Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect and Mcafee Compromised


  • This topic is locked This topic is locked
12 replies to this topic

#1 JDiamond

JDiamond

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 04 May 2012 - 06:51 PM

Hello and thank you for your time in assisting me. For several days now my computer has been infected with a virus that has caused google redirect behavior and has compromised Mcafee functionality. I Can't turn on realtime scanning and will not allow manual scan. In addition after searching the net had hoped it could be fixed via TDSSKiller but it failed to detect anything it could cure. I have also run MalwareBytes and since the last scan MORE trojans and assorted undesirable elements have appeared on my computer. I suspect the virus has compromised security greatly and is allowing a backdoor for other undesirable elements to find their way on my system. I have since stopped using my system for accessing the net and have increased firewall safety levels but I know it won't be enough until this system is clean. I have followed the steps in preparation for this post and the results are below.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Christopher Ross at 15:26:17 on 2012-05-04
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2146 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\AOL\1185242771\ee\AOLSoftware.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\AutoTask\AutoTask.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\AsHookDevice.exe
E:\Flagship Studios\Hellgate London\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
uURLSearchHooks: AstroburnBar Toolbar: {e802027b-1f2b-40bd-b307-0bd96d036835} - c:\program files\astroburnbar\tbAstr.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120504144211.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: CSolidBrowserObj Object: {bd08a9d5-0e5c-4f42-99a3-c0cb5e860557} - c:\windows\system32\solidstatenetworks\solidstateion\solidax.dll
BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: AstroburnBar Toolbar: {e802027b-1f2b-40bd-b307-0bd96d036835} - c:\program files\astroburnbar\tbAstr.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: AstroburnBar Toolbar: {e802027b-1f2b-40bd-b307-0bd96d036835} - c:\program files\astroburnbar\tbAstr.dll
TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DAEMON Tools Lite] "e:\daemon tools lite\daemon.exe" -autorun
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [disklabel] c:\documents and settings\christopher ross.guardian-4380ae\application data\disklabel.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [HostManager] c:\program files\common files\aol\1185242771\ee\AOLSoftware.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [StorageGuard] "c:\program files\veritas software\update manager\sgtray.exe" /r
mRun: [NVRaidService] "c:\windows\system32\nvraidservice.exe"
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [AutoTask] "c:\program files\autotask\AutoTask.exe" /STARTUP
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [USBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
dRun: [dplaysvr] %APPDATA%\dplaysvr.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} - hxxp://www.playwhat.com/solidPlugin/solidstateion.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{6AAF673A-8085-41BF-B873-9C0F4D32ACBA} : DhcpNameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{F17F6FCD-8523-4705-A1DC-0AAD9F199A1D} : DhcpNameServer = 192.168.1.1 68.237.161.12
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\christopher ross.guardian-4380ae\application data\mozilla\firefox\profiles\f87yi2pr.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: c:\documents and settings\all users.windows\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
FF - plugin: e:\divx\divx player\npDivxPlayerPlugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-31 387480]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-10-31 11448]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-12-24 84200]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-10-31 185472]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2010-10-31 14336]
R2 Device Handle Service;Device Handle Service;c:\windows\system32\AsHookDevice.exe [2010-10-31 203392]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;e:\flagship studios\hellgate london\logmein hamachi\hamachi-2.exe [2010-3-30 1107336]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-12-24 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-12-24 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-12-24 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-12-24 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-12-24 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-12-24 141792]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-4-18 100368]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-12-24 56064]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-10-31 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-10-31 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-12-24 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-12-24 88736]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-10-31 1381632]
S1 prodrv03;Star Force copy protection driver v3;c:\windows\system32\drivers\prodrv03.sys [2010-10-31 115936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1cac2b8e85b8184;Google Update Service (gupdate1cac2b8e85b8184);c:\program files\google\update\GoogleUpdate.exe [2010-10-30 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-28 253088]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-30 133104]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-12-24 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-12-24 84488]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-10-31 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-10-31 40552]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDva279;XDva279;\??\c:\windows\system32\xdva279.sys --> c:\windows\system32\XDva279.sys [?]
S3 XDva351;XDva351;\??\c:\windows\system32\xdva351.sys --> c:\windows\system32\XDva351.sys [?]
S3 XDva352;XDva352;\??\c:\windows\system32\xdva352.sys --> c:\windows\system32\XDva352.sys [?]
S3 XDva359;XDva359;\??\c:\windows\system32\xdva359.sys --> c:\windows\system32\XDva359.sys [?]
S3 XDva360;XDva360;\??\c:\windows\system32\xdva360.sys --> c:\windows\system32\XDva360.sys [?]
S3 XDva370;XDva370;\??\c:\windows\system32\xdva370.sys --> c:\windows\system32\XDva370.sys [?]
S3 XDva385;XDva385;\??\c:\windows\system32\xdva385.sys --> c:\windows\system32\XDva385.sys [?]
S3 XDva390;XDva390;\??\c:\windows\system32\xdva390.sys --> c:\windows\system32\XDva390.sys [?]
S3 XDva391;XDva391;\??\c:\windows\system32\xdva391.sys --> c:\windows\system32\XDva391.sys [?]
.
=============== Created Last 30 ================
.
2012-05-04 17:36:27 711240 ----a-w- c:\windows\isRS-000.tmp
2012-04-29 00:30:59 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-18 21:07:23 956160 ----a-w- c:\windows\system32\ativvamv.dll
2012-04-18 20:53:17 100368 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys
2012-04-18 20:52:42 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-18 20:51:41 -------- d-----w- c:\program files\ATI Technologies
2012-04-18 20:51:37 -------- d-----w- c:\program files\ATI
2012-04-18 20:50:36 -------- d-----w- C:\AMD
.
==================== Find3M ====================
.
2012-04-29 00:30:59 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-09 06:22:00 7586304 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2012-03-09 06:14:42 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2012-03-09 05:19:48 19959808 ----a-w- c:\windows\system32\atioglxx.dll
2012-03-09 05:02:24 5358304 ----a-w- c:\windows\system32\ati3duag.dll
2012-03-09 04:36:12 4155520 ----a-w- c:\windows\system32\ativvaxx.dll
2012-03-09 04:24:58 638976 ----a-w- c:\windows\system32\atiok3x2.dll
2012-03-09 04:21:52 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-03-09 04:18:40 305152 ----a-w- c:\windows\system32\ati2dvag.dll
2012-03-09 04:12:20 65024 ----a-w- c:\windows\system32\atimpc32.dll
2012-03-09 04:12:20 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2012-03-09 03:52:28 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2012-03-09 03:52:12 159744 ----a-w- c:\windows\system32\Oemdspif.dll
2012-03-09 03:52:00 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2012-03-09 03:51:52 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-03-09 03:51:36 192512 ----a-w- c:\windows\system32\ati2evxx.dll
2012-03-09 03:50:00 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2012-03-09 03:48:28 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2012-03-09 03:46:26 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-03-09 03:41:34 847872 ----a-w- c:\windows\system32\atikvmag.dll
2012-03-09 03:36:30 237568 ----a-w- c:\windows\system32\atiadlxx.dll
2012-03-09 03:36:08 17408 ----a-w- c:\windows\system32\atitvo32.dll
2012-03-09 03:29:24 909312 ----a-w- c:\windows\system32\ati2cqag.dll
2012-03-02 23:13:57 230808 ----a-r- c:\windows\system32\cpnprt2.cid
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 15:26:38.46 ===============


Thanks again for any assistance you may be able to provide. I will be checking back regularly since I work from home at least once a day probably more. I look forward to hearing from you.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:10 AM

Posted 04 May 2012 - 10:15 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 JDiamond

JDiamond
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 05 May 2012 - 12:04 PM

A pleasure to make your acquaintance Gringo. I have performed the tasks to completion and will post the logs below. As for the computer's behavior it has thus far not redirected me when using Google. I have tested it using "Mass Effect" and "Bleeping Computer" as my keywords and clicking 5 links on various pages. I made sure to only use links for reputable sites but regardless the redirect has seemingly ceased. Likewise after running security check it seems several files for Mcafee may have been deleted by the virus as they were somehow restored after it did an update to Mcafee. I had previously been unable to update or access most functions of it since infection so this came as a very welcome surprise. I have not run any scans or performed any operations with it beyond checking to see if certain functions were available for use. It appears to be functional again. Anyway here are the logs for Security Check and Combofix.

Security Check's Log:

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
McAfee SecurityCenter
```````````````````````````````
Anti-malware/Other Utilities Check:

SpywareBlaster 4.4
CCleaner
Java™ 6 Update 26
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java version out of date!
Adobe Flash Player 11.2.202.233
Adobe Reader X (10.1.3)
Mozilla Firefox (9.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````


ComboFix's Log:


ComboFix 12-05-05.06 - Christopher Ross 05/05/2012 12:35:48.2.6 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2486 [GMT -4:00]
Running from: c:\documents and settings\Christopher Ross.GUARDIAN-4380AE\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\apppatch\AppLoc.exe
c:\windows\system32\SET114.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-04-05 to 2012-05-05 )))))))))))))))))))))))))))))))
.
.
2012-05-04 23:22 . 2012-03-20 17:06 29272 ----a-w- c:\program files\Mozilla Firefox\ScriptFF.dll
2012-04-29 00:30 . 2012-04-29 00:30 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-18 21:12 . 2012-04-18 21:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ATI
2012-04-18 21:07 . 2012-03-09 04:51 956160 ----a-w- c:\windows\system32\ativvamv.dll
2012-04-18 20:53 . 2011-12-20 07:39 100368 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys
2012-04-18 20:52 . 2012-03-09 04:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-18 20:51 . 2012-04-18 21:09 -------- d-----w- c:\program files\ATI Technologies
2012-04-18 20:51 . 2012-04-18 20:51 -------- d-----w- c:\program files\ATI
2012-04-18 20:50 . 2012-04-18 21:05 -------- d-----w- C:\AMD
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-29 00:30 . 2011-05-19 23:06 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 19:56 . 2011-06-26 21:31 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-20 17:11 . 2010-12-24 14:43 151880 ----a-w- c:\windows\system32\mfevtps.exe
2012-03-09 06:22 . 2010-10-31 05:18 7586304 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2012-03-09 06:14 . 2010-10-31 06:44 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2012-03-09 05:19 . 2010-10-31 06:44 19959808 ----a-w- c:\windows\system32\atioglxx.dll
2012-03-09 05:02 . 2010-10-31 05:05 5358304 ----a-w- c:\windows\system32\ati3duag.dll
2012-03-09 04:36 . 2010-10-31 05:05 4155520 ----a-w- c:\windows\system32\ativvaxx.dll
2012-03-09 04:24 . 2010-10-31 06:44 638976 ----a-w- c:\windows\system32\atiok3x2.dll
2012-03-09 04:21 . 2010-10-31 06:44 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-03-09 04:18 . 2010-10-31 05:05 305152 ----a-w- c:\windows\system32\ati2dvag.dll
2012-03-09 04:12 . 2010-10-31 06:44 65024 ----a-w- c:\windows\system32\atimpc32.dll
2012-03-09 04:12 . 2010-10-31 06:44 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2012-03-09 03:52 . 2010-10-31 06:44 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2012-03-09 03:52 . 2010-10-31 06:44 159744 ----a-w- c:\windows\system32\Oemdspif.dll
2012-03-09 03:52 . 2010-10-31 06:44 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2012-03-09 03:51 . 2010-10-31 06:44 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-03-09 03:51 . 2010-10-31 06:44 192512 ----a-w- c:\windows\system32\ati2evxx.dll
2012-03-09 03:50 . 2010-10-31 06:44 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2012-03-09 03:48 . 2010-10-31 06:44 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2012-03-09 03:46 . 2010-10-31 06:44 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-03-09 03:41 . 2010-10-31 06:44 847872 ----a-w- c:\windows\system32\atikvmag.dll
2012-03-09 03:36 . 2010-10-31 06:44 237568 ----a-w- c:\windows\system32\atiadlxx.dll
2012-03-09 03:36 . 2010-10-31 06:44 17408 ----a-w- c:\windows\system32\atitvo32.dll
2012-03-09 03:29 . 2010-10-31 05:05 909312 ----a-w- c:\windows\system32\ati2cqag.dll
2012-03-02 23:13 . 2010-12-09 17:52 230808 ----a-r- c:\windows\system32\cpnprt2.cid
2012-03-01 11:01 . 2010-10-31 05:14 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2010-10-31 05:09 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2010-10-31 05:08 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2010-10-31 05:14 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2010-10-31 05:08 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2010-10-31 05:08 385024 ----a-w- c:\windows\system32\html.iec
