
+ 2012-04-28 07:19 . 2007-04-09 13:23 46472 c:\windows\system32\spool\drivers\w32x86\mdiui.dll
- 2010-05-20 07:50 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
+ 2010-05-20 07:50 . 2010-07-05 13:15 17272 c:\windows\system32\spmsg.dll
+ 2001-08-23 12:00 . 2012-04-28 10:20 73644 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2011-11-18 12:35 60416 c:\windows\system32\packager.exe
+ 2001-08-23 12:00 . 2011-09-26 10:41 20480 c:\windows\system32\oleaccrc.dll
- 2001-08-23 12:00 . 2010-11-06 00:26 66560 c:\windows\system32\mshtmled.dll
+ 2001-08-23 12:00 . 2012-03-01 11:01 66560 c:\windows\system32\mshtmled.dll
+ 2007-08-13 18:54 . 2012-03-01 11:01 55296 c:\windows\system32\msfeedsbs.dll
- 2007-08-13 18:54 . 2010-11-06 00:26 55296 c:\windows\system32\msfeedsbs.dll
- 2001-08-23 12:00 . 2008-04-14 05:41 23040 c:\windows\system32\mciseq.dll
+ 2001-08-23 12:00 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll
- 2001-08-23 12:00 . 2010-11-06 00:26 25600 c:\windows\system32\jsproxy.dll
+ 2001-08-23 12:00 . 2012-03-01 11:01 25600 c:\windows\system32\jsproxy.dll
+ 2001-08-23 12:00 . 2011-07-08 14:02 10496 c:\windows\system32\drivers\ndistapi.sys
- 2001-08-23 12:00 . 2008-04-14 05:41 45568 c:\windows\system32\dnsrslvr.dll
+ 2001-08-23 12:00 . 2009-04-20 17:17 45568 c:\windows\system32\dnsrslvr.dll
- 2009-06-21 11:16 . 2010-11-06 00:26 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-06-21 11:16 . 2012-03-01 11:01 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2011-11-18 12:35 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe
+ 2001-08-23 12:00 . 2011-09-26 10:41 20480 c:\windows\system32\dllcache\oleaccrc.dll
+ 2007-08-13 18:54 . 2012-03-01 11:01 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2007-08-13 18:54 . 2010-11-06 00:26 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2009-01-10 15:08 . 2010-11-06 00:26 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-01-10 15:08 . 2012-03-01 11:01 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2011-10-14 14:47 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll
+ 2007-08-13 18:44 . 2012-03-01 11:01 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2007-08-13 18:44 . 2010-11-06 00:26 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2007-08-13 18:54 . 2012-03-01 11:01 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2007-08-13 18:54 . 2010-11-06 00:26 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-04-20 17:17 . 2009-04-20 17:17 45568 c:\windows\system32\dllcache\dnsrslvr.dll
+ 2009-12-14 07:08 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2009-12-14 07:08 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2001-08-23 12:00 . 2009-12-14 07:08 33280 c:\windows\system32\csrsrv.dll
+ 2001-08-23 12:00 . 2011-10-28 05:31 33280 c:\windows\system32\csrsrv.dll
+ 2009-01-07 21:37 . 2012-04-27 21:56 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-07 21:37 . 2012-04-24 14:24 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-07 21:37 . 2012-04-27 21:56 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-07 21:37 . 2012-04-24 14:24 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-04-25 14:38 . 2012-04-27 21:56 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-07 21:37 . 2012-04-24 14:24 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2010-03-18 12:16 . 2010-03-18 12:16 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2011-07-09 08:30 . 2011-07-09 08:30 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2011-12-25 02:49 . 2011-12-25 02:49 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2011-06-29 11:00 . 2011-06-29 11:00 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-04-28 06:54 . 2012-04-28 06:54 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-04-28 06:54 . 2012-04-28 06:54 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2011-06-29 10:59 . 2011-06-29 10:59 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-04-28 06:54 . 2012-04-28 06:54 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2011-06-29 10:59 . 2011-06-29 10:59 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-04-28 06:54 . 2012-04-28 06:54 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2011-06-29 11:00 . 2011-06-29 11:00 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2011-06-29 11:00 . 2011-06-29 11:00 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-04-28 06:54 . 2012-04-28 06:54 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-04-28 06:52 . 2012-04-28 06:52 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2011-06-29 10:58 . 2011-06-29 10:58 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2011-06-29 10:59 . 2011-06-29 10:59 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-04-28 06:53 . 2012-04-28 06:53 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2011-06-29 10:58 . 2011-06-29 10:58 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-04-28 06:52 . 2012-04-28 06:52 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2011-06-29 10:58 . 2011-06-29 10:58 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-04-28 06:52 . 2012-04-28 06:52 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-04-28 06:52 . 2012-04-28 06:52 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2011-06-29 10:58 . 2011-06-29 10:58 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-04-28 06:51 . 2012-04-28 06:51 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-06-29 10:57 . 2011-06-29 10:57 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-04-28 06:52 . 2012-04-28 06:52 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2011-06-29 10:58 . 2011-06-29 10:58 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2011-06-29 10:57 . 2011-06-29 10:57 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-04-28 06:52 . 2012-04-28 06:52 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2011-06-29 10:58 . 2011-06-29 10:58 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-04-28 06:52 . 2012-04-28 06:52 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2011-06-29 10:57 . 2011-06-29 10:57 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-04-28 06:51 . 2012-04-28 06:51 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-06-29 10:58 . 2011-06-29 10:58 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-04-28 06:52 . 2012-04-28 06:52 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-04-28 06:50 . 2012-04-28 06:50 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-06-29 10:56 . 2011-06-29 10:56 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-04-28 06:49 . 2012-04-28 06:49 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-06-29 10:56 . 2011-06-29 10:56 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-06-29 10:56 . 2011-06-29 10:56 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-04-28 06:50 . 2012-04-28 06:50 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-12-12 21:15 . 2010-11-30 13:48 12288 c:\windows\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-12-12 21:15 . 2012-04-28 08:48 12288 c:\windows\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-01-10 15:02 . 2012-04-28 08:44 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-01-10 15:02 . 2010-12-18 00:21 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-01-10 15:02 . 2010-12-18 00:21 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-01-10 15:02 . 2012-04-28 08:43 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-01-10 15:02 . 2012-04-28 08:44 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-01-10 15:02 . 2010-12-18 00:21 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-01-10 15:02 . 2012-04-28 08:44 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-01-10 15:02 . 2010-12-18 00:21 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-01-10 15:02 . 2010-12-18 00:21 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-01-10 15:02 . 2012-04-28 08:43 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-01-10 15:02 . 2010-12-18 00:21 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-01-10 15:02 . 2012-04-28 08:43 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2012-04-28 11:10 . 2010-11-06 00:26 12800 c:\windows\ie8updates\KB2675157-IE8\xpshims.dll
+ 2012-04-28 11:10 . 2010-11-06 00:26 66560 c:\windows\ie8updates\KB2675157-IE8\mshtmled.dll
+ 2012-04-28 11:10 . 2010-11-06 00:26 55296 c:\windows\ie8updates\KB2675157-IE8\msfeedsbs.dll
+ 2012-04-28 11:10 . 2010-11-06 00:26 43520 c:\windows\ie8updates\KB2675157-IE8\licmgr10.dll
+ 2012-04-28 11:10 . 2010-11-06 00:26 25600 c:\windows\ie8updates\KB2675157-IE8\jsproxy.dll
+ 2012-04-28 07:28 . 2012-04-28 07:28 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\8871f595a88025398e97f1a317d364c3\UIAutomationProvider.ni.dll
+ 2012-04-30 08:00 . 2012-04-30 08:00 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\dc18f8835437c567186d336edd0115b9\System.Windows.Presentation.ni.dll
+ 2012-04-30 07:59 . 2012-04-30 07:59 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\2a2358c9177d9f49afd13ce3924fb0fa\System.Web.ApplicationServices.ni.dll
+ 2012-04-30 07:58 . 2012-04-30 07:58 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\55007586f4a5baf15e6ddfb2efcb94aa\System.ServiceModel.Channels.ni.dll
+ 2012-04-28 07:33 . 2012-04-28 07:33 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\0ec1cad50012bd215c9aab99c76881c6\System.AddIn.Contract.ni.dll
+ 2012-04-28 07:26 . 2012-04-28 07:26 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\3b05815cd5795366e31588d9e3b3da88\Microsoft.VisualC.ni.dll
+ 2012-04-28 07:21 . 2012-04-28 07:21 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\40a7b0f4a5539779c06591802ceb11ca\Accessibility.ni.dll
+ 2012-04-28 09:51 . 2012-04-28 09:51 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll
+ 2012-04-28 08:53 . 2012-04-28 08:53 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\2cddd536dadeef050e4247682b0f6a04\UIAutomationProvider.ni.dll
+ 2012-04-28 11:00 . 2012-04-28 11:00 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\dab766b18e6fe0a8f53a93c56be7b40e\System.Windows.Presentation.ni.dll
+ 2012-04-28 10:59 . 2012-04-28 10:59 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\31b65443e56a470d199f293085576e05\System.Web.DynamicData.Design.ni.dll
+ 2012-04-28 10:56 . 2012-04-28 10:56 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\89dfd3999ad1d72c59243d7b4bf40d5a\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-04-28 10:55 . 2012-04-28 10:55 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\e6a9cd66d11a21776dbf425e8e28099c\System.AddIn.Contract.ni.dll
+ 2012-04-28 09:53 . 2012-04-28 09:53 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3aa4296d4aa01fe0533de2c15f818d5f\PresentationFontCache.ni.exe
+ 2012-04-28 09:47 . 2012-04-28 09:47 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\820acb71782d9cd006800b3ac7e1ca53\PresentationCFFRasterizer.ni.dll
+ 2012-04-28 10:58 . 2012-04-28 10:58 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\d07f0222f62dbed7898a6e2e909d407a\Microsoft.Vsa.ni.dll
+ 2012-04-28 09:51 . 2012-04-28 09:51 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\a140509b1342934fc5e58ae22ac9696c\Microsoft.VisualC.ni.dll
+ 2012-04-28 08:53 . 2012-04-28 08:53 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\8191fe6726ededf330ba744a7da7710e\Microsoft.VisualC.ni.dll
+ 2012-04-28 08:46 . 2012-04-28 08:46 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\b3874dfe33069d1892fad36fdb95685e\Microsoft.Build.Framework.ni.dll
+ 2012-04-28 10:55 . 2012-04-28 10:55 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\aefe683674c97a998f4e908c1a7ee7c6\Microsoft.Build.Framework.ni.dll
+ 2012-04-28 09:46 . 2012-04-28 09:46 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\845eef4d09f28da6ee05d99f93c90f6e\Microsoft.Build.Framework.ni.dll
+ 2012-04-28 10:54 . 2012-04-28 10:54 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\ab7ce2d94ca725c3889a4e3c1ee88ece\dfsvc.ni.exe
+ 2012-04-28 09:53 . 2012-04-28 09:53 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
+ 2012-04-28 08:55 . 2012-04-28 08:55 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\8a693ac0d20014bff4913e64c706a09f\Accessibility.ni.dll
- 2011-07-09 13:15 . 2011-07-09 13:15 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-04-28 09:29 . 2012-04-28 09:29 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-04-28 09:28 . 2012-04-28 09:28 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-07-09 13:15 . 2011-07-09 13:15 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-07-09 13:16 . 2011-07-09 13:16 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-04-28 09:31 . 2012-04-28 09:31 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-04-28 09:30 . 2012-04-28 09:30 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-07-09 13:15 . 2011-07-09 13:15 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-07-09 13:16 . 2011-07-09 13:16 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-04-28 09:31 . 2012-04-28 09:31 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-07-09 13:16 . 2011-07-09 13:16 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-04-28 09:31 . 2012-04-28 09:31 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-04-28 09:31 . 2012-04-28 09:31 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-07-09 13:15 . 2011-07-09 13:15 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-04-28 09:31 . 2012-04-28 09:31 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-07-09 13:16 . 2011-07-09 13:16 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-04-28 09:31 . 2012-04-28 09:31 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-07-09 13:16 . 2011-07-09 13:16 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-07-09 13:15 . 2011-07-09 13:15 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-04-28 09:30 . 2012-04-28 09:30 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-07-09 13:15 . 2011-07-09 13:15 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-04-28 09:30 . 2012-04-28 09:30 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-04-28 09:31 . 2012-04-28 09:31 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-07-09 13:16 . 2011-07-09 13:16 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-04-28 09:30 . 2012-04-28 09:30 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-07-09 13:15 . 2011-07-09 13:15 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-04-28 09:31 . 2012-04-28 09:31 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-07-09 13:16 . 2011-07-09 13:16 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-04-21 12:21 . 2011-02-17 12:32 5120 c:\windows\system32\xpsp4res.dll
- 2009-04-21 12:21 . 2010-08-26 12:52 5120 c:\windows\system32\xpsp4res.dll
- 2009-12-12 21:15 . 2010-11-30 13:48 4096 c:\windows\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-12-12 21:15 . 2012-04-28 08:48 4096 c:\windows\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-01-10 15:02 . 2012-04-28 08:44 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-01-10 15:02 . 2010-12-18 00:21 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2012-04-28 07:21 . 2012-04-28 07:21 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\c04acc6e5ecb2c3de680c1685f6730d4\dfsvc.ni.exe
- 2011-07-09 13:15 . 2011-07-09 13:15 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-04-28 09:30 . 2012-04-28 09:30 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-07-09 13:15 . 2011-07-09 13:15 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-04-28 09:31 . 2012-04-28 09:31 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-07-09 13:15 . 2011-07-09 13:15 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-04-28 09:31 . 2012-04-28 09:31 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2011-07-09 13:16 . 2011-07-09 13:16 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-04-28 09:31 . 2012-04-28 09:31 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-06-29 10:56 . 2011-06-29 10:56 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
+ 2012-04-28 06:50 . 2012-04-28 06:50 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
- 2011-06-29 10:56 . 2011-06-29 10:56 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
+ 2012-04-28 06:50 . 2012-04-28 06:50 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
- 2011-07-09 13:15 . 2011-07-09 13:15 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-04-28 09:29 . 2012-04-28 09:29 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-07-09 13:15 . 2011-07-09 13:15 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2012-04-28 09:29 . 2012-04-28 09:29 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-04-18 21:51 . 2011-04-18 21:51 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
+ 2011-04-18 21:51 . 2011-04-18 21:51 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
+ 2011-04-18 21:51 . 2011-04-18 21:51 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll
+ 2011-04-18 21:51 . 2011-04-18 21:51 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll
- 2001-08-23 12:00 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll
+ 2001-08-23 12:00 . 2011-11-25 21:57 293376 c:\windows\system32\winsrv.dll
+ 2001-08-23 12:00 . 2011-10-14 14:47 176128 c:\windows\system32\winmm.dll
- 2001-08-23 12:00 . 2008-04-14 05:42 176128 c:\windows\system32\winmm.dll
- 2009-01-08 21:47 . 2009-08-25 09:17 354816 c:\windows\system32\winhttp.dll
+ 2009-01-08 21:47 . 2011-11-16 14:21 354816 c:\windows\system32\winhttp.dll
+ 2001-08-23 12:00 . 2011-03-04 06:37 420864 c:\windows\system32\vbscript.dll
- 2001-08-23 12:00 . 2009-03-08 03:34 105984 c:\windows\system32\url.dll
+ 2001-08-23 12:00 . 2012-03-01 11:01 105984 c:\windows\system32\url.dll
+ 2008-07-29 18:59 . 2011-09-26 10:41 611328 c:\windows\system32\uiautomationcore.dll
+ 2012-04-28 07:19 . 2007-04-09 13:24 758664 c:\windows\system32\spool\drivers\w32x86\mdigraph.dll
+ 2001-08-23 12:00 . 2009-07-27 23:17 135168 c:\windows\system32\shsvcs.dll
- 2001-08-23 12:00 . 2008-04-14 05:42 135168 c:\windows\system32\shsvcs.dll
+ 2001-08-23 12:00 . 2011-01-21 14:44 439296 c:\windows\system32\shimgvw.dll
+ 2001-08-23 12:00 . 2011-11-16 14:21 152064 c:\windows\system32\schannel.dll
+ 2009-01-08 21:47 . 2011-02-09 13:53 270848 c:\windows\system32\sbe.dll
- 2009-01-08 21:47 . 2008-04-14 05:42 270848 c:\windows\system32\sbe.dll
- 2001-08-23 12:00 . 2008-04-14 05:42 386048 c:\windows\system32\qdvd.dll
+ 2001-08-23 12:00 . 2011-11-03 15:28 386048 c:\windows\system32\qdvd.dll
+ 2001-08-23 12:00 . 2012-04-28 10:20 466688 c:\windows\system32\perfh009.dat
+ 2001-08-23 12:00 . 2010-12-20 17:32 551936 c:\windows\system32\oleaut32.dll
- 2001-08-23 12:00 . 2008-04-14 05:42 551936 c:\windows\system32\oleaut32.dll
+ 2001-08-23 12:00 . 2011-09-26 10:41 220160 c:\windows\system32\oleacc.dll
+ 2001-08-23 12:00 . 2012-03-01 11:01 206848 c:\windows\system32\occache.dll
- 2001-08-23 12:00 . 2010-11-06 00:26 206848 c:\windows\system32\occache.dll
+ 2001-08-23 12:00 . 2010-12-09 15:15 718336 c:\windows\system32\ntdll.dll
+ 2001-08-23 12:00 . 2008-06-20 16:02 245248 c:\windows\system32\mswsock.dll
- 2001-08-23 12:00 . 2008-06-20 17:46 245248 c:\windows\system32\mswsock.dll
+ 2009-01-07 21:32 . 2011-01-27 11:57 677888 c:\windows\system32\mstsc.exe
- 2009-01-07 21:32 . 2008-04-14 05:42 677888 c:\windows\system32\mstsc.exe
- 2001-08-23 12:00 . 2010-11-06 00:26 611840 c:\windows\system32\mstime.dll
+ 2001-08-23 12:00 . 2012-03-01 11:01 611840 c:\windows\system32\mstime.dll
- 2007-08-13 18:54 . 2010-11-06 00:26 602112 c:\windows\system32\msfeeds.dll
+ 2007-08-13 18:54 . 2012-03-01 11:01 602112 c:\windows\system32\msfeeds.dll
+ 2001-08-23 12:00 . 2011-02-08 13:33 974848 c:\windows\system32\mfc42u.dll
- 2001-08-23 12:00 . 2010-09-18 11:23 974848 c:\windows\system32\mfc42u.dll
+ 2001-08-23 12:00 . 2011-02-08 13:33 978944 c:\windows\system32\mfc42.dll
- 2001-08-23 12:00 . 2009-06-25 08:25 730112 c:\windows\system32\lsasrv.dll
+ 2001-08-23 12:00 . 2010-12-20 17:26 730112 c:\windows\system32\lsasrv.dll
+ 2001-08-23 12:00 . 2010-12-22 12:34 301568 c:\windows\system32\kerberos.dll
- 2001-08-23 12:00 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll
+ 2001-08-23 12:00 . 2011-03-04 06:37 726528 c:\windows\system32\jscript.dll
- 2001-08-23 12:00 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll
+ 2009-01-07 21:33 . 2011-10-10 14:22 692736 c:\windows\system32\inetcomm.dll
- 2009-01-07 21:33 . 2010-06-09 07:43 692736 c:\windows\system32\inetcomm.dll
+ 2001-08-23 12:00 . 2012-03-01 11:01 184320 c:\windows\system32\iepeers.dll
- 2001-08-23 12:00 . 2010-11-06 00:26 184320 c:\windows\system32\iepeers.dll
- 2001-08-23 12:00 . 2010-11-06 00:26 387584 c:\windows\system32\iedkcs32.dll
+ 2001-08-23 12:00 . 2012-03-01 11:01 387584 c:\windows\system32\iedkcs32.dll
+ 2001-08-23 12:00 . 2012-02-29 12:17 174080 c:\windows\system32\ie4uinit.exe
+ 2009-01-07 21:11 . 2012-04-28 10:11 267800 c:\windows\system32\FNTCACHE.DAT
- 2009-01-07 21:11 . 2011-07-11 05:09 267800 c:\windows\system32\FNTCACHE.DAT
- 2009-01-08 21:47 . 2008-04-14 05:41 186880 c:\windows\system32\encdec.dll
+ 2009-01-08 21:47 . 2011-10-18 11:13 186880 c:\windows\system32\encdec.dll
+ 2001-08-23 12:00 . 2011-02-17 13:18 357888 c:\windows\system32\drivers\srv.sys
+ 2009-01-07 21:32 . 2012-01-09 16:20 139784 c:\windows\system32\drivers\rdpwd.sys
+ 2001-08-23 12:00 . 2011-04-21 13:37 105472 c:\windows\system32\drivers\mup.sys
+ 2001-08-23 12:00 . 2011-07-15 13:29 456320 c:\windows\system32\drivers\mrxsmb.sys
+ 2001-08-23 12:00 . 2011-08-17 13:49 138496 c:\windows\system32\drivers\afd.sys
- 2001-08-23 12:00 . 2008-08-14 10:04 138496 c:\windows\system32\drivers\afd.sys
+ 2001-08-23 12:00 . 2011-03-03 06:55 149504 c:\windows\system32\dnsapi.dll
- 2009-02-27 22:39 . 2009-12-24 06:42 178176 c:\windows\system32\dllcache\wintrust.dll
+ 2009-02-27 22:39 . 2012-02-29 14:08 178176 c:\windows\system32\dllcache\wintrust.dll
- 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2010-06-18 17:45 . 2011-11-25 21:57 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2011-10-14 14:47 . 2011-10-14 14:47 176128 c:\windows\system32\dllcache\winmm.dll
+ 2007-08-13 18:54 . 2012-03-01 11:01 916992 c:\windows\system32\dllcache\wininet.dll
- 2008-12-16 12:30 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2008-12-16 12:30 . 2011-11-16 14:21 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2007-08-13 18:54 . 2011-04-30 03:01 758784 c:\windows\system32\dllcache\vgx.dll
+ 2007-08-13 18:54 . 2011-03-04 06:37 420864 c:\windows\system32\dllcache\vbscript.dll
+ 2007-08-13 18:44 . 2012-03-01 11:01 105984 c:\windows\system32\dllcache\url.dll
- 2007-08-13 18:44 . 2009-03-08 03:34 105984 c:\windows\system32\dllcache\url.dll
+ 2009-01-09 21:19 . 2011-02-17 13:18 357888 c:\windows\system32\dllcache\srv.sys
+ 2009-07-27 23:17 . 2009-07-27 23:17 135168 c:\windows\system32\dllcache\shsvcs.dll
+ 2011-01-21 14:44 . 2011-01-21 14:44 439296 c:\windows\system32\dllcache\shimgvw.dll
+ 2008-12-05 06:54 . 2011-11-16 14:21 152064 c:\windows\system32\dllcache\schannel.dll
+ 2011-02-09 13:53 . 2011-02-09 13:53 270848 c:\windows\system32\dllcache\sbe.dll
+ 2011-11-03 15:28 . 2011-11-03 15:28 386048 c:\windows\system32\dllcache\qdvd.dll
+ 2010-12-20 17:32 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll
+ 2001-08-23 12:00 . 2011-09-26 10:41 220160 c:\windows\system32\dllcache\oleacc.dll
- 2007-08-13 18:44 . 2010-11-06 00:26 206848 c:\windows\system32\dllcache\occache.dll
+ 2007-08-13 18:44 . 2012-03-01 11:01 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-04-21 12:21 . 2010-12-09 15:15 718336 c:\windows\system32\dllcache\ntdll.dll
- 2008-06-20 17:46 . 2008-06-20 17:46 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2008-06-20 17:46 . 2008-06-20 16:02 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2007-08-13 18:54 . 2012-03-01 11:01 611840 c:\windows\system32\dllcache\mstime.dll
- 2007-08-13 18:54 . 2010-11-06 00:26 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-01-10 15:08 . 2012-03-01 11:01 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2009-01-10 15:08 . 2010-11-06 00:26 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-01-09 21:17 . 2011-07-15 13:29 456320 c:\windows\system32\dllcache\mrxsmb.sys
+ 2010-09-18 11:23 . 2011-02-08 13:33 974848 c:\windows\system32\dllcache\mfc42u.dll
- 2010-09-18 11:23 . 2010-09-18 11:23 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2010-10-23 17:32 . 2011-02-08 13:33 978944 c:\windows\system32\dllcache\mfc42.dll
+ 2009-04-21 12:21 . 2010-12-20 17:26 730112 c:\windows\system32\dllcache\lsasrv.dll
- 2009-04-21 12:21 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2011-01-27 11:57 . 2011-01-27 11:57 677888 c:\windows\system32\dllcache\lhmstsc.exe
+ 2009-06-25 08:25 . 2010-12-22 12:34 301568 c:\windows\system32\dllcache\kerberos.dll
- 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2007-08-13 18:38 . 2011-03-04 06:37 726528 c:\windows\system32\dllcache\jscript.dll
- 2007-08-13 18:38 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll
- 2009-01-09 21:17 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2009-01-09 21:17 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2012-02-29 14:08 . 2012-02-29 14:08 148480 c:\windows\system32\dllcache\imagehlp.dll
+ 2009-06-21 11:16 . 2012-03-01 11:01 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-06-21 11:16 . 2010-11-06 00:26 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2007-08-13 18:54 . 2010-11-06 00:26 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-13 18:54 . 2012-03-01 11:01 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-06-13 21:08 . 2012-03-01 11:01 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-06-13 21:08 . 2010-11-06 00:26 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2007-08-13 18:39 . 2010-11-06 00:26 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-13 18:39 . 2012-03-01 11:01 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-13 18:39 . 2012-02-29 12:17 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2011-10-18 11:13 . 2011-10-18 11:13 186880 c:\windows\system32\dllcache\encdec.dll
+ 2008-06-20 17:46 . 2011-03-03 06:55 149504 c:\windows\system32\dllcache\dnsapi.dll
+ 2009-02-27 22:39 . 2011-09-28 07:05 599552 c:\windows\system32\dllcache\crypt32.dll
- 2009-02-27 22:39 . 2008-11-13 14:18 599552 c:\windows\system32\dllcache\crypt32.dll
+ 2010-04-20 05:30 . 2011-02-15 12:56 290432 c:\windows\system32\dllcache\atmfd.dll
+ 2009-01-09 21:19 . 2011-08-17 13:49 138496 c:\windows\system32\dllcache\afd.sys
- 2009-01-09 21:19 . 2008-08-14 10:04 138496 c:\windows\system32\dllcache\afd.sys
- 2001-08-23 12:00 . 2008-11-13 14:18 599552 c:\windows\system32\crypt32.dll
+ 2001-08-23 12:00 . 2011-09-28 07:05 599552 c:\windows\system32\crypt32.dll
+ 2001-08-23 12:00 . 2011-02-15 12:56 290432 c:\windows\system32\atmfd.dll
+ 2011-07-09 08:30 . 2011-07-09 08:30 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
- 2010-03-18 12:16 . 2010-03-18 12:16 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
+ 2011-12-26 03:39 . 2011-12-26 03:39 192792 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
+ 2011-07-09 08:30 . 2011-07-09 08:30 956240 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
- 2010-03-18 12:16 . 2010-03-18 12:16 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
+ 2011-04-12 14:11 . 2011-04-12 14:11 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
+ 2011-12-25 02:49 . 2011-12-25 02:49 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2010-05-11 05:40 . 2010-05-11 05:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-07-07 04:18 . 2011-07-07 04:18 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-03-25 05:15 . 2011-03-25 05:15 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2010-05-11 05:40 . 2010-05-11 05:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-07-07 04:18 . 2011-07-07 04:18 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2011-06-29 10:59 . 2011-06-29 10:59 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-04-28 06:54 . 2012-04-28 06:54 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2011-06-29 10:59 . 2011-06-29 10:59 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-04-28 06:54 . 2012-04-28 06:54 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-04-28 06:52 . 2012-04-28 06:52 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2011-06-29 10:58 . 2011-06-29 10:58 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-04-28 06:53 . 2012-04-28 06:53 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2011-06-29 10:59 . 2011-06-29 10:59 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2011-06-29 10:59 . 2011-06-29 10:59 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-04-28 06:53 . 2012-04-28 06:53 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-04-28 06:53 . 2012-04-28 06:53 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2011-06-29 10:59 . 2011-06-29 10:59 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2011-06-29 10:57 . 2011-06-29 10:57 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-04-28 06:51 . 2012-04-28 06:51 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-04-28 06:53 . 2012-04-28 06:53 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2011-06-29 10:59 . 2011-06-29 10:59 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-04-28 06:53 . 2012-04-28 06:53 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2011-06-29 10:59 . 2011-06-29 10:59 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-04-28 06:53 . 2012-04-28 06:53 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2011-06-29 10:59 . 