2012-02-22 17:29 . 2010-12-24 14:58 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-02-22 17:29 . 2010-12-24 14:58 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2012-02-22 17:29 . 2010-12-24 14:58 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-02-22 17:29 . 2010-12-24 14:58 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2012-02-22 17:29 . 2010-12-24 14:58 340920 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-02-22 17:29 . 2010-12-24 14:58 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-02-22 17:29 . 2010-10-31 05:19 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-02-22 17:29 . 2010-10-31 05:19 464304 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-02-22 17:29 . 2010-10-31 05:19 180848 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-02-22 17:29 . 2010-10-14 03:28 121544 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-12-30 21:22 . 2011-05-07 00:04 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 18:01 . 2010-12-24 14:58 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-05_20.01.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-05 16:13 . 2012-05-05 16:13 16384 c:\windows\Temp\Perflib_Perfdata_b58.dat
+ 2012-05-05 16:13 . 2012-05-05 16:13 16384 c:\windows\Temp\Perflib_Perfdata_a98.dat
+ 2011-10-09 07:44 . 2010-07-05 13:15 17272 c:\windows\system32\spmsg.dll
- 2011-10-09 07:44 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
+ 2012-04-18 21:07 . 2001-11-09 16:01 24064 c:\windows\system32\ReinstallBackups\0018\DriverFiles\B109234\ativcoxx.dll
+ 2012-04-18 21:07 . 2012-03-09 03:36 17408 c:\windows\system32\ReinstallBackups\0018\DriverFiles\B109234\atitvo32.dll
+ 2012-04-18 21:07 . 2009-06-22 15:34 45056 c:\windows\system32\ReinstallBackups\0018\DriverFiles\B109234\ATIODCLI.exe
+ 2012-04-18 21:07 . 2012-03-09 04:12 65024 c:\windows\system32\ReinstallBackups\0018\DriverFiles\B109234\atimpc32.dll
+ 2012-04-18 21:07 . 2012-03-09 03:48 53248 c:\windows\system32\ReinstallBackups\0018\DriverFiles\B109234\ATIDDC.DLL
+ 2012-04-18 21:07 . 2012-03-09 03:52 26112 c:\windows\system32\ReinstallBackups\0018\DriverFiles\B109234\Ati2mdxx.exe
+ 2012-04-18 21:07 . 2012-03-09 04:21 53248 c:\windows\system32\ReinstallBackups\0018\DriverFiles\B109234\ati2erec.dll
+ 2012-04-18 21:07 . 2012-03-09 03:51 43520 c:\windows\system32\ReinstallBackups\0018\DriverFiles\B109234\ati2edxx.dll
+ 2012-04-18 21:07 . 2008-04-13 21:12 23552 c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\wdmaud.drv
+ 2012-04-18 21:07 . 2004-07-09 11:27 48512 c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\stream.sys
+ 2012-04-18 21:07 . 2008-04-13 15:45 60160 c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\drmk.sys
+ 2012-04-18 21:08 . 2008-04-13 21:12 23552 c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\wdmaud.drv
+ 2012-04-18 21:08 . 2004-07-09 11:27 48512 c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\stream.sys
+ 2012-04-18 21:08 . 2008-04-13 15:45 60160 c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\drmk.sys
- 2010-10-31 05:12 . 2012-02-23 06:03 89644 c:\windows\system32\perfc009.dat
+ 2010-10-31 05:12 . 2012-04-11 19:03 89644 c:\windows\system32\perfc009.dat
+ 2010-10-31 05:10 . 2012-03-01 11:01 66560 c:\windows\system32\mshtmled.dll
- 2010-10-31 05:10 . 2011-12-17 19:46 66560 c:\windows\system32\mshtmled.dll
+ 2010-10-31 05:10 . 2012-03-01 11:01 55296 c:\windows\system32\msfeedsbs.dll
- 2010-10-31 05:10 . 2011-12-17 19:46 55296 c:\windows\system32\msfeedsbs.dll
- 2010-10-31 05:09 . 2011-12-17 19:46 25600 c:\windows\system32\jsproxy.dll
+ 2010-10-31 05:09 . 2012-03-01 11:01 25600 c:\windows\system32\jsproxy.dll
+ 2012-04-18 21:07 . 2012-03-09 03:52 82639 c:\windows\system32\DRVSTORE\CX135748_5FFE3C5FB83A59104D8CE155848AB6353F2162B4\B134676\oemdspif.dll
+ 2012-04-18 21:07 . 2001-11-09 16:01 12614 c:\windows\system32\DRVSTORE\CX135748_5FFE3C5FB83A59104D8CE155848AB6353F2162B4\B134676\ativcoxx.dll
+ 2012-04-18 21:07 . 2010-08-27 18:32 81222 c:\windows\system32\DRVSTORE\CX135748_5FFE3C5FB83A59104D8CE155848AB6353F2162B4\B134676\atiode.exe
+ 2012-04-18 21:07 . 2009-06-22 15:34 25130 c:\windows\system32\DRVSTORE\CX135748_5FFE3C5FB83A59104D8CE155848AB6353F2162B4\B134676\atiodcli.exe
+ 2012-04-18 21:07 . 2012-03-09 04:12 41500 c:\windows\system32\DRVSTORE\CX135748_5FFE3C5FB83A59104D8CE155848AB6353F2162B4\B134676\atimpc32.dll
+ 2012-04-18 21:07 . 2012-03-09 03:48 28700 c:\windows\system32\DRVSTORE\CX135748_5FFE3C5FB83A59104D8CE155848AB6353F2162B4\B134676\atiddc.dll
+ 2012-04-18 21:07 . 2009-05-11 21:35 71662 c:\windows\system32\DRVSTORE\CX135748_5FFE3C5FB83A59104D8CE155848AB6353F2162B4\B134676\atibtmon.exe
+ 2012-04-18 21:07 . 2012-03-09 03:46 61529 c:\windows\system32\DRVSTORE\CX135748_5FFE3C5FB83A59104D8CE155848AB6353F2162B4\B134676\atiapfxx.exe
+ 2012-04-18 21:07 . 2012-03-09 03:52 16309 c:\windows\system32\DRVSTORE\CX135748_5FFE3C5FB83A59104D8CE155848AB6353F2162B4\B134676\ati2mdxx.exe
+ 2012-04-18 21:07 . 2012-03-09 04:21 13670 c:\windows\system32\DRVSTORE\CX135748_5FFE3C5FB83A59104D8CE155848AB6353F2162B4\B134676\ati2erec.dll
+ 2012-04-18 21:07 . 2012-03-09 03:51 28844 c:\windows\system32\DRVSTORE\CX135748_5FFE3C5FB83A59104D8CE155848AB6353F2162B4\B134676\ati2edxx.dll
+ 2012-04-18 20:52 . 2010-11-26 02:34 81688 c:\windows\system32\DRVSTORE\CX109807_B9DEB67CE18084858F9775E7B3ADA214DC530B9B\B109234\oemdspif.dll
+ 2012-04-18 20:52 . 2001-11-09 16:01 12614 c:\windows\system32\DRVSTORE\CX109807_B9DEB67CE18084858F9775E7B3ADA214DC530B9B\B109234\ativcoxx.dll
+ 2012-04-18 20:52 . 2010-08-27 19:32 81222 c:\windows\system32\DRVSTORE\CX109807_B9DEB67CE18084858F9775E7B3ADA214DC530B9B\B109234\atiode.exe
+ 2012-04-18 20:52 . 2009-06-22 16:34 25130 c:\windows\system32\DRVSTORE\CX109807_B9DEB67CE18084858F9775E7B3ADA214DC530B9B\B109234\atiodcli.exe
+ 2012-04-18 20:52 . 2010-11-26 02:16 41418 c:\windows\system32\DRVSTORE\CX109807_B9DEB67CE18084858F9775E7B3ADA214DC530B9B\B109234\atimpc32.dll
+ 2012-04-18 20:52 . 2010-11-26 02:31 28700 c:\windows\system32\DRVSTORE\CX109807_B9DEB67CE18084858F9775E7B3ADA214DC530B9B\B109234\atiddc.dll
+ 2012-04-18 20:52 . 2010-11-26 03:07 29986 c:\windows\system32\DRVSTORE\CX109807_B9DEB67CE18084858F9775E7B3ADA214DC530B9B\B109234\aticalrt.dll
+ 2012-04-18 20:52 . 2010-11-26 03:07 29025 c:\windows\system32\DRVSTORE\CX109807_B9DEB67CE18084858F9775E7B3ADA214DC530B9B\B109234\aticalcl.dll
+ 2012-04-18 20:52 . 2009-05-11 22:35 71662 c:\windows\system32\DRVSTORE\CX109807_B9DEB67CE18084858F9775E7B3ADA214DC530B9B\B109234\atibtmon.exe
+ 2012-04-18 20:52 . 2010-11-26 02:30 55072 c:\windows\system32\DRVSTORE\CX109807_B9DEB67CE18084858F9775E7B3ADA214DC530B9B\B109234\atiapfxx.exe
+ 2012-04-18 20:52 . 2010-11-26 02:34 16309 c:\windows\system32\DRVSTORE\CX109807_B9DEB67CE18084858F9775E7B3ADA214DC530B9B\B109234\ati2mdxx.exe
+ 2012-04-18 20:52 . 2010-11-26 02:34 81571 c:\windows\system32\DRVSTORE\CX109807_B9DEB67CE18084858F9775E7B3ADA214DC530B9B\B109234\ati2evxx.dll
+ 2012-04-18 20:52 . 2010-11-26 02:39 13650 c:\windows\system32\DRVSTORE\CX109807_B9DEB67CE18084858F9775E7B3ADA214DC530B9B\B109234\ati2erec.dll
+ 2012-04-18 20:52 . 2010-11-26 02:34 28842 c:\windows\system32\DRVSTORE\CX109807_B9DEB67CE18084858F9775E7B3ADA214DC530B9B\B109234\ati2edxx.dll
+ 2010-10-31 05:19 . 2008-04-13 15:45 60160 c:\windows\system32\drivers\drmk.sys
- 2010-10-31 05:19 . 2008-04-13 16:45 60160 c:\windows\system32\drivers\drmk.sys
- 2010-10-31 18:07 . 2011-12-17 19:46 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-10-31 18:07 . 2012-03-01 11:01 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-10-31 05:22 . 2012-03-01 11:01 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2010-10-31 05:22 . 2011-12-17 19:46 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2010-10-31 05:22 . 2011-12-17 19:46 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2010-10-31 05:22 . 2012-03-01 11:01 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2010-10-31 05:21 . 2012-03-01 11:01 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2010-10-31 05:21 . 2011-12-17 19:46 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2010-10-31 05:21 . 2012-03-01 11:01 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2010-10-31 05:21 . 2011-12-17 19:46 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2010-10-31 05:19 . 2008-04-13 16:45 60160 c:\windows\system32\dllcache\drmk.sys
+ 2010-10-31 05:19 . 2008-04-13 15:45 60160 c:\windows\system32\dllcache\drmk.sys
+ 2012-03-06 00:38 . 2012-05-05 03:54 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-10-31 05:26 . 2012-05-05 03:54 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-10-31 05:26 . 2012-03-05 18:39 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-10-31 05:26 . 2012-03-05 18:39 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-03-06 00:38 . 2012-05-05 03:54 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-10-31 06:44 . 2001-11-09 16:01 24064 c:\windows\system32\ativcoxx.dll
- 2010-10-31 06:44 . 2001-11-10 04:01 24064 c:\windows\system32\ativcoxx.dll
- 2010-10-31 06:44 . 2009-02-04 09:52 45056 c:\windows\system32\ATIODCLI.exe
+ 2010-10-31 06:44 . 2009-06-22 15:34 45056 c:\windows\system32\ATIODCLI.exe
- 2012-02-17 05:27 . 2012-02-17 05:27 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-04-11 18:59 . 2012-04-11 18:59 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-02-17 05:27 . 2012-02-17 05:27 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-04-11 18:59 . 2012-04-11 18:59 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-04-11 18:59 . 2012-04-11 18:59 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-04-11 18:59 . 2012-04-11 18:59 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-04-06 02:16 . 2012-04-06 02:16 22016 c:\windows\Installer\27a7f.msi
+ 2012-04-18 21:09 . 2012-04-18 21:09 10134 c:\windows\Installer\{FF9B0E3E-9D2E-2560-EEA2-BB35A369C491}\ARPPRODUCTICON.exe
+ 2012-04-18 21:09 . 2012-04-18 21:09 10134 c:\windows\Installer\{FBFC6AFA-082C-CBEC-3D28-1EE9CA16D029}\ARPPRODUCTICON.exe
+ 2012-04-18 21:09 . 2012-04-18 21:09 10134 c:\windows\Installer\{FA584B62-7ECF-A981-0D1E-A8BE67C604DB}\ARPPRODUCTICON.exe
+ 2012-04-18 21:09 . 2012-04-18 21:09 10134 c:\windows\Installer\{F748B53A-A58F-17B4-F380-08EF92B6A6F4}\ARPPRODUCTICON.exe
+ 2012-04-18 21:09 . 2012-04-18 21:09 10134 c:\windows\Installer\{E8D9FAA2-D3DB-7FA3-3FFE-0AC935251F99}\ARPPRODUCTICON.exe
+ 2012-04-18 21:09 . 2012-04-18 21:09 10134 c:\windows\Installer\{DE464235-13EC-F0E2-2608-9A8103F52DF8}\ARPPRODUCTICON.exe
+ 2012-04-18 21:09 . 2012-04-18 21:09 10134 c:\windows\Installer\{DA3DB4D7-429D-4292-F855-C47C6EA1AFF8}\ARPPRODUCTICON.exe
+ 2012-04-18 21:09 . 2012-04-18 21:09 10134 c:\windows\Installer\{D3CD290C-C254-F440-962D-F9D0E60DD3F4}\ARPPRODUCTICON.exe
+ 2012-04-18 21:09 . 2012-04-18 21:09 10134 c:\windows\Installer\{C6BD88D1-A8D3-B46F-781E-80A6A6927E09}\ARPPRODUCTICON.exe
+ 2012-04-18 21:09 . 2012-04-18 21:09 10134 c:\windows\Installer\{BBC2068D-CE9C-48F5-A6EA-4B44B9DB14A5}\ARPPRODUCTICON.exe
+ 2012-04-18 21:09 . 2012-04-18 21:09 10134 c:\windows\Installer\{B802B2D2-C777-1876-8204-C0F360CBF955}\ARPPRODUCTICON.exe
+ 2012-04-18 21:09 . 2012-04-18 21:09 10134 c:\windows\Installer\{AB4FE709-7AC5-A7FF-A947-A110CEFCB074}\ARPPRODUCTICON.exe
+ 2012-04-18 21:07 . 2012-04-18 21:07 88102 c:\windows\Installer\{A997829F-090A-06FC-ADDA-B907E0D2562E}\NewShortcut5_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2012-04-18 21:07 . 2012-04-18 21:07 88102 c:\windows\Installer\{A997829F-090A-06FC-ADDA-B907E0D2562E}\NewShortcut4_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2012-04-18 21:07 . 2012-04-18 21:07 88102 c:\windows\Installer\{A997829F-090A-06FC-ADDA-B907E0D2562E}\NewShortcut3_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2012-04-18 21:07 . 2012-04-18 21:07 88102 c:\windows\Installer\{A997829F-090A-06FC-ADDA-B907E0D2562E}\NewShortcut2_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2012-04-18 21:07 . 2012-04-18 21:07 88102 c:\windows\Installer\{A997829F-090A-06FC-ADDA-B907E0D2562E}\ARPPRODUCTICON.exe
+ 2012-04-18 21:09 . 2012-04-18 21:09 10134 c:\windows\Installer\{9BA4C082-183A-4869-06DB-4F563355D33F}\ARPPRODUCTICON.exe
+ 2012-04-18 21:09 . 2012-04-18 21:09 10134 c:\windows\Installer\{96A092BE-173D-6824-14FD-1C8C0477C1D1}\ARPPRODUCTICON.exe
+ 2012-04-18 21:09 . 2012-04-18 21:09 10134 c:\windows\Installer\{950A97A5-F8AF-26C7-8F8B-47F7C1F03363}\ARPPRODUCTICON.exe
+ 2012-04-18 21:09 . 2012-04-18 21:09 10134 c:\windows\Installer\{8FB7E2C1-13A7-F9A0-277F-8CFB5B198E7E}\ARPPRODUCTICON.exe
+ 2012-04-18 21:09 . 2012-04-18 21:09 10134 c:\windows\Installer\{821CF756-EDC0-5A8C-6ECA-3F4682DEAFD1}\ARPPRODUCTICON.exe
+ 2012-04-18 20:54 . 2012-04-18 20:54 77542 c:\windows\Installer\{7724F361-5E45-4649-E104-07183CC0E349}\ARPPRODUCTICON.exe
+ 2012-04-18 21:09 . 2012-04-18 21:09 10134 c:\windows\Installer\{76B0FAA5-C23B-58E8-EB51-1195A4D6BEB7}\ARPPRODUCTICON.exe
+ 2012-04-18 21:10 . 2012-04-18 21:10 10134 c:\windows\Installer\{69101ED4-FAEB-44EE-1A0E-0602CD6458F3}\ARPPRODUCTICON.exe
+ 2012-04-18 20:51 . 2012-04-18 20:51 77542 c:\windows\Installer\{65455A2D-1671-E83B-F15D-D0C887F9D608}\NewShortcut5_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2012-04-18 20:51 . 2012-04-18 20:51 77542 c:\windows\Installer\{65455A2D-1671-E83B-F15D-D0C887F9D608}\NewShortcut4_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2012-04-18 20:51 . 2012-04-18 20:51 77542 c:\windows\Installer\{65455A2D-1671-E83B-F15D-D0C887F9D608}\NewShortcut3_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2012-04-18 20:51 . 2012-04-18 20:51 77542 c:\windows\Installer\{65455A2D-1671-E83B-F15D-D0C887F9D608}\NewShortcut2_4DEA5338A7B840A3B51CDC742625BF49.exe
+ 2012-04-18 21:09 . 2012-04-18 21:09 10134 c:\windows\Installer\{653B7F6E-F594-4B55-61BA-78F8FE6E500A}\ARPPRODUCTICON.exe
+ 2012-04-18 21:09 . 2012-04-18 21:09 10134 c:\windows\Installer\{5DCB68D8-686F-0550-6DD3-957A366F8F99}\ARPPRODUCTICON.exe
+ 2012-04-18 21:07 . 2012-04-18 21:07 10134 c:\windows\Installer\{59A86970-E9AB-0D1D-A269-2381A89F0CF2}\ARPPRODUCTICON.exe
+ 2012-04-18 20:54 . 2012-04-18 20:54 44758 c:\windows\Installer\{4AA83D48-8658-1526-EC55-25514D46ACCD}\NewShortcut11_EAB9635D261D49BE88DDE71A7C809B2D.exe
+ 2012-04-18 21:09 . 2012-04-18 21:09 10134 c:\windows\Installer\{41B4F085-82E5-C9C2-9AB3-65D67EF60883}\ARPPRODUCTICON.exe
+ 2012-04-18 21:09 . 2012-04-18 21:09 10134 c:\windows\Installer\{3BDCECE1-F7F8-81E3-EE26-AF8FD5172A56}\ARPPRODUCTICON.exe
+ 2012-04-18 21:09 . 2012-04-18 21:09 10134 c:\windows\Installer\{3179E96B-2CCF-A00A-5738-4C14DBA0DACA}\ARPPRODUCTICON.exe
+ 2012-04-18 21:09 . 2012-04-18 21:09 10134 c:\windows\Installer\{23481C75-AA13-858C-C707-51D7744F2309}\ARPPRODUCTICON.exe
+ 2012-04-18 21:09 . 2012-04-18 21:09 10134 c:\windows\Installer\{0A68C819-3333-E57F-5881-D3FE31C1F2D5}\ARPPRODUCTICON.exe
+ 2012-04-18 21:09 . 2012-04-18 21:09 10134 c:\windows\Installer\{036138A4-CE69-54B3-EC3A-22EC160303E0}\ARPPRODUCTICON.exe
+ 2012-04-11 19:04 . 2011-12-17 19:46 12800 c:\windows\ie8updates\KB2675157-IE8\xpshims.dll
+ 2012-04-11 19:04 . 2011-12-17 19:46 66560 c:\windows\ie8updates\KB2675157-IE8\mshtmled.dll
+ 2012-04-11 19:04 . 2011-12-17 19:46 55296 c:\windows\ie8updates\KB2675157-IE8\msfeedsbs.dll
+ 2012-04-11 19:04 . 2011-12-17 19:46 43520 c:\windows\ie8updates\KB2675157-IE8\licmgr10.dll
+ 2012-04-11 19:04 . 2011-12-17 19:46 25600 c:\windows\ie8updates\KB2675157-IE8\jsproxy.dll