2011-06-29 10:59 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-04-28 06:51 . 2012-04-28 06:51 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-06-29 10:57 . 2011-06-29 10:57 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-04-28 06:53 . 2012-04-28 06:53 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-06-29 10:59 . 2011-06-29 10:59 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-06-29 10:59 . 2011-06-29 10:59 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-04-28 06:53 . 2012-04-28 06:53 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-04-28 06:53 . 2012-04-28 06:53 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2011-06-29 10:59 . 2011-06-29 10:59 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-04-28 06:52 . 2012-04-28 06:52 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2011-06-29 10:58 . 2011-06-29 10:58 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2011-06-29 10:59 . 2011-06-29 10:59 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-04-28 06:53 . 2012-04-28 06:53 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-04-28 06:51 . 2012-04-28 06:51 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-06-29 10:57 . 2011-06-29 10:57 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-06-29 10:58 . 2011-06-29 10:58 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-04-28 06:52 . 2012-04-28 06:52 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2011-06-29 10:58 . 2011-06-29 10:58 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-04-28 06:53 . 2012-04-28 06:53 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2011-06-29 10:58 . 2011-06-29 10:58 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-04-28 06:53 . 2012-04-28 06:53 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2011-06-29 10:58 . 2011-06-29 10:58 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-04-28 06:53 . 2012-04-28 06:53 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-04-28 06:50 . 2012-04-28 06:50 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2011-06-29 10:56 . 2011-06-29 10:56 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-04-28 06:51 . 2012-04-28 06:51 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-06-29 10:57 . 2011-06-29 10:57 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-06-29 10:57 . 2011-06-29 10:57 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-04-28 06:51 . 2012-04-28 06:51 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-06-29 10:57 . 2011-06-29 10:57 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-04-28 06:51 . 2012-04-28 06:51 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-04-28 06:51 . 2012-04-28 06:51 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2011-06-29 10:57 . 2011-06-29 10:57 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-04-28 06:51 . 2012-04-28 06:51 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-06-29 10:57 . 2011-06-29 10:57 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-04-28 06:51 . 2012-04-28 06:51 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-06-29 10:57 . 2011-06-29 10:57 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-06-29 10:58 . 2011-06-29 10:58 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-04-28 06:52 . 2012-04-28 06:52 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-04-28 06:52 . 2012-04-28 06:52 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2011-06-29 10:58 . 2011-06-29 10:58 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-04-28 06:51 . 2012-04-28 06:51 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-06-29 10:57 . 2011-06-29 10:57 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-04-28 06:52 . 2012-04-28 06:52 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2011-06-29 10:58 . 2011-06-29 10:58 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-04-28 06:52 . 2012-04-28 06:52 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2011-06-29 10:57 . 2011-06-29 10:57 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2011-06-29 10:58 . 2011-06-29 10:58 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-04-28 06:53 . 2012-04-28 06:53 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-04-28 06:52 . 2012-04-28 06:52 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2011-06-29 10:58 . 2011-06-29 10:58 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-04-28 06:51 . 2012-04-28 06:51 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-06-29 10:57 . 2011-06-29 10:57 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-06-29 11:00 . 2011-06-29 11:00 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-04-28 06:54 . 2012-04-28 06:54 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2011-06-29 10:59 . 2011-06-29 10:59 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-04-28 06:54 . 2012-04-28 06:54 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-04-28 06:54 . 2012-04-28 06:54 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2011-06-29 10:59 . 2011-06-29 10:59 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-04-28 06:54 . 2012-04-28 06:54 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2011-06-29 10:59 . 2011-06-29 10:59 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2011-06-29 10:59 . 2011-06-29 10:59 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-04-28 06:54 . 2012-04-28 06:54 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2011-06-29 10:59 . 2011-06-29 10:59 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-04-28 06:54 . 2012-04-28 06:54 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2011-06-29 10:56 . 2011-06-29 10:56 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-04-28 06:50 . 2012-04-28 06:50 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-04-28 06:52 . 2012-04-28 06:52 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-06-29 10:58 . 2011-06-29 10:58 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-06-29 10:58 . 2011-06-29 10:58 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-04-28 06:52 . 2012-04-28 06:52 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2011-06-29 10:56 . 2011-06-29 10:56 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-04-28 06:50 . 2012-04-28 06:50 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-06-29 10:56 . 2011-06-29 10:56 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-04-28 06:50 . 2012-04-28 06:50 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-04-28 06:53 . 2012-04-28 06:53 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-06-29 10:59 . 2011-06-29 10:59 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-04-28 06:53 . 2012-04-28 06:54 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-06-29 10:59 . 2011-06-29 10:59 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-04-28 06:50 . 2012-04-28 06:50 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-06-29 10:56 . 2011-06-29 10:56 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-04-28 06:50 . 2012-04-28 06:50 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-06-29 10:56 . 2011-06-29 10:56 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-04-28 06:52 . 2012-04-28 06:52 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2011-06-29 10:58 . 2011-06-29 10:58 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-04-28 08:08 . 2012-04-28 08:08 223744 c:\windows\Installer\205f4aa.msi
+ 2011-12-25 04:40 . 2011-12-25 04:40 819200 c:\windows\Installer\205f4a1.msp
+ 2012-04-28 02:26 . 2012-04-28 02:26 467456 c:\windows\Installer\116b0ea.msi
+ 2009-12-12 21:15 . 2012-04-28 08:47 176128 c:\windows\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\visicon.exe
- 2009-12-12 21:15 . 2010-11-30 13:48 176128 c:\windows\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\visicon.exe
- 2009-12-12 21:15 . 2010-11-30 13:48 135168 c:\windows\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-12-12 21:15 . 2012-04-28 08:48 135168 c:\windows\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-01-10 15:02 . 2010-12-18 00:21 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-01-10 15:02 . 2012-04-28 08:43 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-01-10 15:02 . 2012-04-28 08:43 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2009-01-10 15:02 . 2010-12-18 00:21 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-01-10 15:02 . 2012-04-28 08:43 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-01-10 15:02 . 2010-12-18 00:21 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-01-10 15:02 . 2010-12-18 00:21 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-01-10 15:02 . 2012-04-28 08:44 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-01-10 15:02 . 2010-12-18 00:21 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-01-10 15:02 . 2012-04-28 08:43 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-01-10 15:02 . 2012-04-28 08:43 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2009-01-10 15:02 . 2010-12-18 00:21 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-06-20 05:29 . 2007-06-20 05:29 337816 c:\windows\Installer\$PatchCache$\Managed\9040150900063D11C8EF10054038389C\11.0.8173\ORMELEMS.DLL
+ 2012-04-28 11:10 . 2010-11-06 00:26 916480 c:\windows\ie8updates\KB2675157-IE8\wininet.dll
+ 2012-04-28 11:10 . 2009-03-08 03:34 105984 c:\windows\ie8updates\KB2675157-IE8\url.dll
+ 2012-04-28 11:10 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2675157-IE8\spuninst\updspapi.dll
+ 2012-04-28 11:10 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2675157-IE8\spuninst\spuninst.exe
+ 2012-04-28 11:10 . 2010-11-06 00:26 206848 c:\windows\ie8updates\KB2675157-IE8\occache.dll
+ 2012-04-28 11:10 . 2010-11-06 00:26 611840 c:\windows\ie8updates\KB2675157-IE8\mstime.dll
+ 2012-04-28 11:10 . 2010-11-06 00:26 602112 c:\windows\ie8updates\KB2675157-IE8\msfeeds.dll
+ 2012-04-28 11:10 . 2010-11-06 00:26 247808 c:\windows\ie8updates\KB2675157-IE8\ieproxy.dll
+ 2012-04-28 11:10 . 2010-11-06 00:26 184320 c:\windows\ie8updates\KB2675157-IE8\iepeers.dll
+ 2012-04-28 11:10 . 2010-11-06 00:26 743424 c:\windows\ie8updates\KB2675157-IE8\iedvtool.dll
+ 2012-04-28 11:10 . 2010-11-06 00:26 387584 c:\windows\ie8updates\KB2675157-IE8\iedkcs32.dll
+ 2012-04-28 11:10 . 2010-11-03 12:26 173568 c:\windows\ie8updates\KB2675157-IE8\ie4uinit.exe
+ 2012-04-28 02:18 . 2009-03-08 03:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll
+ 2012-04-28 02:18 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll
+ 2012-04-28 02:18 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
+ 2012-04-28 02:19 . 2010-03-10 06:15 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
+ 2012-04-28 02:19 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
+ 2012-04-28 02:19 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
+ 2012-04-28 02:19 . 2009-12-09 05:53 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll
+ 2009-01-09 21:17 . 2011-07-15 13:29 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2012-04-30 08:00 . 2012-04-30 08:00 252416 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\05b86ee88b477c8d944f2f6787d22cd0\WindowsFormsIntegration.ni.dll
+ 2012-04-28 07:28 . 2012-04-28 07:28 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\85de1eb339b5e50838b0f0b087318de2\UIAutomationTypes.ni.dll
+ 2012-04-30 08:00 . 2012-04-30 08:00 482816 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\0189caee1c5c439692df2026b9354971\UIAutomationClient.ni.dll
+ 2012-04-28 07:27 . 2012-04-28 07:27 391680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\95417c8454d37af7aeccb002b0ae2de6\System.Xml.Linq.ni.dll
+ 2012-04-28 07:28 . 2012-04-28 07:28 188928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\9c262052b4f8af65dae2cc47eb996198\System.Windows.Input.Manipulations.ni.dll
+ 2012-04-28 07:28 . 2012-04-28 07:28 646656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\70394b75242ed95f1a7d97bf24551a26\System.Transactions.ni.dll
+ 2012-04-30 07:59 . 2012-04-30 07:59 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\ccf98ead7c15387786eff7850628ce19\System.ServiceProcess.ni.dll
+ 2012-04-30 07:58 . 2012-04-30 07:58 365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\4ab19acc4cba2f25396bb6aabb0d04b4\System.ServiceModel.Routing.ni.dll
+ 2012-04-28 07:01 . 2012-04-28 07:01 729088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\6391cea31e8d8c3e41a7bd7c4e85e630\System.Security.ni.dll
+ 2012-04-28 07:28 . 2012-04-28 07:28 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\5299ae6c4305d47128a9e38fd7ce22bf\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-04-28 07:28 . 2012-04-28 07:28 762368 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\837fafdd228f8d05812677fd2ca8b6f7\System.Runtime.Remoting.ni.dll
+ 2012-04-28 07:01 . 2012-04-28 07:01 145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\5895655718b926d887cb61de7450aeb4\System.Numerics.ni.dll
+ 2012-04-28 11:06 . 2012-04-28 11:06 653312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\e4e4f8b9dee224b7e1ff7a6e24c0d47a\System.Net.ni.dll
+ 2012-04-28 11:06 . 2012-04-28 11:06 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\c66a9de77b8cddb5a5e98b33ff2bc105\System.Messaging.ni.dll
+ 2012-04-28 07:48 . 2012-04-28 07:48 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\5076f08a5d18b46b73dff5af71f10607\System.Management.Instrumentation.ni.dll
+ 2012-04-28 07:47 . 2012-04-28 07:47 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\eedc5a7d4f29742795045cba6d3c4b2d\System.IO.Log.ni.dll
+ 2012-04-28 07:47 . 2012-04-28 07:47 229376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\7b3fb43fe4332f4adab9aa278840505a\System.IdentityModel.Selectors.ni.dll
+ 2012-04-28 07:28 . 2012-04-28 07:28 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\912f19f2308c4bad0fb190dd9b628e24\System.EnterpriseServices.Wrapper.dll
+ 2012-04-28 07:28 . 2012-04-28 07:28 786944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\912f19f2308c4bad0fb190dd9b628e24\System.EnterpriseServices.ni.dll
+ 2012-04-28 07:00 . 2012-04-28 07:00 377344 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\e0f390830e96c6580e7900018c819c47\System.Dynamic.ni.dll
+ 2012-04-28 07:45 . 2012-04-28 07:45 468992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\5c73c9740a6c27871a8794b710aaf33d\System.DirectoryServices.Protocols.ni.dll
+ 2012-04-28 07:44 . 2012-04-28 07:44 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\2b0cd942e8250e6754d6ff72affbe027\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-04-28 07:40 . 2012-04-28 07:40 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\a4541124f7ef1f2ec9c5be46a8a04957\System.Device.ni.dll
+ 2012-04-28 07:33 . 2012-04-28 07:33 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\7eab68d40c9078c30048cd259ac7bfbf\System.Data.DataSetExtensions.ni.dll
+ 2012-04-28 07:00 . 2012-04-28 07:00 980480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\77758dbafc19e68f3dce030879c2cf8d\System.Configuration.ni.dll
+ 2012-04-28 07:33 . 2012-04-28 07:33 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\9d270e4d00c688e80abafde9709cb8e7\System.Configuration.Install.ni.dll
+ 2012-04-28 07:33 . 2012-04-28 07:33 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\698b181fa87d5a027b878c8db866e31f\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-04-28 07:01 . 2012-04-28 07:01 690176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\27d5d91cee78c7a7b3d8992749ffbf5a\System.ComponentModel.Composition.ni.dll
+ 2012-04-28 07:33 . 2012-04-28 07:33 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\7110b8e9930740562c8d4ed571fc5d81\System.AddIn.ni.dll
+ 2012-04-28 07:31 . 2012-04-28 07:31 404992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\0e31665fd78b03e9beadc2d7a94fcdef\System.Activities.DurableInstancing.ni.dll
+ 2012-04-28 07:22 . 2012-04-28 07:22 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\22754bfbc04d3bdd9093e5ec8216ee70\SMSvcHost.ni.exe
+ 2012-04-28 07:27 . 2012-04-28 07:27 142848 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\dcbb0d0e35cbff73b8364323e525e5ff\SMDiagnostics.ni.dll
+ 2012-04-28 07:03 . 2012-04-28 07:03 450560 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\72202ed003d4162846b9120ff75c1dae\PresentationFramework.Aero.ni.dll
+ 2012-04-28 07:02 . 2012-04-28 07:02 656896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\46346f2c0efd589a524f42d57d17938c\PresentationFramework.Luna.ni.dll
+ 2012-04-28 07:07 . 2012-04-28 07:07 284160 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\45fcd44e26075d44224fbc9a3ce4038c\PresentationFramework.Classic.ni.dll
+ 2012-04-28 07:03 . 2012-04-28 07:03 327680 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\2028e885fe61ef177933158bd15ceac9\PresentationFramework.Royale.ni.dll
+ 2012-04-28 07:26 . 2012-04-28 07:26 302592 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\10bdb59418c972f7e409bf9816f50a84\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-04-28 07:24 . 2012-04-28 07:24 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\ccd48a330b29db6a8b00ab27cada0cbe\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-04-28 07:22 . 2012-04-28 07:22 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\147d0bbc074207b2d283374bdbd16854\CustomMarshalers.ni.dll
+ 2012-04-28 10:54 . 2012-04-28 10:54 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\edc5691acfb65ac37f49de2ec497083a\WsatConfig.ni.exe
+ 2012-04-28 10:24 . 2012-04-28 10:24 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\4ad8369d6a60765d7e9b43cdf9023f41\WindowsFormsIntegration.ni.dll
+ 2012-04-28 09:51 . 2012-04-28 09:51 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f102afdffdbe2565bcedb7fa0626b865\UIAutomationTypes.ni.dll
+ 2012-04-28 08:53 . 2012-04-28 08:53 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\1d1a920a8e798c76879d56b151789d3e\UIAutomationTypes.ni.dll
+ 2012-04-28 10:24 . 2012-04-28 10:24 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\68f4157e570c77df653057c0583395bd\UIAutomationClient.ni.dll
+ 2012-04-28 11:03 . 2012-04-28 11:03 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c2a12bd4056b44f8005a7eb3af161e6a\System.Xml.Linq.ni.dll
+ 2012-04-28 10:58 . 2012-04-28 10:58 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\fc63b434b2f253cd27625487f7b02ac0\System.Web.Routing.ni.dll
+ 2012-04-28 10:03 . 2012-04-28 10:03 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\67877f896b2b0e42286e838fe307f3fd\System.Web.RegularExpressions.ni.dll
+ 2012-04-28 10:59 . 2012-04-28 10:59 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\86650d4fb220f94f25bb5da42a03d454\System.Web.Extensions.Design.ni.dll
+ 2012-04-28 10:59 . 2012-04-28 10:59 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\654465871e547e131668874de7c60b8c\System.Web.Entity.ni.dll
+ 2012-04-28 10:59 . 2012-04-28 10:59 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f0d6895f6e709d425cb5da6053c603d2\System.Web.Entity.Design.ni.dll
+ 2012-04-28 10:59 . 2012-04-28 10:59 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3f3b7dc7208e302e39a2dfb5b2cb953b\System.Web.DynamicData.ni.dll
+ 2012-04-28 10:58 . 2012-04-28 10:58 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\e9cddd213343f15d611b14620d649bb0\System.Web.Abstractions.ni.dll
+ 2012-04-28 10:00 . 2012-04-28 10:00 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f25d114cb629d1f512f98883c6535a75\System.Transactions.ni.dll
+ 2012-04-28 10:03 . 2012-04-28 10:03 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
+ 2012-04-28 09:17 . 2012-04-28 09:17 684032 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\7bf2bd76b4d8c291b384c9dfad514a7a\System.Security.ni.dll
+ 2012-04-28 09:46 . 2012-04-28 09:46 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\5fb9981f4147b537b53be9d58bf4e9b4\System.Security.ni.dll
+ 2012-04-28 09:53 . 2012-04-28 09:53 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1335dd98ce5ce22ad1f51cc274ca5a1d\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-04-28 10:00 . 2012-04-28 10:00 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c14e58265386feb509cc61bb5e8dd296\System.Runtime.Remoting.ni.dll
+ 2012-04-28 10:58 . 2012-04-28 10:58 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\a4b2b1ee81acd843970d9a81b281f1c1\System.Net.ni.dll
+ 2012-04-28 11:02 . 2012-04-28 11:02 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\ab7515dcbeff3f7d9533902e98278283\System.Messaging.ni.dll
+ 2012-04-28 10:58 . 2012-04-28 10:58 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
+ 2012-04-28 10:58 . 2012-04-28 10:58 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e3436edde657a5111d39d5b2eecf9715\System.Management.Instrumentation.ni.dll
+ 2012-04-28 10:52 . 2012-04-28 10:52 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\974ded7dd3bca225a1b90de778846c78\System.IO.Log.ni.dll
+ 2012-04-28 10:52 . 2012-04-28 10:52 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\01eba24390736a59c39becd825b5756e\System.IdentityModel.Selectors.ni.dll
+ 2012-04-28 10:00 . 2012-04-28 10:00 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.Wrapper.dll
+ 2012-04-28 10:00 . 2012-04-28 10:00 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.ni.dll
+ 2012-04-28 10:02 . 2012-04-28 10:02 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\e9ae7ae6d1e9edc7aaf819889cd1c692\System.Drawing.Design.ni.dll
+ 2012-04-28 10:03 . 2012-04-28 10:03 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\78a370dc153011708dd9e4cb0e606bfc\System.DirectoryServices.Protocols.ni.dll
+ 2012-04-28 10:58 . 2012-04-28 10:58 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\6e644fc7464d9fe23fc9cd6001296f2f\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-04-28 10:57 . 2012-04-28 10:57 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\bac39be66bb9f987c1948b766833f8e6\System.Data.Services.Client.ni.dll
+ 2012-04-28 10:57 . 2012-04-28 10:57 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\2b5ecd231320e57010043c408783d80b\System.Data.Services.Design.ni.dll
+ 2012-04-28 10:57 . 2012-04-28 10:57 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\4ac9ac2326720485aefd4d79d2024945\System.Data.Entity.Design.ni.dll
+ 2012-04-28 10:56 . 2012-04-28 10:56 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\d504d550fd0a6994fcb1466ea7be92af\System.Data.DataSetExtensions.ni.dll
+ 2012-04-28 09:45 . 2012-04-28 09:45 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
+ 2012-04-28 09:18 . 2012-04-28 09:18 978432 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\343f92a4ab809f4db50c6927cea5a8a1\System.Configuration.ni.dll
+ 2012-04-28 10:06 . 2012-04-28 10:06 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\28637135c6939e74450bbbf110b12643\System.Configuration.Install.ni.dll
+ 2012-04-28 10:55 . 2012-04-28 10:55 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\958b5c0114d664ab5ba72575c301e2ea\System.AddIn.ni.dll
+ 2012-04-28 10:24 . 2012-04-28 10:24 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\90e4975b3dffcc5ba853ec0fe1d912cb\sysglobl.ni.dll
+ 2012-04-28 10:54 . 2012-04-28 10:54 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\4dcff3b0e79fc27e31549bb2af00efb5\SMSvcHost.ni.exe
+ 2012-04-28 10:54 . 2012-04-28 10:54 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\bd3bfd5b6ef659dac4d6cccb34577d33\SMDiagnostics.ni.dll
+ 2012-04-28 10:54 . 2012-04-28 10:54 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\edec83be646eb52204c991371751a428\ServiceModelReg.ni.exe
+ 2012-04-28 10:23 . 2012-04-28 10:23 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\52015457bc28e7a9a563d9eab8ab0015\PresentationFramework.Royale.ni.dll
+ 2012-04-28 10:07 . 2012-04-28 10:07 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\46a680814559114706a33282e9df4b7a\PresentationFramework.Classic.ni.dll
+ 2012-04-28 10:04 . 2012-04-28 10:04 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2713754549b1114c9152d33efe5f72c7\PresentationFramework.Aero.ni.dll
+ 2012-04-28 10:22 . 2012-04-28 10:22 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1552f18ca434c1dca6d082df476d089a\PresentationFramework.Luna.ni.dll
+ 2012-04-28 10:55 . 2012-04-28 10:55 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7c51497b188c82e2ccbe6315549ce023\MSBuild.ni.exe
+ 2012-04-28 10:54 . 2012-04-28 10:54 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f0f6dd614d294295c5d8386cc4192034\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-04-28 09:46 . 2012-04-28 09:46 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\fd1338828beec8737fed8f50f4fcc567\Microsoft.Build.Utilities.ni.dll
+ 2012-04-28 09:17 . 2012-04-28 09:17 144896 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\f3dd85eab191b95ed68ded74ed3d0777\Microsoft.Build.Utilities.ni.dll
+ 2012-04-28 10:55 . 2012-04-28 10:55 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\0d5f999c4b7e51151548c37c676c1b8e\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-04-28 10:55 . 2012-04-28 10:55 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\792168ce8fe03a3db43e12cf736cf91e\Microsoft.Build.Engine.ni.dll
+ 2012-04-28 10:55 . 2012-04-28 10:55 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\0a5277c34ddc1f55df1defb4231e814f\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-04-28 10:55 . 2012-04-28 10:55 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll
+ 2012-04-28 10:54 . 2012-04-28 10:54 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a8df37aadb089f1f34d3d2f103966fbc\ComSvcConfig.ni.exe
+ 2012-04-28 10:51 . 2012-04-28 10:51 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\25ce400b547f517258c8afb0480390ea\AspNetMMCExt.ni.dll
- 2011-07-09 13:15 . 2011-07-09 13:15 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-04-28 09:29 . 2012-04-28 09:29 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-07-09 13:15 . 2011-07-09 13:15 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-04-28 09:29 . 2012-04-28 09:29 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-07-09 13:16 . 2011-07-09 13:16 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-04-28 09:32 . 2012-04-28 09:32 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-04-28 09:32 . 2012-04-28 09:32 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-07-09 13:16 . 2011-07-09 13:16 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-07-09 13:15 . 2011-07-09 13:15 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-04-28 09:29 . 2012-04-28 09:29 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-04-28 09:29 . 2012-04-28 09:29 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-07-09 13:15 . 2011-07-09 13:15 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-04-28 09:29 . 2012-04-28 09:29 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-07-09 13:15 . 2011-07-09 13:15 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-04-28 09:29 . 2012-04-28 09:29 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-07-09 13:15 . 2011-07-09 13:15 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-07-09 13:16 . 2011-07-09 13:16 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-04-28 09:32 . 2012-04-28 09:32 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-04-28 09:30 . 2012-04-28 09:30 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-07-09 13:15 . 2011-07-09 13:15 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-04-28 09:30 . 2012-04-28 09:30 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-07-09 13:15 . 2011-07-09 13:15 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-04-28 09:32 . 2012-04-28 09:32 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-07-09 13:16 . 2011-07-09 13:16 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-04-28 09:32 . 2012-04-28 09:32 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-07-09 13:16 . 2011-07-09 13:16 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-04-28 09:32 . 2012-04-28 09:32 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-07-09 13:16 . 2011-07-09 13:16 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-04-28 09:31 . 2012-04-28 09:31 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-07-09 13:15 . 2011-07-09 13:15 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-04-28 09:30 . 2012-04-28 09:30 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-07-09 13:15 . 2011-07-09 13:15 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-04-28 09:29 . 2012-04-28 09:29 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-07-09 13:15 . 2011-07-09 13:15 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-07-09 13:15 . 2011-07-09 13:15 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-04-28 09:30 . 2012-04-28 09:30 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-07-09 13:15 . 2011-07-09 13:15 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-04-28 09:29 . 2012-04-28 09:29 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-07-09 13:16 . 2011-07-09 13:16 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-04-28 09:31 . 2012-04-28 09:31 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-04-28 09:31 . 2012-04-28 09:31 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-07-09 13:15 . 2011-07-09 13:15 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-07-09 13:15 . 2011-07-09 13:15 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-04-28 09:28 . 2012-04-28 09:28 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-07-09 13:15 . 2011-07-09 13:15 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-04-28 09:29 . 2012-04-28 09:29 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-07-09 13:15 . 2011-07-09 13:15 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-04-28 09:29 . 2012-04-28 09:29 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-04-28 09:29 . 2012-04-28 09:29 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-07-09 13:15 . 2011-07-09 13:15 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-07-09 13:15 . 2011-07-09 13:15 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-04-28 09:28 . 2012-04-28 09:28 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-04-27 21:52 . 2010-10-23 00:51 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll
+ 2011-04-18 21:51 . 2011-04-18 21:51 3781960 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
+ 2011-04-18 21:51 . 2011-04-18 21:51 3766600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll
+ 2011-05-13 19:04 . 2011-05-13 19:04 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll
+ 2011-05-13 19:04 . 2011-05-13 19:04 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80.dll
+ 2001-08-23 12:00 . 2012-03-01 11:01 1212416 c:\windows\system32\urlmon.dll
+ 2001-08-23 12:00 . 2011-01-21 14:44 8462336 c:\windows\system32\shell32.dll
- 2001-08-23 12:00 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll
+ 2001-08-23 12:00 . 2011-11-03 15:28 1292288 c:\windows\system32\quartz.dll
+ 2001-08-23 12:00 . 2011-11-01 16:07 1288704 c:\windows\system32\ole32.dll
+ 2001-08-23 12:00 . 2011-10-25 13:33 2192768 c:\windows\system32\ntoskrnl.exe
+ 2001-08-17 13:48 . 2011-10-25 12:52 2069376 c:\windows\system32\ntkrnlpa.exe
+ 2009-01-07 21:32 . 2011-02-02 07:58 2067456 c:\windows\system32\mstscax.dll
+ 2001-08-23 12:00 . 2012-03-01 11:01 5978624 c:\windows\system32\mshtml.dll
+ 2007-08-13 18:34 . 2012-03-01 11:01 2000384 c:\windows\system32\iertutil.dll
+ 2009-01-09 21:18 . 2012-02-03 09:22 1860096 c:\windows\system32\dllcache\win32k.sys
+ 2007-08-13 18:54 . 2012-03-01 11:01 1212416 c:\windows\system32\dllcache\urlmon.dll
- 2008-06-17 19:02 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll
+ 2008-06-17 19:02 . 2011-01-21 14:44 8462336 c:\windows\system32\dllcache\shell32.dll
+ 2008-05-07 05:12 . 2011-11-03 15:28 1292288 c:\windows\system32\dllcache\quartz.dll
+ 2010-07-16 12:05 . 2011-11-01 16:07 1288704 c:\windows\system32\dllcache\ole32.dll
+ 2009-01-09 21:18 . 2011-10-25 13:33 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-01-09 21:18 . 2011-10-25 12:52 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-01-09 21:18 . 2011-10-25 12:52 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-01-09 21:18 . 2011-10-25 13:37 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2007-08-13 18:54 . 2012-03-01 11:01 5978624 c:\windows\system32\dllcache\mshtml.dll
+ 2011-02-02 07:58 . 2011-02-02 07:58 2067456 c:\windows\system32\dllcache\lhmstscx.dll
+ 2009-01-10 15:08 . 2012-03-01 11:01 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2011-04-12 14:11 . 2011-04-12 14:11 5028200 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll
+ 2011-10-26 13:46 . 2011-10-26 13:46 3511880 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
+ 2011-07-09 08:30 . 2011-07-09 08:30 5197648 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2011-07-09 08:30 . 2011-07-09 08:30 1142616 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
+ 2011-07-09 08:30 . 2011-07-09 08:30 6724424 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
+ 2011-03-25 05:15 . 2011-03-25 05:15 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2008-07-25 10:17 . 2008-07-25 10:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2011-12-25 02:50 . 2011-12-25 02:50 5246976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2011-10-26 02:39 . 2011-10-26 02:39 3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-07-07 04:18 . 2011-07-07 04:18 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2010-05-11 05:40 . 2010-05-11 05:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-07-07 04:18 . 2011-07-07 04:18 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2012-04-28 06:54 . 2012-04-28 06:54 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2011-06-29 10:59 . 2011-06-29 10:59 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-04-28 06:51 . 2012-04-28 06:51 3511880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-04-28 06:52 . 2012-04-28 06:52 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-06-29 10:57 . 2011-06-29 10:57 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-04-28 06:51 . 2012-04-28 06:51 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-04-28 06:51 . 2012-04-28 06:51 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2011-06-29 10:57 . 2011-06-29 10:57 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-04-28 06:53 . 2012-04-28 06:53 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2011-06-29 10:59 . 2011-06-29 10:59 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2011-06-29 10:59 . 2011-06-29 10:59 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-04-28 06:53 . 2012-04-28 06:53 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2011-06-29 10:58 . 2011-06-29 10:58 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-04-28 06:52 . 2012-04-28 06:52 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-04-28 06:52 . 2012-04-28 06:52 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2011-06-29 10:58 . 2011-06-29 10:58 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2011-06-29 10:58 . 2011-06-29 10:58 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-04-28 06:53 . 2012-04-28 06:53 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-04-28 06:53 . 2012-04-28 06:53 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2011-06-29 10:58 . 2011-06-29 10:58 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-04-28 06:54 . 2012-04-28 06:54 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2011-06-29 10:59 . 2011-06-29 10:59 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-04-28 06:51 . 2012-04-28 06:51 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-06-29 10:57 . 2011-06-29 10:57 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-06-29 10:59 . 2011-06-29 10:59 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-04-28 06:54 . 2012-04-28 06:54 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-04-28 06:50 . 2012-04-28 06:50 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-04-28 06:52 . 2012-04-28 06:52 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2011-06-29 10:58 . 2011-06-29 10:58 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-10-30 21:54 . 2011-10-30 21:54 2748416 c:\windows\Installer\2826d35.msp
+ 2011-12-26 08:59 . 2011-12-26 08:59 4368896 c:\windows\Installer\205f498.msp
+ 2011-05-17 17:28 . 2011-05-17 17:28 6862848 c:\windows\Installer\205f481.msp
+ 2011-04-29 12:04 . 2011-04-29 12:04 5053440 c:\windows\Installer\205f46a.msp
+ 2011-10-29 22:10 . 2011-10-29 22:10 6824960 c:\windows\Installer\205f453.msp
+ 2011-10-31 11:37 . 2011-10-31 11:37 4146688 c:\windows\Installer\116b191.msp
+ 2012-03-22 12:09 . 2012-03-22 12:09 5521920 c:\windows\Installer\116b179.msp
+ 2011-05-23 13:15 . 2011-05-23 13:15 3617792 c:\windows\Installer\116b135.msp
+ 2011-11-17 09:55 . 2011-11-17 09:55 5522944 c:\windows\Installer\116b11e.msp
+ 2011-10-26 14:38 . 2011-10-26 14:38 2830848 c:\windows\Installer\116b109.msp
+ 2011-12-26 04:06 . 2011-12-26 04:06 5115392 c:\windows\Installer\116b101.msp
+ 2007-04-19 14:09 . 2007-04-19 14:09 1061720 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OMFC.DLL
+ 2012-04-28 11:10 . 2010-11-06 00:26 1210880 c:\windows\ie8updates\KB2675157-IE8\urlmon.dll
+ 2012-04-28 11:10 . 2010-11-06 00:26 5959168 c:\windows\ie8updates\KB2675157-IE8\mshtml.dll
+ 2012-04-28 11:10 . 2010-11-06 00:26 1991680 c:\windows\ie8updates\KB2675157-IE8\iertutil.dll
+ 2009-01-09 21:18 . 2011-10-25 13:33 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-01-09 21:18 . 2011-10-25 12:52 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-01-09 21:18 . 2011-10-25 12:52 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-01-09 21:18 . 2011-10-25 13:37 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2012-04-28 04:51 . 2012-04-28 04:51 4464480 c:\windows\assembly\tmp\SYMHL2SP\System.Data.Entity.dll
+ 2012-04-28 04:51 . 2012-04-28 04:52 4464480 c:\windows\assembly\tmp\Q7EJZJQX\System.Data.Entity.dll
+ 2012-04-28 04:10 . 2012-04-28 04:10 1199968 c:\windows\assembly\tmp\AQNA4PHN\System.Activities.dll
+ 2012-04-28 02:40 . 2012-04-28 02:40 5197648 c:\windows\assembly\tmp\31CMV56N\mscorlib.dll
+ 2012-04-28 07:03 . 2012-04-28 07:03 3798016 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d99143e827c2bc46871c85a04a0a3313\WindowsBase.ni.dll
+ 2012-04-30 08:00 . 2012-04-30 08:00 1057792 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\e0a2b12825ad9703489d98ec267514ee\UIAutomationClientsideProviders.ni.dll
+ 2012-04-28 05:18 . 2012-04-28 05:18 6798336 c:\windows\assembly\NativeImages_v4.0.30319_32\Temp\a50-0\System.Data.dll
+ 2012-04-28 07:23 . 2012-04-28 07:23 1082368 c:\windows\assembly\NativeImages_v4.0.30319_32\Temp\12c-0\Microsoft.Transactions.Bridge.dll
+ 2012-04-28 06:59 . 2012-04-28 06:59 9090560 c:\windows\assembly\NativeImages_v4.0.30319_32\System\2f52fc9cf3baf5181d1897788d9678f4\System.ni.dll
+ 2012-04-28 07:00 . 2012-04-28 07:00 5618176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fd4bcc08668bb561ba59e57a30de6bcf\System.Xml.ni.dll
+ 2012-04-28 07:27 . 2012-04-28 07:27 1781760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\4e7e9b07db31551c887d5c80552e3885\System.Xaml.ni.dll
+ 2012-04-30 07:59 . 2012-04-30 07:59 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\217826e4082a99ba3828812cc5ca1c2a\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-04-30 07:59 . 2012-04-30 07:59 1859584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\323e98b9d5569d24244dadbdd17492ac\System.Web.Services.ni.dll
+ 2012-04-30 07:59 . 2012-04-30 07:59 2011136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\a1d9dc6c17b47f2a650071498bde65fd\System.Speech.ni.dll
+ 2012-04-30 07:58 . 2012-04-30 07:58 1128960 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\fdf344318ec178f5d0eede9f321dc294\System.ServiceModel.Discovery.ni.dll
+ 2012-04-30 07:58 . 2012-04-30 07:58 1387520 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\80bac2a305d0fa9e44bdef30fc170378\System.ServiceModel.Activities.ni.dll
+ 2012-04-28 07:27 . 2012-04-28 07:27 2637312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\4110723c633bbe25ae1945a25280a5c7\System.Runtime.Serialization.ni.dll
+ 2012-04-28 07:28 . 2012-04-28 07:28 1020928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\a9dd967c054a667b5a00e218cde05166\System.Runtime.DurableInstancing.ni.dll
+ 2012-04-28 07:29 . 2012-04-28 07:29 1050112 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\25ae9a32cf6cf16874ef2b0add2e3694\System.Printing.ni.dll
+ 2012-04-28 11:06 . 2012-04-28 11:06 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\cc24e9c64ef4c5625b609d0f7f001de8\System.Management.ni.dll
+ 2012-04-28 07:46 . 2012-04-28 07:46 1072128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\169de31f5c717d62ab5a9435f4600e96\System.IdentityModel.ni.dll
+ 2012-04-28 07:01 . 2012-04-28 07:01 1652736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2f6d092e53fd5fe14e5a2e6ba7055cef\System.Drawing.ni.dll
+ 2012-04-28 07:28 . 2012-04-28 07:28 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\e8accd0b3290d97a3d15e38719682d8d\System.DirectoryServices.ni.dll
+ 2012-04-28 07:29 . 2012-04-28 07:29 1878016 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\4065a35b4e4faaf30b43a2fb93273e08\System.Deployment.ni.dll
+ 2012-04-28 07:03 . 2012-04-28 07:03 6798336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\8fc162008150d3cd32c10514deb0fbbc\System.Data.ni.dll
+ 2012-04-28 07:01 . 2012-04-28 07:01 2545152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\7b5953d7431c5717b07eac2d815c30bc\System.Data.SqlXml.ni.dll
+ 2012-04-28 07:38 . 2012-04-28 07:38 1338880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\14ffdf560375f4044fc90adf4ad84d36\System.Data.Services.Client.ni.dll
+ 2012-04-28 07:06 . 2012-04-28 07:06 2512384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\bcf51dbf2f916e2dfc811c088121fc30\System.Data.Linq.ni.dll
+ 2012-04-28 07:00 . 2012-04-28 07:00 7054336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\06f187eb8b9da275bdf8c146b8a9dfb6\System.Core.ni.dll
+ 2012-04-28 07:30 . 2012-04-28 07:30 4121088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\ae69e62890020a5c7f818a5f7bbd748c\System.Activities.ni.dll
+ 2012-04-28 07:32 . 2012-04-28 07:32 3713024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\17277b24d891eed98e85da22913fedcc\System.Activities.Presentation.ni.dll
+ 2012-04-28 07:30 . 2012-04-28 07:30 1518080 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\b057a0c35b657e9d384934de18b2ed25\System.Activities.Core.Presentation.ni.dll
+ 2012-04-28 07:29 . 2012-04-28 07:29 2859008 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\5449400255469ad3516ea7f8085655ce\ReachFramework.ni.dll
+ 2012-04-28 07:27 . 2012-04-28 07:27 1630208 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\3ebf6f00ede0fa6ff05d70ec3e4c7e5e\PresentationUI.ni.dll
+ 2012-04-28 07:25 . 2012-04-28 07:25 1836544 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\ea78917763cbefbffb7fe196ac70b8f2\Microsoft.VisualBasic.ni.dll
+ 2012-04-28 07:25 . 2012-04-28 07:25 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\c45caf5d2fe8eb2a20cc72457e5b013d\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-04-28 07:25 . 2012-04-28 07:25 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\a5e2fc661694d093ee7a6fcf6742cdd8\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-04-28 07:24 . 2012-04-28 07:24 1082368 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\ecf0ea3ae52340991bddf4ad4512f9ab\Microsoft.Transactions.Bridge.ni.dll
+ 2012-04-28 11:06 . 2012-04-28 11:06 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\b8f21f41a154e11c3d9f1a52006cc2ed\Microsoft.JScript.ni.dll
+ 2012-04-28 07:01 . 2012-04-28 07:01 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\2d7d47801ffbf2156dc35d83724dc688\Microsoft.CSharp.ni.dll
+ 2012-04-28 09:47 . 2012-04-28 09:47 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\174c2f776741812aed02c337bbcd1dae\WindowsBase.ni.dll
+ 2012-04-28 10:24 . 2012-04-28 10:24 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\94f5164ff4f664c5e4e7fb4c3af1abad\UIAutomationClientsideProviders.ni.dll
+ 2012-04-28 09:58 . 2012-04-28 09:58 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC33.tmp\PresentationUI.dll
+ 2012-04-28 09:46 . 2012-04-28 09:46 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC20.tmp\System.Xml.dll
+ 2012-04-28 09:44 . 2012-04-28 09:44 7953408 c:\windows\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
+ 2012-04-28 09:17 . 2012-04-28 09:17 5457408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\920545176392a9201b7ef630d22a66dc\System.Xml.ni.dll