+ 2012-04-11 19:04 . 2012-04-11 19:04 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_92cc1fc1\System.Drawing.Design.dll
+ 2012-04-12 01:15 . 2012-04-12 01:15 46592 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\54086073df249c43189bc8eb4c242818\System.Web.DynamicData.Design.ni.dll
+ 2012-04-12 01:14 . 2012-04-12 01:14 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\36124bfc4baaa1c2063d699e77324080\System.Web.DynamicData.Design.ni.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-02-23 06:00 . 2012-02-23 06:00 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2012-03-06 17:36 . 2012-03-06 17:36 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2012-03-06 17:36 . 2012-03-06 17:36 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2012-02-23 06:00 . 2012-02-23 06:00 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2012-03-13 23:15 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2647518\update\spcustom.dll
+ 2012-03-13 23:15 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2647518\spmsg.dll
+ 2012-03-14 03:10 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2641653\update\spcustom.dll
+ 2012-03-14 03:10 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2641653\spmsg.dll
+ 2012-03-13 23:15 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2621440\update\spcustom.dll
+ 2012-03-13 23:15 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2621440\spmsg.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-04-18 21:07 . 2002-12-12 07:14 4096 c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\ksuser.dll
+ 2012-04-18 21:08 . 2002-12-12 07:14 4096 c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\ksuser.dll
+ 2012-04-18 21:07 . 2012-03-09 03:36 8348 c:\windows\system32\DRVSTORE\CX135748_5FFE3C5FB83A59104D8CE155848AB6353F2162B4\B134676\atitvo32.dll
+ 2012-04-18 20:52 . 2010-11-26 02:24 8347 c:\windows\system32\DRVSTORE\CX109807_B9DEB67CE18084858F9775E7B3ADA214DC530B9B\B109234\atitvo32.dll
+ 2012-04-18 20:53 . 2012-04-18 20:53 9158 c:\windows\Installer\{EB3E8237-FD20-C42C-9D93-9D6ADE03850C}\ARPPRODUCTICON.exe
+ 2012-04-18 21:10 . 2012-04-18 21:10 9662 c:\windows\Installer\{69101ED4-FAEB-44EE-1A0E-0602CD6458F3}\NewShortcut11_EAB9635D261D49BE88DDE71A7C809B2D.exe
- 2012-02-23 06:03 . 2012-02-23 06:03 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-02-23 06:03 . 2012-02-23 06:03 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-02-23 06:03 . 2012-02-23 06:03 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
+ 2012-04-11 18:59 . 2012-04-11 18:59 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
+ 2012-04-11 18:59 . 2012-04-11 18:59 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2010-10-31 05:13 . 2011-12-17 19:46 105984 c:\windows\system32\url.dll
+ 2010-10-31 05:13 . 2012-03-01 11:01 105984 c:\windows\system32\url.dll
+ 2012-04-18 21:07 . 2012-03-09 03:52 159744 c:\windows\system32\ReinstallBackups\0018\DriverFiles\B109234\Oemdspif.dll
+ 2012-04-18 21:07 . 2012-03-09 04:30 887724 c:\windows\system32\ReinstallBackups\0018\DriverFiles\B109234\ativva6x.dat
+ 2012-04-18 21:07 . 2012-03-09 03:52 212992 c:\windows\system32\ReinstallBackups\0018\DriverFiles\B109234\atipdlxx.dll
+ 2012-04-18 21:07 . 2012-03-09 04:24 638976 c:\windows\system32\ReinstallBackups\0018\DriverFiles\B109234\atiok3x2.dll
+ 2012-04-18 21:07 . 2010-08-27 18:32 294912 c:\windows\system32\ReinstallBackups\0018\DriverFiles\B109234\ATIODE.exe
+ 2012-04-18 21:07 . 2012-03-09 03:41 847872 c:\windows\system32\ReinstallBackups\0018\DriverFiles\B109234\atikvmag.dll
+ 2012-04-18 21:07 . 2012-03-09 06:14 311296 c:\windows\system32\ReinstallBackups\0018\DriverFiles\B109234\atiiiexx.dll
+ 2012-04-18 21:07 . 2012-01-10 21:10 601728 c:\windows\system32\ReinstallBackups\0018\DriverFiles\B109234\atiicdxx.dat
+ 2012-04-18 21:07 . 2012-03-09 04:20 442368 c:\windows\system32\ReinstallBackups\0018\DriverFiles\B109234\ATIDEMGX.dll
+ 2012-04-18 21:07 . 2009-05-11 21:35 118784 c:\windows\system32\ReinstallBackups\0018\DriverFiles\B109234\atibtmon.exe
+ 2012-04-18 21:07 . 2012-03-09 03:46 159744 c:\windows\system32\ReinstallBackups\0018\DriverFiles\B109234\atiapfxx.exe
+ 2012-04-18 21:07 . 2010-01-14 01:19 180224 c:\windows\system32\ReinstallBackups\0018\DriverFiles\B109234\atiadlxx.dll
+ 2012-04-18 21:07 . 2012-03-09 03:50 643072 c:\windows\system32\ReinstallBackups\0018\DriverFiles\B109234\ati2evxx.exe
+ 2012-04-18 21:07 . 2010-01-14 01:29 159744 c:\windows\system32\ReinstallBackups\0018\DriverFiles\B109234\ati2evxx.dll
+ 2012-04-18 21:07 . 2012-03-09 04:18 305152 c:\windows\system32\ReinstallBackups\0018\DriverFiles\B109234\ati2dvag.dll
+ 2012-04-18 21:07 . 2012-03-09 03:29 909312 c:\windows\system32\ReinstallBackups\0018\DriverFiles\B109234\ati2cqag.dll
+ 2012-04-18 21:07 . 2008-04-13 16:19 146048 c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\portcls.sys
+ 2012-04-18 21:07 . 2010-11-17 12:03 101904 c:\windows\system32\ReinstallBackups\0016\DriverFiles\AtihdXP3.sys
+ 2012-04-18 21:08 . 2008-04-13 16:19 146048 c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\portcls.sys
+ 2012-04-18 21:08 . 2011-12-20 07:39 100368 c:\windows\system32\ReinstallBackups\0012\DriverFiles\AtihdXP3.sys
+ 2010-10-31 05:12 . 2012-04-11 19:03 504176 c:\windows\system32\perfh009.dat
- 2010-10-31 05:12 . 2012-02-23 06:03 504176 c:\windows\system32\perfh009.dat
- 2010-10-31 05:11 . 2011-12-17 19:46 206848 c:\windows\system32\occache.dll
+ 2010-10-31 05:11 . 2012-03-01 11:01 206848 c:\windows\system32\occache.dll
- 2010-10-31 05:10 . 2011-12-17 19:46 611840 c:\windows\system32\mstime.dll
+ 2010-10-31 05:10 . 2012-03-01 11:01 611840 c:\windows\system32\mstime.dll
- 2010-10-31 05:10 . 2011-12-17 19:46 602112 c:\windows\system32\msfeeds.dll
+ 2010-10-31 05:10 . 2012-03-01 11:01 602112 c:\windows\system32\msfeeds.dll
+ 2012-04-29 00:30 . 2012-04-29 00:30 353440 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_233_Plugin.exe
+ 2012-04-29 00:30 . 2012-04-29 00:30 253088 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2010-10-31 05:08 . 2012-03-01 11:01 184320 c:\windows\system32\iepeers.dll
- 2010-10-31 05:08 . 2011-12-17 19:46 184320 c:\windows\system32\iepeers.dll
+ 2010-10-31 05:08 . 2012-03-01 11:01 387584 c:\windows\system32\iedkcs32.dll
- 2010-10-31 05:08 . 2011-12-17 19:46 387584 c:\windows\system32\iedkcs32.dll
- 2010-10-31 05:08 . 2011-12-16 12:23 174080 c:\windows\system32\ie4uinit.exe
+ 2010-10-31 05:08 . 2012-02-29 12:17 174080 c:\windows\system32\ie4uinit.exe
+ 2010-10-31 05:08 . 2012-03-14 18:18 263824 c:\windows\system32\FNTCACHE.DAT
- 2010-10-31 05:08 . 2012-02-23 06:09 263824 c:\windows\system32\FNTCACHE.DAT
+ 2012-04-18 21:07 . 2012-03-09 04:51 501666 c:\windows\system32\DRVSTORE\CX135748_5FFE3C5FB83A59104D8CE155848AB6353F2162B4\B134676\ativvamv.dll
+ 2012-04-18 21:07 . 2012-03-09 04:30 887724 c:\windows\system32\DRVSTORE\CX135748_5FFE3C5FB83A59104D8CE155848AB6353F2162B4\B134676\ativva6x.dat
+ 2012-04-18 21:07 . 2012-03-09 03:52 110666 c:\windows\system32\DRVSTORE\CX135748_5FFE3C5FB83A59104D8CE155848AB6353F2162B4\B134676\atipdlxx.dll
+ 2012-04-18 21:07 . 2012-03-09 04:24 313812 c:\windows\system32\DRVSTORE\CX135748_5FFE3C5FB83A59104D8CE155848AB6353F2162B4\B134676\atiok3x2.dll
+ 2012-04-18 21:07 . 2012-03-09 03:41 440762 c:\windows\system32\DRVSTORE\CX135748_5FFE3C5FB83A59104D8CE155848AB6353F2162B4\B134676\atikvmag.dll
+ 2012-04-18 21:07 . 2012-03-09 06:14 311296 c:\windows\system32\DRVSTORE\CX135748_5FFE3C5FB83A59104D8CE155848AB6353F2162B4\B134676\atiiiexx.dll
+ 2012-04-18 21:07 . 2012-01-10 21:10 601728 c:\windows\system32\DRVSTORE\CX135748_5FFE3C5FB83A59104D8CE155848AB6353F2162B4\B134676\atiicdxx.dat
+ 2012-04-18 21:07 . 2012-03-09 04:20 442368 c:\windows\system32\DRVSTORE\CX135748_5FFE3C5FB83A59104D8CE155848AB6353F2162B4\B134676\atidemgx.dll
+ 2012-04-18 21:07 . 2012-03-09 03:36 127858 c:\windows\system32\DRVSTORE\CX135748_5FFE3C5FB83A59104D8CE155848AB6353F2162B4\B134676\atiadlxx.dll
+ 2012-04-18 21:07 . 2012-03-09 03:50 346312 c:\windows\system32\DRVSTORE\CX135748_5FFE3C5FB83A59104D8CE155848AB6353F2162B4\B134676\ati2evxx.exe
+ 2012-04-18 21:07 . 2012-03-09 03:51 103718 c:\windows\system32\DRVSTORE\CX135748_5FFE3C5FB83A59104D8CE155848AB6353F2162B4\B134676\ati2evxx.dll
+ 2012-04-18 21:07 . 2012-03-09 04:18 192091 c:\windows\system32\DRVSTORE\CX135748_5FFE3C5FB83A59104D8CE155848AB6353F2162B4\B134676\ati2dvag.dll
+ 2012-04-18 21:07 . 2012-03-09 03:29 458468 c:\windows\system32\DRVSTORE\CX135748_5FFE3C5FB83A59104D8CE155848AB6353F2162B4\B134676\ati2cqag.dll
+ 2012-04-18 20:52 . 2010-11-26 02:31 887724 c:\windows\system32\DRVSTORE\CX109807_B9DEB67CE18084858F9775E7B3ADA214DC530B9B\B109234\ativva6x.dat
+ 2012-04-18 20:52 . 2010-11-26 02:34 110215 c:\windows\system32\DRVSTORE\CX109807_B9DEB67CE18084858F9775E7B3ADA214DC530B9B\B109234\atipdlxx.dll
+ 2012-04-18 20:52 . 2010-11-26 03:23 221823 c:\windows\system32\DRVSTORE\CX109807_B9DEB67CE18084858F9775E7B3ADA214DC530B9B\B109234\atiok3x2.dll
+ 2012-04-18 20:52 . 2010-11-26 02:26 334452 c:\windows\system32\DRVSTORE\CX109807_B9DEB67CE18084858F9775E7B3ADA214DC530B9B\B109234\atikvmag.dll
+ 2012-04-18 20:52 . 2010-11-26 03:12 311296 c:\windows\system32\DRVSTORE\CX109807_B9DEB67CE18084858F9775E7B3ADA214DC530B9B\B109234\atiiiexx.dll
+ 2012-04-18 20:52 . 2010-09-28 20:07 224001 c:\windows\system32\DRVSTORE\CX109807_B9DEB67CE18084858F9775E7B3ADA214DC530B9B\B109234\atiicdxx.dat
+ 2012-04-18 20:52 . 2010-11-26 02:55 462848 c:\windows\system32\DRVSTORE\CX109807_B9DEB67CE18084858F9775E7B3ADA214DC530B9B\B109234\atidemgx.dll
+ 2012-04-18 20:52 . 2010-11-26 02:24 106573 c:\windows\system32\DRVSTORE\CX109807_B9DEB67CE18084858F9775E7B3ADA214DC530B9B\B109234\atiadlxx.dll
+ 2012-04-18 20:52 . 2010-11-26 02:32 324389 c:\windows\system32\DRVSTORE\CX109807_B9DEB67CE18084858F9775E7B3ADA214DC530B9B\B109234\ati2evxx.exe
+ 2012-04-18 20:52 . 2010-11-26 02:54 189781 c:\windows\system32\DRVSTORE\CX109807_B9DEB67CE18084858F9775E7B3ADA214DC530B9B\B109234\ati2dvag.dll
+ 2012-04-18 20:52 . 2010-11-26 02:18 392309 c:\windows\system32\DRVSTORE\CX109807_B9DEB67CE18084858F9775E7B3ADA214DC530B9B\B109234\ati2cqag.dll
+ 2012-04-18 20:53 . 2010-11-17 12:03 101904 c:\windows\system32\DRVSTORE\AtihdXP3_DC0FB942A9EE9E726CCEF081CE6597F68A619343\AtihdXP3.sys
+ 2012-04-18 21:07 . 2011-12-20 07:39 100368 c:\windows\system32\DRVSTORE\AtihdXP3_C7329EE4FFEA165CE978211609F4AA169F815120\AtihdXP3.sys
+ 2010-10-31 05:19 . 2012-01-09 16:20 139784 c:\windows\system32\drivers\rdpwd.sys
+ 2010-10-31 05:19 . 2008-04-13 16:19 146048 c:\windows\system32\drivers\portcls.sys
- 2010-10-31 05:19 . 2008-04-13 17:19 146048 c:\windows\system32\drivers\portcls.sys
- 2010-10-31 05:24 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2010-10-31 05:24 . 2012-02-29 14:10 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2010-10-31 05:24 . 2012-03-01 11:01 916992 c:\windows\system32\dllcache\wininet.dll
- 2010-10-31 05:24 . 2011-12-17 19:46 916992 c:\windows\system32\dllcache\wininet.dll
- 2010-10-31 05:23 . 2011-12-17 19:46 105984 c:\windows\system32\dllcache\url.dll
+ 2010-10-31 05:23 . 2012-03-01 11:01 105984 c:\windows\system32\dllcache\url.dll
+ 2011-08-11 16:23 . 2012-01-09 16:20 139784 c:\windows\system32\dllcache\rdpwd.sys
- 2010-10-31 05:19 . 2008-04-13 17:19 146048 c:\windows\system32\dllcache\portcls.sys
+ 2010-10-31 05:19 . 2008-04-13 16:19 146048 c:\windows\system32\dllcache\portcls.sys
+ 2010-10-31 05:22 . 2012-03-01 11:01 206848 c:\windows\system32\dllcache\occache.dll
- 2010-10-31 05:22 . 2011-12-17 19:46 206848 c:\windows\system32\dllcache\occache.dll
- 2010-10-31 05:22 . 2011-12-17 19:46 611840 c:\windows\system32\dllcache\mstime.dll
+ 2010-10-31 05:22 . 2012-03-01 11:01 611840 c:\windows\system32\dllcache\mstime.dll
- 2010-10-31 05:22 . 2011-12-17 19:46 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2010-10-31 05:22 . 2012-03-01 11:01 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2012-02-29 14:10 . 2012-02-29 14:10 148480 c:\windows\system32\dllcache\imagehlp.dll
- 2010-10-31 18:07 . 2011-12-17 19:46 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2010-10-31 18:07 . 2012-03-01 11:01 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2010-10-31 05:21 . 2012-03-01 11:01 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-10-31 05:21 . 2011-12-17 19:46 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-10-31 18:07 . 2011-12-17 19:46 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-10-31 18:07 . 2012-03-01 11:01 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-10-31 05:21 . 2012-03-01 11:01 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2010-10-31 05:21 . 2011-12-17 19:46 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2010-10-31 05:21 . 2011-12-16 12:23 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-10-31 05:21 . 2012-02-29 12:17 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-10-31 05:05 . 2012-03-09 04:18 305152 c:\windows\system32\dllcache\ati2dvag.dll
+ 2010-10-31 05:05 . 2012-03-09 03:29 909312 c:\windows\system32\dllcache\ati2cqag.dll
- 2010-10-31 07:33 . 2010-02-11 14:27 887724 c:\windows\system32\ativva6x.dat
+ 2012-04-18 20:52 . 2012-03-09 04:30 887724 c:\windows\system32\ativva6x.dat
- 2010-10-31 06:44 . 2009-02-19 06:55 294912 c:\windows\system32\ATIODE.exe
+ 2010-10-31 06:44 . 2010-08-27 18:32 294912 c:\windows\system32\ATIODE.exe
+ 2010-10-31 06:44 . 2012-01-10 21:10 601728 c:\windows\system32\atiicdxx.dat
- 2010-10-31 06:44 . 2009-05-12 10:35 118784 c:\windows\system32\atibtmon.exe
+ 2010-10-31 06:44 . 2009-05-11 21:35 118784 c:\windows\system32\atibtmon.exe
+ 2012-01-21 21:40 . 2012-01-21 21:40 616216 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
+ 2012-01-31 07:38 . 2012-01-31 07:38 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2012-01-27 21:35 . 2012-01-27 21:35 471040 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-04-11 18:59 . 2012-04-11 18:59 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 616216 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-04-11 18:59 . 2012-04-11 18:59 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-04-11 18:59 . 2012-04-11 18:59 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-04-11 18:59 . 2012-04-11 18:59 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-04-11 18:59 . 2012-04-11 18:59 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-04-11 18:59 . 2012-04-11 18:59 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-04-11 18:59 . 2012-04-11 18:59 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-04-18 20:54 . 2012-04-18 20:54 996864 c:\windows\Installer\5acf2.msi
+ 2012-04-18 20:53 . 2012-04-18 20:53 916992 c:\windows\Installer\5abf3.msi
+ 2012-02-03 03:56 . 2012-02-03 03:56 963584 c:\windows\Installer\26c3d8.msp
+ 2012-04-18 21:09 . 2012-04-18 21:09 232960 c:\windows\Installer\13ad9a.msi
+ 2012-04-18 21:09 . 2012-04-18 21:09 418304 c:\windows\Installer\13ad91.msi
+ 2012-04-18 21:09 . 2012-04-18 21:09 251904 c:\windows\Installer\13ad88.msi
+ 2012-04-18 21:09 . 2012-04-18 21:09 249344 c:\windows\Installer\13ad7f.msi
+ 2012-04-18 21:09 . 2012-04-18 21:09 250368 c:\windows\Installer\13ad76.msi