+ 2012-04-28 09:48 . 2012-04-28 09:48 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
+ 2012-04-28 11:03 . 2012-04-28 11:03 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\c4c671c737b553db8e07664816475333\System.WorkflowServices.ni.dll
+ 2012-04-28 11:02 . 2012-04-28 11:02 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\248ea47105ff4af6ee75e6fdd5b450a1\System.Workflow.Runtime.ni.dll
+ 2012-04-28 11:02 . 2012-04-28 11:02 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\80a288b6611668160334668cc2608e4a\System.Workflow.ComponentModel.ni.dll
+ 2012-04-28 11:00 . 2012-04-28 11:00 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\4c27548df5897320840ee0d65db38742\System.Workflow.Activities.ni.dll
+ 2012-04-28 10:01 . 2012-04-28 10:01 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e9ba004858dcdb5958d86f26f043f85a\System.Web.Services.ni.dll
+ 2012-04-28 10:59 . 2012-04-28 10:59 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\030cde14924eefebc06c240dbfe093a4\System.Web.Mobile.ni.dll
+ 2012-04-28 10:58 . 2012-04-28 10:58 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6379c8ca8ae11effb415139990923ff1\System.Web.Extensions.ni.dll
+ 2012-04-28 10:24 . 2012-04-28 10:24 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\e456140d5d6c43d7383bd36d3f9e12c6\System.Speech.ni.dll
+ 2012-04-28 10:58 . 2012-04-28 10:58 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\285dfbf2380436e187cb624bd1cd4683\System.ServiceModel.Web.ni.dll
+ 2012-04-28 10:58 . 2012-04-28 10:58 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f2532204217dc10f152afd077b09927c\System.Runtime.Serialization.ni.dll
+ 2012-04-28 09:59 . 2012-04-28 09:59 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\d51e6bb07124a1d780d1e024858e0dc1\System.Printing.ni.dll
+ 2012-04-28 10:52 . 2012-04-28 10:52 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\8ef05061cd205c4f2a8583d97f32a603\System.IdentityModel.ni.dll
+ 2012-04-28 09:51 . 2012-04-28 09:51 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
+ 2012-04-28 09:59 . 2012-04-28 09:59 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\77d0e93f024055d04c07cc2700b4c590\System.DirectoryServices.ni.dll
+ 2012-04-28 09:51 . 2012-04-28 09:51 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\707a05a7d5a8d99dd56d1d50311a60d2\System.Deployment.ni.dll
+ 2012-04-28 10:00 . 2012-04-28 10:00 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll
+ 2012-04-28 09:17 . 2012-04-28 09:17 2538496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\a372f1c504f0d5f9820e3cbd72b907ed\System.Data.SqlXml.ni.dll
+ 2012-04-28 09:47 . 2012-04-28 09:47 2532864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\10c11f7c5f5bab6d9365e4f8d169ec12\System.Data.SqlXml.ni.dll
+ 2012-04-28 10:57 . 2012-04-28 10:57 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\e9d4a1fb13572c769ddd9b86e55baab4\System.Data.Services.ni.dll
+ 2012-04-28 10:02 . 2012-04-28 10:02 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\3f2e74586111fb32d5edc059f709fa94\System.Data.OracleClient.ni.dll
+ 2012-04-28 10:23 . 2012-04-28 10:23 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3d9c33f71d15a3e2e240092a244eba3\System.Data.Linq.ni.dll
+ 2012-04-28 10:57 . 2012-04-28 10:57 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\19cca2921cfe3d20265389e596ebfd69\System.Data.Entity.ni.dll
+ 2012-04-28 10:23 . 2012-04-28 10:23 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\0a6d6717e76be12295711ff02c7aa1d4\System.Core.ni.dll
+ 2012-04-28 09:59 . 2012-04-28 09:59 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\33cdfb4c322a528260016ac759230501\ReachFramework.ni.dll
+ 2012-04-28 10:06 . 2012-04-28 10:06 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a6def83aee1aaf3336675ce58ac09013\PresentationUI.ni.dll
+ 2012-04-28 09:16 . 2012-04-28 09:16 1458176 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\ff41a91a13586f548a434e571712be65\PresentationBuildTasks.ni.dll
+ 2012-04-28 09:45 . 2012-04-28 09:45 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\6c828a4d9907977b6dc87b294d38bbb9\PresentationBuildTasks.ni.dll
+ 2012-04-28 10:55 . 2012-04-28 10:55 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\96e485c02ad346a2bd26a635e7fcb023\Microsoft.VisualBasic.ni.dll
+ 2012-04-28 10:54 . 2012-04-28 10:54 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f7071f9a1c0523540f6aa7f11c302fb6\Microsoft.Transactions.Bridge.ni.dll
+ 2012-04-28 10:58 . 2012-04-28 10:58 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\806b1d127ed3e906db972751e87585c4\Microsoft.JScript.ni.dll
+ 2012-04-28 10:55 . 2012-04-28 10:55 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\912789fd859e0887e10a935cade08e72\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-04-28 10:55 . 2012-04-28 10:55 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\6c1d3eec78906cc2a2ecffb013114c50\Microsoft.Build.Tasks.ni.dll
+ 2012-04-28 10:55 . 2012-04-28 10:55 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d6edd4b4619a9052d3dfe50c3067d5e0\Microsoft.Build.Engine.ni.dll
+ 2012-04-28 09:32 . 2012-04-28 09:32 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-07-09 13:16 . 2011-07-09 13:16 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-04-28 09:32 . 2012-04-28 09:32 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-07-09 13:15 . 2011-07-09 13:15 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-04-28 09:28 . 2012-04-28 09:28 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-04-28 08:04 . 2012-04-28 08:04 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2010-10-09 00:14 . 2010-10-09 00:14 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2011-07-09 13:15 . 2011-07-09 13:15 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-04-28 09:28 . 2012-04-28 09:29 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-04-28 09:28 . 2012-04-28 09:28 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-04-28 09:32 . 2012-04-28 09:32 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-07-09 13:16 . 2011-07-09 13:16 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-07-09 13:15 . 2011-07-09 13:15 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-04-28 09:30 . 2012-04-28 09:30 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-01-10 15:03 . 2012-03-29 02:02 55154568 c:\windows\system32\MRT.exe
+ 2007-08-13 18:54 . 2012-03-02 05:01 11082752 c:\windows\system32\ieframe.dll
+ 2009-01-10 15:08 . 2012-03-02 05:01 11082752 c:\windows\system32\dllcache\ieframe.dll
+ 2011-03-28 02:27 . 2011-03-28 02:27 15456256 c:\windows\Installer\2826d3f.msp
+ 2011-07-26 15:33 . 2011-07-26 15:33 10984448 c:\windows\Installer\205f4cc.msp
+ 2011-07-11 19:43 . 2011-07-11 19:43 11641344 c:\windows\Installer\205f4b5.msp
+ 2011-07-11 16:19 . 2011-07-11 16:19 10619904 c:\windows\Installer\205f43d.msp
+ 2011-07-14 08:46 . 2011-07-14 08:46 12108288 c:\windows\Installer\116b19f.msp
+ 2012-03-28 17:10 . 2012-03-28 17:10 12098048 c:\windows\Installer\116b158.msp
+ 2011-04-13 10:37 . 2011-04-13 10:37 19201024 c:\windows\Installer\116b0f9.msp
+ 2012-04-28 11:10 . 2010-11-06 00:26 11080704 c:\windows\ie8updates\KB2675157-IE8\ieframe.dll
+ 2012-04-28 07:02 . 2012-04-28 07:02 13137920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ae33325d95b86d18adfe3b2b76deb55e\System.Windows.Forms.ni.dll
+ 2012-04-30 07:58 . 2012-04-30 07:58 17996800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\f42a63caecfae9ccd7fbf05f059cf48a\System.ServiceModel.ni.dll
+ 2012-04-28 07:36 . 2012-04-28 07:37 13325312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\0bbc385153c52179314dc10d5f2a3e2e\System.Data.Entity.ni.dll
+ 2012-04-28 07:05 . 2012-04-28 07:06 17671168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8a2a9287a39972a655346abcb1453fc9\PresentationFramework.ni.dll
+ 2012-04-28 07:04 . 2012-04-28 07:04 11106816 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\980130114bd7169de0d4f68bbc6d8559\PresentationCore.ni.dll
+ 2012-04-28 06:59 . 2012-04-28 06:59 14408704 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\f3b6f64941ee3b90d6abb16e415ceb3b\mscorlib.ni.dll
+ 2012-04-28 09:52 . 2012-04-28 09:52 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
+ 2012-04-28 10:00 . 2012-04-28 10:00 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll
+ 2012-04-28 10:53 . 2012-04-28 10:53 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1cdcd6d97627d345d5ff446e6ec88b97\System.ServiceModel.ni.dll
+ 2012-04-28 10:01 . 2012-04-28 10:02 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\7c8f8fb506c32500acc1b6190d054f26\System.Design.ni.dll
+ 2012-04-28 09:54 . 2012-04-28 09:55 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5060105fb9e169399fe45600b1e9215e\PresentationFramework.ni.dll
+ 2012-04-28 09:50 . 2012-04-28 09:50 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\0665bba8c9962deadc418881eb3a2a2a\PresentationCore.ni.dll
+ 2012-04-28 09:42 . 2012-04-28 09:42 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
+ 2012-04-28 08:40 . 2012-04-28 08:40 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\44ecf972f11f3c238782da31f27df7e5\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-09-04 2524416]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"iTunesHelper"="d:\apps\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Shed\Start Menu\Programs\Startup\
Mozilla Firefox.lnk - d:\apps\Mozilla Firefox\firefox.exe [2009-1-6 924632]
PeerBlock.lnk - d:\apps\PeerBlock\peerblock.exe [2010-1-26 1867888]
µTorrent.lnk - d:\apps\uTorrent\uTorrent.exe [2009-1-6 741240]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\apps\\uTorrent\\uTorrent.exe"=
"d:\\apps\\Mozilla Firefox\\firefox.exe"=
"d:\\Java\\jdk1.6.0_11\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Calibre2\\calibre.exe"=
"d:\\apps\\VLC\\vlc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\apps\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"d:\\apps\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"d:\\apps\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"d:\\apps\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 16:27 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 03:48 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 03:48 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07/09/2010 03:49 295248]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [27/12/2009 15:01 154416]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [27/12/2009 14:59 33072]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02/08/2011 07:09 192776]
R2 LogWatch;Event Log Watch;c:\windows\LogWatNT.exe [08/06/2000 19:15 50176]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 21:42 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 21:42 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 21:42 16720]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [17/12/2009 16:02 101680]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [15/07/2011 18:08 113456]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 07:25 4433248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [02/06/2011 11:56 136176]
S3 8lt6m.sys;8lt6m.sys;\??\c:\windows\system32\drivers\8lt6m.sys --> c:\windows\system32\drivers\8lt6m.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [02/06/2011 11:56 136176]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [09/07/2011 11:52 34608]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:57]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-02 10:56]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-02 10:56]
.
2011-07-03 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 15:07]
.
2012-04-28 c:\windows\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_BIG-BLUE_Mark.job
- c:\windows\system32\mobsync.exe [2001-08-23 05:42]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Mark\Application Data\Mozilla\Firefox\Profiles\tdxu5ts5.default\
FF - prefs.js: browser.startup.homepage - hxxp://eztv.it/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
.
.
------- File Associations -------
.
.txt=UEStudio.txt
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-nForce Tray Options - sstray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-30 11:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="DF4D6012A19F8F6AD854EF870A51D5A134531078CD17BE694D562B6C7ECA95CB35A70BA01BC6B5F79B774A282E1D66AB93211D2231DC8331A4F563FAC6E7FEE1271D0A3D435C2CC9FAFDC6F5888A57CD81499528A575BA647378114A59F23363FCF9975E56CAD25832573B9258713977CDF88BF292CC400CBFEC262C64077C9011D09E5FE3FE833E91B5308034338FBADCA344FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A2D97226D213B555A2D97226D213B5557E8342FB20E2D984AF5A02C38DAE86D32B7B0E8B5C7DCB47FD1C078B1A940E1753B426453E898EEE55D32EA4D5C26E6E1B43F8EABEC93C7E3007886B70E411F8A7222F965510BD96B8B049DA393B0F38F6CE7BCABFD595FD13D2121FF23308A32CD2E47F58BEB2BB35024922A2F371B262D39E356434C12032F8601E5FE8617079A4D082DFEFFA550B272AA9A25C650DE756ECA5540B72F300C3ACCF187E4DEA09C77E96A412E80DDD586A176DF9FDB07133F6105D929A3DD153B816A20240D4394001A506AA91BE341D8C81D9641236D017CFD5F01873F4DF1DC93FA817F4A14C68ED9088CED0FD7A541774E5C83DEC39858FD2A27D78C44966A89379F2E67BE8EB5FAAD02B44107E2F14EF2F675FD7C456D0522D386A0E0ECCA04C055FD83D194CF138AB7D4D6C75B413E87A929AACED343695EB514DE2143F0417E1BCCF77CCDD4876071B93C2F5BC2747B03456D5961C5FD1DFE4E80BA402A597CA7B93EE54C90814F4E980737BF6E5E55BC83DF103E1F531AE26C9026EAC5FE19C22319DE60CD9B42E654115E36469962D603F545B2DA65021D83FF7012A8D805ACB7B2E9FF6EBED8C9DC87075DAD21C779F1003ABF71FBEA357DECF523B11F2292587817B2DEF4B8F354D82D504C1AE34BD25B964101403470DFE21BC734FA95272AC2DDE291CCC59E3497D115DDFFAFE073AE45A9ABD1541FDBDB7FBBAAE8A45880AF88D36A863B1737AC79539D5A0955CCEA7C58C56E3E93D7A13B34D1D71925200E034F655F882C563F839BCD1B2DE32A6D8C2B09D4DBE75D86667390D29714E3396DFDE61655BCBC8E030E2083AE090C783D126582A6063C11A81636FF73A0D0DFD04B7947A6E8C377F17F82FB34813FDE5D8604EBF935860C84D04C010EB38BA2F769DB77994A57B0AED1F800E64EBD7719D2549CD41B9A5427F27FA1EA7862E78F100181A46C527EA98CD3BAEA9DC294E4E111B84777F4589AB2B1F3E34C89B5794A60787A3AE90BF5C4D236CB04089567B90170865B838D64B443383FADFFC8360A85B60EF38D359E63BFC13B301D298976793F261063916BBFB3F740AC20EE23C72EEB711CE4C3DC5099563139F2555FDABEB51621D4A66BE2BCE8993"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1012)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(828)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
d:\apps\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\oodag.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2012-04-30 11:58:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-30 10:57
ComboFix2.txt 2012-04-25 10:23
.
Pre-Run: 6,814,867,456 bytes free
Post-Run: 7,557,939,200 bytes free
.
- - End Of File - - 4844A952FF91C929671406C0FA5E220C