+ 2012-04-18 21:09 . 2012-04-18 21:09 250368 c:\windows\Installer\13ad6d.msi
+ 2012-04-18 21:09 . 2012-04-18 21:09 250368 c:\windows\Installer\13ad64.msi
+ 2012-04-18 21:09 . 2012-04-18 21:09 250368 c:\windows\Installer\13ad5b.msi
+ 2012-04-18 21:09 . 2012-04-18 21:09 250880 c:\windows\Installer\13ad52.msi
+ 2012-04-18 21:09 . 2012-04-18 21:09 250368 c:\windows\Installer\13ad49.msi
+ 2012-04-18 21:09 . 2012-04-18 21:09 250368 c:\windows\Installer\13ad40.msi
+ 2012-04-18 21:09 . 2012-04-18 21:09 250368 c:\windows\Installer\13ad37.msi
+ 2012-04-18 21:09 . 2012-04-18 21:09 250880 c:\windows\Installer\13ad2e.msi
+ 2012-04-18 21:09 . 2012-04-18 21:09 250880 c:\windows\Installer\13ad25.msi
+ 2012-04-18 21:09 . 2012-04-18 21:09 251392 c:\windows\Installer\13ad1c.msi
+ 2012-04-18 21:09 . 2012-04-18 21:09 250368 c:\windows\Installer\13ad13.msi
+ 2012-04-18 21:09 . 2012-04-18 21:09 251392 c:\windows\Installer\13ad0a.msi
+ 2012-04-18 21:09 . 2012-04-18 21:09 250368 c:\windows\Installer\13ad01.msi
+ 2012-04-18 21:09 . 2012-04-18 21:09 251392 c:\windows\Installer\13acf8.msi
+ 2012-04-18 21:09 . 2012-04-18 21:09 251392 c:\windows\Installer\13acef.msi
+ 2012-04-18 21:09 . 2012-04-18 21:09 251392 c:\windows\Installer\13ace6.msi
+ 2012-04-18 21:09 . 2012-04-18 21:09 251392 c:\windows\Installer\13acdd.msi
+ 2012-04-18 21:09 . 2012-04-18 21:09 251392 c:\windows\Installer\13acd4.msi
+ 2012-04-18 21:09 . 2012-04-18 21:09 250368 c:\windows\Installer\13accb.msi
+ 2012-04-18 21:09 . 2012-04-18 21:09 265728 c:\windows\Installer\13acc1.msi
+ 2012-04-18 21:09 . 2012-04-18 21:09 356352 c:\windows\Installer\13acb8.msi
+ 2012-04-18 21:07 . 2012-04-18 21:07 442368 c:\windows\Installer\13aa16.msi
+ 2012-04-11 19:04 . 2011-12-17 19:46 916992 c:\windows\ie8updates\KB2675157-IE8\wininet.dll
+ 2012-04-11 19:04 . 2011-12-17 19:46 105984 c:\windows\ie8updates\KB2675157-IE8\url.dll
+ 2012-04-11 19:04 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2675157-IE8\spuninst\updspapi.dll
+ 2012-04-11 19:04 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2675157-IE8\spuninst\spuninst.exe
+ 2012-04-11 19:04 . 2011-12-17 19:46 206848 c:\windows\ie8updates\KB2675157-IE8\occache.dll
+ 2012-04-11 19:04 . 2011-12-17 19:46 611840 c:\windows\ie8updates\KB2675157-IE8\mstime.dll
+ 2012-04-11 19:04 . 2011-12-17 19:46 602112 c:\windows\ie8updates\KB2675157-IE8\msfeeds.dll
+ 2012-04-11 19:04 . 2011-12-17 19:46 247808 c:\windows\ie8updates\KB2675157-IE8\ieproxy.dll
+ 2012-04-11 19:04 . 2011-12-17 19:46 184320 c:\windows\ie8updates\KB2675157-IE8\iepeers.dll
+ 2012-04-11 19:04 . 2011-12-17 19:46 743424 c:\windows\ie8updates\KB2675157-IE8\iedvtool.dll
+ 2012-04-11 19:04 . 2011-12-17 19:46 387584 c:\windows\ie8updates\KB2675157-IE8\iedkcs32.dll
+ 2012-04-11 19:04 . 2011-12-16 12:23 174080 c:\windows\ie8updates\KB2675157-IE8\ie4uinit.exe
+ 2012-04-11 19:04 . 2012-04-11 19:04 843776 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_bd48586e\System.Drawing.dll
+ 2012-04-11 19:04 . 2012-04-11 19:04 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_5301cc47\System.Drawing.Design.dll
+ 2012-04-12 01:15 . 2012-04-12 01:15 252416 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\d3f175cefc439ba7d036a7f8f0ebe0c2\WindowsFormsIntegration.ni.dll
+ 2012-04-12 01:15 . 2012-04-12 01:15 194560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\cc43f242e4f24639aece610a95406534\System.Windows.Forms.DataVisualization.Design.ni.dll
+ 2012-04-12 01:15 . 2012-04-12 01:15 864256 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\46de13013e975ac2105f2e4b6faf3b45\System.Web.Extensions.Design.ni.dll
+ 2012-04-12 01:15 . 2012-04-12 01:15 334848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\e810f2696f5cad96f0ae278b520398a2\System.Web.Entity.ni.dll
+ 2012-04-12 01:15 . 2012-04-12 01:15 297984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\9ae239000870d5e9814d3da3027bf598\System.Web.Entity.Design.ni.dll
+ 2012-04-12 01:15 . 2012-04-12 01:15 708096 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\84448e1d3b362675759f78033ba63142\System.Web.DynamicData.ni.dll
+ 2012-04-12 01:15 . 2012-04-12 01:15 260608 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\bdd27a2ab9021222c7d649a41b2a034d\System.Web.DataVisualization.Design.ni.dll
+ 2012-04-12 01:14 . 2012-04-12 01:14 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\873202699833a0c3d031c82b556a7296\System.ServiceProcess.ni.dll
+ 2012-04-12 01:15 . 2012-04-12 01:15 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\8bbad53639576996991c10977adab5ca\System.Messaging.ni.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 226304 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\06f391d52ab00469279819265bd111d2\System.Drawing.Design.ni.dll
+ 2012-04-12 01:14 . 2012-04-12 01:14 219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\874aba2d7663bd1efabda06b016098f4\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-04-12 01:14 . 2012-04-12 01:14 852480 c:\windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\b66c764c2b00cb7c7e5ee8d628fedba4\AspNetMMCExt.ni.dll
+ 2012-04-12 01:14 . 2012-04-12 01:14 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\1107b3a711bab40c83e2561ba2431d62\System.Web.Routing.ni.dll
+ 2012-04-12 01:14 . 2012-04-12 01:14 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\d7c8c294920cfe79765215e242308d28\System.Web.Extensions.Design.ni.dll
+ 2012-04-12 01:14 . 2012-04-12 01:14 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\5176923a8264305118a299419e1c7bde\System.Web.Entity.ni.dll
+ 2012-04-12 01:14 . 2012-04-12 01:14 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d746c0f0ed36226efb2e0115de42cdd6\System.Web.Entity.Design.ni.dll
+ 2012-04-12 01:14 . 2012-04-12 01:14 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\df5542604898c9ea3fda32c8619ae0e5\System.Web.DynamicData.ni.dll
+ 2012-04-12 01:14 . 2012-04-12 01:14 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\b9c8715157536097b489132574ad5c17\System.Web.Abstractions.ni.dll
+ 2012-04-12 01:14 . 2012-04-12 01:14 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e433394df8d44e43690a855e403555\System.ServiceProcess.ni.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\cc2cd3bc46c9c2b30e47281e404a3230\System.Drawing.Design.ni.dll
+ 2012-04-12 01:13 . 2012-04-12 01:13 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\8d6cd6a93f679608d52b6c874088b963\AspNetMMCExt.ni.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-02-17 05:34 . 2012-02-23 06:03 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-04-11 19:02 . 2012-04-11 19:02 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-04-11 19:02 . 2012-04-11 19:02 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-04-11 19:04 . 2012-04-11 19:04 471040 c:\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-02-23 06:00 . 2012-02-23 06:00 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2012-03-06 17:36 . 2012-03-06 17:36 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2012-03-06 17:36 . 2012-03-06 17:36 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2012-02-23 06:00 . 2012-02-23 06:00 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2012-02-23 06:00 . 2012-02-23 06:00 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2012-03-06 17:36 . 2012-03-06 17:36 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2012-03-06 17:36 . 2012-03-06 17:36 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2012-02-23 06:00 . 2012-02-23 06:00 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2012-02-23 06:00 . 2012-02-23 06:00 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2012-03-06 17:36 . 2012-03-06 17:36 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2012-02-23 06:00 . 2012-02-23 06:00 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-06 17:36 . 2012-03-06 17:36 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-02-23 06:00 . 2012-02-23 06:00 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-06 17:36 . 2012-03-06 17:36 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-06 17:36 . 2012-03-06 17:36 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-02-23 06:00 . 2012-02-23 06:00 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-06 17:36 . 2012-03-06 17:36 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-02-23 06:00 . 2012-02-23 06:00 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-02-23 06:00 . 2012-02-23 06:00 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-06 17:35 . 2012-03-06 17:35 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-02-23 06:00 . 2012-02-23 06:00 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-06 17:35 . 2012-03-06 17:35 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-02-23 06:00 . 2012-02-23 06:00 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-06 17:35 . 2012-03-06 17:35 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-06 17:35 . 2012-03-06 17:35 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-02-23 06:00 . 2012-02-23 06:00 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-02-23 06:00 . 2012-02-23 06:00 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2012-03-06 17:36 . 2012-03-06 17:36 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2012-03-13 23:15 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2647518$\spuninst\updspapi.dll
+ 2012-03-13 23:15 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2647518$\spuninst\spuninst.exe
+ 2012-03-14 03:10 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2641653$\spuninst\updspapi.dll
+ 2012-03-14 03:10 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2641653$\spuninst\spuninst.exe
+ 2012-03-13 23:15 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2621440$\spuninst\updspapi.dll
+ 2012-03-13 23:15 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2621440$\spuninst\spuninst.exe
+ 2012-03-13 23:15 . 2011-06-24 14:10 139656 c:\windows\$NtUninstallKB2621440$\rdpwd.sys
+ 2012-03-13 23:15 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2647518\update\updspapi.dll
+ 2012-03-13 23:15 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2647518\update\update.exe
+ 2012-03-13 23:15 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2647518\spuninst.exe
+ 2012-03-14 03:10 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2641653\update\updspapi.dll
+ 2012-03-14 03:10 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2641653\update\update.exe
+ 2012-03-14 03:10 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2641653\spuninst.exe
+ 2012-03-13 23:15 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2621440\update\updspapi.dll
+ 2012-03-13 23:15 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2621440\update\update.exe
+ 2012-03-13 23:15 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2621440\spuninst.exe
+ 2012-03-13 23:09 . 2012-01-09 16:19 139784 c:\windows\$hf_mig$\KB2621440\SP3QFE\rdpwd.sys
+ 2010-10-31 05:13 . 2012-02-03 09:22 1860096 c:\windows\system32\win32k.sys
+ 2010-10-31 05:13 . 2012-03-01 11:01 1212416 c:\windows\system32\urlmon.dll
- 2010-10-31 05:13 . 2011-12-17 19:46 1212416 c:\windows\system32\urlmon.dll
+ 2012-04-18 21:07 . 2012-03-09 04:36 4155520 c:\windows\system32\ReinstallBackups\0018\DriverFiles\B109234\ativvaxx.dll
+ 2012-04-18 21:07 . 2012-03-09 05:02 5358304 c:\windows\system32\ReinstallBackups\0018\DriverFiles\B109234\ati3duag.dll
+ 2012-04-18 21:07 . 2012-03-09 06:22 7586304 c:\windows\system32\ReinstallBackups\0018\DriverFiles\B109234\ati2mtag.sys
+ 2010-10-31 05:10 . 2012-03-01 11:01 5978624 c:\windows\system32\mshtml.dll
+ 2012-04-29 00:30 . 2012-04-29 00:30 8797344 c:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
- 2010-10-31 05:08 . 2011-12-17 19:46 2000384 c:\windows\system32\iertutil.dll
+ 2010-10-31 05:08 . 2012-03-01 11:01 2000384 c:\windows\system32\iertutil.dll
+ 2012-04-18 21:07 . 2012-03-09 04:36 2115978 c:\windows\system32\DRVSTORE\CX135748_5FFE3C5FB83A59104D8CE155848AB6353F2162B4\B134676\ativvaxx.dll
+ 2012-04-18 21:07 . 2012-03-09 05:19 8621953 c:\windows\system32\DRVSTORE\CX135748_5FFE3C5FB83A59104D8CE155848AB6353F2162B4\B134676\atioglxx.dll
+ 2012-04-18 21:07 . 2012-03-09 05:02 2836003 c:\windows\system32\DRVSTORE\CX135748_5FFE3C5FB83A59104D8CE155848AB6353F2162B4\B134676\ati3duag.dll
+ 2012-04-18 21:07 . 2012-03-09 06:22 5043939 c:\windows\system32\DRVSTORE\CX135748_5FFE3C5FB83A59104D8CE155848AB6353F2162B4\B134676\ati2mtag.sys
+ 2012-04-18 20:52 . 2010-11-26 02:32 1274639 c:\windows\system32\DRVSTORE\CX109807_B9DEB67CE18084858F9775E7B3ADA214DC530B9B\B109234\ativvaxx.dll
+ 2012-04-18 20:52 . 2010-11-26 03:57 7315577 c:\windows\system32\DRVSTORE\CX109807_B9DEB67CE18084858F9775E7B3ADA214DC530B9B\B109234\atioglxx.dll
+ 2012-04-18 20:52 . 2010-11-26 03:06 2123518 c:\windows\system32\DRVSTORE\CX109807_B9DEB67CE18084858F9775E7B3ADA214DC530B9B\B109234\aticaldd.dll
+ 2012-04-18 20:52 . 2010-11-26 02:48 2096554 c:\windows\system32\DRVSTORE\CX109807_B9DEB67CE18084858F9775E7B3ADA214DC530B9B\B109234\ati3duag.dll
+ 2012-04-18 20:52 . 2010-11-26 04:17 3614241 c:\windows\system32\DRVSTORE\CX109807_B9DEB67CE18084858F9775E7B3ADA214DC530B9B\B109234\ati2mtag.sys
+ 2010-10-31 05:23 . 2012-02-03 09:22 1860096 c:\windows\system32\dllcache\win32k.sys
+ 2010-10-31 05:23 . 2012-03-01 11:01 1212416 c:\windows\system32\dllcache\urlmon.dll
- 2010-10-31 05:23 . 2011-12-17 19:46 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2010-10-31 05:22 . 2012-03-01 11:01 5978624 c:\windows\system32\dllcache\mshtml.dll
+ 2010-10-31 05:21 . 2012-03-01 11:01 2000384 c:\windows\system32\dllcache\iertutil.dll
- 2010-10-31 05:21 . 2011-12-17 19:46 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2010-10-31 05:05 . 2012-03-09 04:36 4155520 c:\windows\system32\dllcache\ativvaxx.dll
+ 2010-10-31 05:05 . 2012-03-09 05:02 5358304 c:\windows\system32\dllcache\ati3duag.dll
+ 2010-10-31 05:18 . 2012-03-09 06:22 7586304 c:\windows\system32\dllcache\ati2mtag.sys
+ 2012-01-31 08:46 . 2012-01-31 08:46 6385664 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2656370\M2656370Uninstall.msp
+ 2012-04-11 19:00 . 2012-04-11 19:00 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 3511880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 3511880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-04-11 18:59 . 2012-04-11 18:59 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-02-17 05:27 . 2012-02-17 05:27 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-01-31 00:46 . 2012-01-31 00:46 7069184 c:\windows\Installer\26c3e4.msp
+ 2012-01-22 14:09 . 2012-01-22 14:09 1700352 c:\windows\Installer\26c3ce.msp
+ 2012-04-18 21:10 . 2012-04-18 21:10 1136128 c:\windows\Installer\13ada4.msi
+ 2012-04-18 21:07 . 2012-04-18 21:07 1720832 c:\windows\Installer\13aa20.msi
+ 2011-06-06 16:55 . 2011-06-06 16:55 1189004 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JSByteCodeWin.bin
+ 2012-04-11 19:04 . 2011-12-17 19:46 1212416 c:\windows\ie8updates\KB2675157-IE8\urlmon.dll
+ 2012-04-11 19:04 . 2011-12-17 19:46 5979136 c:\windows\ie8updates\KB2675157-IE8\mshtml.dll
+ 2012-04-11 19:04 . 2011-12-17 19:46 2000384 c:\windows\ie8updates\KB2675157-IE8\iertutil.dll
+ 2012-04-11 19:04 . 2012-04-11 19:04 7917568 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_ef534dea\System.Windows.Forms.dll
+ 2012-04-11 19:04 . 2012-04-11 19:04 3035136 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_7aa404d9\System.Windows.Forms.dll
+ 2012-04-11 19:04 . 2012-04-11 19:04 2248704 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_71136a28\System.Drawing.dll
+ 2012-04-11 19:04 . 2012-04-11 19:04 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_680913e8\System.Design.dll
+ 2012-04-11 19:04 . 2012-04-11 19:04 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_1c7d448a\System.Design.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 3798016 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\64bc66b117a976cc4972e4376290c95d\WindowsBase.ni.dll
+ 2012-04-12 01:15 . 2012-04-12 01:15 1211904 c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\db66b77c7fd405dd85977c7450fdbb4c\System.WorkflowServices.ni.dll
+ 2012-04-12 01:15 . 2012-04-12 01:15 4475904 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Com#\5d37895fcb84fc4c1baeda9cdad7a43b\System.Workflow.ComponentModel.ni.dll
+ 2012-04-12 01:15 . 2012-04-12 01:15 2872320 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\8b2b77ea27aa46e8f82bb8101df16a19\System.Workflow.Activities.ni.dll
+ 2012-04-12 01:15 . 2012-04-12 01:15 4586496 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\e8781973fbd0c7a4703e37052f45b783\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-04-12 01:15 . 2012-04-12 01:15 2334720 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\d65fbdd263b35421b44256f250463246\System.Web.Mobile.ni.dll
+ 2012-04-12 01:15 . 2012-04-12 01:15 3123200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\70f55c226bc02396fe093a770c954ac8\System.Web.Extensions.ni.dll
+ 2012-04-12 01:15 . 2012-04-12 01:15 4574720 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\7073659b9db193ca851bbcc05c8173c8\System.Web.DataVisualization.ni.dll
+ 2012-04-12 01:14 . 2012-04-12 01:14 1050112 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\241c6a208037e498657a9e85e398f5a4\System.Printing.ni.dll
+ 2012-04-11 19:00 . 2012-04-11 19:00 1665024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9ac7922025e72297069a82a403cb59fa\System.Drawing.ni.dll
+ 2012-04-12 01:14 . 2012-04-12 01:14 1879040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\2a3e6c74bc3763eefe27c55d9cad3fda\System.Deployment.ni.dll
+ 2012-04-12 01:15 . 2012-04-12 01:15 3713024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\8881093f626f25e558129c833b525ff5\System.Activities.Presentation.ni.dll
+ 2012-04-12 01:14 . 2012-04-12 01:14 2859008 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\385f2b705df4c3fbc6654005f1a38943\ReachFramework.ni.dll
+ 2012-04-12 01:14 . 2012-04-12 01:14 1631744 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\b895a66fa91475e1958d5a2ad63281ca\PresentationUI.ni.dll
+ 2012-04-12 01:14 . 2012-04-12 01:14 1136640 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\a0d3df2d5cebb4e4520f764354fdcfae\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-04-12 01:14 . 2012-04-12 01:14 1836544 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\03bc4ff490bc2c544c5f61842a394883\Microsoft.VisualBasic.ni.dll
+ 2012-04-12 01:14 . 2012-04-12 01:14 2868736 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\25d27c5881735866f47fb57080989b66\Microsoft.Build.Tasks.v4.0.ni.dll
+ 2012-04-12 01:14 . 2012-04-12 01:14 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\d31d2eb0a862d3c1d3561be5f1570c3e\System.WorkflowServices.ni.dll
+ 2012-04-12 01:14 . 2012-04-12 01:14 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\d1dacd5cb445b242b70bf7d606464293\System.Web.Mobile.ni.dll
+ 2012-04-12 01:14 . 2012-04-12 01:14 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6acbb8bb1a43fab0fdcf55bedd1fbcc3\System.Web.Extensions.ni.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 1591808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\System.Drawing.ni.dll
+ 2012-04-12 01:14 . 2012-04-12 01:14 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3d253a2235f7c03630003bc1fbaf34a3\System.Deployment.ni.dll
+ 2012-04-12 01:13 . 2012-04-12 01:13 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ec4a3f74cb80c9b9581d778e8645b2c\Microsoft.VisualBasic.ni.dll
+ 2012-04-12 01:13 . 2012-04-12 01:13 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\876b7280cf4e81fd65b120f60d38a7d9\Microsoft.Build.Tasks.ni.dll
+ 2012-04-12 01:13 . 2012-04-12 01:13 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\64ba53308e90fa3837fe47977e2d37b6\Microsoft.Build.Tasks.v3.5.ni.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-04-11 19:02 . 2012-04-11 19:02 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-04-11 19:02 . 2012-04-11 19:02 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2012-02-23 06:03 . 2012-02-23 06:03 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-02-17 05:34 . 2012-02-23 06:03 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-03-06 17:35 . 2012-03-06 17:35 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-02-23 06:00 . 2012-02-23 06:00 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-06 17:35 . 2012-03-06 17:35 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-02-23 06:00 . 2012-02-23 06:00 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-03-14 03:10 . 2012-01-12 16:53 1859968 c:\windows\$NtUninstallKB2641653$\win32k.sys
+ 2012-03-13 23:15 . 2012-02-03 09:26 1869184 c:\windows\$hf_mig$\KB2641653\SP3QFE\win32k.sys
+ 2012-04-18 21:07 . 2012-03-09 05:19 19959808 c:\windows\system32\ReinstallBackups\0018\DriverFiles\B109234\atioglxx.dll
+ 2010-10-31 05:09 . 2012-04-11 18:56 55154568 c:\windows\system32\MRT.exe
+ 2010-10-31 05:08 . 2012-03-02 10:01 11082752 c:\windows\system32\ieframe.dll
+ 2010-10-31 05:21 . 2012-03-02 10:01 11082752 c:\windows\system32\dllcache\ieframe.dll
+ 2012-04-04 13:32 . 2012-04-04 13:32 16613376 c:\windows\Installer\1cbb5.msp
+ 2012-04-11 19:04 . 2011-12-18 19:46 11082240 c:\windows\ie8updates\KB2675157-IE8\ieframe.dll
+ 2012-04-11 19:01 . 2012-04-11 19:01 13196800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\67b05b57919dfc3a1521f33198495f5b\System.Windows.Forms.ni.dll
+ 2012-04-12 01:14 . 2012-04-12 01:14 12076544 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\0541e0facc72aeb8f189dd8ab69344bd\System.Web.ni.dll
+ 2012-04-11 19:01 . 2012-04-11 19:01 11002880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\bb766612c7402195f00054b9809ebed9\System.Design.ni.dll
+ 2012-04-11 19:01 . 2012-04-11 19:01 17671168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d5be46bcb4eba96a282fb0129b00918d\PresentationFramework.ni.dll
+ 2012-04-11 19:01 . 2012-04-11 19:01 11106816 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\503f6775eb81ff6d97a3e93a70ff8d6e\PresentationCore.ni.dll
+ 2012-04-11 19:04 . 2012-04-11 19:04 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f\System.Windows.Forms.ni.dll
+ 2012-04-12 01:14 . 2012-04-12 01:14 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\db1d2470de43ffcb6f562277208d56e5\System.Web.ni.dll
+ 2012-04-11 19:03 . 2012-04-11 19:03 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\561138d8d199861578c197c4d24e3934\System.Design.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e802027b-1f2b-40bd-b307-0bd96d036835}"= "c:\program files\AstroburnBar\tbAstr.dll" [2007-10-28 1502232]
.
[HKEY_CLASSES_ROOT\clsid\{e802027b-1f2b-40bd-b307-0bd96d036835}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 03:40 1244040 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e802027b-1f2b-40bd-b307-0bd96d036835}]
2007-10-28 22:45 1502232 ----a-w- c:\program files\AstroburnBar\tbAstr.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e802027b-1f2b-40bd-b307-0bd96d036835}"= "c:\program files\AstroburnBar\tbAstr.dll" [2007-10-28 1502232]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1244040]
.
[HKEY_CLASSES_ROOT\clsid\{e802027b-1f2b-40bd-b307-0bd96d036835}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E802027B-1F2B-40BD-B307-0BD96D036835}"= "c:\program files\AstroburnBar\tbAstr.dll" [2007-10-28 1502232]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1244040]
.
[HKEY_CLASSES_ROOT\clsid\{e802027b-1f2b-40bd-b307-0bd96d036835}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 68856]
"DAEMON Tools Lite"="e:\daemon tools lite\daemon.exe" [2008-08-08 490952]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-08-08 3077528]
"Steam"="c:\program files\Steam\steam.exe" [2011-09-24 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-06-14 77824]
"HostManager"="c:\program files\Common Files\AOL\1185242771\ee\AOLSoftware.exe" [2008-06-24 41824]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-05-16 86960]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"StorageGuard"="c:\program files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 155648]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2004-06-11 83968]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"AutoTask"="c:\program files\AutoTask\AutoTask.exe" [2009-06-22 335872]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-07-15 33636352]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-11-28 296056]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"dplaysvr"="c:\documents and settings\Christopher Ross.GUARDIAN-4380AE\Application Data\dplaysvr.exe" [BU]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2010-10-30 114688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-10-30 288472]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Update Checker]
2009-12-28 21:49 121472 ----a-w- c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS VIBE]
2010-03-02 02:22 102400 ----a-w- c:\program files\ASUS\ASUS VIBE\ASUS VIBE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-08-08 12:11 490952 -c--a-w- e:\daemon tools lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2009-07-15 22:23 33636352 ----a-w- c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NUSB3MON]
2009-10-21 16:12 106496 ----a-w- c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunAIShell]
2009-12-23 17:59 232064 ----a-w- c:\program files\ASUS\AI Manager\AsShellApplication.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Six Engine]
2009-06-04 19:10 5777408 ----a-w- c:\program files\ASUS\EPU-4 Engine\FourEngine.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Ati HotKey Poller"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1185242771\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\UTorrent\\uTorrent.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"e:\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"e:\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"e:\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"e:\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"e:\\Nexon\\DFO\\DFO.exe"=
"e:\\Headup Games\\GREED - Black Border\\Greed.exe"=
"e:\\Headup Games\\GREED - Black Border\\Greed_server.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\ijjiOptimizer.exe"=
"e:\\Program Files\\ijji\\ijji REACTOR\\REACTOR.exe"=
"e:\\Games\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"f:\\PSO\\Ship Server Data\\ship_server.exe"=
"f:\\PSO\\Server\\patch_server.exe"=
"f:\\PSO\\Server\\login_server.exe"=
"e:\\Games\\Vindictus\\en-US\\NMService.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"h:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=
"c:\\Program Files\\cdv Software Entertainment USA\\Sacred 2 - Fallen Angel\\system\\s2gs.exe"=
"c:\\Program Files\\cdv Software Entertainment USA\\Sacred 2 - Fallen Angel\\system\\sacred2.exe"=
"c:\\Program Files\\IJJI\\English\\GenesisAD\\AnotherDay.exe"=
"c:\\Program Files\\IJJI\\English\\GenesisAD\\GameConsole.bin"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Reality Pump\\Two Worlds\\TwoWorlds.exe"=
"c:\\Program Files\\Reality Pump\\Two Worlds\\TwoWorlds_RADEON.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Nexon\\DragonNest\\DragonNest.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\dead island\\DeadIslandGame.exe"=
"c:\\Program Files\\Gamigo\\Black Prophecy\\BIN\\WIN32\\BlackProphecy.exe"=
"c:\\Program Files\\Gamigo\\Black Prophecy\\BIN\\WIN32\\Launcher.exe"=
"c:\\Program Files\\Gamigo\\Black Prophecy\\BIN\\WIN32\\Patcher.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"c:\\Program Files\\EA Games\\Alice Madness Returns\\Alice2\\Binaries\\Win32\\AliceMadnessReturns.exe"=
"c:\\Program Files\\Origin Games\\Kingdoms of Amalur Reckoning Demo\\ReckoningDemo.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7243:TCP"= 7243:TCP:*:Disabled:SolidNetworkManager
"7243:UDP"= 7243:UDP:*:Disabled:SolidNetworkManager
"57875:TCP"= 57875:TCP:Pando Media Booster
"57875:UDP"= 57875:UDP:Pando Media Booster
"706:TCP"= 706:TCP:WarriorEpic
"706:UDP"= 706:UDP:WarriorEpic
"56070:TCP"= 56070:TCP:Pando Media Booster
"56070:UDP"= 56070:UDP:Pando Media Booster
"56903:TCP"= 56903:TCP:Pando Media Booster
"56903:UDP"= 56903:UDP:Pando Media Booster
"56217:TCP"= 56217:TCP:Pando Media Booster
"56217:UDP"= 56217:UDP:Pando Media Booster
"1414:TCP"= 1414:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/31/2010 1:19 AM 717296]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [10/31/2010 1:58 PM 11448]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [12/24/2010 10:58 AM 89792]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [10/31/2010 1:18 AM 185472]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [10/31/2010 1:13 AM 14336]
R2 Device Handle Service;Device Handle Service;c:\windows\system32\AsHookDevice.exe [10/31/2010 3:58 AM 203392]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;e:\flagship studios\Hellgate London\LogMeIn Hamachi\hamachi-2.exe [3/30/2010 11:16 AM 1107336]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [12/24/2010 10:58 AM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [12/24/2010 10:58 AM 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [12/24/2010 10:59 AM 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [12/24/2010 10:43 AM 151880]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [4/18/2012 4:53 PM 100368]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [12/24/2010 10:58 AM 57600]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [12/24/2010 10:58 AM 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [12/24/2010 10:58 AM 83856]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [10/31/2010 2:39 AM 1381632]
S1 prodrv03;Star Force copy protection driver v3;c:\windows\system32\drivers\prodrv03.sys [10/31/2010 1:19 AM 115936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate1cac2b8e85b8184;Google Update Service (gupdate1cac2b8e85b8184);c:\program files\Google\Update\GoogleUpdate.exe [10/30/2010 5:16 PM 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/28/2012 8:30 PM 253088]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/30/2010 5:16 PM 133104]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [12/24/2010 10:58 AM 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [12/24/2010 10:58 AM 87656]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?]