MBAM log:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.30.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Mark :: BIG-BLUE [administrator]

Protection: Enabled

30/04/2012 12:03:52
mbam-log-2012-04-30 (12-03-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 259191
Time elapsed: 35 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ESET log:
C:\Documents and Settings\Kaitlyn\My Documents\Downloads\andrew-lander_perturb-the-outline-curved(1).exe Win32/OpenCandy application
C:\Documents and Settings\Kaitlyn\My Documents\Downloads\andrew-lander_perturb-the-outline-curved.exe Win32/OpenCandy application
C:\Documents and Settings\Shed\Application Data\AVG\Rescue\PC Tuneup 2011\110703121308578.rsc multiple threats
C:\TDSSKiller_Quarantine\29.04.2012_22.13.19\tdlfs0000\tsk0003.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\29.04.2012_22.13.19\tdlfs0000\tsk0004.dta Win64/Olmarik.Q trojan
C:\TDSSKiller_Quarantine\29.04.2012_22.13.19\tdlfs0000\tsk0006.dta Win64/Olmarik.O trojan
E:\unlocker1.8.7.exe Win32/Adware.ADON application
E:\Downloads\SUPERsetup.exe Win32/OpenCandy application
E:\Downloads\iTunes Replacement\doubleTwistSetup.exe Win32/OpenCandy application
E:\Downloads\Media Monkey Gold 3.2.0.1294 + Keygen\Media Monkey Gold.rar a variant of Win32/Keygen.AG application
E:\Downloads\Media Monkey Gold 3.2.0.1294 + Keygen\Media Monkey Gold\MMkeygenABLEator.exe a variant of Win32/Keygen.AG application
E:\inst\Nero 7 Premium Reloaded 7.10.1.0_eng (+keygen)\Keygen.exe Win32/Keygen.AJ application
E:\inst\Nero 7 Premium Reloaded 7.10.1.0_eng (+keygen)\Nero-7.10.1.0_eng_trial_wch.exe Win32/Toolbar.AskSBar application
E:\Util_DVD\Nero 7 Premium Reloaded 7.10.1.0_eng (+keygen)\KeyActivtegen.exe Win32/Keygen.AJ application
E:\Util_DVD\Nero 7 Premium Reloaded 7.10.1.0_eng (+keygen)\Nero-7.10.1.0_eng_trial_wch.exe Win32/Toolbar.AskSBar application
E:\Util_DVD\Windows XP Key Recovery Pack\Magical Jelly Bean - Keyfinder 1.41.exe Win32/PSWTool.RAS.A application

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:51 PM

Posted 01 May 2012 - 05:20 PM

Hi

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"=-
"65533:TCP"=-
"52344:TCP"=-

Driver::
8lt6m.sys

File::
c:\windows\system32\drivers\8lt6m.sys
C:\Documents and Settings\Kaitlyn\My Documents\Downloads\andrew-lander_perturb-the-outline-curved(1).exe 
C:\Documents and Settings\Kaitlyn\My Documents\Downloads\andrew-lander_perturb-the-outline-curved.exe 
C:\Documents and Settings\Shed\Application Data\AVG\Rescue\PC Tuneup 2011\110703121308578.rsc 
E:\unlocker1.8.7.exe 
E:\Downloads\SUPERsetup.exe 
E:\Downloads\iTunes Replacement\doubleTwistSetup.exe 
E:\Downloads\Media Monkey Gold 3.2.0.1294 + Keygen\Media Monkey Gold.rar 
E:\Downloads\Media Monkey Gold 3.2.0.1294 + Keygen\Media Monkey Gold\MMkeygenABLEator.exe 
E:\inst\Nero 7 Premium Reloaded 7.10.1.0_eng (+keygen)\Keygen.exe 
E:\inst\Nero 7 Premium Reloaded 7.10.1.0_eng (+keygen)\Nero-7.10.1.0_eng_trial_wch.exe 
E:\Util_DVD\Nero 7 Premium Reloaded 7.10.1.0_eng (+keygen)\KeyActivtegen.exe 
E:\Util_DVD\Nero 7 Premium Reloaded 7.10.1.0_eng (+keygen)\Nero-7.10.1.0_eng_trial_wch.exe 
ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Let me know how the computer is running now

Edited by CatByte, 01 May 2012 - 05:42 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:51 PM

Posted 01 May 2012 - 08:18 PM

Hi,

The developer of HelpAsst_mebroot_fix would like to see the content of the HelpAsst_backup

Please navigate to the following:


C:\HelpAsst_backup

Please zip up the folder and upload it to the developer's submission site.

http://noahdfear.net/max/upload.php

Thank-you for your assistance

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 AgentCormac

AgentCormac
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 03 May 2012 - 06:44 AM

mebroot log posted as requested.

ComboFix log:

ComboFix 12-05-01.03 - Mark 02/05/2012 11:24:02.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.334 [GMT 1:00]
Running from: c:\documents and settings\Shed\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mark\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.
FILE ::
"c:\documents and settings\Kaitlyn\My Documents\Downloads\andrew-lander_perturb-the-outline-curved(1).exe"
"c:\documents and settings\Kaitlyn\My Documents\Downloads\andrew-lander_perturb-the-outline-curved.exe"
"c:\documents and settings\Shed\Application Data\AVG\Rescue\PC Tuneup 2011\110703121308578.rsc"
"c:\windows\system32\drivers\8lt6m.sys"
"e:\downloads\iTunes Replacement\doubleTwistSetup.exe"
"e:\downloads\Media Monkey Gold 3.2.0.1294 + Keygen\Media Monkey Gold.rar"
"e:\downloads\Media Monkey Gold 3.2.0.1294 + Keygen\Media Monkey Gold\MMkeygenABLEator.exe"
"e:\downloads\SUPERsetup.exe"
"e:\inst\Nero 7 Premium Reloaded 7.10.1.0_eng (+keygen)\Keygen.exe"
"e:\inst\Nero 7 Premium Reloaded 7.10.1.0_eng (+keygen)\Nero-7.10.1.0_eng_trial_wch.exe"
"E:\unlocker1.8.7.exe"
"e:\util_dvd\Nero 7 Premium Reloaded 7.10.1.0_eng (+keygen)\KeyActivtegen.exe"
"e:\util_dvd\Nero 7 Premium Reloaded 7.10.1.0_eng (+keygen)\Nero-7.10.1.0_eng_trial_wch.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_8LT6M.SYS
-------\Service_8lt6m.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-04-02 to 2012-05-02 )))))))))))))))))))))))))))))))
.
.
2012-05-01 08:00 . 2012-05-01 08:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2012-04-30 11:57 . 2012-04-30 11:57 -------- d-----w- c:\program files\ESET
2012-04-30 11:01 . 2012-04-30 11:01 -------- d-----w- c:\documents and settings\Mark\Application Data\Malwarebytes
2012-04-30 11:01 . 2012-04-30 11:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-04-30 11:01 . 2012-04-30 11:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-30 11:01 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-29 21:19 . 2012-04-29 21:19 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-28 10:24 . 2012-04-28 10:24 -------- d-----w- C:\HelpAsst_backup
2012-04-27 21:52 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-04-27 21:44 . 2012-01-09 16:20 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-04-27 21:44 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-04-27 21:43 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-04-27 21:43 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-04-27 21:35 . 2012-04-28 09:39 -------- d--h--w- c:\windows\$hf_mig$
2012-04-25 15:00 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2012-04-23 12:09 . 2012-04-23 12:09 12600 ----a-w- c:\windows\system32\drivers\PROCEXP111.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-07 15:40 . 2011-05-15 10:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01 . 2001-08-23 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2001-08-23 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:08 . 2001-08-23 12:00 178176 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:08 . 2001-08-23 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2009-01-08 21:47 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:22 . 2001-08-23 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-09-04 2524416]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"iTunesHelper"="d:\apps\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Shed\Start Menu\Programs\Startup\
Mozilla Firefox.lnk - d:\apps\Mozilla Firefox\firefox.exe [2009-1-6 924632]
PeerBlock.lnk - d:\apps\PeerBlock\peerblock.exe [2010-1-26 1867888]
µTorrent.lnk - d:\apps\uTorrent\uTorrent.exe [2009-1-6 741240]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\apps\\uTorrent\\uTorrent.exe"=
"d:\\apps\\Mozilla Firefox\\firefox.exe"=
"d:\\Java\\jdk1.6.0_11\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Calibre2\\calibre.exe"=
"d:\\apps\\VLC\\vlc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\apps\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"d:\\apps\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"d:\\apps\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"d:\\apps\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 16:27 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 03:48 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 03:48 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07/09/2010 03:49 295248]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [27/12/2009 15:01 154416]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [27/12/2009 14:59 33072]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02/08/2011 07:09 192776]
R2 LogWatch;Event Log Watch;c:\windows\LogWatNT.exe [08/06/2000 19:15 50176]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [30/04/2012 12:01 654408]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 21:42 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 21:42 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 21:42 16720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [30/04/2012 12:01 22344]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [17/12/2009 16:02 101680]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [15/07/2011 18:08 113456]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 07:25 4433248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [02/06/2011 11:56 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [02/06/2011 11:56 136176]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [09/07/2011 11:52 34608]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:57]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-02 10:56]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-02 10:56]
.
2011-07-03 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 15:07]
.
2012-05-02 c:\windows\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_BIG-BLUE_Mark.job
- c:\windows\system32\mobsync.exe [2001-08-23 05:42]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Mark\Application Data\Mozilla\Firefox\Profiles\tdxu5ts5.default\
FF - prefs.js: browser.startup.homepage - hxxp://eztv.it/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-02 13:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="DF4D6012A19F8F6AD854EF870A51D5A134531078CD17BE694D562B6C7ECA95CB35A70BA01BC6B5F79B774A282E1D66AB93211D2231DC8331A4F563FAC6E7FEE1271D0A3D435C2CC9FAFDC6F5888A57CD81499528A575BA647378114A59F23363FCF9975E56CAD25832573B9258713977CDF88BF292CC400CBFEC262C64077C9011D09E5FE3FE833E91B5308034338FBADCA344FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A2D97226D213B555A2D97226D213B5557E8342FB20E2D984AF5A02C38DAE86D32B7B0E8B5C7DCB47FD1C078B1A940E1753B426453E898EEE55D32EA4D5C26E6E1B43F8EABEC93C7E3007886B70E411F8A7222F965510BD96B8B049DA393B0F38F6CE7BCABFD595FD13D2121FF23308A32CD2E47F58BEB2BB35024922A2F371B262D39E356434C12032F8601E5FE8617079A4D082DFEFFA550B272AA9A25C650DE756ECA5540B72F300C3ACCF187E4DEA09C77E96A412E80DDD586A176DF9FDB07133F6105D929A3DD153B816A20240D4394001A506AA91BE341D8C81D9641236D017CFD5F01873F4DF1DC93FA817F4A14C68ED9088CED0FD7A541774E5C83DEC39858FD2A27D78C44966A89379F2E67BE8EB5FAAD02B44107E2F14EF2F675FD7C456D0522D386A0E0ECCA04C055FD83D194CF138AB7D4D6C75B413E87A929AACED343695EB514DE2143F0417E1BCCF77CCDD4876071B93C2F5BC2747B03456D5961C5FD1DFE4E80BA402A597CA7B93EE54C90814F4E980737BF6E5E55BC83DF103E1F531AE26C9026EAC5FE19C22319DE60CD9B42E654115E36469962D603F545B2DA65021D83FF7012A8D805ACB7B2E9FF6EBED8C9DC87075DAD21C779F1003ABF71FBEA357DECF523B11F2292587817B2DEF4B8F354D82D504C1AE34BD25B964101403470DFE21BC734FA95272AC2DDE291CCC59E3497D115DDFFAFE073AE45A9ABD1541FDBDB7FBBAAE8A45880AF88D36A863B1737AC79539D5A0955CCEA7C58C56E3E93D7A13B34D1D71925200E034F655F882C563F839BCD1B2DE32A6D8C2B09D4DBE75D86667390D29714E3396DFDE61655BCBC8E030E2083AE090C783D126582A6063C11A81636FF73A0D0DFD04B7947A6E8C377F17F82FB34813FDE5D8604EBF935860C84D04C010EB38BA2F769DB77994A57B0AED1F800E64EBD7719D2549CD41B9A5427F27FA1EA7862E78F100181A46C527EA98CD3BAEA9DC294E4E111B84777F4589AB2B1F3E34C89B5794A60787A3AE90BF5C4D236CB04089567B90170865B838D64B443383FADFFC8360A85B60EF38D359E63BFC13B301D298976793F261063916BBFB3F740AC20EE23C72EEB711CE4C3DC5099563139F2555FDABEB51621D4A66BE2BCE8993"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1048)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1456)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
d:\apps\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\oodag.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-05-02 13:58:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-02 12:58
ComboFix2.txt 2012-04-30 10:58
ComboFix3.txt 2012-04-25 10:23
.
Pre-Run: 7,246,753,792 bytes free
Post-Run: 7,317,135,360 bytes free
.
- - End Of File - - 4F30B3B3C9B443CA92B2BCC9913EA479

#12 AgentCormac

AgentCormac
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 03 May 2012 - 12:40 PM

Hooray! AVG reports no infections. Thanks for your time and effort.

Can you recommend a virus checker that is better thn AVG so I can avoid being in this situation again?

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:51 PM

Posted 03 May 2012 - 04:51 PM

I highly recommend Microsoft Security Essentials, it's excellent and free
http://www.microsoft.com/security_essentials/

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 and Save it to your Desktop.
  • Scroll down to where it says Java SE 6 Update 32
  • Click the Download button under JRE to the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u32-windows-i586.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


How is the computer running now? Are there any outstanding issues?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:51 PM

Posted 03 May 2012 - 08:20 PM

Hi,

can you please try the instructions again from this post

as the folder has not been received yet

http://www.bleepingcomputer.com/forums/topic451395.html/page__view__findpost__p__2685353

can you please navigate to the folder and verify it's existence and that it has some content inside

C:\HelpAsst_backup


thanks

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 AgentCormac

AgentCormac
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 04 May 2012 - 03:58 AM

OK. Java updated.

Log re-posted.

Thanks for everything.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users