S3 XDva351;XDva351;\??\c:\windows\system32\XDva351.sys --> c:\windows\system32\XDva351.sys [?]
S3 XDva352;XDva352;\??\c:\windows\system32\XDva352.sys --> c:\windows\system32\XDva352.sys [?]
S3 XDva359;XDva359;\??\c:\windows\system32\XDva359.sys --> c:\windows\system32\XDva359.sys [?]
S3 XDva360;XDva360;\??\c:\windows\system32\XDva360.sys --> c:\windows\system32\XDva360.sys [?]
S3 XDva370;XDva370;\??\c:\windows\system32\XDva370.sys --> c:\windows\system32\XDva370.sys [?]
S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?]
S3 XDva390;XDva390;\??\c:\windows\system32\XDva390.sys --> c:\windows\system32\XDva390.sys [?]
S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 00:30]
.
2011-05-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd139b4c535240.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-30 14:23]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-30 14:23]
.
2012-05-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-1284227242-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-30 03:09]
.
2012-04-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-1284227242-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-30 03:09]
.
2012-05-05 c:\windows\Tasks\User_Feed_Synchronization-{18DA6F6C-9240-4A8C-8007-4B4BD58FCD79}.job
- c:\windows\system32\msfeedssync.exe [2010-10-31 08:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
FF - ProfilePath - c:\documents and settings\Christopher Ross.GUARDIAN-4380AE\Application Data\Mozilla\Firefox\Profiles\f87yi2pr.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-disklabel - c:\documents and settings\Christopher Ross.GUARDIAN-4380AE\Application Data\disklabel.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-05 12:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-515967899-1284227242-682003330-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d2,0b,d8,9c,06,b8,9d,63,52,2d,1f,5b,19,e6,fc,60,64,68,6e,02,60,c7,0e,
73,40,a5,ee,ab,ea,35,60,18,7a,6c,4e,84,d0,24,bc,0e,7d,1b,82,9e,8d,ae,f1,0f,\
"??"=hex:ec,7f,62,96,57,2c,d6,08,cc,a5,1f,55,b4,c4,7c,48
.
[HKEY_USERS\S-1-5-21-515967899-1284227242-682003330-1004\Software\SecuROM\License information*]
"datasecu"=hex:75,ee,21,d2,b8,fd,9b,54,4a,57,b2,5c,c6,8a,b0,23,46,43,68,cd,39,
ec,d1,b6,b3,fa,53,b8,2f,99,2e,bd,0b,77,dd,00,55,33,71,f5,12,de,99,b7,e2,22,\
"rkeysecu"=hex:fb,55,d6,55,c9,c7,2a,99,79,82,de,11,8d,0a,31,96
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1300)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2012-05-05 12:44:53
ComboFix-quarantined-files.txt 2012-05-05 16:44
ComboFix2.txt 2012-03-05 20:06
.
Pre-Run: 573,340,270,592 bytes free
Post-Run: 575,117,611,008 bytes free
.
- - End Of File - - D012BC2299B71BD488F8A86A87155401


I await further instruction and thanks again for aiding me thus far.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:10 AM

Posted 05 May 2012 - 02:17 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 JDiamond

JDiamond
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 05 May 2012 - 03:53 PM

No problems were had running either program. Both completed and here are the logs.


TDSSKILLER Log:

16:23:59.0296 5556 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
16:23:59.0578 5556 ============================================================
16:23:59.0578 5556 Current date / time: 2012/05/05 16:23:59.0578
16:23:59.0578 5556 SystemInfo:
16:23:59.0578 5556
16:23:59.0578 5556 OS Version: 5.1.2600 ServicePack: 3.0
16:23:59.0578 5556 Product type: Workstation
16:23:59.0578 5556 ComputerName: GUARDIAN-4380AE
16:23:59.0578 5556 UserName: Christopher Ross
16:23:59.0578 5556 Windows directory: C:\WINDOWS
16:23:59.0578 5556 System windows directory: C:\WINDOWS
16:23:59.0578 5556 Processor architecture: Intel x86
16:23:59.0578 5556 Number of processors: 6
16:23:59.0578 5556 Page size: 0x1000
16:23:59.0578 5556 Boot type: Normal boot
16:23:59.0578 5556 ============================================================
16:24:03.0734 5556 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:24:03.0765 5556 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:24:03.0781 5556 ============================================================
16:24:03.0781 5556 \Device\Harddisk0\DR0:
16:24:03.0796 5556 MBR partitions:
16:24:03.0796 5556 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x61A813A3
16:24:03.0812 5556 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x61A81421, BlocksNum 0x9640350
16:24:03.0843 5556 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x6B0C17B0, BlocksNum 0x9640350
16:24:03.0843 5556 \Device\Harddisk1\DR1:
16:24:03.0859 5556 MBR partitions:
16:24:03.0859 5556 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1A0F088F
16:24:03.0875 5556 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x1A0F090D, BlocksNum 0x30D3C74
16:24:03.0875 5556 ============================================================
16:24:03.0937 5556 C: <-> \Device\Harddisk0\DR0\Partition0
16:24:04.0000 5556 D: <-> \Device\Harddisk0\DR0\Partition1
16:24:04.0093 5556 E: <-> \Device\Harddisk1\DR1\Partition0
16:24:04.0187 5556 F: <-> \Device\Harddisk1\DR1\Partition1
16:24:04.0296 5556 H: <-> \Device\Harddisk0\DR0\Partition2
16:24:04.0312 5556 ============================================================
16:24:04.0312 5556 Initialize success
16:24:04.0312 5556 ============================================================
16:24:14.0312 4784 ============================================================
16:24:14.0312 4784 Scan started
16:24:14.0312 4784 Mode: Manual;
16:24:14.0312 4784 ============================================================
16:24:16.0390 4784 Abiosdsk - ok
16:24:16.0406 4784 abp480n5 - ok
16:24:16.0437 4784 acedrv11 (e6f53d6c0dea3d375362265e175ca638) C:\WINDOWS\system32\drivers\acedrv11.sys
16:24:16.0828 4784 acedrv11 - ok
16:24:16.0843 4784 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:24:16.0843 4784 ACPI - ok
16:24:16.0859 4784 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:24:16.0875 4784 ACPIEC - ok
16:24:16.0968 4784 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:24:17.0031 4784 AdobeFlashPlayerUpdateSvc - ok
16:24:17.0031 4784 adpu160m - ok
16:24:17.0078 4784 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:24:17.0078 4784 aec - ok
16:24:17.0125 4784 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:24:17.0171 4784 AFD - ok
16:24:17.0171 4784 Aha154x - ok
16:24:17.0187 4784 aic78u2 - ok
16:24:17.0187 4784 aic78xx - ok
16:24:17.0359 4784 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files\common files\akamai/netsession_win_6c825ce.dll
16:24:17.0359 4784 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7
16:24:17.0375 4784 Akamai ( HiddenFile.Multi.Generic ) - warning
16:24:17.0375 4784 Akamai - detected HiddenFile.Multi.Generic (1)
16:24:17.0468 4784 ALCXWDM (d42f79f0d2cfffa71bc807a863417011) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
16:24:17.0546 4784 ALCXWDM - ok
16:24:17.0593 4784 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
16:24:17.0593 4784 Alerter - ok
16:24:17.0609 4784 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
16:24:17.0609 4784 ALG - ok
16:24:17.0625 4784 AliIde - ok
16:24:17.0656 4784 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
16:24:17.0656 4784 AmdPPM - ok
16:24:17.0671 4784 amsint - ok
16:24:17.0718 4784 AOL ACS (85180cf88c5ebad73b452a43a004ca51) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
16:24:17.0765 4784 AOL ACS - ok
16:24:17.0812 4784 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:24:17.0875 4784 Apple Mobile Device - ok
16:24:17.0875 4784 AppMgmt - ok
16:24:17.0875 4784 asc - ok
16:24:17.0890 4784 asc3350p - ok
16:24:17.0890 4784 asc3550 - ok
16:24:17.0921 4784 AsIO (9d8cb58b9a9e177ddd599791a58a654d) C:\WINDOWS\system32\drivers\AsIO.sys
16:24:17.0968 4784 AsIO - ok
16:24:18.0046 4784 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:24:18.0109 4784 aspnet_state - ok
16:24:18.0156 4784 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\WINDOWS\system32\drivers\AsUpIO.sys
16:24:18.0187 4784 AsUpIO - ok
16:24:18.0218 4784 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:24:18.0218 4784 AsyncMac - ok
16:24:18.0234 4784 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:24:18.0234 4784 atapi - ok
16:24:18.0234 4784 Atdisk - ok
16:24:18.0296 4784 Ati HotKey Poller (809b0eb83c75061c9de2e528c65a1575) C:\WINDOWS\system32\Ati2evxx.exe
16:24:18.0375 4784 Ati HotKey Poller - ok
16:24:18.0578 4784 ati2mtag (032f23b133b680b06861329c5a176ee0) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:24:18.0640 4784 ati2mtag - ok
16:24:18.0750 4784 AtiHDAudioService (bd9ca8136738040d3257363ed12be693) C:\WINDOWS\system32\drivers\AtihdXP3.sys
16:24:18.0843 4784 AtiHDAudioService - ok
16:24:18.0859 4784 AtiHdmiService (e3b9fe6d478dc12ee9fb5169ee98d1ba) C:\WINDOWS\system32\drivers\AtiHdmi.sys
16:24:18.0937 4784 AtiHdmiService - ok
16:24:18.0968 4784 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys
16:24:19.0015 4784 atksgt - ok
16:24:19.0015 4784 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:24:19.0031 4784 Atmarpc - ok
16:24:19.0062 4784 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
16:24:19.0062 4784 AudioSrv - ok
16:24:19.0078 4784 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:24:19.0078 4784 audstub - ok
16:24:19.0093 4784 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:24:19.0093 4784 Beep - ok
16:24:19.0140 4784 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
16:24:19.0156 4784 BITS - ok
16:24:19.0234 4784 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files\Bonjour\mDNSResponder.exe
16:24:19.0296 4784 Bonjour Service - ok
16:24:19.0328 4784 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
16:24:19.0328 4784 Browser - ok
16:24:19.0437 4784 catchme - ok
16:24:19.0453 4784 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:24:19.0453 4784 cbidf2k - ok
16:24:19.0468 4784 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:24:19.0468 4784 CCDECODE - ok
16:24:19.0468 4784 cd20xrnt - ok
16:24:19.0484 4784 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:24:19.0484 4784 Cdaudio - ok
16:24:19.0500 4784 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:24:19.0500 4784 Cdfs - ok
16:24:19.0515 4784 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:24:19.0515 4784 Cdrom - ok
16:24:19.0546 4784 cfwids (1c7b1e36f3ced9e4b0b13385e627fe8b) C:\WINDOWS\system32\drivers\cfwids.sys
16:24:19.0593 4784 cfwids - ok
16:24:19.0593 4784 Changer - ok
16:24:19.0609 4784 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
16:24:19.0609 4784 CiSvc - ok
16:24:19.0625 4784 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
16:24:19.0625 4784 ClipSrv - ok
16:24:19.0703 4784 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:24:19.0796 4784 clr_optimization_v2.0.50727_32 - ok
16:24:19.0859 4784 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:24:19.0937 4784 clr_optimization_v4.0.30319_32 - ok
16:24:19.0937 4784 CmdIde - ok
16:24:19.0937 4784 COMSysApp - ok
16:24:19.0953 4784 Cpqarray - ok
16:24:20.0000 4784 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
16:24:20.0000 4784 CryptSvc - ok
16:24:20.0015 4784 dac2w2k - ok
16:24:20.0015 4784 dac960nt - ok
16:24:20.0031 4784 DCamUSBEMPIA (5118ea8a2f55fa4d4295516500b78229) C:\WINDOWS\system32\DRIVERS\emDevice.sys
16:24:20.0078 4784 DCamUSBEMPIA - ok
16:24:20.0109 4784 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
16:24:20.0109 4784 DcomLaunch - ok
16:24:20.0156 4784 Device Handle Service (0a403702cb00432ac818523cd416bf67) C:\WINDOWS\system32\AsHookDevice.exe
16:24:20.0203 4784 Device Handle Service - ok
16:24:20.0250 4784 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
16:24:20.0250 4784 Dhcp - ok
16:24:20.0265 4784 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:24:20.0265 4784 Disk - ok
16:24:20.0265 4784 dmadmin - ok
16:24:20.0312 4784 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:24:20.0328 4784 dmboot - ok
16:24:20.0343 4784 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:24:20.0343 4784 dmio - ok
16:24:20.0343 4784 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:24:20.0359 4784 dmload - ok
16:24:20.0359 4784 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
16:24:20.0359 4784 dmserver - ok
16:24:20.0375 4784 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:24:20.0390 4784 DMusic - ok
16:24:20.0406 4784 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
16:24:20.0437 4784 Dnscache - ok
16:24:20.0484 4784 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
16:24:20.0500 4784 Dot3svc - ok
16:24:20.0500 4784 dpti2o - ok
16:24:20.0500 4784 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:24:20.0500 4784 drmkaud - ok
16:24:20.0515 4784 EagleNT - ok
16:24:20.0515 4784 EagleXNt - ok
16:24:20.0531 4784 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
16:24:20.0531 4784 EapHost - ok
16:24:20.0531 4784 emAudio (200da4f1964c11b3c19a07f937394624) C:\WINDOWS\system32\drivers\emAudio.sys
16:24:20.0625 4784 emAudio - ok
16:24:20.0625 4784 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
16:24:20.0640 4784 ERSvc - ok
16:24:20.0671 4784 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:24:20.0671 4784 Eventlog - ok
16:24:20.0687 4784 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
16:24:20.0703 4784 EventSystem - ok
16:24:20.0703 4784 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:24:20.0718 4784 Fastfat - ok
16:24:20.0750 4784 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:24:20.0781 4784 FastUserSwitchingCompatibility - ok
16:24:20.0796 4784 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:24:20.0812 4784 Fdc - ok
16:24:20.0812 4784 FiltUSBEMPIA (6f87e4706f59463b74bc4fad0f67338f) C:\WINDOWS\system32\DRIVERS\emFilter.sys
16:24:20.0859 4784 FiltUSBEMPIA - ok
16:24:20.0859 4784 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:24:20.0859 4784 Fips - ok
16:24:20.0875 4784 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:24:20.0875 4784 Flpydisk - ok
16:24:20.0890 4784 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:24:20.0890 4784 FltMgr - ok
16:24:21.0250 4784 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:24:21.0296 4784 FontCache3.0.0.0 - ok
16:24:21.0312 4784 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:24:21.0312 4784 Fs_Rec - ok
16:24:21.0312 4784 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:24:21.0328 4784 Ftdisk - ok
16:24:21.0343 4784 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
16:24:21.0343 4784 gameenum - ok
16:24:21.0375 4784 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:24:21.0421 4784 GEARAspiWDM - ok
16:24:21.0421 4784 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:24:21.0421 4784 Gpc - ok
16:24:21.0500 4784 gupdate1cac2b8e85b8184 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
16:24:21.0500 4784 gupdate1cac2b8e85b8184 - ok
16:24:21.0515 4784 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
16:24:21.0515 4784 gupdatem - ok
16:24:21.0562 4784 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:24:21.0609 4784 gusvc - ok
16:24:21.0609 4784 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
16:24:21.0703 4784 hamachi - ok
16:24:21.0859 4784 Hamachi2Svc (1e8a0705f9925fad9b2d4f6fc05e1982) E:\Flagship Studios\Hellgate London\LogMeIn Hamachi\hamachi-2.exe
16:24:21.0953 4784 Hamachi2Svc - ok
16:24:21.0953 4784 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:24:21.0953 4784 HDAudBus - ok
16:24:22.0031 4784 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:24:22.0046 4784 helpsvc - ok
16:24:22.0078 4784 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
16:24:22.0078 4784 HidServ - ok
16:24:22.0093 4784 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:24:22.0093 4784 hidusb - ok
16:24:22.0125 4784 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
16:24:22.0125 4784 hkmsvc - ok
16:24:22.0140 4784 hpn - ok
16:24:22.0156 4784 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:24:22.0171 4784 HPZid412 - ok
16:24:22.0171 4784 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:24:22.0203 4784 HPZipr12 - ok
16:24:22.0218 4784 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:24:22.0250 4784 HPZius12 - ok
16:24:22.0265 4784 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:24:22.0265 4784 HTTP - ok
16:24:22.0312 4784 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
16:24:22.0312 4784 HTTPFilter - ok
16:24:22.0312 4784 i2omgmt - ok
16:24:22.0328 4784 i2omp - ok
16:24:22.0328 4784 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
16:24:22.0343 4784 i8042prt - ok
16:24:22.0437 4784 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:24:22.0500 4784 idsvc - ok
16:24:22.0531 4784 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:24:22.0531 4784 Imapi - ok
16:24:22.0546 4784 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
16:24:22.0546 4784 ImapiService - ok
16:24:22.0562 4784 ini910u - ok
16:24:22.0562 4784 IntelIde - ok
16:24:22.0578 4784 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:24:22.0578 4784 Ip6Fw - ok
16:24:22.0578 4784 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:24:22.0593 4784 IpFilterDriver - ok
16:24:22.0593 4784 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:24:22.0593 4784 IpInIp - ok
16:24:22.0609 4784 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:24:22.0609 4784 IpNat - ok
16:24:22.0656 4784 iPod Service (b84a28b3984185eda8867541af14cddb) C:\Program Files\iPod\bin\iPodService.exe
16:24:22.0718 4784 iPod Service - ok
16:24:22.0734 4784 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:24:22.0734 4784 IPSec - ok
16:24:22.0734 4784 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:24:22.0734 4784 IRENUM - ok
16:24:22.0765 4784 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:24:22.0765 4784 isapnp - ok
16:24:22.0828 4784 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
16:24:22.0890 4784 JavaQuickStarterService - ok
16:24:22.0890 4784 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:24:22.0890 4784 Kbdclass - ok
16:24:22.0890 4784 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:24:22.0906 4784 kbdhid - ok
16:24:22.0921 4784 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:24:22.0921 4784 kmixer - ok
16:24:22.0937 4784 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:24:22.0937 4784 KSecDD - ok
16:24:22.0984 4784 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
16:24:23.0015 4784 lanmanserver - ok
16:24:23.0046 4784 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
16:24:23.0062 4784 lanmanworkstation - ok
16:24:23.0062 4784 lbrtfdc - ok
16:24:23.0078 4784 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
16:24:23.0125 4784 lirsgt - ok
16:24:23.0156 4784 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
16:24:23.0156 4784 LmHosts - ok
16:24:23.0171 4784 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
16:24:23.0171 4784 MarvinBus - ok
16:24:23.0312 4784 McMPFSvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
16:24:23.0359 4784 McMPFSvc - ok
16:24:23.0375 4784 mcmscsvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:24:23.0375 4784 mcmscsvc - ok
16:24:23.0375 4784 McNaiAnn (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:24:23.0375 4784 McNaiAnn - ok
16:24:23.0390 4784 McNASvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:24:23.0390 4784 McNASvc - ok
16:24:23.0437 4784 McODS (42117cbc4849a5cf11129912dabbdeca) C:\Program Files\McAfee\VirusScan\mcods.exe
16:24:23.0500 4784 McODS - ok
16:24:23.0500 4784 McProxy (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:24:23.0500 4784 McProxy - ok
16:24:23.0578 4784 McShield (593fa4c378818ece76ba64a11ad56cf2) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
16:24:23.0625 4784 McShield - ok
16:24:23.0656 4784 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
16:24:23.0656 4784 Messenger - ok
16:24:23.0687 4784 mfeapfk (43c31bdf404a6d7a7ac1bfd5ead2a566) C:\WINDOWS\system32\drivers\mfeapfk.sys
16:24:23.0734 4784 mfeapfk - ok
16:24:23.0765 4784 mfeavfk (c1dc5f42d3367f33b6451be78b38bd46) C:\WINDOWS\system32\drivers\mfeavfk.sys
16:24:23.0812 4784 mfeavfk - ok
16:24:23.0828 4784 mfeavfk01 - ok
16:24:23.0843 4784 mfebopk (0435c43f4c2be01b84868ad2a906397b) C:\WINDOWS\system32\drivers\mfebopk.sys
16:24:23.0890 4784 mfebopk - ok
16:24:23.0921 4784 mfefire (7e1f8b1bdc8240f08bd358b3a466c005) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
16:24:23.0984 4784 mfefire - ok
16:24:24.0000 4784 mfefirek (4ea6ff90015424517843e931448e00f1) C:\WINDOWS\system32\drivers\mfefirek.sys
16:24:24.0046 4784 mfefirek - ok
16:24:24.0093 4784 mfehidk (d1e998748ba24a731106611d535c6bbf) C:\WINDOWS\system32\drivers\mfehidk.sys
16:24:24.0187 4784 mfehidk - ok
16:24:24.0218 4784 mfendisk (26c76d10ed650e6492800d6f081ecfba) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
16:24:24.0265 4784 mfendisk - ok
16:24:24.0265 4784 mfendiskmp (26c76d10ed650e6492800d6f081ecfba) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
16:24:24.0265 4784 mfendiskmp - ok
16:24:24.0312 4784 mferkdet (f454a13377f0a006d20a8c14a753c432) C:\WINDOWS\system32\drivers\mferkdet.sys
16:24:24.0359 4784 mferkdet - ok
16:24:24.0390 4784 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
16:24:24.0453 4784 mferkdk - ok
16:24:24.0468 4784 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
16:24:24.0515 4784 mfesmfk - ok
16:24:24.0546 4784 mfetdi2k (070d3faf2eac417c59d8674a8752f7a6) C:\WINDOWS\system32\drivers\mfetdi2k.sys
16:24:24.0593 4784 mfetdi2k - ok
16:24:24.0609 4784 mfevtp (b10c4efd40810c08f4b44df2efcb54f7) C:\WINDOWS\system32\mfevtps.exe
16:24:24.0656 4784 mfevtp - ok
16:24:24.0671 4784 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:24:24.0671 4784 mnmdd - ok
16:24:24.0703 4784 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
16:24:24.0703 4784 mnmsrvc - ok
16:24:24.0718 4784 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:24:24.0718 4784 Modem - ok
16:24:24.0718 4784 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
16:24:24.0765 4784 motmodem - ok
16:24:24.0781 4784 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:24:24.0781 4784 Mouclass - ok
16:24:24.0796 4784 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:24:24.0796 4784 mouhid - ok
16:24:24.0812 4784 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:24:24.0812 4784 MountMgr - ok
16:24:24.0828 4784 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
16:24:24.0828 4784 MPE - ok
16:24:24.0828 4784 mraid35x - ok
16:24:24.0843 4784 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:24:24.0843 4784 MRxDAV - ok
16:24:24.0890 4784 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:24:24.0984 4784 MRxSmb - ok
16:24:25.0000 4784 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
16:24:25.0015 4784 MSDTC - ok
16:24:25.0015 4784 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:24:25.0031 4784 Msfs - ok
16:24:25.0031 4784 MSIServer - ok
16:24:25.0031 4784 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:24:25.0046 4784 MSKSSRV - ok
16:24:25.0046 4784 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:24:25.0046 4784 MSPCLOCK - ok
16:24:25.0046 4784 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:24:25.0062 4784 MSPQM - ok
16:24:25.0062 4784 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:24:25.0062 4784 mssmbios - ok
16:24:25.0062 4784 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:24:25.0078 4784 MSTEE - ok
16:24:25.0093 4784 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
16:24:25.0140 4784 ms_mpu401 - ok
16:24:25.0156 4784 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
16:24:25.0156 4784 MTsensor - ok
16:24:25.0171 4784 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:24:25.0218 4784 Mup - ok
16:24:25.0234 4784 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:24:25.0234 4784 NABTSFEC - ok
16:24:25.0265 4784 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
16:24:25.0281 4784 napagent - ok
16:24:25.0296 4784 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:24:25.0296 4784 NDIS - ok
16:24:25.0296 4784 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:24:25.0296 4784 NdisIP - ok
16:24:25.0343 4784 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:24:25.0390 4784 NdisTapi - ok
16:24:25.0390 4784 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:24:25.0406 4784 Ndisuio - ok
16:24:25.0406 4784 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:24:25.0406 4784 NdisWan - ok
16:24:25.0437 4784 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:24:25.0484 4784 NDProxy - ok
16:24:25.0484 4784 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:24:25.0484 4784 NetBIOS - ok
16:24:25.0515 4784 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:24:25.0515 4784 NetBT - ok
16:24:25.0546 4784 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:24:25.0546 4784 NetDDE - ok
16:24:25.0546 4784 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:24:25.0546 4784 NetDDEdsdm - ok
16:24:25.0562 4784 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:24:25.0562 4784 Netlogon - ok
16:24:25.0593 4784 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
16:24:25.0593 4784 Netman - ok
16:24:25.0687 4784 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:24:25.0687 4784 NetTcpPortSharing - ok
16:24:25.0734 4784 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
16:24:25.0734 4784 Nla - ok
16:24:25.0734 4784 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:24:25.0750 4784 Npfs - ok
16:24:25.0750 4784 npggsvc - ok
16:24:25.0781 4784 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:24:25.0796 4784 Ntfs - ok
16:24:25.0796 4784 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:24:25.0796 4784 NtLmSsp - ok
16:24:25.0828 4784 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
16:24:25.0828 4784 NtmsSvc - ok
16:24:25.0843 4784 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:24:25.0843 4784 Null - ok
16:24:25.0843 4784 nvatabus (46deed4c6c5fa765f9a2c723be60348d) C:\WINDOWS\system32\DRIVERS\nvatabus.sys
16:24:25.0890 4784 nvatabus - ok
16:24:25.0906 4784 NVENETFD (23297b3c2ff3510e2e760714fc6f094e) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
16:24:25.0953 4784 NVENETFD - ok
16:24:25.0968 4784 nvnetbus (bcc3722a2db99ad6f367344997c26654) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
16:24:26.0015 4784 nvnetbus - ok
16:24:26.0015 4784 nvraid (a5c77d944410fadee380fb20b432760d) C:\WINDOWS\system32\DRIVERS\nvraid.sys
16:24:26.0062 4784 nvraid - ok
16:24:26.0078 4784 nv_agp (c0fcd544a1c4eea6d11a0ae6a07dac9d) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
16:24:26.0125 4784 nv_agp - ok
16:24:26.0125 4784 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:24:26.0125 4784 NwlnkFlt - ok
16:24:26.0125 4784 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:24:26.0140 4784 NwlnkFwd - ok
16:24:26.0156 4784 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
16:24:26.0156 4784 Parport - ok
16:24:26.0171 4784 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:24:26.0171 4784 PartMgr - ok
16:24:26.0187 4784 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:24:26.0187 4784 ParVdm - ok
16:24:26.0203 4784 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:24:26.0203 4784 PCI - ok
16:24:26.0203 4784 PCIDump - ok
16:24:26.0218 4784 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:24:26.0218 4784 PCIIde - ok
16:24:26.0234 4784 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:24:26.0234 4784 Pcmcia - ok
16:24:26.0234 4784 PDCOMP - ok
16:24:26.0250 4784 PDFRAME - ok
16:24:26.0250 4784 PDRELI - ok
16:24:26.0250 4784 PDRFRAME - ok
16:24:26.0265 4784 perc2 - ok
16:24:26.0265 4784 perc2hib - ok
16:24:26.0296 4784 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:24:26.0296 4784 PlugPlay - ok
16:24:26.0437 4784 Pml Driver HPZ12 (45e333c6b7197ed61c70736472f3703b) C:\WINDOWS\system32\HPZipm12.exe
16:24:26.0468 4784 Pml Driver HPZ12 - ok
16:24:26.0531 4784 PnkBstrA (831883b107684301f48ace752c963984) C:\WINDOWS\system32\PnkBstrA.exe
16:24:26.0578 4784 PnkBstrA - ok
16:24:26.0578 4784 PnkBstrB (e24106a5eaecddff00b25497049dd65f) C:\WINDOWS\system32\PnkBstrB.exe
16:24:26.0640 4784 PnkBstrB - ok
16:24:26.0640 4784 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:24:26.0640 4784 PolicyAgent - ok
16:24:26.0656 4784 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:24:26.0656 4784 PptpMiniport - ok
16:24:26.0656 4784 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
16:24:26.0656 4784 Processor - ok
16:24:26.0671 4784 prodrv03 (1a6377bb402805e3d5435ae79a6648e6) C:\WINDOWS\system32\drivers\prodrv03.sys
16:24:26.0671 4784 prodrv03 - ok
16:24:26.0687 4784 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:24:26.0687 4784 ProtectedStorage - ok
16:24:26.0687 4784 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:24:26.0703 4784 PSched - ok
16:24:26.0703 4784 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:24:26.0703 4784 Ptilink - ok
16:24:26.0703 4784 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
16:24:26.0765 4784 PxHelp20 - ok
16:24:26.0765 4784 ql1080 - ok
16:24:26.0765 4784 Ql10wnt - ok
16:24:26.0781 4784 ql12160 - ok
16:24:26.0781 4784 ql1240 - ok
16:24:26.0781 4784 ql1280 - ok
16:24:26.0796 4784 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:24:26.0796 4784 RasAcd - ok
16:24:26.0812 4784 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
16:24:26.0828 4784 RasAuto - ok
16:24:26.0828 4784 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:24:26.0828 4784 Rasl2tp - ok
16:24:26.0843 4784 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
16:24:26.0843 4784 RasMan - ok
16:24:26.0843 4784 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:24:26.0859 4784 RasPppoe - ok
16:24:26.0859 4784 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:24:26.0859 4784 Raspti - ok
16:24:26.0875 4784 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:24:26.0875 4784 Rdbss - ok
16:24:26.0890 4784 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:24:26.0890 4784 RDPCDD - ok
16:24:26.0921 4784 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
16:24:27.0015 4784 RDPWD - ok
16:24:27.0046 4784 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
16:24:27.0046 4784 RDSessMgr - ok
16:24:27.0062 4784 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:24:27.0062 4784 redbook - ok
16:24:27.0093 4784 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
16:24:27.0093 4784 RemoteAccess - ok
16:24:27.0109 4784 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
16:24:27.0109 4784 RpcLocator - ok
16:24:27.0140 4784 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
16:24:27.0140 4784 RpcSs - ok
16:24:27.0156 4784 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
16:24:27.0156 4784 RSVP - ok
16:24:27.0203 4784 RTLE8023xp (e47c52f0380f0950e2bc9f1bcdc0de9b) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
16:24:27.0250 4784 RTLE8023xp - ok
16:24:27.0250 4784 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:24:27.0250 4784 SamSs - ok
16:24:27.0296 4784 ScanUSBEMPIA (f5a633609777c212ec5ff19927fc5955) C:\WINDOWS\system32\DRIVERS\emScan.sys
16:24:27.0343 4784 ScanUSBEMPIA - ok
16:24:27.0359 4784 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
16:24:27.0375 4784 SCardSvr - ok
16:24:27.0390 4784 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
16:24:27.0406 4784 Schedule - ok
16:24:27.0406 4784 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:24:27.0406 4784 Secdrv - ok
16:24:27.0421 4784 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
16:24:27.0421 4784 seclogon - ok
16:24:27.0437 4784 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
16:24:27.0437 4784 SENS - ok
16:24:27.0453 4784 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:24:27.0453 4784 serenum - ok
16:24:27.0468 4784 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:24:27.0468 4784 Serial - ok
16:24:27.0500 4784 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:24:27.0500 4784 Sfloppy - ok
16:24:27.0515 4784 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
16:24:27.0531 4784 SharedAccess - ok
16:24:27.0562 4784 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:24:27.0562 4784 ShellHWDetection - ok
16:24:27.0562 4784 Simbad - ok
16:24:27.0578 4784 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:24:27.0578 4784 SLIP - ok
16:24:27.0578 4784 Sparrow - ok
16:24:27.0593 4784 spcstb - ok
16:24:27.0593 4784 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:24:27.0609 4784 splitter - ok
16:24:27.0625 4784 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
16:24:27.0671 4784 Spooler - ok
16:24:27.0703 4784 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
16:24:27.0703 4784 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
16:24:27.0703 4784 sptd ( LockedFile.Multi.Generic ) - warning
16:24:27.0703 4784 sptd - detected LockedFile.Multi.Generic (1)
16:24:27.0703 4784 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:24:27.0718 4784 sr - ok
16:24:27.0718 4784 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
16:24:27.0734 4784 srservice - ok
16:24:27.0765 4784 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:24:27.0812 4784 Srv - ok
16:24:27.0828 4784 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
16:24:27.0828 4784 SSDPSRV - ok
16:24:27.0875 4784 Steam Client Service - ok
16:24:27.0906 4784 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
16:24:27.0921 4784 stisvc - ok
16:24:27.0921 4784 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:24:27.0921 4784 streamip - ok
16:24:27.0937 4784 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:24:27.0937 4784 swenum - ok
16:24:27.0953 4784 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:24:27.0953 4784 swmidi - ok
16:24:27.0953 4784 SwPrv - ok
16:24:27.0968 4784 symc810 - ok
16:24:27.0968 4784 symc8xx - ok
16:24:27.0984 4784 sym_hi - ok
16:24:27.0984 4784 sym_u3 - ok
16:24:28.0000 4784 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:24:28.0000 4784 sysaudio - ok
16:24:28.0031 4784 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
16:24:28.0046 4784 SysmonLog - ok
16:24:28.0062 4784 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
16:24:28.0078 4784 TapiSrv - ok
16:24:28.0093 4784 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:24:28.0093 4784 Tcpip - ok
16:24:28.0125 4784 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:24:28.0125 4784 TDPIPE - ok
16:24:28.0125 4784 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:24:28.0125 4784 TDTCP - ok
16:24:28.0156 4784 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:24:28.0156 4784 TermDD - ok
16:24:28.0171 4784 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
16:24:28.0187 4784 TermService - ok
16:24:28.0218 4784 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:24:28.0218 4784 Themes - ok
16:24:28.0234 4784 TosIde - ok
16:24:28.0250 4784 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
16:24:28.0265 4784 TrkWks - ok
16:24:28.0281 4784 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:24:28.0281 4784 Udfs - ok
16:24:28.0296 4784 ultra - ok
16:24:28.0312 4784 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:24:28.0328 4784 Update - ok
16:24:28.0375 4784 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
16:24:28.0375 4784 upnphost - ok
16:24:28.0390 4784 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
16:24:28.0406 4784 UPS - ok
16:24:28.0453 4784 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
16:24:28.0546 4784 USBAAPL - ok
16:24:28.0546 4784 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:24:28.0546 4784 usbaudio - ok
16:24:28.0578 4784 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:24:28.0578 4784 usbccgp - ok
16:24:28.0578 4784 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:24:28.0578 4784 usbehci - ok
16:24:28.0593 4784 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:24:28.0593 4784 usbhub - ok
16:24:28.0593 4784 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:24:28.0609 4784 usbohci - ok
16:24:28.0609 4784 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:24:28.0609 4784 usbprint - ok
16:24:28.0625 4784 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:24:28.0625 4784 usbscan - ok
16:24:28.0625 4784 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:24:28.0625 4784 USBSTOR - ok
16:24:28.0640 4784 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:24:28.0640 4784 VgaSave - ok
16:24:28.0703 4784 VIAHdAudAddService (3cf5faf72b43bc9bc196a98946f53a0e) C:\WINDOWS\system32\drivers\viahduaa.sys
16:24:28.0812 4784 VIAHdAudAddService - ok
16:24:28.0906 4784 ViaIde - ok
16:24:28.0906 4784 VNUSB (c48e230878ea1946f0c4026a9d8e9a61) C:\WINDOWS\system32\DRIVERS\VNUSB.sys
16:24:28.0953 4784 VNUSB - ok
16:24:28.0968 4784 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:24:28.0968 4784 VolSnap - ok
16:24:28.0984 4784 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
16:24:29.0000 4784 VSS - ok
16:24:29.0015 4784 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
16:24:29.0015 4784 W32Time - ok
16:24:29.0031 4784 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:24:29.0031 4784 Wanarp - ok
16:24:29.0046 4784 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
16:24:29.0046 4784 wanatw - ok
16:24:29.0093 4784 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
16:24:29.0187 4784 Wdf01000 - ok
16:24:29.0187 4784 WDICA - ok
16:24:29.0218 4784 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:24:29.0218 4784 wdmaud - ok
16:24:29.0250 4784 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
16:24:29.0250 4784 WebClient - ok
16:24:29.0281 4784 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
16:24:29.0281 4784 winmgmt - ok
16:24:29.0328 4784 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
16:24:29.0359 4784 WmdmPmSN - ok
16:24:29.0390 4784 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:24:29.0390 4784 WmiAcpi - ok
16:24:29.0421 4784 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:24:29.0421 4784 WmiApSrv - ok
16:24:29.0484 4784 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
16:24:29.0546 4784 WMPNetworkSvc - ok
16:24:29.0562 4784 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
16:24:29.0640 4784 WpdUsb - ok
16:24:29.0781 4784 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:24:29.0843 4784 WPFFontCache_v0400 - ok
16:24:29.0859 4784 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:24:29.0859 4784 WS2IFSL - ok
16:24:29.0875 4784 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
16:24:29.0875 4784 wscsvc - ok
16:24:29.0890 4784 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:24:29.0890 4784 WSTCODEC - ok
16:24:29.0906 4784 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
16:24:29.0921 4784 wuauserv - ok
16:24:29.0921 4784 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:24:29.0921 4784 WudfPf - ok
16:24:29.0937 4784 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:24:29.0937 4784 WudfRd - ok
16:24:29.0953 4784 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
16:24:29.0953 4784 WudfSvc - ok
16:24:29.0984 4784 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
16:24:29.0984 4784 WZCSVC - ok
16:24:29.0984 4784 XDva279 - ok
16:24:30.0000 4784 XDva351 - ok
16:24:30.0000 4784 XDva352 - ok
16:24:30.0015 4784 XDva359 - ok
16:24:30.0015 4784 XDva360 - ok
16:24:30.0031 4784 XDva370 - ok
16:24:30.0031 4784 XDva385 - ok
16:24:30.0031 4784 XDva390 - ok
16:24:30.0046 4784 XDva391 - ok
16:24:30.0062 4784 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
16:24:30.0078 4784 xmlprov - ok
16:24:30.0109 4784 xusb21 (a640c90b007762939507c28a021be3b3) C:\WINDOWS\system32\DRIVERS\xusb21.sys
16:24:30.0156 4784 xusb21 - ok
16:24:30.0218 4784 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:24:30.0328 4784 \Device\Harddisk0\DR0 - ok
16:24:30.0359 4784 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
16:24:30.0359 4784 \Device\Harddisk1\DR1 - ok
16:24:30.0359 4784 Boot (0x1200) (440b7cfaa3992a7d2ad02896f82ec119) \Device\Harddisk0\DR0\Partition0
16:24:30.0359 4784 \Device\Harddisk0\DR0\Partition0 - ok
16:24:30.0390 4784 Boot (0x1200) (5d3785fbb1bb75df92c54945d811d707) \Device\Harddisk0\DR0\Partition1
16:24:30.0390 4784 \Device\Harddisk0\DR0\Partition1 - ok
16:24:30.0406 4784 Boot (0x1200) (54cea8ed71b299fd706150df18eaed64) \Device\Harddisk0\DR0\Partition2
16:24:30.0421 4784 \Device\Harddisk0\DR0\Partition2 - ok
16:24:30.0421 4784 Boot (0x1200) (f20986c870d2c0971b7e3b50193d6b0c) \Device\Harddisk1\DR1\Partition0
16:24:30.0421 4784 \Device\Harddisk1\DR1\Partition0 - ok
16:24:30.0453 4784 Boot (0x1200) (41dca07af405d3cef5029ba421a310a1) \Device\Harddisk1\DR1\Partition1
16:24:30.0453 4784 \Device\Harddisk1\DR1\Partition1 - ok
16:24:30.0453 4784 ============================================================
16:24:30.0453 4784 Scan finished
16:24:30.0453 4784 ============================================================
16:24:30.0468 4388 Detected object count: 2
16:24:30.0468 4388 Actual detected object count: 2
16:24:42.0078 4388 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
16:24:42.0078 4388 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
16:24:42.0078 4388 sptd ( LockedFile.Multi.Generic ) - skipped by user
16:24:42.0078 4388 sptd ( LockedFile.Multi.Generic ) - User select action: Skip


aswMBR Log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-05 16:26:40
-----------------------------
16:26:40.453 OS Version: Windows 5.1.2600 Service Pack 3
16:26:40.453 Number of processors: 6 586 0xA00
16:26:40.453 ComputerName: GUARDIAN-4380AE UserName:
16:26:44.875 Initialize success
16:27:55.187 AVAST engine defs: 12050501
16:28:04.906 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:28:04.921 Disk 0 Vendor: ST31000528AS CC44 Size: 953869MB BusType: 3
16:28:04.921 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-e
16:28:04.937 Disk 1 Vendor: ST3250410AS 4.AAA Size: 238475MB BusType: 3
16:28:04.968 Disk 0 MBR read successfully
16:28:04.968 Disk 0 MBR scan
16:28:05.015 Disk 0 Windows XP default MBR code
16:28:05.046 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 800002 MB offset 63
16:28:05.062 Disk 0 Partition - 00 0F Extended LBA 153856 MB offset 1638405090
16:28:05.093 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 76928 MB offset 1638405153
16:28:05.109 Disk 0 Partition - 00 05 Extended 76928 MB offset 1795954545
16:28:05.125 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 76928 MB offset 1795954608
16:28:05.156 Disk 0 scanning sectors +1953504000
16:28:05.250 Disk 0 scanning C:\WINDOWS\system32\drivers
16:28:15.250 Service scanning
16:28:25.312 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
16:28:28.671 Modules scanning
16:29:06.015 Disk 0 trace - called modules:
16:29:06.062 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spcn.sys >>UNKNOWN [0x8b312938]<<
16:29:06.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b25fab8]
16:29:06.109 3 CLASSPNP.SYS[f74a7fd7] -> nt!IofCallDriver -> \Device\00000090[0x8b2a6918]
16:29:06.125 5 ACPI.sys[f7246620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b35d940]
16:29:08.968 AVAST engine scan C:\WINDOWS
16:29:20.843 AVAST engine scan C:\WINDOWS\system32
16:32:32.062 AVAST engine scan C:\WINDOWS\system32\drivers
16:32:51.968 AVAST engine scan C:\Documents and Settings\Christopher Ross.GUARDIAN-4380AE
16:38:47.609 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS
16:43:13.359 Scan finished successfully
16:43:42.296 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Christopher Ross.GUARDIAN-4380AE\Desktop\MBR.dat"
16:43:42.406 The log file has been saved successfully to "C:\Documents and Settings\Christopher Ross.GUARDIAN-4380AE\Desktop\aswMBR.txt"


I will await further instructions. Hopefully things are looking better.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:10 AM

Posted 05 May 2012 - 03:59 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Ask Toolbar
Java™ 6 Update 2
Java™ 6 Update 26
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 JDiamond

JDiamond
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 05 May 2012 - 05:23 PM

So far so good. Instructions were followed and things seem to be working smoothly. No google redirects and Mcafee seems fine. I am eager to see if these logs will verify the cleanliness of the machine.


MBAM Log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.05.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Christopher Ross :: GUARDIAN-4380AE [administrator]

5/5/2012 6:01:01 PM
mbam-log-2012-05-05 (18-01-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 314828
Time elapsed: 4 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:10:57 PM, on 5/5/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\AOL\1185242771\ee\AOLSoftware.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\AutoTask\AutoTask.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\AsHookDevice.exe
E:\Flagship Studios\Hellgate London\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HJT\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: AstroburnBar Toolbar - {e802027b-1f2b-40bd-b307-0bd96d036835} - C:\Program Files\AstroburnBar\tbAstr.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120504192308.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Solid State Networks IE Browser Plugin - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\solidax.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: AstroburnBar Toolbar - {e802027b-1f2b-40bd-b307-0bd96d036835} - C:\Program Files\AstroburnBar\tbAstr.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: AstroburnBar Toolbar - {e802027b-1f2b-40bd-b307-0bd96d036835} - C:\Program Files\AstroburnBar\tbAstr.dll
O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1185242771\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [NVRaidService] "C:\WINDOWS\system32\nvraidservice.exe"
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [AutoTask] "C:\Program Files\AutoTask\AutoTask.exe" /STARTUP
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [dplaysvr] %APPDATA%\dplaysvr.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [dplaysvr] %APPDATA%\dplaysvr.exe (User 'Default user')
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Device Handle Service - ASUSTeK Computer Inc. - C:\WINDOWS\system32\AsHookDevice.exe
O23 - Service: Google Update Service (gupdate1cac2b8e85b8184) (gupdate1cac2b8e85b8184) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - E:\Flagship Studios\Hellgate London\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 13029 bytes


Thanks for the help this far in. I cannot stress my level of gratitude for this. I await further instruction.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:10 AM

Posted 05 May 2012 - 08:18 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
      O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
      O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\DAEMON Tools Lite\daemon.exe" -autorun
      O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
      O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
      O4 - HKUS\S-1-5-18\..\Run: [dplaysvr] %APPDATA%\dplaysvr.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [dplaysvr] %APPDATA%\dplaysvr.exe (User 'Default user')
      O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 JDiamond

JDiamond
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 06 May 2012 - 07:03 PM

Forgive the tardiness of my reply. The scan lasted much longer than I expected. Anyway here is the log.

C:\AOL Instant Messenger\AIM.exe Win32/Adware.WBug.A application
C:\Documents and Settings\Christopher Ross.GUARDIAN-4380AE\My Documents\Incomplete\T-5163924-my away breathe take new cover version.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Documents and Settings\Christopher Ross.GUARDIAN-4380AE\My Documents\Incomplete\T-5168104-league theme pokemon champions studio edition.au a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\PageRage\YontooIEClient.dll Win32/Adware.Yontoo.A application
C:\Qoobox\Quarantine\C\Documents and Settings\All Users.WINDOWS\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir Win32/Adware.Yontoo.B application
C:\System Volume Information\_restore{446D8392-67CB-4513-8849-CD301BA9A7CC}\RP552\A0107888.dll Win32/Adware.Yontoo.B application
E:\Downloads\CryptLoad\CryptLoad_1.1.8.rar Win32/RemoteAdmin.NetCat application
E:\Downloads\From Elliott\unlocker1.9.0.exe Win32/Adware.ADON application
E:\Downloads\From Elliott\Trans Program\agth.rar a variant of Win32/AGTH.A application

I hope this does not indicate a large infection. It was a little disheartening to see so many results.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:10 AM

Posted 06 May 2012 - 10:05 PM

Hello

I hope this does not indicate a large infection. It was a little disheartening to see so many results

.You should not be
Nothing is active and looks like a few P2P downloads


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\AOL Instant Messenger\AIM.exe"
    del /f /s /q "C:\Documents and Settings\Christopher Ross.GUARDIAN-4380AE\My Documents\Incomplete\T-5163924-my away breathe take new cover version.mp3"
    del /f /s /q "C:\Documents and Settings\Christopher Ross.GUARDIAN-4380AE\My Documents\Incomplete\T-5168104-league theme pokemon champions studio edition.au"
    del /f /s /q "C:\Program Files\PageRage\YontooIEClient.dll"
    del /f /s /q "E:\Downloads\CryptLoad\CryptLoad_1.1.8.rar"
    del /f /s /q "E:\Downloads\From Elliott\unlocker1.9.0.exe"
    del /f /s /q "E:\Downloads\From Elliott\Trans Program\agth.rar"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 JDiamond

JDiamond
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 07 May 2012 - 01:11 PM

I am relieved that everything seems to be operating smoothly. Your expert instruction was most welcome and I am very grateful. I will post again tomorrow to notify you of any strange behavior should there be any. For now at least it seems all is well and I will be taking time to read those suggested articles. So once again thank you for your assistance and I will get back to you tomorrow.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:10 AM

Posted 07 May 2012 - 01:13 PM

I will see you then :thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:10 AM

Posted 09 May 2012 - 11:17 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users